- Linux-stable-mirror - lists.linaro.org

[PATCH] misc/pvpanic-pci: register attributes via pci_driver

by Thomas Weißschuh

In __pci_register_driver(), the pci core overwrites the dev_groups field of the embedded struct device_driver with the dev_groups from the outer struct pci_driver unconditionally. Set dev_groups in the pci_driver to make sure it is used. This was broken since the introduction of pvpanic-pci. Fixes: db3a4f0abefd ("misc/pvpanic: add PCI driver") Cc: stable(a)vger.kernel.org Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> --- Greg, does it make sense to duplicate fields between struct pci_driver and struct device_driver? The fields "name", "groups" and "dev_groups" are duplicated. pci_driver::dev_groups was introduced in commit ded13b9cfd59 ("PCI: Add support for dev_groups to struct pci_driver") because "this helps converting PCI drivers sysfs attributes to static" I don't understand the reasoning. The embedded device_driver shares the same storage lifetime and the fields have the exact same type. --- drivers/misc/pvpanic/pvpanic-pci.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/misc/pvpanic/pvpanic-pci.c b/drivers/misc/pvpanic/pvpanic-pci.c index 9ad20e82785b..b21598a18f6d 100644 --- a/drivers/misc/pvpanic/pvpanic-pci.c +++ b/drivers/misc/pvpanic/pvpanic-pci.c @@ -44,8 +44,6 @@ static struct pci_driver pvpanic_pci_driver = { .name = "pvpanic-pci", .id_table = pvpanic_pci_id_tbl, .probe = pvpanic_pci_probe, - .driver = { - .dev_groups = pvpanic_dev_groups, - }, + .dev_groups = pvpanic_dev_groups, }; module_pci_driver(pvpanic_pci_driver); --- base-commit: 00dcf5d862e86e57f5ce46344039f11bb1ad61f6 change-id: 20240411-pvpanic-pci-dev-groups-e3beebcbc4e4 Best regards, -- Thomas Weißschuh <linux(a)weissschuh.net>

1 year, 2 months

2
2
0 0

FAILED: patch "[PATCH] drm/i915/vma: Fix UAF on destroy against retire race" failed to apply to 6.7-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.7-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.7.y git checkout FETCH_HEAD git cherry-pick -x 0e45882ca829b26b915162e8e86dbb1095768e9e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024033027-expensive-footage-f3ea@gregkh' --subject-prefix 'PATCH 6.7.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0e45882ca829b26b915162e8e86dbb1095768e9e Mon Sep 17 00:00:00 2001 From: Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> Date: Tue, 5 Mar 2024 15:35:06 +0100 Subject: [PATCH] drm/i915/vma: Fix UAF on destroy against retire race MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Object debugging tools were sporadically reporting illegal attempts to free a still active i915 VMA object when parking a GT believed to be idle. [161.359441] ODEBUG: free active (active state 0) object: ffff88811643b958 object type: i915_active hint: __i915_vma_active+0x0/0x50 [i915] [161.360082] WARNING: CPU: 5 PID: 276 at lib/debugobjects.c:514 debug_print_object+0x80/0xb0 ... [161.360304] CPU: 5 PID: 276 Comm: kworker/5:2 Not tainted 6.5.0-rc1-CI_DRM_13375-g003f860e5577+ #1 [161.360314] Hardware name: Intel Corporation Rocket Lake Client Platform/RocketLake S UDIMM 6L RVP, BIOS RKLSFWI1.R00.3173.A03.2204210138 04/21/2022 [161.360322] Workqueue: i915-unordered __intel_wakeref_put_work [i915] [161.360592] RIP: 0010:debug_print_object+0x80/0xb0 ... [161.361347] debug_object_free+0xeb/0x110 [161.361362] i915_active_fini+0x14/0x130 [i915] [161.361866] release_references+0xfe/0x1f0 [i915] [161.362543] i915_vma_parked+0x1db/0x380 [i915] [161.363129] __gt_park+0x121/0x230 [i915] [161.363515] ____intel_wakeref_put_last+0x1f/0x70 [i915] That has been tracked down to be happening when another thread is deactivating the VMA inside __active_retire() helper, after the VMA's active counter has been already decremented to 0, but before deactivation of the VMA's object is reported to the object debugging tool. We could prevent from that race by serializing i915_active_fini() with __active_retire() via ref->tree_lock, but that wouldn't stop the VMA from being used, e.g. from __i915_vma_retire() called at the end of __active_retire(), after that VMA has been already freed by a concurrent i915_vma_destroy() on return from the i915_active_fini(). Then, we should rather fix the issue at the VMA level, not in i915_active. Since __i915_vma_parked() is called from __gt_park() on last put of the GT's wakeref, the issue could be addressed by holding the GT wakeref long enough for __active_retire() to complete before that wakeref is released and the GT parked. I believe the issue was introduced by commit d93939730347 ("drm/i915: Remove the vma refcount") which moved a call to i915_active_fini() from a dropped i915_vma_release(), called on last put of the removed VMA kref, to i915_vma_parked() processing path called on last put of a GT wakeref. However, its visibility to the object debugging tool was suppressed by a bug in i915_active that was fixed two weeks later with commit e92eb246feb9 ("drm/i915/active: Fix missing debug object activation"). A VMA associated with a request doesn't acquire a GT wakeref by itself. Instead, it depends on a wakeref held directly by the request's active intel_context for a GT associated with its VM, and indirectly on that intel_context's engine wakeref if the engine belongs to the same GT as the VMA's VM. Those wakerefs are released asynchronously to VMA deactivation. Fix the issue by getting a wakeref for the VMA's GT when activating it, and putting that wakeref only after the VMA is deactivated. However, exclude global GTT from that processing path, otherwise the GPU never goes idle. Since __i915_vma_retire() may be called from atomic contexts, use async variant of wakeref put. Also, to avoid circular locking dependency, take care of acquiring the wakeref before VM mutex when both are needed. v7: Add inline comments with justifications for: - using untracked variants of intel_gt_pm_get/put() (Nirmoy), - using async variant of _put(), - not getting the wakeref in case of a global GTT, - always getting the first wakeref outside vm->mutex. v6: Since __i915_vma_active/retire() callbacks are not serialized, storing a wakeref tracking handle inside struct i915_vma is not safe, and there is no other good place for that. Use untracked variants of intel_gt_pm_get/put_async(). v5: Replace "tile" with "GT" across commit description (Rodrigo), - avoid mentioning multi-GT case in commit description (Rodrigo), - explain why we need to take a temporary wakeref unconditionally inside i915_vma_pin_ww() (Rodrigo). v4: Refresh on top of commit 5e4e06e4087e ("drm/i915: Track gt pm wakerefs") (Andi), - for more easy backporting, split out removal of former insufficient workarounds and move them to separate patches (Nirmoy). - clean up commit message and description a bit. v3: Identify root cause more precisely, and a commit to blame, - identify and drop former workarounds, - update commit message and description. v2: Get the wakeref before VM mutex to avoid circular locking dependency, - drop questionable Fixes: tag. Fixes: d93939730347 ("drm/i915: Remove the vma refcount") Closes: https://gitlab.freedesktop.org/drm/intel/issues/8875 Signed-off-by: Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> Cc: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Cc: Nirmoy Das <nirmoy.das(a)intel.com> Cc: Andi Shyti <andi.shyti(a)linux.intel.com> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: stable(a)vger.kernel.org # v5.19+ Reviewed-by: Nirmoy Das <nirmoy.das(a)intel.com> Signed-off-by: Andi Shyti <andi.shyti(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240305143747.335367-6-janus… (cherry picked from commit f3c71b2ded5c4367144a810ef25f998fd1d6c381) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/i915_vma.c b/drivers/gpu/drm/i915/i915_vma.c index d09aad34ba37..b70715b1411d 100644 --- a/drivers/gpu/drm/i915/i915_vma.c +++ b/drivers/gpu/drm/i915/i915_vma.c @@ -34,6 +34,7 @@ #include "gt/intel_engine.h" #include "gt/intel_engine_heartbeat.h" #include "gt/intel_gt.h" +#include "gt/intel_gt_pm.h" #include "gt/intel_gt_requests.h" #include "gt/intel_tlb.h" @@ -103,12 +104,42 @@ static inline struct i915_vma *active_to_vma(struct i915_active *ref) static int __i915_vma_active(struct i915_active *ref) { - return i915_vma_tryget(active_to_vma(ref)) ? 0 : -ENOENT; + struct i915_vma *vma = active_to_vma(ref); + + if (!i915_vma_tryget(vma)) + return -ENOENT; + + /* + * Exclude global GTT VMA from holding a GT wakeref + * while active, otherwise GPU never goes idle. + */ + if (!i915_vma_is_ggtt(vma)) { + /* + * Since we and our _retire() counterpart can be + * called asynchronously, storing a wakeref tracking + * handle inside struct i915_vma is not safe, and + * there is no other good place for that. Hence, + * use untracked variants of intel_gt_pm_get/put(). + */ + intel_gt_pm_get_untracked(vma->vm->gt); + } + + return 0; } static void __i915_vma_retire(struct i915_active *ref) { - i915_vma_put(active_to_vma(ref)); + struct i915_vma *vma = active_to_vma(ref); + + if (!i915_vma_is_ggtt(vma)) { + /* + * Since we can be called from atomic contexts, + * use an async variant of intel_gt_pm_put(). + */ + intel_gt_pm_put_async_untracked(vma->vm->gt); + } + + i915_vma_put(vma); } static struct i915_vma * @@ -1404,7 +1435,7 @@ int i915_vma_pin_ww(struct i915_vma *vma, struct i915_gem_ww_ctx *ww, struct i915_vma_work *work = NULL; struct dma_fence *moving = NULL; struct i915_vma_resource *vma_res = NULL; - intel_wakeref_t wakeref = 0; + intel_wakeref_t wakeref; unsigned int bound; int err; @@ -1424,8 +1455,14 @@ int i915_vma_pin_ww(struct i915_vma *vma, struct i915_gem_ww_ctx *ww, if (err) return err; - if (flags & PIN_GLOBAL) - wakeref = intel_runtime_pm_get(&vma->vm->i915->runtime_pm); + /* + * In case of a global GTT, we must hold a runtime-pm wakeref + * while global PTEs are updated. In other cases, we hold + * the rpm reference while the VMA is active. Since runtime + * resume may require allocations, which are forbidden inside + * vm->mutex, get the first rpm wakeref outside of the mutex. + */ + wakeref = intel_runtime_pm_get(&vma->vm->i915->runtime_pm); if (flags & vma->vm->bind_async_flags) { /* lock VM */ @@ -1561,8 +1598,7 @@ int i915_vma_pin_ww(struct i915_vma *vma, struct i915_gem_ww_ctx *ww, if (work) dma_fence_work_commit_imm(&work->base); err_rpm: - if (wakeref) - intel_runtime_pm_put(&vma->vm->i915->runtime_pm, wakeref); + intel_runtime_pm_put(&vma->vm->i915->runtime_pm, wakeref); if (moving) dma_fence_put(moving);

1 year, 2 months

3
2
0 0

[PATCH v4] mtd: limit OTP NVMEM Cell parse to non Nand devices

by Christian Marangi

MTD OTP logic is very fragile on parsing NVMEM Cell and can be problematic with some specific kind of devices. The problem was discovered by e87161321a40 ("mtd: rawnand: macronix: OTP access for MX30LFxG18AC") where OTP support was added to a NAND device. With the case of NAND devices, it does require a node where ECC info are declared and all the fixed partitions, and this cause the OTP codepath to parse this node as OTP NVMEM Cells, making probe fail and the NAND device registration fail. MTD OTP parsing should have been limited to always using compatible to prevent this error by using node with compatible "otp-user" or "otp-factory". NVMEM across the years had various iteration on how Cells could be declared in DT, in some old implementation, no_of_node should have been enabled but now add_legacy_fixed_of_cells should be used to disable NVMEM to parse child node as NVMEM Cell. To fix this and limit any regression with other MTD that makes use of declaring OTP as direct child of the dev node, disable add_legacy_fixed_of_cells if we detect the MTD type is Nand. With the following logic, the OTP NVMEM entry is correctly created with no Cells and the MTD Nand is correctly probed and partitions are correctly exposed. Fixes: 4b361cfa8624 ("mtd: core: add OTP nvmem provider support") Cc: <stable(a)vger.kernel.org> # v6.7+ Signed-off-by: Christian Marangi <ansuelsmth(a)gmail.com> --- To backport this to v6.6 and previous, config.no_of_node = mtd_type_is_nand(mtd); should be used as it does pose the same usage of add_legacy_fixed_of_cells. Changes v4: - Add info on how to backport this to previous kernel - Fix Fixes tag - Reformat commit description as it was unprecise and had false statement Changes v3: - Fix commit description Changes v2: - Use mtd_type_is_nand instead of node name check drivers/mtd/mtdcore.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mtd/mtdcore.c b/drivers/mtd/mtdcore.c index 5887feb347a4..0de87bc63840 100644 --- a/drivers/mtd/mtdcore.c +++ b/drivers/mtd/mtdcore.c @@ -900,7 +900,7 @@ static struct nvmem_device *mtd_otp_nvmem_register(struct mtd_info *mtd, config.name = compatible; config.id = NVMEM_DEVID_AUTO; config.owner = THIS_MODULE; - config.add_legacy_fixed_of_cells = true; + config.add_legacy_fixed_of_cells = !mtd_type_is_nand(mtd); config.type = NVMEM_TYPE_OTP; config.root_only = true; config.ignore_wp = true; -- 2.43.0

1 year, 2 months

3
3
0 0

[PATCH v2 5.10.y 1/1] mailbox: imx: fix suspend failure

by Daisuke Mizobuchi

imx_mu_isr() always calls pm_system_wakeup() even when it should not, making the system unable to enter sleep. Suspend fails as follows: armadillo:~# echo mem > /sys/power/state [ 2614.602432] PM: suspend entry (deep) [ 2614.610640] Filesystems sync: 0.004 seconds [ 2614.618016] Freezing user space processes ... (elapsed 0.001 seconds) done. [ 2614.626555] OOM killer disabled. [ 2614.629792] Freezing remaining freezable tasks ... (elapsed 0.001 seconds) done. [ 2614.638456] printk: Suspending console(s) (use no_console_suspend to debug) [ 2614.649504] PM: Some devices failed to suspend, or early wake event detected [ 2614.730103] PM: resume devices took 0.080 seconds [ 2614.741924] OOM killer enabled. [ 2614.745073] Restarting tasks ... done. [ 2614.754532] PM: suspend exit ash: write error: Resource busy armadillo:~# Upstream commit 892cb524ae8a is correct, so this seems to be a mistake during cherry-pick. Cc: <stable(a)vger.kernel.org> Fixes: a16f5ae8ade1 ("mailbox: imx: fix wakeup failure from freeze mode") Signed-off-by: Daisuke Mizobuchi <mizo(a)atmark-techno.com> Reviewed-by: Dominique Martinet <dominique.martinet(a)atmark-techno.com> --- drivers/mailbox/imx-mailbox.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/mailbox/imx-mailbox.c b/drivers/mailbox/imx-mailbox.c index c5663398c6b7..28f5450e4130 100644 --- a/drivers/mailbox/imx-mailbox.c +++ b/drivers/mailbox/imx-mailbox.c @@ -331,8 +331,6 @@ static int imx_mu_startup(struct mbox_chan *chan) break; } - priv->suspend = true; - return 0; } @@ -550,8 +548,6 @@ static int imx_mu_probe(struct platform_device *pdev) clk_disable_unprepare(priv->clk); - priv->suspend = false; - return 0; disable_runtime_pm: @@ -614,6 +610,8 @@ static int __maybe_unused imx_mu_suspend_noirq(struct device *dev) if (!priv->clk) priv->xcr = imx_mu_read(priv, priv->dcfg->xCR); + priv->suspend = true; + return 0; } @@ -632,6 +630,8 @@ static int __maybe_unused imx_mu_resume_noirq(struct device *dev) if (!imx_mu_read(priv, priv->dcfg->xCR) && !priv->clk) imx_mu_write(priv, priv->xcr, priv->dcfg->xCR); + priv->suspend = false; + return 0; } -- 2.30.2

1 year, 2 months

3
2
0 0

[PATCH v2 5/5] drm/vmwgfx: Sort primary plane formats by order of preference

by Zack Rusin

The table of primary plane formats wasn't sorted at all, leading to applications picking our least desirable formats by defaults. Sort the primary plane formats according to our order of preference. Nice side-effect of this change is that it makes IGT's kms_atomic plane-invalid-params pass because the test picks the first format which for vmwgfx was DRM_FORMAT_XRGB1555 and uses fb's with odd sizes which make Pixman, which IGT depends on assert due to the fact that our 16bpp formats aren't 32 bit aligned like Pixman requires all formats to be. Signed-off-by: Zack Rusin <zack.rusin(a)broadcom.com> Fixes: 36cc79bc9077 ("drm/vmwgfx: Add universal plane support") Cc: Broadcom internal kernel review list <bcm-kernel-feedback-list(a)broadcom.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v4.12+ Acked-by: Pekka Paalanen <pekka.paalanen(a)collabora.com> --- drivers/gpu/drm/vmwgfx/vmwgfx_kms.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.h b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.h index bf9931e3a728..bf24f2f0dcfc 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.h +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.h @@ -233,10 +233,10 @@ struct vmw_framebuffer_bo { static const uint32_t __maybe_unused vmw_primary_plane_formats[] = { - DRM_FORMAT_XRGB1555, - DRM_FORMAT_RGB565, DRM_FORMAT_XRGB8888, DRM_FORMAT_ARGB8888, + DRM_FORMAT_RGB565, + DRM_FORMAT_XRGB1555, }; static const uint32_t __maybe_unused vmw_cursor_plane_formats[] = { -- 2.40.1

1 year, 2 months

1
0
0 0

[PATCH v2 4/5] drm/vmwgfx: Fix crtc's atomic check conditional

by Zack Rusin

The conditional was supposed to prevent enabling of a crtc state without a set primary plane. Accidently it also prevented disabling crtc state with a set primary plane. Neither is correct. Fix the conditional and just driver-warn when a crtc state has been enabled without a primary plane which will help debug broken userspace. Fixes IGT's kms_atomic_interruptible and kms_atomic_transition tests. Signed-off-by: Zack Rusin <zack.rusin(a)broadcom.com> Fixes: 06ec41909e31 ("drm/vmwgfx: Add and connect CRTC helper functions") Cc: Broadcom internal kernel review list <bcm-kernel-feedback-list(a)broadcom.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v4.12+ Reviewed-by: Ian Forbes <ian.forbes(a)broadcom.com> Reviewed-by: Martin Krastev <martin.krastev(a)broadcom.com> --- drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c index e33e5993d8fc..13b2820cae51 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c @@ -931,6 +931,7 @@ int vmw_du_cursor_plane_atomic_check(struct drm_plane *plane, int vmw_du_crtc_atomic_check(struct drm_crtc *crtc, struct drm_atomic_state *state) { + struct vmw_private *vmw = vmw_priv(crtc->dev); struct drm_crtc_state *new_state = drm_atomic_get_new_crtc_state(state, crtc); struct vmw_display_unit *du = vmw_crtc_to_du(new_state->crtc); @@ -938,9 +939,13 @@ int vmw_du_crtc_atomic_check(struct drm_crtc *crtc, bool has_primary = new_state->plane_mask & drm_plane_mask(crtc->primary); - /* We always want to have an active plane with an active CRTC */ - if (has_primary != new_state->enable) - return -EINVAL; + /* + * This is fine in general, but broken userspace might expect + * some actual rendering so give a clue as why it's blank. + */ + if (new_state->enable && !has_primary) + drm_dbg_driver(&vmw->drm, + "CRTC without a primary plane will be blank.\n"); if (new_state->connector_mask != connector_mask && -- 2.40.1

1 year, 2 months

1
0
0 0

[PATCH v2 3/5] drm/vmwgfx: Fix prime import/export

by Zack Rusin

vmwgfx never supported prime import of external buffers. Furthermore the driver exposes two different objects to userspace: vmw_surface's and gem buffers but prime import/export only worked with vmw_surfaces. Because gem buffers are used through the dumb_buffer interface this meant that the driver created buffers couldn't have been prime exported or imported. Fix prime import/export. Makes IGT's kms_prime pass. Signed-off-by: Zack Rusin <zack.rusin(a)broadcom.com> Fixes: 8afa13a0583f ("drm/vmwgfx: Implement DRIVER_GEM") Cc: <stable(a)vger.kernel.org> # v6.6+ Reviewed-by: Martin Krastev <martin.krastev(a)broadcom.com> --- drivers/gpu/drm/vmwgfx/vmwgfx_blit.c | 35 +++++++++++++++-- drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 7 ++-- drivers/gpu/drm/vmwgfx/vmwgfx_bo.h | 2 + drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 1 + drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 3 ++ drivers/gpu/drm/vmwgfx/vmwgfx_gem.c | 32 ++++++++++++++++ drivers/gpu/drm/vmwgfx/vmwgfx_prime.c | 15 +++++++- drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c | 44 +++++++++++++++------- 8 files changed, 117 insertions(+), 22 deletions(-) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_blit.c b/drivers/gpu/drm/vmwgfx/vmwgfx_blit.c index c52c7bf1485b..717d624e9a05 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_blit.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_blit.c @@ -456,8 +456,10 @@ int vmw_bo_cpu_blit(struct ttm_buffer_object *dst, .no_wait_gpu = false }; u32 j, initial_line = dst_offset / dst_stride; - struct vmw_bo_blit_line_data d; + struct vmw_bo_blit_line_data d = {0}; int ret = 0; + struct page **dst_pages = NULL; + struct page **src_pages = NULL; /* Buffer objects need to be either pinned or reserved: */ if (!(dst->pin_count)) @@ -477,12 +479,35 @@ int vmw_bo_cpu_blit(struct ttm_buffer_object *dst, return ret; } + if (!src->ttm->pages && src->ttm->sg) { + src_pages = kvmalloc_array(src->ttm->num_pages, + sizeof(struct page *), GFP_KERNEL); + if (!src_pages) + return -ENOMEM; + ret = drm_prime_sg_to_page_array(src->ttm->sg, src_pages, + src->ttm->num_pages); + if (ret) + goto out; + } + if (!dst->ttm->pages && dst->ttm->sg) { + dst_pages = kvmalloc_array(dst->ttm->num_pages, + sizeof(struct page *), GFP_KERNEL); + if (!dst_pages) { + ret = -ENOMEM; + goto out; + } + ret = drm_prime_sg_to_page_array(dst->ttm->sg, dst_pages, + dst->ttm->num_pages); + if (ret) + goto out; + } + d.mapped_dst = 0; d.mapped_src = 0; d.dst_addr = NULL; d.src_addr = NULL; - d.dst_pages = dst->ttm->pages; - d.src_pages = src->ttm->pages; + d.dst_pages = dst->ttm->pages ? dst->ttm->pages : dst_pages; + d.src_pages = src->ttm->pages ? src->ttm->pages : src_pages; d.dst_num_pages = PFN_UP(dst->resource->size); d.src_num_pages = PFN_UP(src->resource->size); d.dst_prot = ttm_io_prot(dst, dst->resource, PAGE_KERNEL); @@ -504,6 +529,10 @@ int vmw_bo_cpu_blit(struct ttm_buffer_object *dst, kunmap_atomic(d.src_addr); if (d.dst_addr) kunmap_atomic(d.dst_addr); + if (src_pages) + kvfree(src_pages); + if (dst_pages) + kvfree(dst_pages); return ret; } diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c index bfd41ce3c8f4..e5eb21a471a6 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c @@ -377,7 +377,8 @@ static int vmw_bo_init(struct vmw_private *dev_priv, { struct ttm_operation_ctx ctx = { .interruptible = params->bo_type != ttm_bo_type_kernel, - .no_wait_gpu = false + .no_wait_gpu = false, + .resv = params->resv, }; struct ttm_device *bdev = &dev_priv->bdev; struct drm_device *vdev = &dev_priv->drm; @@ -394,8 +395,8 @@ static int vmw_bo_init(struct vmw_private *dev_priv, vmw_bo_placement_set(vmw_bo, params->domain, params->busy_domain); ret = ttm_bo_init_reserved(bdev, &vmw_bo->tbo, params->bo_type, - &vmw_bo->placement, 0, &ctx, NULL, - NULL, destroy); + &vmw_bo->placement, 0, &ctx, + params->sg, params->resv, destroy); if (unlikely(ret)) return ret; diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h index 0d496dc9c6af..f349642e6190 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h @@ -55,6 +55,8 @@ struct vmw_bo_params { enum ttm_bo_type bo_type; size_t size; bool pin; + struct dma_resv *resv; + struct sg_table *sg; }; /** diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c index 89d3679d2608..41ad13e45554 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c @@ -1631,6 +1631,7 @@ static const struct drm_driver driver = { .prime_fd_to_handle = vmw_prime_fd_to_handle, .prime_handle_to_fd = vmw_prime_handle_to_fd, + .gem_prime_import_sg_table = vmw_prime_import_sg_table, .fops = &vmwgfx_driver_fops, .name = VMWGFX_DRIVER_NAME, diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h index ddbceaa31b59..4ecaea0026fc 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h @@ -1107,6 +1107,9 @@ extern int vmw_prime_handle_to_fd(struct drm_device *dev, struct drm_file *file_priv, uint32_t handle, uint32_t flags, int *prime_fd); +struct drm_gem_object *vmw_prime_import_sg_table(struct drm_device *dev, + struct dma_buf_attachment *attach, + struct sg_table *table); /* * MemoryOBject management - vmwgfx_mob.c diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_gem.c b/drivers/gpu/drm/vmwgfx/vmwgfx_gem.c index 186150f41fbc..2132a8ad8c0c 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_gem.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_gem.c @@ -136,6 +136,38 @@ int vmw_gem_object_create_with_handle(struct vmw_private *dev_priv, return ret; } +struct drm_gem_object *vmw_prime_import_sg_table(struct drm_device *dev, + struct dma_buf_attachment *attach, + struct sg_table *table) +{ + int ret; + struct vmw_private *dev_priv = vmw_priv(dev); + struct drm_gem_object *gem = NULL; + struct vmw_bo *vbo; + struct vmw_bo_params params = { + .domain = (dev_priv->has_mob) ? VMW_BO_DOMAIN_SYS : VMW_BO_DOMAIN_VRAM, + .busy_domain = VMW_BO_DOMAIN_SYS, + .bo_type = ttm_bo_type_sg, + .size = attach->dmabuf->size, + .pin = false, + .resv = attach->dmabuf->resv, + .sg = table, + + }; + + dma_resv_lock(params.resv, NULL); + + ret = vmw_bo_create(dev_priv, &params, &vbo); + if (ret != 0) + goto out_no_bo; + + vbo->tbo.base.funcs = &vmw_gem_object_funcs; + + gem = &vbo->tbo.base; +out_no_bo: + dma_resv_unlock(params.resv); + return gem; +} int vmw_gem_object_create_ioctl(struct drm_device *dev, void *data, struct drm_file *filp) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_prime.c b/drivers/gpu/drm/vmwgfx/vmwgfx_prime.c index 2d72a5ee7c0c..c99cad444991 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_prime.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_prime.c @@ -75,8 +75,12 @@ int vmw_prime_fd_to_handle(struct drm_device *dev, int fd, u32 *handle) { struct ttm_object_file *tfile = vmw_fpriv(file_priv)->tfile; + int ret = ttm_prime_fd_to_handle(tfile, fd, handle); - return ttm_prime_fd_to_handle(tfile, fd, handle); + if (ret) + ret = drm_gem_prime_fd_to_handle(dev, file_priv, fd, handle); + + return ret; } int vmw_prime_handle_to_fd(struct drm_device *dev, @@ -85,5 +89,12 @@ int vmw_prime_handle_to_fd(struct drm_device *dev, int *prime_fd) { struct ttm_object_file *tfile = vmw_fpriv(file_priv)->tfile; - return ttm_prime_handle_to_fd(tfile, handle, flags, prime_fd); + int ret; + + if (handle > VMWGFX_NUM_MOB) + ret = ttm_prime_handle_to_fd(tfile, handle, flags, prime_fd); + else + ret = drm_gem_prime_handle_to_fd(dev, file_priv, handle, flags, prime_fd); + + return ret; } diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c index 4d23d0a70bcb..621d98b376bb 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c @@ -188,13 +188,18 @@ static int vmw_ttm_map_dma(struct vmw_ttm_tt *vmw_tt) switch (dev_priv->map_mode) { case vmw_dma_map_bind: case vmw_dma_map_populate: - vsgt->sgt = &vmw_tt->sgt; - ret = sg_alloc_table_from_pages_segment( - &vmw_tt->sgt, vsgt->pages, vsgt->num_pages, 0, - (unsigned long)vsgt->num_pages << PAGE_SHIFT, - dma_get_max_seg_size(dev_priv->drm.dev), GFP_KERNEL); - if (ret) - goto out_sg_alloc_fail; + if (vmw_tt->dma_ttm.page_flags & TTM_TT_FLAG_EXTERNAL) { + vsgt->sgt = vmw_tt->dma_ttm.sg; + } else { + vsgt->sgt = &vmw_tt->sgt; + ret = sg_alloc_table_from_pages_segment(&vmw_tt->sgt, + vsgt->pages, vsgt->num_pages, 0, + (unsigned long)vsgt->num_pages << PAGE_SHIFT, + dma_get_max_seg_size(dev_priv->drm.dev), + GFP_KERNEL); + if (ret) + goto out_sg_alloc_fail; + } ret = vmw_ttm_map_for_dma(vmw_tt); if (unlikely(ret != 0)) @@ -209,8 +214,9 @@ static int vmw_ttm_map_dma(struct vmw_ttm_tt *vmw_tt) return 0; out_map_fail: - sg_free_table(vmw_tt->vsgt.sgt); - vmw_tt->vsgt.sgt = NULL; + drm_warn(&dev_priv->drm, "VSG table map failed!"); + sg_free_table(vsgt->sgt); + vsgt->sgt = NULL; out_sg_alloc_fail: return ret; } @@ -356,15 +362,17 @@ static void vmw_ttm_destroy(struct ttm_device *bdev, struct ttm_tt *ttm) static int vmw_ttm_populate(struct ttm_device *bdev, struct ttm_tt *ttm, struct ttm_operation_ctx *ctx) { - int ret; + bool external = (ttm->page_flags & TTM_TT_FLAG_EXTERNAL) != 0; - /* TODO: maybe completely drop this ? */ if (ttm_tt_is_populated(ttm)) return 0; - ret = ttm_pool_alloc(&bdev->pool, ttm, ctx); + if (external && ttm->sg) + return drm_prime_sg_to_dma_addr_array(ttm->sg, + ttm->dma_address, + ttm->num_pages); - return ret; + return ttm_pool_alloc(&bdev->pool, ttm, ctx); } static void vmw_ttm_unpopulate(struct ttm_device *bdev, @@ -372,6 +380,10 @@ static void vmw_ttm_unpopulate(struct ttm_device *bdev, { struct vmw_ttm_tt *vmw_tt = container_of(ttm, struct vmw_ttm_tt, dma_ttm); + bool external = (ttm->page_flags & TTM_TT_FLAG_EXTERNAL) != 0; + + if (external) + return; vmw_ttm_unbind(bdev, ttm); @@ -390,6 +402,7 @@ static struct ttm_tt *vmw_ttm_tt_create(struct ttm_buffer_object *bo, { struct vmw_ttm_tt *vmw_be; int ret; + bool external = bo->type == ttm_bo_type_sg; vmw_be = kzalloc(sizeof(*vmw_be), GFP_KERNEL); if (!vmw_be) @@ -398,7 +411,10 @@ static struct ttm_tt *vmw_ttm_tt_create(struct ttm_buffer_object *bo, vmw_be->dev_priv = vmw_priv_from_ttm(bo->bdev); vmw_be->mob = NULL; - if (vmw_be->dev_priv->map_mode == vmw_dma_alloc_coherent) + if (external) + page_flags |= TTM_TT_FLAG_EXTERNAL | TTM_TT_FLAG_EXTERNAL_MAPPABLE; + + if (vmw_be->dev_priv->map_mode == vmw_dma_alloc_coherent || external) ret = ttm_sg_tt_init(&vmw_be->dma_ttm, bo, page_flags, ttm_cached); else -- 2.40.1

1 year, 2 months

1
0
0 0

[PATCH v2] firmware: qcom: uefisecapp: Fix memory related IO errors and crashes

by Maximilian Luz

It turns out that while the QSEECOM APP_SEND command has specific fields for request and response buffers, uefisecapp expects them both to be in a single memory region. Failure to adhere to this has (so far) resulted in either no response being written to the response buffer (causing an EIO to be emitted down the line), the SCM call to fail with EINVAL (i.e., directly from TZ/firmware), or the device to be hard-reset. While this issue can be triggered deterministically, in the current form it seems to happen rather sporadically (which is why it has gone unnoticed during earlier testing). This is likely due to the two kzalloc() calls (for request and response) being directly after each other. Which means that those likely return consecutive regions most of the time, especially when not much else is going on in the system. Fix this by allocating a single memory region for both request and response buffers, properly aligning both structs inside it. This unfortunately also means that the qcom_scm_qseecom_app_send() interface needs to be restructured, as it should no longer map the DMA regions separately. Therefore, move the responsibility of DMA allocation (or mapping) to the caller. Fixes: 759e7a2b62eb ("firmware: Add support for Qualcomm UEFI Secure Application") Cc: stable(a)vger.kernel.org # 6.7 Tested-by: Johan Hovold <johan+linaro(a)kernel.org> Reviewed-by: Johan Hovold <johan+linaro(a)kernel.org> Signed-off-by: Maximilian Luz <luzmaximilian(a)gmail.com> --- Changes in v2: - rename DMA related variables - replace _phys suffix with _dma - drop _virt suffix - use DMA-based naming in comments instead of referring to physical addresses/memory --- .../firmware/qcom/qcom_qseecom_uefisecapp.c | 137 ++++++++++++------ drivers/firmware/qcom/qcom_scm.c | 37 +---- include/linux/firmware/qcom/qcom_qseecom.h | 55 ++++++- include/linux/firmware/qcom/qcom_scm.h | 10 +- 4 files changed, 153 insertions(+), 86 deletions(-) diff --git a/drivers/firmware/qcom/qcom_qseecom_uefisecapp.c b/drivers/firmware/qcom/qcom_qseecom_uefisecapp.c index 32188f098ef34..bc550ad0dbe0c 100644 --- a/drivers/firmware/qcom/qcom_qseecom_uefisecapp.c +++ b/drivers/firmware/qcom/qcom_qseecom_uefisecapp.c @@ -221,6 +221,19 @@ struct qsee_rsp_uefi_query_variable_info { * alignment of 8 bytes (64 bits) for GUIDs. Our definition of efi_guid_t, * however, has an alignment of 4 byte (32 bits). So far, this seems to work * fine here. See also the comment on the typedef of efi_guid_t. + * + * Note: It looks like uefisecapp is quite picky about how the memory passed to + * it is structured and aligned. In particular the request/response setup used + * for QSEE_CMD_UEFI_GET_VARIABLE. While qcom_qseecom_app_send(), in theory, + * accepts separate buffers/addresses for the request and response parts, in + * practice, however, it seems to expect them to be both part of a larger + * contiguous block. We initially allocated separate buffers for the request + * and response but this caused the QSEE_CMD_UEFI_GET_VARIABLE command to + * either not write any response to the response buffer or outright crash the + * device. Therefore, we now allocate a single contiguous block of DMA memory + * for both and properly align the data using the macros below. In particular, + * request and response structs are aligned at 8 byte (via __reqdata_offs()), + * following the driver that this has been reverse-engineered from. */ #define qcuefi_buf_align_fields(fields...) \ ({ \ @@ -244,6 +257,12 @@ struct qsee_rsp_uefi_query_variable_info { #define __array_offs(type, count, offset) \ __field_impl(sizeof(type) * (count), __alignof__(type), offset) +#define __array_offs_aligned(type, count, align, offset) \ + __field_impl(sizeof(type) * (count), align, offset) + +#define __reqdata_offs(size, offset) \ + __array_offs_aligned(u8, size, 8, offset) + #define __array(type, count) __array_offs(type, count, NULL) #define __field_offs(type, offset) __array_offs(type, 1, offset) #define __field(type) __array_offs(type, 1, NULL) @@ -277,10 +296,15 @@ static efi_status_t qsee_uefi_get_variable(struct qcuefi_client *qcuefi, const e unsigned long buffer_size = *data_size; efi_status_t efi_status = EFI_SUCCESS; unsigned long name_length; + dma_addr_t cmd_buf_dma; + size_t cmd_buf_size; + void *cmd_buf; size_t guid_offs; size_t name_offs; size_t req_size; size_t rsp_size; + size_t req_offs; + size_t rsp_offs; ssize_t status; if (!name || !guid) @@ -304,17 +328,19 @@ static efi_status_t qsee_uefi_get_variable(struct qcuefi_client *qcuefi, const e __array(u8, buffer_size) ); - req_data = kzalloc(req_size, GFP_KERNEL); - if (!req_data) { + cmd_buf_size = qcuefi_buf_align_fields( + __reqdata_offs(req_size, &req_offs) + __reqdata_offs(rsp_size, &rsp_offs) + ); + + cmd_buf = qseecom_dma_alloc(qcuefi->client, cmd_buf_size, &cmd_buf_dma, GFP_KERNEL); + if (!cmd_buf) { efi_status = EFI_OUT_OF_RESOURCES; goto out; } - rsp_data = kzalloc(rsp_size, GFP_KERNEL); - if (!rsp_data) { - efi_status = EFI_OUT_OF_RESOURCES; - goto out_free_req; - } + req_data = cmd_buf + req_offs; + rsp_data = cmd_buf + rsp_offs; req_data->command_id = QSEE_CMD_UEFI_GET_VARIABLE; req_data->data_size = buffer_size; @@ -332,7 +358,9 @@ static efi_status_t qsee_uefi_get_variable(struct qcuefi_client *qcuefi, const e memcpy(((void *)req_data) + req_data->guid_offset, guid, req_data->guid_size); - status = qcom_qseecom_app_send(qcuefi->client, req_data, req_size, rsp_data, rsp_size); + status = qcom_qseecom_app_send(qcuefi->client, + cmd_buf_dma + req_offs, req_size, + cmd_buf_dma + rsp_offs, rsp_size); if (status) { efi_status = EFI_DEVICE_ERROR; goto out_free; @@ -407,9 +435,7 @@ static efi_status_t qsee_uefi_get_variable(struct qcuefi_client *qcuefi, const e memcpy(data, ((void *)rsp_data) + rsp_data->data_offset, rsp_data->data_size); out_free: - kfree(rsp_data); -out_free_req: - kfree(req_data); + qseecom_dma_free(qcuefi->client, cmd_buf_size, cmd_buf, cmd_buf_dma); out: return efi_status; } @@ -422,10 +448,15 @@ static efi_status_t qsee_uefi_set_variable(struct qcuefi_client *qcuefi, const e struct qsee_rsp_uefi_set_variable *rsp_data; efi_status_t efi_status = EFI_SUCCESS; unsigned long name_length; + dma_addr_t cmd_buf_dma; + size_t cmd_buf_size; + void *cmd_buf; size_t name_offs; size_t guid_offs; size_t data_offs; size_t req_size; + size_t req_offs; + size_t rsp_offs; ssize_t status; if (!name || !guid) @@ -450,17 +481,19 @@ static efi_status_t qsee_uefi_set_variable(struct qcuefi_client *qcuefi, const e __array_offs(u8, data_size, &data_offs) ); - req_data = kzalloc(req_size, GFP_KERNEL); - if (!req_data) { + cmd_buf_size = qcuefi_buf_align_fields( + __reqdata_offs(req_size, &req_offs) + __reqdata_offs(sizeof(*rsp_data), &rsp_offs) + ); + + cmd_buf = qseecom_dma_alloc(qcuefi->client, cmd_buf_size, &cmd_buf_dma, GFP_KERNEL); + if (!cmd_buf) { efi_status = EFI_OUT_OF_RESOURCES; goto out; } - rsp_data = kzalloc(sizeof(*rsp_data), GFP_KERNEL); - if (!rsp_data) { - efi_status = EFI_OUT_OF_RESOURCES; - goto out_free_req; - } + req_data = cmd_buf + req_offs; + rsp_data = cmd_buf + rsp_offs; req_data->command_id = QSEE_CMD_UEFI_SET_VARIABLE; req_data->attributes = attributes; @@ -483,8 +516,9 @@ static efi_status_t qsee_uefi_set_variable(struct qcuefi_client *qcuefi, const e if (data_size) memcpy(((void *)req_data) + req_data->data_offset, data, req_data->data_size); - status = qcom_qseecom_app_send(qcuefi->client, req_data, req_size, rsp_data, - sizeof(*rsp_data)); + status = qcom_qseecom_app_send(qcuefi->client, + cmd_buf_dma + req_offs, req_size, + cmd_buf_dma + rsp_offs, sizeof(*rsp_data)); if (status) { efi_status = EFI_DEVICE_ERROR; goto out_free; @@ -507,9 +541,7 @@ static efi_status_t qsee_uefi_set_variable(struct qcuefi_client *qcuefi, const e } out_free: - kfree(rsp_data); -out_free_req: - kfree(req_data); + qseecom_dma_free(qcuefi->client, cmd_buf_size, cmd_buf, cmd_buf_dma); out: return efi_status; } @@ -521,10 +553,15 @@ static efi_status_t qsee_uefi_get_next_variable(struct qcuefi_client *qcuefi, struct qsee_req_uefi_get_next_variable *req_data; struct qsee_rsp_uefi_get_next_variable *rsp_data; efi_status_t efi_status = EFI_SUCCESS; + dma_addr_t cmd_buf_dma; + size_t cmd_buf_size; + void *cmd_buf; size_t guid_offs; size_t name_offs; size_t req_size; size_t rsp_size; + size_t req_offs; + size_t rsp_offs; ssize_t status; if (!name_size || !name || !guid) @@ -545,17 +582,19 @@ static efi_status_t qsee_uefi_get_next_variable(struct qcuefi_client *qcuefi, __array(*name, *name_size / sizeof(*name)) ); - req_data = kzalloc(req_size, GFP_KERNEL); - if (!req_data) { + cmd_buf_size = qcuefi_buf_align_fields( + __reqdata_offs(req_size, &req_offs) + __reqdata_offs(rsp_size, &rsp_offs) + ); + + cmd_buf = qseecom_dma_alloc(qcuefi->client, cmd_buf_size, &cmd_buf_dma, GFP_KERNEL); + if (!cmd_buf) { efi_status = EFI_OUT_OF_RESOURCES; goto out; } - rsp_data = kzalloc(rsp_size, GFP_KERNEL); - if (!rsp_data) { - efi_status = EFI_OUT_OF_RESOURCES; - goto out_free_req; - } + req_data = cmd_buf + req_offs; + rsp_data = cmd_buf + rsp_offs; req_data->command_id = QSEE_CMD_UEFI_GET_NEXT_VARIABLE; req_data->guid_offset = guid_offs; @@ -572,7 +611,9 @@ static efi_status_t qsee_uefi_get_next_variable(struct qcuefi_client *qcuefi, goto out_free; } - status = qcom_qseecom_app_send(qcuefi->client, req_data, req_size, rsp_data, rsp_size); + status = qcom_qseecom_app_send(qcuefi->client, + cmd_buf_dma + req_offs, req_size, + cmd_buf_dma + rsp_offs, rsp_size); if (status) { efi_status = EFI_DEVICE_ERROR; goto out_free; @@ -645,9 +686,7 @@ static efi_status_t qsee_uefi_get_next_variable(struct qcuefi_client *qcuefi, } out_free: - kfree(rsp_data); -out_free_req: - kfree(req_data); + qseecom_dma_free(qcuefi->client, cmd_buf_size, cmd_buf, cmd_buf_dma); out: return efi_status; } @@ -659,26 +698,34 @@ static efi_status_t qsee_uefi_query_variable_info(struct qcuefi_client *qcuefi, struct qsee_req_uefi_query_variable_info *req_data; struct qsee_rsp_uefi_query_variable_info *rsp_data; efi_status_t efi_status = EFI_SUCCESS; + dma_addr_t cmd_buf_dma; + size_t cmd_buf_size; + void *cmd_buf; + size_t req_offs; + size_t rsp_offs; int status; - req_data = kzalloc(sizeof(*req_data), GFP_KERNEL); - if (!req_data) { + cmd_buf_size = qcuefi_buf_align_fields( + __reqdata_offs(sizeof(*req_data), &req_offs) + __reqdata_offs(sizeof(*rsp_data), &rsp_offs) + ); + + cmd_buf = qseecom_dma_alloc(qcuefi->client, cmd_buf_size, &cmd_buf_dma, GFP_KERNEL); + if (!cmd_buf) { efi_status = EFI_OUT_OF_RESOURCES; goto out; } - rsp_data = kzalloc(sizeof(*rsp_data), GFP_KERNEL); - if (!rsp_data) { - efi_status = EFI_OUT_OF_RESOURCES; - goto out_free_req; - } + req_data = cmd_buf + req_offs; + rsp_data = cmd_buf + rsp_offs; req_data->command_id = QSEE_CMD_UEFI_QUERY_VARIABLE_INFO; req_data->attributes = attr; req_data->length = sizeof(*req_data); - status = qcom_qseecom_app_send(qcuefi->client, req_data, sizeof(*req_data), rsp_data, - sizeof(*rsp_data)); + status = qcom_qseecom_app_send(qcuefi->client, + cmd_buf_dma + req_offs, sizeof(*req_data), + cmd_buf_dma + rsp_offs, sizeof(*rsp_data)); if (status) { efi_status = EFI_DEVICE_ERROR; goto out_free; @@ -711,9 +758,7 @@ static efi_status_t qsee_uefi_query_variable_info(struct qcuefi_client *qcuefi, *max_variable_size = rsp_data->max_variable_size; out_free: - kfree(rsp_data); -out_free_req: - kfree(req_data); + qseecom_dma_free(qcuefi->client, cmd_buf_size, cmd_buf, cmd_buf_dma); out: return efi_status; } diff --git a/drivers/firmware/qcom/qcom_scm.c b/drivers/firmware/qcom/qcom_scm.c index 81c15aeff934a..f9c9fcfeaadaf 100644 --- a/drivers/firmware/qcom/qcom_scm.c +++ b/drivers/firmware/qcom/qcom_scm.c @@ -1579,9 +1579,9 @@ EXPORT_SYMBOL_GPL(qcom_scm_qseecom_app_get_id); /** * qcom_scm_qseecom_app_send() - Send to and receive data from a given QSEE app. * @app_id: The ID of the target app. - * @req: Request buffer sent to the app (must be DMA-mappable). + * @req: DMA address of the request buffer sent to the app. * @req_size: Size of the request buffer. - * @rsp: Response buffer, written to by the app (must be DMA-mappable). + * @rsp: DMA address of the response buffer, written to by the app. * @rsp_size: Size of the response buffer. * * Sends a request to the QSEE app associated with the given ID and read back @@ -1592,33 +1592,13 @@ EXPORT_SYMBOL_GPL(qcom_scm_qseecom_app_get_id); * * Return: Zero on success, nonzero on failure. */ -int qcom_scm_qseecom_app_send(u32 app_id, void *req, size_t req_size, void *rsp, - size_t rsp_size) +int qcom_scm_qseecom_app_send(u32 app_id, dma_addr_t req, size_t req_size, + dma_addr_t rsp, size_t rsp_size) { struct qcom_scm_qseecom_resp res = {}; struct qcom_scm_desc desc = {}; - dma_addr_t req_phys; - dma_addr_t rsp_phys; int status; - /* Map request buffer */ - req_phys = dma_map_single(__scm->dev, req, req_size, DMA_TO_DEVICE); - status = dma_mapping_error(__scm->dev, req_phys); - if (status) { - dev_err(__scm->dev, "qseecom: failed to map request buffer\n"); - return status; - } - - /* Map response buffer */ - rsp_phys = dma_map_single(__scm->dev, rsp, rsp_size, DMA_FROM_DEVICE); - status = dma_mapping_error(__scm->dev, rsp_phys); - if (status) { - dma_unmap_single(__scm->dev, req_phys, req_size, DMA_TO_DEVICE); - dev_err(__scm->dev, "qseecom: failed to map response buffer\n"); - return status; - } - - /* Set up SCM call data */ desc.owner = QSEECOM_TZ_OWNER_TZ_APPS; desc.svc = QSEECOM_TZ_SVC_APP_ID_PLACEHOLDER; desc.cmd = QSEECOM_TZ_CMD_APP_SEND; @@ -1626,18 +1606,13 @@ int qcom_scm_qseecom_app_send(u32 app_id, void *req, size_t req_size, void *rsp, QCOM_SCM_RW, QCOM_SCM_VAL, QCOM_SCM_RW, QCOM_SCM_VAL); desc.args[0] = app_id; - desc.args[1] = req_phys; + desc.args[1] = req; desc.args[2] = req_size; - desc.args[3] = rsp_phys; + desc.args[3] = rsp; desc.args[4] = rsp_size; - /* Perform call */ status = qcom_scm_qseecom_call(&desc, &res); - /* Unmap buffers */ - dma_unmap_single(__scm->dev, rsp_phys, rsp_size, DMA_FROM_DEVICE); - dma_unmap_single(__scm->dev, req_phys, req_size, DMA_TO_DEVICE); - if (status) return status; diff --git a/include/linux/firmware/qcom/qcom_qseecom.h b/include/linux/firmware/qcom/qcom_qseecom.h index 5c28298a98bec..366243ee96096 100644 --- a/include/linux/firmware/qcom/qcom_qseecom.h +++ b/include/linux/firmware/qcom/qcom_qseecom.h @@ -10,6 +10,7 @@ #define __QCOM_QSEECOM_H #include <linux/auxiliary_bus.h> +#include <linux/dma-mapping.h> #include <linux/types.h> #include <linux/firmware/qcom/qcom_scm.h> @@ -24,12 +25,57 @@ struct qseecom_client { u32 app_id; }; +/** + * qseecom_scm_dev() - Get the SCM device associated with the QSEECOM client. + * @client: The QSEECOM client device. + * + * Returns the SCM device under which the provided QSEECOM client device + * operates. This function is intended to be used for DMA allocations. + */ +static inline struct device *qseecom_scm_dev(struct qseecom_client *client) +{ + return client->aux_dev.dev.parent->parent; +} + +/** + * qseecom_dma_alloc() - Allocate DMA memory for a QSEECOM client. + * @client: The QSEECOM client to allocate the memory for. + * @size: The number of bytes to allocate. + * @dma_handle: Pointer to where the DMA address should be stored. + * @gfp: Allocation flags. + * + * Wrapper function for dma_alloc_coherent(), allocating DMA memory usable for + * TZ/QSEECOM communication. Refer to dma_alloc_coherent() for details. + */ +static inline void *qseecom_dma_alloc(struct qseecom_client *client, size_t size, + dma_addr_t *dma_handle, gfp_t gfp) +{ + return dma_alloc_coherent(qseecom_scm_dev(client), size, dma_handle, gfp); +} + +/** + * dma_free_coherent() - Free QSEECOM DMA memory. + * @client: The QSEECOM client for which the memory has been allocated. + * @size: The number of bytes allocated. + * @cpu_addr: Virtual memory address to free. + * @dma_handle: DMA memory address to free. + * + * Wrapper function for dma_free_coherent(), freeing memory previously + * allocated with qseecom_dma_alloc(). Refer to dma_free_coherent() for + * details. + */ +static inline void qseecom_dma_free(struct qseecom_client *client, size_t size, + void *cpu_addr, dma_addr_t dma_handle) +{ + return dma_free_coherent(qseecom_scm_dev(client), size, cpu_addr, dma_handle); +} + /** * qcom_qseecom_app_send() - Send to and receive data from a given QSEE app. * @client: The QSEECOM client associated with the target app. - * @req: Request buffer sent to the app (must be DMA-mappable). + * @req: DMA address of the request buffer sent to the app. * @req_size: Size of the request buffer. - * @rsp: Response buffer, written to by the app (must be DMA-mappable). + * @rsp: DMA address of the response buffer, written to by the app. * @rsp_size: Size of the response buffer. * * Sends a request to the QSEE app associated with the given client and read @@ -43,8 +89,9 @@ struct qseecom_client { * * Return: Zero on success, nonzero on failure. */ -static inline int qcom_qseecom_app_send(struct qseecom_client *client, void *req, size_t req_size, - void *rsp, size_t rsp_size) +static inline int qcom_qseecom_app_send(struct qseecom_client *client, + dma_addr_t req, size_t req_size, + dma_addr_t rsp, size_t rsp_size) { return qcom_scm_qseecom_app_send(client->app_id, req, req_size, rsp, rsp_size); } diff --git a/include/linux/firmware/qcom/qcom_scm.h b/include/linux/firmware/qcom/qcom_scm.h index ccaf288460546..aaa19f93ac430 100644 --- a/include/linux/firmware/qcom/qcom_scm.h +++ b/include/linux/firmware/qcom/qcom_scm.h @@ -118,8 +118,8 @@ bool qcom_scm_lmh_dcvsh_available(void); #ifdef CONFIG_QCOM_QSEECOM int qcom_scm_qseecom_app_get_id(const char *app_name, u32 *app_id); -int qcom_scm_qseecom_app_send(u32 app_id, void *req, size_t req_size, void *rsp, - size_t rsp_size); +int qcom_scm_qseecom_app_send(u32 app_id, dma_addr_t req, size_t req_size, + dma_addr_t rsp, size_t rsp_size); #else /* CONFIG_QCOM_QSEECOM */ @@ -128,9 +128,9 @@ static inline int qcom_scm_qseecom_app_get_id(const char *app_name, u32 *app_id) return -EINVAL; } -static inline int qcom_scm_qseecom_app_send(u32 app_id, void *req, - size_t req_size, void *rsp, - size_t rsp_size) +static inline int qcom_scm_qseecom_app_send(u32 app_id, + dma_addr_t req, size_t req_size, + dma_addr_t rsp, size_t rsp_size) { return -EINVAL; } -- 2.44.0

1 year, 2 months

3
2
0 0

[PATCH v2 5.10/5.15] ata: libata-scsi: check cdb length for VARIABLE_LENGTH_CMD commands

by Mikhail Ukhin

No upstream commit exists for this patch. Fuzzing of 5.10 stable branch reports a slab-out-of-bounds error in ata_scsi_pass_thru. The error is fixed in 5.18 by commit ce70fd9a551a ("scsi: core: Remove the cmd field from struct scsi_request") upstream. Backporting this commit would require significant changes to the code so it is bettter to use a simple fix for that particular error. The problem is that the length of the received SCSI command is not validated if scsi_op == VARIABLE_LENGTH_CMD. It can lead to out-of-bounds reading if the user sends a request with SCSI command of length less than 32. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Signed-off-by: Artem Sadovnikov <ancowi69(a)gmail.com> Signed-off-by: Mikhail Ivanov <iwanov-23(a)bk.ru> Signed-off-by: Mikhail Ukhin <mish.uxin2012(a)yandex.ru> --- v2: The new addresses were added and the text was updated. drivers/ata/libata-scsi.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c index dfa090ccd21c..77589e911d3d 100644 --- a/drivers/ata/libata-scsi.c +++ b/drivers/ata/libata-scsi.c @@ -4065,6 +4065,9 @@ int __ata_scsi_queuecmd(struct scsi_cmnd *scmd, struct ata_device *dev) if (unlikely(!scmd->cmd_len)) goto bad_cdb_len; + + if (scsi_op == VARIABLE_LENGTH_CMD && scmd->cmd_len < 32) + goto bad_cdb_len; if (dev->class == ATA_DEV_ATA || dev->class == ATA_DEV_ZAC) { if (unlikely(scmd->cmd_len > dev->cdb_len)) -- 2.25.1

1 year, 2 months

2
1
0 0

[PATCH v2] ACPI: CPPC: Fix access width used for PCC registers

by Vanshidhar Konda

commit 2f4a4d63a193be6fd530d180bb13c3592052904c modified cpc_read/cpc_write to use access_width to read CPC registers. For PCC registers the access width field in the ACPI register macro specifies the PCC subspace id. For non-zero PCC subspace id the access width is incorrectly treated as access width. This causes errors when reading from PCC registers in the CPPC driver. For PCC registers base the size of read/write on the bit width field. The debug message in cpc_read/cpc_write is updated to print relevant information for the address space type used to read the register. Signed-off-by: Vanshidhar Konda <vanshikonda(a)os.amperecomputing.com> Tested-by: Jarred White <jarredwhite(a)linux.microsoft.com> Reviewed-by: Jarred White <jarredwhite(a)linux.microsoft.com> Cc: 5.15+ <stable(a)vger.kernel.org> # 5.15+ --- When testing v6.9-rc1 kernel on AmpereOne system dmesg showed that cpufreq policy had failed to initialize on some cores during boot because cpufreq->get() always returned 0. On this system CPPC registers are in PCC subspace index 2 that are 32 bits wide. With this patch the CPPC driver interpreted the access width field as 16 bits, causing the register read to roll over too quickly to provide valid values during frequency computation. v2: - Use size variable in debug print message - Use size instead of reg->bit_width for acpi_os_read_memory and acpi_os_write_memory drivers/acpi/cppc_acpi.c | 53 ++++++++++++++++++++++++++++------------ 1 file changed, 37 insertions(+), 16 deletions(-) diff --git a/drivers/acpi/cppc_acpi.c b/drivers/acpi/cppc_acpi.c index 4bfbe55553f4..a037e9d15f48 100644 --- a/drivers/acpi/cppc_acpi.c +++ b/drivers/acpi/cppc_acpi.c @@ -1002,14 +1002,14 @@ static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val) } *val = 0; + size = GET_BIT_WIDTH(reg); if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_IO) { - u32 width = GET_BIT_WIDTH(reg); u32 val_u32; acpi_status status; status = acpi_os_read_port((acpi_io_address)reg->address, - &val_u32, width); + &val_u32, size); if (ACPI_FAILURE(status)) { pr_debug("Error: Failed to read SystemIO port %llx\n", reg->address); @@ -1018,17 +1018,22 @@ static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val) *val = val_u32; return 0; - } else if (reg->space_id == ACPI_ADR_SPACE_PLATFORM_COMM && pcc_ss_id >= 0) + } else if (reg->space_id == ACPI_ADR_SPACE_PLATFORM_COMM && pcc_ss_id >= 0) { + /* + * For registers in PCC space, the register size is determined + * by the bit width field; the access size is used to indicate + * the PCC subspace id. + */ + size = reg->bit_width; vaddr = GET_PCC_VADDR(reg->address, pcc_ss_id); + } else if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) vaddr = reg_res->sys_mem_vaddr; else if (reg->space_id == ACPI_ADR_SPACE_FIXED_HARDWARE) return cpc_read_ffh(cpu, reg, val); else return acpi_os_read_memory((acpi_physical_address)reg->address, - val, reg->bit_width); - - size = GET_BIT_WIDTH(reg); + val, size); switch (size) { case 8: @@ -1044,8 +1049,13 @@ static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val) *val = readq_relaxed(vaddr); break; default: - pr_debug("Error: Cannot read %u bit width from PCC for ss: %d\n", - reg->bit_width, pcc_ss_id); + if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) { + pr_debug("Error: Cannot read %u width from for system memory: 0x%llx\n", + size, reg->address); + } else if (reg->space_id == ACPI_ADR_SPACE_PLATFORM_COMM) { + pr_debug("Error: Cannot read %u bit width to PCC for ss: %d\n", + size, pcc_ss_id); + } return -EFAULT; } @@ -1063,12 +1073,13 @@ static int cpc_write(int cpu, struct cpc_register_resource *reg_res, u64 val) int pcc_ss_id = per_cpu(cpu_pcc_subspace_idx, cpu); struct cpc_reg *reg = &reg_res->cpc_entry.reg; + size = GET_BIT_WIDTH(reg); + if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_IO) { - u32 width = GET_BIT_WIDTH(reg); acpi_status status; status = acpi_os_write_port((acpi_io_address)reg->address, - (u32)val, width); + (u32)val, size); if (ACPI_FAILURE(status)) { pr_debug("Error: Failed to write SystemIO port %llx\n", reg->address); @@ -1076,17 +1087,22 @@ static int cpc_write(int cpu, struct cpc_register_resource *reg_res, u64 val) } return 0; - } else if (reg->space_id == ACPI_ADR_SPACE_PLATFORM_COMM && pcc_ss_id >= 0) + } else if (reg->space_id == ACPI_ADR_SPACE_PLATFORM_COMM && pcc_ss_id >= 0) { + /* + * For registers in PCC space, the register size is determined + * by the bit width field; the access size is used to indicate + * the PCC subspace id. + */ + size = reg->bit_width; vaddr = GET_PCC_VADDR(reg->address, pcc_ss_id); + } else if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) vaddr = reg_res->sys_mem_vaddr; else if (reg->space_id == ACPI_ADR_SPACE_FIXED_HARDWARE) return cpc_write_ffh(cpu, reg, val); else return acpi_os_write_memory((acpi_physical_address)reg->address, - val, reg->bit_width); - - size = GET_BIT_WIDTH(reg); + val, size); if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) val = MASK_VAL(reg, val); @@ -1105,8 +1121,13 @@ static int cpc_write(int cpu, struct cpc_register_resource *reg_res, u64 val) writeq_relaxed(val, vaddr); break; default: - pr_debug("Error: Cannot write %u bit width to PCC for ss: %d\n", - reg->bit_width, pcc_ss_id); + if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) { + pr_debug("Error: Cannot write %u width from for system memory: 0x%llx\n", + size, reg->address); + } else if (reg->space_id == ACPI_ADR_SPACE_PLATFORM_COMM) { + pr_debug("Error: Cannot write %u bit width to PCC for ss: %d\n", + size, pcc_ss_id); + } ret_val = -EFAULT; break; } -- 2.43.1

1 year, 2 months

2
1
0 0

[PATCH RESEND 0/2] usb: typec: tipd: fix event checking in interrupt service routines

by Javier Carrasco

The ISRs of the tps25750 and tps6598x do not handle generated events properly under all circumstances. The tps6598x ISR does not read all bits of the INT_EVENTX registers, leaving events signaled with bits above 64 unattended. Moreover, these events are not cleared, leaving the interrupt enabled. The tps25750 reads all bits of the INT_EVENT1 register, but the event checking is not right because the same event is checked in two different regions of the same register by means of an OR operation. This series aims to fix both issues by reading all bits of the INT_EVENTX registers, and limiting the event checking to the region where the supported events are defined (currently they are limited to the first 64 bits of the registers, as the are defined as BIT_ULL()). If the need for events above the first 64 bits of the INT_EVENTX registers arises, a different mechanism might be required. But for the current needs, all definitions can be left as they are. Note: resend to add the Cc tag for 'stable' (fixes in the series). Signed-off-by: Javier Carrasco <javier.carrasco(a)wolfvision.net> --- Javier Carrasco (2): usb: typec: tipd: fix event checking for tps25750 usb: typec: tipd: fix event checking for tps6598x drivers/usb/typec/tipd/core.c | 37 +++++++++++++++++++++---------------- 1 file changed, 21 insertions(+), 16 deletions(-) --- base-commit: 4cece764965020c22cff7665b18a012006359095 change-id: 20240328-tps6598x_fix_event_handling-3398d3d82f85 Best regards, -- Javier Carrasco <javier.carrasco(a)wolfvision.net>

1 year, 2 months

2
9
0 0

[PATCH net] Bluetooth: hci_event: fix double hci_conn_drop() when conn->state == BT_CONNECTED

by kovalev＠altlinux.org

From: Vasiliy Kovalev <kovalev(a)altlinux.org> There is no need to drop the connection of some functions in which the conn->state in BT_CONNECTED is marked, since in the future the same check takes place (for example, in the hci_encrypt_change_evt() function) and the hci_conn_drop() is called. Otherwise, the conn->refcnt will become below zero, which will trigger a warning and may cause a crash on kernels with the panic_on_warn parameter enabled. Syzkaller hit 'WARNING in hci_conn_timeout' bug. [ 23.485892] Bluetooth: Core ver 2.22 [ 23.485916] NET: Registered PF_BLUETOOTH protocol family [ 23.485917] Bluetooth: HCI device and connection manager initialized [ 23.486407] Bluetooth: HCI socket layer initialized [ 23.486410] Bluetooth: L2CAP socket layer initialized [ 23.486413] Bluetooth: SCO socket layer initialized [ 24.507112] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 24.507142] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 24.507165] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 24.508091] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 24.508109] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 24.508117] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 24.545962] Bluetooth: BNEP (Ethernet Emulation) ver 1.3 [ 24.545969] Bluetooth: BNEP filters: protocol multicast [ 24.545973] Bluetooth: BNEP socket layer initialized [ 24.547521] Bluetooth: MGMT ver 1.22 [ 26.553008] Bluetooth: hci0: command tx timeout [ 26.561518] Bluetooth: RFCOMM TTY layer initialized [ 26.561526] Bluetooth: RFCOMM socket layer initialized [ 26.561532] Bluetooth: RFCOMM ver 1.11 [ 28.602024] Bluetooth: hci0: Opcode 0x0c13 failed: -110 [ 28.602054] Bluetooth: hci0: command tx timeout [ 30.650011] Bluetooth: hci0: Opcode 0x0c24 failed: -110 [ 30.650021] Bluetooth: hci0: command tx timeout [ 32.696973] Bluetooth: hci0: command tx timeout [ 32.696985] Bluetooth: hci0: Opcode 0x0c24 failed: -110 [ 34.744973] Bluetooth: hci0: command 0x0406 tx timeout [ 34.745008] Bluetooth: hci0: Opcode 0x0c24 failed: -110 [ 36.792966] Bluetooth: hci0: Opcode 0x0c24 failed: -110 [ 36.792980] Bluetooth: hci0: command 0x0406 tx timeout [ 38.841027] Bluetooth: hci0: command 0x0406 tx timeout [ 38.841035] Bluetooth: hci0: Opcode 0x0c24 failed: -110 [ 40.889026] Bluetooth: hci0: Opcode 0x0c24 failed: -110 [ 40.889999] Bluetooth: hci0: command 0x0406 tx timeout [ 40.890012] Bluetooth: hci0: Opcode 0x0c24 failed: -110 [ 40.893629] NET: Registered PF_ALG protocol family [ 42.937008] Bluetooth: hci0: Opcode 0x0c24 failed: -110 [ 42.937023] Bluetooth: hci0: command 0x0406 tx timeout [ 44.984984] Bluetooth: hci0: Opcode 0x0c24 failed: -110 [ 44.985008] Bluetooth: hci0: command 0x0406 tx timeout [ 47.033023] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 47.033044] Bluetooth: hci0: command 0x0406 tx timeout [ 49.080976] Bluetooth: hci0: command 0x0406 tx timeout [ 49.080985] Bluetooth: hci0: Opcode 0x0c24 failed: -110 [ 51.129140] Bluetooth: hci0: Opcode 0x0c24 failed: -110 [ 51.130051] Bluetooth: hci0: command 0x0406 tx timeout [ 53.177011] Bluetooth: hci0: command 0x0406 tx timeout [ 55.225969] Bluetooth: hci0: command 0x0406 tx timeout [ 57.272968] Bluetooth: hci0: command 0x0406 tx timeout [ 59.320982] Bluetooth: hci0: command 0x0406 tx timeout [ 61.368989] Bluetooth: hci0: command 0x0406 tx timeout [ 148.474066] ------------[ cut here ]------------ [ 148.474072] WARNING: CPU: 0 PID: 3835 at net/bluetooth/hci_conn.c:612 hci_conn_timeout+0x16/0x60 [bluetooth] [ 148.474115] Modules linked in: cmac algif_hash algif_skcipher af_alg rfcomm bnep hci_vhci bluetooth ecdh_generic uinput af_packet rfkill joydev hid_generic usbhid hid qrtr intel_rapl_msr intel_rapl_common intel_pmc_core kvm_intel nls_utf8 iTCO_wdt intel_pmc_bxt iTCO_vendor_support nls_cp866 vfat fat kvm irqbypass crct10dif_pclmul crc32_pclmul snd_hda_codec_generic crc32c_intel ghash_clmulni_intel ledtrig_audio sha512_ssse3 snd_hda_intel sha256_ssse3 sha1_ssse3 snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec aesni_intel crypto_simd cryptd i2c_i801 snd_hda_core psmouse snd_hwdep i2c_smbus xhci_pci pcspkr snd_pcm lpc_ich xhci_pci_renesas xhci_hcd tiny_power_button qemu_fw_cfg button sch_fq_codel vboxvideo drm_vram_helper drm_ttm_helper ttm vboxsf vboxguest snd_seq_midi snd_seq_midi_event snd_seq snd_rawmidi snd_seq_device snd_timer snd soundcore msr fuse efi_pstore dm_mod ip_tables x_tables autofs4 virtio_gpu virtio_net virtio_dma_buf drm_shmem_helper net_failover drm_kms_helper [ 148.474210] virtio_rng drm virtio_scsi rng_core virtio_console virtio_balloon virtio_blk failover ahci libahci libata evdev input_leds serio_raw scsi_mod scsi_common virtio_pci virtio_pci_legacy_dev virtio_pci_modern_dev virtio_ring virtio intel_agp intel_gtt [ 148.474234] CPU: 0 PID: 3835 Comm: kworker/u5:2 Not tainted 6.1.85-un-def-alt1 #1 [ 148.474238] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-alt1 04/01/2014 [ 148.474241] Workqueue: hci0 hci_conn_timeout [bluetooth] [ 148.474265] RIP: 0010:hci_conn_timeout+0x16/0x60 [bluetooth] [ 148.474288] Code: 00 00 66 89 44 24 06 e8 58 a7 ff ff eb a8 e8 41 7b ee c1 90 0f 1f 44 00 00 8b 87 20 fd ff ff 85 c0 78 07 74 07 c3 cc cc cc cc <0f> 0b 55 0f b6 87 49 fd ff ff 48 8d af 10 fd ff ff 3c 01 74 12 be [ 148.474291] RSP: 0018:ffffa7fd80b53e90 EFLAGS: 00010286 [ 148.474295] RAX: 00000000fffe728b RBX: ffff8959c46ab180 RCX: ffff8959c3b70028 [ 148.474297] RDX: 0000000000000001 RSI: ffff8959c86ce0b0 RDI: ffff895a105aeaf0 [ 148.474299] RBP: ffff895a105aeaf0 R08: ffff8959c86ce0b0 R09: ffff8959c46ab1f4 [ 148.474301] R10: 0000000000000005 R11: 0000000000000005 R12: ffff8959c3b70000 [ 148.474302] R13: ffff8959ec495400 R14: 0000000000000000 R15: ffff8959ec495405 [ 148.474305] FS: 0000000000000000(0000) GS:ffff895a3dc00000(0000) knlGS:0000000000000000 [ 148.474308] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 148.474310] CR2: 00007f2a1b7baa48 CR3: 0000000034b98000 CR4: 0000000000750ef0 [ 148.474317] PKRU: 55555554 [ 148.474319] Call Trace: [ 148.474323] <TASK> [ 148.474327] ? __warn+0x79/0xc0 [ 148.474343] ? hci_conn_timeout+0x16/0x60 [bluetooth] [ 148.474364] ? report_bug+0xff/0x150 [ 148.474375] ? handle_bug+0x49/0xa0 [ 148.474398] ? exc_invalid_op+0x14/0x70 [ 148.474402] ? asm_exc_invalid_op+0x16/0x20 [ 148.474408] ? hci_conn_timeout+0x16/0x60 [bluetooth] [ 148.474441] process_one_work+0x217/0x3e0 [ 148.474467] worker_thread+0x4d/0x3c0 [ 148.474473] ? process_one_work+0x3e0/0x3e0 [ 148.474478] kthread+0xd6/0x100 [ 148.474482] ? kthread_complete_and_exit+0x20/0x20 [ 148.474486] ret_from_fork+0x1f/0x30 [ 148.474500] </TASK> [ 148.474502] ---[ end trace 0000000000000000 ]--- Fixes: 0fe29fd1cd77 ("Bluetooth: Read LE remote features during connection establishment") Fixes: 769be974d0c7 ("[Bluetooth] Use ACL config stage to retrieve remote features") Fixes: f8558555f31e ("[Bluetooth] Initiate authentication during connection establishment") Cc: stable(a)vger.kernel.org Signed-off-by: Vasiliy Kovalev <kovalev(a)altlinux.org> --- net/bluetooth/hci_event.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index a8b8cfebe0180c..64477e1bde7cec 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -3529,7 +3529,6 @@ static void hci_auth_complete_evt(struct hci_dev *hdev, void *data, } else { conn->state = BT_CONNECTED; hci_connect_cfm(conn, ev->status); - hci_conn_drop(conn); } } else { hci_auth_cfm(conn, ev->status); @@ -3776,7 +3775,6 @@ static void hci_remote_features_evt(struct hci_dev *hdev, void *data, if (!hci_outgoing_auth_needed(hdev, conn)) { conn->state = BT_CONNECTED; hci_connect_cfm(conn, ev->status); - hci_conn_drop(conn); } unlock: @@ -5030,7 +5028,6 @@ static void hci_remote_ext_features_evt(struct hci_dev *hdev, void *data, if (!hci_outgoing_auth_needed(hdev, conn)) { conn->state = BT_CONNECTED; hci_connect_cfm(conn, ev->status); - hci_conn_drop(conn); } unlock: @@ -6561,7 +6558,6 @@ static void hci_le_remote_feat_complete_evt(struct hci_dev *hdev, void *data, conn->state = BT_CONNECTED; hci_connect_cfm(conn, status); - hci_conn_drop(conn); } } -- 2.33.8

1 year, 2 months

2
2
0 0

[git:media_tree/master] media: rc: bpf attach/detach requires write permission

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: rc: bpf attach/detach requires write permission Author: Sean Young <sean(a)mess.org> Date: Thu Apr 13 10:50:32 2023 +0200 Note that bpf attach/detach also requires CAP_NET_ADMIN. Cc: stable(a)vger.kernel.org Signed-off-by: Sean Young <sean(a)mess.org> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)kernel.org> drivers/media/rc/bpf-lirc.c | 6 +++--- drivers/media/rc/lirc_dev.c | 5 ++++- drivers/media/rc/rc-core-priv.h | 2 +- 3 files changed, 8 insertions(+), 5 deletions(-) --- diff --git a/drivers/media/rc/bpf-lirc.c b/drivers/media/rc/bpf-lirc.c index fe17c7f98e81..52d82cbe7685 100644 --- a/drivers/media/rc/bpf-lirc.c +++ b/drivers/media/rc/bpf-lirc.c @@ -253,7 +253,7 @@ int lirc_prog_attach(const union bpf_attr *attr, struct bpf_prog *prog) if (attr->attach_flags) return -EINVAL; - rcdev = rc_dev_get_from_fd(attr->target_fd); + rcdev = rc_dev_get_from_fd(attr->target_fd, true); if (IS_ERR(rcdev)) return PTR_ERR(rcdev); @@ -278,7 +278,7 @@ int lirc_prog_detach(const union bpf_attr *attr) if (IS_ERR(prog)) return PTR_ERR(prog); - rcdev = rc_dev_get_from_fd(attr->target_fd); + rcdev = rc_dev_get_from_fd(attr->target_fd, true); if (IS_ERR(rcdev)) { bpf_prog_put(prog); return PTR_ERR(rcdev); @@ -303,7 +303,7 @@ int lirc_prog_query(const union bpf_attr *attr, union bpf_attr __user *uattr) if (attr->query.query_flags) return -EINVAL; - rcdev = rc_dev_get_from_fd(attr->query.target_fd); + rcdev = rc_dev_get_from_fd(attr->query.target_fd, false); if (IS_ERR(rcdev)) return PTR_ERR(rcdev); diff --git a/drivers/media/rc/lirc_dev.c b/drivers/media/rc/lirc_dev.c index a537734832c5..caad59f76793 100644 --- a/drivers/media/rc/lirc_dev.c +++ b/drivers/media/rc/lirc_dev.c @@ -814,7 +814,7 @@ void __exit lirc_dev_exit(void) unregister_chrdev_region(lirc_base_dev, RC_DEV_MAX); } -struct rc_dev *rc_dev_get_from_fd(int fd) +struct rc_dev *rc_dev_get_from_fd(int fd, bool write) { struct fd f = fdget(fd); struct lirc_fh *fh; @@ -828,6 +828,9 @@ struct rc_dev *rc_dev_get_from_fd(int fd) return ERR_PTR(-EINVAL); } + if (write && !(f.file->f_mode & FMODE_WRITE)) + return ERR_PTR(-EPERM); + fh = f.file->private_data; dev = fh->rc; diff --git a/drivers/media/rc/rc-core-priv.h b/drivers/media/rc/rc-core-priv.h index ef1e95e1af7f..7df949fc65e2 100644 --- a/drivers/media/rc/rc-core-priv.h +++ b/drivers/media/rc/rc-core-priv.h @@ -325,7 +325,7 @@ void lirc_raw_event(struct rc_dev *dev, struct ir_raw_event ev); void lirc_scancode_event(struct rc_dev *dev, struct lirc_scancode *lsc); int lirc_register(struct rc_dev *dev); void lirc_unregister(struct rc_dev *dev); -struct rc_dev *rc_dev_get_from_fd(int fd); +struct rc_dev *rc_dev_get_from_fd(int fd, bool write); #else static inline int lirc_dev_init(void) { return 0; } static inline void lirc_dev_exit(void) {}

1 year, 2 months

1
0
0 0

[PATCH 6.1 0/6] backport xfs fix patches reported by xfs/179/270/557/606

by Mahmoud Adam

Hi, These patches fix and reported by xfstests tests xfs/179 xfs/270 xfs/557 xfs/606, the patchset were tested to confirm they fix those tests. all are clean picks. thanks, MNAdam

1 year, 2 months

5
13
0 0

[PATCH net] Bluetooth: hci_event: fix possible multiple drops by marked conn->state after hci_disconnect()

by kovalev＠altlinux.org

From: Vasiliy Kovalev <kovalev(a)altlinux.org> When returning from the hci_disconnect() function, the conn->state continues to be set to BT_CONNECTED and hci_conn_drop() is executed, which decrements the conn->refcnt. Syzkaller has generated a reproducer that results in multiple calls to hci_encrypt_change_evt() of the same conn object. -- hci_encrypt_change_evt(){ // conn->state == BT_CONNECTED hci_disconnect(){ hci_abort_conn(); } hci_conn_drop(); // conn->state == BT_CONNECTED } -- This behavior can cause the conn->refcnt to go far into negative values and cause problems. To get around this, you need to change the conn->state, namely to BT_DISCONN, as it was before. Fixes: a13f316e90fd ("Bluetooth: hci_conn: Consolidate code for aborting connections") Cc: stable(a)vger.kernel.org Signed-off-by: Vasiliy Kovalev <kovalev(a)altlinux.org> --- net/bluetooth/hci_event.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index 64477e1bde7cec..e0477021183f9b 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -2989,6 +2989,7 @@ static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status) hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE); hci_conn_drop(conn); + conn->state = BT_DISCONN; unlock: hci_dev_unlock(hdev); @@ -3654,6 +3655,7 @@ static void hci_encrypt_change_evt(struct hci_dev *hdev, void *data, hci_encrypt_cfm(conn, ev->status); hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE); hci_conn_drop(conn); + conn->state = BT_DISCONN; goto unlock; } @@ -5248,6 +5250,7 @@ static void hci_key_refresh_complete_evt(struct hci_dev *hdev, void *data, if (ev->status && conn->state == BT_CONNECTED) { hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE); hci_conn_drop(conn); + conn->state = BT_DISCONN; goto unlock; } -- 2.33.8

1 year, 2 months

1
1
0 0

[PATCH v1 0/4] docs: stable-kernel-rules: fine-tuning and 'no semi-automatic backport'

by Thorsten Leemhuis

After a recent discussion regarding "do we need a 'nobackport' tag" I set out to create one change for stable-kernel-rules.rst. This is now the second patch in the series, which links to that discussion; the other stuff is fine-tuning that happened along the way. Ciao, Thorsten Thorsten Leemhuis (4): docs: stable-kernel-rules: reduce redundancy docs: stable-kernel-rules: mention "no semi-automatic backport" docs: stable-kernel-rules: call mainline by its name and change example docs: stable-kernel-rules: remove code-labels tags Documentation/process/stable-kernel-rules.rst | 50 +++++++------------ 1 file changed, 18 insertions(+), 32 deletions(-) base-commit: 3f86ed6ec0b390c033eae7f9c487a3fea268e027 -- 2.44.0

1 year, 2 months

3
21
0 0

[RESEND. PATCH v2] Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853

by WangYuli

Add the support ID(0x0bda, 0x4853) to usb_device_id table for Realtek RTL8852BE. Without this change the device utilizes an obsolete version of the firmware that is encoded in it rather than the updated Realtek firmware and config files from the firmware directory. The latter files implement many new features. The device table is as follows: T: Bus=03 Lev=01 Prnt=01 Port=09 Cnt=03 Dev#= 4 Spd=12 MxCh= 0 D: Ver= 1.00 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=0bda ProdID=4853 Rev= 0.00 S: Manufacturer=Realtek S: Product=Bluetooth Radio S: SerialNumber=00e04c000001 C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=500mA I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=1ms E: Ad=02(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms I: If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms I: If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms I: If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 25 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 25 Ivl=1ms I: If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 33 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 33 Ivl=1ms I: If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 49 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 49 Ivl=1ms Cc: stable(a)vger.kernel.org Signed-off-by: Larry Finger <Larry.Finger(a)lwfinger.net> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> --- drivers/bluetooth/btusb.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index c391e612b83b..3356af3a7f61 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c @@ -542,6 +542,8 @@ static const struct usb_device_id quirks_table[] = { /* Realtek 8852BE Bluetooth devices */ { USB_DEVICE(0x0cb8, 0xc559), .driver_info = BTUSB_REALTEK | BTUSB_WIDEBAND_SPEECH }, + { USB_DEVICE(0x0bda, 0x4853), .driver_info = BTUSB_REALTEK | + BTUSB_WIDEBAND_SPEECH }, { USB_DEVICE(0x0bda, 0x887b), .driver_info = BTUSB_REALTEK | BTUSB_WIDEBAND_SPEECH }, { USB_DEVICE(0x0bda, 0xb85b), .driver_info = BTUSB_REALTEK | -- 2.43.0

1 year, 2 months

2
1
0 0

[PATCH] sched: Add missing memory barrier in switch_mm_cid

by Mathieu Desnoyers

Many architectures' switch_mm() (e.g. arm64) do not have an smp_mb() which the core scheduler code has depended upon since commit: commit 223baf9d17f25 ("sched: Fix performance regression introduced by mm_cid") If switch_mm() doesn't call smp_mb(), sched_mm_cid_remote_clear() can unset the actively used cid when it fails to observe active task after it sets lazy_put. There *is* a memory barrier between storing to rq->curr and _return to userspace_ (as required by membarrier), but the rseq mm_cid has stricter requirements: the barrier needs to be issued between store to rq->curr and switch_mm_cid(), which happens earlier than: - spin_unlock(), - switch_to(). So it's fine when the architecture switch_mm happens to have that barrier already, but less so when the architecture only provides the full barrier in switch_to() or spin_unlock(). It is a bug in the rseq switch_mm_cid() implementation. All architectures that don't have memory barriers in switch_mm(), but rather have the full barrier either in finish_lock_switch() or switch_to() have them too late for the needs of switch_mm_cid(). Introduce a new smp_mb__after_switch_mm(), defined as smp_mb() in the generic barrier.h header, and use it in switch_mm_cid() for scheduler transitions where switch_mm() is expected to provide a memory barrier. Architectures can override smp_mb__after_switch_mm() if their switch_mm() implementation provides an implicit memory barrier. Override it with a no-op on x86 which implicitly provide this memory barrier by writing to CR3. Link: https://lore.kernel.org/lkml/20240305145335.2696125-1-yeoreum.yun@arm.com/ Reported-by: levi.yun <yeoreum.yun(a)arm.com> Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Fixes: 223baf9d17f2 ("sched: Fix performance regression introduced by mm_cid") Cc: <stable(a)vger.kernel.org> # 6.4.x Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Steven Rostedt <rostedt(a)goodmis.org> Cc: Vincent Guittot <vincent.guittot(a)linaro.org> Cc: Juri Lelli <juri.lelli(a)redhat.com> Cc: Dietmar Eggemann <dietmar.eggemann(a)arm.com> Cc: Ben Segall <bsegall(a)google.com> Cc: Mel Gorman <mgorman(a)suse.de> Cc: Daniel Bristot de Oliveira <bristot(a)redhat.com> Cc: Valentin Schneider <vschneid(a)redhat.com> Cc: levi.yun <yeoreum.yun(a)arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Will Deacon <will(a)kernel.org> Cc: Aaron Lu <aaron.lu(a)intel.com> --- arch/x86/include/asm/barrier.h | 3 +++ include/asm-generic/barrier.h | 8 ++++++++ kernel/sched/sched.h | 20 ++++++++++++++------ 3 files changed, 25 insertions(+), 6 deletions(-) diff --git a/arch/x86/include/asm/barrier.h b/arch/x86/include/asm/barrier.h index 35389b2af88e..0d5e54201eb2 100644 --- a/arch/x86/include/asm/barrier.h +++ b/arch/x86/include/asm/barrier.h @@ -79,6 +79,9 @@ do { \ #define __smp_mb__before_atomic() do { } while (0) #define __smp_mb__after_atomic() do { } while (0) +/* Writing to CR3 provides a full memory barrier in switch_mm(). */ +#define smp_mb__after_switch_mm() do { } while (0) + #include <asm-generic/barrier.h> /* diff --git a/include/asm-generic/barrier.h b/include/asm-generic/barrier.h index 961f4d88f9ef..5a6c94d7a598 100644 --- a/include/asm-generic/barrier.h +++ b/include/asm-generic/barrier.h @@ -296,5 +296,13 @@ do { \ #define io_stop_wc() do { } while (0) #endif +/* + * Architectures that guarantee an implicit smp_mb() in switch_mm() + * can override smp_mb__after_switch_mm. + */ +#ifndef smp_mb__after_switch_mm +#define smp_mb__after_switch_mm() smp_mb() +#endif + #endif /* !__ASSEMBLY__ */ #endif /* __ASM_GENERIC_BARRIER_H */ diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h index 2e5a95486a42..044d842c696c 100644 --- a/kernel/sched/sched.h +++ b/kernel/sched/sched.h @@ -79,6 +79,8 @@ # include <asm/paravirt_api_clock.h> #endif +#include <asm/barrier.h> + #include "cpupri.h" #include "cpudeadline.h" @@ -3481,13 +3483,19 @@ static inline void switch_mm_cid(struct rq *rq, * between rq->curr store and load of {prev,next}->mm->pcpu_cid[cpu]. * Provide it here. */ - if (!prev->mm) // from kernel + if (!prev->mm) { // from kernel smp_mb(); - /* - * user -> user transition guarantees a memory barrier through - * switch_mm() when current->mm changes. If current->mm is - * unchanged, no barrier is needed. - */ + } else { // from user + /* + * user -> user transition relies on an implicit + * memory barrier in switch_mm() when + * current->mm changes. If the architecture + * switch_mm() does not have an implicit memory + * barrier, it is emitted here. If current->mm + * is unchanged, no barrier is needed. + */ + smp_mb__after_switch_mm(); + } } if (prev->mm_cid_active) { mm_cid_snapshot_time(rq, prev->mm); -- 2.39.2

1 year, 2 months

4
6
0 0

[RESEND PATCH net v4 1/2] soc: fsl: qbman: Always disable interrupts when taking cgr_lock

by Sean Anderson

smp_call_function_single disables IRQs when executing the callback. To prevent deadlocks, we must disable IRQs when taking cgr_lock elsewhere. This is already done by qman_update_cgr and qman_delete_cgr; fix the other lockers. Fixes: 96f413f47677 ("soc/fsl/qbman: fix issue in qman_delete_cgr_safe()") CC: stable(a)vger.kernel.org Signed-off-by: Sean Anderson <sean.anderson(a)seco.com> Reviewed-by: Camelia Groza <camelia.groza(a)nxp.com> Tested-by: Vladimir Oltean <vladimir.oltean(a)nxp.com> --- I got no response the first time I sent this, so I am resending to net. This issue was introduced in a series which went through net, so I hope it makes sense to take it via net. [1] https://lore.kernel.org/linux-arm-kernel/20240108161904.2865093-1-sean.ande… (no changes since v3) Changes in v3: - Change blamed commit to something more appropriate Changes in v2: - Fix one additional call to spin_unlock drivers/soc/fsl/qbman/qman.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/soc/fsl/qbman/qman.c b/drivers/soc/fsl/qbman/qman.c index 739e4eee6b75..1bf1f1ea67f0 100644 --- a/drivers/soc/fsl/qbman/qman.c +++ b/drivers/soc/fsl/qbman/qman.c @@ -1456,11 +1456,11 @@ static void qm_congestion_task(struct work_struct *work) union qm_mc_result *mcr; struct qman_cgr *cgr; - spin_lock(&p->cgr_lock); + spin_lock_irq(&p->cgr_lock); qm_mc_start(&p->p); qm_mc_commit(&p->p, QM_MCC_VERB_QUERYCONGESTION); if (!qm_mc_result_timeout(&p->p, &mcr)) { - spin_unlock(&p->cgr_lock); + spin_unlock_irq(&p->cgr_lock); dev_crit(p->config->dev, "QUERYCONGESTION timeout\n"); qman_p_irqsource_add(p, QM_PIRQ_CSCI); return; @@ -1476,7 +1476,7 @@ static void qm_congestion_task(struct work_struct *work) list_for_each_entry(cgr, &p->cgr_cbs, node) if (cgr->cb && qman_cgrs_get(&c, cgr->cgrid)) cgr->cb(p, cgr, qman_cgrs_get(&rr, cgr->cgrid)); - spin_unlock(&p->cgr_lock); + spin_unlock_irq(&p->cgr_lock); qman_p_irqsource_add(p, QM_PIRQ_CSCI); } @@ -2440,7 +2440,7 @@ int qman_create_cgr(struct qman_cgr *cgr, u32 flags, preempt_enable(); cgr->chan = p->config->channel; - spin_lock(&p->cgr_lock); + spin_lock_irq(&p->cgr_lock); if (opts) { struct qm_mcc_initcgr local_opts = *opts; @@ -2477,7 +2477,7 @@ int qman_create_cgr(struct qman_cgr *cgr, u32 flags, qman_cgrs_get(&p->cgrs[1], cgr->cgrid)) cgr->cb(p, cgr, 1); out: - spin_unlock(&p->cgr_lock); + spin_unlock_irq(&p->cgr_lock); put_affine_portal(); return ret; } -- 2.35.1.1320.gc452695387.dirty [Embedded World 2024, SECO SpA]<https://www.messe-ticket.de/Nuernberg/embeddedworld2024/Register/ew24517689>

1 year, 2 months

4
5
0 0

Re: 6.8.5 does not boot (regression)

by Linux regression tracking (Thorsten Leemhuis)

On 11.04.24 09:20, Toralf Förster wrote: > It is a remote system, nothing in the logs, system is a hardened Gentoo > Linux, 6.8.4 was fine. > > Linux mr-fox 6.8.4 #4 SMP Thu Apr 4 22:10:47 UTC 2024 x86_64 AMD Ryzen > 9 5950X 16-Core Processor AuthenticAMD GNU/Linux > > Another Gentoo dev reported problems too. > > config is below. Thx for the report, but the harsh reality is: nearly no developer will see your initial report, as you just sent it to LKML, which nearly nobody ready. I CCed a few lists, which might help. But that is unlikely, as this could be cause by all sorts of changes. Which is why we likely need a bisection ( https://docs.kernel.org/admin-guide/verify-bugs-and-bisect-regressions.html ) from somebody affected to make some progress here. That being said: there are a few EFI changes in there that in a case like this are a suspect. I CCed the developer, maybe something rings a bell. Ciao, Thorsten

1 year, 2 months

3
2
0 0

[PATCH v2] slimbus: qcom-ngd-ctrl: Add timeout for wait operation

by Viken Dadhaniya

In current driver qcom_slim_ngd_up_worker() indefinitely waiting for ctrl->qmi_up completion object. This is resulting in workqueue lockup on Kthread. Added wait_for_completion_interruptible_timeout to allow the thread to wait for specific timeout period and bail out instead waiting infinitely. Fixes: a899d324863a ("slimbus: qcom-ngd-ctrl: add Sub System Restart support") Cc: stable(a)vger.kernel.org Reviewed-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> Signed-off-by: Viken Dadhaniya <quic_vdadhani(a)quicinc.com> --- v1 -> v2: - Remove macro and add value inline. - add fix, cc and review tag. --- --- drivers/slimbus/qcom-ngd-ctrl.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/slimbus/qcom-ngd-ctrl.c b/drivers/slimbus/qcom-ngd-ctrl.c index efeba8275a66..a09a26bf4988 100644 --- a/drivers/slimbus/qcom-ngd-ctrl.c +++ b/drivers/slimbus/qcom-ngd-ctrl.c @@ -1451,7 +1451,11 @@ static void qcom_slim_ngd_up_worker(struct work_struct *work) ctrl = container_of(work, struct qcom_slim_ngd_ctrl, ngd_up_work); /* Make sure qmi service is up before continuing */ - wait_for_completion_interruptible(&ctrl->qmi_up); + if (!wait_for_completion_interruptible_timeout(&ctrl->qmi_up, + msecs_to_jiffies(MSEC_PER_SEC))) { + dev_err(ctrl->dev, "QMI wait timeout\n"); + return; + } mutex_lock(&ctrl->ssr_lock); qcom_slim_ngd_enable(ctrl, true); -- QUALCOMM INDIA, on behalf of Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, hosted by The Linux Foundation

1 year, 2 months

2
1
0 0

Backported patch for linux-5.4

by Jürgen Groß

Hi, there has been a report of a failure in a 5.4 based kernel, which has been fixed in kernel 5.10 with commit abee7c494d8c41bb388839bccc47e06247f0d7de. Please apply the attached backported patch to the stable 5.4 kernel. Juergen

1 year, 2 months

2
1
0 0

[PATCH 4.19.y v3 0/2] Fix stable-4.19 use-after-free bug

by George Guo

1. About v3-0001-tracing-Remove-unnecessary-hist_data-destroy-in-d.patch: The reason I write the changelog by myself is that no one found the bug at that time, then later the code was removed on upstream, but 4.19-stable has the bug. 2. About v3-0002-tracing-Remove-unnecessary-var-destroy-in-onmax_d.patch I also write the changelog by myself is that the upstream api is changed. refs commits: 466f4528fbc6 ("tracing: Generalize hist trigger onmax and save action") ff9d31d0d466 ("tracing: Remove unnecessary var_ref destroy in track_data_destroy()") George Guo (2): tracing: Remove unnecessary hist_data destroy in destroy_synth_var_refs() tracing: Remove unnecessary var destroy in onmax_destroy() kernel/trace/trace_events_hist.c | 27 ++------------------------- 1 file changed, 2 insertions(+), 25 deletions(-) -- 2.34.1

1 year, 2 months

2
3
0 0

FAILED: patch "[PATCH] drm/i915/gt: Reset queue_priority_hint on parking" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 4a3859ea5240365d21f6053ee219bb240d520895 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024033046-mobility-coherence-2055@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4a3859ea5240365d21f6053ee219bb240d520895 Mon Sep 17 00:00:00 2001 From: Chris Wilson <chris(a)chris-wilson.co.uk> Date: Mon, 18 Mar 2024 14:58:47 +0100 Subject: [PATCH] drm/i915/gt: Reset queue_priority_hint on parking Originally, with strict in order execution, we could complete execution only when the queue was empty. Preempt-to-busy allows replacement of an active request that may complete before the preemption is processed by HW. If that happens, the request is retired from the queue, but the queue_priority_hint remains set, preventing direct submission until after the next CS interrupt is processed. This preempt-to-busy race can be triggered by the heartbeat, which will also act as the power-management barrier and upon completion allow us to idle the HW. We may process the completion of the heartbeat, and begin parking the engine before the CS event that restores the queue_priority_hint, causing us to fail the assertion that it is MIN. <3>[ 166.210729] __engine_park:283 GEM_BUG_ON(engine->sched_engine->queue_priority_hint != (-((int)(~0U >> 1)) - 1)) <0>[ 166.210781] Dumping ftrace buffer: <0>[ 166.210795] --------------------------------- ... <0>[ 167.302811] drm_fdin-1097 2..s1. 165741070us : trace_ports: 0000:00:02.0 rcs0: promote { ccid:20 1217:2 prio 0 } <0>[ 167.302861] drm_fdin-1097 2d.s2. 165741072us : execlists_submission_tasklet: 0000:00:02.0 rcs0: preempting last=1217:2, prio=0, hint=2147483646 <0>[ 167.302928] drm_fdin-1097 2d.s2. 165741072us : __i915_request_unsubmit: 0000:00:02.0 rcs0: fence 1217:2, current 0 <0>[ 167.302992] drm_fdin-1097 2d.s2. 165741073us : __i915_request_submit: 0000:00:02.0 rcs0: fence 3:4660, current 4659 <0>[ 167.303044] drm_fdin-1097 2d.s1. 165741076us : execlists_submission_tasklet: 0000:00:02.0 rcs0: context:3 schedule-in, ccid:40 <0>[ 167.303095] drm_fdin-1097 2d.s1. 165741077us : trace_ports: 0000:00:02.0 rcs0: submit { ccid:40 3:4660* prio 2147483646 } <0>[ 167.303159] kworker/-89 11..... 165741139us : i915_request_retire.part.0: 0000:00:02.0 rcs0: fence c90:2, current 2 <0>[ 167.303208] kworker/-89 11..... 165741148us : __intel_context_do_unpin: 0000:00:02.0 rcs0: context:c90 unpin <0>[ 167.303272] kworker/-89 11..... 165741159us : i915_request_retire.part.0: 0000:00:02.0 rcs0: fence 1217:2, current 2 <0>[ 167.303321] kworker/-89 11..... 165741166us : __intel_context_do_unpin: 0000:00:02.0 rcs0: context:1217 unpin <0>[ 167.303384] kworker/-89 11..... 165741170us : i915_request_retire.part.0: 0000:00:02.0 rcs0: fence 3:4660, current 4660 <0>[ 167.303434] kworker/-89 11d..1. 165741172us : __intel_context_retire: 0000:00:02.0 rcs0: context:1216 retire runtime: { total:56028ns, avg:56028ns } <0>[ 167.303484] kworker/-89 11..... 165741198us : __engine_park: 0000:00:02.0 rcs0: parked <0>[ 167.303534] <idle>-0 5d.H3. 165741207us : execlists_irq_handler: 0000:00:02.0 rcs0: semaphore yield: 00000040 <0>[ 167.303583] kworker/-89 11..... 165741397us : __intel_context_retire: 0000:00:02.0 rcs0: context:1217 retire runtime: { total:325575ns, avg:0ns } <0>[ 167.303756] kworker/-89 11..... 165741777us : __intel_context_retire: 0000:00:02.0 rcs0: context:c90 retire runtime: { total:0ns, avg:0ns } <0>[ 167.303806] kworker/-89 11..... 165742017us : __engine_park: __engine_park:283 GEM_BUG_ON(engine->sched_engine->queue_priority_hint != (-((int)(~0U >> 1)) - 1)) <0>[ 167.303811] --------------------------------- <4>[ 167.304722] ------------[ cut here ]------------ <2>[ 167.304725] kernel BUG at drivers/gpu/drm/i915/gt/intel_engine_pm.c:283! <4>[ 167.304731] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI <4>[ 167.304734] CPU: 11 PID: 89 Comm: kworker/11:1 Tainted: G W 6.8.0-rc2-CI_DRM_14193-gc655e0fd2804+ #1 <4>[ 167.304736] Hardware name: Intel Corporation Rocket Lake Client Platform/RocketLake S UDIMM 6L RVP, BIOS RKLSFWI1.R00.3173.A03.2204210138 04/21/2022 <4>[ 167.304738] Workqueue: i915-unordered retire_work_handler [i915] <4>[ 167.304839] RIP: 0010:__engine_park+0x3fd/0x680 [i915] <4>[ 167.304937] Code: 00 48 c7 c2 b0 e5 86 a0 48 8d 3d 00 00 00 00 e8 79 48 d4 e0 bf 01 00 00 00 e8 ef 0a d4 e0 31 f6 bf 09 00 00 00 e8 03 49 c0 e0 <0f> 0b 0f 0b be 01 00 00 00 e8 f5 61 fd ff 31 c0 e9 34 fd ff ff 48 <4>[ 167.304940] RSP: 0018:ffffc9000059fce0 EFLAGS: 00010246 <4>[ 167.304942] RAX: 0000000000000200 RBX: 0000000000000000 RCX: 0000000000000006 <4>[ 167.304944] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 <4>[ 167.304946] RBP: ffff8881330ca1b0 R08: 0000000000000001 R09: 0000000000000001 <4>[ 167.304947] R10: 0000000000000001 R11: 0000000000000001 R12: ffff8881330ca000 <4>[ 167.304948] R13: ffff888110f02aa0 R14: ffff88812d1d0205 R15: ffff88811277d4f0 <4>[ 167.304950] FS: 0000000000000000(0000) GS:ffff88844f780000(0000) knlGS:0000000000000000 <4>[ 167.304952] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 <4>[ 167.304953] CR2: 00007fc362200c40 CR3: 000000013306e003 CR4: 0000000000770ef0 <4>[ 167.304955] PKRU: 55555554 <4>[ 167.304957] Call Trace: <4>[ 167.304958] <TASK> <4>[ 167.305573] ____intel_wakeref_put_last+0x1d/0x80 [i915] <4>[ 167.305685] i915_request_retire.part.0+0x34f/0x600 [i915] <4>[ 167.305800] retire_requests+0x51/0x80 [i915] <4>[ 167.305892] intel_gt_retire_requests_timeout+0x27f/0x700 [i915] <4>[ 167.305985] process_scheduled_works+0x2db/0x530 <4>[ 167.305990] worker_thread+0x18c/0x350 <4>[ 167.305993] kthread+0xfe/0x130 <4>[ 167.305997] ret_from_fork+0x2c/0x50 <4>[ 167.306001] ret_from_fork_asm+0x1b/0x30 <4>[ 167.306004] </TASK> It is necessary for the queue_priority_hint to be lower than the next request submission upon waking up, as we rely on the hint to decide when to kick the tasklet to submit that first request. Fixes: 22b7a426bbe1 ("drm/i915/execlists: Preempt-to-busy") Closes: https://gitlab.freedesktop.org/drm/intel/issues/10154 Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Signed-off-by: Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> Cc: Mika Kuoppala <mika.kuoppala(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # v5.4+ Reviewed-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Reviewed-by: Andi Shyti <andi.shyti(a)linux.intel.com> Signed-off-by: Andi Shyti <andi.shyti(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240318135906.716055-2-janus… (cherry picked from commit 98850e96cf811dc2d0a7d0af491caff9f5d49c1e) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/gt/intel_engine_pm.c b/drivers/gpu/drm/i915/gt/intel_engine_pm.c index 96bdb93a948d..fb7bff27b45a 100644 --- a/drivers/gpu/drm/i915/gt/intel_engine_pm.c +++ b/drivers/gpu/drm/i915/gt/intel_engine_pm.c @@ -279,9 +279,6 @@ static int __engine_park(struct intel_wakeref *wf) intel_engine_park_heartbeat(engine); intel_breadcrumbs_park(engine->breadcrumbs); - /* Must be reset upon idling, or we may miss the busy wakeup. */ - GEM_BUG_ON(engine->sched_engine->queue_priority_hint != INT_MIN); - if (engine->park) engine->park(engine); diff --git a/drivers/gpu/drm/i915/gt/intel_execlists_submission.c b/drivers/gpu/drm/i915/gt/intel_execlists_submission.c index 42aade0faf2d..b061a0a0d6b0 100644 --- a/drivers/gpu/drm/i915/gt/intel_execlists_submission.c +++ b/drivers/gpu/drm/i915/gt/intel_execlists_submission.c @@ -3272,6 +3272,9 @@ static void execlists_park(struct intel_engine_cs *engine) { cancel_timer(&engine->execlists.timer); cancel_timer(&engine->execlists.preempt); + + /* Reset upon idling, or we may delay the busy wakeup. */ + WRITE_ONCE(engine->sched_engine->queue_priority_hint, INT_MIN); } static void add_to_engine(struct i915_request *rq)

1 year, 2 months

3
2
0 0

FAILED: patch "[PATCH] x86/mm/pat: fix VM_PAT handling in COW mappings" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 04c35ab3bdae7fefbd7c7a7355f29fa03a035221 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040851-hamster-canary-7b07@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 04c35ab3bdae ("x86/mm/pat: fix VM_PAT handling in COW mappings") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 04c35ab3bdae7fefbd7c7a7355f29fa03a035221 Mon Sep 17 00:00:00 2001 From: David Hildenbrand <david(a)redhat.com> Date: Wed, 3 Apr 2024 23:21:30 +0200 Subject: [PATCH] x86/mm/pat: fix VM_PAT handling in COW mappings PAT handling won't do the right thing in COW mappings: the first PTE (or, in fact, all PTEs) can be replaced during write faults to point at anon folios. Reliably recovering the correct PFN and cachemode using follow_phys() from PTEs will not work in COW mappings. Using follow_phys(), we might just get the address+protection of the anon folio (which is very wrong), or fail on swap/nonswap entries, failing follow_phys() and triggering a WARN_ON_ONCE() in untrack_pfn() and track_pfn_copy(), not properly calling free_pfn_range(). In free_pfn_range(), we either wouldn't call memtype_free() or would call it with the wrong range, possibly leaking memory. To fix that, let's update follow_phys() to refuse returning anon folios, and fallback to using the stored PFN inside vma->vm_pgoff for COW mappings if we run into that. We will now properly handle untrack_pfn() with COW mappings, where we don't need the cachemode. We'll have to fail fork()->track_pfn_copy() if the first page was replaced by an anon folio, though: we'd have to store the cachemode in the VMA to make this work, likely growing the VMA size. For now, lets keep it simple and let track_pfn_copy() just fail in that case: it would have failed in the past with swap/nonswap entries already, and it would have done the wrong thing with anon folios. Simple reproducer to trigger the WARN_ON_ONCE() in untrack_pfn(): <--- C reproducer ---> #include <stdio.h> #include <sys/mman.h> #include <unistd.h> #include <liburing.h> int main(void) { struct io_uring_params p = {}; int ring_fd; size_t size; char *map; ring_fd = io_uring_setup(1, &p); if (ring_fd < 0) { perror("io_uring_setup"); return 1; } size = p.sq_off.array + p.sq_entries * sizeof(unsigned); /* Map the submission queue ring MAP_PRIVATE */ map = mmap(0, size, PROT_READ | PROT_WRITE, MAP_PRIVATE, ring_fd, IORING_OFF_SQ_RING); if (map == MAP_FAILED) { perror("mmap"); return 1; } /* We have at least one page. Let's COW it. */ *map = 0; pause(); return 0; } <--- C reproducer ---> On a system with 16 GiB RAM and swap configured: # ./iouring & # memhog 16G # killall iouring [ 301.552930] ------------[ cut here ]------------ [ 301.553285] WARNING: CPU: 7 PID: 1402 at arch/x86/mm/pat/memtype.c:1060 untrack_pfn+0xf4/0x100 [ 301.553989] Modules linked in: binfmt_misc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_g [ 301.558232] CPU: 7 PID: 1402 Comm: iouring Not tainted 6.7.5-100.fc38.x86_64 #1 [ 301.558772] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebu4 [ 301.559569] RIP: 0010:untrack_pfn+0xf4/0x100 [ 301.559893] Code: 75 c4 eb cf 48 8b 43 10 8b a8 e8 00 00 00 3b 6b 28 74 b8 48 8b 7b 30 e8 ea 1a f7 000 [ 301.561189] RSP: 0018:ffffba2c0377fab8 EFLAGS: 00010282 [ 301.561590] RAX: 00000000ffffffea RBX: ffff9208c8ce9cc0 RCX: 000000010455e047 [ 301.562105] RDX: 07fffffff0eb1e0a RSI: 0000000000000000 RDI: ffff9208c391d200 [ 301.562628] RBP: 0000000000000000 R08: ffffba2c0377fab8 R09: 0000000000000000 [ 301.563145] R10: ffff9208d2292d50 R11: 0000000000000002 R12: 00007fea890e0000 [ 301.563669] R13: 0000000000000000 R14: ffffba2c0377fc08 R15: 0000000000000000 [ 301.564186] FS: 0000000000000000(0000) GS:ffff920c2fbc0000(0000) knlGS:0000000000000000 [ 301.564773] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 301.565197] CR2: 00007fea88ee8a20 CR3: 00000001033a8000 CR4: 0000000000750ef0 [ 301.565725] PKRU: 55555554 [ 301.565944] Call Trace: [ 301.566148] <TASK> [ 301.566325] ? untrack_pfn+0xf4/0x100 [ 301.566618] ? __warn+0x81/0x130 [ 301.566876] ? untrack_pfn+0xf4/0x100 [ 301.567163] ? report_bug+0x171/0x1a0 [ 301.567466] ? handle_bug+0x3c/0x80 [ 301.567743] ? exc_invalid_op+0x17/0x70 [ 301.568038] ? asm_exc_invalid_op+0x1a/0x20 [ 301.568363] ? untrack_pfn+0xf4/0x100 [ 301.568660] ? untrack_pfn+0x65/0x100 [ 301.568947] unmap_single_vma+0xa6/0xe0 [ 301.569247] unmap_vmas+0xb5/0x190 [ 301.569532] exit_mmap+0xec/0x340 [ 301.569801] __mmput+0x3e/0x130 [ 301.570051] do_exit+0x305/0xaf0 ... Link: https://lkml.kernel.org/r/20240403212131.929421-3-david@redhat.com Signed-off-by: David Hildenbrand <david(a)redhat.com> Reported-by: Wupeng Ma <mawupeng1(a)huawei.com> Closes: https://lkml.kernel.org/r/20240227122814.3781907-1-mawupeng1@huawei.com Fixes: b1a86e15dc03 ("x86, pat: remove the dependency on 'vm_pgoff' in track/untrack pfn vma routines") Fixes: 5899329b1910 ("x86: PAT: implement track/untrack of pfnmap regions for x86 - v3") Acked-by: Ingo Molnar <mingo(a)kernel.org> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Borislav Petkov <bp(a)alien8.de> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/arch/x86/mm/pat/memtype.c b/arch/x86/mm/pat/memtype.c index 0d72183b5dd0..36b603d0cdde 100644 --- a/arch/x86/mm/pat/memtype.c +++ b/arch/x86/mm/pat/memtype.c @@ -947,6 +947,38 @@ static void free_pfn_range(u64 paddr, unsigned long size) memtype_free(paddr, paddr + size); } +static int get_pat_info(struct vm_area_struct *vma, resource_size_t *paddr, + pgprot_t *pgprot) +{ + unsigned long prot; + + VM_WARN_ON_ONCE(!(vma->vm_flags & VM_PAT)); + + /* + * We need the starting PFN and cachemode used for track_pfn_remap() + * that covered the whole VMA. For most mappings, we can obtain that + * information from the page tables. For COW mappings, we might now + * suddenly have anon folios mapped and follow_phys() will fail. + * + * Fallback to using vma->vm_pgoff, see remap_pfn_range_notrack(), to + * detect the PFN. If we need the cachemode as well, we're out of luck + * for now and have to fail fork(). + */ + if (!follow_phys(vma, vma->vm_start, 0, &prot, paddr)) { + if (pgprot) + *pgprot = __pgprot(prot); + return 0; + } + if (is_cow_mapping(vma->vm_flags)) { + if (pgprot) + return -EINVAL; + *paddr = (resource_size_t)vma->vm_pgoff << PAGE_SHIFT; + return 0; + } + WARN_ON_ONCE(1); + return -EINVAL; +} + /* * track_pfn_copy is called when vma that is covering the pfnmap gets * copied through copy_page_range(). @@ -957,20 +989,13 @@ static void free_pfn_range(u64 paddr, unsigned long size) int track_pfn_copy(struct vm_area_struct *vma) { resource_size_t paddr; - unsigned long prot; unsigned long vma_size = vma->vm_end - vma->vm_start; pgprot_t pgprot; if (vma->vm_flags & VM_PAT) { - /* - * reserve the whole chunk covered by vma. We need the - * starting address and protection from pte. - */ - if (follow_phys(vma, vma->vm_start, 0, &prot, &paddr)) { - WARN_ON_ONCE(1); + if (get_pat_info(vma, &paddr, &pgprot)) return -EINVAL; - } - pgprot = __pgprot(prot); + /* reserve the whole chunk covered by vma. */ return reserve_pfn_range(paddr, vma_size, &pgprot, 1); } @@ -1045,7 +1070,6 @@ void untrack_pfn(struct vm_area_struct *vma, unsigned long pfn, unsigned long size, bool mm_wr_locked) { resource_size_t paddr; - unsigned long prot; if (vma && !(vma->vm_flags & VM_PAT)) return; @@ -1053,11 +1077,8 @@ void untrack_pfn(struct vm_area_struct *vma, unsigned long pfn, /* free the chunk starting from pfn or the whole chunk */ paddr = (resource_size_t)pfn << PAGE_SHIFT; if (!paddr && !size) { - if (follow_phys(vma, vma->vm_start, 0, &prot, &paddr)) { - WARN_ON_ONCE(1); + if (get_pat_info(vma, &paddr, NULL)) return; - } - size = vma->vm_end - vma->vm_start; } free_pfn_range(paddr, size); diff --git a/mm/memory.c b/mm/memory.c index 904f70b99498..d2155ced45f8 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -5973,6 +5973,10 @@ int follow_phys(struct vm_area_struct *vma, goto out; pte = ptep_get(ptep); + /* Never return PFNs of anon folios in COW mappings. */ + if (vm_normal_folio(vma, address, pte)) + goto unlock; + if ((flags & FOLL_WRITE) && !pte_write(pte)) goto unlock;

1 year, 2 months

3
3
0 0

FAILED: Patch "virtio: reenable config if freezing device failed" failed to apply to 6.1-stable tree

by Sasha Levin

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. Thanks, Sasha ------------------ original commit in Linus's tree ------------------ From 310227f42882c52356b523e2f4e11690eebcd2ab Mon Sep 17 00:00:00 2001 From: David Hildenbrand <david(a)redhat.com> Date: Tue, 13 Feb 2024 14:54:25 +0100 Subject: [PATCH] virtio: reenable config if freezing device failed Currently, we don't reenable the config if freezing the device failed. For example, virtio-mem currently doesn't support suspend+resume, and trying to freeze the device will always fail. Afterwards, the device will no longer respond to resize requests, because it won't get notified about config changes. Let's fix this by re-enabling the config if freezing fails. Fixes: 22b7050a024d ("virtio: defer config changed notifications") Cc: <stable(a)kernel.org> Cc: "Michael S. Tsirkin" <mst(a)redhat.com> Cc: Jason Wang <jasowang(a)redhat.com> Cc: Xuan Zhuo <xuanzhuo(a)linux.alibaba.com> Signed-off-by: David Hildenbrand <david(a)redhat.com> Message-Id: <20240213135425.795001-1-david(a)redhat.com> Signed-off-by: Michael S. Tsirkin <mst(a)redhat.com> --- drivers/virtio/virtio.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/virtio/virtio.c b/drivers/virtio/virtio.c index f4080692b3513..f513ee21b1c18 100644 --- a/drivers/virtio/virtio.c +++ b/drivers/virtio/virtio.c @@ -510,8 +510,10 @@ int virtio_device_freeze(struct virtio_device *dev) if (drv && drv->freeze) { ret = drv->freeze(dev); - if (ret) + if (ret) { + virtio_config_enable(dev); return ret; + } } if (dev->config->destroy_avq) -- 2.43.0

1 year, 2 months

3
2
0 0

[PATCH 4.19.y] drm/vkms: call drm_atomic_helper_shutdown before drm_dev_put()

by Guo Mengqi

commit 73a82b22963d ("drm/atomic: Fix potential use-after-free in nonblocking commits") introduced drm_dev_get/put() to drm_atomic_helper_shutdown(). And this cause problem in vkms driver exit process. vkms_exit() drm_dev_put() vkms_release() drm_atomic_helper_shutdown() drm_dev_get() drm_dev_put() vkms_release() ------ null pointer access Using 4.19 stable x86 image on qemu, below stacktrace can be triggered by load and unload vkms.ko. root:~ # insmod vkms.ko [ 142.135449] [drm] Supports vblank timestamp caching Rev 2 (21.10.2013). [ 142.138713] [drm] Driver supports precise vblank timestamp query. [ 142.142390] [drm] Initialized vkms 1.0.0 20180514 for virtual device on minor 0 root:~ # rmmod vkms.ko [ 144.093710] BUG: unable to handle kernel NULL pointer dereference at 00000000000000a0 [ 144.097491] PGD 800000023624e067 P4D 800000023624e067 PUD 22ab59067 PMD 0 [ 144.100802] Oops: 0000 [#1] SMP PTI [ 144.102502] CPU: 0 PID: 3615 Comm: rmmod Not tainted 4.19.310 #1 [ 144.104452] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 [ 144.107238] RIP: 0010:device_del+0x34/0x3a0 ... [ 144.131323] Call Trace: [ 144.131962] ? __die+0x7d/0xc0 [ 144.132711] ? no_context+0x152/0x3b0 [ 144.133605] ? wake_up_q+0x70/0x70 [ 144.134436] ? __do_page_fault+0x342/0x4b0 [ 144.135445] ? __switch_to_asm+0x41/0x70 [ 144.136416] ? __switch_to_asm+0x35/0x70 [ 144.137366] ? page_fault+0x1e/0x30 [ 144.138214] ? __drm_atomic_state_free+0x51/0x60 [ 144.139331] ? device_del+0x34/0x3a0 [ 144.140197] platform_device_del.part.14+0x19/0x70 [ 144.141348] platform_device_unregister+0xe/0x20 [ 144.142458] vkms_release+0x10/0x30 [vkms] [ 144.143449] __drm_atomic_helper_disable_all.constprop.31+0x13b/0x150 [ 144.144980] drm_atomic_helper_shutdown+0x4b/0x90 [ 144.146102] vkms_release+0x18/0x30 [vkms] [ 144.147107] vkms_exit+0x29/0x8ec [vkms] [ 144.148053] __x64_sys_delete_module+0x155/0x220 [ 144.149168] do_syscall_64+0x43/0x100 [ 144.150056] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 It seems that the proper unload sequence is: drm_atomic_helper_shutdown(); drm_dev_put(); Just put drm_atomic_helper_shutdown() before drm_dev_put() should solve the problem. Note that vkms exit code is refactored by 53d77aaa3f76 ("drm/vkms: Use devm_drm_dev_alloc") in tags/v5.10-rc1. So this bug only exists on 4.19 and 5.4. Fixes: 73a82b22963d ("drm/atomic: Fix potential use-after-free in nonblocking commits") Signed-off-by: Guo Mengqi <guomengqi3(a)huawei.com> --- drivers/gpu/drm/vkms/vkms_drv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/vkms/vkms_drv.c b/drivers/gpu/drm/vkms/vkms_drv.c index b1201c18d3eb..d32e08f17427 100644 --- a/drivers/gpu/drm/vkms/vkms_drv.c +++ b/drivers/gpu/drm/vkms/vkms_drv.c @@ -39,7 +39,6 @@ static void vkms_release(struct drm_device *dev) struct vkms_device *vkms = container_of(dev, struct vkms_device, drm); platform_device_unregister(vkms->platform); - drm_atomic_helper_shutdown(&vkms->drm); drm_mode_config_cleanup(&vkms->drm); drm_dev_fini(&vkms->drm); } @@ -137,6 +136,7 @@ static void __exit vkms_exit(void) } drm_dev_unregister(&vkms_device->drm); + drm_atomic_helper_shutdown(&vkms_device->drm); drm_dev_put(&vkms_device->drm); kfree(vkms_device); -- 2.17.1

1 year, 2 months

3
3
0 0

Re: Broken Domain Validation in 6.1.84+

by Martin K. Petersen

Dave, >> Could you please try the patch below on top of v6.1.80? > Works okay on top of v6.1.80: > > [ 30.952668] scsi 6:0:0:0: Direct-Access HP 73.4G ST373207LW HPC1 PQ: 0 ANSI: 3 > [ 31.072592] scsi target6:0:0: Beginning Domain Validation > [ 31.139334] scsi 6:0:0:0: Power-on or device reset occurred > [ 31.186227] scsi target6:0:0: Ending Domain Validation > [ 31.240482] scsi target6:0:0: FAST-160 WIDE SCSI 320.0 MB/s DT IU QAS RTI WRFLOW PCOMP (6.25 ns, offset 63) > [ 31.462587] ata5: SATA link down (SStatus 0 SControl 0) > [ 31.618798] scsi 6:0:2:0: Direct-Access HP 73.4G ST373207LW HPC1 PQ: 0 ANSI: 3 > [ 31.732588] scsi target6:0:2: Beginning Domain Validation > [ 31.799201] scsi 6:0:2:0: Power-on or device reset occurred > [ 31.846724] scsi target6:0:2: Ending Domain Validation > [ 31.900822] scsi target6:0:2: FAST-160 WIDE SCSI 320.0 MB/s DT IU QAS RTI WRFLOW PCOMP (6.25 ns, offset 63) Great, thanks for testing! Greg, please revert the following commits from linux-6.1.y: b73dd5f99972 ("scsi: sd: usb_storage: uas: Access media prior to querying device properties") cf33e6ca12d8 ("scsi: core: Add struct for args to execution functions") and include the patch below instead. Thank you! -- Martin K. Petersen Oracle Linux Engineering From 87441914d491c01b73b949663c101056a9d9b8c7 Mon Sep 17 00:00:00 2001 From: "Martin K. Petersen" <martin.petersen(a)oracle.com> Date: Tue, 13 Feb 2024 09:33:06 -0500 Subject: [PATCH] scsi: sd: usb_storage: uas: Access media prior to querying device properties [ Upstream commit 321da3dc1f3c92a12e3c5da934090d2992a8814c ] It has been observed that some USB/UAS devices return generic properties hardcoded in firmware for mode pages for a period of time after a device has been discovered. The reported properties are either garbage or they do not accurately reflect the characteristics of the physical storage device attached in the case of a bridge. Prior to commit 1e029397d12f ("scsi: sd: Reorganize DIF/DIX code to avoid calling revalidate twice") we would call revalidate several times during device discovery. As a result, incorrect values would eventually get replaced with ones accurately describing the attached storage. When we did away with the redundant revalidate pass, several cases were reported where devices reported nonsensical values or would end up in write-protected state. An initial attempt at addressing this issue involved introducing a delayed second revalidate invocation. However, this approach still left some devices reporting incorrect characteristics. Tasos Sahanidis debugged the problem further and identified that introducing a READ operation prior to MODE SENSE fixed the problem and that it wasn't a timing issue. Issuing a READ appears to cause the devices to update their state to reflect the actual properties of the storage media. Device properties like vendor, model, and storage capacity appear to be correctly reported from the get-go. It is unclear why these devices defer populating the remaining characteristics. Match the behavior of a well known commercial operating system and trigger a READ operation prior to querying device characteristics to force the device to populate the mode pages. The additional READ is triggered by a flag set in the USB storage and UAS drivers. We avoid issuing the READ for other transport classes since some storage devices identify Linux through our particular discovery command sequence. Link: https://lore.kernel.org/r/20240213143306.2194237-1-martin.petersen@oracle.c… Fixes: 1e029397d12f ("scsi: sd: Reorganize DIF/DIX code to avoid calling revalidate twice") Cc: stable(a)vger.kernel.org Reported-by: Tasos Sahanidis <tasos(a)tasossah.com> Reviewed-by: Ewan D. Milne <emilne(a)redhat.com> Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> Tested-by: Tasos Sahanidis <tasos(a)tasossah.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c index 31b5273f43a7..349b1455a2c6 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c @@ -3284,6 +3284,24 @@ static bool sd_validate_opt_xfer_size(struct scsi_disk *sdkp, return true; } +static void sd_read_block_zero(struct scsi_disk *sdkp) +{ + unsigned int buf_len = sdkp->device->sector_size; + char *buffer, cmd[10] = { }; + + buffer = kmalloc(buf_len, GFP_KERNEL); + if (!buffer) + return; + + cmd[0] = READ_10; + put_unaligned_be32(0, &cmd[2]); /* Logical block address 0 */ + put_unaligned_be16(1, &cmd[7]); /* Transfer 1 logical block */ + + scsi_execute_req(sdkp->device, cmd, DMA_FROM_DEVICE, buffer, buf_len, + NULL, SD_TIMEOUT, sdkp->max_retries, NULL); + kfree(buffer); +} + /** * sd_revalidate_disk - called the first time a new disk is seen, * performs disk spin up, read_capacity, etc. @@ -3323,7 +3341,13 @@ static int sd_revalidate_disk(struct gendisk *disk) */ if (sdkp->media_present) { sd_read_capacity(sdkp, buffer); - + /* + * Some USB/UAS devices return generic values for mode pages + * until the media has been accessed. Trigger a READ operation + * to force the device to populate mode pages. + */ + if (sdp->read_before_ms) + sd_read_block_zero(sdkp); /* * set the default to rotational. All non-rotational devices * support the block characteristics VPD page, which will diff --git a/drivers/usb/storage/scsiglue.c b/drivers/usb/storage/scsiglue.c index c54e9805da53..12cf9940e5b6 100644 --- a/drivers/usb/storage/scsiglue.c +++ b/drivers/usb/storage/scsiglue.c @@ -179,6 +179,13 @@ static int slave_configure(struct scsi_device *sdev) */ sdev->use_192_bytes_for_3f = 1; + /* + * Some devices report generic values until the media has been + * accessed. Force a READ(10) prior to querying device + * characteristics. + */ + sdev->read_before_ms = 1; + /* * Some devices don't like MODE SENSE with page=0x3f, * which is the command used for checking if a device diff --git a/drivers/usb/storage/uas.c b/drivers/usb/storage/uas.c index de3836412bf3..ed22053b3252 100644 --- a/drivers/usb/storage/uas.c +++ b/drivers/usb/storage/uas.c @@ -878,6 +878,13 @@ static int uas_slave_configure(struct scsi_device *sdev) if (devinfo->flags & US_FL_CAPACITY_HEURISTICS) sdev->guess_capacity = 1; + /* + * Some devices report generic values until the media has been + * accessed. Force a READ(10) prior to querying device + * characteristics. + */ + sdev->read_before_ms = 1; + /* * Some devices don't like MODE SENSE with page=0x3f, * which is the command used for checking if a device diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h index d2751ed536df..1504d3137cc6 100644 --- a/include/scsi/scsi_device.h +++ b/include/scsi/scsi_device.h @@ -204,6 +204,7 @@ struct scsi_device { unsigned use_10_for_rw:1; /* first try 10-byte read / write */ unsigned use_10_for_ms:1; /* first try 10-byte mode sense/select */ unsigned set_dbd_for_ms:1; /* Set "DBD" field in mode sense */ + unsigned read_before_ms:1; /* perform a READ before MODE SENSE */ unsigned no_report_opcodes:1; /* no REPORT SUPPORTED OPERATION CODES */ unsigned no_write_same:1; /* no WRITE SAME command */ unsigned use_16_for_rw:1; /* Use read/write(16) over read/write(10) */

1 year, 2 months

3
2
0 0

v5.15+ backport request

by Ard Biesheuvel

please backport e7d24c0aa8e678f41 gcc-plugins/stackleak: Avoid .head.text section to stable kernels v5.15 and newer. This addresses the regression reported here: https://lkml.kernel.org/r/dc118105-b97c-4e51-9a42-a918fa875967%40hardfalcon… On v5.15, there is a dependency that needs to be backported first: ae978009fc013e3166c9f523f8b17e41a3c0286e gcc-plugins/stackleak: Ignore .noinstr.text and .entry.text The particular issue that this patch fixes does not exist [yet] in v6.1 and v5.15, but I am working on backports that would introduce it. But even without those backports, this change is important as it prevents input sections from being instrumented by stackleak that may not tolerate this for other reasons too. Thanks, Ard.

1 year, 2 months

2
1
0 0

Hibernate stuck after recent kernel/workqueue.c changes in Stable 6.6.23

by Linux regression tracking (Thorsten Leemhuis)

Hi stable team, there is a report that the recent backport of 5797b1c18919cd ("workqueue: Implement system-wide nr_active enforcement for unbound workqueues") [from Tejun] to 6.6.y (as 5a70baec2294) broke hibernate for a user. 6.6.24-rc1 did not fix this problem; reverting the culprit does. > With kernel 6.6.23 hibernating usually hangs here: the display stays > on but the mouse pointer does not move and the keyboard does not work. > But SysRq REISUB does reboot. Sometimes it seems to hibernate: the > computer powers down and can be waked up and the previous display comes > visible, but it is stuck there. See https://bugzilla.kernel.org/show_bug.cgi?id=218658 for details. Note, you have to use bugzilla to reach the reporter, as I sadly[1] can not CCed them in mails like this. Side note: there is a mainline report about problems due to 5797b1c18919cd ("workqueue: Implement system-wide nr_active enforcement for unbound workqueues") as well, but it's about "nohz_full=0 prevents kernel from booting": https://bugzilla.kernel.org/show_bug.cgi?id=218665; will forward that separately to Tejun. Ciao, Thorsten (wearing his 'the Linux kernel's regression tracker' hat) -- Everything you wanna know about Linux kernel regression tracking: https://linux-regtracking.leemhuis.info/about/#tldr If I did something stupid, please tell me, as explained on that page. [1] because bugzilla.kernel.org tells users upon registration their "email address will never be displayed to logged out users" #regzbot introduced: 5a70baec2294e8a7d0fcc4558741c23e752dad #regzbot from: Petri Kaukasoina #regzbot duplicate: https://bugzilla.kernel.org/show_bug.cgi?id=218658 #regzbot title: workqueue: hubernate usually hangs when going to sleep #regzbot ignore-activity

1 year, 2 months

5
11
0 0

[REGRESSION] Loss of some SMART information in v6.1.81

by Cyril Brulebois

Hi, Munin uses the following command to get sensor-type information out of SMART-aware disks (e.g. temperature): /usr/sbin/smartctl -A --nocheck=standby -d ata /dev/sda This broke following an upgrade from v6.1.76 (as found in Debian 12) to v6.1.82 (as currently found in the proposed-updates repository for the next point release of Debian 12), with smartctl's now reporting: smartctl 7.3 2022-02-28 r5338 [x86_64-linux-6.1.0-19-amd64] (local build) Copyright (C) 2002-22, Bruce Allen, Christian Franke, www.smartmontools.org Device is in SLEEP mode, exit(2) This happens on baremetal with 2 pairs of disks: - 2×ST4000VN008-2DR1 (sda, sdb) - 2×ST8000VN004-2M21 (sdc, sdd) and that's an obvious lie with one pair doing system stuff and the other one doing media stuff. This also happens within a Debian 12 QEMU VM running on a Debian 12 libvirt host, when using a SATA disk, which is what I've used to test various builds from the stable/linux-6.1.y branch and associated tags. Building stable releases, I pinpointed it as a regression between v6.1.80 and v6.1.81, then pinpointed it to commit cf33e6ca12d8. #regzbot introduced: v6.1.80..v6.1.81 #regzbot introduced: cf33e6ca12d8 This is also affecting v6.1.84 and v6.1.85 (released during my git bisect session). Reported in Debian via: https://bugs.debian.org/1068675 (which included a trace with the distribution-provided v6.1.82 package). Most recent trace, with v6.1.85 (mainline, using the distribution's config but without any patches): [ 30.547027] ------------[ cut here ]------------ [ 30.547034] WARNING: CPU: 0 PID: 697 at drivers/scsi/scsi_lib.c:214 scsi_execute_cmd+0x42/0x2c0 [scsi_mod] [ 30.547082] Modules linked in: tls tun intel_rapl_msr intel_rapl_common kvm_intel kvm irqbypass ghash_clmulni_intel sha512_ssse3 sha512_generic sha256_ssse3 sha1_ssse3 snd_hda_codec_generic ledtrig_audio snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi aesni_intel snd_hda_codec crypto_simd cryptd rapl snd_hda_core snd_hwdep bochs drm_vram_helper pcspkr drm_ttm_helper snd_pcm iTCO_wdt snd_timer intel_pmc_bxt ttm iTCO_vendor_support snd watchdog soundcore virtio_console virtio_balloon drm_kms_helper button joydev evdev serio_raw sg binfmt_misc fuse loop drm efi_pstore dm_mod configfs qemu_fw_cfg virtio_rng ip_tables x_tables autofs4 ext4 crc32c_generic crc16 mbcache jbd2 hid_generic usbhid hid sd_mod t10_pi crc64_rocksoft crc64 crc_t10dif crct10dif_generic ahci libahci virtio_scsi virtio_blk virtio_net net_failover failover xhci_pci crct10dif_pclmul crct10dif_common crc32_pclmul libata crc32c_intel xhci_hcd psmouse i2c_i801 i2c_smbus scsi_mod scsi_common lpc_ich virtio_pci [ 30.547194] virtio_pci_legacy_dev virtio_pci_modern_dev usbcore usb_common virtio virtio_ring [ 30.547205] CPU: 0 PID: 697 Comm: smartctl Not tainted 6.1.85 #1 [ 30.547210] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 [ 30.547217] RIP: 0010:scsi_execute_cmd+0x42/0x2c0 [scsi_mod] [ 30.547247] Code: 55 48 89 fd 53 48 83 ec 10 4c 8b 64 24 50 48 89 0c 24 4d 85 e4 0f 84 02 02 00 00 49 83 3c 24 00 74 24 41 83 7c 24 08 60 74 1c <0f> 0b bd ea ff ff ff 48 83 c4 10 89 e8 5b 5d 41 5c 41 5d 41 5e 41 [ 30.547251] RSP: 0018:ffffa70f80defbd0 EFLAGS: 00010287 [ 30.547256] RAX: ffffa70f80defc30 RBX: ffff9ab18b085000 RCX: 0000000000000000 [ 30.547259] RDX: 0000000000000022 RSI: 0000000000000022 RDI: ffff9ab18b085000 [ 30.547262] RBP: ffff9ab18b085000 R08: 0000000000000000 R09: 00000000000009c4 [ 30.547265] R10: 0000000000000000 R11: 0000000000000000 R12: ffffa70f80defc30 [ 30.547268] R13: 0000000000000000 R14: 00000000000009c4 R15: ffffa70f80defc60 [ 30.547271] FS: 00007f8ee64ad840(0000) GS:ffff9ab1bec00000(0000) knlGS:0000000000000000 [ 30.547275] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 30.547278] CR2: 00007fff08df0bc0 CR3: 000000000439a003 CR4: 0000000000170ef0 [ 30.547291] Call Trace: [ 30.547296] <TASK> [ 30.547301] ? __warn+0x7d/0xc0 [ 30.547308] ? scsi_execute_cmd+0x42/0x2c0 [scsi_mod] [ 30.547338] ? report_bug+0xe2/0x150 [ 30.547348] ? handle_bug+0x41/0x70 [ 30.547354] ? exc_invalid_op+0x13/0x60 [ 30.547358] ? asm_exc_invalid_op+0x16/0x20 [ 30.547368] ? scsi_execute_cmd+0x42/0x2c0 [scsi_mod] [ 30.547397] ata_cmd_ioctl+0x144/0x2f0 [libata] [ 30.547448] scsi_ioctl+0x3f5/0x930 [scsi_mod] [ 30.547477] ? scsi_block_when_processing_errors+0x22/0x100 [scsi_mod] [ 30.547503] ? __mod_lruvec_page_state+0x93/0x140 [ 30.547508] ? scsi_ioctl_block_when_processing_errors+0x45/0x50 [scsi_mod] [ 30.547535] blkdev_ioctl+0x133/0x270 [ 30.547553] __x64_sys_ioctl+0x90/0xd0 [ 30.547564] do_syscall_64+0x55/0xb0 [ 30.547574] ? handle_mm_fault+0xdb/0x2d0 [ 30.547582] ? do_user_addr_fault+0x1b0/0x580 [ 30.547589] ? exit_to_user_mode_prepare+0x40/0x1e0 [ 30.547596] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 [ 30.547608] RIP: 0033:0x7f8ee611cc5b [ 30.547617] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 30.547621] RSP: 002b:00007fff08df0960 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 30.547626] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007f8ee611cc5b [ 30.547629] RDX: 00007fff08df0bc0 RSI: 000000000000031f RDI: 0000000000000003 [ 30.547632] RBP: 00007fff08df1040 R08: 0000000000000000 R09: 0000000000000000 [ 30.547634] R10: e7e85eefeeee1b19 R11: 0000000000000246 R12: 000056348ba28600 [ 30.547637] R13: 00007fff08df0bc0 R14: 00007fff08df12e0 R15: 0000000000000000 [ 30.547642] </TASK> [ 30.547644] ---[ end trace 0000000000000000 ]--- Cheers, -- Cyril Brulebois (kibi(a)debian.org) <https://debamax.com/> D-I release manager -- Release team member -- Freelance Consultant

1 year, 2 months

2
2
0 0

RE: [RFC] rtw88: Fix startup problems for SDIO wifi plus UART Bluetooth

by Ping-Ke Shih

Larry Finger <Larry.Finger(a)gmail.com> wrote: > As discussed in the links below, the SDIO part of RTW8821CS fails to > start correctly if such startup happens while the UART portion of > the chip is initializing. I checked with SDIO team internally, but they didn't meet this case, so we may take this workaround. SDIO team wonder if something other than BT cause this failure, and after system boots everything will be well. Could you boot the system without WiFi/BT drivers, but insmod drivers manually after booting? > --- > drivers/net/wireless/realtek/rtw88/sdio.c | 28 +++++++++++++++++++++++ > 1 file changed, 28 insertions(+) > > diff --git a/drivers/net/wireless/realtek/rtw88/sdio.c b/drivers/net/wireless/realtek/rtw88/sdio.c > index 0cae5746f540..eec0ad85be72 100644 > --- a/drivers/net/wireless/realtek/rtw88/sdio.c > +++ b/drivers/net/wireless/realtek/rtw88/sdio.c > @@ -1325,6 +1325,34 @@ int rtw_sdio_probe(struct sdio_func *sdio_func, [...] > + mdelay(500); Will it better to use sleep function?

1 year, 2 months

2
2
0 0

[RFC] rtw88: Fix startup problems for SDIO wifi plus UART Bluetooth

by Larry Finger

As discussed in the links below, the SDIO part of RTW8821CS fails to start correctly if such startup happens while the UART portion of the chip is initializing. The logged results with such failure is [ 10.230516] rtw_8821cs mmc3:0001:1: Start of rtw_sdio_probe [ 10.306569] Bluetooth: HCI UART driver ver 2.3 [ 10.306717] Bluetooth: HCI UART protocol Three-wire (H5) registered [ 10.307167] of_dma_request_slave_channel: dma-names property of node '/serial@fe650000' missing or empty [ 10.307199] dw-apb-uart fe650000.serial: failed to request DMA [ 10.543474] rtw_8821cs mmc3:0001:1: Firmware version 24.8.0, H2C version 12 [ 10.730744] rtw_8821cs mmc3:0001:1: sdio read32 failed (0x11080): -110 [ 10.730923] rtw_8821cs mmc3:0001:1: sdio write32 failed (0x11080): -110 Due to the above errors, wifi fails to work. For those instances when wifi works, the following is logged: [ 10.452861] Bluetooth: HCI UART protocol Three-wire (H5) registered [ 10.453580] of_dma_request_slave_channel: dma-names property of node '/serial@fe650000' missing or empty [ 10.453621] dw-apb-uart fe650000.serial: failed to request DMA [ 10.455741] rtw_8821cs mmc3:0001:1: Start of rtw_sdio_probe [ 10.639186] rtw_8821cs mmc3:0001:1: Firmware version 24.8.0, H2C version 12 In this case, SDIO wifi works correctly. The correct case is ensured by adding an mdelay(500) statement before the call to rtw_core_init(). No adverse effects are observed. Link: https://1EHFQ.trk.elasticemail.com/tracking/click?d=1UfsVowwwMAM6kBoyumkHP3… Link: https://1EHFQ.trk.elasticemail.com/tracking/click?d=XUEf4t8W9xt0czASPOeeDt8… Fixes: 65371a3f14e7 ("wifi: rtw88: sdio: Add HCI implementation for SDIO based chipsets") Signed-off-by: Larry Finger <Larry.Finger(a)gmail.com> Cc: stable(a)vger.kernel.org # v6.4+ --- drivers/net/wireless/realtek/rtw88/sdio.c | 28 +++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/drivers/net/wireless/realtek/rtw88/sdio.c b/drivers/net/wireless/realtek/rtw88/sdio.c index 0cae5746f540..eec0ad85be72 100644 --- a/drivers/net/wireless/realtek/rtw88/sdio.c +++ b/drivers/net/wireless/realtek/rtw88/sdio.c @@ -1325,6 +1325,34 @@ int rtw_sdio_probe(struct sdio_func *sdio_func, rtwdev->hci.ops = &rtw_sdio_ops; rtwdev->hci.type = RTW_HCI_TYPE_SDIO; + /* Insert a delay of 500 ms. Without the delay, the wifi part + * and the UART that controls Bluetooth interfere with one + * another resulting in the following being logged: + * + * Start of SDIO probe function. + * Bluetooth: HCI UART driver ver 2.3 + * Bluetooth: HCI UART protocol Three-wire (H5) registered + * of_dma_request_slave_channel: dma-names property of node '/serial@fe650000' + * missing or empty + * dw-apb-uart fe650000.serial: failed to request DMA +` * rtw_8821cs mmc3:0001:1: Firmware version 24.8.0, H2C version 12 + * rtw_8821cs mmc3:0001:1: sdio read32 failed (0x11080): -110 + * + * If the UART is finished initializing before the SDIO probe + * function startw, the following is logged: + * + * Bluetooth: HCI UART protocol Three-wire (H5) registered + * of_dma_request_slave_channel: dma-names property of node '/serial@fe650000' + * missing or empty + * dw-apb-uart fe650000.serial: failed to request DMA + * Start of SDIO probe function. + * rtw_8821cs mmc3:0001:1: Firmware version 24.8.0, H2C version 12 + * Bluetooth: hci0: RTL: examining hci_ver=08 hci_rev=000c lmp_ver=08 lmp_subver=8821 + * SDIO wifi works correctly. + * + * No adverse effects are observed from the delay. + */ + mdelay(500); ret = rtw_core_init(rtwdev); if (ret) goto err_release_hw; -- 2.44.0 https://1EHFQ.trk.elasticemail.com/tracking/unsubscribe?d=XjvOA0R6jwFES_UmJ…

1 year, 2 months

1
0
0 0

Re: KASAN: slab-out-of-bounds Write in ops_init

by Eric Dumazet

On Wed, Apr 10, 2024 at 10:31 PM Cem Topcuoglu <topcuoglu.c(a)northeastern.edu> wrote: > > Hi, > > > > We encountered a bug labelled “KASAN: slab-out-of-bounds Write in ops_init” while fuzzing kernel version 5.15.124 with Syzkaller (lines exist in 5.15.154 as well). > > > > In the net_namespace.c file, we have an if condition at line 89. Subsequently, Syzkaller encounters the bug at line 90. > > > > 89 if (old_ng->s.len > id) { > > 90 old_ng->ptr[id] = data; > > 91 return 0; > > 92 } > > > > Upon inspecting the net_generic struct, we noticed that this struct uses union which puts the array and the header (including the array length information) together. > > We suspect that with this union, modifying the ng->ptr[0] is essentially modifying ng->s.len, which might fail the check in 89. This might be the cause for Syzkaller detecting this slab-out-of-bound. > Look for MIN_PERNET_OPS_ID (this should be 3) ng->ptr[0] , [1], [2] can not be overwritten. Do you have a repro ? Also please use the latest stable (5.15.154). > Since we are CS PhD students and Linux hobbyists, we do not have a full understanding of what could lead to this. We would really appreciate if you guys can share some insights into this matter : ) > > > > We attached the syzkaller’s bug report below. > > > > ================================================================== > > BUG: KASAN: slab-out-of-bounds in net_assign_generic > > usr/src/kernel/net/core/net_namespace.c:90 [inline] > > BUG: KASAN: slab-out-of-bounds in ops_init+0x44b/0x4d0 > > usr/src/kernel/net/core/net_namespace.c:129 > > Write of size 8 at addr ffff888043c62ae8 by task (coredump)/5424 > > CPU: 1 PID: 5424 Comm: (coredump) Not tainted 5.15.124-yocto-standard #1 > > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 > > Call Trace: > > <TASK> > > __dump_stack usr/src/kernel/lib/dump_stack.c:88 [inline] > > dump_stack_lvl+0x51/0x70 usr/src/kernel/lib/dump_stack.c:106 > > print_address_description.constprop.0+0x24/0x140 usr/src/kernel/mm/kasan/report.c:248 > > __kasan_report usr/src/kernel/mm/kasan/report.c:434 [inline] > > kasan_report.cold+0x7d/0x117 usr/src/kernel/mm/kasan/report.c:451 > > __asan_report_store8_noabort+0x17/0x20 usr/src/kernel/mm/kasan/report_generic.c:314 > > net_assign_generic usr/src/kernel/net/core/net_namespace.c:90 [inline] > > ops_init+0x44b/0x4d0 usr/src/kernel/net/core/net_namespace.c:129 > > setup_net+0x40a/0x970 usr/src/kernel/net/core/net_namespace.c:329 > > copy_net_ns+0x2ac/0x680 usr/src/kernel/net/core/net_namespace.c:473 > > create_new_namespaces+0x390/0xa50 usr/src/kernel/kernel/nsproxy.c:110 > > unshare_nsproxy_namespaces+0xb0/0x1d0 usr/src/kernel/kernel/nsproxy.c:226 > > ksys_unshare+0x30c/0x850 usr/src/kernel/kernel/fork.c:3094 > > __do_sys_unshare usr/src/kernel/kernel/fork.c:3168 [inline] > > __se_sys_unshare usr/src/kernel/kernel/fork.c:3166 [inline] > > __x64_sys_unshare+0x36/0x50 usr/src/kernel/kernel/fork.c:3166 > > do_syscall_x64 usr/src/kernel/arch/x86/entry/common.c:50 [inline] > > do_syscall_64+0x40/0x90 usr/src/kernel/arch/x86/entry/common.c:80 > > entry_SYSCALL_64_after_hwframe+0x61/0xcb > > RIP: 0033:0x7fbafce1b39b > > Code: 73 01 c3 48 8b 0d 85 2a 0e 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 > > 00 90 f3 0f 1e fa b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 55 2a 0e 00 f7 > > d8 64 89 01 48 > > RSP: 002b:00007ffddc8dfda8 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 > > RAX: ffffffffffffffda RBX: 0000557e645dd018 RCX: 00007fbafce1b39b > > RDX: 0000000000000000 RSI: 00007ffddc8dfd10 RDI: 0000000040000000 > > RBP: 00007ffddc8dfde0 R08: 0000000000000000 R09: 00007ffd00000067 > > R10: 0000000000000000 R11: 0000000000000246 R12: 00000000fffffff5 > > R13: 00007fbafd26ba60 R14: 0000000040000000 R15: 0000000000000000 > > </TASK> > > Allocated by task 5424: > > kasan_save_stack+0x26/0x60 usr/src/kernel/mm/kasan/common.c:38 > > kasan_set_track usr/src/kernel/mm/kasan/common.c:46 [inline] > > set_alloc_info usr/src/kernel/mm/kasan/common.c:434 [inline] > > ____kasan_kmalloc usr/src/kernel/mm/kasan/common.c:513 [inline] > > ____kasan_kmalloc usr/src/kernel/mm/kasan/common.c:472 [inline] > > __kasan_kmalloc+0xae/0xe0 usr/src/kernel/mm/kasan/common.c:522 > > kasan_kmalloc usr/src/kernel/include/linux/kasan.h:264 [inline] > > __kmalloc+0x308/0x560 usr/src/kernel/mm/slub.c:4407 > > kmalloc usr/src/kernel/include/linux/slab.h:596 [inline] > > kzalloc usr/src/kernel/include/linux/slab.h:721 [inline] > > net_alloc_generic+0x28/0x80 usr/src/kernel/net/core/net_namespace.c:74 > > net_alloc usr/src/kernel/net/core/net_namespace.c:401 [inline] > > copy_net_ns+0xc3/0x680 usr/src/kernel/net/core/net_namespace.c:460 > > create_new_namespaces+0x390/0xa50 usr/src/kernel/kernel/nsproxy.c:110 > > unshare_nsproxy_namespaces+0xb0/0x1d0 usr/src/kernel/kernel/nsproxy.c:226 > > ksys_unshare+0x30c/0x850 usr/src/kernel/kernel/fork.c:3094 > > __do_sys_unshare usr/src/kernel/kernel/fork.c:3168 [inline] > > __se_sys_unshare usr/src/kernel/kernel/fork.c:3166 [inline] > > __x64_sys_unshare+0x36/0x50 usr/src/kernel/kernel/fork.c:3166 > > do_syscall_x64 usr/src/kernel/arch/x86/entry/common.c:50 [inline] > > do_syscall_64+0x40/0x90 usr/src/kernel/arch/x86/entry/common.c:80 > > entry_SYSCALL_64_after_hwframe+0x61/0xcb > > The buggy address belongs to the object at ffff888043c62a00 > > which belongs to the cache kmalloc-256 of size 256 > > The buggy address is located 232 bytes inside of > > 256-byte region [ffff888043c62a00, ffff888043c62b00) > > The buggy address belongs to the page: > > page:000000008dd0a6b6 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x43c62 > > head:000000008dd0a6b6 order:1 compound_mapcount:0 > > flags: 0x4000000000010200(slab|head|zone=1) > > raw: 4000000000010200 ffffea0001108f00 0000000700000007 ffff888001041b40 > > raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 > > page dumped because: kasan: bad access detected > > Memory state around the buggy address: > > ffff888043c62980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc > > ffff888043c62a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > > >ffff888043c62a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc > > ^ > > ffff888043c62b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc > > ffff888043c62b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc > > ================================================================== > > kmemleak: 2 new suspected memory leaks (see /sys/kernel/debug/kmemleak) > > > > Best > >

1 year, 2 months

1
0
0 0

KASAN: slab-out-of-bounds Write in ops_init

by Cem Topcuoglu

Hi, We encountered a bug labelled “KASAN: slab-out-of-bounds Write in ops_init” while fuzzing kernel version 5.15.124 with Syzkaller (lines exist in 5.15.154 as well). In the net_namespace.c file, we have an if condition at line 89. Subsequently, Syzkaller encounters the bug at line 90. 89 if (old_ng->s.len > id) { 90 old_ng->ptr[id] = data; 91 return 0; 92 } Upon inspecting the net_generic struct, we noticed that this struct uses union which puts the array and the header (including the array length information) together. We suspect that with this union, modifying the ng->ptr[0] is essentially modifying ng->s.len, which might fail the check in 89. This might be the cause for Syzkaller detecting this slab-out-of-bound. Since we are CS PhD students and Linux hobbyists, we do not have a full understanding of what could lead to this. We would really appreciate if you guys can share some insights into this matter : ) We attached the syzkaller’s bug report below. ================================================================== BUG: KASAN: slab-out-of-bounds in net_assign_generic usr/src/kernel/net/core/net_namespace.c:90 [inline] BUG: KASAN: slab-out-of-bounds in ops_init+0x44b/0x4d0 usr/src/kernel/net/core/net_namespace.c:129 Write of size 8 at addr ffff888043c62ae8 by task (coredump)/5424 CPU: 1 PID: 5424 Comm: (coredump) Not tainted 5.15.124-yocto-standard #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 Call Trace: <TASK> __dump_stack usr/src/kernel/lib/dump_stack.c:88 [inline] dump_stack_lvl+0x51/0x70 usr/src/kernel/lib/dump_stack.c:106 print_address_description.constprop.0+0x24/0x140 usr/src/kernel/mm/kasan/report.c:248 __kasan_report usr/src/kernel/mm/kasan/report.c:434 [inline] kasan_report.cold+0x7d/0x117 usr/src/kernel/mm/kasan/report.c:451 __asan_report_store8_noabort+0x17/0x20 usr/src/kernel/mm/kasan/report_generic.c:314 net_assign_generic usr/src/kernel/net/core/net_namespace.c:90 [inline] ops_init+0x44b/0x4d0 usr/src/kernel/net/core/net_namespace.c:129 setup_net+0x40a/0x970 usr/src/kernel/net/core/net_namespace.c:329 copy_net_ns+0x2ac/0x680 usr/src/kernel/net/core/net_namespace.c:473 create_new_namespaces+0x390/0xa50 usr/src/kernel/kernel/nsproxy.c:110 unshare_nsproxy_namespaces+0xb0/0x1d0 usr/src/kernel/kernel/nsproxy.c:226 ksys_unshare+0x30c/0x850 usr/src/kernel/kernel/fork.c:3094 __do_sys_unshare usr/src/kernel/kernel/fork.c:3168 [inline] __se_sys_unshare usr/src/kernel/kernel/fork.c:3166 [inline] __x64_sys_unshare+0x36/0x50 usr/src/kernel/kernel/fork.c:3166 do_syscall_x64 usr/src/kernel/arch/x86/entry/common.c:50 [inline] do_syscall_64+0x40/0x90 usr/src/kernel/arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x61/0xcb RIP: 0033:0x7fbafce1b39b Code: 73 01 c3 48 8b 0d 85 2a 0e 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 55 2a 0e 00 f7 d8 64 89 01 48 RSP: 002b:00007ffddc8dfda8 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 RAX: ffffffffffffffda RBX: 0000557e645dd018 RCX: 00007fbafce1b39b RDX: 0000000000000000 RSI: 00007ffddc8dfd10 RDI: 0000000040000000 RBP: 00007ffddc8dfde0 R08: 0000000000000000 R09: 00007ffd00000067 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000fffffff5 R13: 00007fbafd26ba60 R14: 0000000040000000 R15: 0000000000000000 </TASK> Allocated by task 5424: kasan_save_stack+0x26/0x60 usr/src/kernel/mm/kasan/common.c:38 kasan_set_track usr/src/kernel/mm/kasan/common.c:46 [inline] set_alloc_info usr/src/kernel/mm/kasan/common.c:434 [inline] ____kasan_kmalloc usr/src/kernel/mm/kasan/common.c:513 [inline] ____kasan_kmalloc usr/src/kernel/mm/kasan/common.c:472 [inline] __kasan_kmalloc+0xae/0xe0 usr/src/kernel/mm/kasan/common.c:522 kasan_kmalloc usr/src/kernel/include/linux/kasan.h:264 [inline] __kmalloc+0x308/0x560 usr/src/kernel/mm/slub.c:4407 kmalloc usr/src/kernel/include/linux/slab.h:596 [inline] kzalloc usr/src/kernel/include/linux/slab.h:721 [inline] net_alloc_generic+0x28/0x80 usr/src/kernel/net/core/net_namespace.c:74 net_alloc usr/src/kernel/net/core/net_namespace.c:401 [inline] copy_net_ns+0xc3/0x680 usr/src/kernel/net/core/net_namespace.c:460 create_new_namespaces+0x390/0xa50 usr/src/kernel/kernel/nsproxy.c:110 unshare_nsproxy_namespaces+0xb0/0x1d0 usr/src/kernel/kernel/nsproxy.c:226 ksys_unshare+0x30c/0x850 usr/src/kernel/kernel/fork.c:3094 __do_sys_unshare usr/src/kernel/kernel/fork.c:3168 [inline] __se_sys_unshare usr/src/kernel/kernel/fork.c:3166 [inline] __x64_sys_unshare+0x36/0x50 usr/src/kernel/kernel/fork.c:3166 do_syscall_x64 usr/src/kernel/arch/x86/entry/common.c:50 [inline] do_syscall_64+0x40/0x90 usr/src/kernel/arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x61/0xcb The buggy address belongs to the object at ffff888043c62a00 which belongs to the cache kmalloc-256 of size 256 The buggy address is located 232 bytes inside of 256-byte region [ffff888043c62a00, ffff888043c62b00) The buggy address belongs to the page: page:000000008dd0a6b6 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x43c62 head:000000008dd0a6b6 order:1 compound_mapcount:0 flags: 0x4000000000010200(slab|head|zone=1) raw: 4000000000010200 ffffea0001108f00 0000000700000007 ffff888001041b40 raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff888043c62980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff888043c62a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff888043c62a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc ^ ffff888043c62b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff888043c62b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== kmemleak: 2 new suspected memory leaks (see /sys/kernel/debug/kmemleak) Best

1 year, 2 months

1
0
0 0

+ fork-defer-linking-file-vma-until-vma-is-fully-initialized.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: fork: defer linking file vma until vma is fully initialized has been added to the -mm mm-hotfixes-unstable branch. Its filename is fork-defer-linking-file-vma-until-vma-is-fully-initialized.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Miaohe Lin <linmiaohe(a)huawei.com> Subject: fork: defer linking file vma until vma is fully initialized Date: Wed, 10 Apr 2024 17:14:41 +0800 Thorvald reported a WARNING [1]. And the root cause is below race: CPU 1 CPU 2 fork hugetlbfs_fallocate dup_mmap hugetlbfs_punch_hole i_mmap_lock_write(mapping); vma_interval_tree_insert_after -- Child vma is visible through i_mmap tree. i_mmap_unlock_write(mapping); hugetlb_dup_vma_private -- Clear vma_lock outside i_mmap_rwsem! i_mmap_lock_write(mapping); hugetlb_vmdelete_list vma_interval_tree_foreach hugetlb_vma_trylock_write -- Vma_lock is cleared. tmp->vm_ops->open -- Alloc new vma_lock outside i_mmap_rwsem! hugetlb_vma_unlock_write -- Vma_lock is assigned!!! i_mmap_unlock_write(mapping); hugetlb_dup_vma_private() and hugetlb_vm_op_open() are called outside i_mmap_rwsem lock while vma lock can be used in the same time. Fix this by deferring linking file vma until vma is fully initialized. Those vmas should be initialized first before they can be used. Link: https://lkml.kernel.org/r/20240410091441.3539905-1-linmiaohe@huawei.com Fixes: 8d9bfb260814 ("hugetlb: add vma based lock for pmd sharing") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Reported-by: Thorvald Natvig <thorvald(a)google.com> Closes: https://lore.kernel.org/linux-mm/20240129161735.6gmjsswx62o4pbja@revolver/T/ [1] Cc: Christian Brauner <brauner(a)kernel.org> Cc: Heiko Carstens <hca(a)linux.ibm.com> Cc: Jane Chu <jane.chu(a)oracle.com> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: Liam R. Howlett <Liam.Howlett(a)oracle.com> Cc: Mateusz Guzik <mjguzik(a)gmail.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Peng Zhang <zhangpeng.00(a)bytedance.com> Cc: Tycho Andersen <tandersen(a)netflix.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/fork.c | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) --- a/kernel/fork.c~fork-defer-linking-file-vma-until-vma-is-fully-initialized +++ a/kernel/fork.c @@ -714,6 +714,23 @@ static __latent_entropy int dup_mmap(str } else if (anon_vma_fork(tmp, mpnt)) goto fail_nomem_anon_vma_fork; vm_flags_clear(tmp, VM_LOCKED_MASK); + /* + * Copy/update hugetlb private vma information. + */ + if (is_vm_hugetlb_page(tmp)) + hugetlb_dup_vma_private(tmp); + + /* + * Link the vma into the MT. After using __mt_dup(), memory + * allocation is not necessary here, so it cannot fail. + */ + vma_iter_bulk_store(&vmi, tmp); + + mm->map_count++; + + if (tmp->vm_ops && tmp->vm_ops->open) + tmp->vm_ops->open(tmp); + file = tmp->vm_file; if (file) { struct address_space *mapping = file->f_mapping; @@ -730,25 +747,9 @@ static __latent_entropy int dup_mmap(str i_mmap_unlock_write(mapping); } - /* - * Copy/update hugetlb private vma information. - */ - if (is_vm_hugetlb_page(tmp)) - hugetlb_dup_vma_private(tmp); - - /* - * Link the vma into the MT. After using __mt_dup(), memory - * allocation is not necessary here, so it cannot fail. - */ - vma_iter_bulk_store(&vmi, tmp); - - mm->map_count++; if (!(tmp->vm_flags & VM_WIPEONFORK)) retval = copy_page_range(tmp, mpnt); - if (tmp->vm_ops && tmp->vm_ops->open) - tmp->vm_ops->open(tmp); - if (retval) { mpnt = vma_next(&vmi); goto loop_out; _ Patches currently in -mm which might be from linmiaohe(a)huawei.com are mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled.patch fork-defer-linking-file-vma-until-vma-is-fully-initialized.patch

1 year, 2 months

1
0
0 0

[PATCH 6.1 000/138] 6.1.85-rc3 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.85 release. There are 138 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 11 Apr 2024 17:35:00 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.85-rc3… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.85-rc3 Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> x86: set SPECTRE_BHI_ON as default Daniel Sneddon <daniel.sneddon(a)linux.intel.com> KVM: x86: Add BHI_NO Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Mitigate KVM by default Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Add BHI mitigation knob Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Enumerate Branch History Injection (BHI) bug Daniel Sneddon <daniel.sneddon(a)linux.intel.com> x86/bhi: Define SPEC_CTRL_BHI_DIS_S Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Add support for clearing branch history at syscall entry Linus Torvalds <torvalds(a)linux-foundation.org> x86/syscall: Don't force use of indirect calls for system calls Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file min15.li <min15.li(a)samsung.com> nvme: fix miss command type check David Hildenbrand <david(a)redhat.com> mm/secretmem: fix GUP-fast succeeding on secretmem folios Geliang Tang <geliang.tang(a)suse.com> selftests: mptcp: display simult in extra_msg Davide Caratti <dcaratti(a)redhat.com> mptcp: don't account accept() of non-MPC client as fallback to TCP Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: join: fix dev in check_endpoint Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_network_name_deleted() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in is_valid_oplock_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_valid_lease_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_valid_oplock_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_stats_proc_show() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_stats_proc_write() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_debug_files_proc_show() Ritvik Budhiraja <rbudhiraja(a)microsoft.com> smb3: retrying on failed server close Stefan O'Rear <sorear(a)fastmail.com> riscv: process: Fix kernel gp leakage Samuel Holland <samuel.holland(a)sifive.com> riscv: Fix spurious errors from __get/put_kernel_nofault Sumanth Korikkar <sumanthk(a)linux.ibm.com> s390/entry: align system call table on 8 bytes Jason A. Donenfeld <Jason(a)zx2c4.com> x86/coco: Require seeding RNG with RDRAND on CoCo systems Borislav Petkov (AMD) <bp(a)alien8.de> x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() David Hildenbrand <david(a)redhat.com> x86/mm/pat: fix VM_PAT handling in COW mappings Herve Codina <herve.codina(a)bootlin.com> of: dynamic: Synchronize of_changeset_destroy() with the devlink removals Herve Codina <herve.codina(a)bootlin.com> driver core: Introduce device_link_wait_removal() I Gede Agastya Darma Laksana <gedeagas22(a)gmail.com> ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Christoffer Sandberg <cs(a)tuxedo.de> ALSA: hda/realtek - Fix inactive headset mic jack Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: do not set SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1 Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: validate payload size in ipc response Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: don't send oplock break if rename fails Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk Jeff Layton <jlayton(a)kernel.org> nfsd: hold a lighter-weight client reference over CB_RECALL_ANY Arnd Bergmann <arnd(a)arndb.de> ata: sata_mv: Fix PCI device ID table declaration compilation warning David Howells <dhowells(a)redhat.com> cifs: Fix caching to try to do open O_WRONLY as rdwr on server Li Nan <linan122(a)huawei.com> scsi: sd: Unregister device if device_add_disk() failed in sd_probe() Arnd Bergmann <arnd(a)arndb.de> scsi: mylex: Fix sysfs buffer lengths Arnd Bergmann <arnd(a)arndb.de> ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit Stephen Lee <slee08177(a)gmail.com> ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdca: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt5682-sdw: fix locking sequence Christian Hewitt <christianshewitt(a)gmail.com> drm/panfrost: fix power transition timeout warnings Pu Lehui <pulehui(a)huawei.com> drivers/perf: riscv: Disable PERF_SAMPLE_BRANCH_* while not supported Dominique Martinet <asmadeus(a)codewreck.org> 9p: Fix read/write debug statements to report server reply Jann Horn <jannh(a)google.com> fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() Ashish Kalra <ashish.kalra(a)amd.com> KVM: SVM: Add support for allowing zero SEV ASIDs Sean Christopherson <seanjc(a)google.com> KVM: SVM: Use unsigned integers when dealing with ASIDs Sean Christopherson <seanjc(a)google.com> KVM: SVM: WARN, but continue, if misc_cg_set_capacity() fails Alexander Mikhalitsyn <aleksandr.mikhalitsyn(a)canonical.com> KVM: SVM: enhance info printk's in SEV init Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always update error counters Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always process TX descriptor ring Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> net: ravb: Let IP-specific receive function to interrogate descriptors Wei Fang <wei.fang(a)nxp.com> net: fec: Set mac_managed_pm during probe Denis Kirjanov <dkirjanov(a)suse.de> drivers: net: convert to boolean for the mac_managed_pm flag Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses. Heiner Kallweit <hkallweit1(a)gmail.com> r8169: prepare rtl_hw_aspm_clkreq_enable for usage in atomic context Heiner Kallweit <hkallweit1(a)gmail.com> r8169: use spinlock to protect access to registers Config2 and Config5 Heiner Kallweit <hkallweit1(a)gmail.com> r8169: use spinlock to protect mac ocp register access Ivan Vecera <ivecera(a)redhat.com> i40e: Enforce software interrupt during busy-poll exit Ivan Vecera <ivecera(a)redhat.com> i40e: Remove _t suffix from enum type names Joe Damato <jdamato(a)fastly.com> i40e: Store the irq number in i40e_q_vector Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Flush GFXOFF requests in prepare stage Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Add concept of running prepare_suspend() sequence for IP blocks Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Evict resources during PM ops prepare() callback Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix vf may be used uninitialized in this function warning Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix i40e_count_filters() to count only active/new filters Aleksandr Mishin <amishin(a)t-argos.ru> octeontx2-af: Add array index check Su Hui <suhui(a)nfschina.com> octeontx2-pf: check negative error code in otx2_open() Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: Fix issue with loading coalesced KPU profiles Antoine Tenart <atenart(a)kernel.org> udp: prevent local UDP tunnel packets from being GROed Antoine Tenart <atenart(a)kernel.org> udp: do not transition UDP GRO fraglist partial checksums to unnecessary Antoine Tenart <atenart(a)kernel.org> udp: do not accept non-tunnel GSO skbs landing in a tunnel Atlas Yu <atlas.yu(a)canonical.com> r8169: skip DASH fw status checks when DASH is disabled David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop interface during shutdown Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Fix infinite recursion in fib6_dump_done(). Jakub Kicinski <kuba(a)kernel.org> selftests: reuseaddr_conflict: add missing new line at the end of the output Eric Dumazet <edumazet(a)google.com> erspan: make sure erspan_base_hdr is present in skb->head Ivan Vecera <ivecera(a)redhat.com> i40e: Fix VF MAC filter removal Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Fix the SRSO mitigation on Zen3/4 Antoine Tenart <atenart(a)kernel.org> gro: fix ownership transfer Antoine Tenart <atenart(a)kernel.org> selftests: net: gro fwd: update vxlan GRO test expectations Aleksandr Mishin <amishin(a)t-argos.ru> net: phy: micrel: Fix potential null pointer dereference Horatiu Vultur <horatiu.vultur(a)microchip.com> net: phy: micrel: lan8814: Fix when enabling/disabling 1-step timestamping Piotr Wejman <piotrwejman90(a)gmail.com> net: stmmac: fix rx queue priority assignment Eric Dumazet <edumazet(a)google.com> net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() Eric Dumazet <edumazet(a)google.com> net/sched: act_skbmod: prevent kernel-infoleak Jakub Sitnicki <jakub(a)cloudflare.com> bpf, sockmap: Prevent lock inversion deadlock in map delete elem Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> vboxsf: Avoid an spurious warning if load_nls_xxx() fails Eric Dumazet <edumazet(a)google.com> netfilter: validate user input for expected length Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: flush pending destroy work before exit_net release Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject new basechain after table flag update Ingo Molnar <mingo(a)kernel.org> Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Marco Pinna <marco.pinn95(a)gmail.com> vsock/virtio: fix packet delivery to tap device Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> net: usb: ax88179_178a: avoid the interface always configured as random address Mahmoud Adam <mngyadam(a)amazon.com> net/rds: fix possible cp null dereference Jesper Dangaard Brouer <hawk(a)kernel.org> xen-netfront: Add missing skb_mark_for_recycle Bastien Nocera <hadess(a)hadess.net> Bluetooth: Fix TOCTOU in HCI debugfs implementation Hui Wang <hui.wang(a)canonical.com> Bluetooth: hci_event: set the conn encrypted before conn establishes Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: add quirk for broken address properties Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix device-address endianness Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken Johan Hovold <johan+linaro(a)kernel.org> Revert "Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT" Sean Christopherson <seanjc(a)google.com> x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Fix host-programmed guest events in nVHE Sandipan Das <sandipan.das(a)amd.com> perf/x86/amd/lbr: Use freeze based on availability Sandipan Das <sandipan.das(a)amd.com> x86/cpufeatures: Add new word for scattered features Arnd Bergmann <arnd(a)arndb.de> dm integrity: fix out-of-range warning Florian Westphal <fw(a)strlen.de> inet: inet_defrag: prevent sk release while still in use Hariprasad Kelam <hkelam(a)marvell.com> Octeontx2-af: fix pause frame configuration in GMP mode Raju Lakkaraju <Raju.Lakkaraju(a)microchip.com> net: lan743x: Add set RFE read fifo threshold for PCI1x1x chips David Howells <dhowells(a)redhat.com> cifs: Fix duplicate fscache cookie warnings Andrei Matei <andreimatei1(a)gmail.com> bpf: Protect against int overflow for stack access size David Thompson <davthompson(a)nvidia.com> mlxbf_gige: call request_irq() after NAPI initialized Sabrina Dubroca <sd(a)queasysnail.net> tls: get psock ref after taking rxlock to avoid leak Sabrina Dubroca <sd(a)queasysnail.net> tls: adjust recv return with async crypto and failed copy to userspace Sabrina Dubroca <sd(a)queasysnail.net> tls: recv: process_rx_list shouldn't use an offset with kvec Jian Shen <shenjian15(a)huawei.com> net: hns3: mark unexcuted loopback test result as UNEXECUTED Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix kernel crash when devlink reload during pf initialization Jie Wang <wangjie125(a)huawei.com> net: hns3: fix index limit to support all queue stats Nikita Kiryushin <kiryushin(a)ancud.ru> ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() Bjørn Mork <bjorn(a)mork.no> net: wwan: t7xx: Split 64bit accesses to fix alignment issues Eric Dumazet <edumazet(a)google.com> tcp: properly terminate timers for kernel sockets Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: handle deferred cc1 Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: rfi: fix potential response leaks David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop PHY during open() error paths Ryosuke Yasuoka <ryasuoka(a)redhat.com> nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Pavel Sakharov <p.sakharov(a)ispras.ru> dma-buf: Fix NULL pointer dereference in sanitycheck() Hangbin Liu <liuhangbin(a)gmail.com> scripts/bpf_doc: Use silent mode when exec make cmd ------------- Diffstat: Documentation/admin-guide/hw-vuln/spectre.rst | 48 +++++++- Documentation/admin-guide/kernel-parameters.txt | 12 ++ Makefile | 4 +- arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 2 + arch/riscv/include/asm/uaccess.h | 4 +- arch/riscv/kernel/process.c | 3 - arch/s390/kernel/entry.S | 1 + arch/x86/Kconfig | 25 ++++ arch/x86/coco/core.c | 41 +++++++ arch/x86/entry/common.c | 10 +- arch/x86/entry/entry_64.S | 61 ++++++++++ arch/x86/entry/entry_64_compat.S | 16 +++ arch/x86/entry/syscall_32.c | 21 +++- arch/x86/entry/syscall_64.c | 19 ++- arch/x86/entry/syscall_x32.c | 10 +- arch/x86/events/amd/core.c | 4 +- arch/x86/events/amd/lbr.c | 16 ++- arch/x86/include/asm/asm-prototypes.h | 1 + arch/x86/include/asm/coco.h | 2 + arch/x86/include/asm/cpufeature.h | 8 +- arch/x86/include/asm/cpufeatures.h | 15 ++- arch/x86/include/asm/disabled-features.h | 3 +- arch/x86/include/asm/msr-index.h | 9 +- arch/x86/include/asm/nospec-branch.h | 37 +++++- arch/x86/include/asm/required-features.h | 3 +- arch/x86/include/asm/syscall.h | 11 +- arch/x86/kernel/cpu/bugs.c | 121 +++++++++++++++++-- arch/x86/kernel/cpu/common.c | 24 ++-- arch/x86/kernel/cpu/mce/core.c | 4 +- arch/x86/kernel/cpu/scattered.c | 2 + arch/x86/kernel/setup.c | 2 + arch/x86/kvm/reverse_cpuid.h | 5 +- arch/x86/kvm/svm/sev.c | 60 ++++++---- arch/x86/kvm/trace.h | 10 +- arch/x86/kvm/vmx/vmenter.S | 2 + arch/x86/kvm/x86.c | 2 +- arch/x86/lib/retpoline.S | 6 +- arch/x86/mm/ident_map.c | 23 +--- arch/x86/mm/pat/memtype.c | 49 +++++--- drivers/acpi/acpica/dbnames.c | 8 +- drivers/ata/sata_mv.c | 63 +++++----- drivers/ata/sata_sx4.c | 6 +- drivers/base/core.c | 26 +++- drivers/bluetooth/btqca.c | 8 +- drivers/bluetooth/hci_qca.c | 19 ++- drivers/dma-buf/st-dma-fence-chain.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 38 ++++++ drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 10 +- drivers/gpu/drm/amd/include/amd_shared.h | 1 + drivers/gpu/drm/panfrost/panfrost_gpu.c | 6 +- drivers/md/dm-integrity.c | 2 +- drivers/net/ethernet/freescale/fec_main.c | 11 +- .../hns3/hns3_common/hclge_comm_tqp_stats.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 19 ++- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 4 + drivers/net/ethernet/intel/i40e/i40e.h | 6 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 14 ++- drivers/net/ethernet/intel/i40e/i40e_ptp.c | 6 +- drivers/net/ethernet/intel/i40e/i40e_register.h | 3 + drivers/net/ethernet/intel/i40e/i40e_txrx.c | 82 +++++++++---- drivers/net/ethernet/intel/i40e/i40e_txrx.h | 5 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 45 ++++--- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 16 +-- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 + .../net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 2 + .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 2 +- .../net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 2 +- .../ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c | 31 +++-- drivers/net/ethernet/microchip/lan743x_main.c | 18 +++ drivers/net/ethernet/microchip/lan743x_main.h | 4 + drivers/net/ethernet/realtek/r8169_main.c | 131 +++++++++++++++++---- drivers/net/ethernet/renesas/ravb_main.c | 33 +++--- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 +++++-- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 38 ++++-- drivers/net/phy/micrel.c | 31 +++-- drivers/net/usb/asix_devices.c | 4 +- drivers/net/usb/ax88179_178a.c | 2 + drivers/net/wireless/intel/iwlwifi/mvm/rfi.c | 8 +- drivers/net/wwan/t7xx/t7xx_cldma.c | 4 +- drivers/net/wwan/t7xx/t7xx_hif_cldma.c | 9 +- drivers/net/wwan/t7xx/t7xx_pcie_mac.c | 8 +- drivers/net/xen-netfront.c | 1 + drivers/nvme/host/core.c | 4 +- drivers/nvme/host/ioctl.c | 3 +- drivers/nvme/host/nvme.h | 2 +- drivers/nvme/target/passthru.c | 3 +- drivers/of/dynamic.c | 12 ++ drivers/perf/riscv_pmu.c | 4 + drivers/s390/net/qeth_core_main.c | 38 +++++- drivers/scsi/myrb.c | 20 ++-- drivers/scsi/myrs.c | 24 ++-- drivers/scsi/sd.c | 2 +- fs/nfsd/nfs4state.c | 7 +- fs/pipe.c | 17 ++- fs/smb/client/cached_dir.c | 6 +- fs/smb/client/cifs_debug.c | 6 + fs/smb/client/cifsfs.c | 11 ++ fs/smb/client/cifsglob.h | 17 ++- fs/smb/client/connect.c | 2 + fs/smb/client/dir.c | 15 +++ fs/smb/client/file.c | 111 ++++++++++++++--- fs/smb/client/fscache.c | 16 ++- fs/smb/client/fscache.h | 6 + fs/smb/client/inode.c | 2 + fs/smb/client/misc.c | 2 + fs/smb/client/smb1ops.c | 4 +- fs/smb/client/smb2misc.c | 4 + fs/smb/client/smb2ops.c | 11 +- fs/smb/client/smb2pdu.c | 2 +- fs/smb/server/ksmbd_netlink.h | 3 +- fs/smb/server/mgmt/share_config.c | 7 +- fs/smb/server/smb2ops.c | 10 +- fs/smb/server/smb2pdu.c | 3 +- fs/smb/server/transport_ipc.c | 37 ++++++ fs/vboxsf/super.c | 3 +- include/kvm/arm_pmu.h | 2 +- include/linux/device.h | 1 + include/linux/secretmem.h | 4 +- include/linux/skbuff.h | 7 +- include/linux/udp.h | 28 +++++ include/net/bluetooth/hci.h | 9 ++ include/net/inet_connection_sock.h | 1 + include/net/sock.h | 7 ++ kernel/bpf/verifier.c | 5 + mm/memory.c | 4 + net/9p/client.c | 10 +- net/bluetooth/hci_debugfs.c | 64 ++++++---- net/bluetooth/hci_event.c | 25 ++++ net/bluetooth/hci_sync.c | 5 +- net/bridge/netfilter/ebtables.c | 6 + net/core/gro.c | 3 +- net/core/sock_map.c | 6 + net/ipv4/inet_connection_sock.c | 33 ++++-- net/ipv4/inet_fragment.c | 70 +++++++++-- net/ipv4/ip_fragment.c | 2 +- net/ipv4/ip_gre.c | 5 + net/ipv4/netfilter/arp_tables.c | 4 + net/ipv4/netfilter/ip_tables.c | 4 + net/ipv4/tcp.c | 2 + net/ipv4/udp.c | 7 ++ net/ipv4/udp_offload.c | 23 ++-- net/ipv6/ip6_fib.c | 14 +-- net/ipv6/ip6_gre.c | 3 + net/ipv6/netfilter/ip6_tables.c | 4 + net/ipv6/netfilter/nf_conntrack_reasm.c | 2 +- net/ipv6/udp.c | 2 +- net/ipv6/udp_offload.c | 8 +- net/mptcp/protocol.c | 3 - net/mptcp/subflow.c | 2 + net/netfilter/nf_tables_api.c | 13 +- net/nfc/nci/core.c | 5 + net/rds/rdma.c | 2 +- net/sched/act_skbmod.c | 10 +- net/sched/sch_api.c | 2 +- net/tls/tls_sw.c | 7 +- net/vmw_vsock/virtio_transport.c | 3 +- scripts/bpf_doc.py | 4 +- sound/pci/hda/patch_realtek.c | 3 +- sound/soc/codecs/rt5682-sdw.c | 4 +- sound/soc/codecs/rt711-sdca-sdw.c | 4 +- sound/soc/codecs/rt711-sdw.c | 4 +- sound/soc/soc-ops.c | 2 +- tools/testing/selftests/net/mptcp/mptcp_connect.sh | 7 ++ tools/testing/selftests/net/mptcp/mptcp_join.sh | 7 +- tools/testing/selftests/net/reuseaddr_conflict.c | 2 +- tools/testing/selftests/net/udpgro_fwd.sh | 10 +- 167 files changed, 1799 insertions(+), 555 deletions(-)

1 year, 2 months

7
6
0 0

Backport of 67c37756898a ("tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc") to older stable series? (at least 6.1.y)

by Salvatore Bonaccorso

Hi Greg, Sasha, Thadeu, Today there was mentioning of https://www.jmpeax.dev/The-tale-of-a-GSM-Kernel-LPE.html a LPE from the n_gsm module. I do realize, Thadeu mentioned the possible attack surface already back in https://lore.kernel.org/all/ZMuRoDbMcQrsCs3m@quatroqueijos.cascardo.eti.br/… Published exploits are referenced as well through the potential initial finder in https://github.com/YuriiCrimson/ExploitGSM . While 67c37756898a ("tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc") is not the fix itself, it helps mitigating against this issue. Thus can you consider applying this still to the stable series as needed? I think it should go at least back to 5.15.y but if Iunderstood Thadeu correctly then even further back to the still supported stable branches. What do you think? Regards, Salvatore

1 year, 2 months

2
1
0 0

[PATCH 6.8 000/280] 6.8.5-rc3 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.8.5 release. There are 280 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 11 Apr 2024 17:35:00 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.8.5-rc3.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.8.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.8.5-rc3 Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> x86: set SPECTRE_BHI_ON as default Daniel Sneddon <daniel.sneddon(a)linux.intel.com> KVM: x86: Add BHI_NO Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Mitigate KVM by default Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Add BHI mitigation knob Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Enumerate Branch History Injection (BHI) bug Daniel Sneddon <daniel.sneddon(a)linux.intel.com> x86/bhi: Define SPEC_CTRL_BHI_DIS_S Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Add support for clearing branch history at syscall entry Linus Torvalds <torvalds(a)linux-foundation.org> x86/syscall: Don't force use of indirect calls for system calls Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Remap kernel text read-only before dropping NX attribute Ard Biesheuvel <ardb(a)kernel.org> x86/sev: Move early startup code into .head.text section Ard Biesheuvel <ardb(a)kernel.org> x86/sme: Move early SME kernel encryption handling into .head.text Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Move mem_encrypt= parsing to the decompressor Ard Biesheuvel <ardb(a)kernel.org> efi/libstub: Add generic support for parsing mem_encrypt= Andrii Nakryiko <andrii(a)kernel.org> bpf: support deferring bpf_link dealloc to after RCU grace period Andrii Nakryiko <andrii(a)kernel.org> bpf: put uprobe link's path and task in release callback Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "x86/mpparse: Register APIC address only once" Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe: Rework rebinding Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe: Use ring ops TLB invalidation for rebinds Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Enable only one CCS for compute workload Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Do not generate the command streamer for all the CCS Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Disable HW load balancing for CCS Ankit Nautiyal <ankit.k.nautiyal(a)intel.com> drm/i915/dp: Fix the computation for compressed_bpp for DISPLAY < 13 Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/mst: Reject FEC+MST on ICL Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/mst: Limit MST+DSC to TGL+ Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_network_name_deleted() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in is_valid_oplock_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_valid_lease_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_valid_oplock_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_dump_full_key() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_stats_proc_show() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_stats_proc_write() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_debug_files_proc_show() Ritvik Budhiraja <rbudhiraja(a)microsoft.com> smb3: retrying on failed server close Paulo Alcantara <pc(a)manguebit.com> smb: client: serialise cifs_construct_tcon() with cifs_mount_mutex Paulo Alcantara <pc(a)manguebit.com> smb: client: handle DFS tcons in cifs_construct_tcon() Paulo Alcantara <pc(a)manguebit.com> smb: client: refresh referral without acquiring refpath_lock Paulo Alcantara <pc(a)manguebit.com> smb: client: guarantee refcounted children from parent session Paulo Alcantara <pc(a)manguebit.com> smb: client: fix UAF in smb2_reconnect_server() Stefan O'Rear <sorear(a)fastmail.com> riscv: process: Fix kernel gp leakage Samuel Holland <samuel.holland(a)sifive.com> riscv: Fix spurious errors from __get/put_kernel_nofault Sumanth Korikkar <sumanthk(a)linux.ibm.com> s390/entry: align system call table on 8 bytes Edward Liaw <edliaw(a)google.com> selftests/mm: include strings.h for ffsl David Hildenbrand <david(a)redhat.com> mm/secretmem: fix GUP-fast succeeding on secretmem folios Mark Brown <broonie(a)kernel.org> arm64/ptrace: Use saved floating point state type to determine SVE layout Björn Töpel <bjorn(a)rivosinc.com> riscv: Fix vector state restore in rt_sigreturn() Kent Overstreet <kent.overstreet(a)linux.dev> aio: Fix null ptr deref in aio_complete() wakeup Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/ds: Don't clear ->pebs_data_cfg for the last PEBS event Jason A. Donenfeld <Jason(a)zx2c4.com> x86/coco: Require seeding RNG with RDRAND on CoCo systems Borislav Petkov (AMD) <bp(a)alien8.de> x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() David Hildenbrand <david(a)redhat.com> x86/mm/pat: fix VM_PAT handling in COW mappings Sergey Shtylyov <s.shtylyov(a)omp.ru> of: module: prevent NULL pointer dereference in vsnprintf() Herve Codina <herve.codina(a)bootlin.com> of: dynamic: Synchronize of_changeset_destroy() with the devlink removals Herve Codina <herve.codina(a)bootlin.com> driver core: Introduce device_link_wait_removal() Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda: Compensate LLP in case it is not reset Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-pcm: Correct the delay calculation Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: sof-pcm: Add pointer callback to sof_ipc_pcm_ops Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-pcm: Invalidate the stream_start_offset in PAUSED state Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-pcm: Combine the SOF_IPC4_PIPE_PAUSED cases in pcm_trigger Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-pcm: Move struct sof_ipc4_timestamp_info definition locally Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Remove the get_stream_position callback Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-pcm: Use the snd_sof_pcm_get_dai_frame_counter() for pcm_delay Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda-common-ops: Do not set the get_stream_position callback Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: Set the dai/host get frame/byte counter callbacks Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Introduce a new callback pair to be used for PCM delay reporting Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: mtl/lnl: Use the generic get_stream_position callback Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda: Implement get_stream_position (Linear Link Position) Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda-pcm: Use dsp_max_burst_size_in_ms to place constraint Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-topology: Save the DMA maximum burst size for PCMs Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Add dsp_max_burst_size_in_ms member to snd_sof_pcm_stream Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: hold io_buffer_list reference over mmap Jens Axboe <axboe(a)kernel.dk> io_uring: use private workqueue for exit work Jens Axboe <axboe(a)kernel.dk> io_uring/rw: don't allow multishot reads without NOWAIT support Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: protect io_buffer_list teardown with a reference Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: get rid of bl->is_ready Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: get rid of lower BGID lists I Gede Agastya Darma Laksana <gedeagas22(a)gmail.com> ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Luke D. Jones <luke(a)ljones.dev> ALSA: hda/realtek: cs35l41: Support ASUS ROG G634JYR Christian Bendiksen <christian(a)bendiksen.me> ALSA: hda/realtek: Add sound quirks for Lenovo Legion slim 7 16ARHA7 models Christoffer Sandberg <cs(a)tuxedo.de> ALSA: hda/realtek - Fix inactive headset mic jack Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ALSA: hda: Add pplcllpl/u members to hdac_ext_stream Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: do not set SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1 Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: validate payload size in ipc response Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: don't send oplock break if rename fails Kent Gibson <warthog618(a)gmail.com> gpio: cdev: fix missed label sanitizing in debounce_setup() Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: cdev: check for NULL labels when sanitizing them for irqs Gabe Teeger <gabe.teeger(a)amd.com> Revert "drm/amd/display: Send DTBCLK disable message on first commit" Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk Peter Collingbourne <pcc(a)google.com> stackdepot: rename pool_index to pool_index_plus_1 Oscar Salvador <osalvador(a)suse.de> lib/stackdepot: move stack_record struct definition into the header Jeff Layton <jlayton(a)kernel.org> nfsd: hold a lighter-weight client reference over CB_RECALL_ANY Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Disable preemption when using patch_map() Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix warning by declaring arch_cpu_idle() as noinstr Andreas Schwab <schwab(a)suse.de> riscv: use KERN_INFO in do_trap Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Fix a slow server-side memory leak with RPC-over-TCP Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: SOF: amd: fix for false dsp interrupts Arnd Bergmann <arnd(a)arndb.de> ata: sata_mv: Fix PCI device ID table declaration compilation warning Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Limit the reserved VM space to only the platforms that need it Nikita Travkin <nikita(a)trvn.ru> thermal: gov_power_allocator: Allow binding without trip points Nikita Travkin <nikita(a)trvn.ru> thermal: gov_power_allocator: Allow binding without cooling devices Thomas Richter <tmricht(a)linux.ibm.com> s390/pai: fix sampling event removal for PMU device driver Huai-Yuan Liu <qq810974084(a)gmail.com> spi: mchp-pci1xxx: Fix a possible null pointer dereference in pci1xxx_spi_probe David Howells <dhowells(a)redhat.com> cifs: Fix caching to try to do open O_WRONLY as rdwr on server Imre Deak <imre.deak(a)intel.com> drm/i915/dp: Fix DSC state HW readout for SST connectors Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> Revert "ALSA: emu10k1: fix synthesizer sample playback position and caching" Li Nan <linan122(a)huawei.com> scsi: sd: Unregister device if device_add_disk() failed in sd_probe() Arnd Bergmann <arnd(a)arndb.de> scsi: mylex: Fix sysfs buffer lengths Arnd Bergmann <arnd(a)arndb.de> ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit Richard Fitzgerald <rf(a)opensource.cirrus.com> regmap: maple: Fix uninitialized symbol 'ret' warnings Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: amd: acp: fix for acp_init function error handling Jaewon Kim <jaewon02.kim(a)samsung.com> spi: s3c64xx: Use DMA mode from fifo size Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: determine the fifo depth only once Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: allow full FIFO masks Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: define a magic value Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: remove else after return Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: explicitly include <linux/bits.h> Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: sort headers alphabetically Sam Protsenko <semen.protsenko(a)linaro.org> spi: s3c64xx: Extract FIFO depth calculation to a dedicated macro Stephen Lee <slee08177(a)gmail.com> ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt722-sdca-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt712-sdca-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdca: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt5682-sdw: fix locking sequence Rob Clark <robdclark(a)chromium.org> drm/prime: Unbreak virtgpu dma-buf export Dave Airlie <airlied(a)redhat.com> nouveau/uvmm: fix addr/range calcs for remap operations Christian Hewitt <christianshewitt(a)gmail.com> drm/panfrost: fix power transition timeout warnings Simon Trimmer <simont(a)opensource.cirrus.com> ALSA: hda: cs35l56: Add ACPI device match tables Richard Fitzgerald <rf(a)opensource.cirrus.com> regmap: maple: Fix cache corruption in regcache_maple_drop() Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: amd: acp: fix for acp pdm configuration check Victor Isaev <victor(a)torrio.net> RISC-V: Update AT_VECTOR_SIZE_ARCH for new AT_MINSIGSTKSZ Christian Brauner <brauner(a)kernel.org> block: count BLK_OPEN_RESTRICT_WRITES openers Pu Lehui <pulehui(a)huawei.com> drivers/perf: riscv: Disable PERF_SAMPLE_BRANCH_* while not supported Vladimir Isaev <vladimir.isaev(a)syntacore.com> riscv: hwprobe: do not produce frtace relocation Samuel Holland <samuel.holland(a)sifive.com> riscv: mm: Fix prototype to avoid discarding const Charles Keepax <ckeepax(a)opensource.cirrus.com> ASoC: cs42l43: Correct extraction of data pointer in suspend/resume Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: wm_adsp: Fix missing mutex_lock in wm_adsp_write_ctl() Dominique Martinet <asmadeus(a)codewreck.org> 9p: Fix read/write debug statements to report server reply Davide Caratti <dcaratti(a)redhat.com> mptcp: don't account accept() of non-MPC client as fallback to TCP Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: use += operator to append strings Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: connect: fix shellcheck warnings Ashish Kalra <ashish.kalra(a)amd.com> KVM: SVM: Add support for allowing zero SEV ASIDs Sean Christopherson <seanjc(a)google.com> KVM: SVM: Use unsigned integers when dealing with ASIDs Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always update error counters Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always process TX descriptor ring Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> net: ravb: Let IP-specific receive function to interrogate descriptors Guenter Roeck <linux(a)roeck-us.net> mean_and_variance: Drop always failing tests Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: move force SMBUS from enable ulp function to avoid PHY loss issue Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: Minor flow correction in e1000_shutdown function Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Flush GFXOFF requests in prepare stage Ivan Vecera <ivecera(a)redhat.com> i40e: Enforce software interrupt during busy-poll exit Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix vf may be used uninitialized in this function warning Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix i40e_count_filters() to count only active/new filters Aleksandr Mishin <amishin(a)t-argos.ru> octeontx2-af: Add array index check Su Hui <suhui(a)nfschina.com> octeontx2-pf: check negative error code in otx2_open() Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: Fix issue with loading coalesced KPU profiles Antoine Tenart <atenart(a)kernel.org> udp: prevent local UDP tunnel packets from being GROed Antoine Tenart <atenart(a)kernel.org> udp: do not transition UDP GRO fraglist partial checksums to unnecessary Antoine Tenart <atenart(a)kernel.org> udp: do not accept non-tunnel GSO skbs landing in a tunnel Atlas Yu <atlas.yu(a)canonical.com> r8169: skip DASH fw status checks when DASH is disabled David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop interface during shutdown Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Fix infinite recursion in fib6_dump_done(). Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: Workaround for sporadic MDI error on Meteor Lake systems Duoming Zhou <duoming(a)zju.edu.cn> ax25: fix use-after-free bugs caused by ax25_ds_del_timer Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses. Jakub Kicinski <kuba(a)kernel.org> selftests: reuseaddr_conflict: add missing new line at the end of the output Eric Dumazet <edumazet(a)google.com> erspan: make sure erspan_base_hdr is present in skb->head Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Fix bind() regression for v6-only wildcard and v4-mapped-v6 non-wildcard addresses. Ivan Vecera <ivecera(a)redhat.com> i40e: Fix VF MAC filter removal Petr Oros <poros(a)redhat.com> ice: fix enabling RX VLAN filtering Joshua Hay <joshua.a.hay(a)intel.com> idpf: fix kernel panic on unknown packet types Antoine Tenart <atenart(a)kernel.org> gro: fix ownership transfer Antoine Tenart <atenart(a)kernel.org> selftests: net: gro fwd: update vxlan GRO test expectations Michael Krummsdorf <michael.krummsdorf(a)tq-group.com> net: dsa: mv88e6xxx: fix usable ports on 88e6020 Aleksandr Mishin <amishin(a)t-argos.ru> net: phy: micrel: Fix potential null pointer dereference Wei Fang <wei.fang(a)nxp.com> net: fec: Set mac_managed_pm during probe Duanqiang Wen <duanqiangwen(a)net-swift.com> net: txgbe: fix i2c dev name cannot match clkdev Horatiu Vultur <horatiu.vultur(a)microchip.com> net: phy: micrel: lan8814: Fix when enabling/disabling 1-step timestamping Piotr Wejman <piotrwejman90(a)gmail.com> net: stmmac: fix rx queue priority assignment Eric Dumazet <edumazet(a)google.com> net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net: dsa: sja1105: Fix parameters order in sja1110_pcs_mdio_write_c45() Eric Dumazet <edumazet(a)google.com> net/sched: act_skbmod: prevent kernel-infoleak Will Deacon <will(a)kernel.org> KVM: arm64: Ensure target address is granule-aligned for range TLBI Will Deacon <will(a)kernel.org> KVM: arm64: Use TLBI_TTL_UNKNOWN in __kvm_tlb_flush_vmid_range() Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO Paolo Abeni <pabeni(a)redhat.com> mptcp: prevent BPF accessing lowat from a subflow socket. Jakub Sitnicki <jakub(a)cloudflare.com> bpf, sockmap: Prevent lock inversion deadlock in map delete elem Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> vboxsf: Avoid an spurious warning if load_nls_xxx() fails Eric Dumazet <edumazet(a)google.com> netfilter: validate user input for expected length Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: discard table flag update with pending basechain deletion Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: flush pending destroy work before exit_net release Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject new basechain after table flag update Marco Pinna <marco.pinn95(a)gmail.com> vsock/virtio: fix packet delivery to tap device Haiyang Zhang <haiyangz(a)microsoft.com> net: mana: Fix Rx DMA datasize and skb_over_panic Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> net: usb: ax88179_178a: avoid the interface always configured as random address Mahmoud Adam <mngyadam(a)amazon.com> net/rds: fix possible cp null dereference Jesper Dangaard Brouer <hawk(a)kernel.org> xen-netfront: Add missing skb_mark_for_recycle Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: join: fix dev in check_endpoint Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: release batch on table validation from abort path Bastien Nocera <hadess(a)hadess.net> Bluetooth: Fix TOCTOU in HCI debugfs implementation Hui Wang <hui.wang(a)canonical.com> Bluetooth: hci_event: set the conn encrypted before conn establishes Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: add quirk for broken address properties Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix device-address endianness Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken Johan Hovold <johan+linaro(a)kernel.org> Revert "Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT" Uros Bizjak <ubizjak(a)gmail.com> x86/bpf: Fix IP after emitting call depth accounting Sean Christopherson <seanjc(a)google.com> x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word Sandipan Das <sandipan.das(a)amd.com> x86/cpufeatures: Add new word for scattered features Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d Christian Göttsche <cgzones(a)googlemail.com> selinux: avoid dereference of garbage after mount failure Wujie Duan <wjduan(a)linx-info.com> KVM: arm64: Fix out-of-IPA space translation fault handling Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Fix host-programmed guest events in nVHE Anup Patel <apatel(a)ventanamicro.com> RISC-V: KVM: Fix APLIC in_clrip[x] read emulation Anup Patel <apatel(a)ventanamicro.com> RISC-V: KVM: Fix APLIC setipnum_le/be write emulation Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: cdev: sanitize the label before requesting the interrupt Ingo Molnar <mingo(a)kernel.org> Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Peter Xu <peterx(a)redhat.com> mm/treewide: replace pud_large() with pud_leaf() Arnd Bergmann <arnd(a)arndb.de> kbuild: make -Woverride-init warnings more consistent Masahiro Yamada <masahiroy(a)kernel.org> modpost: do not make find_tosym() return NULL Arnd Bergmann <arnd(a)arndb.de> dm integrity: fix out-of-range warning José Roberto de Souza <jose.souza(a)intel.com> drm/i915: Do not print 'pxp init failed with 0' when it succeed Tejas Upadhyay <tejas.upadhyay(a)intel.com> drm/i915/mtl: Update workaround 14018575942 Matt Roper <matthew.d.roper(a)intel.com> drm/i915/xelpg: Extend some workarounds/tuning to gfx version 12.74 Juha-Pekka Heikkila <juhapekka.heikkila(a)gmail.com> drm/i915/display: Disable AuxCCS framebuffers if built for Xe Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Stop doing double audio enable/disable on SDVO and g4x+ DP Florian Westphal <fw(a)strlen.de> inet: inet_defrag: prevent sk release while still in use Hariprasad Kelam <hkelam(a)marvell.com> Octeontx2-af: fix pause frame configuration in GMP mode Raju Lakkaraju <Raju.Lakkaraju(a)microchip.com> net: lan743x: Add set RFE read fifo threshold for PCI1x1x chips Justin Chen <justin.chen(a)broadcom.com> net: bcmasp: Bring up unimac after PHY link up Jason Gunthorpe <jgg(a)ziepe.ca> iommu: Validate the PASID in iommu_attach_device_pasid() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: skip netdev hook unregistration if table is dormant Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject table flag and netdev basechain updates Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject destroy command to remove basechain hooks David Howells <dhowells(a)redhat.com> cifs: Fix duplicate fscache cookie warnings Andrei Matei <andreimatei1(a)gmail.com> bpf: Protect against int overflow for stack access size Taimur Hassan <syed.hassan(a)amd.com> drm/amd/display: Send DTBCLK disable message on first commit Charlene Liu <charlene.liu(a)amd.com> drm/amd/display: Update P010 scaling cap David Thompson <davthompson(a)nvidia.com> mlxbf_gige: call request_irq() after NAPI initialized Sabrina Dubroca <sd(a)queasysnail.net> tls: get psock ref after taking rxlock to avoid leak Sabrina Dubroca <sd(a)queasysnail.net> tls: adjust recv return with async crypto and failed copy to userspace Sabrina Dubroca <sd(a)queasysnail.net> tls: recv: process_rx_list shouldn't use an offset with kvec Jian Shen <shenjian15(a)huawei.com> net: hns3: mark unexcuted loopback test result as UNEXECUTED Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix kernel crash when devlink reload during pf initialization Jie Wang <wangjie125(a)huawei.com> net: hns3: fix index limit to support all queue stats Nikita Kiryushin <kiryushin(a)ancud.ru> ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: Fix debug messaging in gpiod_find_and_request() Ido Schimmel <idosch(a)nvidia.com> selftests: vxlan_mdb: Fix failures with old libnet Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Remove AR30 and AB30 format support Bjørn Mork <bjorn(a)mork.no> net: wwan: t7xx: Split 64bit accesses to fix alignment issues Eric Dumazet <edumazet(a)google.com> tcp: properly terminate timers for kernel sockets Ravi Gunasekaran <r-gunasekaran(a)ti.com> net: hsr: hsr_slave: Fix the promiscuous mode in offload mode Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: handle deferred cc1 Prasad Pandit <pjp(a)fedoraproject.org> dpll: indent DPLL option type by a tab Matthew Auld <matthew.auld(a)intel.com> drm/xe/device: fix XE_MAX_TILES_PER_DEVICE check Matthew Auld <matthew.auld(a)intel.com> drm/xe/device: fix XE_MAX_GT_PER_TILE check Matthew Auld <matthew.auld(a)intel.com> drm/xe/queue: fix engine_class bounds check Matthew Auld <matthew.auld(a)intel.com> drm/xe/guc_submit: use jiffies for job timeout Brian Welty <brian.welty(a)intel.com> drm/xe: Add exec_queue.sched_props.job_timeout_ms Nirmoy Das <nirmoy.das(a)intel.com> drm/xe: Remove unused xe_bo->props struct Kurt Kanzenbach <kurt(a)linutronix.de> igc: Remove stale comment about Tx timestamping Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() Jesse Brandeburg <jesse.brandeburg(a)intel.com> ice: fix memory corruption bug with suspend and rebuild Steven Zou <steven.zou(a)intel.com> ice: Refactor FW data type and fix bitmap casting issue Simon Trimmer <simont(a)opensource.cirrus.com> ALSA: hda: cs35l56: Set the init_done flag before component_add() Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: mvm: include link ID when releasing frames Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: rfi: fix potential response leaks Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: pick the version of SESSION_PROTECTION_NOTIF David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop PHY during open() error paths Jakub Kicinski <kuba(a)kernel.org> tools: ynl: fix setting presence bits in simple nests Jan Kara <jack(a)suse.cz> nfsd: Fix error cleanup path in nfsd_rename() Ryosuke Yasuoka <ryasuoka(a)redhat.com> nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Artem Savkov <asavkov(a)redhat.com> arm64: bpf: fix 32bit unconditional bswap Pavel Sakharov <p.sakharov(a)ispras.ru> dma-buf: Fix NULL pointer dereference in sanitycheck() Puranjay Mohan <puranjay12(a)gmail.com> bpf, arm64: fix bug in BPF_LDX_MEMSX Ilya Leoshkevich <iii(a)linux.ibm.com> s390/bpf: Fix bpf_plt pointer arithmetic Stanislav Fomichev <sdf(a)google.com> xsk: Don't assume metadata is always requested in TX completion Hangbin Liu <liuhangbin(a)gmail.com> scripts/bpf_doc: Use silent mode when exec make cmd ------------- Diffstat: Documentation/admin-guide/hw-vuln/spectre.rst | 48 ++++- Documentation/admin-guide/kernel-parameters.txt | 12 ++ Makefile | 4 +- arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 2 + arch/arm64/kernel/ptrace.c | 5 +- arch/arm64/kvm/hyp/nvhe/tlb.c | 3 +- arch/arm64/kvm/hyp/pgtable.c | 11 +- arch/arm64/kvm/hyp/vhe/tlb.c | 3 +- arch/arm64/kvm/mmu.c | 2 +- arch/arm64/net/bpf_jit_comp.c | 4 +- arch/powerpc/mm/book3s64/pgtable.c | 2 +- arch/riscv/include/asm/uaccess.h | 4 +- arch/riscv/include/uapi/asm/auxvec.h | 2 +- arch/riscv/kernel/patch.c | 8 + arch/riscv/kernel/process.c | 5 +- arch/riscv/kernel/signal.c | 15 +- arch/riscv/kernel/traps.c | 2 +- arch/riscv/kernel/vdso/Makefile | 1 + arch/riscv/kvm/aia_aplic.c | 37 +++- arch/riscv/mm/tlbflush.c | 4 +- arch/s390/boot/vmem.c | 2 +- arch/s390/include/asm/pgtable.h | 4 +- arch/s390/kernel/entry.S | 1 + arch/s390/kernel/perf_pai_crypto.c | 10 +- arch/s390/kernel/perf_pai_ext.c | 10 +- arch/s390/mm/gmap.c | 2 +- arch/s390/mm/hugetlbpage.c | 4 +- arch/s390/mm/pageattr.c | 2 +- arch/s390/mm/pgtable.c | 2 +- arch/s390/mm/vmem.c | 6 +- arch/s390/net/bpf_jit_comp.c | 46 ++--- arch/sparc/mm/init_64.c | 2 +- arch/x86/Kconfig | 25 +++ arch/x86/boot/compressed/Makefile | 2 +- arch/x86/boot/compressed/misc.c | 16 ++ arch/x86/boot/compressed/sev.c | 3 + arch/x86/coco/core.c | 41 +++++ arch/x86/entry/common.c | 10 +- arch/x86/entry/entry_64.S | 61 ++++++ arch/x86/entry/entry_64_compat.S | 16 ++ arch/x86/entry/syscall_32.c | 21 ++- arch/x86/entry/syscall_64.c | 19 +- arch/x86/entry/syscall_x32.c | 10 +- arch/x86/events/intel/ds.c | 8 +- arch/x86/include/asm/boot.h | 1 + arch/x86/include/asm/coco.h | 2 + arch/x86/include/asm/cpufeature.h | 8 +- arch/x86/include/asm/cpufeatures.h | 14 +- arch/x86/include/asm/disabled-features.h | 3 +- arch/x86/include/asm/mem_encrypt.h | 8 +- arch/x86/include/asm/msr-index.h | 9 +- arch/x86/include/asm/nospec-branch.h | 17 ++ arch/x86/include/asm/required-features.h | 3 +- arch/x86/include/asm/sev.h | 10 +- arch/x86/include/asm/syscall.h | 11 +- arch/x86/include/uapi/asm/bootparam.h | 1 + arch/x86/kernel/cpu/bugs.c | 121 ++++++++++-- arch/x86/kernel/cpu/common.c | 24 ++- arch/x86/kernel/cpu/mce/core.c | 4 +- arch/x86/kernel/cpu/scattered.c | 1 + arch/x86/kernel/mpparse.c | 10 +- arch/x86/kernel/setup.c | 2 + arch/x86/kernel/sev-shared.c | 23 +-- arch/x86/kernel/sev.c | 14 +- arch/x86/kvm/mmu/mmu.c | 2 +- arch/x86/kvm/reverse_cpuid.h | 5 +- arch/x86/kvm/svm/sev.c | 45 +++-- arch/x86/kvm/trace.h | 10 +- arch/x86/kvm/vmx/vmenter.S | 2 + arch/x86/kvm/x86.c | 2 +- arch/x86/lib/Makefile | 13 -- arch/x86/lib/retpoline.S | 6 +- arch/x86/mm/fault.c | 4 +- arch/x86/mm/ident_map.c | 23 +-- arch/x86/mm/init_64.c | 4 +- arch/x86/mm/kasan_init_64.c | 2 +- arch/x86/mm/mem_encrypt_identity.c | 76 +++----- arch/x86/mm/pat/memtype.c | 49 +++-- arch/x86/mm/pat/set_memory.c | 6 +- arch/x86/mm/pgtable.c | 2 +- arch/x86/mm/pti.c | 2 +- arch/x86/net/bpf_jit_comp.c | 2 +- arch/x86/power/hibernate.c | 2 +- arch/x86/xen/mmu_pv.c | 4 +- block/bdev.c | 6 +- drivers/acpi/acpica/dbnames.c | 8 +- drivers/ata/sata_mv.c | 63 ++++--- drivers/ata/sata_sx4.c | 6 +- drivers/base/core.c | 26 ++- drivers/base/regmap/regcache-maple.c | 6 +- drivers/bluetooth/btqca.c | 8 +- drivers/bluetooth/hci_qca.c | 19 +- drivers/dma-buf/st-dma-fence-chain.c | 6 +- drivers/dpll/Kconfig | 2 +- drivers/firmware/efi/libstub/efi-stub-helper.c | 8 + drivers/firmware/efi/libstub/efistub.h | 2 +- drivers/firmware/efi/libstub/x86-stub.c | 14 +- drivers/gpio/gpiolib-cdev.c | 58 +++++- drivers/gpio/gpiolib.c | 31 ++-- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 + .../amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 25 ++- drivers/gpu/drm/amd/display/dc/dce110/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dce112/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dce120/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dce60/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dce80/Makefile | 2 +- .../amd/display/dc/resource/dcn35/dcn35_resource.c | 2 +- drivers/gpu/drm/drm_prime.c | 7 +- drivers/gpu/drm/i915/Makefile | 7 +- drivers/gpu/drm/i915/display/g4x_dp.c | 2 - .../gpu/drm/i915/display/intel_display_device.h | 1 + drivers/gpu/drm/i915/display/intel_dp.c | 9 +- drivers/gpu/drm/i915/display/intel_dp_mst.c | 2 +- drivers/gpu/drm/i915/display/intel_sdvo.c | 4 - drivers/gpu/drm/i915/display/skl_universal_plane.c | 3 + drivers/gpu/drm/i915/gt/gen8_engine_cs.c | 4 +- drivers/gpu/drm/i915/gt/gen8_ppgtt.c | 3 + drivers/gpu/drm/i915/gt/intel_engine_cs.c | 17 ++ drivers/gpu/drm/i915/gt/intel_gt.c | 6 + drivers/gpu/drm/i915/gt/intel_gt.h | 9 +- drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c | 39 ++++ drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h | 13 ++ drivers/gpu/drm/i915/gt/intel_gt_regs.h | 6 + drivers/gpu/drm/i915/gt/intel_workarounds.c | 55 ++++-- drivers/gpu/drm/i915/i915_driver.c | 2 +- drivers/gpu/drm/i915/i915_perf.c | 2 +- drivers/gpu/drm/nouveau/nouveau_uvmm.c | 6 +- drivers/gpu/drm/panfrost/panfrost_gpu.c | 6 +- drivers/gpu/drm/rockchip/rockchip_vop2_reg.c | 2 - drivers/gpu/drm/xe/Makefile | 4 +- drivers/gpu/drm/xe/xe_bo.c | 59 +----- drivers/gpu/drm/xe/xe_bo_types.h | 19 -- drivers/gpu/drm/xe/xe_device.h | 4 +- drivers/gpu/drm/xe/xe_exec.c | 31 +--- drivers/gpu/drm/xe/xe_exec_queue.c | 4 +- drivers/gpu/drm/xe/xe_exec_queue_types.h | 7 + drivers/gpu/drm/xe/xe_guc_submit.c | 2 +- drivers/gpu/drm/xe/xe_pt.c | 8 +- drivers/gpu/drm/xe/xe_ring_ops.c | 11 +- drivers/gpu/drm/xe/xe_sched_job.c | 10 + drivers/gpu/drm/xe/xe_sched_job_types.h | 2 + drivers/gpu/drm/xe/xe_vm.c | 27 +-- drivers/gpu/drm/xe/xe_vm.h | 2 +- drivers/gpu/drm/xe/xe_vm_types.h | 8 +- drivers/iommu/iommu.c | 11 +- drivers/md/dm-integrity.c | 2 +- drivers/net/dsa/mv88e6xxx/chip.c | 6 +- drivers/net/dsa/sja1105/sja1105_mdio.c | 2 +- drivers/net/ethernet/broadcom/asp2/bcmasp_intf.c | 28 ++- drivers/net/ethernet/freescale/fec_main.c | 11 +- .../hns3/hns3_common/hclge_comm_tqp_stats.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 19 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 4 + drivers/net/ethernet/intel/e1000e/hw.h | 2 + drivers/net/ethernet/intel/e1000e/ich8lan.c | 38 ++-- drivers/net/ethernet/intel/e1000e/netdev.c | 24 ++- drivers/net/ethernet/intel/e1000e/phy.c | 184 +++++++++++------- drivers/net/ethernet/intel/e1000e/phy.h | 2 + drivers/net/ethernet/intel/i40e/i40e.h | 1 + drivers/net/ethernet/intel/i40e/i40e_main.c | 13 +- drivers/net/ethernet/intel/i40e/i40e_register.h | 3 + drivers/net/ethernet/intel/i40e/i40e_txrx.c | 82 ++++++--- drivers/net/ethernet/intel/i40e/i40e_txrx.h | 1 + drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 45 +++-- drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 3 +- drivers/net/ethernet/intel/ice/ice_lag.c | 4 +- drivers/net/ethernet/intel/ice/ice_lib.c | 18 +- drivers/net/ethernet/intel/ice/ice_switch.c | 24 ++- drivers/net/ethernet/intel/ice/ice_switch.h | 4 +- .../net/ethernet/intel/ice/ice_vf_vsi_vlan_ops.c | 18 +- drivers/net/ethernet/intel/idpf/idpf_txrx.c | 4 +- drivers/net/ethernet/intel/igc/igc_main.c | 4 - drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 16 +- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 + .../net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 2 + .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 2 +- .../net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 2 +- .../ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c | 31 +++- drivers/net/ethernet/microchip/lan743x_main.c | 18 ++ drivers/net/ethernet/microchip/lan743x_main.h | 4 + drivers/net/ethernet/microsoft/mana/mana_en.c | 2 +- drivers/net/ethernet/realtek/r8169_main.c | 40 +++- drivers/net/ethernet/renesas/ravb_main.c | 33 ++-- drivers/net/ethernet/renesas/sh_eth.c | 2 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 +++- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 38 +++- drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c | 8 +- drivers/net/phy/micrel.c | 31 +++- drivers/net/usb/ax88179_178a.c | 2 + drivers/net/wireless/intel/iwlwifi/mvm/rfi.c | 8 +- drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 20 +- .../net/wireless/intel/iwlwifi/mvm/time-event.c | 5 +- drivers/net/wwan/t7xx/t7xx_cldma.c | 4 +- drivers/net/wwan/t7xx/t7xx_hif_cldma.c | 9 +- drivers/net/wwan/t7xx/t7xx_pcie_mac.c | 8 +- drivers/net/xen-netfront.c | 1 + drivers/of/dynamic.c | 12 ++ drivers/of/module.c | 8 + drivers/perf/riscv_pmu.c | 4 + drivers/pinctrl/aspeed/Makefile | 2 +- drivers/s390/net/qeth_core_main.c | 38 +++- drivers/scsi/myrb.c | 20 +- drivers/scsi/myrs.c | 24 +-- drivers/scsi/sd.c | 2 +- drivers/spi/spi-pci1xxxx.c | 2 + drivers/spi/spi-s3c64xx.c | 80 +++++--- drivers/thermal/gov_power_allocator.c | 14 +- fs/aio.c | 2 +- fs/bcachefs/mean_and_variance_test.c | 28 +-- fs/nfsd/nfs4state.c | 7 +- fs/nfsd/vfs.c | 3 +- fs/proc/Makefile | 2 +- fs/smb/client/cached_dir.c | 6 +- fs/smb/client/cifs_debug.c | 6 + fs/smb/client/cifsfs.c | 11 ++ fs/smb/client/cifsglob.h | 19 +- fs/smb/client/cifsproto.h | 20 +- fs/smb/client/connect.c | 157 ++++++++++------ fs/smb/client/dfs.c | 51 +++-- fs/smb/client/dfs.h | 33 ++-- fs/smb/client/dfs_cache.c | 53 +++--- fs/smb/client/dir.c | 15 ++ fs/smb/client/file.c | 111 +++++++++-- fs/smb/client/fs_context.c | 6 +- fs/smb/client/fs_context.h | 12 ++ fs/smb/client/fscache.c | 16 +- fs/smb/client/fscache.h | 6 + fs/smb/client/inode.c | 2 + fs/smb/client/ioctl.c | 6 +- fs/smb/client/misc.c | 8 +- fs/smb/client/smb1ops.c | 4 +- fs/smb/client/smb2misc.c | 4 + fs/smb/client/smb2ops.c | 11 +- fs/smb/client/smb2pdu.c | 2 +- fs/smb/server/ksmbd_netlink.h | 3 +- fs/smb/server/mgmt/share_config.c | 7 +- fs/smb/server/smb2ops.c | 10 +- fs/smb/server/smb2pdu.c | 3 +- fs/smb/server/transport_ipc.c | 37 ++++ fs/vboxsf/super.c | 3 +- include/kvm/arm_pmu.h | 2 +- include/linux/bpf.h | 16 +- include/linux/device.h | 1 + include/linux/io_uring_types.h | 1 - include/linux/secretmem.h | 4 +- include/linux/skbuff.h | 7 +- include/linux/stackdepot.h | 46 +++++ include/linux/udp.h | 28 +++ include/net/bluetooth/hci.h | 9 + include/net/inet_connection_sock.h | 1 + include/net/mana/mana.h | 1 - include/net/sock.h | 7 + include/net/xdp_sock.h | 2 + include/sound/hdaudio_ext.h | 3 + io_uring/io_uring.c | 18 +- io_uring/kbuf.c | 116 ++++-------- io_uring/kbuf.h | 8 +- io_uring/rw.c | 9 +- kernel/bpf/Makefile | 2 +- kernel/bpf/syscall.c | 35 +++- kernel/bpf/verifier.c | 5 + kernel/trace/bpf_trace.c | 10 +- lib/stackdepot.c | 47 +---- mm/Makefile | 3 +- mm/memory.c | 4 + net/9p/client.c | 10 +- net/ax25/ax25_dev.c | 2 +- net/bluetooth/hci_debugfs.c | 64 ++++--- net/bluetooth/hci_event.c | 25 +++ net/bluetooth/hci_sync.c | 5 +- net/bridge/netfilter/ebtables.c | 6 + net/core/gro.c | 3 +- net/core/sock_map.c | 6 + net/hsr/hsr_slave.c | 3 +- net/ipv4/inet_connection_sock.c | 44 ++++- net/ipv4/inet_fragment.c | 70 +++++-- net/ipv4/ip_fragment.c | 2 +- net/ipv4/ip_gre.c | 5 + net/ipv4/netfilter/arp_tables.c | 4 + net/ipv4/netfilter/ip_tables.c | 4 + net/ipv4/tcp.c | 2 + net/ipv4/udp.c | 7 + net/ipv4/udp_offload.c | 23 ++- net/ipv6/ip6_fib.c | 14 +- net/ipv6/ip6_gre.c | 3 + net/ipv6/netfilter/ip6_tables.c | 4 + net/ipv6/netfilter/nf_conntrack_reasm.c | 2 +- net/ipv6/udp.c | 2 +- net/ipv6/udp_offload.c | 8 +- net/mptcp/protocol.c | 2 - net/mptcp/sockopt.c | 4 + net/mptcp/subflow.c | 2 + net/netfilter/nf_tables_api.c | 92 +++++++-- net/nfc/nci/core.c | 5 + net/rds/rdma.c | 2 +- net/sched/act_skbmod.c | 10 +- net/sched/sch_api.c | 2 +- net/sunrpc/svcsock.c | 10 +- net/tls/tls_sw.c | 7 +- net/vmw_vsock/virtio_transport.c | 3 +- scripts/Makefile.extrawarn | 10 +- scripts/bpf_doc.py | 4 +- scripts/mod/modpost.c | 7 +- security/selinux/selinuxfs.c | 12 +- sound/pci/emu10k1/emu10k1_callback.c | 7 +- sound/pci/hda/cs35l41_hda_property.c | 6 + sound/pci/hda/cs35l56_hda.c | 4 +- sound/pci/hda/cs35l56_hda_i2c.c | 13 +- sound/pci/hda/cs35l56_hda_spi.c | 13 +- sound/pci/hda/patch_realtek.c | 7 +- sound/soc/amd/acp/acp-pci.c | 13 +- sound/soc/codecs/cs42l43.c | 12 +- sound/soc/codecs/rt5682-sdw.c | 4 +- sound/soc/codecs/rt711-sdca-sdw.c | 4 +- sound/soc/codecs/rt711-sdw.c | 4 +- sound/soc/codecs/rt712-sdca-sdw.c | 5 +- sound/soc/codecs/rt722-sdca-sdw.c | 4 +- sound/soc/codecs/wm_adsp.c | 3 +- sound/soc/soc-ops.c | 2 +- sound/soc/sof/amd/acp.c | 8 +- sound/soc/sof/intel/hda-common-ops.c | 3 + sound/soc/sof/intel/hda-dai-ops.c | 11 ++ sound/soc/sof/intel/hda-pcm.c | 29 +++ sound/soc/sof/intel/hda-stream.c | 70 +++++++ sound/soc/sof/intel/hda.h | 6 + sound/soc/sof/intel/lnl.c | 2 - sound/soc/sof/intel/mtl.c | 14 -- sound/soc/sof/intel/mtl.h | 10 - sound/soc/sof/ipc4-pcm.c | 193 +++++++++++++++---- sound/soc/sof/ipc4-priv.h | 14 -- sound/soc/sof/ipc4-topology.c | 22 ++- sound/soc/sof/ops.h | 24 ++- sound/soc/sof/pcm.c | 8 + sound/soc/sof/sof-audio.h | 9 +- sound/soc/sof/sof-priv.h | 24 ++- tools/net/ynl/ynl-gen-c.py | 7 +- tools/testing/selftests/mm/vm_util.h | 2 +- tools/testing/selftests/net/mptcp/mptcp_connect.sh | 134 ++++++++------ tools/testing/selftests/net/mptcp/mptcp_join.sh | 34 ++-- tools/testing/selftests/net/reuseaddr_conflict.c | 2 +- tools/testing/selftests/net/test_vxlan_mdb.sh | 205 +++++++++++++-------- tools/testing/selftests/net/udpgro_fwd.sh | 10 +- 342 files changed, 3587 insertions(+), 1739 deletions(-)

1 year, 2 months

8
7
0 0

RE: [EXTERNAL] Patch "smb: client: reuse file lease key in compound operations" has been added to the 6.8-stable tree

by Meetakshi Setiya

Hi This patch is a part of a patch series and I do not think it should be applied without the other patches since this patch when applied individually introduces some regressions. It would be good if we could hold off adding it for a few days as there is one more fix for this series that needs to go to mainline. Thanks Meetakshi -----Original Message----- From: Sasha Levin <sashal(a)kernel.org> Sent: Wednesday, April 10, 2024 9:31 PM To: stable-commits(a)vger.kernel.org; Meetakshi Setiya <msetiya(a)microsoft.com> Cc: Steve French <sfrench(a)samba.org>; Paulo Alcantara (SUSE) <pc(a)manguebit.com>; Ronnie Sahlberg <ronniesahlberg(a)gmail.com>; Shyam Prasad <Shyam.Prasad(a)microsoft.com>; tom <tom(a)talpey.com>; Bharath S M <bharathsm(a)microsoft.com> Subject: [EXTERNAL] Patch "smb: client: reuse file lease key in compound operations" has been added to the 6.8-stable tree This is a note to let you know that I've just added the patch titled smb: client: reuse file lease key in compound operations to the 6.8-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: smb-client-reuse-file-lease-key-in-compound-operatio.patch and it can be found in the queue-6.8 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. commit 023302dc27b26e743a30097b0bbbe7b139ac1b50 Author: Meetakshi Setiya <msetiya(a)microsoft.com> Date: Tue Mar 5 22:43:51 2024 -0500 smb: client: reuse file lease key in compound operations [ Upstream commit 2c7d399e551ccfd87bcae4ef5573097f3313d779 ] Currently, when a rename, unlink or set path size compound operation is requested on a file that has a lot of dirty pages to be written to the server, we do not send the lease key for these requests. As a result, the server can assume that this request is from a new client, and send a lease break notification to the same client, on the same connection. As a response to the lease break, the client can consume several credits to write the dirty pages to the server. Depending on the server's credit grant implementation, the server can stop granting more credits to this connection, and this can cause a deadlock (which can only be resolved when the lease timer on the server expires). One of the problems here is that the client is sending no lease key, even if it has a lease for the file. This patch fixes the problem by reusing the existing lease key on the file for rename, unlink and set path size compound operations so that the client does not break its own lease. A very trivial example could be a set of commands by a client that maintains open handle (for write) to a file and then tries to copy the contents of that file to another one, eg., tail -f /dev/null > myfile & mv myfile myfile2 Presently, the network capture on the client shows that the move (or rename) would trigger a lease break on the same client, for the same file. With the lease key reused, the lease break request-response overhead is eliminated, thereby reducing the roundtrips performed for this set of operations. The patch fixes the bug described above and also provides perf benefit. Signed-off-by: Meetakshi Setiya <msetiya(a)microsoft.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> diff --git a/fs/smb/client/cifsglob.h b/fs/smb/client/cifsglob.h index 844afda090d05..0870a74a53bf1 100644 --- a/fs/smb/client/cifsglob.h +++ b/fs/smb/client/cifsglob.h @@ -374,7 +374,8 @@ struct smb_version_operations { struct cifs_open_info_data *data); /* set size by path */ int (*set_path_size)(const unsigned int, struct cifs_tcon *, - const char *, __u64, struct cifs_sb_info *, bool); + const char *, __u64, struct cifs_sb_info *, bool, + struct dentry *); /* set size by file handle */ int (*set_file_size)(const unsigned int, struct cifs_tcon *, struct cifsFileInfo *, __u64, bool); @@ -404,7 +405,7 @@ struct smb_version_operations { struct cifs_sb_info *); /* unlink file */ int (*unlink)(const unsigned int, struct cifs_tcon *, const char *, - struct cifs_sb_info *); + struct cifs_sb_info *, struct dentry *); /* open, rename and delete file */ int (*rename_pending_delete)(const char *, struct dentry *, const unsigned int); diff --git a/fs/smb/client/cifsproto.h b/fs/smb/client/cifsproto.h index 996ca413dd8bd..e9b38b279a6c5 100644 --- a/fs/smb/client/cifsproto.h +++ b/fs/smb/client/cifsproto.h @@ -404,7 +404,8 @@ extern int CIFSSMBSetFileDisposition(const unsigned int xid, __u32 pid_of_opener); extern int CIFSSMBSetEOF(const unsigned int xid, struct cifs_tcon *tcon, const char *file_name, __u64 size, - struct cifs_sb_info *cifs_sb, bool set_allocation); + struct cifs_sb_info *cifs_sb, bool set_allocation, + struct dentry *dentry); extern int CIFSSMBSetFileSize(const unsigned int xid, struct cifs_tcon *tcon, struct cifsFileInfo *cfile, __u64 size, bool set_allocation); @@ -440,7 +441,8 @@ extern int CIFSPOSIXDelFile(const unsigned int xid, struct cifs_tcon *tcon, const struct nls_table *nls_codepage, int remap_special_chars); extern int CIFSSMBDelFile(const unsigned int xid, struct cifs_tcon *tcon, - const char *name, struct cifs_sb_info *cifs_sb); + const char *name, struct cifs_sb_info *cifs_sb, + struct dentry *dentry); int CIFSSMBRename(const unsigned int xid, struct cifs_tcon *tcon, struct dentry *source_dentry, const char *from_name, const char *to_name, diff --git a/fs/smb/client/cifssmb.c b/fs/smb/client/cifssmb.c index 01e89070df5ab..301189ee1335b 100644 --- a/fs/smb/client/cifssmb.c +++ b/fs/smb/client/cifssmb.c @@ -738,7 +738,7 @@ CIFSPOSIXDelFile(const unsigned int xid, struct cifs_tcon *tcon, int CIFSSMBDelFile(const unsigned int xid, struct cifs_tcon *tcon, const char *name, - struct cifs_sb_info *cifs_sb) + struct cifs_sb_info *cifs_sb, struct dentry *dentry) { DELETE_FILE_REQ *pSMB = NULL; DELETE_FILE_RSP *pSMBr = NULL; @@ -4993,7 +4993,7 @@ CIFSSMBQFSPosixInfo(const unsigned int xid, struct cifs_tcon *tcon, int CIFSSMBSetEOF(const unsigned int xid, struct cifs_tcon *tcon, const char *file_name, __u64 size, struct cifs_sb_info *cifs_sb, - bool set_allocation) + bool set_allocation, struct dentry *dentry) { struct smb_com_transaction2_spi_req *pSMB = NULL; struct smb_com_transaction2_spi_rsp *pSMBr = NULL; diff --git a/fs/smb/client/inode.c b/fs/smb/client/inode.c index 4c3dec384f922..0aba29d2c5a2e 100644 --- a/fs/smb/client/inode.c +++ b/fs/smb/client/inode.c @@ -1849,7 +1849,7 @@ int cifs_unlink(struct inode *dir, struct dentry *dentry) goto psx_del_no_retry; } - rc = server->ops->unlink(xid, tcon, full_path, cifs_sb); + rc = server->ops->unlink(xid, tcon, full_path, cifs_sb, dentry); psx_del_no_retry: if (!rc) { @@ -2800,7 +2800,7 @@ void cifs_setsize(struct inode *inode, loff_t offset) static int cifs_set_file_size(struct inode *inode, struct iattr *attrs, - unsigned int xid, const char *full_path) + unsigned int xid, const char *full_path, struct dentry *dentry) { int rc; struct cifsFileInfo *open_file; @@ -2851,7 +2851,7 @@ cifs_set_file_size(struct inode *inode, struct iattr *attrs, */ if (server->ops->set_path_size) rc = server->ops->set_path_size(xid, tcon, full_path, - attrs->ia_size, cifs_sb, false); + attrs->ia_size, cifs_sb, false, dentry); else rc = -ENOSYS; cifs_dbg(FYI, "SetEOF by path (setattrs) rc = %d\n", rc); @@ -2941,7 +2941,7 @@ cifs_setattr_unix(struct dentry *direntry, struct iattr *attrs) rc = 0; if (attrs->ia_valid & ATTR_SIZE) { - rc = cifs_set_file_size(inode, attrs, xid, full_path); + rc = cifs_set_file_size(inode, attrs, xid, full_path, direntry); if (rc != 0) goto out; } @@ -3108,7 +3108,7 @@ cifs_setattr_nounix(struct dentry *direntry, struct iattr *attrs) } if (attrs->ia_valid & ATTR_SIZE) { - rc = cifs_set_file_size(inode, attrs, xid, full_path); + rc = cifs_set_file_size(inode, attrs, xid, full_path, direntry); if (rc != 0) goto cifs_setattr_exit; } diff --git a/fs/smb/client/smb2inode.c b/fs/smb/client/smb2inode.c index 05818cd6d932e..69f3442c5b963 100644 --- a/fs/smb/client/smb2inode.c +++ b/fs/smb/client/smb2inode.c @@ -98,7 +98,7 @@ static int smb2_compound_op(const unsigned int xid, struct cifs_tcon *tcon, __u32 desired_access, __u32 create_disposition, __u32 create_options, umode_t mode, struct kvec *in_iov, int *cmds, int num_cmds, struct cifsFileInfo *cfile, - struct kvec *out_iov, int *out_buftype) + struct kvec *out_iov, int *out_buftype, struct dentry *dentry) { struct reparse_data_buffer *rbuf; @@ -115,6 +115,7 @@ static int smb2_compound_op(const unsigned int xid, struct cifs_tcon *tcon, int resp_buftype[MAX_COMPOUND]; struct smb2_query_info_rsp *qi_rsp = NULL; struct cifs_open_info_data *idata; + struct inode *inode = NULL; int flags = 0; __u8 delete_pending[8] = {1, 0, 0, 0, 0, 0, 0, 0}; unsigned int size[2]; @@ -152,6 +153,15 @@ static int smb2_compound_op(const unsigned int xid, struct cifs_tcon *tcon, goto finished; } + /* if there is an existing lease, reuse it */ + if (dentry) { + inode = d_inode(dentry); + if (CIFS_I(inode)->lease_granted && server->ops->get_lease_key) { + oplock = SMB2_OPLOCK_LEVEL_LEASE; + server->ops->get_lease_key(inode, &fid); + } + } + vars->oparms = (struct cifs_open_parms) { .tcon = tcon, .path = full_path, @@ -747,7 +757,7 @@ int smb2_query_path_info(const unsigned int xid, rc = smb2_compound_op(xid, tcon, cifs_sb, full_path, FILE_READ_ATTRIBUTES, FILE_OPEN, create_options, ACL_NO_MODE, in_iov, - cmds, 1, cfile, out_iov, out_buftype); + cmds, 1, cfile, out_iov, out_buftype, NULL); hdr = out_iov[0].iov_base; /* * If first iov is unset, then SMB session was dropped or we've got a @@ -779,7 +789,7 @@ int smb2_query_path_info(const unsigned int xid, rc = smb2_compound_op(xid, tcon, cifs_sb, full_path, FILE_READ_ATTRIBUTES, FILE_OPEN, create_options, ACL_NO_MODE, in_iov, - cmds, num_cmds, cfile, NULL, NULL); + cmds, num_cmds, cfile, NULL, NULL, NULL); break; case -EREMOTE: break; @@ -811,7 +821,7 @@ smb2_mkdir(const unsigned int xid, struct inode *parent_inode, umode_t mode, FILE_WRITE_ATTRIBUTES, FILE_CREATE, CREATE_NOT_FILE, mode, NULL, &(int){SMB2_OP_MKDIR}, 1, - NULL, NULL, NULL); + NULL, NULL, NULL, NULL); } void @@ -836,7 +846,7 @@ smb2_mkdir_setinfo(struct inode *inode, const char *name, FILE_WRITE_ATTRIBUTES, FILE_CREATE, CREATE_NOT_FILE, ACL_NO_MODE, &in_iov, &(int){SMB2_OP_SET_INFO}, 1, - cfile, NULL, NULL); + cfile, NULL, NULL, NULL); if (tmprc == 0) cifs_i->cifsAttrs = dosattrs; } @@ -850,25 +860,26 @@ smb2_rmdir(const unsigned int xid, struct cifs_tcon *tcon, const char *name, DELETE, FILE_OPEN, CREATE_NOT_FILE, ACL_NO_MODE, NULL, &(int){SMB2_OP_RMDIR}, 1, - NULL, NULL, NULL); + NULL, NULL, NULL, NULL); } int smb2_unlink(const unsigned int xid, struct cifs_tcon *tcon, const char *name, - struct cifs_sb_info *cifs_sb) + struct cifs_sb_info *cifs_sb, struct dentry *dentry) { return smb2_compound_op(xid, tcon, cifs_sb, name, DELETE, FILE_OPEN, CREATE_DELETE_ON_CLOSE | OPEN_REPARSE_POINT, ACL_NO_MODE, NULL, &(int){SMB2_OP_DELETE}, 1, - NULL, NULL, NULL); + NULL, NULL, NULL, dentry); } static int smb2_set_path_attr(const unsigned int xid, struct cifs_tcon *tcon, const char *from_name, const char *to_name, struct cifs_sb_info *cifs_sb, __u32 create_options, __u32 access, - int command, struct cifsFileInfo *cfile) + int command, struct cifsFileInfo *cfile, + struct dentry *dentry) { struct kvec in_iov; __le16 *smb2_to_name = NULL; @@ -883,7 +894,7 @@ static int smb2_set_path_attr(const unsigned int xid, struct cifs_tcon *tcon, in_iov.iov_len = 2 * UniStrnlen((wchar_t *)smb2_to_name, PATH_MAX); rc = smb2_compound_op(xid, tcon, cifs_sb, from_name, access, FILE_OPEN, create_options, ACL_NO_MODE, - &in_iov, &command, 1, cfile, NULL, NULL); + &in_iov, &command, 1, cfile, NULL, NULL, dentry); smb2_rename_path: kfree(smb2_to_name); return rc; @@ -902,7 +913,7 @@ int smb2_rename_path(const unsigned int xid, cifs_get_writable_path(tcon, from_name, FIND_WR_WITH_DELETE, &cfile); return smb2_set_path_attr(xid, tcon, from_name, to_name, cifs_sb, - co, DELETE, SMB2_OP_RENAME, cfile); + co, DELETE, SMB2_OP_RENAME, cfile, source_dentry); } int smb2_create_hardlink(const unsigned int xid, @@ -915,13 +926,14 @@ int smb2_create_hardlink(const unsigned int xid, return smb2_set_path_attr(xid, tcon, from_name, to_name, cifs_sb, co, FILE_READ_ATTRIBUTES, - SMB2_OP_HARDLINK, NULL); + SMB2_OP_HARDLINK, NULL, NULL); } int smb2_set_path_size(const unsigned int xid, struct cifs_tcon *tcon, const char *full_path, __u64 size, - struct cifs_sb_info *cifs_sb, bool set_alloc) + struct cifs_sb_info *cifs_sb, bool set_alloc, + struct dentry *dentry) { struct cifsFileInfo *cfile; struct kvec in_iov; @@ -934,7 +946,7 @@ smb2_set_path_size(const unsigned int xid, struct cifs_tcon *tcon, FILE_WRITE_DATA, FILE_OPEN, 0, ACL_NO_MODE, &in_iov, &(int){SMB2_OP_SET_EOF}, 1, - cfile, NULL, NULL); + cfile, NULL, NULL, dentry); } int @@ -963,7 +975,7 @@ smb2_set_file_info(struct inode *inode, const char *full_path, FILE_WRITE_ATTRIBUTES, FILE_OPEN, 0, ACL_NO_MODE, &in_iov, &(int){SMB2_OP_SET_INFO}, 1, - cfile, NULL, NULL); + cfile, NULL, NULL, NULL); cifs_put_tlink(tlink); return rc; } @@ -998,7 +1010,7 @@ struct inode *smb2_get_reparse_inode(struct cifs_open_info_data *data, cifs_get_writable_path(tcon, full_path, FIND_WR_ANY, &cfile); rc = smb2_compound_op(xid, tcon, cifs_sb, full_path, da, cd, co, ACL_NO_MODE, in_iov, - cmds, 2, cfile, NULL, NULL); + cmds, 2, cfile, NULL, NULL, NULL); if (!rc) { rc = smb311_posix_get_inode_info(&new, full_path, data, sb, xid); @@ -1008,7 +1020,7 @@ struct inode *smb2_get_reparse_inode(struct cifs_open_info_data *data, cifs_get_writable_path(tcon, full_path, FIND_WR_ANY, &cfile); rc = smb2_compound_op(xid, tcon, cifs_sb, full_path, da, cd, co, ACL_NO_MODE, in_iov, - cmds, 2, cfile, NULL, NULL); + cmds, 2, cfile, NULL, NULL, NULL); if (!rc) { rc = cifs_get_inode_info(&new, full_path, data, sb, xid, NULL); @@ -1036,7 +1048,7 @@ int smb2_query_reparse_point(const unsigned int xid, FILE_READ_ATTRIBUTES, FILE_OPEN, OPEN_REPARSE_POINT, ACL_NO_MODE, &in_iov, &(int){SMB2_OP_GET_REPARSE}, 1, - cfile, NULL, NULL); + cfile, NULL, NULL, NULL); if (rc) goto out; diff --git a/fs/smb/client/smb2proto.h b/fs/smb/client/smb2proto.h index b3069911e9dd8..221143788a1c0 100644 --- a/fs/smb/client/smb2proto.h +++ b/fs/smb/client/smb2proto.h @@ -75,7 +75,8 @@ int smb2_query_path_info(const unsigned int xid, struct cifs_open_info_data *data); extern int smb2_set_path_size(const unsigned int xid, struct cifs_tcon *tcon, const char *full_path, __u64 size, - struct cifs_sb_info *cifs_sb, bool set_alloc); + struct cifs_sb_info *cifs_sb, bool set_alloc, + struct dentry *dentry); extern int smb2_set_file_info(struct inode *inode, const char *full_path, FILE_BASIC_INFO *buf, const unsigned int xid); extern int smb311_posix_mkdir(const unsigned int xid, struct inode *inode, @@ -91,7 +92,8 @@ extern void smb2_mkdir_setinfo(struct inode *inode, const char *full_path, extern int smb2_rmdir(const unsigned int xid, struct cifs_tcon *tcon, const char *name, struct cifs_sb_info *cifs_sb); extern int smb2_unlink(const unsigned int xid, struct cifs_tcon *tcon, - const char *name, struct cifs_sb_info *cifs_sb); + const char *name, struct cifs_sb_info *cifs_sb, + struct dentry *dentry); int smb2_rename_path(const unsigned int xid, struct cifs_tcon *tcon, struct dentry *source_dentry,

1 year, 2 months

1
0
0 0

[PATCH 6.6 000/255] 6.6.26-rc3 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.26 release. There are 255 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 11 Apr 2024 17:35:00 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.26-rc3… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.26-rc3 Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> x86: set SPECTRE_BHI_ON as default Daniel Sneddon <daniel.sneddon(a)linux.intel.com> KVM: x86: Add BHI_NO Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Mitigate KVM by default Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Add BHI mitigation knob Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Enumerate Branch History Injection (BHI) bug Daniel Sneddon <daniel.sneddon(a)linux.intel.com> x86/bhi: Define SPEC_CTRL_BHI_DIS_S Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Add support for clearing branch history at syscall entry Linus Torvalds <torvalds(a)linux-foundation.org> x86/syscall: Don't force use of indirect calls for system calls Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Move mem_encrypt= parsing to the decompressor Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Remap kernel text read-only before dropping NX attribute Ard Biesheuvel <ardb(a)kernel.org> x86/sev: Move early startup code into .head.text section Ard Biesheuvel <ardb(a)kernel.org> x86/sme: Move early SME kernel encryption handling into .head.text Ard Biesheuvel <ardb(a)kernel.org> efi/libstub: Add generic support for parsing mem_encrypt= Hou Wenlong <houwenlong.hwl(a)antgroup.com> x86/head/64: Move the __head definition to <asm/init.h> Andrii Nakryiko <andrii(a)kernel.org> bpf: support deferring bpf_link dealloc to after RCU grace period Andrii Nakryiko <andrii(a)kernel.org> bpf: put uprobe link's path and task in release callback Davide Caratti <dcaratti(a)redhat.com> mptcp: don't account accept() of non-MPC client as fallback to TCP Davide Caratti <dcaratti(a)redhat.com> mptcp: don't overwrite sock_ops in mptcp_is_tcpsk() Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: connect: fix shellcheck warnings Sergey Shtylyov <s.shtylyov(a)omp.ru> of: module: prevent NULL pointer dereference in vsnprintf() Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "x86/mpparse: Register APIC address only once" Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Enable only one CCS for compute workload Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Do not generate the command streamer for all the CCS Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Disable HW load balancing for CCS Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_network_name_deleted() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in is_valid_oplock_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_valid_lease_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_valid_oplock_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_dump_full_key() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_stats_proc_show() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_stats_proc_write() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_debug_files_proc_show() Ritvik Budhiraja <rbudhiraja(a)microsoft.com> smb3: retrying on failed server close Paulo Alcantara <pc(a)manguebit.com> smb: client: serialise cifs_construct_tcon() with cifs_mount_mutex Paulo Alcantara <pc(a)manguebit.com> smb: client: handle DFS tcons in cifs_construct_tcon() Stefan O'Rear <sorear(a)fastmail.com> riscv: process: Fix kernel gp leakage Samuel Holland <samuel.holland(a)sifive.com> riscv: Fix spurious errors from __get/put_kernel_nofault Sumanth Korikkar <sumanthk(a)linux.ibm.com> s390/entry: align system call table on 8 bytes Edward Liaw <edliaw(a)google.com> selftests/mm: include strings.h for ffsl David Hildenbrand <david(a)redhat.com> mm/secretmem: fix GUP-fast succeeding on secretmem folios Mark Brown <broonie(a)kernel.org> arm64/ptrace: Use saved floating point state type to determine SVE layout Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/ds: Don't clear ->pebs_data_cfg for the last PEBS event Jason A. Donenfeld <Jason(a)zx2c4.com> x86/coco: Require seeding RNG with RDRAND on CoCo systems Borislav Petkov (AMD) <bp(a)alien8.de> x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() David Hildenbrand <david(a)redhat.com> x86/mm/pat: fix VM_PAT handling in COW mappings Herve Codina <herve.codina(a)bootlin.com> of: dynamic: Synchronize of_changeset_destroy() with the devlink removals Herve Codina <herve.codina(a)bootlin.com> driver core: Introduce device_link_wait_removal() Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: hold io_buffer_list reference over mmap Jens Axboe <axboe(a)kernel.dk> io_uring: use private workqueue for exit work Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: protect io_buffer_list teardown with a reference Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: get rid of bl->is_ready Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: get rid of lower BGID lists I Gede Agastya Darma Laksana <gedeagas22(a)gmail.com> ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Christoffer Sandberg <cs(a)tuxedo.de> ALSA: hda/realtek - Fix inactive headset mic jack Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: do not set SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1 Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: validate payload size in ipc response Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: don't send oplock break if rename fails Kent Gibson <warthog618(a)gmail.com> gpio: cdev: fix missed label sanitizing in debounce_setup() Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: cdev: check for NULL labels when sanitizing them for irqs Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk Jesse Brandeburg <jesse.brandeburg(a)intel.com> ice: fix typo in assignment Jeff Layton <jlayton(a)kernel.org> nfsd: hold a lighter-weight client reference over CB_RECALL_ANY Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Disable preemption when using patch_map() Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Fix a slow server-side memory leak with RPC-over-TCP Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: SOF: amd: fix for false dsp interrupts Arnd Bergmann <arnd(a)arndb.de> ata: sata_mv: Fix PCI device ID table declaration compilation warning Huai-Yuan Liu <qq810974084(a)gmail.com> spi: mchp-pci1xxx: Fix a possible null pointer dereference in pci1xxx_spi_probe David Howells <dhowells(a)redhat.com> cifs: Fix caching to try to do open O_WRONLY as rdwr on server Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> Revert "ALSA: emu10k1: fix synthesizer sample playback position and caching" Li Nan <linan122(a)huawei.com> scsi: sd: Unregister device if device_add_disk() failed in sd_probe() Arnd Bergmann <arnd(a)arndb.de> scsi: mylex: Fix sysfs buffer lengths Arnd Bergmann <arnd(a)arndb.de> ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit Richard Fitzgerald <rf(a)opensource.cirrus.com> regmap: maple: Fix uninitialized symbol 'ret' warnings Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: amd: acp: fix for acp_init function error handling Jaewon Kim <jaewon02.kim(a)samsung.com> spi: s3c64xx: Use DMA mode from fifo size Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: determine the fifo depth only once Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: allow full FIFO masks Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: define a magic value Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: remove else after return Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: explicitly include <linux/bits.h> Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: sort headers alphabetically Sam Protsenko <semen.protsenko(a)linaro.org> spi: s3c64xx: Extract FIFO depth calculation to a dedicated macro Stephen Lee <slee08177(a)gmail.com> ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt722-sdca-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt712-sdca-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdca: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt5682-sdw: fix locking sequence Rob Clark <robdclark(a)chromium.org> drm/prime: Unbreak virtgpu dma-buf export Dave Airlie <airlied(a)redhat.com> nouveau/uvmm: fix addr/range calcs for remap operations Christian Hewitt <christianshewitt(a)gmail.com> drm/panfrost: fix power transition timeout warnings Simon Trimmer <simont(a)opensource.cirrus.com> ALSA: hda: cs35l56: Add ACPI device match tables Richard Fitzgerald <rf(a)opensource.cirrus.com> regmap: maple: Fix cache corruption in regcache_maple_drop() Victor Isaev <victor(a)torrio.net> RISC-V: Update AT_VECTOR_SIZE_ARCH for new AT_MINSIGSTKSZ Pu Lehui <pulehui(a)huawei.com> drivers/perf: riscv: Disable PERF_SAMPLE_BRANCH_* while not supported Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: wm_adsp: Fix missing mutex_lock in wm_adsp_write_ctl() Dominique Martinet <asmadeus(a)codewreck.org> 9p: Fix read/write debug statements to report server reply Jann Horn <jannh(a)google.com> fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() Ashish Kalra <ashish.kalra(a)amd.com> KVM: SVM: Add support for allowing zero SEV ASIDs Sean Christopherson <seanjc(a)google.com> KVM: SVM: Use unsigned integers when dealing with ASIDs Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always update error counters Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always process TX descriptor ring Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> net: ravb: Let IP-specific receive function to interrogate descriptors Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: move force SMBUS from enable ulp function to avoid PHY loss issue Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: Minor flow correction in e1000_shutdown function Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: Workaround for sporadic MDI error on Meteor Lake systems Jesse Brandeburg <jesse.brandeburg(a)intel.com> intel: legacy: field get conversion Jesse Brandeburg <jesse.brandeburg(a)intel.com> intel: add bit macro includes where needed Ivan Vecera <ivecera(a)redhat.com> i40e: Remove circular header dependencies and fix headers Ivan Vecera <ivecera(a)redhat.com> i40e: Split i40e_osdep.h Ivan Vecera <ivecera(a)redhat.com> i40e: Move memory allocation structures to i40e_alloc.h Ivan Vecera <ivecera(a)redhat.com> i40e: Simplify memory allocation functions Ivan Vecera <ivecera(a)redhat.com> virtchnl: Add header dependencies Ivan Vecera <ivecera(a)redhat.com> i40e: Refactor I40E_MDIO_CLAUSE* macros Ivan Vecera <ivecera(a)redhat.com> i40e: Remove back pointer from i40e_hw structure Ivan Vecera <ivecera(a)redhat.com> i40e: Enforce software interrupt during busy-poll exit Ivan Vecera <ivecera(a)redhat.com> i40e: Remove _t suffix from enum type names Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Flush GFXOFF requests in prepare stage Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Add concept of running prepare_suspend() sequence for IP blocks Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Evict resources during PM ops prepare() callback Chris Park <chris.park(a)amd.com> drm/amd/display: Prevent crash when disable stream Dmytro Laktyushkin <dmytro.laktyushkin(a)amd.com> drm/amd/display: Fix DPSTREAM CLK on and off sequence Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: typec: ucsi: Fix race between typec_switch and role_switch Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix vf may be used uninitialized in this function warning Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix i40e_count_filters() to count only active/new filters Aleksandr Mishin <amishin(a)t-argos.ru> octeontx2-af: Add array index check Su Hui <suhui(a)nfschina.com> octeontx2-pf: check negative error code in otx2_open() Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: Fix issue with loading coalesced KPU profiles Antoine Tenart <atenart(a)kernel.org> udp: prevent local UDP tunnel packets from being GROed Antoine Tenart <atenart(a)kernel.org> udp: do not transition UDP GRO fraglist partial checksums to unnecessary Antoine Tenart <atenart(a)kernel.org> udp: do not accept non-tunnel GSO skbs landing in a tunnel Atlas Yu <atlas.yu(a)canonical.com> r8169: skip DASH fw status checks when DASH is disabled David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop interface during shutdown Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Fix infinite recursion in fib6_dump_done(). Duoming Zhou <duoming(a)zju.edu.cn> ax25: fix use-after-free bugs caused by ax25_ds_del_timer Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses. Jakub Kicinski <kuba(a)kernel.org> selftests: reuseaddr_conflict: add missing new line at the end of the output Eric Dumazet <edumazet(a)google.com> erspan: make sure erspan_base_hdr is present in skb->head Ivan Vecera <ivecera(a)redhat.com> i40e: Fix VF MAC filter removal Petr Oros <poros(a)redhat.com> ice: fix enabling RX VLAN filtering Antoine Tenart <atenart(a)kernel.org> gro: fix ownership transfer Antoine Tenart <atenart(a)kernel.org> selftests: net: gro fwd: update vxlan GRO test expectations Michael Krummsdorf <michael.krummsdorf(a)tq-group.com> net: dsa: mv88e6xxx: fix usable ports on 88e6020 Aleksandr Mishin <amishin(a)t-argos.ru> net: phy: micrel: Fix potential null pointer dereference Wei Fang <wei.fang(a)nxp.com> net: fec: Set mac_managed_pm during probe Duanqiang Wen <duanqiangwen(a)net-swift.com> net: txgbe: fix i2c dev name cannot match clkdev Horatiu Vultur <horatiu.vultur(a)microchip.com> net: phy: micrel: lan8814: Fix when enabling/disabling 1-step timestamping Piotr Wejman <piotrwejman90(a)gmail.com> net: stmmac: fix rx queue priority assignment Eric Dumazet <edumazet(a)google.com> net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net: dsa: sja1105: Fix parameters order in sja1110_pcs_mdio_write_c45() Eric Dumazet <edumazet(a)google.com> net/sched: act_skbmod: prevent kernel-infoleak Will Deacon <will(a)kernel.org> KVM: arm64: Ensure target address is granule-aligned for range TLBI Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO Jakub Sitnicki <jakub(a)cloudflare.com> bpf, sockmap: Prevent lock inversion deadlock in map delete elem Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> vboxsf: Avoid an spurious warning if load_nls_xxx() fails Eric Dumazet <edumazet(a)google.com> netfilter: validate user input for expected length Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: discard table flag update with pending basechain deletion Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: flush pending destroy work before exit_net release Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject new basechain after table flag update Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Fix the SRSO mitigation on Zen3/4 Josh Poimboeuf <jpoimboe(a)kernel.org> x86/nospec: Refactor UNTRAIN_RET[_*] Josh Poimboeuf <jpoimboe(a)kernel.org> x86/srso: Disentangle rethunk-dependent options Josh Poimboeuf <jpoimboe(a)kernel.org> x86/srso: Improve i-cache locality for alias mitigation Marco Pinna <marco.pinn95(a)gmail.com> vsock/virtio: fix packet delivery to tap device Haiyang Zhang <haiyangz(a)microsoft.com> net: mana: Fix Rx DMA datasize and skb_over_panic Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> net: usb: ax88179_178a: avoid the interface always configured as random address Mahmoud Adam <mngyadam(a)amazon.com> net/rds: fix possible cp null dereference Jesper Dangaard Brouer <hawk(a)kernel.org> xen-netfront: Add missing skb_mark_for_recycle Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: join: fix dev in check_endpoint Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: release batch on table validation from abort path Bastien Nocera <hadess(a)hadess.net> Bluetooth: Fix TOCTOU in HCI debugfs implementation Hui Wang <hui.wang(a)canonical.com> Bluetooth: hci_event: set the conn encrypted before conn establishes Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: add quirk for broken address properties Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix device-address endianness Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken Johan Hovold <johan+linaro(a)kernel.org> Revert "Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT" Uros Bizjak <ubizjak(a)gmail.com> x86/bpf: Fix IP after emitting call depth accounting Sean Christopherson <seanjc(a)google.com> x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d Christian Göttsche <cgzones(a)googlemail.com> selinux: avoid dereference of garbage after mount failure Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Fix host-programmed guest events in nVHE Anup Patel <apatel(a)ventanamicro.com> RISC-V: KVM: Fix APLIC in_clrip[x] read emulation Anup Patel <apatel(a)ventanamicro.com> RISC-V: KVM: Fix APLIC setipnum_le/be write emulation Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: cdev: sanitize the label before requesting the interrupt Masahiro Yamada <masahiroy(a)kernel.org> modpost: do not make find_tosym() return NULL Jack Brennen <jbrennen(a)google.com> modpost: Optimize symbol search from linear to binary search Sandipan Das <sandipan.das(a)amd.com> perf/x86/amd/lbr: Use freeze based on availability Sandipan Das <sandipan.das(a)amd.com> x86/cpufeatures: Add new word for scattered features Sandipan Das <sandipan.das(a)amd.com> perf/x86/amd/core: Update and fix stalled-cycles-* events for Zen 2 and later Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Add X86_FEATURE_ZEN1 Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Get rid of amd_erratum_1054[] Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Move the DIV0 bug detection to the Zen1 init function Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Move Zenbleed check to the Zen2 init function Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Move erratum 1076 fix into the Zen1 init function Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Carve out the erratum 1386 fix Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Add ZenX generations flags Filipe Manana <fdmanana(a)suse.com> btrfs: fix race when detecting delalloc ranges during fiemap Filipe Manana <fdmanana(a)suse.com> btrfs: ensure fiemap doesn't race with writes when FIEMAP_FLAG_SYNC is given Ingo Molnar <mingo(a)kernel.org> Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Peter Xu <peterx(a)redhat.com> mm/treewide: replace pud_large() with pud_leaf() Arnd Bergmann <arnd(a)arndb.de> dm integrity: fix out-of-range warning Tejas Upadhyay <tejas.upadhyay(a)intel.com> drm/i915/mtl: Update workaround 14018575942 Matt Roper <matthew.d.roper(a)intel.com> drm/i915/xelpg: Extend some workarounds/tuning to gfx version 12.74 Tejas Upadhyay <tejas.upadhyay(a)intel.com> drm/i915/mtl: Update workaround 14016712196 Matt Roper <matthew.d.roper(a)intel.com> drm/i915: Replace several IS_METEORLAKE with proper IP version checks Matt Roper <matthew.d.roper(a)intel.com> drm/i915: Eliminate IS_MTL_GRAPHICS_STEP Matt Roper <matthew.d.roper(a)intel.com> drm/i915/xelpg: Call Xe_LPG workaround functions based on IP version Matt Roper <matthew.d.roper(a)intel.com> drm/i915: Consolidate condition for Wa_22011802037 Matt Roper <matthew.d.roper(a)intel.com> drm/i915: Tidy workaround definitions Matt Roper <matthew.d.roper(a)intel.com> drm/i915/dg2: Drop pre-production GT workarounds Florian Westphal <fw(a)strlen.de> inet: inet_defrag: prevent sk release while still in use Hariprasad Kelam <hkelam(a)marvell.com> Octeontx2-af: fix pause frame configuration in GMP mode Raju Lakkaraju <Raju.Lakkaraju(a)microchip.com> net: lan743x: Add set RFE read fifo threshold for PCI1x1x chips Justin Chen <justin.chen(a)broadcom.com> net: bcmasp: Bring up unimac after PHY link up Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: skip netdev hook unregistration if table is dormant Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject table flag and netdev basechain updates Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject destroy command to remove basechain hooks David Howells <dhowells(a)redhat.com> cifs: Fix duplicate fscache cookie warnings Andrei Matei <andreimatei1(a)gmail.com> bpf: Protect against int overflow for stack access size David Thompson <davthompson(a)nvidia.com> mlxbf_gige: call request_irq() after NAPI initialized Sabrina Dubroca <sd(a)queasysnail.net> tls: get psock ref after taking rxlock to avoid leak Sabrina Dubroca <sd(a)queasysnail.net> tls: adjust recv return with async crypto and failed copy to userspace Sabrina Dubroca <sd(a)queasysnail.net> tls: recv: process_rx_list shouldn't use an offset with kvec Jian Shen <shenjian15(a)huawei.com> net: hns3: mark unexcuted loopback test result as UNEXECUTED Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix kernel crash when devlink reload during pf initialization Jie Wang <wangjie125(a)huawei.com> net: hns3: fix index limit to support all queue stats Nikita Kiryushin <kiryushin(a)ancud.ru> ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() Ido Schimmel <idosch(a)nvidia.com> selftests: vxlan_mdb: Fix failures with old libnet Bjørn Mork <bjorn(a)mork.no> net: wwan: t7xx: Split 64bit accesses to fix alignment issues Eric Dumazet <edumazet(a)google.com> tcp: properly terminate timers for kernel sockets Ravi Gunasekaran <r-gunasekaran(a)ti.com> net: hsr: hsr_slave: Fix the promiscuous mode in offload mode Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: handle deferred cc1 Kurt Kanzenbach <kurt(a)linutronix.de> igc: Remove stale comment about Tx timestamping Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() Jesse Brandeburg <jesse.brandeburg(a)intel.com> ice: fix memory corruption bug with suspend and rebuild Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> ice: realloc VSI stats arrays Steven Zou <steven.zou(a)intel.com> ice: Refactor FW data type and fix bitmap casting issue Simon Trimmer <simont(a)opensource.cirrus.com> ALSA: hda: cs35l56: Set the init_done flag before component_add() Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: mvm: include link ID when releasing frames Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: disable multi rx queue for 9000 Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: rfi: fix potential response leaks David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop PHY during open() error paths Jakub Kicinski <kuba(a)kernel.org> tools: ynl: fix setting presence bits in simple nests Ryosuke Yasuoka <ryasuoka(a)redhat.com> nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Artem Savkov <asavkov(a)redhat.com> arm64: bpf: fix 32bit unconditional bswap Pavel Sakharov <p.sakharov(a)ispras.ru> dma-buf: Fix NULL pointer dereference in sanitycheck() Puranjay Mohan <puranjay12(a)gmail.com> bpf, arm64: fix bug in BPF_LDX_MEMSX Ilya Leoshkevich <iii(a)linux.ibm.com> s390/bpf: Fix bpf_plt pointer arithmetic Hangbin Liu <liuhangbin(a)gmail.com> scripts/bpf_doc: Use silent mode when exec make cmd Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Pre-populate the cursor physical dma address Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> drm/i915/display: Use i915_gem_object_get_dma_address to get dma address ------------- Diffstat: Documentation/admin-guide/hw-vuln/spectre.rst | 48 ++- Documentation/admin-guide/kernel-parameters.txt | 12 + Makefile | 4 +- arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 2 + arch/arm64/kernel/ptrace.c | 5 +- arch/arm64/kvm/hyp/pgtable.c | 11 +- arch/arm64/net/bpf_jit_comp.c | 4 +- arch/powerpc/mm/book3s64/pgtable.c | 2 +- arch/riscv/include/asm/uaccess.h | 4 +- arch/riscv/include/uapi/asm/auxvec.h | 2 +- arch/riscv/kernel/patch.c | 8 + arch/riscv/kernel/process.c | 3 - arch/riscv/kvm/aia_aplic.c | 37 +- arch/s390/boot/vmem.c | 2 +- arch/s390/include/asm/pgtable.h | 4 +- arch/s390/kernel/entry.S | 1 + arch/s390/mm/gmap.c | 2 +- arch/s390/mm/hugetlbpage.c | 4 +- arch/s390/mm/pageattr.c | 2 +- arch/s390/mm/pgtable.c | 2 +- arch/s390/mm/vmem.c | 6 +- arch/s390/net/bpf_jit_comp.c | 46 +-- arch/sparc/mm/init_64.c | 2 +- arch/x86/Kconfig | 25 ++ arch/x86/boot/compressed/Makefile | 2 +- arch/x86/boot/compressed/misc.c | 16 + arch/x86/boot/compressed/sev.c | 3 + arch/x86/coco/core.c | 41 ++ arch/x86/entry/common.c | 10 +- arch/x86/entry/entry_64.S | 61 +++ arch/x86/entry/entry_64_compat.S | 16 + arch/x86/entry/syscall_32.c | 21 +- arch/x86/entry/syscall_64.c | 19 +- arch/x86/entry/syscall_x32.c | 10 +- arch/x86/events/amd/core.c | 24 +- arch/x86/events/amd/lbr.c | 16 +- arch/x86/events/intel/ds.c | 8 +- arch/x86/include/asm/asm-prototypes.h | 1 + arch/x86/include/asm/boot.h | 1 + arch/x86/include/asm/coco.h | 2 + arch/x86/include/asm/cpufeature.h | 8 +- arch/x86/include/asm/cpufeatures.h | 21 +- arch/x86/include/asm/disabled-features.h | 3 +- arch/x86/include/asm/init.h | 2 + arch/x86/include/asm/mem_encrypt.h | 8 +- arch/x86/include/asm/msr-index.h | 9 +- arch/x86/include/asm/nospec-branch.h | 88 +++-- arch/x86/include/asm/required-features.h | 3 +- arch/x86/include/asm/sev.h | 10 +- arch/x86/include/asm/syscall.h | 11 +- arch/x86/include/uapi/asm/bootparam.h | 1 + arch/x86/kernel/cpu/amd.c | 129 +++++-- arch/x86/kernel/cpu/bugs.c | 126 +++++- arch/x86/kernel/cpu/common.c | 24 +- arch/x86/kernel/cpu/mce/core.c | 4 +- arch/x86/kernel/cpu/scattered.c | 2 + arch/x86/kernel/head64.c | 3 +- arch/x86/kernel/mpparse.c | 10 +- arch/x86/kernel/setup.c | 2 + arch/x86/kernel/sev-shared.c | 23 +- arch/x86/kernel/sev.c | 14 +- arch/x86/kernel/vmlinux.lds.S | 7 +- arch/x86/kvm/mmu/mmu.c | 2 +- arch/x86/kvm/reverse_cpuid.h | 5 +- arch/x86/kvm/svm/sev.c | 45 ++- arch/x86/kvm/trace.h | 10 +- arch/x86/kvm/vmx/vmenter.S | 2 + arch/x86/kvm/x86.c | 2 +- arch/x86/lib/Makefile | 13 - arch/x86/lib/retpoline.S | 165 ++++---- arch/x86/mm/fault.c | 4 +- arch/x86/mm/ident_map.c | 23 +- arch/x86/mm/init_64.c | 4 +- arch/x86/mm/kasan_init_64.c | 2 +- arch/x86/mm/mem_encrypt_identity.c | 76 +--- arch/x86/mm/pat/memtype.c | 49 ++- arch/x86/mm/pat/set_memory.c | 6 +- arch/x86/mm/pgtable.c | 2 +- arch/x86/mm/pti.c | 2 +- arch/x86/net/bpf_jit_comp.c | 2 +- arch/x86/power/hibernate.c | 2 +- arch/x86/xen/mmu_pv.c | 4 +- drivers/acpi/acpica/dbnames.c | 8 +- drivers/ata/sata_mv.c | 63 ++- drivers/ata/sata_sx4.c | 6 +- drivers/base/core.c | 26 +- drivers/base/regmap/regcache-maple.c | 6 +- drivers/bluetooth/btqca.c | 8 +- drivers/bluetooth/hci_qca.c | 19 +- drivers/dma-buf/st-dma-fence-chain.c | 6 +- drivers/firmware/efi/libstub/efi-stub-helper.c | 8 + drivers/firmware/efi/libstub/efistub.h | 2 +- drivers/firmware/efi/libstub/x86-stub.c | 14 +- drivers/gpio/gpiolib-cdev.c | 58 ++- drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 43 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 10 +- .../amd/display/dc/dce110/dce110_hw_sequencer.c | 3 +- drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c | 11 +- drivers/gpu/drm/amd/include/amd_shared.h | 1 + drivers/gpu/drm/drm_prime.c | 7 +- drivers/gpu/drm/i915/Makefile | 1 + drivers/gpu/drm/i915/display/intel_cursor.c | 6 +- drivers/gpu/drm/i915/display/intel_display_types.h | 1 + drivers/gpu/drm/i915/display/intel_fb_pin.c | 10 + drivers/gpu/drm/i915/display/skl_universal_plane.c | 5 +- drivers/gpu/drm/i915/gem/i915_gem_create.c | 4 +- drivers/gpu/drm/i915/gt/gen8_engine_cs.c | 10 +- drivers/gpu/drm/i915/gt/intel_engine_cs.c | 21 +- drivers/gpu/drm/i915/gt/intel_engine_pm.c | 2 +- .../gpu/drm/i915/gt/intel_execlists_submission.c | 4 +- drivers/gpu/drm/i915/gt/intel_gt.h | 31 ++ drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c | 39 ++ drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h | 13 + drivers/gpu/drm/i915/gt/intel_gt_mcr.c | 7 +- drivers/gpu/drm/i915/gt/intel_gt_regs.h | 6 + drivers/gpu/drm/i915/gt/intel_lrc.c | 38 +- drivers/gpu/drm/i915/gt/intel_mocs.c | 23 +- drivers/gpu/drm/i915/gt/intel_rc6.c | 6 +- drivers/gpu/drm/i915/gt/intel_reset.c | 20 +- drivers/gpu/drm/i915/gt/intel_reset.h | 2 + drivers/gpu/drm/i915/gt/intel_rps.c | 2 +- drivers/gpu/drm/i915/gt/intel_workarounds.c | 422 +++++++-------------- drivers/gpu/drm/i915/gt/uc/intel_guc.c | 26 +- drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 6 +- drivers/gpu/drm/i915/i915_debugfs.c | 2 +- drivers/gpu/drm/i915/i915_drv.h | 4 - drivers/gpu/drm/i915/i915_perf.c | 11 +- drivers/gpu/drm/i915/intel_clock_gating.c | 8 - drivers/gpu/drm/nouveau/nouveau_uvmm.c | 6 +- drivers/gpu/drm/panfrost/panfrost_gpu.c | 6 +- drivers/md/dm-integrity.c | 2 +- drivers/net/dsa/mv88e6xxx/chip.c | 6 +- drivers/net/dsa/sja1105/sja1105_mdio.c | 2 +- drivers/net/ethernet/broadcom/asp2/bcmasp_intf.c | 28 +- drivers/net/ethernet/freescale/fec_main.c | 11 +- .../hns3/hns3_common/hclge_comm_tqp_stats.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 19 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 4 + drivers/net/ethernet/intel/e1000/e1000_hw.c | 46 +-- drivers/net/ethernet/intel/e1000e/80003es2lan.c | 3 +- drivers/net/ethernet/intel/e1000e/82571.c | 3 +- drivers/net/ethernet/intel/e1000e/ethtool.c | 7 +- drivers/net/ethernet/intel/e1000e/hw.h | 2 + drivers/net/ethernet/intel/e1000e/ich8lan.c | 56 +-- drivers/net/ethernet/intel/e1000e/mac.c | 2 +- drivers/net/ethernet/intel/e1000e/netdev.c | 35 +- drivers/net/ethernet/intel/e1000e/phy.c | 191 ++++++---- drivers/net/ethernet/intel/e1000e/phy.h | 2 + drivers/net/ethernet/intel/fm10k/fm10k_pf.c | 4 +- drivers/net/ethernet/intel/fm10k/fm10k_vf.c | 10 +- drivers/net/ethernet/intel/i40e/i40e.h | 63 ++- drivers/net/ethernet/intel/i40e/i40e_adminq.c | 8 +- drivers/net/ethernet/intel/i40e/i40e_adminq.h | 3 +- drivers/net/ethernet/intel/i40e/i40e_adminq_cmd.h | 2 + drivers/net/ethernet/intel/i40e/i40e_alloc.h | 24 +- drivers/net/ethernet/intel/i40e/i40e_client.c | 1 - drivers/net/ethernet/intel/i40e/i40e_common.c | 12 +- drivers/net/ethernet/intel/i40e/i40e_dcb.c | 4 +- drivers/net/ethernet/intel/i40e/i40e_dcb_nl.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_ddp.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_debug.h | 47 +++ drivers/net/ethernet/intel/i40e/i40e_debugfs.c | 3 +- drivers/net/ethernet/intel/i40e/i40e_diag.h | 5 +- drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 3 +- drivers/net/ethernet/intel/i40e/i40e_hmc.c | 16 +- drivers/net/ethernet/intel/i40e/i40e_hmc.h | 4 + drivers/net/ethernet/intel/i40e/i40e_io.h | 16 + drivers/net/ethernet/intel/i40e/i40e_lan_hmc.c | 9 +- drivers/net/ethernet/intel/i40e/i40e_lan_hmc.h | 2 + drivers/net/ethernet/intel/i40e/i40e_main.c | 70 ++-- drivers/net/ethernet/intel/i40e/i40e_nvm.c | 3 + drivers/net/ethernet/intel/i40e/i40e_osdep.h | 59 --- drivers/net/ethernet/intel/i40e/i40e_prototype.h | 4 +- drivers/net/ethernet/intel/i40e/i40e_ptp.c | 9 +- drivers/net/ethernet/intel/i40e/i40e_register.h | 5 + drivers/net/ethernet/intel/i40e/i40e_txrx.c | 89 +++-- drivers/net/ethernet/intel/i40e/i40e_txrx.h | 6 +- drivers/net/ethernet/intel/i40e/i40e_txrx_common.h | 2 + drivers/net/ethernet/intel/i40e/i40e_type.h | 54 +-- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 47 +-- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.h | 4 +- drivers/net/ethernet/intel/i40e/i40e_xsk.c | 4 - drivers/net/ethernet/intel/i40e/i40e_xsk.h | 4 + drivers/net/ethernet/intel/iavf/iavf_common.c | 3 +- drivers/net/ethernet/intel/iavf/iavf_ethtool.c | 5 +- drivers/net/ethernet/intel/iavf/iavf_fdir.c | 1 + drivers/net/ethernet/intel/iavf/iavf_txrx.c | 1 + drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 3 +- drivers/net/ethernet/intel/ice/ice_lag.c | 4 +- drivers/net/ethernet/intel/ice/ice_lib.c | 74 ++-- drivers/net/ethernet/intel/ice/ice_switch.c | 24 +- drivers/net/ethernet/intel/ice/ice_switch.h | 4 +- .../net/ethernet/intel/ice/ice_vf_vsi_vlan_ops.c | 18 +- drivers/net/ethernet/intel/igb/e1000_82575.c | 29 +- drivers/net/ethernet/intel/igb/e1000_i210.c | 19 +- drivers/net/ethernet/intel/igb/e1000_mac.c | 2 +- drivers/net/ethernet/intel/igb/e1000_nvm.c | 18 +- drivers/net/ethernet/intel/igb/e1000_phy.c | 13 +- drivers/net/ethernet/intel/igb/igb_ethtool.c | 8 +- drivers/net/ethernet/intel/igb/igb_main.c | 4 +- drivers/net/ethernet/intel/igbvf/mbx.c | 1 + drivers/net/ethernet/intel/igbvf/netdev.c | 33 +- drivers/net/ethernet/intel/igc/igc_i225.c | 1 + drivers/net/ethernet/intel/igc/igc_main.c | 4 - drivers/net/ethernet/intel/igc/igc_phy.c | 1 + drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 30 +- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 16 +- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_phy.c | 8 +- drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 8 +- drivers/net/ethernet/intel/ixgbe/ixgbe_x540.c | 8 +- drivers/net/ethernet/intel/ixgbe/ixgbe_x550.c | 19 +- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 + .../net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 2 + .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 2 +- .../net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 2 +- .../ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c | 31 +- drivers/net/ethernet/microchip/lan743x_main.c | 18 + drivers/net/ethernet/microchip/lan743x_main.h | 4 + drivers/net/ethernet/microsoft/mana/mana_en.c | 2 +- drivers/net/ethernet/realtek/r8169_main.c | 40 +- drivers/net/ethernet/renesas/ravb_main.c | 33 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 +- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 38 +- drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c | 8 +- drivers/net/phy/micrel.c | 31 +- drivers/net/usb/ax88179_178a.c | 2 + drivers/net/wireless/intel/iwlwifi/iwl-trans.h | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 4 +- drivers/net/wireless/intel/iwlwifi/mvm/rfi.c | 8 +- drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 31 +- drivers/net/wwan/t7xx/t7xx_cldma.c | 4 +- drivers/net/wwan/t7xx/t7xx_hif_cldma.c | 9 +- drivers/net/wwan/t7xx/t7xx_pcie_mac.c | 8 +- drivers/net/xen-netfront.c | 1 + drivers/of/dynamic.c | 12 + drivers/of/module.c | 8 + drivers/perf/riscv_pmu.c | 4 + drivers/s390/net/qeth_core_main.c | 38 +- drivers/scsi/myrb.c | 20 +- drivers/scsi/myrs.c | 24 +- drivers/scsi/sd.c | 2 +- drivers/spi/spi-pci1xxxx.c | 2 + drivers/spi/spi-s3c64xx.c | 80 ++-- drivers/usb/typec/ucsi/ucsi_glink.c | 14 + fs/btrfs/extent_io.c | 208 +++++++--- fs/btrfs/inode.c | 22 +- fs/nfsd/nfs4state.c | 7 +- fs/pipe.c | 17 +- fs/smb/client/cached_dir.c | 6 +- fs/smb/client/cifs_debug.c | 6 + fs/smb/client/cifsfs.c | 11 + fs/smb/client/cifsglob.h | 17 +- fs/smb/client/connect.c | 45 ++- fs/smb/client/dir.c | 15 + fs/smb/client/file.c | 111 +++++- fs/smb/client/fs_context.c | 6 +- fs/smb/client/fs_context.h | 12 + fs/smb/client/fscache.c | 16 +- fs/smb/client/fscache.h | 6 + fs/smb/client/inode.c | 2 + fs/smb/client/ioctl.c | 6 +- fs/smb/client/misc.c | 2 + fs/smb/client/smb1ops.c | 4 +- fs/smb/client/smb2misc.c | 4 + fs/smb/client/smb2ops.c | 11 +- fs/smb/client/smb2pdu.c | 2 +- fs/smb/server/ksmbd_netlink.h | 3 +- fs/smb/server/mgmt/share_config.c | 7 +- fs/smb/server/smb2ops.c | 10 +- fs/smb/server/smb2pdu.c | 3 +- fs/smb/server/transport_ipc.c | 37 ++ fs/vboxsf/super.c | 3 +- include/kvm/arm_pmu.h | 2 +- include/linux/avf/virtchnl.h | 5 + include/linux/bpf.h | 16 +- include/linux/device.h | 1 + include/linux/io_uring_types.h | 1 - include/linux/secretmem.h | 4 +- include/linux/skbuff.h | 7 +- include/linux/udp.h | 28 ++ include/net/bluetooth/hci.h | 9 + include/net/inet_connection_sock.h | 1 + include/net/mana/mana.h | 1 - include/net/sock.h | 7 + io_uring/io_uring.c | 18 +- io_uring/kbuf.c | 116 ++---- io_uring/kbuf.h | 8 +- kernel/bpf/syscall.c | 35 +- kernel/bpf/verifier.c | 5 + kernel/trace/bpf_trace.c | 10 +- mm/memory.c | 4 + net/9p/client.c | 10 +- net/ax25/ax25_dev.c | 2 +- net/bluetooth/hci_debugfs.c | 64 ++-- net/bluetooth/hci_event.c | 25 ++ net/bluetooth/hci_sync.c | 5 +- net/bridge/netfilter/ebtables.c | 6 + net/core/gro.c | 3 +- net/core/sock_map.c | 6 + net/hsr/hsr_slave.c | 3 +- net/ipv4/inet_connection_sock.c | 33 +- net/ipv4/inet_fragment.c | 70 +++- net/ipv4/ip_fragment.c | 2 +- net/ipv4/ip_gre.c | 5 + net/ipv4/netfilter/arp_tables.c | 4 + net/ipv4/netfilter/ip_tables.c | 4 + net/ipv4/tcp.c | 2 + net/ipv4/udp.c | 7 + net/ipv4/udp_offload.c | 23 +- net/ipv6/ip6_fib.c | 14 +- net/ipv6/ip6_gre.c | 3 + net/ipv6/netfilter/ip6_tables.c | 4 + net/ipv6/netfilter/nf_conntrack_reasm.c | 2 +- net/ipv6/udp.c | 2 +- net/ipv6/udp_offload.c | 8 +- net/mptcp/protocol.c | 106 ++---- net/mptcp/subflow.c | 2 + net/netfilter/nf_tables_api.c | 92 ++++- net/nfc/nci/core.c | 5 + net/rds/rdma.c | 2 +- net/sched/act_skbmod.c | 10 +- net/sched/sch_api.c | 2 +- net/sunrpc/svcsock.c | 10 +- net/tls/tls_sw.c | 7 +- net/vmw_vsock/virtio_transport.c | 3 +- scripts/bpf_doc.py | 4 +- scripts/mod/Makefile | 4 +- scripts/mod/modpost.c | 73 +--- scripts/mod/modpost.h | 25 ++ scripts/mod/symsearch.c | 199 ++++++++++ security/selinux/selinuxfs.c | 12 +- sound/pci/emu10k1/emu10k1_callback.c | 7 +- sound/pci/hda/cs35l56_hda.c | 4 +- sound/pci/hda/cs35l56_hda_i2c.c | 13 +- sound/pci/hda/cs35l56_hda_spi.c | 13 +- sound/pci/hda/patch_realtek.c | 3 +- sound/soc/amd/acp/acp-pci.c | 5 +- sound/soc/codecs/rt5682-sdw.c | 4 +- sound/soc/codecs/rt711-sdca-sdw.c | 4 +- sound/soc/codecs/rt711-sdw.c | 4 +- sound/soc/codecs/rt712-sdca-sdw.c | 5 +- sound/soc/codecs/rt722-sdca-sdw.c | 4 +- sound/soc/codecs/wm_adsp.c | 3 +- sound/soc/soc-ops.c | 2 +- sound/soc/sof/amd/acp.c | 8 +- tools/arch/x86/include/asm/cpufeatures.h | 2 +- tools/net/ynl/ynl-gen-c.py | 7 +- tools/testing/selftests/mm/vm_util.h | 2 +- tools/testing/selftests/net/mptcp/mptcp_connect.sh | 85 +++-- tools/testing/selftests/net/mptcp/mptcp_join.sh | 4 +- tools/testing/selftests/net/reuseaddr_conflict.c | 2 +- tools/testing/selftests/net/test_vxlan_mdb.sh | 205 ++++++---- tools/testing/selftests/net/udpgro_fwd.sh | 10 +- 355 files changed, 4162 insertions(+), 2344 deletions(-)

1 year, 2 months

6
5
0 0

[PATCH 5.15 000/697] 5.15.154-rc3 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.154 release. There are 697 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 11 Apr 2024 17:35:00 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.154-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.154-rc3 Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> x86: set SPECTRE_BHI_ON as default Daniel Sneddon <daniel.sneddon(a)linux.intel.com> KVM: x86: Add BHI_NO Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Mitigate KVM by default Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Add BHI mitigation knob Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Enumerate Branch History Injection (BHI) bug Daniel Sneddon <daniel.sneddon(a)linux.intel.com> x86/bhi: Define SPEC_CTRL_BHI_DIS_S Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Add support for clearing branch history at syscall entry Linus Torvalds <torvalds(a)linux-foundation.org> x86/syscall: Don't force use of indirect calls for system calls Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file min15.li <min15.li(a)samsung.com> nvme: fix miss command type check Antoine Tenart <atenart(a)kernel.org> gro: fix ownership transfer David Hildenbrand <david(a)redhat.com> mm/secretmem: fix GUP-fast succeeding on secretmem folios Davide Caratti <dcaratti(a)redhat.com> mptcp: don't account accept() of non-MPC client as fallback to TCP Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Fix the SRSO mitigation on Zen3/4 Stefan O'Rear <sorear(a)fastmail.com> riscv: process: Fix kernel gp leakage Samuel Holland <samuel.holland(a)sifive.com> riscv: Fix spurious errors from __get/put_kernel_nofault Sumanth Korikkar <sumanthk(a)linux.ibm.com> s390/entry: align system call table on 8 bytes Borislav Petkov (AMD) <bp(a)alien8.de> x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() Herve Codina <herve.codina(a)bootlin.com> of: dynamic: Synchronize of_changeset_destroy() with the devlink removals Herve Codina <herve.codina(a)bootlin.com> driver core: Introduce device_link_wait_removal() I Gede Agastya Darma Laksana <gedeagas22(a)gmail.com> ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Jann Horn <jannh(a)google.com> fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() Jann Horn <jannh(a)google.com> openrisc: Fix pagewalk usage in arch_dma_{clear, set}_uncached Jann Horn <jannh(a)google.com> HID: uhid: Use READ_ONCE()/WRITE_ONCE() for ->running Jeff Layton <jlayton(a)kernel.org> nfsd: hold a lighter-weight client reference over CB_RECALL_ANY Arnd Bergmann <arnd(a)arndb.de> ata: sata_mv: Fix PCI device ID table declaration compilation warning Arnd Bergmann <arnd(a)arndb.de> scsi: mylex: Fix sysfs buffer lengths Arnd Bergmann <arnd(a)arndb.de> ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit Stephen Lee <slee08177(a)gmail.com> ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdca: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt5682-sdw: fix locking sequence Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always process TX descriptor ring Wei Fang <wei.fang(a)nxp.com> net: fec: Set mac_managed_pm during probe Denis Kirjanov <dkirjanov(a)suse.de> drivers: net: convert to boolean for the mac_managed_pm flag Oleksij Rempel <linux(a)rempel-privat.de> net: usb: asix: suspend embedded PHY if external is used Ivan Vecera <ivecera(a)redhat.com> i40e: Enforce software interrupt during busy-poll exit Ivan Vecera <ivecera(a)redhat.com> i40e: Remove _t suffix from enum type names Joe Damato <jdamato(a)fastly.com> i40e: Store the irq number in i40e_q_vector Alexander Stein <alexander.stein(a)ew.tq-group.com> Revert "usb: phy: generic: Get the vbus supply" Bikash Hazarika <bhazarika(a)marvell.com> scsi: qla2xxx: Update manufacturer detail Bikash Hazarika <bhazarika(a)marvell.com> scsi: qla2xxx: Update manufacturer details Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix vf may be used uninitialized in this function warning Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix i40e_count_filters() to count only active/new filters Su Hui <suhui(a)nfschina.com> octeontx2-pf: check negative error code in otx2_open() Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: Fix issue with loading coalesced KPU profiles Antoine Tenart <atenart(a)kernel.org> udp: prevent local UDP tunnel packets from being GROed Antoine Tenart <atenart(a)kernel.org> udp: do not transition UDP GRO fraglist partial checksums to unnecessary Antoine Tenart <atenart(a)kernel.org> udp: do not accept non-tunnel GSO skbs landing in a tunnel David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop interface during shutdown Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Fix infinite recursion in fib6_dump_done(). Jakub Kicinski <kuba(a)kernel.org> selftests: reuseaddr_conflict: add missing new line at the end of the output Eric Dumazet <edumazet(a)google.com> erspan: make sure erspan_base_hdr is present in skb->head Antoine Tenart <atenart(a)kernel.org> selftests: net: gro fwd: update vxlan GRO test expectations Piotr Wejman <piotrwejman90(a)gmail.com> net: stmmac: fix rx queue priority assignment Eric Dumazet <edumazet(a)google.com> net/sched: act_skbmod: prevent kernel-infoleak Jakub Sitnicki <jakub(a)cloudflare.com> bpf, sockmap: Prevent lock inversion deadlock in map delete elem Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> vboxsf: Avoid an spurious warning if load_nls_xxx() fails Eric Dumazet <edumazet(a)google.com> netfilter: validate user input for expected length Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: flush pending destroy work before exit_net release Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject new basechain after table flag update Sean Christopherson <seanjc(a)google.com> KVM: x86: Mark target gfn of emulated atomic instruction as dirty Sean Christopherson <seanjc(a)google.com> KVM: x86: Bail to userspace if emulation of atomic user access faults Ye Zhang <ye.zhang(a)rock-chips.com> thermal: devfreq_cooling: Fix perf state when calculate dfc res_util Vlastimil Babka <vbabka(a)suse.cz> mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations Ingo Molnar <mingo(a)kernel.org> Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Jens Axboe <axboe(a)kernel.dk> io_uring: ensure '0' is returned on file registration success Gokul krishna Krishnakumar <quic_gokukris(a)quicinc.com> locking/rwsem: Disable preemption while trying for rwsem lock Mahmoud Adam <mngyadam(a)amazon.com> net/rds: fix possible cp null dereference Jesper Dangaard Brouer <hawk(a)kernel.org> xen-netfront: Add missing skb_mark_for_recycle Bastien Nocera <hadess(a)hadess.net> Bluetooth: Fix TOCTOU in HCI debugfs implementation Hui Wang <hui.wang(a)canonical.com> Bluetooth: hci_event: set the conn encrypted before conn establishes Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken Sean Christopherson <seanjc(a)google.com> x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word Sandipan Das <sandipan.das(a)amd.com> x86/cpufeatures: Add new word for scattered features Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d Arnd Bergmann <arnd(a)arndb.de> dm integrity: fix out-of-range warning Hariprasad Kelam <hkelam(a)marvell.com> Octeontx2-af: fix pause frame configuration in GMP mode Andrei Matei <andreimatei1(a)gmail.com> bpf: Protect against int overflow for stack access size David Thompson <davthompson(a)nvidia.com> mlxbf_gige: call request_irq() after NAPI initialized Nikita Kiryushin <kiryushin(a)ancud.ru> ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() Eric Dumazet <edumazet(a)google.com> tcp: properly terminate timers for kernel sockets Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: handle deferred cc1 Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: rfi: fix potential response leaks Bixuan Cui <cuibixuan(a)linux.alibaba.com> iwlwifi: mvm: rfi: use kmemdup() to replace kzalloc + memcpy David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop PHY during open() error paths Ryosuke Yasuoka <ryasuoka(a)redhat.com> nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> USB: UAS: return ENODEV when submit urbs fail with device not attached Bart Van Assche <bvanassche(a)acm.org> scsi: usb: Stop using the SCSI pointer Bart Van Assche <bvanassche(a)acm.org> scsi: usb: Call scsi_done() directly Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix deadlock in usb_deauthorize_interface() Muhammad Usama Anjum <usama.anjum(a)collabora.com> scsi: lpfc: Correct size for wqe for memset() Mika Westerberg <mika.westerberg(a)linux.intel.com> PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports Kim Phillips <kim.phillips(a)amd.com> x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Delay I/O Abort on PCI error Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Change debug message during driver unload Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Fix double free of fcport Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix command flush on cable pull Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: NVME|FCP prefer flag not being honored Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Split FCE|EFT trace control Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix N2N stuck connection Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Prevent command send on chip reset Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Ack unsupported commands yuan linyu <yuanlinyu(a)hihonor.com> usb: udc: remove warning when queue disabled ep Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: gadget: LPM flow fix Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: gadget: Fix exiting from clock gating Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix ISOC flow in DDMA mode Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix hibernation flow Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix remote wakeup from hibernation Alan Stern <stern(a)rowland.harvard.edu> USB: core: Add hub_get() and hub_put() routines Dan Carpenter <dan.carpenter(a)linaro.org> staging: vc04_services: fix information leak in create_component() Arnd Bergmann <arnd(a)arndb.de> staging: vc04_services: changen strncpy() to strscpy_pad() Guilherme G. Piccoli <gpiccoli(a)igalia.com> scsi: core: Fix unremoved procfs host directory regression Duoming Zhou <duoming(a)zju.edu.cn> ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Preserve original aspect ratio in create stream Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/amdgpu: Use drm_mode_copy() Oliver Neukum <oneukum(a)suse.com> usb: cdc-wdm: close race between read and workqueue Chris Wilson <chris(a)chris-wilson.co.uk> drm/i915/gt: Reset queue_priority_hint on parking Claus Hansen Ries <chr(a)terma.com> net: ll_temac: platform_get_resource replaced by wrong function Mikko Rapeli <mikko.rapeli(a)linaro.org> mmc: core: Avoid negative index with array access Mikko Rapeli <mikko.rapeli(a)linaro.org> mmc: core: Initialize mmc_blk_ioc_data Nathan Chancellor <nathan(a)kernel.org> hexagon: vmlinux.lds.S: handle attributes section Max Filippov <jcmvbkbc(a)gmail.com> exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: use zone aware sb location for scrub John Sperbeck <jsperbeck(a)google.com> init: open /initrd.image with O_LARGEFILE Zi Yan <ziy(a)nvidia.com> mm/migrate: set swap entry values of THP tail pages properly. Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO Alex Williamson <alex.williamson(a)redhat.com> vfio/fsl-mc: Block calling interrupt handler without trigger Alex Williamson <alex.williamson(a)redhat.com> vfio/platform: Create persistent IRQ handlers Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Create persistent INTx handler Alex Williamson <alex.williamson(a)redhat.com> vfio: Introduce interface to flush virqfd inject workqueue Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Lock external INTx masking ops Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Disable auto-enable of exclusive INTx IRQ Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: diag: return KSFT_FAIL not test_cnt Nathan Chancellor <nathan(a)kernel.org> powerpc: xor_vmx: Add '-mhard-float' to CFLAGS Tim Schumacher <timschumi(a)gmx.de> efivarfs: Request at most 512 bytes for variable names Yang Jihong <yangjihong1(a)huawei.com> perf/core: Fix reentry problem in perf_output_read_group() Trond Myklebust <trond.myklebust(a)hammerspace.com> nfsd: Fix a regression in nfsd_setattr() NeilBrown <neilb(a)suse.de> nfsd: don't call locks_release_private() twice concurrently NeilBrown <neilb(a)suse.de> nfsd: don't take fi_lock in nfsd_break_deleg_cb() NeilBrown <neilb(a)suse.de> nfsd: fix RELEASE_LOCKOWNER Jeff Layton <jlayton(a)kernel.org> nfsd: drop the nfsd_put helper NeilBrown <neilb(a)suse.de> nfsd: call nfsd_last_thread() before final nfsd_put() Alexander Aring <aahringo(a)redhat.com> lockd: introduce safe async lock op NeilBrown <neilb(a)suse.de> NFSD: fix possible oops when nfsd/pool_stats is closed. Chuck Lever <chuck.lever(a)oracle.com> Documentation: Add missing documentation for EXPORT_OP flags NeilBrown <neilb(a)suse.de> nfsd: separate nfsd_last_thread() from nfsd_put() NeilBrown <neilb(a)suse.de> nfsd: Simplify code around svc_exit_thread() call in nfsd() Tavian Barnes <tavianator(a)tavianator.com> nfsd: Fix creation time serialization order Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add an nfsd4_encode_nfstime4() helper NeilBrown <neilb(a)suse.de> lockd: drop inappropriate svc_get() from locked_get() Dan Carpenter <dan.carpenter(a)linaro.org> nfsd: fix double fget() bug in __write_ports_addfd() Jeff Layton <jlayton(a)kernel.org> nfsd: make a copy of struct iattr before calling notify_change Dai Ngo <dai.ngo(a)oracle.com> NFSD: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop Jeff Layton <jlayton(a)kernel.org> nfsd: simplify the delayed disposal list code Chuck Lever <chuck.lever(a)oracle.com> NFSD: Convert filecache to rhltable Jeff Layton <jlayton(a)kernel.org> nfsd: allow reaping files still under writeback Jeff Layton <jlayton(a)kernel.org> nfsd: update comment over __nfsd_file_cache_purge Jeff Layton <jlayton(a)kernel.org> nfsd: don't take/put an extra reference when putting a file Jeff Layton <jlayton(a)kernel.org> nfsd: add some comments to nfsd_file_do_acquire Jeff Layton <jlayton(a)kernel.org> nfsd: don't kill nfsd_files because of lease break error Jeff Layton <jlayton(a)kernel.org> nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator Jeff Layton <jlayton(a)kernel.org> nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries Jeff Layton <jlayton(a)kernel.org> nfsd: don't open-code clear_and_wake_up_bit Jeff Layton <jlayton(a)kernel.org> nfsd: call op_release, even when op_func returns an error Jeff Layton <jlayton(a)kernel.org> nfsd: don't replace page in rq_pages if it's a continuation of last page Chuck Lever <chuck.lever(a)oracle.com> NFSD: Protect against filesystem freezing Chuck Lever <chuck.lever(a)oracle.com> NFSD: copy the whole verifier in nfsd_copy_write_verifier Jeff Layton <jlayton(a)kernel.org> nfsd: don't fsync nfsd_files on last close Jeff Layton <jlayton(a)kernel.org> nfsd: fix courtesy client with deny mode handling in nfs4_upgrade_open Dai Ngo <dai.ngo(a)oracle.com> NFSD: fix problems with cleanup on errors in nfsd4_copy Jeff Layton <jlayton(a)kernel.org> nfsd: don't hand out delegation on setuid files being opened for write Dai Ngo <dai.ngo(a)oracle.com> NFSD: fix leaked reference count of nfsd4_ssc_umount_item Jeff Layton <jlayton(a)kernel.org> nfsd: clean up potential nfsd_file refcount leaks in COPY codepath Jeff Layton <jlayton(a)kernel.org> nfsd: allow nfsd_file_get to sanely handle a NULL pointer Dai Ngo <dai.ngo(a)oracle.com> NFSD: enhance inter-server copy cleanup Jeff Layton <jlayton(a)kernel.org> nfsd: don't destroy global nfs4_file table in per-net shutdown Jeff Layton <jlayton(a)kernel.org> nfsd: don't free files unconditionally in __nfsd_file_cache_purge Dai Ngo <dai.ngo(a)oracle.com> NFSD: replace delayed_work with work_struct for nfsd_client_shrinker Dai Ngo <dai.ngo(a)oracle.com> NFSD: register/unregister of nfsd-client shrinker at nfsd startup/shutdown time Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use set_bit(RQ_DROPME) Chuck Lever <chuck.lever(a)oracle.com> Revert "SUNRPC: Use RMW bitops in single-threaded hot paths" Jeff Layton <jlayton(a)kernel.org> nfsd: fix handling of cached open files in nfsd4_open codepath Jeff Layton <jlayton(a)kernel.org> nfsd: rework refcounting in filecache Kees Cook <keescook(a)chromium.org> NFSD: Avoid clashing function prototypes Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use only RQ_DROPME to signal the need to drop a reply Dai Ngo <dai.ngo(a)oracle.com> NFSD: add CB_RECALL_ANY tracepoints Dai Ngo <dai.ngo(a)oracle.com> NFSD: add delegation reaper to react to low memory condition Dai Ngo <dai.ngo(a)oracle.com> NFSD: add support for sending CB_RECALL_ANY Dai Ngo <dai.ngo(a)oracle.com> NFSD: refactoring courtesy_client_reaper to a generic low memory shrinker Chuck Lever <chuck.lever(a)oracle.com> trace: Relocate event helper files Jeff Layton <jlayton(a)kernel.org> lockd: fix file selection in nlmsvc_cancel_blocked Jeff Layton <jlayton(a)kernel.org> lockd: ensure we use the correct file descriptor when unlocking Jeff Layton <jlayton(a)kernel.org> lockd: set missing fl_flags field when retrieving args Xiu Jianfeng <xiujianfeng(a)huawei.com> NFSD: Use struct_size() helper in alloc_session() Jeff Layton <jlayton(a)kernel.org> nfsd: return error if nfs4_setacl fails Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add an nfsd_file_fsync tracepoint Jeff Layton <jlayton(a)kernel.org> nfsd: fix up the filecache laundrette scheduling Jeff Layton <jlayton(a)kernel.org> filelock: add a new locks_inode_context accessor function Jeff Layton <jlayton(a)kernel.org> nfsd: reorganize filecache.c Jeff Layton <jlayton(a)kernel.org> nfsd: remove the pages_flushed statistic from filecache Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix licensing header in filecache.c Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use rhashtable for managing nfs4_file objects Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor find_file() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up find_or_add_file() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add a nfsd4_file_hash_remove() helper Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfsd4_init_file() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update file_hashtbl() helpers Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use const pointers as parameters to fh_ helpers Chuck Lever <chuck.lever(a)oracle.com> NFSD: Trace delegation revocations Chuck Lever <chuck.lever(a)oracle.com> NFSD: Trace stateids returned via DELEGRETURN Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfs4_preprocess_stateid_op() call sites Chuck Lever <chuck.lever(a)oracle.com> NFSD: Flesh out a documenting comment for filecache.c Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add an NFSD_FILE_GC flag to enable nfsd_file garbage collection Chuck Lever <chuck.lever(a)oracle.com> NFSD: Revert "NFSD: NFSv4 CLOSE should release an nfsd_file immediately" Chuck Lever <chuck.lever(a)oracle.com> NFSD: Pass the target nfsd_file to nfsd_commit() David Disseldorp <ddiss(a)suse.de> exportfs: use pr_debug for unreachable debug statements Jeff Layton <jlayton(a)kernel.org> nfsd: allow disabling NFSv2 at compile time Jeff Layton <jlayton(a)kernel.org> nfsd: move nfserrno() to vfs.c Jeff Layton <jlayton(a)kernel.org> nfsd: ignore requests to disable unsupported versions Chuck Lever <chuck.lever(a)oracle.com> NFSD: Finish converting the NFSv3 GETACL result encoder Colin Ian King <colin.i.king(a)gmail.com> NFSD: Remove redundant assignment to variable host_err Anna Schumaker <Anna.Schumaker(a)Netapp.com> NFSD: Simplify READ_PLUS Jeff Layton <jlayton(a)kernel.org> nfsd: use locks_inode_context helper Jeff Layton <jlayton(a)kernel.org> lockd: use locks_inode_context helper Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix reads with a non-zero offset that don't end on a page boundary Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix trace_nfsd_fh_verify_err() crasher Jeff Layton <jlayton(a)kernel.org> nfsd: put the export reference in nfsd4_verify_deleg_dentry Jeff Layton <jlayton(a)kernel.org> nfsd: fix use-after-free in nfsd_file_do_acquire tracepoint Jeff Layton <jlayton(a)kernel.org> nfsd: fix net-namespace logic in __nfsd_file_cache_purge Jeff Layton <jlayton(a)kernel.org> nfsd: ensure we always call fh_verify_error tracepoint Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> NFSD: unregister shrinker when nfsd_init_net() fails Jeff Layton <jlayton(a)kernel.org> nfsd: rework hashtable handling in nfsd_do_file_acquire Jeff Layton <jlayton(a)kernel.org> nfsd: fix nfsd_file_unhash_and_dispose Gaosheng Cui <cuigaosheng1(a)huawei.com> fanotify: Remove obsoleted fanotify_event_has_path() Gaosheng Cui <cuigaosheng1(a)huawei.com> fsnotify: remove unused declaration Al Viro <viro(a)zeniv.linux.org.uk> fs/notify: constify path Jeff Layton <jlayton(a)kernel.org> nfsd: extra checks when freeing delegation stateids Jeff Layton <jlayton(a)kernel.org> nfsd: make nfsd4_run_cb a bool return function Jeff Layton <jlayton(a)kernel.org> nfsd: fix comments about spinlock handling with delegations Jeff Layton <jlayton(a)kernel.org> nfsd: only fill out return pointer on success in nfsd4_lookup_stateid Chuck Lever <chuck.lever(a)oracle.com> NFSD: Cap rsize_bop result based on send buffer size Chuck Lever <chuck.lever(a)oracle.com> NFSD: Rename the fields in copy_stateid_t ChenXiaoSong <chenxiaosong2(a)huawei.com> nfsd: use DEFINE_SHOW_ATTRIBUTE to define nfsd_file_cache_stats_fops ChenXiaoSong <chenxiaosong2(a)huawei.com> nfsd: use DEFINE_SHOW_ATTRIBUTE to define nfsd_reply_cache_stats_fops ChenXiaoSong <chenxiaosong2(a)huawei.com> nfsd: use DEFINE_SHOW_ATTRIBUTE to define client_info_fops ChenXiaoSong <chenxiaosong2(a)huawei.com> nfsd: use DEFINE_SHOW_ATTRIBUTE to define export_features_fops and supported_enctypes_fops ChenXiaoSong <chenxiaosong2(a)huawei.com> nfsd: use DEFINE_PROC_SHOW_ATTRIBUTE to define nfsd_proc_ops Chuck Lever <chuck.lever(a)oracle.com> NFSD: Pack struct nfsd4_compoundres Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove unused nfsd4_compoundargs::cachetype field Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove "inline" directives on op_rsize_bop helpers Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfs4svc_encode_compoundres() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up WRITE arg decoders Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use xdr_inline_decode() to decode NFSv3 symlinks Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor common code out of dirlist helpers Chuck Lever <chuck.lever(a)oracle.com> NFSD: Reduce amount of struct nfsd4_compoundargs that needs clearing Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Parametrize how much of argsize should be zeroed Dai Ngo <dai.ngo(a)oracle.com> NFSD: add shrinker to reap courtesy clients on low memory condition Dai Ngo <dai.ngo(a)oracle.com> NFSD: keep track of the number of courtesy clients in the system Chuck Lever <chuck.lever(a)oracle.com> NFSD: Make nfsd4_remove() wait before returning NFS4ERR_DELAY Chuck Lever <chuck.lever(a)oracle.com> NFSD: Make nfsd4_rename() wait before returning NFS4ERR_DELAY Chuck Lever <chuck.lever(a)oracle.com> NFSD: Make nfsd4_setattr() wait before returning NFS4ERR_DELAY Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd_setattr() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add a mechanism to wait for a DELEGRETURN Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add tracepoints to report NFSv4 callback completions Chuck Lever <chuck.lever(a)oracle.com> NFSD: Trace NFSv4 COMPOUND tags Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace dprintk() call site in fh_verify() Gaosheng Cui <cuigaosheng1(a)huawei.com> nfsd: remove nfsd4_prepare_cb_recall() declaration Jeff Layton <jlayton(a)kernel.org> nfsd: clean up mounted_on_fileid handling NeilBrown <neilb(a)suse.de> NFSD: drop fname and flen args from nfsd_create_locked() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Increase NFSD_MAX_OPS_PER_COMPOUND Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> nfsd: Propagate some error code returned by memdup_user() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> nfsd: Avoid some useless tests Jinpeng Cui <cui.jinpeng2(a)zte.com.cn> NFSD: remove redundant variable status Olga Kornievskaia <kolga(a)netapp.com> NFSD enforce filehandle check for source file in COPY Wolfram Sang <wsa+renesas(a)sang-engineering.com> lockd: move from strlcpy with unused retval to strscpy Wolfram Sang <wsa+renesas(a)sang-engineering.com> NFSD: move from strlcpy with unused retval to strscpy Al Viro <viro(a)zeniv.linux.org.uk> nfsd_splice_actor(): handle compound pages NeilBrown <neilb(a)suse.de> NFSD: fix regression with setting ACLs. NeilBrown <neilb(a)suse.de> NFSD: discard fh_locked flag and fh_lock/fh_unlock NeilBrown <neilb(a)suse.de> NFSD: use (un)lock_inode instead of fh_(un)lock for file operations NeilBrown <neilb(a)suse.de> NFSD: use explicit lock/unlock for directory ops NeilBrown <neilb(a)suse.de> NFSD: reduce locking in nfsd_lookup() NeilBrown <neilb(a)suse.de> NFSD: only call fh_unlock() once in nfsd_link() NeilBrown <neilb(a)suse.de> NFSD: always drop directory lock in nfsd_unlink() NeilBrown <neilb(a)suse.de> NFSD: change nfsd_create()/nfsd_symlink() to unlock directory before returning. NeilBrown <neilb(a)suse.de> NFSD: add posix ACLs to struct nfsd_attrs NeilBrown <neilb(a)suse.de> NFSD: add security label to struct nfsd_attrs NeilBrown <neilb(a)suse.de> NFSD: set attributes when creating symlinks NeilBrown <neilb(a)suse.de> NFSD: introduce struct nfsd_attrs Jeff Layton <jlayton(a)kernel.org> NFSD: verify the opened dentry after setting a delegation Jeff Layton <jlayton(a)kernel.org> NFSD: drop fh argument from alloc_init_deleg Chuck Lever <chuck.lever(a)oracle.com> NFSD: Move copy offload callback arguments into a separate structure Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add nfsd4_send_cb_offload() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove kmalloc from nfsd4_do_async_copy() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd4_do_copy() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd4_cleanup_inter_ssc() (2/2) Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd4_cleanup_inter_ssc() (1/2) Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace boolean fields in struct nfsd4_copy Chuck Lever <chuck.lever(a)oracle.com> NFSD: Make nfs4_put_copy() static Chuck Lever <chuck.lever(a)oracle.com> NFSD: Reorder the fields in struct nfsd4_op Chuck Lever <chuck.lever(a)oracle.com> NFSD: Shrink size of struct nfsd4_copy Chuck Lever <chuck.lever(a)oracle.com> NFSD: Shrink size of struct nfsd4_copy_notify Chuck Lever <chuck.lever(a)oracle.com> NFSD: nfserrno(-ENOMEM) is nfserr_jukebox Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix strncpy() fortify warning Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfsd4_encode_readlink() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use xdr_pad_size() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Simplify starting_len Chuck Lever <chuck.lever(a)oracle.com> NFSD: Optimize nfsd4_encode_readv() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add an nfsd4_read::rd_eof field Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up SPLICE_OK in nfsd4_encode_read() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Optimize nfsd4_encode_fattr() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Optimize nfsd4_encode_operation() Jeff Layton <jlayton(a)kernel.org> nfsd: silence extraneous printk on nfsd.ko insertion Dai Ngo <dai.ngo(a)oracle.com> NFSD: limit the number of v4 clients to 1024 per 1GB of system memory Dai Ngo <dai.ngo(a)oracle.com> NFSD: keep track of the number of v4 clients in the system Dai Ngo <dai.ngo(a)oracle.com> NFSD: refactoring v4 specific code to a helper in nfs4state.c Chuck Lever <chuck.lever(a)oracle.com> NFSD: Ensure nf_inode is never dereferenced Chuck Lever <chuck.lever(a)oracle.com> NFSD: NFSv4 CLOSE should release an nfsd_file immediately Chuck Lever <chuck.lever(a)oracle.com> NFSD: Move nfsd_file_trace_alloc() tracepoint Chuck Lever <chuck.lever(a)oracle.com> NFSD: Separate tracepoints for acquire and create Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up unused code after rhashtable conversion Chuck Lever <chuck.lever(a)oracle.com> NFSD: Convert the filecache to use rhashtable Chuck Lever <chuck.lever(a)oracle.com> NFSD: Set up an rhashtable for the filecache Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace the "init once" mechanism Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove nfsd_file::nf_hashval Chuck Lever <chuck.lever(a)oracle.com> NFSD: nfsd_file_hash_remove can compute hashval Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor __nfsd_file_close_inode() Chuck Lever <chuck.lever(a)oracle.com> NFSD: nfsd_file_unhash can compute hashval from nf->nf_inode Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove lockdep assertion from unhash_and_release_locked() Chuck Lever <chuck.lever(a)oracle.com> NFSD: No longer record nf_hashval in the trace log Chuck Lever <chuck.lever(a)oracle.com> NFSD: Never call nfsd_file_gc() in foreground paths Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix the filecache LRU shrinker Chuck Lever <chuck.lever(a)oracle.com> NFSD: Leave open files out of the filecache LRU Chuck Lever <chuck.lever(a)oracle.com> NFSD: Trace filecache LRU activity Chuck Lever <chuck.lever(a)oracle.com> NFSD: WARN when freeing an item still linked via nf_lru Chuck Lever <chuck.lever(a)oracle.com> NFSD: Hook up the filecache stat file Chuck Lever <chuck.lever(a)oracle.com> NFSD: Zero counters when the filecache is re-initialized Chuck Lever <chuck.lever(a)oracle.com> NFSD: Record number of flush calls Chuck Lever <chuck.lever(a)oracle.com> NFSD: Report the number of items evicted by the LRU walk Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd_file_lru_scan() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd_file_gc() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add nfsd_file_lru_dispose_list() helper Chuck Lever <chuck.lever(a)oracle.com> NFSD: Report average age of filecache items Chuck Lever <chuck.lever(a)oracle.com> NFSD: Report count of freed filecache items Chuck Lever <chuck.lever(a)oracle.com> NFSD: Report count of calls to nfsd_file_acquire() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Report filecache LRU size Chuck Lever <chuck.lever(a)oracle.com> NFSD: Demote a WARN to a pr_warn() Colin Ian King <colin.i.king(a)gmail.com> nfsd: remove redundant assignment to variable len Zhang Jiaming <jiaming(a)nfschina.com> NFSD: Fix space and spelling mistake Chuck Lever <chuck.lever(a)oracle.com> NFSD: Instrument fh_verify() Benjamin Coddington <bcodding(a)redhat.com> NLM: Defend against file_lock changes after vfs_test_lock() Xin Gao <gaoxin(a)cdjrlc.com> fsnotify: Fix comment typo Amir Goldstein <amir73il(a)gmail.com> fanotify: introduce FAN_MARK_IGNORE Amir Goldstein <amir73il(a)gmail.com> fanotify: cleanups for fanotify_mark() input validations Amir Goldstein <amir73il(a)gmail.com> fanotify: prepare for setting event flags in ignore mask Oliver Ford <ojford(a)gmail.com> fs: inotify: Fix typo in inotify comment Chuck Lever <chuck.lever(a)oracle.com> NFSD: Decode NFSv4 birth time attribute Amir Goldstein <amir73il(a)gmail.com> fanotify: refine the validation checks on non-dir inode mask NeilBrown <neilb(a)suse.de> NFS: restore module put when manager exits. Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix potential use-after-free in nfsd_file_put() Chuck Lever <chuck.lever(a)oracle.com> NFSD: nfsd_file_put() can sleep Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add documenting comment for nfsd4_release_lockowner() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Modernize nfsd4_release_lockowner() Zhang Xiaoxu <zhangxiaoxu5(a)huawei.com> nfsd: Fix null-ptr-deref in nfsd_fill_super() Zhang Xiaoxu <zhangxiaoxu5(a)huawei.com> nfsd: Unregister the cld notifier when laundry_wq create failed Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Use RMW bitops in single-threaded hot paths Chuck Lever <chuck.lever(a)oracle.com> NFSD: Trace filecache opens Chuck Lever <chuck.lever(a)oracle.com> NFSD: Move documenting comment for nfsd4_process_open2() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix whitespace Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove dprintk call sites from tail of nfsd4_open() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Instantiate a struct file when creating a regular NFSv4 file Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfsd_open_verified() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove do_nfsd_create() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor NFSv4 OPEN(CREATE) Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor NFSv3 CREATE Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd_create_setattr() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Avoid calling fh_drop_write() twice in do_nfsd_create() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfsd3_proc_create() Dai Ngo <dai.ngo(a)oracle.com> NFSD: Show state of courtesy client in client info Dai Ngo <dai.ngo(a)oracle.com> NFSD: add support for lock conflict to courteous server Dai Ngo <dai.ngo(a)oracle.com> fs/lock: add 2 callbacks to lock_manager_operations to resolve conflict Dai Ngo <dai.ngo(a)oracle.com> fs/lock: add helper locks_owner_has_blockers to check for blockers Dai Ngo <dai.ngo(a)oracle.com> NFSD: move create/destroy of laundry_wq to init_nfsd and exit_nfsd Dai Ngo <dai.ngo(a)oracle.com> NFSD: add support for share reservation conflict to courteous server Dai Ngo <dai.ngo(a)oracle.com> NFSD: add courteous server support for thread with only delegation Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfsd_splice_actor() Vasily Averin <vvs(a)openvz.org> fanotify: fix incorrect fmode_t casts Amir Goldstein <amir73il(a)gmail.com> fsnotify: consistent behavior for parent not watching children Amir Goldstein <amir73il(a)gmail.com> fsnotify: introduce mark type iterator Amir Goldstein <amir73il(a)gmail.com> fanotify: enable "evictable" inode marks Amir Goldstein <amir73il(a)gmail.com> fanotify: use fsnotify group lock helpers Amir Goldstein <amir73il(a)gmail.com> fanotify: implement "evictable" inode marks Amir Goldstein <amir73il(a)gmail.com> fanotify: factor out helper fanotify_mark_update_flags() Amir Goldstein <amir73il(a)gmail.com> fanotify: create helper fanotify_mark_user_flags() Amir Goldstein <amir73il(a)gmail.com> fsnotify: allow adding an inode mark without pinning inode Amir Goldstein <amir73il(a)gmail.com> dnotify: use fsnotify group lock helpers Amir Goldstein <amir73il(a)gmail.com> nfsd: use fsnotify group lock helpers Amir Goldstein <amir73il(a)gmail.com> inotify: use fsnotify group lock helpers Amir Goldstein <amir73il(a)gmail.com> fsnotify: create helpers for group mark_mutex lock Amir Goldstein <amir73il(a)gmail.com> fsnotify: make allow_dups a property of the group Amir Goldstein <amir73il(a)gmail.com> fsnotify: pass flags argument to fsnotify_alloc_group() Amir Goldstein <amir73il(a)gmail.com> inotify: move control flags from mask to mark flags Dai Ngo <dai.ngo(a)oracle.com> fs/lock: documentation cleanup. Replace inode->i_lock with flc_lock. Amir Goldstein <amir73il(a)gmail.com> fanotify: do not allow setting dirent events in mask of non-dir Trond Myklebust <trond.myklebust(a)hammerspace.com> nfsd: Clean up nfsd_file_put() Trond Myklebust <trond.myklebust(a)hammerspace.com> nfsd: Fix a write performance regression Bang Li <libang.linuxer(a)gmail.com> fsnotify: remove redundant parameter judgment Amir Goldstein <amir73il(a)gmail.com> fsnotify: optimize FS_MODIFY events with no ignored masks Amir Goldstein <amir73il(a)gmail.com> fsnotify: fix merge with parent's ignored mask Jakob Koschel <jakobkoschel(a)gmail.com> nfsd: fix using the correct variable for sizeof() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up _lm_ operation names Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove CONFIG_NFSD_V3 Chuck Lever <chuck.lever(a)oracle.com> NFSD: Move svc_serv_ops::svo_function into struct svc_serv Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove svc_serv_ops::svo_module Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Remove svc_shutdown_net() Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Rename svc_close_xprt() Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Rename svc_create_xprt() Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Remove svo_shutdown method Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Merge svc_do_enqueue_xprt() into svc_enqueue_xprt() Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Remove the .svo_enqueue_xprt method Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove NFSD_PROC_ARGS_* macros Chuck Lever <chuck.lever(a)oracle.com> NFSD: Streamline the rare "found" case Chuck Lever <chuck.lever(a)oracle.com> NFSD: Skip extra computation for RC_NOCACHE case Chuck Lever <chuck.lever(a)oracle.com> orDate: Thu Sep 30 19:19:57 2021 -0400 Ondrej Valousek <ondrej.valousek.xm(a)renesas.com> nfsd: Add support for the birth time attribute Chuck Lever <chuck.lever(a)oracle.com> NFSD: Deprecate NFS_OFFSET_MAX Amir Goldstein <amir73il(a)gmail.com> fsnotify: invalidate dcache before IN_DELETE event Chuck Lever <chuck.lever(a)oracle.com> NFSD: Move fill_pre_wcc() and fill_post_wcc() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Trace boot verifier resets Chuck Lever <chuck.lever(a)oracle.com> NFSD: Rename boot verifier functions Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up the nfsd_net::nfssvc_boot field Chuck Lever <chuck.lever(a)oracle.com> NFSD: Write verifier might go backwards Trond Myklebust <trond.myklebust(a)hammerspace.com> nfsd: Add a tracepoint for errors in nfsd4_clone_file_range() Chuck Lever <chuck.lever(a)oracle.com> NFSD: De-duplicate net_generic(SVC_NET(rqstp), nfsd_net_id) Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfsd_vfs_write() Jeff Layton <jeff.layton(a)primarydata.com> nfsd: Retry once in nfsd_open on an -EOPENSTALE return Jeff Layton <jeff.layton(a)primarydata.com> nfsd: Add errno mapping for EREMOTEIO Peng Tao <tao.peng(a)primarydata.com> nfsd: map EBADF Vasily Averin <vvs(a)virtuozzo.com> nfsd4: add refcount for nfsd4_blocked_lock J. Bruce Fields <bfields(a)redhat.com> nfs: block notification on fs with its own ->lock Chuck Lever <chuck.lever(a)oracle.com> NFSD: De-duplicate nfsd4_decode_bitmap4() J. Bruce Fields <bfields(a)redhat.com> nfsd: improve stateid access bitmask documentation Chuck Lever <chuck.lever(a)oracle.com> NFSD: Combine XDR error tracepoints NeilBrown <neilb(a)suse.de> NFSD: simplify per-net file cache management Jiapeng Chong <jiapeng.chong(a)linux.alibaba.com> NFSD: Fix inconsistent indenting Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove be32_to_cpu() from DRC hash function NeilBrown <neilb(a)suse.de> NFS: switch the callback service back to non-pooled. NeilBrown <neilb(a)suse.de> lockd: use svc_set_num_threads() for thread start and stop NeilBrown <neilb(a)suse.de> SUNRPC: always treat sv_nrpools==1 as "not pooled" NeilBrown <neilb(a)suse.de> SUNRPC: move the pool_map definitions (back) into svc.c NeilBrown <neilb(a)suse.de> lockd: rename lockd_create_svc() to lockd_get() NeilBrown <neilb(a)suse.de> lockd: introduce lockd_put() NeilBrown <neilb(a)suse.de> lockd: move svc_exit_thread() into the thread NeilBrown <neilb(a)suse.de> lockd: move lockd_start_svc() call into lockd_create_svc() NeilBrown <neilb(a)suse.de> lockd: simplify management of network status notifiers NeilBrown <neilb(a)suse.de> lockd: introduce nlmsvc_serv NeilBrown <neilb(a)suse.de> NFSD: simplify locking for network notifier. NeilBrown <neilb(a)suse.de> SUNRPC: discard svo_setup and rename svc_set_num_threads_sync() NeilBrown <neilb(a)suse.de> NFSD: Make it possible to use svc_set_num_threads_sync NeilBrown <neilb(a)suse.de> NFSD: narrow nfsd_mutex protection in nfsd thread NeilBrown <neilb(a)suse.de> SUNRPC: use sv_lock to protect updates to sv_nrthreads. NeilBrown <neilb(a)suse.de> nfsd: make nfsd_stats.th_cnt atomic_t NeilBrown <neilb(a)suse.de> SUNRPC: stop using ->sv_nrthreads as a refcount NeilBrown <neilb(a)suse.de> SUNRPC/NFSD: clean up get/put functions. NeilBrown <neilb(a)suse.de> SUNRPC: change svc_get() to return the svc. NeilBrown <neilb(a)suse.de> NFSD: handle errors better in write_ports_addfd() Eric W. Biederman <ebiederm(a)xmission.com> exit: Rename module_put_and_exit to module_put_and_kthread_exit Eric W. Biederman <ebiederm(a)xmission.com> exit: Implement kthread_exit Amir Goldstein <amir73il(a)gmail.com> fanotify: wire up FAN_RENAME event Amir Goldstein <amir73il(a)gmail.com> fanotify: report old and/or new parent+name in FAN_RENAME event Amir Goldstein <amir73il(a)gmail.com> fanotify: record either old name new name or both for FAN_RENAME Amir Goldstein <amir73il(a)gmail.com> fanotify: record old and new parent and name in FAN_RENAME event Amir Goldstein <amir73il(a)gmail.com> fanotify: support secondary dir fh and name in fanotify_info Amir Goldstein <amir73il(a)gmail.com> fanotify: use helpers to parcel fanotify_info buffer Amir Goldstein <amir73il(a)gmail.com> fanotify: use macros to get the offset to fanotify_info buffer Amir Goldstein <amir73il(a)gmail.com> fsnotify: generate FS_RENAME event with rich information Amir Goldstein <amir73il(a)gmail.com> fanotify: introduce group flag FAN_REPORT_TARGET_FID Amir Goldstein <amir73il(a)gmail.com> fsnotify: separate mark iterator type from object type enum Amir Goldstein <amir73il(a)gmail.com> fsnotify: clarify object type argument Gabriel Krisman Bertazi <krisman(a)collabora.com> ext4: fix error code saved on super block during file system abort J. Bruce Fields <bfields(a)redhat.com> nfsd4: remove obselete comment Changcheng Deng <deng.changcheng(a)zte.com.cn> NFSD:fix boolreturn.cocci warning J. Bruce Fields <bfields(a)redhat.com> nfsd: update create verifier comment Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Change return value type of .pc_encode Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Replace the "__be32 *p" parameter to .pc_encode Chuck Lever <chuck.lever(a)oracle.com> NFSD: Save location of NFSv4 COMPOUND status Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Change return value type of .pc_decode Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Replace the "__be32 *p" parameter to .pc_decode Colin Ian King <colin.king(a)canonical.com> NFSD: Initialize pointer ni with NULL and not plain integer 0 NeilBrown <neilb(a)suse.de> NFSD: simplify struct nfsfh NeilBrown <neilb(a)suse.de> NFSD: drop support for ancient filehandles NeilBrown <neilb(a)suse.de> NFSD: move filehandle format declarations out of "uapi". Chuck Lever <chuck.lever(a)oracle.com> NFSD: Optimize DRC bucket pruning Chuck Lever <chuck.lever(a)oracle.com> NFS: Move NFS protocol display macros to global header Chuck Lever <chuck.lever(a)oracle.com> NFS: Move generic FS show macros to global header Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Tracepoints should display tk_pid and cl_clid as a fixed-size field Chuck Lever <chuck.lever(a)oracle.com> NFS: Remove unnecessary TRACE_DEFINE_ENUM()s Gabriel Krisman Bertazi <krisman(a)collabora.com> docs: Document the FAN_FS_ERROR event Gabriel Krisman Bertazi <krisman(a)collabora.com> ext4: Send notifications on error Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Allow users to request FAN_FS_ERROR events Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Emit generic error info for error event Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Report fid info for file related file system errors Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: WARN_ON against too large file handles Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Add helpers to decide whether to report FID/DFID Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Wrap object_fh inline space in a creator macro Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Support merging of error events Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Support enqueueing of error events Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Pre-allocate pool of error events Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Reserve UAPI bits for FAN_FS_ERROR Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Support FS_ERROR event type Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Require fid_mode for any non-fd event Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Encode empty file handle when no inode is provided Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Allow file handle encoding for unhashed events Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Support null inode event in fanotify_dfid_inode Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Pass group argument to free_event Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Protect fsnotify_handle_inode_event from no-inode events Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Retrieve super block from the data field Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Add wrapper around fsnotify_add_event Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Add helper to detect overflow_event Gabriel Krisman Bertazi <krisman(a)collabora.com> inotify: Don't force FS_IN_IGNORED Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Split fsid check from other fid mode checks Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Fold event size calculation to its own function Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Don't insert unmergeable events in hashtable Amir Goldstein <amir73il(a)gmail.com> fsnotify: clarify contract for create event hooks Amir Goldstein <amir73il(a)gmail.com> fsnotify: pass dentry instead of inode data Amir Goldstein <amir73il(a)gmail.com> fsnotify: pass data_type to fsnotify_name() Peter Zijlstra <peterz(a)infradead.org> x86/static_call: Add support for Jcc tail-calls Peter Zijlstra <peterz(a)infradead.org> x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 instructions Peter Zijlstra <peterz(a)infradead.org> x86/alternatives: Introduce int3_emulate_jcc() Thomas Gleixner <tglx(a)linutronix.de> x86/asm: Differentiate between code and function alignment Peter Zijlstra <peterz(a)infradead.org> arch: Introduce CONFIG_FUNCTION_ALIGNMENT Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/rfds: Mitigate Register File Data Sampling (RFDS) Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> Documentation/hw-vuln: Add documentation for RFDS Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> KVM/VMX: Move VERW closer to VMentry for MDS mitigation Sean Christopherson <seanjc(a)google.com> KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/entry_32: Add VERW just before userspace transition Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/entry_64: Add VERW just before userspace transition Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Add asm helpers for executing VERW H. Peter Anvin (Intel) <hpa(a)zytor.com> x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Limit stage2_apply_range() batch size to largest block Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Work out supported block level at compile time Rickard x Andersson <rickaran(a)axis.com> tty: serial: imx: Fix broken RS485 John Ogness <john.ogness(a)linutronix.de> printk: Update @console_may_schedule in console_trylock_spinning() Nicolin Chen <nicolinc(a)nvidia.com> iommu/dma: Force swiotlb_max_mapping_size on an untrusted device John Garry <john.garry(a)huawei.com> dma-iommu: add iommu_dma_opt_mapping_size() John Garry <john.garry(a)huawei.com> dma-mapping: add dma_opt_mapping_size() Will Deacon <will(a)kernel.org> swiotlb: Fix alignment checks when both allocation and DMA masks are present David Laight <David.Laight(a)ACULAB.COM> minmax: add umin(a, b) and umax(a, b) André Rösti <an.roesti(a)gmail.com> entry: Respect changes to system call number by trace_sys_enter() Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> clocksource/drivers/arm_global_timer: Fix maximum prescaler value Jarred White <jarredwhite(a)linux.microsoft.com> ACPI: CPPC: Use access_width over bit_width for system memory accesses Maximilian Heyne <mheyne(a)amazon.de> xen/events: close evtchn after mapping cleanup Heiner Kallweit <hkallweit1(a)gmail.com> i2c: i801: Avoid potential double call to gpiod_remove_lookup_table Sumit Garg <sumit.garg(a)linaro.org> tee: optee: Fix kernel panic caused by incorrect error handling Bart Van Assche <bvanassche(a)acm.org> fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion Nicolas Pitre <nico(a)fluxnic.net> vt: fix unicode buffer corruption when deleting characters Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add arrow lake point H DID Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add arrow lake point S DID Sherry Sun <sherry.sun(a)nxp.com> tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled Mathias Nyman <mathias.nyman(a)linux.intel.com> usb: port: Don't try to peer unused USB ports based on location Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: gadget: ncm: Fix handling of zero block length packets Alan Stern <stern(a)rowland.harvard.edu> USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform Nirmoy Das <nirmoy.das(a)intel.com> drm/i915: Check before removing mm notifier Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Use .flush() call to wake up readers Sean Christopherson <seanjc(a)google.com> KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() Nathan Chancellor <nathan(a)kernel.org> xfrm: Avoid clang fortify warning in copy_to_user_tmpl() Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject constant set with timeout Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: disallow anonymous set with timeout flag Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> cpufreq: brcmstb-avs-cpufreq: fix up "add check for cpufreq_cpu_get's return value" Geert Uytterhoeven <geert+renesas(a)glider.be> net: ravb: Add R-Car Gen4 support Anton Altaparmakov <anton(a)tuxera.com> x86/pm: Work around false positive kmemleak report in msr_build_context() Mikulas Patocka <mpatocka(a)redhat.com> dm snapshot: fix lockup in dm_exception_table_exit Leo Ma <hanghong.ma(a)amd.com> drm/amd/display: Fix noise issue on HDMI AV mute Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> drm/amd/display: Return the correct HDCP error code Philip Yang <Philip.Yang(a)amd.com> drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag Conrad Kostecki <conikost(a)gentoo.org> ahci: asm1064: asm1166: don't limit reported ports Andrey Jr. Melnikov <temnota.am(a)gmail.com> ahci: asm1064: correct count of reported ports Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: netlink: access device through ctx instead of peer Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: netlink: check for dangling peer via is_dead instead of empty list Steven Rostedt (Google) <rostedt(a)goodmis.org> net: hns3: tracing: fix hclgevf trace event strings Steven Rostedt (Google) <rostedt(a)goodmis.org> NFSD: Fix nfsd_clid_class use of __string_len() macro Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Update the Zenbleed microcode revisions Marek Szyprowski <m.szyprowski(a)samsung.com> cpufreq: dt: always allocate zeroed cpumask Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: prevent kernel bug at submit_bh_wbc() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix failure to detect DAT corruption in btree and direct mappings Qiang Zhang <qiang4.zhang(a)intel.com> memtest: use {READ,WRITE}_ONCE in memory scanning Jani Nikula <jani.nikula(a)intel.com> drm/vc4: hdmi: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/imx/ipuv3: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/exynos: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/panel: do not return negative error codes from drm_panel_get_modes() Harald Freudenberger <freude(a)linux.ibm.com> s390/zcrypt: fix reference counting on zcrypt card objects Sean Anderson <sean.anderson(a)linux.dev> soc: fsl: qbman: Use raw spinlock for cgr_lock Sean Anderson <sean.anderson(a)seco.com> soc: fsl: qbman: Add CGR update function Sean Anderson <sean.anderson(a)seco.com> soc: fsl: qbman: Add helper for sanity checking cgr ops Sean Anderson <sean.anderson(a)linux.dev> soc: fsl: qbman: Always disable interrupts when taking cgr_lock Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix full_waiters_pending in poll Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix resetting of shortest_full Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Do not set shortest_full when full target is hit Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix waking up ring buffer readers Marios Makassikis <mmakassikis(a)freebox.fr> ksmbd: retrieve number of blocks using vfs_getattr in set_file_allocation_info Alex Williamson <alex.williamson(a)redhat.com> vfio/platform: Disable virqfds on cleanup Niklas Cassel <cassel(a)kernel.org> PCI: dwc: endpoint: Fix advertised resizable BAR size Nathan Chancellor <nathan(a)kernel.org> kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 Josef Bacik <josef(a)toxicpanda.com> nfs: fix UAF in direct writes Stanislaw Gruszka <stanislaw.gruszka(a)linux.intel.com> PCI/AER: Block runtime suspend when handling errors Samuel Thibault <samuel.thibault(a)ens-lyon.org> speakup: Fix 8bit characters from direct synth Wayne Chang <waynec(a)nvidia.com> usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic Wayne Chang <waynec(a)nvidia.com> phy: tegra: xusb: Add API to retrieve the port number of phy Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> slimbus: core: Remove usage of the deprecated ida_simple_xx() API Jerome Brunet <jbrunet(a)baylibre.com> nvmem: meson-efuse: fix function pointer type mismatch Maximilian Heyne <mheyne(a)amazon.de> ext4: fix corruption during on-line resize Josua Mayer <josua(a)solid-run.com> hwmon: (amc6821) add of_match table Mickaël Salaün <mic(a)digikod.net> landlock: Warn once if a Landlock action is requested while disabled Christian Gmeiner <cgmeiner(a)igalia.com> drm/etnaviv: Restore some id values Dominique Martinet <dominique.martinet(a)atmark-techno.com> mmc: core: Fix switch on gp3 partition Ryan Roberts <ryan.roberts(a)arm.com> mm: swap: fix race between free_swap_and_cache() and swapoff() Huang Ying <ying.huang(a)intel.com> swap: comments get_swap_device() with usage rule Fedor Pchelkin <pchelkin(a)ispras.ru> mac802154: fix llsec key resources release in mac802154_llsec_key_del Yu Kuai <yukuai3(a)huawei.com> dm-raid: fix lockdep waring in "pers->hot_add_disk" Paul Menzel <pmenzel(a)molgen.mpg.de> PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports Mika Westerberg <mika.westerberg(a)linux.intel.com> PCI/DPC: Quirk PIO log size for certain Intel Root Ports Mika Westerberg <mika.westerberg(a)linux.intel.com> PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited Bjorn Helgaas <bhelgaas(a)google.com> PCI: Work around Intel I210 ROM BAR overlap defect Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PCI/PM: Drain runtime-idle callbacks before driver removal Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> PCI: Drop pci_device_remove() test of pci_dev->driver Filipe Manana <fdmanana(a)suse.com> btrfs: fix off-by-one chunk length calculation at contains_pending_extent() Peter Collingbourne <pcc(a)google.com> serial: Lock console when calling into driver before registration Petr Mladek <pmladek(a)suse.com> printk/console: Split out code that enables default console Jameson Thies <jthies(a)google.com> usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros Miklos Szeredi <mszeredi(a)redhat.com> fuse: don't unhash root Miklos Szeredi <mszeredi(a)redhat.com> fuse: fix root lookup with nonzero generation Wolfram Sang <wsa+renesas(a)sang-engineering.com> mmc: tmio: avoid concurrent runs of mmc_request_done() Qingliang Li <qingliang.li(a)mediatek.com> PM: sleep: wakeirq: fix wake irq warning in system suspend Toru Katagiri <Toru.Katagiri(a)tdk.com> USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M Aurélien Jacobs <aurel(a)gnuage.org> USB: serial: option: add MeiG Smart SLM320 product Christian Häggström <christian.haggstrom(a)orexplore.com> USB: serial: cp210x: add ID for MGP Instruments PDS100 Cameron Williams <cang1(a)live.co.uk> USB: serial: add device ID for VeriFone adapter Daniel Vogelbacher <daniel(a)chaospixel.com> USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB Michael Ellerman <mpe(a)ellerman.id.au> powerpc/fsl: Fix mfpmr build errors with newer binutils Prashanth K <quic_prashk(a)quicinc.com> usb: xhci: Add error handling in xhci_map_urb_for_dma Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays Maulik Shah <quic_mkshah(a)quicinc.com> PM: suspend: Set mem_sleep_current during kernel command line setup Guenter Roeck <linux(a)roeck-us.net> parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds Guenter Roeck <linux(a)roeck-us.net> parisc: Fix csum_ipv6_magic on 64-bit systems Guenter Roeck <linux(a)roeck-us.net> parisc: Fix csum_ipv6_magic on 32-bit systems Guenter Roeck <linux(a)roeck-us.net> parisc: Fix ip_fast_csum John David Anglin <dave.anglin(a)bell.net> parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt macros Arseniy Krasnov <avkrasnov(a)salutedevices.com> mtd: rawnand: meson: fix scrambling mode value in command macro Zhang Yi <yi.zhang(a)huawei.com> ubi: correct the calculation of fastmap size Richard Weinberger <richard(a)nod.at> ubi: Check for too small LEB size in VTBL code Matthew Wilcox (Oracle) <willy(a)infradead.org> ubifs: Set page uptodate in the correct place Jan Kara <jack(a)suse.cz> fat: fix uninitialized field in nostale filehandles Matthew Wilcox (Oracle) <willy(a)infradead.org> bounds: support non-power-of-two CONFIG_NR_CPUS Arnd Bergmann <arnd(a)arndb.de> kasan/test: avoid gcc warning for intentional overflow Peter Collingbourne <pcc(a)google.com> kasan: test: add memcpy test that avoids out-of-bounds write Damien Le Moal <dlemoal(a)kernel.org> block: Clear zone limits for a non-zoned stacked queue Baokun Li <libaokun1(a)huawei.com> ext4: correct best extent lstart adjustment logic SeongJae Park <sj(a)kernel.org> selftests/mqueue: Set timeout to 180 seconds Damian Muszynski <damian.muszynski(a)intel.com> crypto: qat - resolve race condition during AER recovery Svyatoslav Pankratov <svyatoslav.pankratov(a)intel.com> crypto: qat - fix double free during reset Randy Dunlap <rdunlap(a)infradead.org> sparc: vDSO: fix return value of __setup handler Randy Dunlap <rdunlap(a)infradead.org> sparc64: NMI watchdog: fix return value of __setup handler Sean Christopherson <seanjc(a)google.com> KVM: Always flush async #PF workqueue when vCPU is being destroyed Gui-Dong Han <2045gemini(a)gmail.com> media: xc4000: Fix atomicity violation in xc4000_get_frequency Philipp Stanner <pstanner(a)redhat.com> pci_iounmap(): Fix MMIO mapping leak Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix possible null pointer derefence with invalid contexts Duje Mihanović <duje.mihanovic(a)skole.hr> arm: dts: marvell: Fix maxium->maxim typo in brownstone dts Roberto Sassu <roberto.sassu(a)huawei.com> smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() Roberto Sassu <roberto.sassu(a)huawei.com> smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() Amit Pundir <amit.pundir(a)linaro.org> clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd Hidenori Kobayashi <hidenorik(a)chromium.org> media: staging: ipu3-imgu: Set fields before media_entity_pads_init() Zheng Wang <zyytlz.wz(a)163.com> wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach Thomas Gleixner <tglx(a)linutronix.de> timers: Rename del_timer_sync() to timer_delete_sync() Thomas Gleixner <tglx(a)linutronix.de> timers: Use del_timer_sync() even on UP Thomas Gleixner <tglx(a)linutronix.de> timers: Update kernel-doc for various functions Jim Mattson <jmattson(a)google.com> KVM: x86: Use a switch statement and macros in __feature_translate() Jim Mattson <jmattson(a)google.com> KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace Sean Christopherson <seanjc(a)google.com> KVM: x86: Update KVM-only leaf handling to allow for 100% KVM-only leafs Borislav Petkov <bp(a)suse.de> x86/bugs: Use sysfs_emit() Kim Phillips <kim.phillips(a)amd.com> x86/cpu: Support AMD Automatic IBRS Lin Yujun <linyujun809(a)huawei.com> Documentation/hw-vuln: Update spectre doc ------------- Diffstat: Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + .../admin-guide/filesystem-monitoring.rst | 74 ++ Documentation/admin-guide/hw-vuln/index.rst | 1 + .../admin-guide/hw-vuln/reg-file-data-sampling.rst | 104 ++ Documentation/admin-guide/hw-vuln/spectre.rst | 66 +- Documentation/admin-guide/index.rst | 1 + Documentation/admin-guide/kernel-parameters.txt | 39 +- Documentation/core-api/dma-api.rst | 14 + Documentation/filesystems/locking.rst | 10 +- Documentation/filesystems/nfs/exporting.rst | 33 + Documentation/x86/mds.rst | 34 +- MAINTAINERS | 7 + Makefile | 8 +- arch/Kconfig | 24 + arch/arm/boot/dts/mmp2-brownstone.dts | 2 +- arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 2 + arch/arm64/include/asm/kvm_pgtable.h | 18 +- arch/arm64/include/asm/stage2_pgtable.h | 20 - arch/arm64/kvm/mmu.c | 9 +- arch/hexagon/kernel/vmlinux.lds.S | 1 + arch/ia64/Kconfig | 1 + arch/ia64/Makefile | 2 +- arch/openrisc/kernel/dma.c | 16 +- arch/parisc/include/asm/assembly.h | 18 +- arch/parisc/include/asm/checksum.h | 10 +- arch/powerpc/include/asm/reg_fsl_emb.h | 11 +- arch/powerpc/lib/Makefile | 2 +- arch/riscv/include/asm/uaccess.h | 4 +- arch/riscv/kernel/process.c | 3 - arch/s390/kernel/entry.S | 1 + arch/sparc/kernel/nmi.c | 2 +- arch/sparc/vdso/vma.c | 7 +- arch/x86/Kconfig | 38 + arch/x86/boot/compressed/head_64.S | 8 + arch/x86/entry/common.c | 6 +- arch/x86/entry/entry.S | 23 + arch/x86/entry/entry_32.S | 3 + arch/x86/entry/entry_64.S | 72 ++ arch/x86/entry/entry_64_compat.S | 4 + arch/x86/entry/syscall_32.c | 21 +- arch/x86/entry/syscall_64.c | 19 +- arch/x86/entry/syscall_x32.c | 10 +- arch/x86/include/asm/asm-prototypes.h | 1 + arch/x86/include/asm/asm.h | 5 + arch/x86/include/asm/cpufeature.h | 8 +- arch/x86/include/asm/cpufeatures.h | 18 +- arch/x86/include/asm/disabled-features.h | 3 +- arch/x86/include/asm/entry-common.h | 1 - arch/x86/include/asm/linkage.h | 12 +- arch/x86/include/asm/msr-index.h | 19 +- arch/x86/include/asm/nospec-branch.h | 64 +- arch/x86/include/asm/required-features.h | 3 +- arch/x86/include/asm/suspend_32.h | 10 +- arch/x86/include/asm/syscall.h | 10 +- arch/x86/include/asm/text-patching.h | 31 + arch/x86/kernel/alternative.c | 56 +- arch/x86/kernel/cpu/amd.c | 10 +- arch/x86/kernel/cpu/bugs.c | 360 ++++-- arch/x86/kernel/cpu/common.c | 77 +- arch/x86/kernel/cpu/mce/core.c | 4 +- arch/x86/kernel/cpu/scattered.c | 1 + arch/x86/kernel/kprobes/core.c | 38 +- arch/x86/kernel/nmi.c | 3 - arch/x86/kernel/static_call.c | 50 +- arch/x86/kvm/cpuid.c | 29 +- arch/x86/kvm/reverse_cpuid.h | 45 +- arch/x86/kvm/svm/sev.c | 18 +- arch/x86/kvm/vmx/run_flags.h | 7 +- arch/x86/kvm/vmx/vmenter.S | 11 +- arch/x86/kvm/vmx/vmx.c | 12 +- arch/x86/kvm/x86.c | 17 +- arch/x86/lib/retpoline.S | 5 +- arch/x86/mm/ident_map.c | 23 +- block/blk-settings.c | 4 + crypto/algboss.c | 4 +- drivers/accessibility/speakup/synth.c | 4 +- drivers/acpi/acpica/dbnames.c | 8 +- drivers/acpi/cppc_acpi.c | 27 +- drivers/ata/ahci.c | 5 - drivers/ata/sata_mv.c | 63 +- drivers/ata/sata_sx4.c | 6 +- drivers/base/core.c | 26 +- drivers/base/cpu.c | 8 + drivers/base/power/wakeirq.c | 4 +- drivers/clk/qcom/gcc-ipq6018.c | 2 + drivers/clk/qcom/gcc-ipq8074.c | 2 + drivers/clk/qcom/gcc-sdm845.c | 1 + drivers/clk/qcom/mmcc-apq8084.c | 2 + drivers/clk/qcom/mmcc-msm8974.c | 2 + drivers/clocksource/arm_global_timer.c | 2 +- drivers/cpufreq/brcmstb-avs-cpufreq.c | 5 +- drivers/cpufreq/cpufreq-dt.c | 2 +- drivers/crypto/qat/qat_common/adf_aer.c | 23 +- drivers/firmware/efi/vars.c | 17 +- drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 8 +- drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c | 12 +- .../gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 + drivers/gpu/drm/drm_panel.c | 17 +- drivers/gpu/drm/etnaviv/etnaviv_drv.c | 2 +- drivers/gpu/drm/etnaviv/etnaviv_hwdb.c | 9 + drivers/gpu/drm/exynos/exynos_drm_vidi.c | 4 +- drivers/gpu/drm/exynos/exynos_hdmi.c | 4 +- drivers/gpu/drm/i915/gem/i915_gem_userptr.c | 3 + drivers/gpu/drm/i915/gt/intel_engine_pm.c | 3 - .../gpu/drm/i915/gt/intel_execlists_submission.c | 3 + drivers/gpu/drm/imx/parallel-display.c | 4 +- drivers/gpu/drm/vc4/vc4_hdmi.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 14 +- drivers/hid/uhid.c | 20 +- drivers/hwmon/amc6821.c | 11 + drivers/i2c/busses/i2c-i801.c | 4 +- drivers/infiniband/core/cm_trace.h | 2 +- drivers/infiniband/core/cma_trace.h | 2 +- drivers/iommu/dma-iommu.c | 15 + drivers/iommu/iova.c | 5 + drivers/md/dm-integrity.c | 2 +- drivers/md/dm-raid.c | 2 + drivers/md/dm-snap.c | 4 +- drivers/media/tuners/xc4000.c | 4 +- drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/mmc/core/block.c | 14 +- drivers/mmc/host/tmio_mmc_core.c | 2 + drivers/mtd/nand/raw/meson_nand.c | 2 +- drivers/mtd/ubi/fastmap.c | 7 +- drivers/mtd/ubi/vtbl.c | 6 + drivers/net/ethernet/freescale/fec_main.c | 11 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_trace.h | 8 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_trace.h | 8 +- drivers/net/ethernet/intel/i40e/i40e.h | 6 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 14 +- drivers/net/ethernet/intel/i40e/i40e_ptp.c | 6 +- drivers/net/ethernet/intel/i40e/i40e_register.h | 3 + drivers/net/ethernet/intel/i40e/i40e_txrx.c | 82 +- drivers/net/ethernet/intel/i40e/i40e_txrx.h | 5 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 34 +- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 16 +- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 + .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 2 +- .../net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 2 +- .../ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c | 31 +- drivers/net/ethernet/realtek/r8169_main.c | 11 +- drivers/net/ethernet/renesas/ravb_main.c | 8 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 +- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 38 +- drivers/net/ethernet/xilinx/ll_temac_main.c | 2 +- drivers/net/usb/asix.h | 3 + drivers/net/usb/asix_devices.c | 20 +- drivers/net/wireguard/netlink.c | 10 +- .../broadcom/brcm80211/brcmfmac/cfg80211.c | 4 +- drivers/net/wireless/intel/iwlwifi/mvm/rfi.c | 12 +- drivers/net/xen-netfront.c | 1 + drivers/nvme/host/core.c | 6 +- drivers/nvmem/meson-efuse.c | 25 +- drivers/of/dynamic.c | 12 + drivers/pci/controller/dwc/pcie-designware-ep.c | 7 +- drivers/pci/pci-driver.c | 23 +- drivers/pci/pcie/dpc.c | 15 +- drivers/pci/pcie/err.c | 20 + drivers/pci/quirks.c | 100 ++ drivers/pci/setup-res.c | 8 +- drivers/phy/tegra/xusb.c | 13 + drivers/s390/crypto/zcrypt_api.c | 2 + drivers/s390/net/qeth_core_main.c | 38 +- drivers/scsi/hosts.c | 7 +- drivers/scsi/lpfc/lpfc_nvmet.c | 2 +- drivers/scsi/myrb.c | 20 +- drivers/scsi/myrs.c | 24 +- drivers/scsi/qla2xxx/qla_attr.c | 14 +- drivers/scsi/qla2xxx/qla_def.h | 2 +- drivers/scsi/qla2xxx/qla_gbl.h | 2 +- drivers/scsi/qla2xxx/qla_gs.c | 2 +- drivers/scsi/qla2xxx/qla_init.c | 128 +-- drivers/scsi/qla2xxx/qla_iocb.c | 68 +- drivers/scsi/qla2xxx/qla_mbx.c | 2 +- drivers/scsi/qla2xxx/qla_os.c | 2 +- drivers/scsi/qla2xxx/qla_target.c | 10 + drivers/slimbus/core.c | 4 +- drivers/soc/fsl/qbman/qman.c | 98 +- drivers/staging/media/ipu3/ipu3-v4l2.c | 16 +- .../staging/vc04_services/vchiq-mmal/mmal-vchiq.c | 5 +- drivers/tee/optee/device.c | 3 +- drivers/thermal/devfreq_cooling.c | 2 +- drivers/tty/serial/8250/8250_port.c | 6 - drivers/tty/serial/fsl_lpuart.c | 7 +- drivers/tty/serial/imx.c | 22 +- drivers/tty/serial/sc16is7xx.c | 15 +- drivers/tty/serial/serial_core.c | 12 + drivers/tty/vt/vt.c | 2 +- drivers/usb/class/cdc-wdm.c | 6 +- drivers/usb/core/hub.c | 23 +- drivers/usb/core/hub.h | 2 + drivers/usb/core/port.c | 5 +- drivers/usb/core/sysfs.c | 16 +- drivers/usb/dwc2/core.h | 14 + drivers/usb/dwc2/core_intr.c | 72 +- drivers/usb/dwc2/gadget.c | 10 + drivers/usb/dwc2/hcd.c | 49 +- drivers/usb/dwc2/hcd_ddma.c | 17 +- drivers/usb/dwc2/hw.h | 2 +- drivers/usb/dwc2/platform.c | 2 +- drivers/usb/gadget/function/f_ncm.c | 2 +- drivers/usb/gadget/udc/core.c | 4 +- drivers/usb/gadget/udc/tegra-xudc.c | 39 +- drivers/usb/host/xhci.c | 2 + drivers/usb/phy/phy-generic.c | 7 - drivers/usb/serial/cp210x.c | 4 + drivers/usb/serial/ftdi_sio.c | 2 + drivers/usb/serial/ftdi_sio_ids.h | 6 + drivers/usb/serial/option.c | 6 + drivers/usb/storage/isd200.c | 23 +- drivers/usb/storage/scsiglue.c | 1 - drivers/usb/storage/uas.c | 81 +- drivers/usb/storage/usb.c | 4 +- drivers/usb/typec/ucsi/ucsi.c | 42 +- drivers/usb/typec/ucsi/ucsi.h | 4 +- drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c | 7 +- drivers/vfio/pci/vfio_pci_intrs.c | 188 +-- drivers/vfio/platform/vfio_platform_irq.c | 106 +- drivers/vfio/virqfd.c | 21 + drivers/xen/events/events_base.c | 5 +- fs/Kconfig | 2 +- fs/aio.c | 8 +- fs/btrfs/scrub.c | 12 +- fs/btrfs/volumes.c | 2 +- fs/cifs/connect.c | 2 +- fs/exec.c | 1 + fs/exportfs/expfs.c | 8 +- fs/ext4/mballoc.c | 17 +- fs/ext4/resize.c | 3 +- fs/ext4/super.c | 10 +- fs/fat/nfs.c | 6 + fs/fuse/dir.c | 4 + fs/fuse/fuse_i.h | 1 - fs/fuse/inode.c | 7 +- fs/ksmbd/smb2pdu.c | 10 +- fs/lockd/host.c | 2 +- fs/lockd/svc.c | 223 ++-- fs/lockd/svc4proc.c | 29 +- fs/lockd/svclock.c | 31 +- fs/lockd/svcproc.c | 30 +- fs/lockd/svcsubs.c | 4 +- fs/lockd/xdr.c | 152 ++- fs/lockd/xdr4.c | 153 ++- fs/locks.c | 85 +- fs/nfs/callback.c | 96 +- fs/nfs/callback_xdr.c | 5 +- fs/nfs/direct.c | 11 +- fs/nfs/export.c | 9 +- fs/nfs/nfs4state.c | 2 +- fs/nfs/nfs4trace.h | 477 +------- fs/nfs/nfstrace.h | 269 +---- fs/nfs/pnfs.h | 4 - fs/nfs/write.c | 2 +- fs/nfsd/Kconfig | 27 +- fs/nfsd/Makefile | 8 +- fs/nfsd/acl.h | 6 +- fs/nfsd/blocklayout.c | 1 + fs/nfsd/blocklayoutxdr.c | 1 + fs/nfsd/cache.h | 2 +- fs/nfsd/export.h | 1 - fs/nfsd/filecache.c | 1192 +++++++++++--------- fs/nfsd/filecache.h | 19 +- fs/nfsd/flexfilelayout.c | 3 +- fs/nfsd/lockd.c | 2 +- fs/nfsd/netns.h | 34 +- fs/nfsd/nfs2acl.c | 55 +- fs/nfsd/nfs3acl.c | 83 +- fs/nfsd/nfs3proc.c | 212 +++- fs/nfsd/nfs3xdr.c | 444 +++----- fs/nfsd/nfs4acl.c | 46 +- fs/nfsd/nfs4callback.c | 125 +- fs/nfsd/nfs4idmap.c | 9 +- fs/nfsd/nfs4layouts.c | 4 +- fs/nfsd/nfs4proc.c | 986 +++++++++------- fs/nfsd/nfs4recover.c | 12 +- fs/nfsd/nfs4state.c | 1049 +++++++++++++---- fs/nfsd/nfs4xdr.c | 1115 +++++++++--------- fs/nfsd/nfscache.c | 63 +- fs/nfsd/nfsctl.c | 146 ++- fs/nfsd/nfsd.h | 35 +- fs/nfsd/nfsfh.c | 264 ++--- fs/nfsd/nfsfh.h | 145 ++- fs/nfsd/nfsproc.c | 121 +- fs/nfsd/nfssvc.c | 263 ++--- fs/nfsd/nfsxdr.c | 178 ++- fs/nfsd/state.h | 59 +- fs/nfsd/stats.c | 16 +- fs/nfsd/stats.h | 4 +- fs/nfsd/trace.h | 692 ++++++++++-- fs/nfsd/vfs.c | 822 +++++++------- fs/nfsd/vfs.h | 56 +- fs/nfsd/xdr.h | 35 +- fs/nfsd/xdr3.h | 61 +- fs/nfsd/xdr4.h | 81 +- fs/nfsd/xdr4cb.h | 6 + fs/nilfs2/btree.c | 9 +- fs/nilfs2/direct.c | 9 +- fs/nilfs2/inode.c | 2 +- fs/notify/dnotify/dnotify.c | 15 +- fs/notify/fanotify/fanotify.c | 363 ++++-- fs/notify/fanotify/fanotify.h | 212 +++- fs/notify/fanotify/fanotify_user.c | 441 ++++++-- fs/notify/fdinfo.c | 16 +- fs/notify/fsnotify.c | 177 +-- fs/notify/fsnotify.h | 4 - fs/notify/group.c | 36 +- fs/notify/inotify/inotify.h | 11 +- fs/notify/inotify/inotify_fsnotify.c | 7 +- fs/notify/inotify/inotify_user.c | 53 +- fs/notify/mark.c | 137 ++- fs/notify/notification.c | 14 +- fs/open.c | 42 + fs/pipe.c | 17 +- fs/ubifs/file.c | 13 +- fs/vboxsf/super.c | 3 +- include/asm-generic/vmlinux.lds.h | 4 +- include/linux/cpu.h | 2 + include/linux/device.h | 1 + include/linux/dma-map-ops.h | 1 + include/linux/dma-mapping.h | 5 + include/linux/dnotify.h | 2 +- include/linux/exportfs.h | 17 +- include/linux/fanotify.h | 31 +- include/linux/fs.h | 26 + include/linux/fsnotify.h | 70 +- include/linux/fsnotify_backend.h | 356 +++++- include/linux/gfp.h | 9 + include/linux/hyperv.h | 22 +- include/linux/iova.h | 2 + include/linux/kthread.h | 1 + include/linux/linkage.h | 4 +- include/linux/lockd/lockd.h | 10 +- include/linux/lockd/xdr.h | 27 +- include/linux/lockd/xdr4.h | 29 +- include/linux/minmax.h | 17 + include/linux/module.h | 6 +- include/linux/nfs.h | 8 - include/linux/nfs4.h | 17 + include/linux/nfs_fs.h | 1 + include/linux/nfs_ssc.h | 4 +- include/linux/pci.h | 1 + include/linux/phy/tegra/xusb.h | 1 + include/linux/ring_buffer.h | 1 + include/linux/secretmem.h | 4 +- include/linux/sunrpc/svc.h | 93 +- include/linux/sunrpc/svc_xprt.h | 11 +- include/linux/sunrpc/svcsock.h | 7 +- include/linux/sunrpc/xdr.h | 2 + include/linux/timer.h | 18 +- include/linux/udp.h | 28 + include/linux/vfio.h | 2 + include/net/cfg802154.h | 1 + include/net/inet_connection_sock.h | 1 + include/net/sock.h | 7 + include/soc/fsl/qman.h | 9 + include/trace/events/rpcgss.h | 18 +- include/trace/events/rpcrdma.h | 44 +- include/trace/events/sunrpc.h | 74 +- include/trace/misc/fs.h | 122 ++ include/trace/misc/nfs.h | 387 +++++++ include/trace/{events => misc}/rdma.h | 0 include/trace/misc/sunrpc.h | 18 + include/uapi/linux/fanotify.h | 29 + include/uapi/linux/nfsd/nfsfh.h | 115 -- init/initramfs.c | 2 +- io_uring/io_uring.c | 2 +- kernel/audit_fsnotify.c | 8 +- kernel/audit_tree.c | 2 +- kernel/audit_watch.c | 5 +- kernel/bounds.c | 2 +- kernel/bpf/verifier.c | 5 + kernel/dma/mapping.c | 12 + kernel/dma/swiotlb.c | 11 +- kernel/entry/common.c | 8 +- kernel/events/core.c | 9 + kernel/kthread.c | 23 +- kernel/locking/rwsem.c | 14 +- kernel/module.c | 8 +- kernel/power/suspend.c | 1 + kernel/printk/printk.c | 63 +- kernel/time/timer.c | 160 +-- kernel/trace/ring_buffer.c | 233 ++-- kernel/trace/trace.c | 21 +- lib/Kconfig.debug | 1 + lib/pci_iomap.c | 2 +- lib/test_kasan.c | 21 +- mm/compaction.c | 7 +- mm/memtest.c | 4 +- mm/migrate.c | 6 +- mm/page_alloc.c | 10 +- mm/swapfile.c | 25 +- mm/vmscan.c | 5 +- net/bluetooth/bnep/core.c | 2 +- net/bluetooth/cmtp/core.c | 2 +- net/bluetooth/hci_debugfs.c | 64 +- net/bluetooth/hci_event.c | 25 + net/bluetooth/hidp/core.c | 2 +- net/bridge/netfilter/ebtables.c | 6 + net/core/skbuff.c | 6 +- net/core/sock_map.c | 6 + net/ipv4/inet_connection_sock.c | 14 + net/ipv4/ip_gre.c | 5 + net/ipv4/netfilter/arp_tables.c | 4 + net/ipv4/netfilter/ip_tables.c | 4 + net/ipv4/tcp.c | 2 + net/ipv4/udp.c | 7 + net/ipv4/udp_offload.c | 20 +- net/ipv6/ip6_fib.c | 14 +- net/ipv6/ip6_gre.c | 3 + net/ipv6/netfilter/ip6_tables.c | 4 + net/ipv6/udp.c | 2 +- net/ipv6/udp_offload.c | 8 +- net/mac80211/cfg.c | 5 +- net/mac802154/llsec.c | 18 +- net/mptcp/protocol.c | 3 - net/mptcp/subflow.c | 3 + net/netfilter/nf_tables_api.c | 20 +- net/nfc/nci/core.c | 5 + net/rds/rdma.c | 2 +- net/sched/act_skbmod.c | 10 +- net/sunrpc/svc.c | 227 ++-- net/sunrpc/svc_xprt.c | 68 +- net/sunrpc/svcsock.c | 24 +- net/sunrpc/xdr.c | 22 + net/sunrpc/xprtrdma/svc_rdma_backchannel.c | 2 +- net/xfrm/xfrm_user.c | 3 + scripts/Makefile.extrawarn | 2 + security/landlock/syscalls.c | 18 +- security/smack/smack_lsm.c | 12 +- sound/pci/hda/patch_realtek.c | 9 +- sound/sh/aica.c | 17 +- sound/soc/codecs/rt5682-sdw.c | 4 +- sound/soc/codecs/rt711-sdca-sdw.c | 4 +- sound/soc/codecs/rt711-sdw.c | 4 +- sound/soc/soc-ops.c | 2 +- tools/objtool/check.c | 3 +- tools/testing/selftests/mqueue/setting | 1 + tools/testing/selftests/net/mptcp/diag.sh | 6 +- tools/testing/selftests/net/mptcp/mptcp_connect.sh | 7 + tools/testing/selftests/net/reuseaddr_conflict.c | 2 +- tools/testing/selftests/net/udpgro_fwd.sh | 10 +- virt/kvm/async_pf.c | 31 +- 445 files changed, 11948 insertions(+), 6886 deletions(-)

1 year, 2 months

7
6
0 0

Re: Some questions Re: [PATCH net] net: dsa: fix panic when DSA master device unbinds on shutdown

by Vladimir Oltean

On Wed, Apr 10, 2024 at 11:14:09AM +0200, Paolo Abeni wrote: > On Wed, 2024-04-10 at 09:06 +0000, xu wrote: > > Hi! Excuse me, I'm wondering why this patch was not merged into the 5.15 stable branch. > > Because it lacked the CC: stable tag? > > You can still ask (or do) an explicit backport, please have a look at: > > Documentation/process/stable-kernel-rules.rst > > Cheers, > > Paolo > My email records say that it was backported to 5.16: https://lore.kernel.org/lkml/20220214092515.419944498@linuxfoundation.org/ On 5.15 I have no idea why not (no email). Anyway, on linux-5.15.y, "git cherry-pick -xs ee534378f00561207656663d93907583958339ae" does apply (it says "auto-merging"), so maybe Greg can just pick up the fix with one command?

1 year, 2 months

3
2
0 0

[PATCH -stable 6.1.x 0/3] Netfilter fixes for -stable

by Pablo Neira Ayuso

Hi Greg, Sasha, This batch contains a backport for recent fixes already upstream for 6.1.x, to add them on top of enqueued patches: a45e6889575c ("netfilter: nf_tables: release batch on table validation from abort path") 0d459e2ffb54 ("netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path") 1bc83a019bbe ("netfilter: nf_tables: discard table flag update with pending basechain deletion") Please, apply, thanks. Pablo Neira Ayuso (3): netfilter: nf_tables: release batch on table validation from abort path netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path netfilter: nf_tables: discard table flag update with pending basechain deletion net/netfilter/nf_tables_api.c | 47 +++++++++++++++++++++++++++-------- 1 file changed, 36 insertions(+), 11 deletions(-) -- 2.30.2

1 year, 2 months

2
4
0 0

Linux 6.8.5

by Greg Kroah-Hartman

I'm announcing the release of the 6.8.5 kernel. All users of the 6.8 kernel series must upgrade. The updated 6.8.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.8.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/hw-vuln/spectre.rst | 48 ++ Documentation/admin-guide/kernel-parameters.txt | 12 Makefile | 2 arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 2 arch/arm64/kernel/ptrace.c | 5 arch/arm64/kvm/hyp/nvhe/tlb.c | 3 arch/arm64/kvm/hyp/pgtable.c | 11 arch/arm64/kvm/hyp/vhe/tlb.c | 3 arch/arm64/kvm/mmu.c | 2 arch/arm64/net/bpf_jit_comp.c | 4 arch/powerpc/mm/book3s64/pgtable.c | 2 arch/riscv/include/asm/uaccess.h | 4 arch/riscv/include/uapi/asm/auxvec.h | 2 arch/riscv/kernel/patch.c | 8 arch/riscv/kernel/process.c | 5 arch/riscv/kernel/signal.c | 15 arch/riscv/kernel/traps.c | 2 arch/riscv/kernel/vdso/Makefile | 1 arch/riscv/kvm/aia_aplic.c | 37 + arch/riscv/mm/tlbflush.c | 4 arch/s390/boot/vmem.c | 2 arch/s390/include/asm/pgtable.h | 4 arch/s390/kernel/entry.S | 1 arch/s390/kernel/perf_pai_crypto.c | 10 arch/s390/kernel/perf_pai_ext.c | 10 arch/s390/mm/gmap.c | 2 arch/s390/mm/hugetlbpage.c | 4 arch/s390/mm/pageattr.c | 2 arch/s390/mm/pgtable.c | 2 arch/s390/mm/vmem.c | 6 arch/s390/net/bpf_jit_comp.c | 46 -- arch/sparc/mm/init_64.c | 2 arch/x86/Kconfig | 25 + arch/x86/boot/compressed/Makefile | 2 arch/x86/boot/compressed/misc.c | 16 arch/x86/boot/compressed/sev.c | 3 arch/x86/coco/core.c | 41 ++ arch/x86/entry/common.c | 10 arch/x86/entry/entry_64.S | 61 ++ arch/x86/entry/entry_64_compat.S | 16 arch/x86/entry/syscall_32.c | 21 - arch/x86/entry/syscall_64.c | 19 arch/x86/entry/syscall_x32.c | 10 arch/x86/events/intel/ds.c | 8 arch/x86/include/asm/boot.h | 1 arch/x86/include/asm/coco.h | 2 arch/x86/include/asm/cpufeature.h | 8 arch/x86/include/asm/cpufeatures.h | 14 arch/x86/include/asm/disabled-features.h | 3 arch/x86/include/asm/mem_encrypt.h | 8 arch/x86/include/asm/msr-index.h | 9 arch/x86/include/asm/nospec-branch.h | 17 arch/x86/include/asm/required-features.h | 3 arch/x86/include/asm/sev.h | 10 arch/x86/include/asm/syscall.h | 11 arch/x86/include/uapi/asm/bootparam.h | 1 arch/x86/kernel/cpu/bugs.c | 121 +++++ arch/x86/kernel/cpu/common.c | 24 - arch/x86/kernel/cpu/mce/core.c | 4 arch/x86/kernel/cpu/scattered.c | 1 arch/x86/kernel/mpparse.c | 10 arch/x86/kernel/setup.c | 2 arch/x86/kernel/sev-shared.c | 23 - arch/x86/kernel/sev.c | 14 arch/x86/kvm/mmu/mmu.c | 2 arch/x86/kvm/reverse_cpuid.h | 5 arch/x86/kvm/svm/sev.c | 45 +- arch/x86/kvm/trace.h | 10 arch/x86/kvm/vmx/vmenter.S | 2 arch/x86/kvm/x86.c | 2 arch/x86/lib/Makefile | 13 arch/x86/lib/retpoline.S | 6 arch/x86/mm/fault.c | 4 arch/x86/mm/ident_map.c | 23 - arch/x86/mm/init_64.c | 4 arch/x86/mm/kasan_init_64.c | 2 arch/x86/mm/mem_encrypt_identity.c | 76 +-- arch/x86/mm/pat/memtype.c | 49 +- arch/x86/mm/pat/set_memory.c | 6 arch/x86/mm/pgtable.c | 2 arch/x86/mm/pti.c | 2 arch/x86/net/bpf_jit_comp.c | 2 arch/x86/power/hibernate.c | 2 arch/x86/xen/mmu_pv.c | 4 block/bdev.c | 6 drivers/acpi/acpica/dbnames.c | 8 drivers/ata/sata_mv.c | 63 +-- drivers/ata/sata_sx4.c | 6 drivers/base/core.c | 26 + drivers/base/regmap/regcache-maple.c | 6 drivers/bluetooth/btqca.c | 8 drivers/bluetooth/hci_qca.c | 19 drivers/dma-buf/st-dma-fence-chain.c | 6 drivers/dpll/Kconfig | 2 drivers/firmware/efi/libstub/efi-stub-helper.c | 8 drivers/firmware/efi/libstub/efistub.h | 2 drivers/firmware/efi/libstub/x86-stub.c | 14 drivers/gpio/gpiolib-cdev.c | 58 ++ drivers/gpio/gpiolib.c | 31 - drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 25 - drivers/gpu/drm/amd/display/dc/dce110/Makefile | 2 drivers/gpu/drm/amd/display/dc/dce112/Makefile | 2 drivers/gpu/drm/amd/display/dc/dce120/Makefile | 2 drivers/gpu/drm/amd/display/dc/dce60/Makefile | 2 drivers/gpu/drm/amd/display/dc/dce80/Makefile | 2 drivers/gpu/drm/amd/display/dc/resource/dcn35/dcn35_resource.c | 2 drivers/gpu/drm/drm_prime.c | 7 drivers/gpu/drm/i915/Makefile | 7 drivers/gpu/drm/i915/display/g4x_dp.c | 2 drivers/gpu/drm/i915/display/intel_display_device.h | 1 drivers/gpu/drm/i915/display/intel_dp.c | 9 drivers/gpu/drm/i915/display/intel_dp_mst.c | 2 drivers/gpu/drm/i915/display/intel_sdvo.c | 4 drivers/gpu/drm/i915/display/skl_universal_plane.c | 3 drivers/gpu/drm/i915/gt/gen8_engine_cs.c | 4 drivers/gpu/drm/i915/gt/gen8_ppgtt.c | 3 drivers/gpu/drm/i915/gt/intel_engine_cs.c | 17 drivers/gpu/drm/i915/gt/intel_gt.c | 6 drivers/gpu/drm/i915/gt/intel_gt.h | 9 drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c | 39 + drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h | 13 drivers/gpu/drm/i915/gt/intel_gt_regs.h | 6 drivers/gpu/drm/i915/gt/intel_workarounds.c | 55 ++ drivers/gpu/drm/i915/i915_driver.c | 2 drivers/gpu/drm/i915/i915_perf.c | 2 drivers/gpu/drm/nouveau/nouveau_uvmm.c | 6 drivers/gpu/drm/panfrost/panfrost_gpu.c | 6 drivers/gpu/drm/rockchip/rockchip_vop2_reg.c | 2 drivers/gpu/drm/xe/Makefile | 4 drivers/gpu/drm/xe/xe_bo.c | 59 -- drivers/gpu/drm/xe/xe_bo_types.h | 19 drivers/gpu/drm/xe/xe_device.h | 4 drivers/gpu/drm/xe/xe_exec.c | 31 - drivers/gpu/drm/xe/xe_exec_queue.c | 4 drivers/gpu/drm/xe/xe_exec_queue_types.h | 7 drivers/gpu/drm/xe/xe_guc_submit.c | 2 drivers/gpu/drm/xe/xe_pt.c | 8 drivers/gpu/drm/xe/xe_ring_ops.c | 11 drivers/gpu/drm/xe/xe_sched_job.c | 10 drivers/gpu/drm/xe/xe_sched_job_types.h | 2 drivers/gpu/drm/xe/xe_vm.c | 27 - drivers/gpu/drm/xe/xe_vm.h | 2 drivers/gpu/drm/xe/xe_vm_types.h | 8 drivers/iommu/iommu.c | 11 drivers/md/dm-integrity.c | 2 drivers/net/dsa/mv88e6xxx/chip.c | 6 drivers/net/dsa/sja1105/sja1105_mdio.c | 2 drivers/net/ethernet/broadcom/asp2/bcmasp_intf.c | 28 - drivers/net/ethernet/freescale/fec_main.c | 11 drivers/net/ethernet/hisilicon/hns3/hns3_common/hclge_comm_tqp_stats.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 19 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 4 drivers/net/ethernet/intel/e1000e/hw.h | 2 drivers/net/ethernet/intel/e1000e/ich8lan.c | 38 + drivers/net/ethernet/intel/e1000e/netdev.c | 24 + drivers/net/ethernet/intel/e1000e/phy.c | 182 +++++--- drivers/net/ethernet/intel/e1000e/phy.h | 2 drivers/net/ethernet/intel/i40e/i40e.h | 1 drivers/net/ethernet/intel/i40e/i40e_main.c | 13 drivers/net/ethernet/intel/i40e/i40e_register.h | 3 drivers/net/ethernet/intel/i40e/i40e_txrx.c | 82 ++-- drivers/net/ethernet/intel/i40e/i40e_txrx.h | 1 drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 45 +- drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 3 drivers/net/ethernet/intel/ice/ice_lag.c | 4 drivers/net/ethernet/intel/ice/ice_lib.c | 18 drivers/net/ethernet/intel/ice/ice_switch.c | 24 - drivers/net/ethernet/intel/ice/ice_switch.h | 4 drivers/net/ethernet/intel/ice/ice_vf_vsi_vlan_ops.c | 18 drivers/net/ethernet/intel/idpf/idpf_txrx.c | 4 drivers/net/ethernet/intel/igc/igc_main.c | 4 drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 16 drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 drivers/net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 2 drivers/net/ethernet/marvell/octeontx2/af/rvu_npc.c | 2 drivers/net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 2 drivers/net/ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c | 31 + drivers/net/ethernet/microchip/lan743x_main.c | 18 drivers/net/ethernet/microchip/lan743x_main.h | 4 drivers/net/ethernet/microsoft/mana/mana_en.c | 2 drivers/net/ethernet/realtek/r8169_main.c | 40 + drivers/net/ethernet/renesas/ravb_main.c | 33 - drivers/net/ethernet/renesas/sh_eth.c | 2 drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 + drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 38 + drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c | 8 drivers/net/phy/micrel.c | 31 + drivers/net/usb/ax88179_178a.c | 2 drivers/net/wireless/intel/iwlwifi/mvm/rfi.c | 8 drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 20 drivers/net/wireless/intel/iwlwifi/mvm/time-event.c | 5 drivers/net/wwan/t7xx/t7xx_cldma.c | 4 drivers/net/wwan/t7xx/t7xx_hif_cldma.c | 9 drivers/net/wwan/t7xx/t7xx_pcie_mac.c | 8 drivers/net/xen-netfront.c | 1 drivers/of/dynamic.c | 12 drivers/of/module.c | 8 drivers/perf/riscv_pmu.c | 4 drivers/pinctrl/aspeed/Makefile | 2 drivers/s390/net/qeth_core_main.c | 38 + drivers/scsi/myrb.c | 20 drivers/scsi/myrs.c | 24 - drivers/scsi/sd.c | 2 drivers/spi/spi-pci1xxxx.c | 2 drivers/spi/spi-s3c64xx.c | 80 ++- drivers/thermal/gov_power_allocator.c | 14 fs/aio.c | 2 fs/bcachefs/mean_and_variance_test.c | 28 - fs/nfsd/nfs4state.c | 7 fs/nfsd/vfs.c | 3 fs/proc/Makefile | 2 fs/smb/client/cached_dir.c | 6 fs/smb/client/cifs_debug.c | 6 fs/smb/client/cifsfs.c | 11 fs/smb/client/cifsglob.h | 19 fs/smb/client/cifsproto.h | 20 fs/smb/client/connect.c | 153 ++++--- fs/smb/client/dfs.c | 51 +- fs/smb/client/dfs.h | 33 + fs/smb/client/dfs_cache.c | 53 +- fs/smb/client/dir.c | 15 fs/smb/client/file.c | 111 ++++- fs/smb/client/fs_context.c | 6 fs/smb/client/fs_context.h | 12 fs/smb/client/fscache.c | 16 fs/smb/client/fscache.h | 6 fs/smb/client/inode.c | 2 fs/smb/client/ioctl.c | 6 fs/smb/client/misc.c | 8 fs/smb/client/smb1ops.c | 4 fs/smb/client/smb2misc.c | 4 fs/smb/client/smb2ops.c | 11 fs/smb/client/smb2pdu.c | 2 fs/smb/server/ksmbd_netlink.h | 3 fs/smb/server/mgmt/share_config.c | 7 fs/smb/server/smb2ops.c | 10 fs/smb/server/smb2pdu.c | 3 fs/smb/server/transport_ipc.c | 37 + fs/vboxsf/super.c | 3 include/kvm/arm_pmu.h | 2 include/linux/bpf.h | 16 include/linux/device.h | 1 include/linux/io_uring_types.h | 1 include/linux/secretmem.h | 4 include/linux/skbuff.h | 7 include/linux/stackdepot.h | 46 ++ include/linux/udp.h | 28 + include/net/bluetooth/hci.h | 9 include/net/inet_connection_sock.h | 1 include/net/mana/mana.h | 1 include/net/sock.h | 7 include/net/xdp_sock.h | 2 include/sound/hdaudio_ext.h | 3 io_uring/io_uring.c | 18 io_uring/kbuf.c | 118 ++--- io_uring/kbuf.h | 8 io_uring/rw.c | 9 kernel/bpf/Makefile | 2 kernel/bpf/syscall.c | 35 + kernel/bpf/verifier.c | 5 kernel/trace/bpf_trace.c | 10 lib/stackdepot.c | 47 -- mm/Makefile | 3 mm/memory.c | 4 net/9p/client.c | 10 net/ax25/ax25_dev.c | 2 net/bluetooth/hci_debugfs.c | 48 +- net/bluetooth/hci_event.c | 25 + net/bluetooth/hci_sync.c | 5 net/bridge/netfilter/ebtables.c | 6 net/core/gro.c | 3 net/core/sock_map.c | 6 net/hsr/hsr_slave.c | 3 net/ipv4/inet_connection_sock.c | 44 +- net/ipv4/inet_fragment.c | 70 ++- net/ipv4/ip_fragment.c | 2 net/ipv4/ip_gre.c | 5 net/ipv4/netfilter/arp_tables.c | 4 net/ipv4/netfilter/ip_tables.c | 4 net/ipv4/tcp.c | 2 net/ipv4/udp.c | 7 net/ipv4/udp_offload.c | 23 - net/ipv6/ip6_fib.c | 14 net/ipv6/ip6_gre.c | 3 net/ipv6/netfilter/ip6_tables.c | 4 net/ipv6/netfilter/nf_conntrack_reasm.c | 2 net/ipv6/udp.c | 2 net/ipv6/udp_offload.c | 8 net/mptcp/protocol.c | 2 net/mptcp/sockopt.c | 4 net/mptcp/subflow.c | 2 net/netfilter/nf_tables_api.c | 92 +++- net/nfc/nci/core.c | 5 net/rds/rdma.c | 2 net/sched/act_skbmod.c | 10 net/sched/sch_api.c | 2 net/sunrpc/svcsock.c | 10 net/tls/tls_sw.c | 7 net/vmw_vsock/virtio_transport.c | 3 scripts/Makefile.extrawarn | 10 scripts/bpf_doc.py | 4 scripts/mod/modpost.c | 7 security/selinux/selinuxfs.c | 12 sound/pci/emu10k1/emu10k1_callback.c | 7 sound/pci/hda/cs35l41_hda_property.c | 6 sound/pci/hda/cs35l56_hda.c | 4 sound/pci/hda/cs35l56_hda_i2c.c | 13 sound/pci/hda/cs35l56_hda_spi.c | 13 sound/pci/hda/patch_realtek.c | 7 sound/soc/amd/acp/acp-pci.c | 13 sound/soc/codecs/cs42l43.c | 12 sound/soc/codecs/rt5682-sdw.c | 4 sound/soc/codecs/rt711-sdca-sdw.c | 4 sound/soc/codecs/rt711-sdw.c | 4 sound/soc/codecs/rt712-sdca-sdw.c | 5 sound/soc/codecs/rt722-sdca-sdw.c | 4 sound/soc/codecs/wm_adsp.c | 3 sound/soc/soc-ops.c | 2 sound/soc/sof/amd/acp.c | 8 sound/soc/sof/intel/hda-common-ops.c | 3 sound/soc/sof/intel/hda-dai-ops.c | 11 sound/soc/sof/intel/hda-pcm.c | 29 + sound/soc/sof/intel/hda-stream.c | 70 +++ sound/soc/sof/intel/hda.h | 6 sound/soc/sof/intel/lnl.c | 2 sound/soc/sof/intel/mtl.c | 14 sound/soc/sof/intel/mtl.h | 10 sound/soc/sof/ipc4-pcm.c | 191 +++++++-- sound/soc/sof/ipc4-priv.h | 14 sound/soc/sof/ipc4-topology.c | 22 + sound/soc/sof/ops.h | 24 - sound/soc/sof/pcm.c | 8 sound/soc/sof/sof-audio.h | 9 sound/soc/sof/sof-priv.h | 24 - tools/net/ynl/ynl-gen-c.py | 7 tools/testing/selftests/mm/vm_util.h | 2 tools/testing/selftests/net/mptcp/mptcp_connect.sh | 134 ++++-- tools/testing/selftests/net/mptcp/mptcp_join.sh | 34 - tools/testing/selftests/net/reuseaddr_conflict.c | 2 tools/testing/selftests/net/test_vxlan_mdb.sh | 205 ++++++---- tools/testing/selftests/net/udpgro_fwd.sh | 10 342 files changed, 3575 insertions(+), 1727 deletions(-) Aleksandr Loktionov (2): i40e: fix i40e_count_filters() to count only active/new filters i40e: fix vf may be used uninitialized in this function warning Aleksandr Mishin (2): net: phy: micrel: Fix potential null pointer dereference octeontx2-af: Add array index check Alexandra Winter (1): s390/qeth: handle deferred cc1 Alexandre Ghiti (2): riscv: Fix warning by declaring arch_cpu_idle() as noinstr riscv: Disable preemption when using patch_map() Andi Shyti (4): drm/i915/gt: Limit the reserved VM space to only the platforms that need it drm/i915/gt: Disable HW load balancing for CCS drm/i915/gt: Do not generate the command streamer for all the CCS drm/i915/gt: Enable only one CCS for compute workload Andreas Schwab (1): riscv: use KERN_INFO in do_trap Andrei Matei (1): bpf: Protect against int overflow for stack access size Andrii Nakryiko (2): bpf: put uprobe link's path and task in release callback bpf: support deferring bpf_link dealloc to after RCU grace period Andy Shevchenko (1): gpiolib: Fix debug messaging in gpiod_find_and_request() Andy Yan (1): drm/rockchip: vop2: Remove AR30 and AB30 format support Ankit Nautiyal (1): drm/i915/dp: Fix the computation for compressed_bpp for DISPLAY < 13 Antoine Tenart (5): selftests: net: gro fwd: update vxlan GRO test expectations gro: fix ownership transfer udp: do not accept non-tunnel GSO skbs landing in a tunnel udp: do not transition UDP GRO fraglist partial checksums to unnecessary udp: prevent local UDP tunnel packets from being GROed Anup Patel (2): RISC-V: KVM: Fix APLIC setipnum_le/be write emulation RISC-V: KVM: Fix APLIC in_clrip[x] read emulation Ard Biesheuvel (5): efi/libstub: Add generic support for parsing mem_encrypt= x86/boot: Move mem_encrypt= parsing to the decompressor x86/sme: Move early SME kernel encryption handling into .head.text x86/sev: Move early startup code into .head.text section x86/efistub: Remap kernel text read-only before dropping NX attribute Arnd Bergmann (5): dm integrity: fix out-of-range warning kbuild: make -Woverride-init warnings more consistent ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit scsi: mylex: Fix sysfs buffer lengths ata: sata_mv: Fix PCI device ID table declaration compilation warning Artem Savkov (1): arm64: bpf: fix 32bit unconditional bswap Ashish Kalra (1): KVM: SVM: Add support for allowing zero SEV ASIDs Atlas Yu (1): r8169: skip DASH fw status checks when DASH is disabled Bartosz Golaszewski (2): gpio: cdev: sanitize the label before requesting the interrupt gpio: cdev: check for NULL labels when sanitizing them for irqs Bastien Nocera (1): Bluetooth: Fix TOCTOU in HCI debugfs implementation Benjamin Berg (1): wifi: iwlwifi: mvm: include link ID when releasing frames Björn Töpel (1): riscv: Fix vector state restore in rt_sigreturn() Bjørn Mork (1): net: wwan: t7xx: Split 64bit accesses to fix alignment issues Borislav Petkov (AMD) (3): x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() Brian Welty (1): drm/xe: Add exec_queue.sched_props.job_timeout_ms Charlene Liu (1): drm/amd/display: Update P010 scaling cap Charles Keepax (1): ASoC: cs42l43: Correct extraction of data pointer in suspend/resume Christian Bendiksen (1): ALSA: hda/realtek: Add sound quirks for Lenovo Legion slim 7 16ARHA7 models Christian Brauner (1): block: count BLK_OPEN_RESTRICT_WRITES openers Christian Göttsche (1): selinux: avoid dereference of garbage after mount failure Christian Hewitt (1): drm/panfrost: fix power transition timeout warnings Christoffer Sandberg (1): ALSA: hda/realtek - Fix inactive headset mic jack Christophe JAILLET (2): vboxsf: Avoid an spurious warning if load_nls_xxx() fails net: dsa: sja1105: Fix parameters order in sja1110_pcs_mdio_write_c45() Chuck Lever (1): SUNRPC: Fix a slow server-side memory leak with RPC-over-TCP Claudiu Beznea (1): net: ravb: Let IP-specific receive function to interrogate descriptors Daniel Sneddon (2): x86/bhi: Define SPEC_CTRL_BHI_DIS_S KVM: x86: Add BHI_NO Dave Airlie (1): nouveau/uvmm: fix addr/range calcs for remap operations David Hildenbrand (2): x86/mm/pat: fix VM_PAT handling in COW mappings mm/secretmem: fix GUP-fast succeeding on secretmem folios David Howells (2): cifs: Fix duplicate fscache cookie warnings cifs: Fix caching to try to do open O_WRONLY as rdwr on server David Thompson (3): mlxbf_gige: stop PHY during open() error paths mlxbf_gige: call request_irq() after NAPI initialized mlxbf_gige: stop interface during shutdown Davide Caratti (1): mptcp: don't account accept() of non-MPC client as fallback to TCP Dominique Martinet (1): 9p: Fix read/write debug statements to report server reply Duanqiang Wen (1): net: txgbe: fix i2c dev name cannot match clkdev Duoming Zhou (1): ax25: fix use-after-free bugs caused by ax25_ds_del_timer Edward Liaw (1): selftests/mm: include strings.h for ffsl Emmanuel Grumbach (1): wifi: iwlwifi: mvm: pick the version of SESSION_PROTECTION_NOTIF Eric Dumazet (5): tcp: properly terminate timers for kernel sockets netfilter: validate user input for expected length net/sched: act_skbmod: prevent kernel-infoleak net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() erspan: make sure erspan_base_hdr is present in skb->head Florian Westphal (1): inet: inet_defrag: prevent sk release while still in use Gabe Teeger (1): Revert "drm/amd/display: Send DTBCLK disable message on first commit" Geliang Tang (2): selftests: mptcp: join: fix dev in check_endpoint selftests: mptcp: use += operator to append strings Greg Kroah-Hartman (3): Revert "x86/mpparse: Register APIC address only once" x86: set SPECTRE_BHI_ON as default Linux 6.8.5 Guenter Roeck (1): mean_and_variance: Drop always failing tests Haiyang Zhang (1): net: mana: Fix Rx DMA datasize and skb_over_panic Hangbin Liu (1): scripts/bpf_doc: Use silent mode when exec make cmd Hariprasad Kelam (2): Octeontx2-af: fix pause frame configuration in GMP mode octeontx2-af: Fix issue with loading coalesced KPU profiles Heiner Kallweit (1): r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d Herve Codina (2): driver core: Introduce device_link_wait_removal() of: dynamic: Synchronize of_changeset_destroy() with the devlink removals Horatiu Vultur (1): net: phy: micrel: lan8814: Fix when enabling/disabling 1-step timestamping Huai-Yuan Liu (1): spi: mchp-pci1xxx: Fix a possible null pointer dereference in pci1xxx_spi_probe Hui Wang (1): Bluetooth: hci_event: set the conn encrypted before conn establishes I Gede Agastya Darma Laksana (1): ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Ido Schimmel (1): selftests: vxlan_mdb: Fix failures with old libnet Ilya Leoshkevich (1): s390/bpf: Fix bpf_plt pointer arithmetic Imre Deak (1): drm/i915/dp: Fix DSC state HW readout for SST connectors Ingo Molnar (1): Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Ivan Vecera (2): i40e: Fix VF MAC filter removal i40e: Enforce software interrupt during busy-poll exit Jaewon Kim (1): spi: s3c64xx: Use DMA mode from fifo size Jakub Kicinski (2): tools: ynl: fix setting presence bits in simple nests selftests: reuseaddr_conflict: add missing new line at the end of the output Jakub Sitnicki (1): bpf, sockmap: Prevent lock inversion deadlock in map delete elem Jan Kara (1): nfsd: Fix error cleanup path in nfsd_rename() Jason A. Donenfeld (1): x86/coco: Require seeding RNG with RDRAND on CoCo systems Jason Gunthorpe (1): iommu: Validate the PASID in iommu_attach_device_pasid() Jeff Layton (1): nfsd: hold a lighter-weight client reference over CB_RECALL_ANY Jens Axboe (6): io_uring/kbuf: get rid of lower BGID lists io_uring/kbuf: get rid of bl->is_ready io_uring/kbuf: protect io_buffer_list teardown with a reference io_uring/rw: don't allow multishot reads without NOWAIT support io_uring: use private workqueue for exit work io_uring/kbuf: hold io_buffer_list reference over mmap Jesper Dangaard Brouer (1): xen-netfront: Add missing skb_mark_for_recycle Jesse Brandeburg (1): ice: fix memory corruption bug with suspend and rebuild Jian Shen (1): net: hns3: mark unexcuted loopback test result as UNEXECUTED Jie Wang (1): net: hns3: fix index limit to support all queue stats Johan Hovold (4): Revert "Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT" arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken Bluetooth: qca: fix device-address endianness Bluetooth: add quirk for broken address properties Johannes Berg (1): wifi: iwlwifi: mvm: rfi: fix potential response leaks Jose Ignacio Tornos Martinez (1): net: usb: ax88179_178a: avoid the interface always configured as random address Josh Poimboeuf (1): x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file Joshua Hay (1): idpf: fix kernel panic on unknown packet types José Roberto de Souza (1): drm/i915: Do not print 'pxp init failed with 0' when it succeed Juha-Pekka Heikkila (1): drm/i915/display: Disable AuxCCS framebuffers if built for Xe Justin Chen (1): net: bcmasp: Bring up unimac after PHY link up Kan Liang (1): perf/x86/intel/ds: Don't clear ->pebs_data_cfg for the last PEBS event Kent Gibson (1): gpio: cdev: fix missed label sanitizing in debounce_setup() Kent Overstreet (1): aio: Fix null ptr deref in aio_complete() wakeup Kuniyuki Iwashima (3): tcp: Fix bind() regression for v6-only wildcard and v4-mapped-v6 non-wildcard addresses. tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses. ipv6: Fix infinite recursion in fib6_dump_done(). Kurt Kanzenbach (1): igc: Remove stale comment about Tx timestamping Li Nan (1): scsi: sd: Unregister device if device_add_disk() failed in sd_probe() Linus Torvalds (1): x86/syscall: Don't force use of indirect calls for system calls Luke D. Jones (1): ALSA: hda/realtek: cs35l41: Support ASUS ROG G634JYR Mahmoud Adam (1): net/rds: fix possible cp null dereference Marco Pinna (1): vsock/virtio: fix packet delivery to tap device Mario Limonciello (1): drm/amd: Flush GFXOFF requests in prepare stage Mark Brown (1): arm64/ptrace: Use saved floating point state type to determine SVE layout Masahiro Yamada (1): modpost: do not make find_tosym() return NULL Matt Roper (1): drm/i915/xelpg: Extend some workarounds/tuning to gfx version 12.74 Matthew Auld (4): drm/xe/guc_submit: use jiffies for job timeout drm/xe/queue: fix engine_class bounds check drm/xe/device: fix XE_MAX_GT_PER_TILE check drm/xe/device: fix XE_MAX_TILES_PER_DEVICE check Matthieu Baerts (NGI0) (1): selftests: mptcp: connect: fix shellcheck warnings Michael Krummsdorf (1): net: dsa: mv88e6xxx: fix usable ports on 88e6020 Namjae Jeon (3): ksmbd: don't send oplock break if rename fails ksmbd: validate payload size in ipc response ksmbd: do not set SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1 Nikita Kiryushin (1): ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() Nikita Travkin (2): thermal: gov_power_allocator: Allow binding without cooling devices thermal: gov_power_allocator: Allow binding without trip points Nirmoy Das (1): drm/xe: Remove unused xe_bo->props struct Oliver Upton (1): KVM: arm64: Fix host-programmed guest events in nVHE Oscar Salvador (1): lib/stackdepot: move stack_record struct definition into the header Oswald Buddenhagen (1): Revert "ALSA: emu10k1: fix synthesizer sample playback position and caching" Pablo Neira Ayuso (8): netfilter: nf_tables: reject destroy command to remove basechain hooks netfilter: nf_tables: reject table flag and netdev basechain updates netfilter: nf_tables: skip netdev hook unregistration if table is dormant netfilter: nf_tables: release batch on table validation from abort path netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path netfilter: nf_tables: reject new basechain after table flag update netfilter: nf_tables: flush pending destroy work before exit_net release netfilter: nf_tables: discard table flag update with pending basechain deletion Paolo Abeni (1): mptcp: prevent BPF accessing lowat from a subflow socket. Paul Barker (2): net: ravb: Always process TX descriptor ring net: ravb: Always update error counters Paulo Alcantara (14): smb: client: fix UAF in smb2_reconnect_server() smb: client: guarantee refcounted children from parent session smb: client: refresh referral without acquiring refpath_lock smb: client: handle DFS tcons in cifs_construct_tcon() smb: client: serialise cifs_construct_tcon() with cifs_mount_mutex smb: client: fix potential UAF in cifs_debug_files_proc_show() smb: client: fix potential UAF in cifs_stats_proc_write() smb: client: fix potential UAF in cifs_stats_proc_show() smb: client: fix potential UAF in cifs_dump_full_key() smb: client: fix potential UAF in smb2_is_valid_oplock_break() smb: client: fix potential UAF in smb2_is_valid_lease_break() smb: client: fix potential UAF in is_valid_oplock_break() smb: client: fix potential UAF in smb2_is_network_name_deleted() smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() Pavel Sakharov (1): dma-buf: Fix NULL pointer dereference in sanitycheck() Pawan Gupta (4): x86/bhi: Add support for clearing branch history at syscall entry x86/bhi: Enumerate Branch History Injection (BHI) bug x86/bhi: Add BHI mitigation knob x86/bhi: Mitigate KVM by default Peter Collingbourne (1): stackdepot: rename pool_index to pool_index_plus_1 Peter Ujfalusi (17): ALSA: hda: Add pplcllpl/u members to hdac_ext_stream ASoC: SOF: Add dsp_max_burst_size_in_ms member to snd_sof_pcm_stream ASoC: SOF: ipc4-topology: Save the DMA maximum burst size for PCMs ASoC: SOF: Intel: hda-pcm: Use dsp_max_burst_size_in_ms to place constraint ASoC: SOF: Intel: hda: Implement get_stream_position (Linear Link Position) ASoC: SOF: Intel: mtl/lnl: Use the generic get_stream_position callback ASoC: SOF: Introduce a new callback pair to be used for PCM delay reporting ASoC: SOF: Intel: Set the dai/host get frame/byte counter callbacks ASoC: SOF: Intel: hda-common-ops: Do not set the get_stream_position callback ASoC: SOF: ipc4-pcm: Use the snd_sof_pcm_get_dai_frame_counter() for pcm_delay ASoC: SOF: Remove the get_stream_position callback ASoC: SOF: ipc4-pcm: Move struct sof_ipc4_timestamp_info definition locally ASoC: SOF: ipc4-pcm: Combine the SOF_IPC4_PIPE_PAUSED cases in pcm_trigger ASoC: SOF: ipc4-pcm: Invalidate the stream_start_offset in PAUSED state ASoC: SOF: sof-pcm: Add pointer callback to sof_ipc_pcm_ops ASoC: SOF: ipc4-pcm: Correct the delay calculation ASoC: SOF: Intel: hda: Compensate LLP in case it is not reset Peter Xu (1): mm/treewide: replace pud_large() with pud_leaf() Petr Oros (1): ice: fix enabling RX VLAN filtering Pierre-Louis Bossart (5): ASoC: rt5682-sdw: fix locking sequence ASoC: rt711-sdca: fix locking sequence ASoC: rt711-sdw: fix locking sequence ASoC: rt712-sdca-sdw: fix locking sequence ASoC: rt722-sdca-sdw: fix locking sequence Piotr Wejman (1): net: stmmac: fix rx queue priority assignment Prasad Pandit (1): dpll: indent DPLL option type by a tab Przemek Kitszel (1): ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() Pu Lehui (1): drivers/perf: riscv: Disable PERF_SAMPLE_BRANCH_* while not supported Puranjay Mohan (1): bpf, arm64: fix bug in BPF_LDX_MEMSX Raju Lakkaraju (1): net: lan743x: Add set RFE read fifo threshold for PCI1x1x chips Ravi Gunasekaran (1): net: hsr: hsr_slave: Fix the promiscuous mode in offload mode Richard Fitzgerald (3): ASoC: wm_adsp: Fix missing mutex_lock in wm_adsp_write_ctl() regmap: maple: Fix cache corruption in regcache_maple_drop() regmap: maple: Fix uninitialized symbol 'ret' warnings Ritvik Budhiraja (1): smb3: retrying on failed server close Rob Clark (1): drm/prime: Unbreak virtgpu dma-buf export Ryosuke Yasuoka (1): nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Sabrina Dubroca (3): tls: recv: process_rx_list shouldn't use an offset with kvec tls: adjust recv return with async crypto and failed copy to userspace tls: get psock ref after taking rxlock to avoid leak Sam Protsenko (1): spi: s3c64xx: Extract FIFO depth calculation to a dedicated macro Samuel Holland (2): riscv: mm: Fix prototype to avoid discarding const riscv: Fix spurious errors from __get/put_kernel_nofault Sandipan Das (1): x86/cpufeatures: Add new word for scattered features Sean Christopherson (2): x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word KVM: SVM: Use unsigned integers when dealing with ASIDs Sergey Shtylyov (1): of: module: prevent NULL pointer dereference in vsnprintf() Simon Trimmer (2): ALSA: hda: cs35l56: Set the init_done flag before component_add() ALSA: hda: cs35l56: Add ACPI device match tables Stanislav Fomichev (1): xsk: Don't assume metadata is always requested in TX completion Stefan O'Rear (1): riscv: process: Fix kernel gp leakage Stephen Lee (1): ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Steven Zou (1): ice: Refactor FW data type and fix bitmap casting issue Su Hui (1): octeontx2-pf: check negative error code in otx2_open() Sumanth Korikkar (1): s390/entry: align system call table on 8 bytes Taimur Hassan (1): drm/amd/display: Send DTBCLK disable message on first commit Tejas Upadhyay (1): drm/i915/mtl: Update workaround 14018575942 Thomas Hellström (2): drm/xe: Use ring ops TLB invalidation for rebinds drm/xe: Rework rebinding Thomas Richter (1): s390/pai: fix sampling event removal for PMU device driver Tudor Ambarus (6): spi: s3c64xx: sort headers alphabetically spi: s3c64xx: explicitly include <linux/bits.h> spi: s3c64xx: remove else after return spi: s3c64xx: define a magic value spi: s3c64xx: allow full FIFO masks spi: s3c64xx: determine the fifo depth only once Uros Bizjak (1): x86/bpf: Fix IP after emitting call depth accounting Victor Isaev (1): RISC-V: Update AT_VECTOR_SIZE_ARCH for new AT_MINSIGSTKSZ Vijendar Mukunda (3): ASoC: amd: acp: fix for acp pdm configuration check ASoC: amd: acp: fix for acp_init function error handling ASoC: SOF: amd: fix for false dsp interrupts Ville Syrjälä (3): drm/i915: Stop doing double audio enable/disable on SDVO and g4x+ DP drm/i915/mst: Limit MST+DSC to TGL+ drm/i915/mst: Reject FEC+MST on ICL Vitaly Lifshits (3): e1000e: Workaround for sporadic MDI error on Meteor Lake systems e1000e: Minor flow correction in e1000_shutdown function e1000e: move force SMBUS from enable ulp function to avoid PHY loss issue Vladimir Isaev (1): riscv: hwprobe: do not produce frtace relocation Wei Fang (1): net: fec: Set mac_managed_pm during probe Will Deacon (2): KVM: arm64: Use TLBI_TTL_UNKNOWN in __kvm_tlb_flush_vmid_range() KVM: arm64: Ensure target address is granule-aligned for range TLBI Wujie Duan (1): KVM: arm64: Fix out-of-IPA space translation fault handling Yonglong Liu (1): net: hns3: fix kernel crash when devlink reload during pf initialization Ziyang Xuan (1): netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()

1 year, 2 months

1
1
0 0

Linux 6.6.26

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.26 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/hw-vuln/spectre.rst | 48 - Documentation/admin-guide/kernel-parameters.txt | 12 Makefile | 2 arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 2 arch/arm64/kernel/ptrace.c | 5 arch/arm64/kvm/hyp/pgtable.c | 11 arch/arm64/net/bpf_jit_comp.c | 4 arch/powerpc/mm/book3s64/pgtable.c | 2 arch/riscv/include/asm/uaccess.h | 4 arch/riscv/include/uapi/asm/auxvec.h | 2 arch/riscv/kernel/patch.c | 8 arch/riscv/kernel/process.c | 3 arch/riscv/kvm/aia_aplic.c | 37 arch/s390/boot/vmem.c | 2 arch/s390/include/asm/pgtable.h | 4 arch/s390/kernel/entry.S | 1 arch/s390/mm/gmap.c | 2 arch/s390/mm/hugetlbpage.c | 4 arch/s390/mm/pageattr.c | 2 arch/s390/mm/pgtable.c | 2 arch/s390/mm/vmem.c | 6 arch/s390/net/bpf_jit_comp.c | 46 - arch/sparc/mm/init_64.c | 2 arch/x86/Kconfig | 25 arch/x86/boot/compressed/Makefile | 2 arch/x86/boot/compressed/misc.c | 16 arch/x86/boot/compressed/sev.c | 3 arch/x86/coco/core.c | 41 arch/x86/entry/common.c | 10 arch/x86/entry/entry_64.S | 61 + arch/x86/entry/entry_64_compat.S | 16 arch/x86/entry/syscall_32.c | 21 arch/x86/entry/syscall_64.c | 19 arch/x86/entry/syscall_x32.c | 10 arch/x86/events/amd/core.c | 24 arch/x86/events/amd/lbr.c | 16 arch/x86/events/intel/ds.c | 8 arch/x86/include/asm/asm-prototypes.h | 1 arch/x86/include/asm/boot.h | 1 arch/x86/include/asm/coco.h | 2 arch/x86/include/asm/cpufeature.h | 8 arch/x86/include/asm/cpufeatures.h | 21 arch/x86/include/asm/disabled-features.h | 3 arch/x86/include/asm/init.h | 2 arch/x86/include/asm/mem_encrypt.h | 8 arch/x86/include/asm/msr-index.h | 9 arch/x86/include/asm/nospec-branch.h | 88 +- arch/x86/include/asm/required-features.h | 3 arch/x86/include/asm/sev.h | 10 arch/x86/include/asm/syscall.h | 11 arch/x86/include/uapi/asm/bootparam.h | 1 arch/x86/kernel/cpu/amd.c | 129 ++- arch/x86/kernel/cpu/bugs.c | 126 ++ arch/x86/kernel/cpu/common.c | 24 arch/x86/kernel/cpu/mce/core.c | 4 arch/x86/kernel/cpu/scattered.c | 2 arch/x86/kernel/head64.c | 3 arch/x86/kernel/mpparse.c | 10 arch/x86/kernel/setup.c | 2 arch/x86/kernel/sev-shared.c | 23 arch/x86/kernel/sev.c | 14 arch/x86/kernel/vmlinux.lds.S | 7 arch/x86/kvm/mmu/mmu.c | 2 arch/x86/kvm/reverse_cpuid.h | 5 arch/x86/kvm/svm/sev.c | 45 - arch/x86/kvm/trace.h | 10 arch/x86/kvm/vmx/vmenter.S | 2 arch/x86/kvm/x86.c | 2 arch/x86/lib/Makefile | 13 arch/x86/lib/retpoline.S | 165 ++- arch/x86/mm/fault.c | 4 arch/x86/mm/ident_map.c | 23 arch/x86/mm/init_64.c | 4 arch/x86/mm/kasan_init_64.c | 2 arch/x86/mm/mem_encrypt_identity.c | 76 - arch/x86/mm/pat/memtype.c | 49 - arch/x86/mm/pat/set_memory.c | 6 arch/x86/mm/pgtable.c | 2 arch/x86/mm/pti.c | 2 arch/x86/net/bpf_jit_comp.c | 2 arch/x86/power/hibernate.c | 2 arch/x86/xen/mmu_pv.c | 4 drivers/acpi/acpica/dbnames.c | 8 drivers/ata/sata_mv.c | 63 - drivers/ata/sata_sx4.c | 6 drivers/base/core.c | 26 drivers/base/regmap/regcache-maple.c | 6 drivers/bluetooth/btqca.c | 8 drivers/bluetooth/hci_qca.c | 19 drivers/dma-buf/st-dma-fence-chain.c | 6 drivers/firmware/efi/libstub/efi-stub-helper.c | 8 drivers/firmware/efi/libstub/efistub.h | 2 drivers/firmware/efi/libstub/x86-stub.c | 14 drivers/gpio/gpiolib-cdev.c | 58 + drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 43 - drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 10 drivers/gpu/drm/amd/display/dc/dce110/dce110_hw_sequencer.c | 3 drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c | 11 drivers/gpu/drm/amd/include/amd_shared.h | 1 drivers/gpu/drm/drm_prime.c | 7 drivers/gpu/drm/i915/Makefile | 1 drivers/gpu/drm/i915/display/intel_cursor.c | 6 drivers/gpu/drm/i915/display/intel_display_types.h | 1 drivers/gpu/drm/i915/display/intel_fb_pin.c | 10 drivers/gpu/drm/i915/display/skl_universal_plane.c | 5 drivers/gpu/drm/i915/gem/i915_gem_create.c | 4 drivers/gpu/drm/i915/gt/gen8_engine_cs.c | 10 drivers/gpu/drm/i915/gt/intel_engine_cs.c | 21 drivers/gpu/drm/i915/gt/intel_engine_pm.c | 2 drivers/gpu/drm/i915/gt/intel_execlists_submission.c | 4 drivers/gpu/drm/i915/gt/intel_gt.h | 31 drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c | 39 drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h | 13 drivers/gpu/drm/i915/gt/intel_gt_mcr.c | 7 drivers/gpu/drm/i915/gt/intel_gt_regs.h | 6 drivers/gpu/drm/i915/gt/intel_lrc.c | 38 drivers/gpu/drm/i915/gt/intel_mocs.c | 23 drivers/gpu/drm/i915/gt/intel_rc6.c | 6 drivers/gpu/drm/i915/gt/intel_reset.c | 20 drivers/gpu/drm/i915/gt/intel_reset.h | 2 drivers/gpu/drm/i915/gt/intel_rps.c | 2 drivers/gpu/drm/i915/gt/intel_workarounds.c | 422 +++------- drivers/gpu/drm/i915/gt/uc/intel_guc.c | 26 drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 6 drivers/gpu/drm/i915/i915_debugfs.c | 2 drivers/gpu/drm/i915/i915_drv.h | 4 drivers/gpu/drm/i915/i915_perf.c | 11 drivers/gpu/drm/i915/intel_clock_gating.c | 8 drivers/gpu/drm/nouveau/nouveau_uvmm.c | 6 drivers/gpu/drm/panfrost/panfrost_gpu.c | 6 drivers/md/dm-integrity.c | 2 drivers/net/dsa/mv88e6xxx/chip.c | 6 drivers/net/dsa/sja1105/sja1105_mdio.c | 2 drivers/net/ethernet/broadcom/asp2/bcmasp_intf.c | 28 drivers/net/ethernet/freescale/fec_main.c | 11 drivers/net/ethernet/hisilicon/hns3/hns3_common/hclge_comm_tqp_stats.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 19 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 4 drivers/net/ethernet/intel/e1000/e1000_hw.c | 46 - drivers/net/ethernet/intel/e1000e/80003es2lan.c | 3 drivers/net/ethernet/intel/e1000e/82571.c | 3 drivers/net/ethernet/intel/e1000e/ethtool.c | 7 drivers/net/ethernet/intel/e1000e/hw.h | 2 drivers/net/ethernet/intel/e1000e/ich8lan.c | 56 - drivers/net/ethernet/intel/e1000e/mac.c | 2 drivers/net/ethernet/intel/e1000e/netdev.c | 35 drivers/net/ethernet/intel/e1000e/phy.c | 191 ++-- drivers/net/ethernet/intel/e1000e/phy.h | 2 drivers/net/ethernet/intel/fm10k/fm10k_pf.c | 4 drivers/net/ethernet/intel/fm10k/fm10k_vf.c | 10 drivers/net/ethernet/intel/i40e/i40e.h | 59 - drivers/net/ethernet/intel/i40e/i40e_adminq.c | 8 drivers/net/ethernet/intel/i40e/i40e_adminq.h | 3 drivers/net/ethernet/intel/i40e/i40e_adminq_cmd.h | 2 drivers/net/ethernet/intel/i40e/i40e_alloc.h | 24 drivers/net/ethernet/intel/i40e/i40e_client.c | 1 drivers/net/ethernet/intel/i40e/i40e_common.c | 12 drivers/net/ethernet/intel/i40e/i40e_dcb.c | 4 drivers/net/ethernet/intel/i40e/i40e_dcb_nl.c | 2 drivers/net/ethernet/intel/i40e/i40e_ddp.c | 2 drivers/net/ethernet/intel/i40e/i40e_debug.h | 47 + drivers/net/ethernet/intel/i40e/i40e_debugfs.c | 3 drivers/net/ethernet/intel/i40e/i40e_diag.h | 5 drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 3 drivers/net/ethernet/intel/i40e/i40e_hmc.c | 16 drivers/net/ethernet/intel/i40e/i40e_hmc.h | 4 drivers/net/ethernet/intel/i40e/i40e_io.h | 16 drivers/net/ethernet/intel/i40e/i40e_lan_hmc.c | 9 drivers/net/ethernet/intel/i40e/i40e_lan_hmc.h | 2 drivers/net/ethernet/intel/i40e/i40e_main.c | 70 + drivers/net/ethernet/intel/i40e/i40e_nvm.c | 3 drivers/net/ethernet/intel/i40e/i40e_osdep.h | 59 - drivers/net/ethernet/intel/i40e/i40e_prototype.h | 4 drivers/net/ethernet/intel/i40e/i40e_ptp.c | 9 drivers/net/ethernet/intel/i40e/i40e_register.h | 5 drivers/net/ethernet/intel/i40e/i40e_txrx.c | 89 +- drivers/net/ethernet/intel/i40e/i40e_txrx.h | 6 drivers/net/ethernet/intel/i40e/i40e_txrx_common.h | 2 drivers/net/ethernet/intel/i40e/i40e_type.h | 56 - drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 47 - drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.h | 4 drivers/net/ethernet/intel/i40e/i40e_xsk.c | 4 drivers/net/ethernet/intel/i40e/i40e_xsk.h | 4 drivers/net/ethernet/intel/iavf/iavf_common.c | 3 drivers/net/ethernet/intel/iavf/iavf_ethtool.c | 5 drivers/net/ethernet/intel/iavf/iavf_fdir.c | 1 drivers/net/ethernet/intel/iavf/iavf_txrx.c | 1 drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 3 drivers/net/ethernet/intel/ice/ice_lag.c | 4 drivers/net/ethernet/intel/ice/ice_lib.c | 74 + drivers/net/ethernet/intel/ice/ice_switch.c | 24 drivers/net/ethernet/intel/ice/ice_switch.h | 4 drivers/net/ethernet/intel/ice/ice_vf_vsi_vlan_ops.c | 18 drivers/net/ethernet/intel/igb/e1000_82575.c | 29 drivers/net/ethernet/intel/igb/e1000_i210.c | 19 drivers/net/ethernet/intel/igb/e1000_mac.c | 2 drivers/net/ethernet/intel/igb/e1000_nvm.c | 18 drivers/net/ethernet/intel/igb/e1000_phy.c | 13 drivers/net/ethernet/intel/igb/igb_ethtool.c | 8 drivers/net/ethernet/intel/igb/igb_main.c | 4 drivers/net/ethernet/intel/igbvf/mbx.c | 1 drivers/net/ethernet/intel/igbvf/netdev.c | 33 drivers/net/ethernet/intel/igc/igc_i225.c | 1 drivers/net/ethernet/intel/igc/igc_main.c | 4 drivers/net/ethernet/intel/igc/igc_phy.c | 1 drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 30 drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 16 drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 2 drivers/net/ethernet/intel/ixgbe/ixgbe_phy.c | 8 drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 8 drivers/net/ethernet/intel/ixgbe/ixgbe_x540.c | 8 drivers/net/ethernet/intel/ixgbe/ixgbe_x550.c | 19 drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 drivers/net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 2 drivers/net/ethernet/marvell/octeontx2/af/rvu_npc.c | 2 drivers/net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 2 drivers/net/ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c | 31 drivers/net/ethernet/microchip/lan743x_main.c | 18 drivers/net/ethernet/microchip/lan743x_main.h | 4 drivers/net/ethernet/microsoft/mana/mana_en.c | 2 drivers/net/ethernet/realtek/r8169_main.c | 40 drivers/net/ethernet/renesas/ravb_main.c | 33 drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 38 drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c | 8 drivers/net/phy/micrel.c | 31 drivers/net/usb/ax88179_178a.c | 2 drivers/net/wireless/intel/iwlwifi/iwl-trans.h | 2 drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 4 drivers/net/wireless/intel/iwlwifi/mvm/rfi.c | 8 drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 31 drivers/net/wwan/t7xx/t7xx_cldma.c | 4 drivers/net/wwan/t7xx/t7xx_hif_cldma.c | 9 drivers/net/wwan/t7xx/t7xx_pcie_mac.c | 8 drivers/net/xen-netfront.c | 1 drivers/of/dynamic.c | 12 drivers/of/module.c | 8 drivers/perf/riscv_pmu.c | 4 drivers/s390/net/qeth_core_main.c | 38 drivers/scsi/myrb.c | 20 drivers/scsi/myrs.c | 24 drivers/scsi/sd.c | 2 drivers/spi/spi-pci1xxxx.c | 2 drivers/spi/spi-s3c64xx.c | 80 + drivers/usb/typec/ucsi/ucsi_glink.c | 14 fs/btrfs/extent_io.c | 208 +++- fs/btrfs/inode.c | 22 fs/nfsd/nfs4state.c | 7 fs/pipe.c | 17 fs/smb/client/cached_dir.c | 6 fs/smb/client/cifs_debug.c | 6 fs/smb/client/cifsfs.c | 11 fs/smb/client/cifsglob.h | 17 fs/smb/client/connect.c | 45 + fs/smb/client/dir.c | 15 fs/smb/client/file.c | 111 ++ fs/smb/client/fs_context.c | 6 fs/smb/client/fs_context.h | 12 fs/smb/client/fscache.c | 16 fs/smb/client/fscache.h | 6 fs/smb/client/inode.c | 2 fs/smb/client/ioctl.c | 6 fs/smb/client/misc.c | 2 fs/smb/client/smb1ops.c | 4 fs/smb/client/smb2misc.c | 4 fs/smb/client/smb2ops.c | 11 fs/smb/client/smb2pdu.c | 2 fs/smb/server/ksmbd_netlink.h | 3 fs/smb/server/mgmt/share_config.c | 7 fs/smb/server/smb2ops.c | 10 fs/smb/server/smb2pdu.c | 3 fs/smb/server/transport_ipc.c | 37 fs/vboxsf/super.c | 3 include/kvm/arm_pmu.h | 2 include/linux/avf/virtchnl.h | 5 include/linux/bpf.h | 16 include/linux/device.h | 1 include/linux/io_uring_types.h | 1 include/linux/secretmem.h | 4 include/linux/skbuff.h | 7 include/linux/udp.h | 28 include/net/bluetooth/hci.h | 9 include/net/inet_connection_sock.h | 1 include/net/mana/mana.h | 1 include/net/sock.h | 7 io_uring/io_uring.c | 18 io_uring/kbuf.c | 118 -- io_uring/kbuf.h | 8 kernel/bpf/syscall.c | 35 kernel/bpf/verifier.c | 5 kernel/trace/bpf_trace.c | 10 mm/memory.c | 4 net/9p/client.c | 10 net/ax25/ax25_dev.c | 2 net/bluetooth/hci_debugfs.c | 48 - net/bluetooth/hci_event.c | 25 net/bluetooth/hci_sync.c | 5 net/bridge/netfilter/ebtables.c | 6 net/core/gro.c | 3 net/core/sock_map.c | 6 net/hsr/hsr_slave.c | 3 net/ipv4/inet_connection_sock.c | 33 net/ipv4/inet_fragment.c | 70 + net/ipv4/ip_fragment.c | 2 net/ipv4/ip_gre.c | 5 net/ipv4/netfilter/arp_tables.c | 4 net/ipv4/netfilter/ip_tables.c | 4 net/ipv4/tcp.c | 2 net/ipv4/udp.c | 7 net/ipv4/udp_offload.c | 23 net/ipv6/ip6_fib.c | 14 net/ipv6/ip6_gre.c | 3 net/ipv6/netfilter/ip6_tables.c | 4 net/ipv6/netfilter/nf_conntrack_reasm.c | 2 net/ipv6/udp.c | 2 net/ipv6/udp_offload.c | 8 net/mptcp/protocol.c | 106 -- net/mptcp/subflow.c | 2 net/netfilter/nf_tables_api.c | 92 +- net/nfc/nci/core.c | 5 net/rds/rdma.c | 2 net/sched/act_skbmod.c | 10 net/sched/sch_api.c | 2 net/sunrpc/svcsock.c | 10 net/tls/tls_sw.c | 7 net/vmw_vsock/virtio_transport.c | 3 scripts/bpf_doc.py | 4 scripts/mod/Makefile | 4 scripts/mod/modpost.c | 73 - scripts/mod/modpost.h | 25 scripts/mod/symsearch.c | 199 ++++ security/selinux/selinuxfs.c | 12 sound/pci/emu10k1/emu10k1_callback.c | 7 sound/pci/hda/cs35l56_hda.c | 4 sound/pci/hda/cs35l56_hda_i2c.c | 13 sound/pci/hda/cs35l56_hda_spi.c | 13 sound/pci/hda/patch_realtek.c | 3 sound/soc/amd/acp/acp-pci.c | 5 sound/soc/codecs/rt5682-sdw.c | 4 sound/soc/codecs/rt711-sdca-sdw.c | 4 sound/soc/codecs/rt711-sdw.c | 4 sound/soc/codecs/rt712-sdca-sdw.c | 5 sound/soc/codecs/rt722-sdca-sdw.c | 4 sound/soc/codecs/wm_adsp.c | 3 sound/soc/soc-ops.c | 2 sound/soc/sof/amd/acp.c | 8 tools/arch/x86/include/asm/cpufeatures.h | 2 tools/net/ynl/ynl-gen-c.py | 7 tools/testing/selftests/mm/vm_util.h | 2 tools/testing/selftests/net/mptcp/mptcp_connect.sh | 85 +- tools/testing/selftests/net/mptcp/mptcp_join.sh | 4 tools/testing/selftests/net/reuseaddr_conflict.c | 2 tools/testing/selftests/net/test_vxlan_mdb.sh | 205 +++- tools/testing/selftests/net/udpgro_fwd.sh | 10 355 files changed, 4153 insertions(+), 2335 deletions(-) Aleksandr Loktionov (2): i40e: fix i40e_count_filters() to count only active/new filters i40e: fix vf may be used uninitialized in this function warning Aleksandr Mishin (2): net: phy: micrel: Fix potential null pointer dereference octeontx2-af: Add array index check Alexandra Winter (1): s390/qeth: handle deferred cc1 Alexandre Ghiti (1): riscv: Disable preemption when using patch_map() Andi Shyti (3): drm/i915/gt: Disable HW load balancing for CCS drm/i915/gt: Do not generate the command streamer for all the CCS drm/i915/gt: Enable only one CCS for compute workload Andrei Matei (1): bpf: Protect against int overflow for stack access size Andrii Nakryiko (2): bpf: put uprobe link's path and task in release callback bpf: support deferring bpf_link dealloc to after RCU grace period Antoine Tenart (5): selftests: net: gro fwd: update vxlan GRO test expectations gro: fix ownership transfer udp: do not accept non-tunnel GSO skbs landing in a tunnel udp: do not transition UDP GRO fraglist partial checksums to unnecessary udp: prevent local UDP tunnel packets from being GROed Anup Patel (2): RISC-V: KVM: Fix APLIC setipnum_le/be write emulation RISC-V: KVM: Fix APLIC in_clrip[x] read emulation Ard Biesheuvel (5): efi/libstub: Add generic support for parsing mem_encrypt= x86/sme: Move early SME kernel encryption handling into .head.text x86/sev: Move early startup code into .head.text section x86/efistub: Remap kernel text read-only before dropping NX attribute x86/boot: Move mem_encrypt= parsing to the decompressor Arnd Bergmann (4): dm integrity: fix out-of-range warning ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit scsi: mylex: Fix sysfs buffer lengths ata: sata_mv: Fix PCI device ID table declaration compilation warning Artem Savkov (1): arm64: bpf: fix 32bit unconditional bswap Ashish Kalra (1): KVM: SVM: Add support for allowing zero SEV ASIDs Atlas Yu (1): r8169: skip DASH fw status checks when DASH is disabled Bartosz Golaszewski (2): gpio: cdev: sanitize the label before requesting the interrupt gpio: cdev: check for NULL labels when sanitizing them for irqs Bastien Nocera (1): Bluetooth: Fix TOCTOU in HCI debugfs implementation Benjamin Berg (1): wifi: iwlwifi: mvm: include link ID when releasing frames Bjørn Mork (1): net: wwan: t7xx: Split 64bit accesses to fix alignment issues Borislav Petkov (AMD) (11): x86/CPU/AMD: Add ZenX generations flags x86/CPU/AMD: Carve out the erratum 1386 fix x86/CPU/AMD: Move erratum 1076 fix into the Zen1 init function x86/CPU/AMD: Move Zenbleed check to the Zen2 init function x86/CPU/AMD: Move the DIV0 bug detection to the Zen1 init function x86/CPU/AMD: Get rid of amd_erratum_1054[] x86/CPU/AMD: Add X86_FEATURE_ZEN1 x86/bugs: Fix the SRSO mitigation on Zen3/4 x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() Chris Park (1): drm/amd/display: Prevent crash when disable stream Christian Göttsche (1): selinux: avoid dereference of garbage after mount failure Christian Hewitt (1): drm/panfrost: fix power transition timeout warnings Christoffer Sandberg (1): ALSA: hda/realtek - Fix inactive headset mic jack Christophe JAILLET (2): vboxsf: Avoid an spurious warning if load_nls_xxx() fails net: dsa: sja1105: Fix parameters order in sja1110_pcs_mdio_write_c45() Chuck Lever (1): SUNRPC: Fix a slow server-side memory leak with RPC-over-TCP Claudiu Beznea (1): net: ravb: Let IP-specific receive function to interrogate descriptors Daniel Sneddon (2): x86/bhi: Define SPEC_CTRL_BHI_DIS_S KVM: x86: Add BHI_NO Dave Airlie (1): nouveau/uvmm: fix addr/range calcs for remap operations David Hildenbrand (2): x86/mm/pat: fix VM_PAT handling in COW mappings mm/secretmem: fix GUP-fast succeeding on secretmem folios David Howells (2): cifs: Fix duplicate fscache cookie warnings cifs: Fix caching to try to do open O_WRONLY as rdwr on server David Thompson (3): mlxbf_gige: stop PHY during open() error paths mlxbf_gige: call request_irq() after NAPI initialized mlxbf_gige: stop interface during shutdown Davide Caratti (2): mptcp: don't overwrite sock_ops in mptcp_is_tcpsk() mptcp: don't account accept() of non-MPC client as fallback to TCP Dmytro Laktyushkin (1): drm/amd/display: Fix DPSTREAM CLK on and off sequence Dominique Martinet (1): 9p: Fix read/write debug statements to report server reply Duanqiang Wen (1): net: txgbe: fix i2c dev name cannot match clkdev Duoming Zhou (1): ax25: fix use-after-free bugs caused by ax25_ds_del_timer Edward Liaw (1): selftests/mm: include strings.h for ffsl Emmanuel Grumbach (1): wifi: iwlwifi: disable multi rx queue for 9000 Eric Dumazet (5): tcp: properly terminate timers for kernel sockets netfilter: validate user input for expected length net/sched: act_skbmod: prevent kernel-infoleak net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() erspan: make sure erspan_base_hdr is present in skb->head Filipe Manana (2): btrfs: ensure fiemap doesn't race with writes when FIEMAP_FLAG_SYNC is given btrfs: fix race when detecting delalloc ranges during fiemap Florian Westphal (1): inet: inet_defrag: prevent sk release while still in use Geliang Tang (1): selftests: mptcp: join: fix dev in check_endpoint Greg Kroah-Hartman (3): Revert "x86/mpparse: Register APIC address only once" x86: set SPECTRE_BHI_ON as default Linux 6.6.26 Haiyang Zhang (1): net: mana: Fix Rx DMA datasize and skb_over_panic Hangbin Liu (1): scripts/bpf_doc: Use silent mode when exec make cmd Hariprasad Kelam (2): Octeontx2-af: fix pause frame configuration in GMP mode octeontx2-af: Fix issue with loading coalesced KPU profiles Heiner Kallweit (1): r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d Herve Codina (2): driver core: Introduce device_link_wait_removal() of: dynamic: Synchronize of_changeset_destroy() with the devlink removals Horatiu Vultur (1): net: phy: micrel: lan8814: Fix when enabling/disabling 1-step timestamping Hou Wenlong (1): x86/head/64: Move the __head definition to <asm/init.h> Huai-Yuan Liu (1): spi: mchp-pci1xxx: Fix a possible null pointer dereference in pci1xxx_spi_probe Hui Wang (1): Bluetooth: hci_event: set the conn encrypted before conn establishes I Gede Agastya Darma Laksana (1): ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Ido Schimmel (1): selftests: vxlan_mdb: Fix failures with old libnet Ilya Leoshkevich (1): s390/bpf: Fix bpf_plt pointer arithmetic Ingo Molnar (1): Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Ivan Vecera (10): i40e: Fix VF MAC filter removal i40e: Remove _t suffix from enum type names i40e: Enforce software interrupt during busy-poll exit i40e: Remove back pointer from i40e_hw structure i40e: Refactor I40E_MDIO_CLAUSE* macros virtchnl: Add header dependencies i40e: Simplify memory allocation functions i40e: Move memory allocation structures to i40e_alloc.h i40e: Split i40e_osdep.h i40e: Remove circular header dependencies and fix headers Jack Brennen (1): modpost: Optimize symbol search from linear to binary search Jaewon Kim (1): spi: s3c64xx: Use DMA mode from fifo size Jakub Kicinski (2): tools: ynl: fix setting presence bits in simple nests selftests: reuseaddr_conflict: add missing new line at the end of the output Jakub Sitnicki (1): bpf, sockmap: Prevent lock inversion deadlock in map delete elem Jann Horn (1): fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() Jason A. Donenfeld (1): x86/coco: Require seeding RNG with RDRAND on CoCo systems Jeff Layton (1): nfsd: hold a lighter-weight client reference over CB_RECALL_ANY Jens Axboe (5): io_uring/kbuf: get rid of lower BGID lists io_uring/kbuf: get rid of bl->is_ready io_uring/kbuf: protect io_buffer_list teardown with a reference io_uring: use private workqueue for exit work io_uring/kbuf: hold io_buffer_list reference over mmap Jesper Dangaard Brouer (1): xen-netfront: Add missing skb_mark_for_recycle Jesse Brandeburg (4): ice: fix memory corruption bug with suspend and rebuild intel: add bit macro includes where needed intel: legacy: field get conversion ice: fix typo in assignment Jian Shen (1): net: hns3: mark unexcuted loopback test result as UNEXECUTED Jie Wang (1): net: hns3: fix index limit to support all queue stats Johan Hovold (4): Revert "Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT" arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken Bluetooth: qca: fix device-address endianness Bluetooth: add quirk for broken address properties Johannes Berg (1): wifi: iwlwifi: mvm: rfi: fix potential response leaks Jose Ignacio Tornos Martinez (1): net: usb: ax88179_178a: avoid the interface always configured as random address Josh Poimboeuf (4): x86/srso: Improve i-cache locality for alias mitigation x86/srso: Disentangle rethunk-dependent options x86/nospec: Refactor UNTRAIN_RET[_*] x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file Justin Chen (1): net: bcmasp: Bring up unimac after PHY link up Kan Liang (1): perf/x86/intel/ds: Don't clear ->pebs_data_cfg for the last PEBS event Kent Gibson (1): gpio: cdev: fix missed label sanitizing in debounce_setup() Krishna Kurapati (1): usb: typec: ucsi: Fix race between typec_switch and role_switch Kuniyuki Iwashima (2): tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses. ipv6: Fix infinite recursion in fib6_dump_done(). Kurt Kanzenbach (1): igc: Remove stale comment about Tx timestamping Li Nan (1): scsi: sd: Unregister device if device_add_disk() failed in sd_probe() Linus Torvalds (1): x86/syscall: Don't force use of indirect calls for system calls Maarten Lankhorst (1): drm/i915/display: Use i915_gem_object_get_dma_address to get dma address Mahmoud Adam (1): net/rds: fix possible cp null dereference Marco Pinna (1): vsock/virtio: fix packet delivery to tap device Mario Limonciello (3): drm/amd: Evict resources during PM ops prepare() callback drm/amd: Add concept of running prepare_suspend() sequence for IP blocks drm/amd: Flush GFXOFF requests in prepare stage Mark Brown (1): arm64/ptrace: Use saved floating point state type to determine SVE layout Masahiro Yamada (1): modpost: do not make find_tosym() return NULL Matt Roper (7): drm/i915/dg2: Drop pre-production GT workarounds drm/i915: Tidy workaround definitions drm/i915: Consolidate condition for Wa_22011802037 drm/i915/xelpg: Call Xe_LPG workaround functions based on IP version drm/i915: Eliminate IS_MTL_GRAPHICS_STEP drm/i915: Replace several IS_METEORLAKE with proper IP version checks drm/i915/xelpg: Extend some workarounds/tuning to gfx version 12.74 Matthieu Baerts (NGI0) (1): selftests: mptcp: connect: fix shellcheck warnings Michael Krummsdorf (1): net: dsa: mv88e6xxx: fix usable ports on 88e6020 Michal Swiatkowski (1): ice: realloc VSI stats arrays Namjae Jeon (3): ksmbd: don't send oplock break if rename fails ksmbd: validate payload size in ipc response ksmbd: do not set SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1 Nikita Kiryushin (1): ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() Oliver Upton (1): KVM: arm64: Fix host-programmed guest events in nVHE Oswald Buddenhagen (1): Revert "ALSA: emu10k1: fix synthesizer sample playback position and caching" Pablo Neira Ayuso (8): netfilter: nf_tables: reject destroy command to remove basechain hooks netfilter: nf_tables: reject table flag and netdev basechain updates netfilter: nf_tables: skip netdev hook unregistration if table is dormant netfilter: nf_tables: release batch on table validation from abort path netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path netfilter: nf_tables: reject new basechain after table flag update netfilter: nf_tables: flush pending destroy work before exit_net release netfilter: nf_tables: discard table flag update with pending basechain deletion Paul Barker (2): net: ravb: Always process TX descriptor ring net: ravb: Always update error counters Paulo Alcantara (11): smb: client: handle DFS tcons in cifs_construct_tcon() smb: client: serialise cifs_construct_tcon() with cifs_mount_mutex smb: client: fix potential UAF in cifs_debug_files_proc_show() smb: client: fix potential UAF in cifs_stats_proc_write() smb: client: fix potential UAF in cifs_stats_proc_show() smb: client: fix potential UAF in cifs_dump_full_key() smb: client: fix potential UAF in smb2_is_valid_oplock_break() smb: client: fix potential UAF in smb2_is_valid_lease_break() smb: client: fix potential UAF in is_valid_oplock_break() smb: client: fix potential UAF in smb2_is_network_name_deleted() smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() Pavel Sakharov (1): dma-buf: Fix NULL pointer dereference in sanitycheck() Pawan Gupta (4): x86/bhi: Add support for clearing branch history at syscall entry x86/bhi: Enumerate Branch History Injection (BHI) bug x86/bhi: Add BHI mitigation knob x86/bhi: Mitigate KVM by default Peter Xu (1): mm/treewide: replace pud_large() with pud_leaf() Petr Oros (1): ice: fix enabling RX VLAN filtering Pierre-Louis Bossart (5): ASoC: rt5682-sdw: fix locking sequence ASoC: rt711-sdca: fix locking sequence ASoC: rt711-sdw: fix locking sequence ASoC: rt712-sdca-sdw: fix locking sequence ASoC: rt722-sdca-sdw: fix locking sequence Piotr Wejman (1): net: stmmac: fix rx queue priority assignment Przemek Kitszel (1): ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() Pu Lehui (1): drivers/perf: riscv: Disable PERF_SAMPLE_BRANCH_* while not supported Puranjay Mohan (1): bpf, arm64: fix bug in BPF_LDX_MEMSX Raju Lakkaraju (1): net: lan743x: Add set RFE read fifo threshold for PCI1x1x chips Ravi Gunasekaran (1): net: hsr: hsr_slave: Fix the promiscuous mode in offload mode Richard Fitzgerald (3): ASoC: wm_adsp: Fix missing mutex_lock in wm_adsp_write_ctl() regmap: maple: Fix cache corruption in regcache_maple_drop() regmap: maple: Fix uninitialized symbol 'ret' warnings Ritvik Budhiraja (1): smb3: retrying on failed server close Rob Clark (1): drm/prime: Unbreak virtgpu dma-buf export Ryosuke Yasuoka (1): nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Sabrina Dubroca (3): tls: recv: process_rx_list shouldn't use an offset with kvec tls: adjust recv return with async crypto and failed copy to userspace tls: get psock ref after taking rxlock to avoid leak Sam Protsenko (1): spi: s3c64xx: Extract FIFO depth calculation to a dedicated macro Samuel Holland (1): riscv: Fix spurious errors from __get/put_kernel_nofault Sandipan Das (3): perf/x86/amd/core: Update and fix stalled-cycles-* events for Zen 2 and later x86/cpufeatures: Add new word for scattered features perf/x86/amd/lbr: Use freeze based on availability Sean Christopherson (2): x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word KVM: SVM: Use unsigned integers when dealing with ASIDs Sergey Shtylyov (1): of: module: prevent NULL pointer dereference in vsnprintf() Simon Trimmer (2): ALSA: hda: cs35l56: Set the init_done flag before component_add() ALSA: hda: cs35l56: Add ACPI device match tables Stefan O'Rear (1): riscv: process: Fix kernel gp leakage Stephen Lee (1): ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Steven Zou (1): ice: Refactor FW data type and fix bitmap casting issue Su Hui (1): octeontx2-pf: check negative error code in otx2_open() Sumanth Korikkar (1): s390/entry: align system call table on 8 bytes Tejas Upadhyay (2): drm/i915/mtl: Update workaround 14016712196 drm/i915/mtl: Update workaround 14018575942 Tudor Ambarus (6): spi: s3c64xx: sort headers alphabetically spi: s3c64xx: explicitly include <linux/bits.h> spi: s3c64xx: remove else after return spi: s3c64xx: define a magic value spi: s3c64xx: allow full FIFO masks spi: s3c64xx: determine the fifo depth only once Uros Bizjak (1): x86/bpf: Fix IP after emitting call depth accounting Victor Isaev (1): RISC-V: Update AT_VECTOR_SIZE_ARCH for new AT_MINSIGSTKSZ Vijendar Mukunda (2): ASoC: amd: acp: fix for acp_init function error handling ASoC: SOF: amd: fix for false dsp interrupts Ville Syrjälä (1): drm/i915: Pre-populate the cursor physical dma address Vitaly Lifshits (3): e1000e: Workaround for sporadic MDI error on Meteor Lake systems e1000e: Minor flow correction in e1000_shutdown function e1000e: move force SMBUS from enable ulp function to avoid PHY loss issue Wei Fang (1): net: fec: Set mac_managed_pm during probe Will Deacon (1): KVM: arm64: Ensure target address is granule-aligned for range TLBI Yonglong Liu (1): net: hns3: fix kernel crash when devlink reload during pf initialization Ziyang Xuan (1): netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()

1 year, 2 months

1
1
0 0

Linux 6.1.85

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.85 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/hw-vuln/spectre.rst | 48 +++ Documentation/admin-guide/kernel-parameters.txt | 12 Makefile | 2 arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 2 arch/riscv/include/asm/uaccess.h | 4 arch/riscv/kernel/process.c | 3 arch/s390/kernel/entry.S | 1 arch/x86/Kconfig | 25 + arch/x86/coco/core.c | 41 +++ arch/x86/entry/common.c | 10 arch/x86/entry/entry_64.S | 61 ++++ arch/x86/entry/entry_64_compat.S | 16 + arch/x86/entry/syscall_32.c | 21 + arch/x86/entry/syscall_64.c | 19 + arch/x86/entry/syscall_x32.c | 10 arch/x86/events/amd/core.c | 4 arch/x86/events/amd/lbr.c | 16 - arch/x86/include/asm/asm-prototypes.h | 1 arch/x86/include/asm/coco.h | 2 arch/x86/include/asm/cpufeature.h | 8 arch/x86/include/asm/cpufeatures.h | 15 + arch/x86/include/asm/disabled-features.h | 3 arch/x86/include/asm/msr-index.h | 9 arch/x86/include/asm/nospec-branch.h | 37 ++ arch/x86/include/asm/required-features.h | 3 arch/x86/include/asm/syscall.h | 11 arch/x86/kernel/cpu/bugs.c | 121 ++++++++- arch/x86/kernel/cpu/common.c | 24 + arch/x86/kernel/cpu/mce/core.c | 4 arch/x86/kernel/cpu/scattered.c | 2 arch/x86/kernel/setup.c | 2 arch/x86/kvm/reverse_cpuid.h | 5 arch/x86/kvm/svm/sev.c | 60 ++-- arch/x86/kvm/trace.h | 10 arch/x86/kvm/vmx/vmenter.S | 2 arch/x86/kvm/x86.c | 2 arch/x86/lib/retpoline.S | 6 arch/x86/mm/ident_map.c | 23 - arch/x86/mm/pat/memtype.c | 49 ++- drivers/acpi/acpica/dbnames.c | 8 drivers/ata/sata_mv.c | 63 ++-- drivers/ata/sata_sx4.c | 6 drivers/base/core.c | 26 + drivers/bluetooth/btqca.c | 8 drivers/bluetooth/hci_qca.c | 19 - drivers/dma-buf/st-dma-fence-chain.c | 6 drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 38 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 10 drivers/gpu/drm/amd/include/amd_shared.h | 1 drivers/gpu/drm/panfrost/panfrost_gpu.c | 6 drivers/md/dm-integrity.c | 2 drivers/net/ethernet/freescale/fec_main.c | 11 drivers/net/ethernet/hisilicon/hns3/hns3_common/hclge_comm_tqp_stats.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 19 + drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 4 drivers/net/ethernet/intel/i40e/i40e.h | 6 drivers/net/ethernet/intel/i40e/i40e_main.c | 14 - drivers/net/ethernet/intel/i40e/i40e_ptp.c | 6 drivers/net/ethernet/intel/i40e/i40e_register.h | 3 drivers/net/ethernet/intel/i40e/i40e_txrx.c | 82 ++++-- drivers/net/ethernet/intel/i40e/i40e_txrx.h | 5 drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 45 +-- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 16 - drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 drivers/net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 2 drivers/net/ethernet/marvell/octeontx2/af/rvu_npc.c | 2 drivers/net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 2 drivers/net/ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c | 31 +- drivers/net/ethernet/microchip/lan743x_main.c | 18 + drivers/net/ethernet/microchip/lan743x_main.h | 4 drivers/net/ethernet/realtek/r8169_main.c | 131 ++++++++-- drivers/net/ethernet/renesas/ravb_main.c | 33 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 ++- drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 38 ++ drivers/net/phy/micrel.c | 31 +- drivers/net/usb/asix_devices.c | 4 drivers/net/usb/ax88179_178a.c | 2 drivers/net/wireless/intel/iwlwifi/mvm/rfi.c | 8 drivers/net/wwan/t7xx/t7xx_cldma.c | 4 drivers/net/wwan/t7xx/t7xx_hif_cldma.c | 9 drivers/net/wwan/t7xx/t7xx_pcie_mac.c | 8 drivers/net/xen-netfront.c | 1 drivers/nvme/host/core.c | 4 drivers/nvme/host/ioctl.c | 3 drivers/nvme/host/nvme.h | 2 drivers/nvme/target/passthru.c | 3 drivers/of/dynamic.c | 12 drivers/perf/riscv_pmu.c | 4 drivers/s390/net/qeth_core_main.c | 38 ++ drivers/scsi/myrb.c | 20 - drivers/scsi/myrs.c | 24 - drivers/scsi/sd.c | 2 fs/nfsd/nfs4state.c | 7 fs/pipe.c | 17 - fs/smb/client/cached_dir.c | 6 fs/smb/client/cifs_debug.c | 6 fs/smb/client/cifsfs.c | 11 fs/smb/client/cifsglob.h | 17 + fs/smb/client/connect.c | 2 fs/smb/client/dir.c | 15 + fs/smb/client/file.c | 111 +++++++- fs/smb/client/fscache.c | 16 + fs/smb/client/fscache.h | 6 fs/smb/client/inode.c | 2 fs/smb/client/misc.c | 2 fs/smb/client/smb1ops.c | 4 fs/smb/client/smb2misc.c | 4 fs/smb/client/smb2ops.c | 11 fs/smb/client/smb2pdu.c | 2 fs/smb/server/ksmbd_netlink.h | 3 fs/smb/server/mgmt/share_config.c | 7 fs/smb/server/smb2ops.c | 10 fs/smb/server/smb2pdu.c | 3 fs/smb/server/transport_ipc.c | 37 ++ fs/vboxsf/super.c | 3 include/kvm/arm_pmu.h | 2 include/linux/device.h | 1 include/linux/secretmem.h | 4 include/linux/skbuff.h | 7 include/linux/udp.h | 28 ++ include/net/bluetooth/hci.h | 9 include/net/inet_connection_sock.h | 1 include/net/sock.h | 7 kernel/bpf/verifier.c | 5 mm/memory.c | 4 net/9p/client.c | 10 net/bluetooth/hci_debugfs.c | 48 ++- net/bluetooth/hci_event.c | 25 + net/bluetooth/hci_sync.c | 5 net/bridge/netfilter/ebtables.c | 6 net/core/gro.c | 3 net/core/sock_map.c | 6 net/ipv4/inet_connection_sock.c | 33 +- net/ipv4/inet_fragment.c | 70 ++++- net/ipv4/ip_fragment.c | 2 net/ipv4/ip_gre.c | 5 net/ipv4/netfilter/arp_tables.c | 4 net/ipv4/netfilter/ip_tables.c | 4 net/ipv4/tcp.c | 2 net/ipv4/udp.c | 7 net/ipv4/udp_offload.c | 23 - net/ipv6/ip6_fib.c | 14 - net/ipv6/ip6_gre.c | 3 net/ipv6/netfilter/ip6_tables.c | 4 net/ipv6/netfilter/nf_conntrack_reasm.c | 2 net/ipv6/udp.c | 2 net/ipv6/udp_offload.c | 8 net/mptcp/protocol.c | 3 net/mptcp/subflow.c | 2 net/netfilter/nf_tables_api.c | 13 net/nfc/nci/core.c | 5 net/rds/rdma.c | 2 net/sched/act_skbmod.c | 10 net/sched/sch_api.c | 2 net/tls/tls_sw.c | 7 net/vmw_vsock/virtio_transport.c | 3 scripts/bpf_doc.py | 4 sound/pci/hda/patch_realtek.c | 3 sound/soc/codecs/rt5682-sdw.c | 4 sound/soc/codecs/rt711-sdca-sdw.c | 4 sound/soc/codecs/rt711-sdw.c | 4 sound/soc/soc-ops.c | 2 tools/testing/selftests/net/mptcp/mptcp_connect.sh | 7 tools/testing/selftests/net/mptcp/mptcp_join.sh | 7 tools/testing/selftests/net/reuseaddr_conflict.c | 2 tools/testing/selftests/net/udpgro_fwd.sh | 10 167 files changed, 1790 insertions(+), 546 deletions(-) Aleksandr Loktionov (2): i40e: fix i40e_count_filters() to count only active/new filters i40e: fix vf may be used uninitialized in this function warning Aleksandr Mishin (2): net: phy: micrel: Fix potential null pointer dereference octeontx2-af: Add array index check Alexander Mikhalitsyn (1): KVM: SVM: enhance info printk's in SEV init Alexandra Winter (1): s390/qeth: handle deferred cc1 Andrei Matei (1): bpf: Protect against int overflow for stack access size Antoine Tenart (5): selftests: net: gro fwd: update vxlan GRO test expectations gro: fix ownership transfer udp: do not accept non-tunnel GSO skbs landing in a tunnel udp: do not transition UDP GRO fraglist partial checksums to unnecessary udp: prevent local UDP tunnel packets from being GROed Arnd Bergmann (4): dm integrity: fix out-of-range warning ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit scsi: mylex: Fix sysfs buffer lengths ata: sata_mv: Fix PCI device ID table declaration compilation warning Ashish Kalra (1): KVM: SVM: Add support for allowing zero SEV ASIDs Atlas Yu (1): r8169: skip DASH fw status checks when DASH is disabled Bastien Nocera (1): Bluetooth: Fix TOCTOU in HCI debugfs implementation Bjørn Mork (1): net: wwan: t7xx: Split 64bit accesses to fix alignment issues Borislav Petkov (AMD) (4): x86/bugs: Fix the SRSO mitigation on Zen3/4 x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() Christian Hewitt (1): drm/panfrost: fix power transition timeout warnings Christoffer Sandberg (1): ALSA: hda/realtek - Fix inactive headset mic jack Christophe JAILLET (1): vboxsf: Avoid an spurious warning if load_nls_xxx() fails Claudiu Beznea (1): net: ravb: Let IP-specific receive function to interrogate descriptors Daniel Sneddon (2): x86/bhi: Define SPEC_CTRL_BHI_DIS_S KVM: x86: Add BHI_NO David Hildenbrand (2): x86/mm/pat: fix VM_PAT handling in COW mappings mm/secretmem: fix GUP-fast succeeding on secretmem folios David Howells (2): cifs: Fix duplicate fscache cookie warnings cifs: Fix caching to try to do open O_WRONLY as rdwr on server David Thompson (3): mlxbf_gige: stop PHY during open() error paths mlxbf_gige: call request_irq() after NAPI initialized mlxbf_gige: stop interface during shutdown Davide Caratti (1): mptcp: don't account accept() of non-MPC client as fallback to TCP Denis Kirjanov (1): drivers: net: convert to boolean for the mac_managed_pm flag Dominique Martinet (1): 9p: Fix read/write debug statements to report server reply Eric Dumazet (5): tcp: properly terminate timers for kernel sockets netfilter: validate user input for expected length net/sched: act_skbmod: prevent kernel-infoleak net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() erspan: make sure erspan_base_hdr is present in skb->head Florian Westphal (1): inet: inet_defrag: prevent sk release while still in use Geliang Tang (2): selftests: mptcp: join: fix dev in check_endpoint selftests: mptcp: display simult in extra_msg Greg Kroah-Hartman (2): x86: set SPECTRE_BHI_ON as default Linux 6.1.85 Hangbin Liu (1): scripts/bpf_doc: Use silent mode when exec make cmd Hariprasad Kelam (2): Octeontx2-af: fix pause frame configuration in GMP mode octeontx2-af: Fix issue with loading coalesced KPU profiles Heiner Kallweit (4): r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d r8169: use spinlock to protect mac ocp register access r8169: use spinlock to protect access to registers Config2 and Config5 r8169: prepare rtl_hw_aspm_clkreq_enable for usage in atomic context Herve Codina (2): driver core: Introduce device_link_wait_removal() of: dynamic: Synchronize of_changeset_destroy() with the devlink removals Horatiu Vultur (1): net: phy: micrel: lan8814: Fix when enabling/disabling 1-step timestamping Hui Wang (1): Bluetooth: hci_event: set the conn encrypted before conn establishes I Gede Agastya Darma Laksana (1): ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Ingo Molnar (1): Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Ivan Vecera (3): i40e: Fix VF MAC filter removal i40e: Remove _t suffix from enum type names i40e: Enforce software interrupt during busy-poll exit Jakub Kicinski (1): selftests: reuseaddr_conflict: add missing new line at the end of the output Jakub Sitnicki (1): bpf, sockmap: Prevent lock inversion deadlock in map delete elem Jann Horn (1): fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() Jason A. Donenfeld (1): x86/coco: Require seeding RNG with RDRAND on CoCo systems Jeff Layton (1): nfsd: hold a lighter-weight client reference over CB_RECALL_ANY Jesper Dangaard Brouer (1): xen-netfront: Add missing skb_mark_for_recycle Jian Shen (1): net: hns3: mark unexcuted loopback test result as UNEXECUTED Jie Wang (1): net: hns3: fix index limit to support all queue stats Joe Damato (1): i40e: Store the irq number in i40e_q_vector Johan Hovold (4): Revert "Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT" arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken Bluetooth: qca: fix device-address endianness Bluetooth: add quirk for broken address properties Johannes Berg (1): wifi: iwlwifi: mvm: rfi: fix potential response leaks Jose Ignacio Tornos Martinez (1): net: usb: ax88179_178a: avoid the interface always configured as random address Josh Poimboeuf (1): x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file Kuniyuki Iwashima (2): ipv6: Fix infinite recursion in fib6_dump_done(). tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses. Li Nan (1): scsi: sd: Unregister device if device_add_disk() failed in sd_probe() Linus Torvalds (1): x86/syscall: Don't force use of indirect calls for system calls Mahmoud Adam (1): net/rds: fix possible cp null dereference Marco Pinna (1): vsock/virtio: fix packet delivery to tap device Mario Limonciello (3): drm/amd: Evict resources during PM ops prepare() callback drm/amd: Add concept of running prepare_suspend() sequence for IP blocks drm/amd: Flush GFXOFF requests in prepare stage Namjae Jeon (3): ksmbd: don't send oplock break if rename fails ksmbd: validate payload size in ipc response ksmbd: do not set SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1 Nikita Kiryushin (1): ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() Oliver Upton (1): KVM: arm64: Fix host-programmed guest events in nVHE Pablo Neira Ayuso (2): netfilter: nf_tables: reject new basechain after table flag update netfilter: nf_tables: flush pending destroy work before exit_net release Paul Barker (2): net: ravb: Always process TX descriptor ring net: ravb: Always update error counters Paulo Alcantara (8): smb: client: fix potential UAF in cifs_debug_files_proc_show() smb: client: fix potential UAF in cifs_stats_proc_write() smb: client: fix potential UAF in cifs_stats_proc_show() smb: client: fix potential UAF in smb2_is_valid_oplock_break() smb: client: fix potential UAF in smb2_is_valid_lease_break() smb: client: fix potential UAF in is_valid_oplock_break() smb: client: fix potential UAF in smb2_is_network_name_deleted() smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() Pavel Sakharov (1): dma-buf: Fix NULL pointer dereference in sanitycheck() Pawan Gupta (4): x86/bhi: Add support for clearing branch history at syscall entry x86/bhi: Enumerate Branch History Injection (BHI) bug x86/bhi: Add BHI mitigation knob x86/bhi: Mitigate KVM by default Pierre-Louis Bossart (3): ASoC: rt5682-sdw: fix locking sequence ASoC: rt711-sdca: fix locking sequence ASoC: rt711-sdw: fix locking sequence Piotr Wejman (1): net: stmmac: fix rx queue priority assignment Przemek Kitszel (1): ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() Pu Lehui (1): drivers/perf: riscv: Disable PERF_SAMPLE_BRANCH_* while not supported Raju Lakkaraju (1): net: lan743x: Add set RFE read fifo threshold for PCI1x1x chips Ritvik Budhiraja (1): smb3: retrying on failed server close Ryosuke Yasuoka (1): nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Sabrina Dubroca (3): tls: recv: process_rx_list shouldn't use an offset with kvec tls: adjust recv return with async crypto and failed copy to userspace tls: get psock ref after taking rxlock to avoid leak Samuel Holland (1): riscv: Fix spurious errors from __get/put_kernel_nofault Sandipan Das (2): x86/cpufeatures: Add new word for scattered features perf/x86/amd/lbr: Use freeze based on availability Sean Christopherson (3): x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word KVM: SVM: WARN, but continue, if misc_cg_set_capacity() fails KVM: SVM: Use unsigned integers when dealing with ASIDs Stefan O'Rear (1): riscv: process: Fix kernel gp leakage Stephen Lee (1): ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Su Hui (1): octeontx2-pf: check negative error code in otx2_open() Sumanth Korikkar (1): s390/entry: align system call table on 8 bytes Wei Fang (1): net: fec: Set mac_managed_pm during probe Yonglong Liu (1): net: hns3: fix kernel crash when devlink reload during pf initialization Ziyang Xuan (1): netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() min15.li (1): nvme: fix miss command type check

1 year, 2 months

1
1
0 0

Linux 5.15.154

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.154 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-devices-system-cpu | 1 Documentation/admin-guide/filesystem-monitoring.rst | 74 Documentation/admin-guide/hw-vuln/index.rst | 1 Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst | 104 Documentation/admin-guide/hw-vuln/spectre.rst | 66 Documentation/admin-guide/index.rst | 1 Documentation/admin-guide/kernel-parameters.txt | 39 Documentation/core-api/dma-api.rst | 14 Documentation/filesystems/locking.rst | 10 Documentation/filesystems/nfs/exporting.rst | 33 Documentation/x86/mds.rst | 38 MAINTAINERS | 7 Makefile | 6 arch/Kconfig | 24 arch/arm/boot/dts/mmp2-brownstone.dts | 2 arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 2 arch/arm64/include/asm/kvm_pgtable.h | 18 arch/arm64/include/asm/stage2_pgtable.h | 20 arch/arm64/kvm/mmu.c | 9 arch/hexagon/kernel/vmlinux.lds.S | 1 arch/ia64/Kconfig | 1 arch/ia64/Makefile | 2 arch/openrisc/kernel/dma.c | 16 arch/parisc/include/asm/assembly.h | 18 arch/parisc/include/asm/checksum.h | 10 arch/powerpc/include/asm/reg_fsl_emb.h | 11 arch/powerpc/lib/Makefile | 2 arch/riscv/include/asm/uaccess.h | 4 arch/riscv/kernel/process.c | 3 arch/s390/kernel/entry.S | 1 arch/sparc/kernel/nmi.c | 2 arch/sparc/vdso/vma.c | 7 arch/x86/Kconfig | 38 arch/x86/boot/compressed/head_64.S | 8 arch/x86/entry/common.c | 6 arch/x86/entry/entry.S | 23 arch/x86/entry/entry_32.S | 3 arch/x86/entry/entry_64.S | 72 arch/x86/entry/entry_64_compat.S | 4 arch/x86/entry/syscall_32.c | 21 arch/x86/entry/syscall_64.c | 19 arch/x86/entry/syscall_x32.c | 10 arch/x86/include/asm/asm-prototypes.h | 1 arch/x86/include/asm/asm.h | 5 arch/x86/include/asm/cpufeature.h | 8 arch/x86/include/asm/cpufeatures.h | 18 arch/x86/include/asm/disabled-features.h | 3 arch/x86/include/asm/entry-common.h | 1 arch/x86/include/asm/linkage.h | 12 arch/x86/include/asm/msr-index.h | 19 arch/x86/include/asm/nospec-branch.h | 64 arch/x86/include/asm/required-features.h | 3 arch/x86/include/asm/suspend_32.h | 10 arch/x86/include/asm/syscall.h | 10 arch/x86/include/asm/text-patching.h | 31 arch/x86/kernel/alternative.c | 56 arch/x86/kernel/cpu/amd.c | 10 arch/x86/kernel/cpu/bugs.c | 360 ++- arch/x86/kernel/cpu/common.c | 77 arch/x86/kernel/cpu/mce/core.c | 4 arch/x86/kernel/cpu/scattered.c | 1 arch/x86/kernel/kprobes/core.c | 38 arch/x86/kernel/nmi.c | 3 arch/x86/kernel/static_call.c | 50 arch/x86/kvm/cpuid.c | 29 arch/x86/kvm/reverse_cpuid.h | 47 arch/x86/kvm/svm/sev.c | 16 arch/x86/kvm/vmx/run_flags.h | 7 arch/x86/kvm/vmx/vmenter.S | 11 arch/x86/kvm/vmx/vmx.c | 12 arch/x86/kvm/x86.c | 17 arch/x86/lib/retpoline.S | 5 arch/x86/mm/ident_map.c | 23 block/blk-settings.c | 4 crypto/algboss.c | 4 drivers/accessibility/speakup/synth.c | 4 drivers/acpi/acpica/dbnames.c | 8 drivers/acpi/cppc_acpi.c | 27 drivers/ata/ahci.c | 5 drivers/ata/sata_mv.c | 63 drivers/ata/sata_sx4.c | 6 drivers/base/core.c | 26 drivers/base/cpu.c | 8 drivers/base/power/wakeirq.c | 4 drivers/clk/qcom/gcc-ipq6018.c | 2 drivers/clk/qcom/gcc-ipq8074.c | 2 drivers/clk/qcom/gcc-sdm845.c | 1 drivers/clk/qcom/mmcc-apq8084.c | 2 drivers/clk/qcom/mmcc-msm8974.c | 2 drivers/clocksource/arm_global_timer.c | 2 drivers/cpufreq/brcmstb-avs-cpufreq.c | 5 drivers/cpufreq/cpufreq-dt.c | 2 drivers/crypto/qat/qat_common/adf_aer.c | 23 drivers/firmware/efi/vars.c | 17 drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 8 drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c | 12 drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 drivers/gpu/drm/drm_panel.c | 17 drivers/gpu/drm/etnaviv/etnaviv_drv.c | 2 drivers/gpu/drm/etnaviv/etnaviv_hwdb.c | 9 drivers/gpu/drm/exynos/exynos_drm_vidi.c | 4 drivers/gpu/drm/exynos/exynos_hdmi.c | 4 drivers/gpu/drm/i915/gem/i915_gem_userptr.c | 3 drivers/gpu/drm/i915/gt/intel_engine_pm.c | 3 drivers/gpu/drm/i915/gt/intel_execlists_submission.c | 3 drivers/gpu/drm/imx/parallel-display.c | 4 drivers/gpu/drm/vc4/vc4_hdmi.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 14 drivers/hid/uhid.c | 20 drivers/hwmon/amc6821.c | 11 drivers/i2c/busses/i2c-i801.c | 4 drivers/infiniband/core/cm_trace.h | 2 drivers/infiniband/core/cma_trace.h | 2 drivers/iommu/dma-iommu.c | 15 drivers/iommu/iova.c | 5 drivers/md/dm-integrity.c | 2 drivers/md/dm-raid.c | 2 drivers/md/dm-snap.c | 4 drivers/media/tuners/xc4000.c | 4 drivers/misc/mei/hw-me-regs.h | 2 drivers/misc/mei/pci-me.c | 2 drivers/mmc/core/block.c | 14 drivers/mmc/host/tmio_mmc_core.c | 2 drivers/mtd/nand/raw/meson_nand.c | 2 drivers/mtd/ubi/fastmap.c | 7 drivers/mtd/ubi/vtbl.c | 6 drivers/net/ethernet/freescale/fec_main.c | 11 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_trace.h | 8 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_trace.h | 8 drivers/net/ethernet/intel/i40e/i40e.h | 6 drivers/net/ethernet/intel/i40e/i40e_main.c | 14 drivers/net/ethernet/intel/i40e/i40e_ptp.c | 6 drivers/net/ethernet/intel/i40e/i40e_register.h | 3 drivers/net/ethernet/intel/i40e/i40e_txrx.c | 82 drivers/net/ethernet/intel/i40e/i40e_txrx.h | 5 drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 34 drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 16 drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 drivers/net/ethernet/marvell/octeontx2/af/rvu_npc.c | 2 drivers/net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 2 drivers/net/ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c | 31 drivers/net/ethernet/realtek/r8169_main.c | 11 drivers/net/ethernet/renesas/ravb_main.c | 8 drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 38 drivers/net/ethernet/xilinx/ll_temac_main.c | 2 drivers/net/usb/asix.h | 3 drivers/net/usb/asix_devices.c | 20 drivers/net/wireguard/netlink.c | 10 drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 4 drivers/net/wireless/intel/iwlwifi/mvm/rfi.c | 12 drivers/net/xen-netfront.c | 1 drivers/nvme/host/core.c | 6 drivers/nvmem/meson-efuse.c | 25 drivers/of/dynamic.c | 12 drivers/pci/controller/dwc/pcie-designware-ep.c | 7 drivers/pci/pci-driver.c | 23 drivers/pci/pcie/dpc.c | 15 drivers/pci/pcie/err.c | 20 drivers/pci/quirks.c | 100 drivers/pci/setup-res.c | 8 drivers/phy/tegra/xusb.c | 13 drivers/s390/crypto/zcrypt_api.c | 2 drivers/s390/net/qeth_core_main.c | 38 drivers/scsi/hosts.c | 7 drivers/scsi/lpfc/lpfc_nvmet.c | 2 drivers/scsi/myrb.c | 20 drivers/scsi/myrs.c | 24 drivers/scsi/qla2xxx/qla_attr.c | 14 drivers/scsi/qla2xxx/qla_def.h | 2 drivers/scsi/qla2xxx/qla_gbl.h | 2 drivers/scsi/qla2xxx/qla_gs.c | 2 drivers/scsi/qla2xxx/qla_init.c | 128 - drivers/scsi/qla2xxx/qla_iocb.c | 68 drivers/scsi/qla2xxx/qla_mbx.c | 2 drivers/scsi/qla2xxx/qla_os.c | 2 drivers/scsi/qla2xxx/qla_target.c | 10 drivers/slimbus/core.c | 4 drivers/soc/fsl/qbman/qman.c | 98 drivers/staging/media/ipu3/ipu3-v4l2.c | 16 drivers/staging/vc04_services/vchiq-mmal/mmal-vchiq.c | 5 drivers/tee/optee/device.c | 3 drivers/thermal/devfreq_cooling.c | 2 drivers/tty/serial/8250/8250_port.c | 6 drivers/tty/serial/fsl_lpuart.c | 7 drivers/tty/serial/imx.c | 22 drivers/tty/serial/sc16is7xx.c | 15 drivers/tty/serial/serial_core.c | 12 drivers/tty/vt/vt.c | 2 drivers/usb/class/cdc-wdm.c | 6 drivers/usb/core/hub.c | 23 drivers/usb/core/hub.h | 2 drivers/usb/core/port.c | 5 drivers/usb/core/sysfs.c | 16 drivers/usb/dwc2/core.h | 14 drivers/usb/dwc2/core_intr.c | 72 drivers/usb/dwc2/gadget.c | 10 drivers/usb/dwc2/hcd.c | 49 drivers/usb/dwc2/hcd_ddma.c | 17 drivers/usb/dwc2/hw.h | 2 drivers/usb/dwc2/platform.c | 2 drivers/usb/gadget/function/f_ncm.c | 2 drivers/usb/gadget/udc/core.c | 4 drivers/usb/gadget/udc/tegra-xudc.c | 39 drivers/usb/host/xhci.c | 2 drivers/usb/phy/phy-generic.c | 7 drivers/usb/serial/cp210x.c | 4 drivers/usb/serial/ftdi_sio.c | 2 drivers/usb/serial/ftdi_sio_ids.h | 6 drivers/usb/serial/option.c | 6 drivers/usb/storage/isd200.c | 23 drivers/usb/storage/scsiglue.c | 1 drivers/usb/storage/uas.c | 81 drivers/usb/storage/usb.c | 4 drivers/usb/typec/ucsi/ucsi.c | 42 drivers/usb/typec/ucsi/ucsi.h | 4 drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c | 7 drivers/vfio/pci/vfio_pci_intrs.c | 176 - drivers/vfio/platform/vfio_platform_irq.c | 106 drivers/vfio/virqfd.c | 21 drivers/xen/events/events_base.c | 5 fs/Kconfig | 2 fs/aio.c | 8 fs/btrfs/scrub.c | 12 fs/btrfs/volumes.c | 2 fs/cifs/connect.c | 2 fs/exec.c | 1 fs/exportfs/expfs.c | 8 fs/ext4/mballoc.c | 17 fs/ext4/resize.c | 3 fs/ext4/super.c | 10 fs/fat/nfs.c | 6 fs/fuse/dir.c | 4 fs/fuse/fuse_i.h | 1 fs/fuse/inode.c | 7 fs/ksmbd/smb2pdu.c | 10 fs/lockd/host.c | 2 fs/lockd/svc.c | 217 -- fs/lockd/svc4proc.c | 29 fs/lockd/svclock.c | 31 fs/lockd/svcproc.c | 30 fs/lockd/svcsubs.c | 4 fs/lockd/xdr.c | 152 - fs/lockd/xdr4.c | 153 - fs/locks.c | 85 fs/nfs/callback.c | 96 fs/nfs/callback_xdr.c | 5 fs/nfs/direct.c | 11 fs/nfs/export.c | 9 fs/nfs/nfs4state.c | 2 fs/nfs/nfs4trace.h | 477 ---- fs/nfs/nfstrace.h | 269 -- fs/nfs/pnfs.h | 4 fs/nfs/write.c | 2 fs/nfsd/Kconfig | 27 fs/nfsd/Makefile | 8 fs/nfsd/acl.h | 6 fs/nfsd/blocklayout.c | 1 fs/nfsd/blocklayoutxdr.c | 1 fs/nfsd/cache.h | 2 fs/nfsd/export.h | 1 fs/nfsd/filecache.c | 1168 ++++++----- fs/nfsd/filecache.h | 19 fs/nfsd/flexfilelayout.c | 3 fs/nfsd/lockd.c | 2 fs/nfsd/netns.h | 34 fs/nfsd/nfs2acl.c | 55 fs/nfsd/nfs3acl.c | 85 fs/nfsd/nfs3proc.c | 212 + fs/nfsd/nfs3xdr.c | 444 +--- fs/nfsd/nfs4acl.c | 46 fs/nfsd/nfs4callback.c | 125 - fs/nfsd/nfs4idmap.c | 9 fs/nfsd/nfs4layouts.c | 4 fs/nfsd/nfs4proc.c | 986 +++++---- fs/nfsd/nfs4recover.c | 12 fs/nfsd/nfs4state.c | 1041 +++++++-- fs/nfsd/nfs4xdr.c | 1115 +++++----- fs/nfsd/nfscache.c | 63 fs/nfsd/nfsctl.c | 146 - fs/nfsd/nfsd.h | 35 fs/nfsd/nfsfh.c | 270 +- fs/nfsd/nfsfh.h | 145 - fs/nfsd/nfsproc.c | 121 - fs/nfsd/nfssvc.c | 263 +- fs/nfsd/nfsxdr.c | 178 - fs/nfsd/state.h | 59 fs/nfsd/stats.c | 16 fs/nfsd/stats.h | 4 fs/nfsd/trace.h | 692 +++++- fs/nfsd/vfs.c | 820 +++---- fs/nfsd/vfs.h | 56 fs/nfsd/xdr.h | 35 fs/nfsd/xdr3.h | 61 fs/nfsd/xdr4.h | 81 fs/nfsd/xdr4cb.h | 6 fs/nilfs2/btree.c | 9 fs/nilfs2/direct.c | 9 fs/nilfs2/inode.c | 2 fs/notify/dnotify/dnotify.c | 15 fs/notify/fanotify/fanotify.c | 361 ++- fs/notify/fanotify/fanotify.h | 212 + fs/notify/fanotify/fanotify_user.c | 441 +++- fs/notify/fdinfo.c | 16 fs/notify/fsnotify.c | 177 - fs/notify/fsnotify.h | 4 fs/notify/group.c | 36 fs/notify/inotify/inotify.h | 11 fs/notify/inotify/inotify_fsnotify.c | 7 fs/notify/inotify/inotify_user.c | 53 fs/notify/mark.c | 137 - fs/notify/notification.c | 14 fs/open.c | 42 fs/pipe.c | 17 fs/ubifs/file.c | 13 fs/vboxsf/super.c | 3 include/asm-generic/vmlinux.lds.h | 4 include/linux/cpu.h | 2 include/linux/device.h | 1 include/linux/dma-map-ops.h | 1 include/linux/dma-mapping.h | 5 include/linux/dnotify.h | 2 include/linux/exportfs.h | 17 include/linux/fanotify.h | 31 include/linux/fs.h | 26 include/linux/fsnotify.h | 70 include/linux/fsnotify_backend.h | 356 ++- include/linux/gfp.h | 9 include/linux/hyperv.h | 22 include/linux/iova.h | 2 include/linux/kthread.h | 1 include/linux/linkage.h | 4 include/linux/lockd/lockd.h | 10 include/linux/lockd/xdr.h | 27 include/linux/lockd/xdr4.h | 29 include/linux/minmax.h | 17 include/linux/module.h | 6 include/linux/nfs.h | 8 include/linux/nfs4.h | 17 include/linux/nfs_fs.h | 1 include/linux/nfs_ssc.h | 4 include/linux/pci.h | 1 include/linux/phy/tegra/xusb.h | 1 include/linux/ring_buffer.h | 1 include/linux/secretmem.h | 4 include/linux/sunrpc/svc.h | 93 include/linux/sunrpc/svc_xprt.h | 11 include/linux/sunrpc/svcsock.h | 7 include/linux/sunrpc/xdr.h | 2 include/linux/timer.h | 18 include/linux/udp.h | 28 include/linux/vfio.h | 2 include/net/cfg802154.h | 1 include/net/inet_connection_sock.h | 1 include/net/sock.h | 7 include/soc/fsl/qman.h | 9 include/trace/events/rdma.h | 168 - include/trace/events/rpcgss.h | 18 include/trace/events/rpcrdma.h | 44 include/trace/events/sunrpc.h | 74 include/trace/misc/fs.h | 122 + include/trace/misc/nfs.h | 387 +++ include/trace/misc/rdma.h | 168 + include/trace/misc/sunrpc.h | 18 include/uapi/linux/fanotify.h | 29 include/uapi/linux/nfsd/nfsfh.h | 115 - init/initramfs.c | 2 io_uring/io_uring.c | 2 kernel/audit_fsnotify.c | 8 kernel/audit_tree.c | 2 kernel/audit_watch.c | 5 kernel/bounds.c | 2 kernel/bpf/verifier.c | 5 kernel/dma/mapping.c | 12 kernel/dma/swiotlb.c | 11 kernel/entry/common.c | 8 kernel/events/core.c | 9 kernel/kthread.c | 23 kernel/locking/rwsem.c | 14 kernel/module.c | 8 kernel/power/suspend.c | 1 kernel/printk/printk.c | 63 kernel/time/timer.c | 164 - kernel/trace/ring_buffer.c | 233 +- kernel/trace/trace.c | 21 lib/Kconfig.debug | 1 lib/pci_iomap.c | 2 lib/test_kasan.c | 21 mm/compaction.c | 7 mm/memtest.c | 4 mm/migrate.c | 6 mm/page_alloc.c | 10 mm/swapfile.c | 25 mm/vmscan.c | 5 net/bluetooth/bnep/core.c | 2 net/bluetooth/cmtp/core.c | 2 net/bluetooth/hci_debugfs.c | 48 net/bluetooth/hci_event.c | 25 net/bluetooth/hidp/core.c | 2 net/bridge/netfilter/ebtables.c | 6 net/core/skbuff.c | 6 net/core/sock_map.c | 6 net/ipv4/inet_connection_sock.c | 14 net/ipv4/ip_gre.c | 5 net/ipv4/netfilter/arp_tables.c | 4 net/ipv4/netfilter/ip_tables.c | 4 net/ipv4/tcp.c | 2 net/ipv4/udp.c | 7 net/ipv4/udp_offload.c | 20 net/ipv6/ip6_fib.c | 14 net/ipv6/ip6_gre.c | 3 net/ipv6/netfilter/ip6_tables.c | 4 net/ipv6/udp.c | 2 net/ipv6/udp_offload.c | 8 net/mac80211/cfg.c | 5 net/mac802154/llsec.c | 18 net/mptcp/protocol.c | 3 net/mptcp/subflow.c | 3 net/netfilter/nf_tables_api.c | 20 net/nfc/nci/core.c | 5 net/rds/rdma.c | 2 net/sched/act_skbmod.c | 10 net/sunrpc/svc.c | 227 -- net/sunrpc/svc_xprt.c | 68 net/sunrpc/svcsock.c | 24 net/sunrpc/xdr.c | 22 net/sunrpc/xprtrdma/svc_rdma_backchannel.c | 2 net/xfrm/xfrm_user.c | 3 scripts/Makefile.extrawarn | 2 security/landlock/syscalls.c | 18 security/smack/smack_lsm.c | 12 sound/pci/hda/patch_realtek.c | 9 sound/sh/aica.c | 17 sound/soc/codecs/rt5682-sdw.c | 4 sound/soc/codecs/rt711-sdca-sdw.c | 4 sound/soc/codecs/rt711-sdw.c | 4 sound/soc/soc-ops.c | 2 tools/objtool/check.c | 3 tools/testing/selftests/mqueue/setting | 1 tools/testing/selftests/net/mptcp/diag.sh | 6 tools/testing/selftests/net/mptcp/mptcp_connect.sh | 7 tools/testing/selftests/net/reuseaddr_conflict.c | 2 tools/testing/selftests/net/udpgro_fwd.sh | 10 virt/kvm/async_pf.c | 31 446 files changed, 12088 insertions(+), 7026 deletions(-) Al Viro (2): nfsd_splice_actor(): handle compound pages fs/notify: constify path Alan Stern (3): USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command USB: core: Add hub_get() and hub_put() routines USB: core: Fix deadlock in usb_deauthorize_interface() Aleksandr Loktionov (2): i40e: fix i40e_count_filters() to count only active/new filters i40e: fix vf may be used uninitialized in this function warning Alex Williamson (7): vfio/platform: Disable virqfds on cleanup vfio/pci: Disable auto-enable of exclusive INTx IRQ vfio/pci: Lock external INTx masking ops vfio: Introduce interface to flush virqfd inject workqueue vfio/pci: Create persistent INTx handler vfio/platform: Create persistent IRQ handlers vfio/fsl-mc: Block calling interrupt handler without trigger Alexander Aring (1): lockd: introduce safe async lock op Alexander Stein (1): Revert "usb: phy: generic: Get the vbus supply" Alexander Usyskin (2): mei: me: add arrow lake point S DID mei: me: add arrow lake point H DID Alexandra Winter (1): s390/qeth: handle deferred cc1 Amir Goldstein (37): fsnotify: pass data_type to fsnotify_name() fsnotify: pass dentry instead of inode data fsnotify: clarify contract for create event hooks fsnotify: clarify object type argument fsnotify: separate mark iterator type from object type enum fanotify: introduce group flag FAN_REPORT_TARGET_FID fsnotify: generate FS_RENAME event with rich information fanotify: use macros to get the offset to fanotify_info buffer fanotify: use helpers to parcel fanotify_info buffer fanotify: support secondary dir fh and name in fanotify_info fanotify: record old and new parent and name in FAN_RENAME event fanotify: record either old name new name or both for FAN_RENAME fanotify: report old and/or new parent+name in FAN_RENAME event fanotify: wire up FAN_RENAME event fsnotify: invalidate dcache before IN_DELETE event fsnotify: fix merge with parent's ignored mask fsnotify: optimize FS_MODIFY events with no ignored masks fanotify: do not allow setting dirent events in mask of non-dir inotify: move control flags from mask to mark flags fsnotify: pass flags argument to fsnotify_alloc_group() fsnotify: make allow_dups a property of the group fsnotify: create helpers for group mark_mutex lock inotify: use fsnotify group lock helpers nfsd: use fsnotify group lock helpers dnotify: use fsnotify group lock helpers fsnotify: allow adding an inode mark without pinning inode fanotify: create helper fanotify_mark_user_flags() fanotify: factor out helper fanotify_mark_update_flags() fanotify: implement "evictable" inode marks fanotify: use fsnotify group lock helpers fanotify: enable "evictable" inode marks fsnotify: introduce mark type iterator fsnotify: consistent behavior for parent not watching children fanotify: refine the validation checks on non-dir inode mask fanotify: prepare for setting event flags in ignore mask fanotify: cleanups for fanotify_mark() input validations fanotify: introduce FAN_MARK_IGNORE Amit Pundir (1): clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd Andrei Matei (1): bpf: Protect against int overflow for stack access size Andrey Jr. Melnikov (1): ahci: asm1064: correct count of reported ports André Rösti (1): entry: Respect changes to system call number by trace_sys_enter() Anna Schumaker (1): NFSD: Simplify READ_PLUS Antoine Tenart (5): selftests: net: gro fwd: update vxlan GRO test expectations udp: do not accept non-tunnel GSO skbs landing in a tunnel udp: do not transition UDP GRO fraglist partial checksums to unnecessary udp: prevent local UDP tunnel packets from being GROed gro: fix ownership transfer Anton Altaparmakov (1): x86/pm: Work around false positive kmemleak report in msr_build_context() Arnd Bergmann (6): kasan/test: avoid gcc warning for intentional overflow staging: vc04_services: changen strncpy() to strscpy_pad() dm integrity: fix out-of-range warning ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit scsi: mylex: Fix sysfs buffer lengths ata: sata_mv: Fix PCI device ID table declaration compilation warning Arseniy Krasnov (1): mtd: rawnand: meson: fix scrambling mode value in command macro Aurélien Jacobs (1): USB: serial: option: add MeiG Smart SLM320 product Bang Li (1): fsnotify: remove redundant parameter judgment Baokun Li (1): ext4: correct best extent lstart adjustment logic Bart Van Assche (3): fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion scsi: usb: Call scsi_done() directly scsi: usb: Stop using the SCSI pointer Bastien Nocera (1): Bluetooth: Fix TOCTOU in HCI debugfs implementation Benjamin Coddington (1): NLM: Defend against file_lock changes after vfs_test_lock() Bikash Hazarika (2): scsi: qla2xxx: Update manufacturer details scsi: qla2xxx: Update manufacturer detail Bixuan Cui (1): iwlwifi: mvm: rfi: use kmemdup() to replace kzalloc + memcpy Bjorn Helgaas (1): PCI: Work around Intel I210 ROM BAR overlap defect Borislav Petkov (1): x86/bugs: Use sysfs_emit() Borislav Petkov (AMD) (4): x86/CPU/AMD: Update the Zenbleed microcode revisions x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() x86/bugs: Fix the SRSO mitigation on Zen3/4 x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO Cameron Williams (1): USB: serial: add device ID for VeriFone adapter Changcheng Deng (1): NFSD:fix boolreturn.cocci warning ChenXiaoSong (5): nfsd: use DEFINE_PROC_SHOW_ATTRIBUTE to define nfsd_proc_ops nfsd: use DEFINE_SHOW_ATTRIBUTE to define export_features_fops and supported_enctypes_fops nfsd: use DEFINE_SHOW_ATTRIBUTE to define client_info_fops nfsd: use DEFINE_SHOW_ATTRIBUTE to define nfsd_reply_cache_stats_fops nfsd: use DEFINE_SHOW_ATTRIBUTE to define nfsd_file_cache_stats_fops Chris Wilson (1): drm/i915/gt: Reset queue_priority_hint on parking Christian A. Ehrhardt (2): usb: typec: ucsi: Ack unsupported commands usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset Christian Gmeiner (1): drm/etnaviv: Restore some id values Christian Häggström (1): USB: serial: cp210x: add ID for MGP Instruments PDS100 Christophe JAILLET (4): slimbus: core: Remove usage of the deprecated ida_simple_xx() API nfsd: Avoid some useless tests nfsd: Propagate some error code returned by memdup_user() vboxsf: Avoid an spurious warning if load_nls_xxx() fails Chuck Lever (155): NFS: Remove unnecessary TRACE_DEFINE_ENUM()s SUNRPC: Tracepoints should display tk_pid and cl_clid as a fixed-size field NFS: Move generic FS show macros to global header NFS: Move NFS protocol display macros to global header NFSD: Optimize DRC bucket pruning SUNRPC: Replace the "__be32 *p" parameter to .pc_decode SUNRPC: Change return value type of .pc_decode NFSD: Save location of NFSv4 COMPOUND status SUNRPC: Replace the "__be32 *p" parameter to .pc_encode SUNRPC: Change return value type of .pc_encode NFSD: Remove be32_to_cpu() from DRC hash function NFSD: Combine XDR error tracepoints NFSD: De-duplicate nfsd4_decode_bitmap4() NFSD: Clean up nfsd_vfs_write() NFSD: De-duplicate net_generic(SVC_NET(rqstp), nfsd_net_id) NFSD: Write verifier might go backwards NFSD: Clean up the nfsd_net::nfssvc_boot field NFSD: Rename boot verifier functions NFSD: Trace boot verifier resets NFSD: Move fill_pre_wcc() and fill_post_wcc() NFSD: Deprecate NFS_OFFSET_MAX orDate: Thu Sep 30 19:19:57 2021 -0400 NFSD: Skip extra computation for RC_NOCACHE case NFSD: Streamline the rare "found" case NFSD: Remove NFSD_PROC_ARGS_* macros SUNRPC: Remove the .svo_enqueue_xprt method SUNRPC: Merge svc_do_enqueue_xprt() into svc_enqueue_xprt() SUNRPC: Remove svo_shutdown method SUNRPC: Rename svc_create_xprt() SUNRPC: Rename svc_close_xprt() SUNRPC: Remove svc_shutdown_net() NFSD: Remove svc_serv_ops::svo_module NFSD: Move svc_serv_ops::svo_function into struct svc_serv NFSD: Remove CONFIG_NFSD_V3 NFSD: Clean up _lm_ operation names NFSD: Clean up nfsd_splice_actor() NFSD: Clean up nfsd3_proc_create() NFSD: Avoid calling fh_drop_write() twice in do_nfsd_create() NFSD: Refactor nfsd_create_setattr() NFSD: Refactor NFSv3 CREATE NFSD: Refactor NFSv4 OPEN(CREATE) NFSD: Remove do_nfsd_create() NFSD: Clean up nfsd_open_verified() NFSD: Instantiate a struct file when creating a regular NFSv4 file NFSD: Remove dprintk call sites from tail of nfsd4_open() NFSD: Fix whitespace NFSD: Move documenting comment for nfsd4_process_open2() NFSD: Trace filecache opens SUNRPC: Use RMW bitops in single-threaded hot paths NFSD: Modernize nfsd4_release_lockowner() NFSD: Add documenting comment for nfsd4_release_lockowner() NFSD: nfsd_file_put() can sleep NFSD: Fix potential use-after-free in nfsd_file_put() NFSD: Decode NFSv4 birth time attribute NFSD: Instrument fh_verify() NFSD: Demote a WARN to a pr_warn() NFSD: Report filecache LRU size NFSD: Report count of calls to nfsd_file_acquire() NFSD: Report count of freed filecache items NFSD: Report average age of filecache items NFSD: Add nfsd_file_lru_dispose_list() helper NFSD: Refactor nfsd_file_gc() NFSD: Refactor nfsd_file_lru_scan() NFSD: Report the number of items evicted by the LRU walk NFSD: Record number of flush calls NFSD: Zero counters when the filecache is re-initialized NFSD: Hook up the filecache stat file NFSD: WARN when freeing an item still linked via nf_lru NFSD: Trace filecache LRU activity NFSD: Leave open files out of the filecache LRU NFSD: Fix the filecache LRU shrinker NFSD: Never call nfsd_file_gc() in foreground paths NFSD: No longer record nf_hashval in the trace log NFSD: Remove lockdep assertion from unhash_and_release_locked() NFSD: nfsd_file_unhash can compute hashval from nf->nf_inode NFSD: Refactor __nfsd_file_close_inode() NFSD: nfsd_file_hash_remove can compute hashval NFSD: Remove nfsd_file::nf_hashval NFSD: Replace the "init once" mechanism NFSD: Set up an rhashtable for the filecache NFSD: Convert the filecache to use rhashtable NFSD: Clean up unused code after rhashtable conversion NFSD: Separate tracepoints for acquire and create NFSD: Move nfsd_file_trace_alloc() tracepoint NFSD: NFSv4 CLOSE should release an nfsd_file immediately NFSD: Ensure nf_inode is never dereferenced NFSD: Optimize nfsd4_encode_operation() NFSD: Optimize nfsd4_encode_fattr() NFSD: Clean up SPLICE_OK in nfsd4_encode_read() NFSD: Add an nfsd4_read::rd_eof field NFSD: Optimize nfsd4_encode_readv() NFSD: Simplify starting_len NFSD: Use xdr_pad_size() NFSD: Clean up nfsd4_encode_readlink() NFSD: Fix strncpy() fortify warning NFSD: nfserrno(-ENOMEM) is nfserr_jukebox NFSD: Shrink size of struct nfsd4_copy_notify NFSD: Shrink size of struct nfsd4_copy NFSD: Reorder the fields in struct nfsd4_op NFSD: Make nfs4_put_copy() static NFSD: Replace boolean fields in struct nfsd4_copy NFSD: Refactor nfsd4_cleanup_inter_ssc() (1/2) NFSD: Refactor nfsd4_cleanup_inter_ssc() (2/2) NFSD: Refactor nfsd4_do_copy() NFSD: Remove kmalloc from nfsd4_do_async_copy() NFSD: Add nfsd4_send_cb_offload() NFSD: Move copy offload callback arguments into a separate structure NFSD: Increase NFSD_MAX_OPS_PER_COMPOUND NFSD: Replace dprintk() call site in fh_verify() NFSD: Trace NFSv4 COMPOUND tags NFSD: Add tracepoints to report NFSv4 callback completions NFSD: Add a mechanism to wait for a DELEGRETURN NFSD: Refactor nfsd_setattr() NFSD: Make nfsd4_setattr() wait before returning NFS4ERR_DELAY NFSD: Make nfsd4_rename() wait before returning NFS4ERR_DELAY NFSD: Make nfsd4_remove() wait before returning NFS4ERR_DELAY SUNRPC: Parametrize how much of argsize should be zeroed NFSD: Reduce amount of struct nfsd4_compoundargs that needs clearing NFSD: Refactor common code out of dirlist helpers NFSD: Use xdr_inline_decode() to decode NFSv3 symlinks NFSD: Clean up WRITE arg decoders NFSD: Clean up nfs4svc_encode_compoundres() NFSD: Remove "inline" directives on op_rsize_bop helpers NFSD: Remove unused nfsd4_compoundargs::cachetype field NFSD: Pack struct nfsd4_compoundres NFSD: Rename the fields in copy_stateid_t NFSD: Cap rsize_bop result based on send buffer size NFSD: Fix trace_nfsd_fh_verify_err() crasher NFSD: Fix reads with a non-zero offset that don't end on a page boundary NFSD: Finish converting the NFSv3 GETACL result encoder NFSD: Pass the target nfsd_file to nfsd_commit() NFSD: Revert "NFSD: NFSv4 CLOSE should release an nfsd_file immediately" NFSD: Add an NFSD_FILE_GC flag to enable nfsd_file garbage collection NFSD: Flesh out a documenting comment for filecache.c NFSD: Clean up nfs4_preprocess_stateid_op() call sites NFSD: Trace stateids returned via DELEGRETURN NFSD: Trace delegation revocations NFSD: Use const pointers as parameters to fh_ helpers NFSD: Update file_hashtbl() helpers NFSD: Clean up nfsd4_init_file() NFSD: Add a nfsd4_file_hash_remove() helper NFSD: Clean up find_or_add_file() NFSD: Refactor find_file() NFSD: Use rhashtable for managing nfs4_file objects NFSD: Fix licensing header in filecache.c NFSD: Add an nfsd_file_fsync tracepoint trace: Relocate event helper files NFSD: Use only RQ_DROPME to signal the need to drop a reply Revert "SUNRPC: Use RMW bitops in single-threaded hot paths" NFSD: Use set_bit(RQ_DROPME) NFSD: copy the whole verifier in nfsd_copy_write_verifier NFSD: Protect against filesystem freezing NFSD: Convert filecache to rhltable NFSD: Add an nfsd4_encode_nfstime4() helper Documentation: Add missing documentation for EXPORT_OP flags Claus Hansen Ries (1): net: ll_temac: platform_get_resource replaced by wrong function Colin Ian King (3): NFSD: Initialize pointer ni with NULL and not plain integer 0 nfsd: remove redundant assignment to variable len NFSD: Remove redundant assignment to variable host_err Conrad Kostecki (1): ahci: asm1064: asm1166: don't limit reported ports Dai Ngo (23): fs/lock: documentation cleanup. Replace inode->i_lock with flc_lock. NFSD: add courteous server support for thread with only delegation NFSD: add support for share reservation conflict to courteous server NFSD: move create/destroy of laundry_wq to init_nfsd and exit_nfsd fs/lock: add helper locks_owner_has_blockers to check for blockers fs/lock: add 2 callbacks to lock_manager_operations to resolve conflict NFSD: add support for lock conflict to courteous server NFSD: Show state of courtesy client in client info NFSD: refactoring v4 specific code to a helper in nfs4state.c NFSD: keep track of the number of v4 clients in the system NFSD: limit the number of v4 clients to 1024 per 1GB of system memory NFSD: keep track of the number of courtesy clients in the system NFSD: add shrinker to reap courtesy clients on low memory condition NFSD: refactoring courtesy_client_reaper to a generic low memory shrinker NFSD: add support for sending CB_RECALL_ANY NFSD: add delegation reaper to react to low memory condition NFSD: add CB_RECALL_ANY tracepoints NFSD: register/unregister of nfsd-client shrinker at nfsd startup/shutdown time NFSD: replace delayed_work with work_struct for nfsd_client_shrinker NFSD: enhance inter-server copy cleanup NFSD: fix leaked reference count of nfsd4_ssc_umount_item NFSD: fix problems with cleanup on errors in nfsd4_copy NFSD: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop Damian Muszynski (1): crypto: qat - resolve race condition during AER recovery Damien Le Moal (1): block: Clear zone limits for a non-zoned stacked queue Dan Carpenter (2): nfsd: fix double fget() bug in __write_ports_addfd() staging: vc04_services: fix information leak in create_component() Daniel Sneddon (2): x86/bhi: Define SPEC_CTRL_BHI_DIS_S KVM: x86: Add BHI_NO Daniel Vogelbacher (1): USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB David Disseldorp (1): exportfs: use pr_debug for unreachable debug statements David Hildenbrand (1): mm/secretmem: fix GUP-fast succeeding on secretmem folios David Laight (1): minmax: add umin(a, b) and umax(a, b) David Thompson (3): mlxbf_gige: stop PHY during open() error paths mlxbf_gige: call request_irq() after NAPI initialized mlxbf_gige: stop interface during shutdown Davide Caratti (1): mptcp: don't account accept() of non-MPC client as fallback to TCP Denis Kirjanov (1): drivers: net: convert to boolean for the mac_managed_pm flag Dominique Martinet (1): mmc: core: Fix switch on gp3 partition Duje Mihanović (1): arm: dts: marvell: Fix maxium->maxim typo in brownstone dts Duoming Zhou (1): ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs Eric Dumazet (4): tcp: properly terminate timers for kernel sockets netfilter: validate user input for expected length net/sched: act_skbmod: prevent kernel-infoleak erspan: make sure erspan_base_hdr is present in skb->head Eric W. Biederman (2): exit: Implement kthread_exit exit: Rename module_put_and_exit to module_put_and_kthread_exit Fedor Pchelkin (1): mac802154: fix llsec key resources release in mac802154_llsec_key_del Felix Fietkau (1): wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes Filipe Manana (1): btrfs: fix off-by-one chunk length calculation at contains_pending_extent() Gabor Juhos (4): clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays Gabriel Krisman Bertazi (27): fsnotify: Don't insert unmergeable events in hashtable fanotify: Fold event size calculation to its own function fanotify: Split fsid check from other fid mode checks inotify: Don't force FS_IN_IGNORED fsnotify: Add helper to detect overflow_event fsnotify: Add wrapper around fsnotify_add_event fsnotify: Retrieve super block from the data field fsnotify: Protect fsnotify_handle_inode_event from no-inode events fsnotify: Pass group argument to free_event fanotify: Support null inode event in fanotify_dfid_inode fanotify: Allow file handle encoding for unhashed events fanotify: Encode empty file handle when no inode is provided fanotify: Require fid_mode for any non-fd event fsnotify: Support FS_ERROR event type fanotify: Reserve UAPI bits for FAN_FS_ERROR fanotify: Pre-allocate pool of error events fanotify: Support enqueueing of error events fanotify: Support merging of error events fanotify: Wrap object_fh inline space in a creator macro fanotify: Add helpers to decide whether to report FID/DFID fanotify: WARN_ON against too large file handles fanotify: Report fid info for file related file system errors fanotify: Emit generic error info for error event fanotify: Allow users to request FAN_FS_ERROR events ext4: Send notifications on error docs: Document the FAN_FS_ERROR event ext4: fix error code saved on super block during file system abort Gaosheng Cui (3): nfsd: remove nfsd4_prepare_cb_recall() declaration fsnotify: remove unused declaration fanotify: Remove obsoleted fanotify_event_has_path() Geert Uytterhoeven (1): net: ravb: Add R-Car Gen4 support Geliang Tang (1): selftests: mptcp: diag: return KSFT_FAIL not test_cnt Gokul krishna Krishnakumar (1): locking/rwsem: Disable preemption while trying for rwsem lock Greg Kroah-Hartman (3): cpufreq: brcmstb-avs-cpufreq: fix up "add check for cpufreq_cpu_get's return value" x86: set SPECTRE_BHI_ON as default Linux 5.15.154 Guenter Roeck (4): parisc: Fix ip_fast_csum parisc: Fix csum_ipv6_magic on 32-bit systems parisc: Fix csum_ipv6_magic on 64-bit systems parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds Gui-Dong Han (1): media: xc4000: Fix atomicity violation in xc4000_get_frequency Guilherme G. Piccoli (1): scsi: core: Fix unremoved procfs host directory regression H. Peter Anvin (Intel) (1): x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix Harald Freudenberger (1): s390/zcrypt: fix reference counting on zcrypt card objects Hariprasad Kelam (2): Octeontx2-af: fix pause frame configuration in GMP mode octeontx2-af: Fix issue with loading coalesced KPU profiles Heiner Kallweit (2): i2c: i801: Avoid potential double call to gpiod_remove_lookup_table r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d Herve Codina (2): driver core: Introduce device_link_wait_removal() of: dynamic: Synchronize of_changeset_destroy() with the devlink removals Hidenori Kobayashi (1): media: staging: ipu3-imgu: Set fields before media_entity_pads_init() Huang Ying (1): swap: comments get_swap_device() with usage rule Hugo Villeneuve (1): serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO Hui Wang (1): Bluetooth: hci_event: set the conn encrypted before conn establishes I Gede Agastya Darma Laksana (1): ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Ingo Molnar (1): Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Ivan Vecera (2): i40e: Remove _t suffix from enum type names i40e: Enforce software interrupt during busy-poll exit J. Bruce Fields (4): nfsd: update create verifier comment nfsd4: remove obselete comment nfsd: improve stateid access bitmask documentation nfs: block notification on fs with its own ->lock Jakob Koschel (1): nfsd: fix using the correct variable for sizeof() Jakub Kicinski (1): selftests: reuseaddr_conflict: add missing new line at the end of the output Jakub Sitnicki (1): bpf, sockmap: Prevent lock inversion deadlock in map delete elem Jameson Thies (1): usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros Jan Kara (1): fat: fix uninitialized field in nostale filehandles Jani Nikula (4): drm/panel: do not return negative error codes from drm_panel_get_modes() drm/exynos: do not return negative values from .get_modes() drm/imx/ipuv3: do not return negative values from .get_modes() drm/vc4: hdmi: do not return negative values from .get_modes() Jann Horn (3): HID: uhid: Use READ_ONCE()/WRITE_ONCE() for ->running openrisc: Fix pagewalk usage in arch_dma_{clear, set}_uncached fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() Jarred White (1): ACPI: CPPC: Use access_width over bit_width for system memory accesses Jason A. Donenfeld (2): wireguard: netlink: check for dangling peer via is_dead instead of empty list wireguard: netlink: access device through ctx instead of peer Jeff Layton (52): nfsd: Add errno mapping for EREMOTEIO nfsd: Retry once in nfsd_open on an -EOPENSTALE return nfsd: silence extraneous printk on nfsd.ko insertion NFSD: drop fh argument from alloc_init_deleg NFSD: verify the opened dentry after setting a delegation nfsd: clean up mounted_on_fileid handling nfsd: only fill out return pointer on success in nfsd4_lookup_stateid nfsd: fix comments about spinlock handling with delegations nfsd: make nfsd4_run_cb a bool return function nfsd: extra checks when freeing delegation stateids nfsd: fix nfsd_file_unhash_and_dispose nfsd: rework hashtable handling in nfsd_do_file_acquire nfsd: ensure we always call fh_verify_error tracepoint nfsd: fix net-namespace logic in __nfsd_file_cache_purge nfsd: fix use-after-free in nfsd_file_do_acquire tracepoint nfsd: put the export reference in nfsd4_verify_deleg_dentry lockd: use locks_inode_context helper nfsd: use locks_inode_context helper nfsd: ignore requests to disable unsupported versions nfsd: move nfserrno() to vfs.c nfsd: allow disabling NFSv2 at compile time nfsd: remove the pages_flushed statistic from filecache nfsd: reorganize filecache.c filelock: add a new locks_inode_context accessor function nfsd: fix up the filecache laundrette scheduling nfsd: return error if nfs4_setacl fails lockd: set missing fl_flags field when retrieving args lockd: ensure we use the correct file descriptor when unlocking lockd: fix file selection in nlmsvc_cancel_blocked nfsd: rework refcounting in filecache nfsd: fix handling of cached open files in nfsd4_open codepath nfsd: don't free files unconditionally in __nfsd_file_cache_purge nfsd: don't destroy global nfs4_file table in per-net shutdown nfsd: allow nfsd_file_get to sanely handle a NULL pointer nfsd: clean up potential nfsd_file refcount leaks in COPY codepath nfsd: don't hand out delegation on setuid files being opened for write nfsd: fix courtesy client with deny mode handling in nfs4_upgrade_open nfsd: don't fsync nfsd_files on last close nfsd: don't replace page in rq_pages if it's a continuation of last page nfsd: call op_release, even when op_func returns an error nfsd: don't open-code clear_and_wake_up_bit nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator nfsd: don't kill nfsd_files because of lease break error nfsd: add some comments to nfsd_file_do_acquire nfsd: don't take/put an extra reference when putting a file nfsd: update comment over __nfsd_file_cache_purge nfsd: allow reaping files still under writeback nfsd: simplify the delayed disposal list code nfsd: make a copy of struct iattr before calling notify_change nfsd: drop the nfsd_put helper nfsd: hold a lighter-weight client reference over CB_RECALL_ANY Jens Axboe (1): io_uring: ensure '0' is returned on file registration success Jerome Brunet (1): nvmem: meson-efuse: fix function pointer type mismatch Jesper Dangaard Brouer (1): xen-netfront: Add missing skb_mark_for_recycle Jiapeng Chong (1): NFSD: Fix inconsistent indenting Jim Mattson (2): KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace KVM: x86: Use a switch statement and macros in __feature_translate() Jinpeng Cui (1): NFSD: remove redundant variable status Joe Damato (1): i40e: Store the irq number in i40e_q_vector Johan Hovold (1): arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken Johannes Berg (1): wifi: iwlwifi: mvm: rfi: fix potential response leaks Johannes Thumshirn (1): btrfs: zoned: use zone aware sb location for scrub John David Anglin (1): parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt macros John Garry (2): dma-mapping: add dma_opt_mapping_size() dma-iommu: add iommu_dma_opt_mapping_size() John Ogness (1): printk: Update @console_may_schedule in console_trylock_spinning() John Sperbeck (1): init: open /initrd.image with O_LARGEFILE Josef Bacik (1): nfs: fix UAF in direct writes Josh Poimboeuf (1): x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file Josua Mayer (1): hwmon: (amc6821) add of_match table Kailang Yang (1): ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform Kees Cook (1): NFSD: Avoid clashing function prototypes Kim Phillips (2): x86/cpu: Support AMD Automatic IBRS x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled Krishna Kurapati (1): usb: gadget: ncm: Fix handling of zero block length packets Kuniyuki Iwashima (1): ipv6: Fix infinite recursion in fib6_dump_done(). Leo Ma (1): drm/amd/display: Fix noise issue on HDMI AV mute Lin Yujun (1): Documentation/hw-vuln: Update spectre doc Linus Torvalds (1): x86/syscall: Don't force use of indirect calls for system calls Mahmoud Adam (1): net/rds: fix possible cp null dereference Marek Szyprowski (1): cpufreq: dt: always allocate zeroed cpumask Marios Makassikis (1): ksmbd: retrieve number of blocks using vfs_getattr in set_file_allocation_info Martin Blumenstingl (1): clocksource/drivers/arm_global_timer: Fix maximum prescaler value Mathias Nyman (1): usb: port: Don't try to peer unused USB ports based on location Matthew Wilcox (Oracle) (2): bounds: support non-power-of-two CONFIG_NR_CPUS ubifs: Set page uptodate in the correct place Maulik Shah (1): PM: suspend: Set mem_sleep_current during kernel command line setup Max Filippov (1): exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() Maximilian Heyne (2): ext4: fix corruption during on-line resize xen/events: close evtchn after mapping cleanup Michael Ellerman (1): powerpc/fsl: Fix mfpmr build errors with newer binutils Michael Kelley (1): Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory Mickaël Salaün (1): landlock: Warn once if a Landlock action is requested while disabled Mika Westerberg (3): PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited PCI/DPC: Quirk PIO log size for certain Intel Root Ports PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports Mikko Rapeli (2): mmc: core: Initialize mmc_blk_ioc_data mmc: core: Avoid negative index with array access Miklos Szeredi (2): fuse: fix root lookup with nonzero generation fuse: don't unhash root Mikulas Patocka (1): dm snapshot: fix lockup in dm_exception_table_exit Minas Harutyunyan (5): usb: dwc2: host: Fix remote wakeup from hibernation usb: dwc2: host: Fix hibernation flow usb: dwc2: host: Fix ISOC flow in DDMA mode usb: dwc2: gadget: Fix exiting from clock gating usb: dwc2: gadget: LPM flow fix Muhammad Usama Anjum (1): scsi: lpfc: Correct size for wqe for memset() Nathan Chancellor (4): kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 xfrm: Avoid clang fortify warning in copy_to_user_tmpl() powerpc: xor_vmx: Add '-mhard-float' to CFLAGS hexagon: vmlinux.lds.S: handle attributes section NeilBrown (46): NFSD: move filehandle format declarations out of "uapi". NFSD: drop support for ancient filehandles NFSD: simplify struct nfsfh NFSD: handle errors better in write_ports_addfd() SUNRPC: change svc_get() to return the svc. SUNRPC/NFSD: clean up get/put functions. SUNRPC: stop using ->sv_nrthreads as a refcount nfsd: make nfsd_stats.th_cnt atomic_t SUNRPC: use sv_lock to protect updates to sv_nrthreads. NFSD: narrow nfsd_mutex protection in nfsd thread NFSD: Make it possible to use svc_set_num_threads_sync SUNRPC: discard svo_setup and rename svc_set_num_threads_sync() NFSD: simplify locking for network notifier. lockd: introduce nlmsvc_serv lockd: simplify management of network status notifiers lockd: move lockd_start_svc() call into lockd_create_svc() lockd: move svc_exit_thread() into the thread lockd: introduce lockd_put() lockd: rename lockd_create_svc() to lockd_get() SUNRPC: move the pool_map definitions (back) into svc.c SUNRPC: always treat sv_nrpools==1 as "not pooled" lockd: use svc_set_num_threads() for thread start and stop NFS: switch the callback service back to non-pooled. NFSD: simplify per-net file cache management NFS: restore module put when manager exits. NFSD: introduce struct nfsd_attrs NFSD: set attributes when creating symlinks NFSD: add security label to struct nfsd_attrs NFSD: add posix ACLs to struct nfsd_attrs NFSD: change nfsd_create()/nfsd_symlink() to unlock directory before returning. NFSD: always drop directory lock in nfsd_unlink() NFSD: only call fh_unlock() once in nfsd_link() NFSD: reduce locking in nfsd_lookup() NFSD: use explicit lock/unlock for directory ops NFSD: use (un)lock_inode instead of fh_(un)lock for file operations NFSD: discard fh_locked flag and fh_lock/fh_unlock NFSD: fix regression with setting ACLs. NFSD: drop fname and flen args from nfsd_create_locked() lockd: drop inappropriate svc_get() from locked_get() nfsd: Simplify code around svc_exit_thread() call in nfsd() nfsd: separate nfsd_last_thread() from nfsd_put() NFSD: fix possible oops when nfsd/pool_stats is closed. nfsd: call nfsd_last_thread() before final nfsd_put() nfsd: fix RELEASE_LOCKOWNER nfsd: don't take fi_lock in nfsd_break_deleg_cb() nfsd: don't call locks_release_private() twice concurrently Nicolas Pitre (1): vt: fix unicode buffer corruption when deleting characters Nicolin Chen (1): iommu/dma: Force swiotlb_max_mapping_size on an untrusted device Nikita Kiryushin (1): ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() Niklas Cassel (1): PCI: dwc: endpoint: Fix advertised resizable BAR size Nirmoy Das (1): drm/i915: Check before removing mm notifier Oleksij Rempel (1): net: usb: asix: suspend embedded PHY if external is used Olga Kornievskaia (1): NFSD enforce filehandle check for source file in COPY Oliver Ford (1): fs: inotify: Fix typo in inotify comment Oliver Neukum (1): usb: cdc-wdm: close race between read and workqueue Oliver Upton (2): KVM: arm64: Work out supported block level at compile time KVM: arm64: Limit stage2_apply_range() batch size to largest block Ondrej Valousek (1): nfsd: Add support for the birth time attribute Pablo Neira Ayuso (5): netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout netfilter: nf_tables: disallow anonymous set with timeout flag netfilter: nf_tables: reject constant set with timeout netfilter: nf_tables: reject new basechain after table flag update netfilter: nf_tables: flush pending destroy work before exit_net release Paul Barker (1): net: ravb: Always process TX descriptor ring Paul Menzel (1): PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports Pawan Gupta (13): x86/bugs: Add asm helpers for executing VERW x86/entry_64: Add VERW just before userspace transition x86/entry_32: Add VERW just before userspace transition x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key KVM/VMX: Move VERW closer to VMentry for MDS mitigation x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set Documentation/hw-vuln: Add documentation for RFDS x86/rfds: Mitigate Register File Data Sampling (RFDS) KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests x86/bhi: Add support for clearing branch history at syscall entry x86/bhi: Enumerate Branch History Injection (BHI) bug x86/bhi: Add BHI mitigation knob x86/bhi: Mitigate KVM by default Peng Tao (1): nfsd: map EBADF Peter Collingbourne (2): kasan: test: add memcpy test that avoids out-of-bounds write serial: Lock console when calling into driver before registration Peter Zijlstra (4): arch: Introduce CONFIG_FUNCTION_ALIGNMENT x86/alternatives: Introduce int3_emulate_jcc() x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 instructions x86/static_call: Add support for Jcc tail-calls Petr Mladek (1): printk/console: Split out code that enables default console Philip Yang (1): drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag Philipp Stanner (1): pci_iounmap(): Fix MMIO mapping leak Pierre-Louis Bossart (3): ASoC: rt5682-sdw: fix locking sequence ASoC: rt711-sdca: fix locking sequence ASoC: rt711-sdw: fix locking sequence Piotr Wejman (1): net: stmmac: fix rx queue priority assignment Prashanth K (1): usb: xhci: Add error handling in xhci_map_urb_for_dma Przemek Kitszel (1): ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() Qiang Zhang (1): memtest: use {READ,WRITE}_ONCE in memory scanning Qingliang Li (1): PM: sleep: wakeirq: fix wake irq warning in system suspend Quinn Tran (6): scsi: qla2xxx: Prevent command send on chip reset scsi: qla2xxx: Fix N2N stuck connection scsi: qla2xxx: Split FCE|EFT trace control scsi: qla2xxx: NVME|FCP prefer flag not being honored scsi: qla2xxx: Fix command flush on cable pull scsi: qla2xxx: Delay I/O Abort on PCI error Rafael J. Wysocki (1): PCI/PM: Drain runtime-idle callbacks before driver removal Randy Dunlap (2): sparc64: NMI watchdog: fix return value of __setup handler sparc: vDSO: fix return value of __setup handler Richard Weinberger (1): ubi: Check for too small LEB size in VTBL code Rickard x Andersson (1): tty: serial: imx: Fix broken RS485 Roberto Sassu (2): smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() Rodrigo Siqueira (1): drm/amd/display: Return the correct HDCP error code Ryan Roberts (1): mm: swap: fix race between free_swap_and_cache() and swapoff() Ryosuke Yasuoka (1): nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Ryusuke Konishi (2): nilfs2: fix failure to detect DAT corruption in btree and direct mappings nilfs2: prevent kernel bug at submit_bh_wbc() Samuel Holland (1): riscv: Fix spurious errors from __get/put_kernel_nofault Samuel Thibault (1): speakup: Fix 8bit characters from direct synth Sandipan Das (1): x86/cpufeatures: Add new word for scattered features Saurav Kashyap (2): scsi: qla2xxx: Fix double free of fcport scsi: qla2xxx: Change debug message during driver unload Sean Anderson (4): soc: fsl: qbman: Always disable interrupts when taking cgr_lock soc: fsl: qbman: Add helper for sanity checking cgr ops soc: fsl: qbman: Add CGR update function soc: fsl: qbman: Use raw spinlock for cgr_lock Sean Christopherson (7): KVM: x86: Update KVM-only leaf handling to allow for 100% KVM-only leafs KVM: Always flush async #PF workqueue when vCPU is being destroyed KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word KVM: x86: Bail to userspace if emulation of atomic user access faults KVM: x86: Mark target gfn of emulated atomic instruction as dirty SeongJae Park (1): selftests/mqueue: Set timeout to 180 seconds Sherry Sun (1): tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled Stanislaw Gruszka (1): PCI/AER: Block runtime suspend when handling errors Stefan O'Rear (1): riscv: process: Fix kernel gp leakage Stephen Lee (1): ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Steven Rostedt (Google) (8): ring-buffer: Fix waking up ring buffer readers ring-buffer: Do not set shortest_full when full target is hit ring-buffer: Fix resetting of shortest_full ring-buffer: Fix full_waiters_pending in poll ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() NFSD: Fix nfsd_clid_class use of __string_len() macro net: hns3: tracing: fix hclgevf trace event strings tracing: Use .flush() call to wake up readers Su Hui (1): octeontx2-pf: check negative error code in otx2_open() Sumanth Korikkar (1): s390/entry: align system call table on 8 bytes Sumit Garg (1): tee: optee: Fix kernel panic caused by incorrect error handling Svyatoslav Pankratov (1): crypto: qat - fix double free during reset Tavian Barnes (1): nfsd: Fix creation time serialization order Tetsuo Handa (1): NFSD: unregister shrinker when nfsd_init_net() fails Thomas Gleixner (4): timers: Update kernel-doc for various functions timers: Use del_timer_sync() even on UP timers: Rename del_timer_sync() to timer_delete_sync() x86/asm: Differentiate between code and function alignment Tim Schumacher (1): efivarfs: Request at most 512 bytes for variable names Tom Chung (1): drm/amd/display: Preserve original aspect ratio in create stream Toru Katagiri (1): USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M Trond Myklebust (4): nfsd: Add a tracepoint for errors in nfsd4_clone_file_range() nfsd: Fix a write performance regression nfsd: Clean up nfsd_file_put() nfsd: Fix a regression in nfsd_setattr() Uwe Kleine-König (1): PCI: Drop pci_device_remove() test of pci_dev->driver Vasily Averin (2): nfsd4: add refcount for nfsd4_blocked_lock fanotify: fix incorrect fmode_t casts Ville Syrjälä (1): drm/amdgpu: Use drm_mode_copy() Vlastimil Babka (1): mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations Wayne Chang (2): phy: tegra: xusb: Add API to retrieve the port number of phy usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic Wei Fang (1): net: fec: Set mac_managed_pm during probe Weitao Wang (1): USB: UAS: return ENODEV when submit urbs fail with device not attached Will Deacon (1): swiotlb: Fix alignment checks when both allocation and DMA masks are present Wolfram Sang (3): mmc: tmio: avoid concurrent runs of mmc_request_done() NFSD: move from strlcpy with unused retval to strscpy lockd: move from strlcpy with unused retval to strscpy Xin Gao (1): fsnotify: Fix comment typo Xiu Jianfeng (1): NFSD: Use struct_size() helper in alloc_session() Yang Jihong (1): perf/core: Fix reentry problem in perf_output_read_group() Ye Zhang (1): thermal: devfreq_cooling: Fix perf state when calculate dfc res_util Yu Kuai (1): dm-raid: fix lockdep waring in "pers->hot_add_disk" Zack Rusin (1): drm/vmwgfx: Fix possible null pointer derefence with invalid contexts Zhang Jiaming (1): NFSD: Fix space and spelling mistake Zhang Xiaoxu (2): nfsd: Unregister the cld notifier when laundry_wq create failed nfsd: Fix null-ptr-deref in nfsd_fill_super() Zhang Yi (1): ubi: correct the calculation of fastmap size Zheng Wang (1): wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach Zi Yan (1): mm/migrate: set swap entry values of THP tail pages properly. Ziyang Xuan (1): netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() min15.li (1): nvme: fix miss command type check yuan linyu (1): usb: udc: remove warning when queue disabled ep

1 year, 2 months

1
1
0 0

Backport commit ed4adc07207d ("net: ravb: Count packets instead of descriptors in GbEth RX path")

by Claudiu Beznea

Hi, The commit ed4adc07207d ("net: ravb: Count packets instead of descriptors in GbEth RX path") is a clean cherry-pick for v6.1 kernels. It fixes the value returned by NAPI poll method. The NAPI instance is serviced based on this value. Thank you, Claudiu Beznea ________________________________ Renesas Electronics Europe GmbH Registered Office: Arcadiastrasse 10 DE-40472 Duesseldorf Commercial Registry: Duesseldorf, HRB 3708 Managing Director: Carsten Jauch VAT-No.: DE 14978647 Tax-ID-No: 105/5839/1793 Legal Disclaimer: This e-mail communication (and any attachment/s) is confidential and contains proprietary information, some or all of which may be legally privileged. It is intended solely for the use of the individual or entity to which it is addressed. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful.

1 year, 2 months

3
2
0 0

[tip: x86/urgent] x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n

by tip-bot2 for Sean Christopherson

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: f337a6a21e2fd67eadea471e93d05dd37baaa9be Gitweb: https://git.kernel.org/tip/f337a6a21e2fd67eadea471e93d05dd37baaa9be Author: Sean Christopherson <seanjc(a)google.com> AuthorDate: Tue, 09 Apr 2024 10:51:05 -07:00 Committer: Ingo Molnar <mingo(a)kernel.org> CommitterDate: Wed, 10 Apr 2024 16:22:47 +02:00 x86/cpu: Actually turn off mitigations by default for SPECULATION_MITIGATIONS=n Initialize cpu_mitigations to CPU_MITIGATIONS_OFF if the kernel is built with CONFIG_SPECULATION_MITIGATIONS=n, as the help text quite clearly states that disabling SPECULATION_MITIGATIONS is supposed to turn off all mitigations by default. │ If you say N, all mitigations will be disabled. You really │ should know what you are doing to say so. As is, the kernel still defaults to CPU_MITIGATIONS_AUTO, which results in some mitigations being enabled in spite of SPECULATION_MITIGATIONS=n. Fixes: f43b9876e857 ("x86/retbleed: Add fine grained Kconfig knobs") Signed-off-by: Sean Christopherson <seanjc(a)google.com> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Reviewed-by: Daniel Sneddon <daniel.sneddon(a)linux.intel.com> Cc: stable(a)vger.kernel.org Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Link: https://lore.kernel.org/r/20240409175108.1512861-2-seanjc@google.com --- kernel/cpu.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kernel/cpu.c b/kernel/cpu.c index 8f6affd..07ad53b 100644 --- a/kernel/cpu.c +++ b/kernel/cpu.c @@ -3207,7 +3207,8 @@ enum cpu_mitigations { }; static enum cpu_mitigations cpu_mitigations __ro_after_init = - CPU_MITIGATIONS_AUTO; + IS_ENABLED(CONFIG_SPECULATION_MITIGATIONS) ? CPU_MITIGATIONS_AUTO : + CPU_MITIGATIONS_OFF; static int __init mitigations_parse_cmdline(char *arg) {

1 year, 2 months

1
0
0 0

[tip: x86/urgent] x86/cpu: Disable BHI mitigation by default when SPECULATION_MITIGATIONS=n

by tip-bot2 for Sean Christopherson

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: e8f2ec1cc10e86adfc2089fb93a1158e69989bbd Gitweb: https://git.kernel.org/tip/e8f2ec1cc10e86adfc2089fb93a1158e69989bbd Author: Sean Christopherson <seanjc(a)google.com> AuthorDate: Tue, 09 Apr 2024 10:51:06 -07:00 Committer: Ingo Molnar <mingo(a)kernel.org> CommitterDate: Wed, 10 Apr 2024 16:22:56 +02:00 x86/cpu: Disable BHI mitigation by default when SPECULATION_MITIGATIONS=n Rework the initialization of bhi_mitigation to use positive CONFIG tests for the ON/AUTO cases so that lack of *any* CONFIG_SPECTRE_BHI_* #define, i.e. when the kernel is built with CONFIG_SPECULATION_MITIGATIONS=n, results in the mitigation being OFF by default, not AUTO. Per the help text for SPECULATION_MITIGATIONS, the intent is that 'N' disables all mitigations. Fixes: ec9404e40e8f ("x86/bhi: Add BHI mitigation knob") Signed-off-by: Sean Christopherson <seanjc(a)google.com> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Reviewed-by: Daniel Sneddon <daniel.sneddon(a)linux.intel.com> Cc: stable(a)vger.kernel.org Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Link: https://lore.kernel.org/r/20240409175108.1512861-3-seanjc@google.com --- arch/x86/kernel/cpu/bugs.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 27f5004..7e4a706 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1630,9 +1630,9 @@ enum bhi_mitigations { }; static enum bhi_mitigations bhi_mitigation __ro_after_init = - IS_ENABLED(CONFIG_SPECTRE_BHI_ON) ? BHI_MITIGATION_ON : - IS_ENABLED(CONFIG_SPECTRE_BHI_OFF) ? BHI_MITIGATION_OFF : - BHI_MITIGATION_AUTO; + IS_ENABLED(CONFIG_SPECTRE_BHI_ON) ? BHI_MITIGATION_ON : + IS_ENABLED(CONFIG_SPECTRE_BHI_AUTO) ? BHI_MITIGATION_AUTO : + BHI_MITIGATION_OFF; static int __init spectre_bhi_parse_cmdline(char *str) {

1 year, 2 months

1
0
0 0

[git:media_stage/master] media: mc: Fix graph walk in media_pipeline_start

by Hans Verkuil

This is an automatic generated email to let you know that the following patch were queued: Subject: media: mc: Fix graph walk in media_pipeline_start Author: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Date: Mon Mar 18 11:50:59 2024 +0200 The graph walk tries to follow all links, even if they are not between pads. This causes a crash with, e.g. a MEDIA_LNK_FL_ANCILLARY_LINK link. Fix this by allowing the walk to proceed only for MEDIA_LNK_FL_DATA_LINK links. Signed-off-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Cc: stable(a)vger.kernel.org # for 6.1 and later Fixes: ae219872834a ("media: mc: entity: Rewrite media_pipeline_start()") Signed-off-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> drivers/media/mc/mc-entity.c | 6 ++++++ 1 file changed, 6 insertions(+) --- diff --git a/drivers/media/mc/mc-entity.c b/drivers/media/mc/mc-entity.c index 0e28b9a7936e..96dd0f6ccd0d 100644 --- a/drivers/media/mc/mc-entity.c +++ b/drivers/media/mc/mc-entity.c @@ -619,6 +619,12 @@ static int media_pipeline_explore_next_link(struct media_pipeline *pipe, link = list_entry(entry->links, typeof(*link), list); last_link = media_pipeline_walk_pop(walk); + if ((link->flags & MEDIA_LNK_FL_LINK_TYPE) != MEDIA_LNK_FL_DATA_LINK) { + dev_dbg(walk->mdev->dev, + "media pipeline: skipping link (not data-link)\n"); + return 0; + } + dev_dbg(walk->mdev->dev, "media pipeline: exploring link '%s':%u -> '%s':%u\n", link->source->entity->name, link->source->index,

1 year, 2 months

1
0
0 0

[git:media_stage/master] media: ov2680: Allow probing if link-frequencies is absent

by Hans Verkuil

This is an automatic generated email to let you know that the following patch were queued: Subject: media: ov2680: Allow probing if link-frequencies is absent Author: Fabio Estevam <festevam(a)denx.de> Date: Thu Mar 28 19:44:13 2024 -0300 Since commit 63b0cd30b78e ("media: ov2680: Add bus-cfg / endpoint property verification") the ov2680 no longer probes on a imx7s-warp7: ov2680 1-0036: error -EINVAL: supported link freq 330000000 not found ov2680 1-0036: probe with driver ov2680 failed with error -22 As the 'link-frequencies' property is not mandatory, allow the probe to succeed by skipping the link-frequency verification when the property is absent. Cc: stable(a)vger.kernel.org Fixes: 63b0cd30b78e ("media: ov2680: Add bus-cfg / endpoint property verification") Signed-off-by: Fabio Estevam <festevam(a)denx.de> Reviewed-by: Hans de Goede <hdegoede(a)redhat.com> Signed-off-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> drivers/media/i2c/ov2680.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) --- diff --git a/drivers/media/i2c/ov2680.c b/drivers/media/i2c/ov2680.c index 3e3b7c2b492c..a857763c7984 100644 --- a/drivers/media/i2c/ov2680.c +++ b/drivers/media/i2c/ov2680.c @@ -1123,18 +1123,23 @@ static int ov2680_parse_dt(struct ov2680_dev *sensor) goto out_free_bus_cfg; } + if (!bus_cfg.nr_of_link_frequencies) { + dev_warn(dev, "Consider passing 'link-frequencies' in DT\n"); + goto skip_link_freq_validation; + } + for (i = 0; i < bus_cfg.nr_of_link_frequencies; i++) if (bus_cfg.link_frequencies[i] == sensor->link_freq[0]) break; - if (bus_cfg.nr_of_link_frequencies == 0 || - bus_cfg.nr_of_link_frequencies == i) { + if (bus_cfg.nr_of_link_frequencies == i) { ret = dev_err_probe(dev, -EINVAL, "supported link freq %lld not found\n", sensor->link_freq[0]); goto out_free_bus_cfg; } +skip_link_freq_validation: ret = 0; out_free_bus_cfg: v4l2_fwnode_endpoint_free(&bus_cfg);

1 year, 2 months

1
0
0 0

[git:media_stage/master] media: v4l: async: Fix notifier list entry init

by Hans Verkuil

This is an automatic generated email to let you know that the following patch were queued: Subject: media: v4l: async: Fix notifier list entry init Author: Alexander Stein <alexander.stein(a)ew.tq-group.com> Date: Thu Mar 7 15:24:51 2024 +0100 struct v4l2_async_notifier has several list_head members, but only waiting_list and done_list are initialized. notifier_entry was kept 'zeroed' leading to an uninitialized list_head. This results in a NULL-pointer dereference if csi2_async_register() fails, e.g. node for remote endpoint is disabled, and returns -ENOTCONN. The following calls to v4l2_async_nf_unregister() results in a NULL pointer dereference. Add the missing list head initializer. Fixes: b8ec754ae4c5 ("media: v4l: async: Set v4l2_device and subdev in async notifier init") Cc: <stable(a)vger.kernel.org> # for 6.6 and later Signed-off-by: Alexander Stein <alexander.stein(a)ew.tq-group.com> Signed-off-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> drivers/media/v4l2-core/v4l2-async.c | 2 ++ 1 file changed, 2 insertions(+) --- diff --git a/drivers/media/v4l2-core/v4l2-async.c b/drivers/media/v4l2-core/v4l2-async.c index 3ec323bd528b..6a7dcf43d712 100644 --- a/drivers/media/v4l2-core/v4l2-async.c +++ b/drivers/media/v4l2-core/v4l2-async.c @@ -563,6 +563,7 @@ void v4l2_async_nf_init(struct v4l2_async_notifier *notifier, { INIT_LIST_HEAD(&notifier->waiting_list); INIT_LIST_HEAD(&notifier->done_list); + INIT_LIST_HEAD(&notifier->notifier_entry); notifier->v4l2_dev = v4l2_dev; } EXPORT_SYMBOL(v4l2_async_nf_init); @@ -572,6 +573,7 @@ void v4l2_async_subdev_nf_init(struct v4l2_async_notifier *notifier, { INIT_LIST_HEAD(&notifier->waiting_list); INIT_LIST_HEAD(&notifier->done_list); + INIT_LIST_HEAD(&notifier->notifier_entry); notifier->sd = sd; } EXPORT_SYMBOL_GPL(v4l2_async_subdev_nf_init);

1 year, 2 months

1
0
0 0

[git:media_stage/master] media: v4l: async: Don't set notifier's V4L2 device if registering fails

by Hans Verkuil

This is an automatic generated email to let you know that the following patch were queued: Subject: media: v4l: async: Don't set notifier's V4L2 device if registering fails Author: Sakari Ailus <sakari.ailus(a)linux.intel.com> Date: Fri Mar 8 15:07:45 2024 +0200 The V4L2 device used to be set when the notifier was registered but this has been moved to the notifier initialisation. Don't touch the V4L2 device if registration fails. Fixes: b8ec754ae4c5 ("media: v4l: async: Set v4l2_device and subdev in async notifier init") Cc: <stable(a)vger.kernel.org> # for 6.6 and later Signed-off-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> drivers/media/v4l2-core/v4l2-async.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) --- diff --git a/drivers/media/v4l2-core/v4l2-async.c b/drivers/media/v4l2-core/v4l2-async.c index 6a7dcf43d712..2ff35d5d60f2 100644 --- a/drivers/media/v4l2-core/v4l2-async.c +++ b/drivers/media/v4l2-core/v4l2-async.c @@ -620,16 +620,10 @@ err_unlock: int v4l2_async_nf_register(struct v4l2_async_notifier *notifier) { - int ret; - if (WARN_ON(!notifier->v4l2_dev == !notifier->sd)) return -EINVAL; - ret = __v4l2_async_nf_register(notifier); - if (ret) - notifier->v4l2_dev = NULL; - - return ret; + return __v4l2_async_nf_register(notifier); } EXPORT_SYMBOL(v4l2_async_nf_register);

1 year, 2 months

1
0
0 0

[git:media_stage/master] media: ov2680: Clear the 'ret' variable on success

by Hans Verkuil

This is an automatic generated email to let you know that the following patch were queued: Subject: media: ov2680: Clear the 'ret' variable on success Author: Fabio Estevam <festevam(a)denx.de> Date: Thu Mar 28 19:44:12 2024 -0300 Since commit 63b0cd30b78e ("media: ov2680: Add bus-cfg / endpoint property verification") even when the correct 'link-frequencies' property is passed in the devicetree, the driver fails to probe: ov2680 1-0036: probe with driver ov2680 failed with error -22 The reason is that the variable 'ret' may contain the -EINVAL value from a previous assignment: ret = fwnode_property_read_u32(dev_fwnode(dev), "clock-frequency", &rate); Fix the problem by clearing 'ret' on the successful path. Tested on imx7s-warp board with the following devicetree: port { ov2680_to_mipi: endpoint { remote-endpoint = <&mipi_from_sensor>; clock-lanes = <0>; data-lanes = <1>; link-frequencies = /bits/ 64 <330000000>; }; }; Cc: stable(a)vger.kernel.org Fixes: 63b0cd30b78e ("media: ov2680: Add bus-cfg / endpoint property verification") Suggested-by: Hans de Goede <hdegoede(a)redhat.com> Signed-off-by: Fabio Estevam <festevam(a)denx.de> Reviewed-by: Hans de Goede <hdegoede(a)redhat.com> Signed-off-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> drivers/media/i2c/ov2680.c | 1 + 1 file changed, 1 insertion(+) --- diff --git a/drivers/media/i2c/ov2680.c b/drivers/media/i2c/ov2680.c index 39d321e2b7f9..3e3b7c2b492c 100644 --- a/drivers/media/i2c/ov2680.c +++ b/drivers/media/i2c/ov2680.c @@ -1135,6 +1135,7 @@ static int ov2680_parse_dt(struct ov2680_dev *sensor) goto out_free_bus_cfg; } + ret = 0; out_free_bus_cfg: v4l2_fwnode_endpoint_free(&bus_cfg); return ret;

1 year, 2 months

1
0
0 0

[git:media_stage/master] media: ov2740: Fix LINK_FREQ and PIXEL_RATE control value reporting

by Hans Verkuil

This is an automatic generated email to let you know that the following patch were queued: Subject: media: ov2740: Fix LINK_FREQ and PIXEL_RATE control value reporting Author: Sakari Ailus <sakari.ailus(a)linux.intel.com> Date: Wed Mar 27 10:57:31 2024 +0200 The driver dug the supported link frequency up from the V4L2 fwnode endpoint and used it internally, but failed to report this in the LINK_FREQ and PIXEL_RATE controls. Fix this. Fixes: 0677a2d9b735 ("media: ov2740: Add support for 180 MHz link frequency") Cc: stable(a)vger.kernel.org # for v6.8 and later Signed-off-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Reviewed-by: Hans de Goede <hdegoede(a)redhat.com> Reviewed-by: Bingbu Cao <bingbu.cao(a)intel.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> drivers/media/i2c/ov2740.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) --- diff --git a/drivers/media/i2c/ov2740.c b/drivers/media/i2c/ov2740.c index 552935ccb4a9..57906df7be4e 100644 --- a/drivers/media/i2c/ov2740.c +++ b/drivers/media/i2c/ov2740.c @@ -768,14 +768,15 @@ static int ov2740_init_controls(struct ov2740 *ov2740) cur_mode = ov2740->cur_mode; size = ARRAY_SIZE(link_freq_menu_items); - ov2740->link_freq = v4l2_ctrl_new_int_menu(ctrl_hdlr, &ov2740_ctrl_ops, - V4L2_CID_LINK_FREQ, - size - 1, 0, - link_freq_menu_items); + ov2740->link_freq = + v4l2_ctrl_new_int_menu(ctrl_hdlr, &ov2740_ctrl_ops, + V4L2_CID_LINK_FREQ, size - 1, + ov2740->supported_modes->link_freq_index, + link_freq_menu_items); if (ov2740->link_freq) ov2740->link_freq->flags |= V4L2_CTRL_FLAG_READ_ONLY; - pixel_rate = to_pixel_rate(OV2740_LINK_FREQ_360MHZ_INDEX); + pixel_rate = to_pixel_rate(ov2740->supported_modes->link_freq_index); ov2740->pixel_rate = v4l2_ctrl_new_std(ctrl_hdlr, &ov2740_ctrl_ops, V4L2_CID_PIXEL_RATE, 0, pixel_rate, 1, pixel_rate);

1 year, 2 months

1
0
0 0

[git:media_stage/master] media: v4l: async: Properly re-initialise notifier entry in unregister

by Hans Verkuil

This is an automatic generated email to let you know that the following patch were queued: Subject: media: v4l: async: Properly re-initialise notifier entry in unregister Author: Sakari Ailus <sakari.ailus(a)linux.intel.com> Date: Fri Mar 8 15:06:13 2024 +0200 The notifier_entry of a notifier is not re-initialised after unregistering the notifier. This leads to dangling pointers being left there so use list_del_init() to return the notifier_entry an empty list. Fixes: b8ec754ae4c5 ("media: v4l: async: Set v4l2_device and subdev in async notifier init") Cc: <stable(a)vger.kernel.org> # for 6.6 and later Signed-off-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> drivers/media/v4l2-core/v4l2-async.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- diff --git a/drivers/media/v4l2-core/v4l2-async.c b/drivers/media/v4l2-core/v4l2-async.c index 2ff35d5d60f2..4bb073587817 100644 --- a/drivers/media/v4l2-core/v4l2-async.c +++ b/drivers/media/v4l2-core/v4l2-async.c @@ -635,7 +635,7 @@ __v4l2_async_nf_unregister(struct v4l2_async_notifier *notifier) v4l2_async_nf_unbind_all_subdevs(notifier); - list_del(&notifier->notifier_entry); + list_del_init(&notifier->notifier_entry); } void v4l2_async_nf_unregister(struct v4l2_async_notifier *notifier)

1 year, 2 months

1
0
0 0

[PATCH 1/3] drm/ast: Set DDC timeout in milliseconds

by Thomas Zimmermann

Compute the i2c timeout in jiffies from a value in milliseconds. The original values of 2 jiffies equals 2 milliseconds if HZ has been configured to a value of 1000. This corresponds to 2.2 milliseconds used by most other DRM drivers. Update ast accordingly. Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Fixes: 312fec1405dd ("drm: Initial KMS driver for AST (ASpeed Technologies) 2000 series (v2)") Cc: Dave Airlie <airlied(a)redhat.com> Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Maxime Ripard <mripard(a)kernel.org> Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: Jocelyn Falempe <jfalempe(a)redhat.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v3.5+ --- drivers/gpu/drm/ast/ast_ddc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/ast/ast_ddc.c b/drivers/gpu/drm/ast/ast_ddc.c index b7718084422f3..3e156a6b6831d 100644 --- a/drivers/gpu/drm/ast/ast_ddc.c +++ b/drivers/gpu/drm/ast/ast_ddc.c @@ -153,7 +153,7 @@ struct ast_ddc *ast_ddc_create(struct ast_device *ast) bit = &ddc->bit; bit->udelay = 20; - bit->timeout = 2; + bit->timeout = usecs_to_jiffies(2200); bit->data = ddc; bit->setsda = ast_ddc_algo_bit_data_setsda; bit->setscl = ast_ddc_algo_bit_data_setscl; -- 2.44.0

1 year, 2 months

2
1
0 0

[PATCH 0/4 5.10] rxrpc: Fix KASAN: slab-out-of-bounds Read in kernel_bind

by Alexander Ofitserov

This bug was found with syzkaller on Linux kernel v5.10. This patch series fixes the bug. Signed-off-by: Alexander Ofitserov <oficerovas(a)altlinux.org> Cc: stable(a)vger.kernel.org Xin Long (1): rxrpc: use udp tunnel APIs instead of open code in rxrpc_open_socket David Howells (2): rxrpc: Fix missing dependency on NET_UDP_TUNNEL rxrpc: Enable IPv6 checksums on transport socket Vadim Fedorenko (1): rxrpc: Fix dependency on IPv6 in udp tunnel config net/rxrpc/Kconfig | 1 + net/rxrpc/local_object.c | 77 +++++++++++++++------------------------- 2 files changed, 30 insertions(+), 48 deletions(-) -- 2.42.1

1 year, 2 months

1
4
0 0

FAILED: patch "[PATCH] x86/mm/pat: fix VM_PAT handling in COW mappings" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 04c35ab3bdae7fefbd7c7a7355f29fa03a035221 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040850-wildly-gyration-12ff@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 04c35ab3bdae ("x86/mm/pat: fix VM_PAT handling in COW mappings") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 04c35ab3bdae7fefbd7c7a7355f29fa03a035221 Mon Sep 17 00:00:00 2001 From: David Hildenbrand <david(a)redhat.com> Date: Wed, 3 Apr 2024 23:21:30 +0200 Subject: [PATCH] x86/mm/pat: fix VM_PAT handling in COW mappings PAT handling won't do the right thing in COW mappings: the first PTE (or, in fact, all PTEs) can be replaced during write faults to point at anon folios. Reliably recovering the correct PFN and cachemode using follow_phys() from PTEs will not work in COW mappings. Using follow_phys(), we might just get the address+protection of the anon folio (which is very wrong), or fail on swap/nonswap entries, failing follow_phys() and triggering a WARN_ON_ONCE() in untrack_pfn() and track_pfn_copy(), not properly calling free_pfn_range(). In free_pfn_range(), we either wouldn't call memtype_free() or would call it with the wrong range, possibly leaking memory. To fix that, let's update follow_phys() to refuse returning anon folios, and fallback to using the stored PFN inside vma->vm_pgoff for COW mappings if we run into that. We will now properly handle untrack_pfn() with COW mappings, where we don't need the cachemode. We'll have to fail fork()->track_pfn_copy() if the first page was replaced by an anon folio, though: we'd have to store the cachemode in the VMA to make this work, likely growing the VMA size. For now, lets keep it simple and let track_pfn_copy() just fail in that case: it would have failed in the past with swap/nonswap entries already, and it would have done the wrong thing with anon folios. Simple reproducer to trigger the WARN_ON_ONCE() in untrack_pfn(): <--- C reproducer ---> #include <stdio.h> #include <sys/mman.h> #include <unistd.h> #include <liburing.h> int main(void) { struct io_uring_params p = {}; int ring_fd; size_t size; char *map; ring_fd = io_uring_setup(1, &p); if (ring_fd < 0) { perror("io_uring_setup"); return 1; } size = p.sq_off.array + p.sq_entries * sizeof(unsigned); /* Map the submission queue ring MAP_PRIVATE */ map = mmap(0, size, PROT_READ | PROT_WRITE, MAP_PRIVATE, ring_fd, IORING_OFF_SQ_RING); if (map == MAP_FAILED) { perror("mmap"); return 1; } /* We have at least one page. Let's COW it. */ *map = 0; pause(); return 0; } <--- C reproducer ---> On a system with 16 GiB RAM and swap configured: # ./iouring & # memhog 16G # killall iouring [ 301.552930] ------------[ cut here ]------------ [ 301.553285] WARNING: CPU: 7 PID: 1402 at arch/x86/mm/pat/memtype.c:1060 untrack_pfn+0xf4/0x100 [ 301.553989] Modules linked in: binfmt_misc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_g [ 301.558232] CPU: 7 PID: 1402 Comm: iouring Not tainted 6.7.5-100.fc38.x86_64 #1 [ 301.558772] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebu4 [ 301.559569] RIP: 0010:untrack_pfn+0xf4/0x100 [ 301.559893] Code: 75 c4 eb cf 48 8b 43 10 8b a8 e8 00 00 00 3b 6b 28 74 b8 48 8b 7b 30 e8 ea 1a f7 000 [ 301.561189] RSP: 0018:ffffba2c0377fab8 EFLAGS: 00010282 [ 301.561590] RAX: 00000000ffffffea RBX: ffff9208c8ce9cc0 RCX: 000000010455e047 [ 301.562105] RDX: 07fffffff0eb1e0a RSI: 0000000000000000 RDI: ffff9208c391d200 [ 301.562628] RBP: 0000000000000000 R08: ffffba2c0377fab8 R09: 0000000000000000 [ 301.563145] R10: ffff9208d2292d50 R11: 0000000000000002 R12: 00007fea890e0000 [ 301.563669] R13: 0000000000000000 R14: ffffba2c0377fc08 R15: 0000000000000000 [ 301.564186] FS: 0000000000000000(0000) GS:ffff920c2fbc0000(0000) knlGS:0000000000000000 [ 301.564773] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 301.565197] CR2: 00007fea88ee8a20 CR3: 00000001033a8000 CR4: 0000000000750ef0 [ 301.565725] PKRU: 55555554 [ 301.565944] Call Trace: [ 301.566148] <TASK> [ 301.566325] ? untrack_pfn+0xf4/0x100 [ 301.566618] ? __warn+0x81/0x130 [ 301.566876] ? untrack_pfn+0xf4/0x100 [ 301.567163] ? report_bug+0x171/0x1a0 [ 301.567466] ? handle_bug+0x3c/0x80 [ 301.567743] ? exc_invalid_op+0x17/0x70 [ 301.568038] ? asm_exc_invalid_op+0x1a/0x20 [ 301.568363] ? untrack_pfn+0xf4/0x100 [ 301.568660] ? untrack_pfn+0x65/0x100 [ 301.568947] unmap_single_vma+0xa6/0xe0 [ 301.569247] unmap_vmas+0xb5/0x190 [ 301.569532] exit_mmap+0xec/0x340 [ 301.569801] __mmput+0x3e/0x130 [ 301.570051] do_exit+0x305/0xaf0 ... Link: https://lkml.kernel.org/r/20240403212131.929421-3-david@redhat.com Signed-off-by: David Hildenbrand <david(a)redhat.com> Reported-by: Wupeng Ma <mawupeng1(a)huawei.com> Closes: https://lkml.kernel.org/r/20240227122814.3781907-1-mawupeng1@huawei.com Fixes: b1a86e15dc03 ("x86, pat: remove the dependency on 'vm_pgoff' in track/untrack pfn vma routines") Fixes: 5899329b1910 ("x86: PAT: implement track/untrack of pfnmap regions for x86 - v3") Acked-by: Ingo Molnar <mingo(a)kernel.org> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Borislav Petkov <bp(a)alien8.de> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/arch/x86/mm/pat/memtype.c b/arch/x86/mm/pat/memtype.c index 0d72183b5dd0..36b603d0cdde 100644 --- a/arch/x86/mm/pat/memtype.c +++ b/arch/x86/mm/pat/memtype.c @@ -947,6 +947,38 @@ static void free_pfn_range(u64 paddr, unsigned long size) memtype_free(paddr, paddr + size); } +static int get_pat_info(struct vm_area_struct *vma, resource_size_t *paddr, + pgprot_t *pgprot) +{ + unsigned long prot; + + VM_WARN_ON_ONCE(!(vma->vm_flags & VM_PAT)); + + /* + * We need the starting PFN and cachemode used for track_pfn_remap() + * that covered the whole VMA. For most mappings, we can obtain that + * information from the page tables. For COW mappings, we might now + * suddenly have anon folios mapped and follow_phys() will fail. + * + * Fallback to using vma->vm_pgoff, see remap_pfn_range_notrack(), to + * detect the PFN. If we need the cachemode as well, we're out of luck + * for now and have to fail fork(). + */ + if (!follow_phys(vma, vma->vm_start, 0, &prot, paddr)) { + if (pgprot) + *pgprot = __pgprot(prot); + return 0; + } + if (is_cow_mapping(vma->vm_flags)) { + if (pgprot) + return -EINVAL; + *paddr = (resource_size_t)vma->vm_pgoff << PAGE_SHIFT; + return 0; + } + WARN_ON_ONCE(1); + return -EINVAL; +} + /* * track_pfn_copy is called when vma that is covering the pfnmap gets * copied through copy_page_range(). @@ -957,20 +989,13 @@ static void free_pfn_range(u64 paddr, unsigned long size) int track_pfn_copy(struct vm_area_struct *vma) { resource_size_t paddr; - unsigned long prot; unsigned long vma_size = vma->vm_end - vma->vm_start; pgprot_t pgprot; if (vma->vm_flags & VM_PAT) { - /* - * reserve the whole chunk covered by vma. We need the - * starting address and protection from pte. - */ - if (follow_phys(vma, vma->vm_start, 0, &prot, &paddr)) { - WARN_ON_ONCE(1); + if (get_pat_info(vma, &paddr, &pgprot)) return -EINVAL; - } - pgprot = __pgprot(prot); + /* reserve the whole chunk covered by vma. */ return reserve_pfn_range(paddr, vma_size, &pgprot, 1); } @@ -1045,7 +1070,6 @@ void untrack_pfn(struct vm_area_struct *vma, unsigned long pfn, unsigned long size, bool mm_wr_locked) { resource_size_t paddr; - unsigned long prot; if (vma && !(vma->vm_flags & VM_PAT)) return; @@ -1053,11 +1077,8 @@ void untrack_pfn(struct vm_area_struct *vma, unsigned long pfn, /* free the chunk starting from pfn or the whole chunk */ paddr = (resource_size_t)pfn << PAGE_SHIFT; if (!paddr && !size) { - if (follow_phys(vma, vma->vm_start, 0, &prot, &paddr)) { - WARN_ON_ONCE(1); + if (get_pat_info(vma, &paddr, NULL)) return; - } - size = vma->vm_end - vma->vm_start; } free_pfn_range(paddr, size); diff --git a/mm/memory.c b/mm/memory.c index 904f70b99498..d2155ced45f8 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -5973,6 +5973,10 @@ int follow_phys(struct vm_area_struct *vma, goto out; pte = ptep_get(ptep); + /* Never return PFNs of anon folios in COW mappings. */ + if (vm_normal_folio(vma, address, pte)) + goto unlock; + if ((flags & FOLL_WRITE) && !pte_write(pte)) goto unlock;

1 year, 2 months

2
2
0 0

FAILED: patch "[PATCH] x86/mm/pat: fix VM_PAT handling in COW mappings" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 04c35ab3bdae7fefbd7c7a7355f29fa03a035221 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040843-utmost-staff-773b@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 04c35ab3bdae ("x86/mm/pat: fix VM_PAT handling in COW mappings") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 04c35ab3bdae7fefbd7c7a7355f29fa03a035221 Mon Sep 17 00:00:00 2001 From: David Hildenbrand <david(a)redhat.com> Date: Wed, 3 Apr 2024 23:21:30 +0200 Subject: [PATCH] x86/mm/pat: fix VM_PAT handling in COW mappings PAT handling won't do the right thing in COW mappings: the first PTE (or, in fact, all PTEs) can be replaced during write faults to point at anon folios. Reliably recovering the correct PFN and cachemode using follow_phys() from PTEs will not work in COW mappings. Using follow_phys(), we might just get the address+protection of the anon folio (which is very wrong), or fail on swap/nonswap entries, failing follow_phys() and triggering a WARN_ON_ONCE() in untrack_pfn() and track_pfn_copy(), not properly calling free_pfn_range(). In free_pfn_range(), we either wouldn't call memtype_free() or would call it with the wrong range, possibly leaking memory. To fix that, let's update follow_phys() to refuse returning anon folios, and fallback to using the stored PFN inside vma->vm_pgoff for COW mappings if we run into that. We will now properly handle untrack_pfn() with COW mappings, where we don't need the cachemode. We'll have to fail fork()->track_pfn_copy() if the first page was replaced by an anon folio, though: we'd have to store the cachemode in the VMA to make this work, likely growing the VMA size. For now, lets keep it simple and let track_pfn_copy() just fail in that case: it would have failed in the past with swap/nonswap entries already, and it would have done the wrong thing with anon folios. Simple reproducer to trigger the WARN_ON_ONCE() in untrack_pfn(): <--- C reproducer ---> #include <stdio.h> #include <sys/mman.h> #include <unistd.h> #include <liburing.h> int main(void) { struct io_uring_params p = {}; int ring_fd; size_t size; char *map; ring_fd = io_uring_setup(1, &p); if (ring_fd < 0) { perror("io_uring_setup"); return 1; } size = p.sq_off.array + p.sq_entries * sizeof(unsigned); /* Map the submission queue ring MAP_PRIVATE */ map = mmap(0, size, PROT_READ | PROT_WRITE, MAP_PRIVATE, ring_fd, IORING_OFF_SQ_RING); if (map == MAP_FAILED) { perror("mmap"); return 1; } /* We have at least one page. Let's COW it. */ *map = 0; pause(); return 0; } <--- C reproducer ---> On a system with 16 GiB RAM and swap configured: # ./iouring & # memhog 16G # killall iouring [ 301.552930] ------------[ cut here ]------------ [ 301.553285] WARNING: CPU: 7 PID: 1402 at arch/x86/mm/pat/memtype.c:1060 untrack_pfn+0xf4/0x100 [ 301.553989] Modules linked in: binfmt_misc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_g [ 301.558232] CPU: 7 PID: 1402 Comm: iouring Not tainted 6.7.5-100.fc38.x86_64 #1 [ 301.558772] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebu4 [ 301.559569] RIP: 0010:untrack_pfn+0xf4/0x100 [ 301.559893] Code: 75 c4 eb cf 48 8b 43 10 8b a8 e8 00 00 00 3b 6b 28 74 b8 48 8b 7b 30 e8 ea 1a f7 000 [ 301.561189] RSP: 0018:ffffba2c0377fab8 EFLAGS: 00010282 [ 301.561590] RAX: 00000000ffffffea RBX: ffff9208c8ce9cc0 RCX: 000000010455e047 [ 301.562105] RDX: 07fffffff0eb1e0a RSI: 0000000000000000 RDI: ffff9208c391d200 [ 301.562628] RBP: 0000000000000000 R08: ffffba2c0377fab8 R09: 0000000000000000 [ 301.563145] R10: ffff9208d2292d50 R11: 0000000000000002 R12: 00007fea890e0000 [ 301.563669] R13: 0000000000000000 R14: ffffba2c0377fc08 R15: 0000000000000000 [ 301.564186] FS: 0000000000000000(0000) GS:ffff920c2fbc0000(0000) knlGS:0000000000000000 [ 301.564773] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 301.565197] CR2: 00007fea88ee8a20 CR3: 00000001033a8000 CR4: 0000000000750ef0 [ 301.565725] PKRU: 55555554 [ 301.565944] Call Trace: [ 301.566148] <TASK> [ 301.566325] ? untrack_pfn+0xf4/0x100 [ 301.566618] ? __warn+0x81/0x130 [ 301.566876] ? untrack_pfn+0xf4/0x100 [ 301.567163] ? report_bug+0x171/0x1a0 [ 301.567466] ? handle_bug+0x3c/0x80 [ 301.567743] ? exc_invalid_op+0x17/0x70 [ 301.568038] ? asm_exc_invalid_op+0x1a/0x20 [ 301.568363] ? untrack_pfn+0xf4/0x100 [ 301.568660] ? untrack_pfn+0x65/0x100 [ 301.568947] unmap_single_vma+0xa6/0xe0 [ 301.569247] unmap_vmas+0xb5/0x190 [ 301.569532] exit_mmap+0xec/0x340 [ 301.569801] __mmput+0x3e/0x130 [ 301.570051] do_exit+0x305/0xaf0 ... Link: https://lkml.kernel.org/r/20240403212131.929421-3-david@redhat.com Signed-off-by: David Hildenbrand <david(a)redhat.com> Reported-by: Wupeng Ma <mawupeng1(a)huawei.com> Closes: https://lkml.kernel.org/r/20240227122814.3781907-1-mawupeng1@huawei.com Fixes: b1a86e15dc03 ("x86, pat: remove the dependency on 'vm_pgoff' in track/untrack pfn vma routines") Fixes: 5899329b1910 ("x86: PAT: implement track/untrack of pfnmap regions for x86 - v3") Acked-by: Ingo Molnar <mingo(a)kernel.org> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Borislav Petkov <bp(a)alien8.de> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/arch/x86/mm/pat/memtype.c b/arch/x86/mm/pat/memtype.c index 0d72183b5dd0..36b603d0cdde 100644 --- a/arch/x86/mm/pat/memtype.c +++ b/arch/x86/mm/pat/memtype.c @@ -947,6 +947,38 @@ static void free_pfn_range(u64 paddr, unsigned long size) memtype_free(paddr, paddr + size); } +static int get_pat_info(struct vm_area_struct *vma, resource_size_t *paddr, + pgprot_t *pgprot) +{ + unsigned long prot; + + VM_WARN_ON_ONCE(!(vma->vm_flags & VM_PAT)); + + /* + * We need the starting PFN and cachemode used for track_pfn_remap() + * that covered the whole VMA. For most mappings, we can obtain that + * information from the page tables. For COW mappings, we might now + * suddenly have anon folios mapped and follow_phys() will fail. + * + * Fallback to using vma->vm_pgoff, see remap_pfn_range_notrack(), to + * detect the PFN. If we need the cachemode as well, we're out of luck + * for now and have to fail fork(). + */ + if (!follow_phys(vma, vma->vm_start, 0, &prot, paddr)) { + if (pgprot) + *pgprot = __pgprot(prot); + return 0; + } + if (is_cow_mapping(vma->vm_flags)) { + if (pgprot) + return -EINVAL; + *paddr = (resource_size_t)vma->vm_pgoff << PAGE_SHIFT; + return 0; + } + WARN_ON_ONCE(1); + return -EINVAL; +} + /* * track_pfn_copy is called when vma that is covering the pfnmap gets * copied through copy_page_range(). @@ -957,20 +989,13 @@ static void free_pfn_range(u64 paddr, unsigned long size) int track_pfn_copy(struct vm_area_struct *vma) { resource_size_t paddr; - unsigned long prot; unsigned long vma_size = vma->vm_end - vma->vm_start; pgprot_t pgprot; if (vma->vm_flags & VM_PAT) { - /* - * reserve the whole chunk covered by vma. We need the - * starting address and protection from pte. - */ - if (follow_phys(vma, vma->vm_start, 0, &prot, &paddr)) { - WARN_ON_ONCE(1); + if (get_pat_info(vma, &paddr, &pgprot)) return -EINVAL; - } - pgprot = __pgprot(prot); + /* reserve the whole chunk covered by vma. */ return reserve_pfn_range(paddr, vma_size, &pgprot, 1); } @@ -1045,7 +1070,6 @@ void untrack_pfn(struct vm_area_struct *vma, unsigned long pfn, unsigned long size, bool mm_wr_locked) { resource_size_t paddr; - unsigned long prot; if (vma && !(vma->vm_flags & VM_PAT)) return; @@ -1053,11 +1077,8 @@ void untrack_pfn(struct vm_area_struct *vma, unsigned long pfn, /* free the chunk starting from pfn or the whole chunk */ paddr = (resource_size_t)pfn << PAGE_SHIFT; if (!paddr && !size) { - if (follow_phys(vma, vma->vm_start, 0, &prot, &paddr)) { - WARN_ON_ONCE(1); + if (get_pat_info(vma, &paddr, NULL)) return; - } - size = vma->vm_end - vma->vm_start; } free_pfn_range(paddr, size); diff --git a/mm/memory.c b/mm/memory.c index 904f70b99498..d2155ced45f8 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -5973,6 +5973,10 @@ int follow_phys(struct vm_area_struct *vma, goto out; pte = ptep_get(ptep); + /* Never return PFNs of anon folios in COW mappings. */ + if (vm_normal_folio(vma, address, pte)) + goto unlock; + if ((flags & FOLL_WRITE) && !pte_write(pte)) goto unlock;

1 year, 2 months

2
2
0 0

FAILED: patch "[PATCH] x86/mm/pat: fix VM_PAT handling in COW mappings" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 04c35ab3bdae7fefbd7c7a7355f29fa03a035221 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040847-departure-lining-fed7@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 04c35ab3bdae ("x86/mm/pat: fix VM_PAT handling in COW mappings") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 04c35ab3bdae7fefbd7c7a7355f29fa03a035221 Mon Sep 17 00:00:00 2001 From: David Hildenbrand <david(a)redhat.com> Date: Wed, 3 Apr 2024 23:21:30 +0200 Subject: [PATCH] x86/mm/pat: fix VM_PAT handling in COW mappings PAT handling won't do the right thing in COW mappings: the first PTE (or, in fact, all PTEs) can be replaced during write faults to point at anon folios. Reliably recovering the correct PFN and cachemode using follow_phys() from PTEs will not work in COW mappings. Using follow_phys(), we might just get the address+protection of the anon folio (which is very wrong), or fail on swap/nonswap entries, failing follow_phys() and triggering a WARN_ON_ONCE() in untrack_pfn() and track_pfn_copy(), not properly calling free_pfn_range(). In free_pfn_range(), we either wouldn't call memtype_free() or would call it with the wrong range, possibly leaking memory. To fix that, let's update follow_phys() to refuse returning anon folios, and fallback to using the stored PFN inside vma->vm_pgoff for COW mappings if we run into that. We will now properly handle untrack_pfn() with COW mappings, where we don't need the cachemode. We'll have to fail fork()->track_pfn_copy() if the first page was replaced by an anon folio, though: we'd have to store the cachemode in the VMA to make this work, likely growing the VMA size. For now, lets keep it simple and let track_pfn_copy() just fail in that case: it would have failed in the past with swap/nonswap entries already, and it would have done the wrong thing with anon folios. Simple reproducer to trigger the WARN_ON_ONCE() in untrack_pfn(): <--- C reproducer ---> #include <stdio.h> #include <sys/mman.h> #include <unistd.h> #include <liburing.h> int main(void) { struct io_uring_params p = {}; int ring_fd; size_t size; char *map; ring_fd = io_uring_setup(1, &p); if (ring_fd < 0) { perror("io_uring_setup"); return 1; } size = p.sq_off.array + p.sq_entries * sizeof(unsigned); /* Map the submission queue ring MAP_PRIVATE */ map = mmap(0, size, PROT_READ | PROT_WRITE, MAP_PRIVATE, ring_fd, IORING_OFF_SQ_RING); if (map == MAP_FAILED) { perror("mmap"); return 1; } /* We have at least one page. Let's COW it. */ *map = 0; pause(); return 0; } <--- C reproducer ---> On a system with 16 GiB RAM and swap configured: # ./iouring & # memhog 16G # killall iouring [ 301.552930] ------------[ cut here ]------------ [ 301.553285] WARNING: CPU: 7 PID: 1402 at arch/x86/mm/pat/memtype.c:1060 untrack_pfn+0xf4/0x100 [ 301.553989] Modules linked in: binfmt_misc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_g [ 301.558232] CPU: 7 PID: 1402 Comm: iouring Not tainted 6.7.5-100.fc38.x86_64 #1 [ 301.558772] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebu4 [ 301.559569] RIP: 0010:untrack_pfn+0xf4/0x100 [ 301.559893] Code: 75 c4 eb cf 48 8b 43 10 8b a8 e8 00 00 00 3b 6b 28 74 b8 48 8b 7b 30 e8 ea 1a f7 000 [ 301.561189] RSP: 0018:ffffba2c0377fab8 EFLAGS: 00010282 [ 301.561590] RAX: 00000000ffffffea RBX: ffff9208c8ce9cc0 RCX: 000000010455e047 [ 301.562105] RDX: 07fffffff0eb1e0a RSI: 0000000000000000 RDI: ffff9208c391d200 [ 301.562628] RBP: 0000000000000000 R08: ffffba2c0377fab8 R09: 0000000000000000 [ 301.563145] R10: ffff9208d2292d50 R11: 0000000000000002 R12: 00007fea890e0000 [ 301.563669] R13: 0000000000000000 R14: ffffba2c0377fc08 R15: 0000000000000000 [ 301.564186] FS: 0000000000000000(0000) GS:ffff920c2fbc0000(0000) knlGS:0000000000000000 [ 301.564773] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 301.565197] CR2: 00007fea88ee8a20 CR3: 00000001033a8000 CR4: 0000000000750ef0 [ 301.565725] PKRU: 55555554 [ 301.565944] Call Trace: [ 301.566148] <TASK> [ 301.566325] ? untrack_pfn+0xf4/0x100 [ 301.566618] ? __warn+0x81/0x130 [ 301.566876] ? untrack_pfn+0xf4/0x100 [ 301.567163] ? report_bug+0x171/0x1a0 [ 301.567466] ? handle_bug+0x3c/0x80 [ 301.567743] ? exc_invalid_op+0x17/0x70 [ 301.568038] ? asm_exc_invalid_op+0x1a/0x20 [ 301.568363] ? untrack_pfn+0xf4/0x100 [ 301.568660] ? untrack_pfn+0x65/0x100 [ 301.568947] unmap_single_vma+0xa6/0xe0 [ 301.569247] unmap_vmas+0xb5/0x190 [ 301.569532] exit_mmap+0xec/0x340 [ 301.569801] __mmput+0x3e/0x130 [ 301.570051] do_exit+0x305/0xaf0 ... Link: https://lkml.kernel.org/r/20240403212131.929421-3-david@redhat.com Signed-off-by: David Hildenbrand <david(a)redhat.com> Reported-by: Wupeng Ma <mawupeng1(a)huawei.com> Closes: https://lkml.kernel.org/r/20240227122814.3781907-1-mawupeng1@huawei.com Fixes: b1a86e15dc03 ("x86, pat: remove the dependency on 'vm_pgoff' in track/untrack pfn vma routines") Fixes: 5899329b1910 ("x86: PAT: implement track/untrack of pfnmap regions for x86 - v3") Acked-by: Ingo Molnar <mingo(a)kernel.org> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Borislav Petkov <bp(a)alien8.de> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/arch/x86/mm/pat/memtype.c b/arch/x86/mm/pat/memtype.c index 0d72183b5dd0..36b603d0cdde 100644 --- a/arch/x86/mm/pat/memtype.c +++ b/arch/x86/mm/pat/memtype.c @@ -947,6 +947,38 @@ static void free_pfn_range(u64 paddr, unsigned long size) memtype_free(paddr, paddr + size); } +static int get_pat_info(struct vm_area_struct *vma, resource_size_t *paddr, + pgprot_t *pgprot) +{ + unsigned long prot; + + VM_WARN_ON_ONCE(!(vma->vm_flags & VM_PAT)); + + /* + * We need the starting PFN and cachemode used for track_pfn_remap() + * that covered the whole VMA. For most mappings, we can obtain that + * information from the page tables. For COW mappings, we might now + * suddenly have anon folios mapped and follow_phys() will fail. + * + * Fallback to using vma->vm_pgoff, see remap_pfn_range_notrack(), to + * detect the PFN. If we need the cachemode as well, we're out of luck + * for now and have to fail fork(). + */ + if (!follow_phys(vma, vma->vm_start, 0, &prot, paddr)) { + if (pgprot) + *pgprot = __pgprot(prot); + return 0; + } + if (is_cow_mapping(vma->vm_flags)) { + if (pgprot) + return -EINVAL; + *paddr = (resource_size_t)vma->vm_pgoff << PAGE_SHIFT; + return 0; + } + WARN_ON_ONCE(1); + return -EINVAL; +} + /* * track_pfn_copy is called when vma that is covering the pfnmap gets * copied through copy_page_range(). @@ -957,20 +989,13 @@ static void free_pfn_range(u64 paddr, unsigned long size) int track_pfn_copy(struct vm_area_struct *vma) { resource_size_t paddr; - unsigned long prot; unsigned long vma_size = vma->vm_end - vma->vm_start; pgprot_t pgprot; if (vma->vm_flags & VM_PAT) { - /* - * reserve the whole chunk covered by vma. We need the - * starting address and protection from pte. - */ - if (follow_phys(vma, vma->vm_start, 0, &prot, &paddr)) { - WARN_ON_ONCE(1); + if (get_pat_info(vma, &paddr, &pgprot)) return -EINVAL; - } - pgprot = __pgprot(prot); + /* reserve the whole chunk covered by vma. */ return reserve_pfn_range(paddr, vma_size, &pgprot, 1); } @@ -1045,7 +1070,6 @@ void untrack_pfn(struct vm_area_struct *vma, unsigned long pfn, unsigned long size, bool mm_wr_locked) { resource_size_t paddr; - unsigned long prot; if (vma && !(vma->vm_flags & VM_PAT)) return; @@ -1053,11 +1077,8 @@ void untrack_pfn(struct vm_area_struct *vma, unsigned long pfn, /* free the chunk starting from pfn or the whole chunk */ paddr = (resource_size_t)pfn << PAGE_SHIFT; if (!paddr && !size) { - if (follow_phys(vma, vma->vm_start, 0, &prot, &paddr)) { - WARN_ON_ONCE(1); + if (get_pat_info(vma, &paddr, NULL)) return; - } - size = vma->vm_end - vma->vm_start; } free_pfn_range(paddr, size); diff --git a/mm/memory.c b/mm/memory.c index 904f70b99498..d2155ced45f8 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -5973,6 +5973,10 @@ int follow_phys(struct vm_area_struct *vma, goto out; pte = ptep_get(ptep); + /* Never return PFNs of anon folios in COW mappings. */ + if (vm_normal_folio(vma, address, pte)) + goto unlock; + if ((flags & FOLL_WRITE) && !pte_write(pte)) goto unlock;

1 year, 2 months

2
2
0 0

FAILED: Patch "virtio: reenable config if freezing device failed" failed to apply to 5.15-stable tree

by Sasha Levin

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. Thanks, Sasha ------------------ original commit in Linus's tree ------------------ From 310227f42882c52356b523e2f4e11690eebcd2ab Mon Sep 17 00:00:00 2001 From: David Hildenbrand <david(a)redhat.com> Date: Tue, 13 Feb 2024 14:54:25 +0100 Subject: [PATCH] virtio: reenable config if freezing device failed Currently, we don't reenable the config if freezing the device failed. For example, virtio-mem currently doesn't support suspend+resume, and trying to freeze the device will always fail. Afterwards, the device will no longer respond to resize requests, because it won't get notified about config changes. Let's fix this by re-enabling the config if freezing fails. Fixes: 22b7050a024d ("virtio: defer config changed notifications") Cc: <stable(a)kernel.org> Cc: "Michael S. Tsirkin" <mst(a)redhat.com> Cc: Jason Wang <jasowang(a)redhat.com> Cc: Xuan Zhuo <xuanzhuo(a)linux.alibaba.com> Signed-off-by: David Hildenbrand <david(a)redhat.com> Message-Id: <20240213135425.795001-1-david(a)redhat.com> Signed-off-by: Michael S. Tsirkin <mst(a)redhat.com> --- drivers/virtio/virtio.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/virtio/virtio.c b/drivers/virtio/virtio.c index f4080692b3513..f513ee21b1c18 100644 --- a/drivers/virtio/virtio.c +++ b/drivers/virtio/virtio.c @@ -510,8 +510,10 @@ int virtio_device_freeze(struct virtio_device *dev) if (drv && drv->freeze) { ret = drv->freeze(dev); - if (ret) + if (ret) { + virtio_config_enable(dev); return ret; + } } if (dev->config->destroy_avq) -- 2.43.0

1 year, 2 months

2
1
0 0

FAILED: Patch "virtio: reenable config if freezing device failed" failed to apply to 5.10-stable tree

by Sasha Levin

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. Thanks, Sasha ------------------ original commit in Linus's tree ------------------ From 310227f42882c52356b523e2f4e11690eebcd2ab Mon Sep 17 00:00:00 2001 From: David Hildenbrand <david(a)redhat.com> Date: Tue, 13 Feb 2024 14:54:25 +0100 Subject: [PATCH] virtio: reenable config if freezing device failed Currently, we don't reenable the config if freezing the device failed. For example, virtio-mem currently doesn't support suspend+resume, and trying to freeze the device will always fail. Afterwards, the device will no longer respond to resize requests, because it won't get notified about config changes. Let's fix this by re-enabling the config if freezing fails. Fixes: 22b7050a024d ("virtio: defer config changed notifications") Cc: <stable(a)kernel.org> Cc: "Michael S. Tsirkin" <mst(a)redhat.com> Cc: Jason Wang <jasowang(a)redhat.com> Cc: Xuan Zhuo <xuanzhuo(a)linux.alibaba.com> Signed-off-by: David Hildenbrand <david(a)redhat.com> Message-Id: <20240213135425.795001-1-david(a)redhat.com> Signed-off-by: Michael S. Tsirkin <mst(a)redhat.com> --- drivers/virtio/virtio.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/virtio/virtio.c b/drivers/virtio/virtio.c index f4080692b3513..f513ee21b1c18 100644 --- a/drivers/virtio/virtio.c +++ b/drivers/virtio/virtio.c @@ -510,8 +510,10 @@ int virtio_device_freeze(struct virtio_device *dev) if (drv && drv->freeze) { ret = drv->freeze(dev); - if (ret) + if (ret) { + virtio_config_enable(dev); return ret; + } } if (dev->config->destroy_avq) -- 2.43.0

1 year, 2 months

2
1
0 0

FAILED: Patch "virtio: reenable config if freezing device failed" failed to apply to 4.19-stable tree

by Sasha Levin

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. Thanks, Sasha ------------------ original commit in Linus's tree ------------------ From 310227f42882c52356b523e2f4e11690eebcd2ab Mon Sep 17 00:00:00 2001 From: David Hildenbrand <david(a)redhat.com> Date: Tue, 13 Feb 2024 14:54:25 +0100 Subject: [PATCH] virtio: reenable config if freezing device failed Currently, we don't reenable the config if freezing the device failed. For example, virtio-mem currently doesn't support suspend+resume, and trying to freeze the device will always fail. Afterwards, the device will no longer respond to resize requests, because it won't get notified about config changes. Let's fix this by re-enabling the config if freezing fails. Fixes: 22b7050a024d ("virtio: defer config changed notifications") Cc: <stable(a)kernel.org> Cc: "Michael S. Tsirkin" <mst(a)redhat.com> Cc: Jason Wang <jasowang(a)redhat.com> Cc: Xuan Zhuo <xuanzhuo(a)linux.alibaba.com> Signed-off-by: David Hildenbrand <david(a)redhat.com> Message-Id: <20240213135425.795001-1-david(a)redhat.com> Signed-off-by: Michael S. Tsirkin <mst(a)redhat.com> --- drivers/virtio/virtio.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/virtio/virtio.c b/drivers/virtio/virtio.c index f4080692b3513..f513ee21b1c18 100644 --- a/drivers/virtio/virtio.c +++ b/drivers/virtio/virtio.c @@ -510,8 +510,10 @@ int virtio_device_freeze(struct virtio_device *dev) if (drv && drv->freeze) { ret = drv->freeze(dev); - if (ret) + if (ret) { + virtio_config_enable(dev); return ret; + } } if (dev->config->destroy_avq) -- 2.43.0

1 year, 2 months

2
1
0 0

[PATCH 6.8 000/279] 6.8.5-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.8.5 release. There are 279 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 11 Apr 2024 17:27:40 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.8.5-rc2.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.8.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.8.5-rc2 Daniel Sneddon <daniel.sneddon(a)linux.intel.com> KVM: x86: Add BHI_NO Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Mitigate KVM by default Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Add BHI mitigation knob Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Enumerate Branch History Injection (BHI) bug Daniel Sneddon <daniel.sneddon(a)linux.intel.com> x86/bhi: Define SPEC_CTRL_BHI_DIS_S Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Add support for clearing branch history at syscall entry Linus Torvalds <torvalds(a)linux-foundation.org> x86/syscall: Don't force use of indirect calls for system calls Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Remap kernel text read-only before dropping NX attribute Ard Biesheuvel <ardb(a)kernel.org> x86/sev: Move early startup code into .head.text section Ard Biesheuvel <ardb(a)kernel.org> x86/sme: Move early SME kernel encryption handling into .head.text Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Move mem_encrypt= parsing to the decompressor Ard Biesheuvel <ardb(a)kernel.org> efi/libstub: Add generic support for parsing mem_encrypt= Andrii Nakryiko <andrii(a)kernel.org> bpf: support deferring bpf_link dealloc to after RCU grace period Andrii Nakryiko <andrii(a)kernel.org> bpf: put uprobe link's path and task in release callback Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "x86/mpparse: Register APIC address only once" Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe: Rework rebinding Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe: Use ring ops TLB invalidation for rebinds Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Enable only one CCS for compute workload Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Do not generate the command streamer for all the CCS Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Disable HW load balancing for CCS Ankit Nautiyal <ankit.k.nautiyal(a)intel.com> drm/i915/dp: Fix the computation for compressed_bpp for DISPLAY < 13 Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/mst: Reject FEC+MST on ICL Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/mst: Limit MST+DSC to TGL+ Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_network_name_deleted() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in is_valid_oplock_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_valid_lease_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_valid_oplock_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_dump_full_key() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_stats_proc_show() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_stats_proc_write() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_debug_files_proc_show() Ritvik Budhiraja <rbudhiraja(a)microsoft.com> smb3: retrying on failed server close Paulo Alcantara <pc(a)manguebit.com> smb: client: serialise cifs_construct_tcon() with cifs_mount_mutex Paulo Alcantara <pc(a)manguebit.com> smb: client: handle DFS tcons in cifs_construct_tcon() Paulo Alcantara <pc(a)manguebit.com> smb: client: refresh referral without acquiring refpath_lock Paulo Alcantara <pc(a)manguebit.com> smb: client: guarantee refcounted children from parent session Paulo Alcantara <pc(a)manguebit.com> smb: client: fix UAF in smb2_reconnect_server() Stefan O'Rear <sorear(a)fastmail.com> riscv: process: Fix kernel gp leakage Samuel Holland <samuel.holland(a)sifive.com> riscv: Fix spurious errors from __get/put_kernel_nofault Sumanth Korikkar <sumanthk(a)linux.ibm.com> s390/entry: align system call table on 8 bytes Edward Liaw <edliaw(a)google.com> selftests/mm: include strings.h for ffsl David Hildenbrand <david(a)redhat.com> mm/secretmem: fix GUP-fast succeeding on secretmem folios Mark Brown <broonie(a)kernel.org> arm64/ptrace: Use saved floating point state type to determine SVE layout Björn Töpel <bjorn(a)rivosinc.com> riscv: Fix vector state restore in rt_sigreturn() Kent Overstreet <kent.overstreet(a)linux.dev> aio: Fix null ptr deref in aio_complete() wakeup Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/ds: Don't clear ->pebs_data_cfg for the last PEBS event Jason A. Donenfeld <Jason(a)zx2c4.com> x86/coco: Require seeding RNG with RDRAND on CoCo systems Borislav Petkov (AMD) <bp(a)alien8.de> x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() David Hildenbrand <david(a)redhat.com> x86/mm/pat: fix VM_PAT handling in COW mappings Sergey Shtylyov <s.shtylyov(a)omp.ru> of: module: prevent NULL pointer dereference in vsnprintf() Herve Codina <herve.codina(a)bootlin.com> of: dynamic: Synchronize of_changeset_destroy() with the devlink removals Herve Codina <herve.codina(a)bootlin.com> driver core: Introduce device_link_wait_removal() Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda: Compensate LLP in case it is not reset Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-pcm: Correct the delay calculation Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: sof-pcm: Add pointer callback to sof_ipc_pcm_ops Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-pcm: Invalidate the stream_start_offset in PAUSED state Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-pcm: Combine the SOF_IPC4_PIPE_PAUSED cases in pcm_trigger Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-pcm: Move struct sof_ipc4_timestamp_info definition locally Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Remove the get_stream_position callback Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-pcm: Use the snd_sof_pcm_get_dai_frame_counter() for pcm_delay Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda-common-ops: Do not set the get_stream_position callback Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: Set the dai/host get frame/byte counter callbacks Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Introduce a new callback pair to be used for PCM delay reporting Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: mtl/lnl: Use the generic get_stream_position callback Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda: Implement get_stream_position (Linear Link Position) Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda-pcm: Use dsp_max_burst_size_in_ms to place constraint Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-topology: Save the DMA maximum burst size for PCMs Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Add dsp_max_burst_size_in_ms member to snd_sof_pcm_stream Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: hold io_buffer_list reference over mmap Jens Axboe <axboe(a)kernel.dk> io_uring: use private workqueue for exit work Jens Axboe <axboe(a)kernel.dk> io_uring/rw: don't allow multishot reads without NOWAIT support Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: protect io_buffer_list teardown with a reference Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: get rid of bl->is_ready Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: get rid of lower BGID lists I Gede Agastya Darma Laksana <gedeagas22(a)gmail.com> ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Luke D. Jones <luke(a)ljones.dev> ALSA: hda/realtek: cs35l41: Support ASUS ROG G634JYR Christian Bendiksen <christian(a)bendiksen.me> ALSA: hda/realtek: Add sound quirks for Lenovo Legion slim 7 16ARHA7 models Christoffer Sandberg <cs(a)tuxedo.de> ALSA: hda/realtek - Fix inactive headset mic jack Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ALSA: hda: Add pplcllpl/u members to hdac_ext_stream Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: do not set SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1 Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: validate payload size in ipc response Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: don't send oplock break if rename fails Kent Gibson <warthog618(a)gmail.com> gpio: cdev: fix missed label sanitizing in debounce_setup() Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: cdev: check for NULL labels when sanitizing them for irqs Gabe Teeger <gabe.teeger(a)amd.com> Revert "drm/amd/display: Send DTBCLK disable message on first commit" Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk Peter Collingbourne <pcc(a)google.com> stackdepot: rename pool_index to pool_index_plus_1 Oscar Salvador <osalvador(a)suse.de> lib/stackdepot: move stack_record struct definition into the header Jeff Layton <jlayton(a)kernel.org> nfsd: hold a lighter-weight client reference over CB_RECALL_ANY Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Disable preemption when using patch_map() Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix warning by declaring arch_cpu_idle() as noinstr Andreas Schwab <schwab(a)suse.de> riscv: use KERN_INFO in do_trap Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Fix a slow server-side memory leak with RPC-over-TCP Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: SOF: amd: fix for false dsp interrupts Arnd Bergmann <arnd(a)arndb.de> ata: sata_mv: Fix PCI device ID table declaration compilation warning Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Limit the reserved VM space to only the platforms that need it Nikita Travkin <nikita(a)trvn.ru> thermal: gov_power_allocator: Allow binding without trip points Nikita Travkin <nikita(a)trvn.ru> thermal: gov_power_allocator: Allow binding without cooling devices Thomas Richter <tmricht(a)linux.ibm.com> s390/pai: fix sampling event removal for PMU device driver Huai-Yuan Liu <qq810974084(a)gmail.com> spi: mchp-pci1xxx: Fix a possible null pointer dereference in pci1xxx_spi_probe David Howells <dhowells(a)redhat.com> cifs: Fix caching to try to do open O_WRONLY as rdwr on server Imre Deak <imre.deak(a)intel.com> drm/i915/dp: Fix DSC state HW readout for SST connectors Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> Revert "ALSA: emu10k1: fix synthesizer sample playback position and caching" Li Nan <linan122(a)huawei.com> scsi: sd: Unregister device if device_add_disk() failed in sd_probe() Arnd Bergmann <arnd(a)arndb.de> scsi: mylex: Fix sysfs buffer lengths Arnd Bergmann <arnd(a)arndb.de> ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit Richard Fitzgerald <rf(a)opensource.cirrus.com> regmap: maple: Fix uninitialized symbol 'ret' warnings Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: amd: acp: fix for acp_init function error handling Jaewon Kim <jaewon02.kim(a)samsung.com> spi: s3c64xx: Use DMA mode from fifo size Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: determine the fifo depth only once Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: allow full FIFO masks Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: define a magic value Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: remove else after return Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: explicitly include <linux/bits.h> Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: sort headers alphabetically Sam Protsenko <semen.protsenko(a)linaro.org> spi: s3c64xx: Extract FIFO depth calculation to a dedicated macro Stephen Lee <slee08177(a)gmail.com> ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt722-sdca-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt712-sdca-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdca: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt5682-sdw: fix locking sequence Rob Clark <robdclark(a)chromium.org> drm/prime: Unbreak virtgpu dma-buf export Dave Airlie <airlied(a)redhat.com> nouveau/uvmm: fix addr/range calcs for remap operations Christian Hewitt <christianshewitt(a)gmail.com> drm/panfrost: fix power transition timeout warnings Simon Trimmer <simont(a)opensource.cirrus.com> ALSA: hda: cs35l56: Add ACPI device match tables Richard Fitzgerald <rf(a)opensource.cirrus.com> regmap: maple: Fix cache corruption in regcache_maple_drop() Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: amd: acp: fix for acp pdm configuration check Victor Isaev <victor(a)torrio.net> RISC-V: Update AT_VECTOR_SIZE_ARCH for new AT_MINSIGSTKSZ Christian Brauner <brauner(a)kernel.org> block: count BLK_OPEN_RESTRICT_WRITES openers Pu Lehui <pulehui(a)huawei.com> drivers/perf: riscv: Disable PERF_SAMPLE_BRANCH_* while not supported Vladimir Isaev <vladimir.isaev(a)syntacore.com> riscv: hwprobe: do not produce frtace relocation Samuel Holland <samuel.holland(a)sifive.com> riscv: mm: Fix prototype to avoid discarding const Charles Keepax <ckeepax(a)opensource.cirrus.com> ASoC: cs42l43: Correct extraction of data pointer in suspend/resume Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: wm_adsp: Fix missing mutex_lock in wm_adsp_write_ctl() Dominique Martinet <asmadeus(a)codewreck.org> 9p: Fix read/write debug statements to report server reply Davide Caratti <dcaratti(a)redhat.com> mptcp: don't account accept() of non-MPC client as fallback to TCP Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: use += operator to append strings Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: connect: fix shellcheck warnings Ashish Kalra <ashish.kalra(a)amd.com> KVM: SVM: Add support for allowing zero SEV ASIDs Sean Christopherson <seanjc(a)google.com> KVM: SVM: Use unsigned integers when dealing with ASIDs Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always update error counters Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always process TX descriptor ring Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> net: ravb: Let IP-specific receive function to interrogate descriptors Guenter Roeck <linux(a)roeck-us.net> mean_and_variance: Drop always failing tests Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: move force SMBUS from enable ulp function to avoid PHY loss issue Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: Minor flow correction in e1000_shutdown function Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Flush GFXOFF requests in prepare stage Ivan Vecera <ivecera(a)redhat.com> i40e: Enforce software interrupt during busy-poll exit Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix vf may be used uninitialized in this function warning Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix i40e_count_filters() to count only active/new filters Aleksandr Mishin <amishin(a)t-argos.ru> octeontx2-af: Add array index check Su Hui <suhui(a)nfschina.com> octeontx2-pf: check negative error code in otx2_open() Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: Fix issue with loading coalesced KPU profiles Antoine Tenart <atenart(a)kernel.org> udp: prevent local UDP tunnel packets from being GROed Antoine Tenart <atenart(a)kernel.org> udp: do not transition UDP GRO fraglist partial checksums to unnecessary Antoine Tenart <atenart(a)kernel.org> udp: do not accept non-tunnel GSO skbs landing in a tunnel Atlas Yu <atlas.yu(a)canonical.com> r8169: skip DASH fw status checks when DASH is disabled David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop interface during shutdown Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Fix infinite recursion in fib6_dump_done(). Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: Workaround for sporadic MDI error on Meteor Lake systems Duoming Zhou <duoming(a)zju.edu.cn> ax25: fix use-after-free bugs caused by ax25_ds_del_timer Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses. Jakub Kicinski <kuba(a)kernel.org> selftests: reuseaddr_conflict: add missing new line at the end of the output Eric Dumazet <edumazet(a)google.com> erspan: make sure erspan_base_hdr is present in skb->head Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Fix bind() regression for v6-only wildcard and v4-mapped-v6 non-wildcard addresses. Ivan Vecera <ivecera(a)redhat.com> i40e: Fix VF MAC filter removal Petr Oros <poros(a)redhat.com> ice: fix enabling RX VLAN filtering Joshua Hay <joshua.a.hay(a)intel.com> idpf: fix kernel panic on unknown packet types Antoine Tenart <atenart(a)kernel.org> gro: fix ownership transfer Antoine Tenart <atenart(a)kernel.org> selftests: net: gro fwd: update vxlan GRO test expectations Michael Krummsdorf <michael.krummsdorf(a)tq-group.com> net: dsa: mv88e6xxx: fix usable ports on 88e6020 Aleksandr Mishin <amishin(a)t-argos.ru> net: phy: micrel: Fix potential null pointer dereference Wei Fang <wei.fang(a)nxp.com> net: fec: Set mac_managed_pm during probe Duanqiang Wen <duanqiangwen(a)net-swift.com> net: txgbe: fix i2c dev name cannot match clkdev Horatiu Vultur <horatiu.vultur(a)microchip.com> net: phy: micrel: lan8814: Fix when enabling/disabling 1-step timestamping Piotr Wejman <piotrwejman90(a)gmail.com> net: stmmac: fix rx queue priority assignment Eric Dumazet <edumazet(a)google.com> net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net: dsa: sja1105: Fix parameters order in sja1110_pcs_mdio_write_c45() Eric Dumazet <edumazet(a)google.com> net/sched: act_skbmod: prevent kernel-infoleak Will Deacon <will(a)kernel.org> KVM: arm64: Ensure target address is granule-aligned for range TLBI Will Deacon <will(a)kernel.org> KVM: arm64: Use TLBI_TTL_UNKNOWN in __kvm_tlb_flush_vmid_range() Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO Paolo Abeni <pabeni(a)redhat.com> mptcp: prevent BPF accessing lowat from a subflow socket. Jakub Sitnicki <jakub(a)cloudflare.com> bpf, sockmap: Prevent lock inversion deadlock in map delete elem Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> vboxsf: Avoid an spurious warning if load_nls_xxx() fails Eric Dumazet <edumazet(a)google.com> netfilter: validate user input for expected length Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: discard table flag update with pending basechain deletion Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: flush pending destroy work before exit_net release Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject new basechain after table flag update Marco Pinna <marco.pinn95(a)gmail.com> vsock/virtio: fix packet delivery to tap device Haiyang Zhang <haiyangz(a)microsoft.com> net: mana: Fix Rx DMA datasize and skb_over_panic Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> net: usb: ax88179_178a: avoid the interface always configured as random address Mahmoud Adam <mngyadam(a)amazon.com> net/rds: fix possible cp null dereference Jesper Dangaard Brouer <hawk(a)kernel.org> xen-netfront: Add missing skb_mark_for_recycle Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: join: fix dev in check_endpoint Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: release batch on table validation from abort path Bastien Nocera <hadess(a)hadess.net> Bluetooth: Fix TOCTOU in HCI debugfs implementation Hui Wang <hui.wang(a)canonical.com> Bluetooth: hci_event: set the conn encrypted before conn establishes Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: add quirk for broken address properties Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix device-address endianness Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken Johan Hovold <johan+linaro(a)kernel.org> Revert "Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT" Uros Bizjak <ubizjak(a)gmail.com> x86/bpf: Fix IP after emitting call depth accounting Sean Christopherson <seanjc(a)google.com> x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word Sandipan Das <sandipan.das(a)amd.com> x86/cpufeatures: Add new word for scattered features Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d Christian Göttsche <cgzones(a)googlemail.com> selinux: avoid dereference of garbage after mount failure Wujie Duan <wjduan(a)linx-info.com> KVM: arm64: Fix out-of-IPA space translation fault handling Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Fix host-programmed guest events in nVHE Anup Patel <apatel(a)ventanamicro.com> RISC-V: KVM: Fix APLIC in_clrip[x] read emulation Anup Patel <apatel(a)ventanamicro.com> RISC-V: KVM: Fix APLIC setipnum_le/be write emulation Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: cdev: sanitize the label before requesting the interrupt Ingo Molnar <mingo(a)kernel.org> Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Peter Xu <peterx(a)redhat.com> mm/treewide: replace pud_large() with pud_leaf() Arnd Bergmann <arnd(a)arndb.de> kbuild: make -Woverride-init warnings more consistent Masahiro Yamada <masahiroy(a)kernel.org> modpost: do not make find_tosym() return NULL Arnd Bergmann <arnd(a)arndb.de> dm integrity: fix out-of-range warning José Roberto de Souza <jose.souza(a)intel.com> drm/i915: Do not print 'pxp init failed with 0' when it succeed Tejas Upadhyay <tejas.upadhyay(a)intel.com> drm/i915/mtl: Update workaround 14018575942 Matt Roper <matthew.d.roper(a)intel.com> drm/i915/xelpg: Extend some workarounds/tuning to gfx version 12.74 Juha-Pekka Heikkila <juhapekka.heikkila(a)gmail.com> drm/i915/display: Disable AuxCCS framebuffers if built for Xe Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Stop doing double audio enable/disable on SDVO and g4x+ DP Florian Westphal <fw(a)strlen.de> inet: inet_defrag: prevent sk release while still in use Hariprasad Kelam <hkelam(a)marvell.com> Octeontx2-af: fix pause frame configuration in GMP mode Raju Lakkaraju <Raju.Lakkaraju(a)microchip.com> net: lan743x: Add set RFE read fifo threshold for PCI1x1x chips Justin Chen <justin.chen(a)broadcom.com> net: bcmasp: Bring up unimac after PHY link up Jason Gunthorpe <jgg(a)ziepe.ca> iommu: Validate the PASID in iommu_attach_device_pasid() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: skip netdev hook unregistration if table is dormant Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject table flag and netdev basechain updates Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject destroy command to remove basechain hooks David Howells <dhowells(a)redhat.com> cifs: Fix duplicate fscache cookie warnings Andrei Matei <andreimatei1(a)gmail.com> bpf: Protect against int overflow for stack access size Taimur Hassan <syed.hassan(a)amd.com> drm/amd/display: Send DTBCLK disable message on first commit Charlene Liu <charlene.liu(a)amd.com> drm/amd/display: Update P010 scaling cap David Thompson <davthompson(a)nvidia.com> mlxbf_gige: call request_irq() after NAPI initialized Sabrina Dubroca <sd(a)queasysnail.net> tls: get psock ref after taking rxlock to avoid leak Sabrina Dubroca <sd(a)queasysnail.net> tls: adjust recv return with async crypto and failed copy to userspace Sabrina Dubroca <sd(a)queasysnail.net> tls: recv: process_rx_list shouldn't use an offset with kvec Jian Shen <shenjian15(a)huawei.com> net: hns3: mark unexcuted loopback test result as UNEXECUTED Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix kernel crash when devlink reload during pf initialization Jie Wang <wangjie125(a)huawei.com> net: hns3: fix index limit to support all queue stats Nikita Kiryushin <kiryushin(a)ancud.ru> ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: Fix debug messaging in gpiod_find_and_request() Ido Schimmel <idosch(a)nvidia.com> selftests: vxlan_mdb: Fix failures with old libnet Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Remove AR30 and AB30 format support Bjørn Mork <bjorn(a)mork.no> net: wwan: t7xx: Split 64bit accesses to fix alignment issues Eric Dumazet <edumazet(a)google.com> tcp: properly terminate timers for kernel sockets Ravi Gunasekaran <r-gunasekaran(a)ti.com> net: hsr: hsr_slave: Fix the promiscuous mode in offload mode Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: handle deferred cc1 Prasad Pandit <pjp(a)fedoraproject.org> dpll: indent DPLL option type by a tab Matthew Auld <matthew.auld(a)intel.com> drm/xe/device: fix XE_MAX_TILES_PER_DEVICE check Matthew Auld <matthew.auld(a)intel.com> drm/xe/device: fix XE_MAX_GT_PER_TILE check Matthew Auld <matthew.auld(a)intel.com> drm/xe/queue: fix engine_class bounds check Matthew Auld <matthew.auld(a)intel.com> drm/xe/guc_submit: use jiffies for job timeout Brian Welty <brian.welty(a)intel.com> drm/xe: Add exec_queue.sched_props.job_timeout_ms Nirmoy Das <nirmoy.das(a)intel.com> drm/xe: Remove unused xe_bo->props struct Kurt Kanzenbach <kurt(a)linutronix.de> igc: Remove stale comment about Tx timestamping Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() Jesse Brandeburg <jesse.brandeburg(a)intel.com> ice: fix memory corruption bug with suspend and rebuild Steven Zou <steven.zou(a)intel.com> ice: Refactor FW data type and fix bitmap casting issue Simon Trimmer <simont(a)opensource.cirrus.com> ALSA: hda: cs35l56: Set the init_done flag before component_add() Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: mvm: include link ID when releasing frames Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: rfi: fix potential response leaks Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: pick the version of SESSION_PROTECTION_NOTIF David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop PHY during open() error paths Jakub Kicinski <kuba(a)kernel.org> tools: ynl: fix setting presence bits in simple nests Jan Kara <jack(a)suse.cz> nfsd: Fix error cleanup path in nfsd_rename() Ryosuke Yasuoka <ryasuoka(a)redhat.com> nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Artem Savkov <asavkov(a)redhat.com> arm64: bpf: fix 32bit unconditional bswap Pavel Sakharov <p.sakharov(a)ispras.ru> dma-buf: Fix NULL pointer dereference in sanitycheck() Puranjay Mohan <puranjay12(a)gmail.com> bpf, arm64: fix bug in BPF_LDX_MEMSX Ilya Leoshkevich <iii(a)linux.ibm.com> s390/bpf: Fix bpf_plt pointer arithmetic Stanislav Fomichev <sdf(a)google.com> xsk: Don't assume metadata is always requested in TX completion Hangbin Liu <liuhangbin(a)gmail.com> scripts/bpf_doc: Use silent mode when exec make cmd ------------- Diffstat: Documentation/admin-guide/hw-vuln/spectre.rst | 48 ++++- Documentation/admin-guide/kernel-parameters.txt | 12 ++ Makefile | 4 +- arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 2 + arch/arm64/kernel/ptrace.c | 5 +- arch/arm64/kvm/hyp/nvhe/tlb.c | 3 +- arch/arm64/kvm/hyp/pgtable.c | 11 +- arch/arm64/kvm/hyp/vhe/tlb.c | 3 +- arch/arm64/kvm/mmu.c | 2 +- arch/arm64/net/bpf_jit_comp.c | 4 +- arch/powerpc/mm/book3s64/pgtable.c | 2 +- arch/riscv/include/asm/uaccess.h | 4 +- arch/riscv/include/uapi/asm/auxvec.h | 2 +- arch/riscv/kernel/patch.c | 8 + arch/riscv/kernel/process.c | 5 +- arch/riscv/kernel/signal.c | 15 +- arch/riscv/kernel/traps.c | 2 +- arch/riscv/kernel/vdso/Makefile | 1 + arch/riscv/kvm/aia_aplic.c | 37 +++- arch/riscv/mm/tlbflush.c | 4 +- arch/s390/boot/vmem.c | 2 +- arch/s390/include/asm/pgtable.h | 4 +- arch/s390/kernel/entry.S | 1 + arch/s390/kernel/perf_pai_crypto.c | 10 +- arch/s390/kernel/perf_pai_ext.c | 10 +- arch/s390/mm/gmap.c | 2 +- arch/s390/mm/hugetlbpage.c | 4 +- arch/s390/mm/pageattr.c | 2 +- arch/s390/mm/pgtable.c | 2 +- arch/s390/mm/vmem.c | 6 +- arch/s390/net/bpf_jit_comp.c | 46 ++--- arch/sparc/mm/init_64.c | 2 +- arch/x86/Kconfig | 25 +++ arch/x86/boot/compressed/Makefile | 2 +- arch/x86/boot/compressed/misc.c | 16 ++ arch/x86/boot/compressed/sev.c | 3 + arch/x86/coco/core.c | 41 +++++ arch/x86/entry/common.c | 10 +- arch/x86/entry/entry_64.S | 61 ++++++ arch/x86/entry/entry_64_compat.S | 16 ++ arch/x86/entry/syscall_32.c | 21 ++- arch/x86/entry/syscall_64.c | 19 +- arch/x86/entry/syscall_x32.c | 10 +- arch/x86/events/intel/ds.c | 8 +- arch/x86/include/asm/boot.h | 1 + arch/x86/include/asm/coco.h | 2 + arch/x86/include/asm/cpufeature.h | 8 +- arch/x86/include/asm/cpufeatures.h | 14 +- arch/x86/include/asm/disabled-features.h | 3 +- arch/x86/include/asm/mem_encrypt.h | 8 +- arch/x86/include/asm/msr-index.h | 9 +- arch/x86/include/asm/nospec-branch.h | 17 ++ arch/x86/include/asm/required-features.h | 3 +- arch/x86/include/asm/sev.h | 10 +- arch/x86/include/asm/syscall.h | 11 +- arch/x86/include/uapi/asm/bootparam.h | 1 + arch/x86/kernel/cpu/bugs.c | 121 ++++++++++-- arch/x86/kernel/cpu/common.c | 24 ++- arch/x86/kernel/cpu/mce/core.c | 4 +- arch/x86/kernel/cpu/scattered.c | 1 + arch/x86/kernel/mpparse.c | 10 +- arch/x86/kernel/setup.c | 2 + arch/x86/kernel/sev-shared.c | 23 +-- arch/x86/kernel/sev.c | 14 +- arch/x86/kvm/mmu/mmu.c | 2 +- arch/x86/kvm/reverse_cpuid.h | 5 +- arch/x86/kvm/svm/sev.c | 45 +++-- arch/x86/kvm/trace.h | 10 +- arch/x86/kvm/vmx/vmenter.S | 2 + arch/x86/kvm/x86.c | 2 +- arch/x86/lib/Makefile | 13 -- arch/x86/lib/retpoline.S | 6 +- arch/x86/mm/fault.c | 4 +- arch/x86/mm/ident_map.c | 23 +-- arch/x86/mm/init_64.c | 4 +- arch/x86/mm/kasan_init_64.c | 2 +- arch/x86/mm/mem_encrypt_identity.c | 76 +++----- arch/x86/mm/pat/memtype.c | 49 +++-- arch/x86/mm/pat/set_memory.c | 6 +- arch/x86/mm/pgtable.c | 2 +- arch/x86/mm/pti.c | 2 +- arch/x86/net/bpf_jit_comp.c | 2 +- arch/x86/power/hibernate.c | 2 +- arch/x86/xen/mmu_pv.c | 4 +- block/bdev.c | 6 +- drivers/acpi/acpica/dbnames.c | 8 +- drivers/ata/sata_mv.c | 63 ++++--- drivers/ata/sata_sx4.c | 6 +- drivers/base/core.c | 26 ++- drivers/base/regmap/regcache-maple.c | 6 +- drivers/bluetooth/btqca.c | 8 +- drivers/bluetooth/hci_qca.c | 19 +- drivers/dma-buf/st-dma-fence-chain.c | 6 +- drivers/dpll/Kconfig | 2 +- drivers/firmware/efi/libstub/efi-stub-helper.c | 8 + drivers/firmware/efi/libstub/efistub.h | 2 +- drivers/firmware/efi/libstub/x86-stub.c | 14 +- drivers/gpio/gpiolib-cdev.c | 58 +++++- drivers/gpio/gpiolib.c | 31 ++-- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 + .../amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 25 ++- drivers/gpu/drm/amd/display/dc/dce110/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dce112/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dce120/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dce60/Makefile | 2 +- drivers/gpu/drm/amd/display/dc/dce80/Makefile | 2 +- .../amd/display/dc/resource/dcn35/dcn35_resource.c | 2 +- drivers/gpu/drm/drm_prime.c | 7 +- drivers/gpu/drm/i915/Makefile | 7 +- drivers/gpu/drm/i915/display/g4x_dp.c | 2 - .../gpu/drm/i915/display/intel_display_device.h | 1 + drivers/gpu/drm/i915/display/intel_dp.c | 9 +- drivers/gpu/drm/i915/display/intel_dp_mst.c | 2 +- drivers/gpu/drm/i915/display/intel_sdvo.c | 4 - drivers/gpu/drm/i915/display/skl_universal_plane.c | 3 + drivers/gpu/drm/i915/gt/gen8_engine_cs.c | 4 +- drivers/gpu/drm/i915/gt/gen8_ppgtt.c | 3 + drivers/gpu/drm/i915/gt/intel_engine_cs.c | 17 ++ drivers/gpu/drm/i915/gt/intel_gt.c | 6 + drivers/gpu/drm/i915/gt/intel_gt.h | 9 +- drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c | 39 ++++ drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h | 13 ++ drivers/gpu/drm/i915/gt/intel_gt_regs.h | 6 + drivers/gpu/drm/i915/gt/intel_workarounds.c | 55 ++++-- drivers/gpu/drm/i915/i915_driver.c | 2 +- drivers/gpu/drm/i915/i915_perf.c | 2 +- drivers/gpu/drm/nouveau/nouveau_uvmm.c | 6 +- drivers/gpu/drm/panfrost/panfrost_gpu.c | 6 +- drivers/gpu/drm/rockchip/rockchip_vop2_reg.c | 2 - drivers/gpu/drm/xe/Makefile | 4 +- drivers/gpu/drm/xe/xe_bo.c | 59 +----- drivers/gpu/drm/xe/xe_bo_types.h | 19 -- drivers/gpu/drm/xe/xe_device.h | 4 +- drivers/gpu/drm/xe/xe_exec.c | 31 +--- drivers/gpu/drm/xe/xe_exec_queue.c | 4 +- drivers/gpu/drm/xe/xe_exec_queue_types.h | 7 + drivers/gpu/drm/xe/xe_guc_submit.c | 2 +- drivers/gpu/drm/xe/xe_pt.c | 8 +- drivers/gpu/drm/xe/xe_ring_ops.c | 11 +- drivers/gpu/drm/xe/xe_sched_job.c | 10 + drivers/gpu/drm/xe/xe_sched_job_types.h | 2 + drivers/gpu/drm/xe/xe_vm.c | 27 +-- drivers/gpu/drm/xe/xe_vm.h | 2 +- drivers/gpu/drm/xe/xe_vm_types.h | 8 +- drivers/iommu/iommu.c | 11 +- drivers/md/dm-integrity.c | 2 +- drivers/net/dsa/mv88e6xxx/chip.c | 6 +- drivers/net/dsa/sja1105/sja1105_mdio.c | 2 +- drivers/net/ethernet/broadcom/asp2/bcmasp_intf.c | 28 ++- drivers/net/ethernet/freescale/fec_main.c | 11 +- .../hns3/hns3_common/hclge_comm_tqp_stats.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 19 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 4 + drivers/net/ethernet/intel/e1000e/hw.h | 2 + drivers/net/ethernet/intel/e1000e/ich8lan.c | 38 ++-- drivers/net/ethernet/intel/e1000e/netdev.c | 24 ++- drivers/net/ethernet/intel/e1000e/phy.c | 184 +++++++++++------- drivers/net/ethernet/intel/e1000e/phy.h | 2 + drivers/net/ethernet/intel/i40e/i40e.h | 1 + drivers/net/ethernet/intel/i40e/i40e_main.c | 13 +- drivers/net/ethernet/intel/i40e/i40e_register.h | 3 + drivers/net/ethernet/intel/i40e/i40e_txrx.c | 82 ++++++--- drivers/net/ethernet/intel/i40e/i40e_txrx.h | 1 + drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 45 +++-- drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 3 +- drivers/net/ethernet/intel/ice/ice_lag.c | 4 +- drivers/net/ethernet/intel/ice/ice_lib.c | 18 +- drivers/net/ethernet/intel/ice/ice_switch.c | 24 ++- drivers/net/ethernet/intel/ice/ice_switch.h | 4 +- .../net/ethernet/intel/ice/ice_vf_vsi_vlan_ops.c | 18 +- drivers/net/ethernet/intel/idpf/idpf_txrx.c | 4 +- drivers/net/ethernet/intel/igc/igc_main.c | 4 - drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 16 +- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 + .../net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 2 + .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 2 +- .../net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 2 +- .../ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c | 31 +++- drivers/net/ethernet/microchip/lan743x_main.c | 18 ++ drivers/net/ethernet/microchip/lan743x_main.h | 4 + drivers/net/ethernet/microsoft/mana/mana_en.c | 2 +- drivers/net/ethernet/realtek/r8169_main.c | 40 +++- drivers/net/ethernet/renesas/ravb_main.c | 33 ++-- drivers/net/ethernet/renesas/sh_eth.c | 2 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 +++- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 38 +++- drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c | 8 +- drivers/net/phy/micrel.c | 31 +++- drivers/net/usb/ax88179_178a.c | 2 + drivers/net/wireless/intel/iwlwifi/mvm/rfi.c | 8 +- drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 20 +- .../net/wireless/intel/iwlwifi/mvm/time-event.c | 5 +- drivers/net/wwan/t7xx/t7xx_cldma.c | 4 +- drivers/net/wwan/t7xx/t7xx_hif_cldma.c | 9 +- drivers/net/wwan/t7xx/t7xx_pcie_mac.c | 8 +- drivers/net/xen-netfront.c | 1 + drivers/of/dynamic.c | 12 ++ drivers/of/module.c | 8 + drivers/perf/riscv_pmu.c | 4 + drivers/pinctrl/aspeed/Makefile | 2 +- drivers/s390/net/qeth_core_main.c | 38 +++- drivers/scsi/myrb.c | 20 +- drivers/scsi/myrs.c | 24 +-- drivers/scsi/sd.c | 2 +- drivers/spi/spi-pci1xxxx.c | 2 + drivers/spi/spi-s3c64xx.c | 80 +++++--- drivers/thermal/gov_power_allocator.c | 14 +- fs/aio.c | 2 +- fs/bcachefs/mean_and_variance_test.c | 28 +-- fs/nfsd/nfs4state.c | 7 +- fs/nfsd/vfs.c | 3 +- fs/proc/Makefile | 2 +- fs/smb/client/cached_dir.c | 6 +- fs/smb/client/cifs_debug.c | 6 + fs/smb/client/cifsfs.c | 11 ++ fs/smb/client/cifsglob.h | 19 +- fs/smb/client/cifsproto.h | 20 +- fs/smb/client/connect.c | 157 ++++++++++------ fs/smb/client/dfs.c | 51 +++-- fs/smb/client/dfs.h | 33 ++-- fs/smb/client/dfs_cache.c | 53 +++--- fs/smb/client/dir.c | 15 ++ fs/smb/client/file.c | 111 +++++++++-- fs/smb/client/fs_context.c | 6 +- fs/smb/client/fs_context.h | 12 ++ fs/smb/client/fscache.c | 16 +- fs/smb/client/fscache.h | 6 + fs/smb/client/inode.c | 2 + fs/smb/client/ioctl.c | 6 +- fs/smb/client/misc.c | 8 +- fs/smb/client/smb1ops.c | 4 +- fs/smb/client/smb2misc.c | 4 + fs/smb/client/smb2ops.c | 11 +- fs/smb/client/smb2pdu.c | 2 +- fs/smb/server/ksmbd_netlink.h | 3 +- fs/smb/server/mgmt/share_config.c | 7 +- fs/smb/server/smb2ops.c | 10 +- fs/smb/server/smb2pdu.c | 3 +- fs/smb/server/transport_ipc.c | 37 ++++ fs/vboxsf/super.c | 3 +- include/kvm/arm_pmu.h | 2 +- include/linux/bpf.h | 16 +- include/linux/device.h | 1 + include/linux/io_uring_types.h | 1 - include/linux/secretmem.h | 4 +- include/linux/skbuff.h | 7 +- include/linux/stackdepot.h | 46 +++++ include/linux/udp.h | 28 +++ include/net/bluetooth/hci.h | 9 + include/net/inet_connection_sock.h | 1 + include/net/mana/mana.h | 1 - include/net/sock.h | 7 + include/net/xdp_sock.h | 2 + include/sound/hdaudio_ext.h | 3 + io_uring/io_uring.c | 18 +- io_uring/kbuf.c | 116 ++++-------- io_uring/kbuf.h | 8 +- io_uring/rw.c | 9 +- kernel/bpf/Makefile | 2 +- kernel/bpf/syscall.c | 35 +++- kernel/bpf/verifier.c | 5 + kernel/trace/bpf_trace.c | 10 +- lib/stackdepot.c | 47 +---- mm/Makefile | 3 +- mm/memory.c | 4 + net/9p/client.c | 10 +- net/ax25/ax25_dev.c | 2 +- net/bluetooth/hci_debugfs.c | 64 ++++--- net/bluetooth/hci_event.c | 25 +++ net/bluetooth/hci_sync.c | 5 +- net/bridge/netfilter/ebtables.c | 6 + net/core/gro.c | 3 +- net/core/sock_map.c | 6 + net/hsr/hsr_slave.c | 3 +- net/ipv4/inet_connection_sock.c | 44 ++++- net/ipv4/inet_fragment.c | 70 +++++-- net/ipv4/ip_fragment.c | 2 +- net/ipv4/ip_gre.c | 5 + net/ipv4/netfilter/arp_tables.c | 4 + net/ipv4/netfilter/ip_tables.c | 4 + net/ipv4/tcp.c | 2 + net/ipv4/udp.c | 7 + net/ipv4/udp_offload.c | 23 ++- net/ipv6/ip6_fib.c | 14 +- net/ipv6/ip6_gre.c | 3 + net/ipv6/netfilter/ip6_tables.c | 4 + net/ipv6/netfilter/nf_conntrack_reasm.c | 2 +- net/ipv6/udp.c | 2 +- net/ipv6/udp_offload.c | 8 +- net/mptcp/protocol.c | 2 - net/mptcp/sockopt.c | 4 + net/mptcp/subflow.c | 2 + net/netfilter/nf_tables_api.c | 92 +++++++-- net/nfc/nci/core.c | 5 + net/rds/rdma.c | 2 +- net/sched/act_skbmod.c | 10 +- net/sched/sch_api.c | 2 +- net/sunrpc/svcsock.c | 10 +- net/tls/tls_sw.c | 7 +- net/vmw_vsock/virtio_transport.c | 3 +- scripts/Makefile.extrawarn | 10 +- scripts/bpf_doc.py | 4 +- scripts/mod/modpost.c | 7 +- security/selinux/selinuxfs.c | 12 +- sound/pci/emu10k1/emu10k1_callback.c | 7 +- sound/pci/hda/cs35l41_hda_property.c | 6 + sound/pci/hda/cs35l56_hda.c | 4 +- sound/pci/hda/cs35l56_hda_i2c.c | 13 +- sound/pci/hda/cs35l56_hda_spi.c | 13 +- sound/pci/hda/patch_realtek.c | 7 +- sound/soc/amd/acp/acp-pci.c | 13 +- sound/soc/codecs/cs42l43.c | 12 +- sound/soc/codecs/rt5682-sdw.c | 4 +- sound/soc/codecs/rt711-sdca-sdw.c | 4 +- sound/soc/codecs/rt711-sdw.c | 4 +- sound/soc/codecs/rt712-sdca-sdw.c | 5 +- sound/soc/codecs/rt722-sdca-sdw.c | 4 +- sound/soc/codecs/wm_adsp.c | 3 +- sound/soc/soc-ops.c | 2 +- sound/soc/sof/amd/acp.c | 8 +- sound/soc/sof/intel/hda-common-ops.c | 3 + sound/soc/sof/intel/hda-dai-ops.c | 11 ++ sound/soc/sof/intel/hda-pcm.c | 29 +++ sound/soc/sof/intel/hda-stream.c | 70 +++++++ sound/soc/sof/intel/hda.h | 6 + sound/soc/sof/intel/lnl.c | 2 - sound/soc/sof/intel/mtl.c | 14 -- sound/soc/sof/intel/mtl.h | 10 - sound/soc/sof/ipc4-pcm.c | 193 +++++++++++++++---- sound/soc/sof/ipc4-priv.h | 14 -- sound/soc/sof/ipc4-topology.c | 22 ++- sound/soc/sof/ops.h | 24 ++- sound/soc/sof/pcm.c | 8 + sound/soc/sof/sof-audio.h | 9 +- sound/soc/sof/sof-priv.h | 24 ++- tools/net/ynl/ynl-gen-c.py | 7 +- tools/testing/selftests/mm/vm_util.h | 2 +- tools/testing/selftests/net/mptcp/mptcp_connect.sh | 134 ++++++++------ tools/testing/selftests/net/mptcp/mptcp_join.sh | 34 ++-- tools/testing/selftests/net/reuseaddr_conflict.c | 2 +- tools/testing/selftests/net/test_vxlan_mdb.sh | 205 +++++++++++++-------- tools/testing/selftests/net/udpgro_fwd.sh | 10 +- 342 files changed, 3587 insertions(+), 1739 deletions(-)

1 year, 2 months

2
1
0 0

[PATCH 6.6 000/254] 6.6.26-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.26 release. There are 254 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 11 Apr 2024 17:27:40 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.26-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.26-rc2 Daniel Sneddon <daniel.sneddon(a)linux.intel.com> KVM: x86: Add BHI_NO Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Mitigate KVM by default Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Add BHI mitigation knob Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Enumerate Branch History Injection (BHI) bug Daniel Sneddon <daniel.sneddon(a)linux.intel.com> x86/bhi: Define SPEC_CTRL_BHI_DIS_S Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Add support for clearing branch history at syscall entry Linus Torvalds <torvalds(a)linux-foundation.org> x86/syscall: Don't force use of indirect calls for system calls Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file Ard Biesheuvel <ardb(a)kernel.org> x86/boot: Move mem_encrypt= parsing to the decompressor Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Remap kernel text read-only before dropping NX attribute Ard Biesheuvel <ardb(a)kernel.org> x86/sev: Move early startup code into .head.text section Ard Biesheuvel <ardb(a)kernel.org> x86/sme: Move early SME kernel encryption handling into .head.text Ard Biesheuvel <ardb(a)kernel.org> efi/libstub: Add generic support for parsing mem_encrypt= Hou Wenlong <houwenlong.hwl(a)antgroup.com> x86/head/64: Move the __head definition to <asm/init.h> Andrii Nakryiko <andrii(a)kernel.org> bpf: support deferring bpf_link dealloc to after RCU grace period Andrii Nakryiko <andrii(a)kernel.org> bpf: put uprobe link's path and task in release callback Davide Caratti <dcaratti(a)redhat.com> mptcp: don't account accept() of non-MPC client as fallback to TCP Davide Caratti <dcaratti(a)redhat.com> mptcp: don't overwrite sock_ops in mptcp_is_tcpsk() Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: connect: fix shellcheck warnings Sergey Shtylyov <s.shtylyov(a)omp.ru> of: module: prevent NULL pointer dereference in vsnprintf() Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "x86/mpparse: Register APIC address only once" Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Enable only one CCS for compute workload Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Do not generate the command streamer for all the CCS Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Disable HW load balancing for CCS Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_network_name_deleted() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in is_valid_oplock_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_valid_lease_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_valid_oplock_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_dump_full_key() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_stats_proc_show() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_stats_proc_write() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_debug_files_proc_show() Ritvik Budhiraja <rbudhiraja(a)microsoft.com> smb3: retrying on failed server close Paulo Alcantara <pc(a)manguebit.com> smb: client: serialise cifs_construct_tcon() with cifs_mount_mutex Paulo Alcantara <pc(a)manguebit.com> smb: client: handle DFS tcons in cifs_construct_tcon() Stefan O'Rear <sorear(a)fastmail.com> riscv: process: Fix kernel gp leakage Samuel Holland <samuel.holland(a)sifive.com> riscv: Fix spurious errors from __get/put_kernel_nofault Sumanth Korikkar <sumanthk(a)linux.ibm.com> s390/entry: align system call table on 8 bytes Edward Liaw <edliaw(a)google.com> selftests/mm: include strings.h for ffsl David Hildenbrand <david(a)redhat.com> mm/secretmem: fix GUP-fast succeeding on secretmem folios Mark Brown <broonie(a)kernel.org> arm64/ptrace: Use saved floating point state type to determine SVE layout Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/ds: Don't clear ->pebs_data_cfg for the last PEBS event Jason A. Donenfeld <Jason(a)zx2c4.com> x86/coco: Require seeding RNG with RDRAND on CoCo systems Borislav Petkov (AMD) <bp(a)alien8.de> x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() David Hildenbrand <david(a)redhat.com> x86/mm/pat: fix VM_PAT handling in COW mappings Herve Codina <herve.codina(a)bootlin.com> of: dynamic: Synchronize of_changeset_destroy() with the devlink removals Herve Codina <herve.codina(a)bootlin.com> driver core: Introduce device_link_wait_removal() Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: hold io_buffer_list reference over mmap Jens Axboe <axboe(a)kernel.dk> io_uring: use private workqueue for exit work Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: protect io_buffer_list teardown with a reference Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: get rid of bl->is_ready Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: get rid of lower BGID lists I Gede Agastya Darma Laksana <gedeagas22(a)gmail.com> ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Christoffer Sandberg <cs(a)tuxedo.de> ALSA: hda/realtek - Fix inactive headset mic jack Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: do not set SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1 Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: validate payload size in ipc response Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: don't send oplock break if rename fails Kent Gibson <warthog618(a)gmail.com> gpio: cdev: fix missed label sanitizing in debounce_setup() Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: cdev: check for NULL labels when sanitizing them for irqs Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk Jesse Brandeburg <jesse.brandeburg(a)intel.com> ice: fix typo in assignment Jeff Layton <jlayton(a)kernel.org> nfsd: hold a lighter-weight client reference over CB_RECALL_ANY Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Disable preemption when using patch_map() Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Fix a slow server-side memory leak with RPC-over-TCP Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: SOF: amd: fix for false dsp interrupts Arnd Bergmann <arnd(a)arndb.de> ata: sata_mv: Fix PCI device ID table declaration compilation warning Huai-Yuan Liu <qq810974084(a)gmail.com> spi: mchp-pci1xxx: Fix a possible null pointer dereference in pci1xxx_spi_probe David Howells <dhowells(a)redhat.com> cifs: Fix caching to try to do open O_WRONLY as rdwr on server Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> Revert "ALSA: emu10k1: fix synthesizer sample playback position and caching" Li Nan <linan122(a)huawei.com> scsi: sd: Unregister device if device_add_disk() failed in sd_probe() Arnd Bergmann <arnd(a)arndb.de> scsi: mylex: Fix sysfs buffer lengths Arnd Bergmann <arnd(a)arndb.de> ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit Richard Fitzgerald <rf(a)opensource.cirrus.com> regmap: maple: Fix uninitialized symbol 'ret' warnings Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: amd: acp: fix for acp_init function error handling Jaewon Kim <jaewon02.kim(a)samsung.com> spi: s3c64xx: Use DMA mode from fifo size Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: determine the fifo depth only once Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: allow full FIFO masks Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: define a magic value Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: remove else after return Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: explicitly include <linux/bits.h> Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: sort headers alphabetically Sam Protsenko <semen.protsenko(a)linaro.org> spi: s3c64xx: Extract FIFO depth calculation to a dedicated macro Stephen Lee <slee08177(a)gmail.com> ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt722-sdca-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt712-sdca-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdca: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt5682-sdw: fix locking sequence Rob Clark <robdclark(a)chromium.org> drm/prime: Unbreak virtgpu dma-buf export Dave Airlie <airlied(a)redhat.com> nouveau/uvmm: fix addr/range calcs for remap operations Christian Hewitt <christianshewitt(a)gmail.com> drm/panfrost: fix power transition timeout warnings Simon Trimmer <simont(a)opensource.cirrus.com> ALSA: hda: cs35l56: Add ACPI device match tables Richard Fitzgerald <rf(a)opensource.cirrus.com> regmap: maple: Fix cache corruption in regcache_maple_drop() Victor Isaev <victor(a)torrio.net> RISC-V: Update AT_VECTOR_SIZE_ARCH for new AT_MINSIGSTKSZ Pu Lehui <pulehui(a)huawei.com> drivers/perf: riscv: Disable PERF_SAMPLE_BRANCH_* while not supported Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: wm_adsp: Fix missing mutex_lock in wm_adsp_write_ctl() Dominique Martinet <asmadeus(a)codewreck.org> 9p: Fix read/write debug statements to report server reply Jann Horn <jannh(a)google.com> fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() Ashish Kalra <ashish.kalra(a)amd.com> KVM: SVM: Add support for allowing zero SEV ASIDs Sean Christopherson <seanjc(a)google.com> KVM: SVM: Use unsigned integers when dealing with ASIDs Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always update error counters Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always process TX descriptor ring Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> net: ravb: Let IP-specific receive function to interrogate descriptors Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: move force SMBUS from enable ulp function to avoid PHY loss issue Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: Minor flow correction in e1000_shutdown function Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: Workaround for sporadic MDI error on Meteor Lake systems Jesse Brandeburg <jesse.brandeburg(a)intel.com> intel: legacy: field get conversion Jesse Brandeburg <jesse.brandeburg(a)intel.com> intel: add bit macro includes where needed Ivan Vecera <ivecera(a)redhat.com> i40e: Remove circular header dependencies and fix headers Ivan Vecera <ivecera(a)redhat.com> i40e: Split i40e_osdep.h Ivan Vecera <ivecera(a)redhat.com> i40e: Move memory allocation structures to i40e_alloc.h Ivan Vecera <ivecera(a)redhat.com> i40e: Simplify memory allocation functions Ivan Vecera <ivecera(a)redhat.com> virtchnl: Add header dependencies Ivan Vecera <ivecera(a)redhat.com> i40e: Refactor I40E_MDIO_CLAUSE* macros Ivan Vecera <ivecera(a)redhat.com> i40e: Remove back pointer from i40e_hw structure Ivan Vecera <ivecera(a)redhat.com> i40e: Enforce software interrupt during busy-poll exit Ivan Vecera <ivecera(a)redhat.com> i40e: Remove _t suffix from enum type names Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Flush GFXOFF requests in prepare stage Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Add concept of running prepare_suspend() sequence for IP blocks Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Evict resources during PM ops prepare() callback Chris Park <chris.park(a)amd.com> drm/amd/display: Prevent crash when disable stream Dmytro Laktyushkin <dmytro.laktyushkin(a)amd.com> drm/amd/display: Fix DPSTREAM CLK on and off sequence Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: typec: ucsi: Fix race between typec_switch and role_switch Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix vf may be used uninitialized in this function warning Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix i40e_count_filters() to count only active/new filters Aleksandr Mishin <amishin(a)t-argos.ru> octeontx2-af: Add array index check Su Hui <suhui(a)nfschina.com> octeontx2-pf: check negative error code in otx2_open() Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: Fix issue with loading coalesced KPU profiles Antoine Tenart <atenart(a)kernel.org> udp: prevent local UDP tunnel packets from being GROed Antoine Tenart <atenart(a)kernel.org> udp: do not transition UDP GRO fraglist partial checksums to unnecessary Antoine Tenart <atenart(a)kernel.org> udp: do not accept non-tunnel GSO skbs landing in a tunnel Atlas Yu <atlas.yu(a)canonical.com> r8169: skip DASH fw status checks when DASH is disabled David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop interface during shutdown Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Fix infinite recursion in fib6_dump_done(). Duoming Zhou <duoming(a)zju.edu.cn> ax25: fix use-after-free bugs caused by ax25_ds_del_timer Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses. Jakub Kicinski <kuba(a)kernel.org> selftests: reuseaddr_conflict: add missing new line at the end of the output Eric Dumazet <edumazet(a)google.com> erspan: make sure erspan_base_hdr is present in skb->head Ivan Vecera <ivecera(a)redhat.com> i40e: Fix VF MAC filter removal Petr Oros <poros(a)redhat.com> ice: fix enabling RX VLAN filtering Antoine Tenart <atenart(a)kernel.org> gro: fix ownership transfer Antoine Tenart <atenart(a)kernel.org> selftests: net: gro fwd: update vxlan GRO test expectations Michael Krummsdorf <michael.krummsdorf(a)tq-group.com> net: dsa: mv88e6xxx: fix usable ports on 88e6020 Aleksandr Mishin <amishin(a)t-argos.ru> net: phy: micrel: Fix potential null pointer dereference Wei Fang <wei.fang(a)nxp.com> net: fec: Set mac_managed_pm during probe Duanqiang Wen <duanqiangwen(a)net-swift.com> net: txgbe: fix i2c dev name cannot match clkdev Horatiu Vultur <horatiu.vultur(a)microchip.com> net: phy: micrel: lan8814: Fix when enabling/disabling 1-step timestamping Piotr Wejman <piotrwejman90(a)gmail.com> net: stmmac: fix rx queue priority assignment Eric Dumazet <edumazet(a)google.com> net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net: dsa: sja1105: Fix parameters order in sja1110_pcs_mdio_write_c45() Eric Dumazet <edumazet(a)google.com> net/sched: act_skbmod: prevent kernel-infoleak Will Deacon <will(a)kernel.org> KVM: arm64: Ensure target address is granule-aligned for range TLBI Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO Jakub Sitnicki <jakub(a)cloudflare.com> bpf, sockmap: Prevent lock inversion deadlock in map delete elem Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> vboxsf: Avoid an spurious warning if load_nls_xxx() fails Eric Dumazet <edumazet(a)google.com> netfilter: validate user input for expected length Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: discard table flag update with pending basechain deletion Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: flush pending destroy work before exit_net release Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject new basechain after table flag update Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Fix the SRSO mitigation on Zen3/4 Josh Poimboeuf <jpoimboe(a)kernel.org> x86/nospec: Refactor UNTRAIN_RET[_*] Josh Poimboeuf <jpoimboe(a)kernel.org> x86/srso: Disentangle rethunk-dependent options Josh Poimboeuf <jpoimboe(a)kernel.org> x86/srso: Improve i-cache locality for alias mitigation Marco Pinna <marco.pinn95(a)gmail.com> vsock/virtio: fix packet delivery to tap device Haiyang Zhang <haiyangz(a)microsoft.com> net: mana: Fix Rx DMA datasize and skb_over_panic Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> net: usb: ax88179_178a: avoid the interface always configured as random address Mahmoud Adam <mngyadam(a)amazon.com> net/rds: fix possible cp null dereference Jesper Dangaard Brouer <hawk(a)kernel.org> xen-netfront: Add missing skb_mark_for_recycle Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: join: fix dev in check_endpoint Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: release batch on table validation from abort path Bastien Nocera <hadess(a)hadess.net> Bluetooth: Fix TOCTOU in HCI debugfs implementation Hui Wang <hui.wang(a)canonical.com> Bluetooth: hci_event: set the conn encrypted before conn establishes Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: add quirk for broken address properties Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix device-address endianness Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken Johan Hovold <johan+linaro(a)kernel.org> Revert "Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT" Uros Bizjak <ubizjak(a)gmail.com> x86/bpf: Fix IP after emitting call depth accounting Sean Christopherson <seanjc(a)google.com> x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d Christian Göttsche <cgzones(a)googlemail.com> selinux: avoid dereference of garbage after mount failure Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Fix host-programmed guest events in nVHE Anup Patel <apatel(a)ventanamicro.com> RISC-V: KVM: Fix APLIC in_clrip[x] read emulation Anup Patel <apatel(a)ventanamicro.com> RISC-V: KVM: Fix APLIC setipnum_le/be write emulation Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: cdev: sanitize the label before requesting the interrupt Masahiro Yamada <masahiroy(a)kernel.org> modpost: do not make find_tosym() return NULL Jack Brennen <jbrennen(a)google.com> modpost: Optimize symbol search from linear to binary search Sandipan Das <sandipan.das(a)amd.com> perf/x86/amd/lbr: Use freeze based on availability Sandipan Das <sandipan.das(a)amd.com> x86/cpufeatures: Add new word for scattered features Sandipan Das <sandipan.das(a)amd.com> perf/x86/amd/core: Update and fix stalled-cycles-* events for Zen 2 and later Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Add X86_FEATURE_ZEN1 Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Get rid of amd_erratum_1054[] Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Move the DIV0 bug detection to the Zen1 init function Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Move Zenbleed check to the Zen2 init function Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Move erratum 1076 fix into the Zen1 init function Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Carve out the erratum 1386 fix Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Add ZenX generations flags Filipe Manana <fdmanana(a)suse.com> btrfs: fix race when detecting delalloc ranges during fiemap Filipe Manana <fdmanana(a)suse.com> btrfs: ensure fiemap doesn't race with writes when FIEMAP_FLAG_SYNC is given Ingo Molnar <mingo(a)kernel.org> Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Peter Xu <peterx(a)redhat.com> mm/treewide: replace pud_large() with pud_leaf() Arnd Bergmann <arnd(a)arndb.de> dm integrity: fix out-of-range warning Tejas Upadhyay <tejas.upadhyay(a)intel.com> drm/i915/mtl: Update workaround 14018575942 Matt Roper <matthew.d.roper(a)intel.com> drm/i915/xelpg: Extend some workarounds/tuning to gfx version 12.74 Tejas Upadhyay <tejas.upadhyay(a)intel.com> drm/i915/mtl: Update workaround 14016712196 Matt Roper <matthew.d.roper(a)intel.com> drm/i915: Replace several IS_METEORLAKE with proper IP version checks Matt Roper <matthew.d.roper(a)intel.com> drm/i915: Eliminate IS_MTL_GRAPHICS_STEP Matt Roper <matthew.d.roper(a)intel.com> drm/i915/xelpg: Call Xe_LPG workaround functions based on IP version Matt Roper <matthew.d.roper(a)intel.com> drm/i915: Consolidate condition for Wa_22011802037 Matt Roper <matthew.d.roper(a)intel.com> drm/i915: Tidy workaround definitions Matt Roper <matthew.d.roper(a)intel.com> drm/i915/dg2: Drop pre-production GT workarounds Florian Westphal <fw(a)strlen.de> inet: inet_defrag: prevent sk release while still in use Hariprasad Kelam <hkelam(a)marvell.com> Octeontx2-af: fix pause frame configuration in GMP mode Raju Lakkaraju <Raju.Lakkaraju(a)microchip.com> net: lan743x: Add set RFE read fifo threshold for PCI1x1x chips Justin Chen <justin.chen(a)broadcom.com> net: bcmasp: Bring up unimac after PHY link up Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: skip netdev hook unregistration if table is dormant Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject table flag and netdev basechain updates Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject destroy command to remove basechain hooks David Howells <dhowells(a)redhat.com> cifs: Fix duplicate fscache cookie warnings Andrei Matei <andreimatei1(a)gmail.com> bpf: Protect against int overflow for stack access size David Thompson <davthompson(a)nvidia.com> mlxbf_gige: call request_irq() after NAPI initialized Sabrina Dubroca <sd(a)queasysnail.net> tls: get psock ref after taking rxlock to avoid leak Sabrina Dubroca <sd(a)queasysnail.net> tls: adjust recv return with async crypto and failed copy to userspace Sabrina Dubroca <sd(a)queasysnail.net> tls: recv: process_rx_list shouldn't use an offset with kvec Jian Shen <shenjian15(a)huawei.com> net: hns3: mark unexcuted loopback test result as UNEXECUTED Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix kernel crash when devlink reload during pf initialization Jie Wang <wangjie125(a)huawei.com> net: hns3: fix index limit to support all queue stats Nikita Kiryushin <kiryushin(a)ancud.ru> ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() Ido Schimmel <idosch(a)nvidia.com> selftests: vxlan_mdb: Fix failures with old libnet Bjørn Mork <bjorn(a)mork.no> net: wwan: t7xx: Split 64bit accesses to fix alignment issues Eric Dumazet <edumazet(a)google.com> tcp: properly terminate timers for kernel sockets Ravi Gunasekaran <r-gunasekaran(a)ti.com> net: hsr: hsr_slave: Fix the promiscuous mode in offload mode Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: handle deferred cc1 Kurt Kanzenbach <kurt(a)linutronix.de> igc: Remove stale comment about Tx timestamping Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() Jesse Brandeburg <jesse.brandeburg(a)intel.com> ice: fix memory corruption bug with suspend and rebuild Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> ice: realloc VSI stats arrays Steven Zou <steven.zou(a)intel.com> ice: Refactor FW data type and fix bitmap casting issue Simon Trimmer <simont(a)opensource.cirrus.com> ALSA: hda: cs35l56: Set the init_done flag before component_add() Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: mvm: include link ID when releasing frames Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: disable multi rx queue for 9000 Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: rfi: fix potential response leaks David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop PHY during open() error paths Jakub Kicinski <kuba(a)kernel.org> tools: ynl: fix setting presence bits in simple nests Ryosuke Yasuoka <ryasuoka(a)redhat.com> nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Artem Savkov <asavkov(a)redhat.com> arm64: bpf: fix 32bit unconditional bswap Pavel Sakharov <p.sakharov(a)ispras.ru> dma-buf: Fix NULL pointer dereference in sanitycheck() Puranjay Mohan <puranjay12(a)gmail.com> bpf, arm64: fix bug in BPF_LDX_MEMSX Ilya Leoshkevich <iii(a)linux.ibm.com> s390/bpf: Fix bpf_plt pointer arithmetic Hangbin Liu <liuhangbin(a)gmail.com> scripts/bpf_doc: Use silent mode when exec make cmd Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Pre-populate the cursor physical dma address Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> drm/i915/display: Use i915_gem_object_get_dma_address to get dma address ------------- Diffstat: Documentation/admin-guide/hw-vuln/spectre.rst | 48 ++- Documentation/admin-guide/kernel-parameters.txt | 12 + Makefile | 4 +- arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 2 + arch/arm64/kernel/ptrace.c | 5 +- arch/arm64/kvm/hyp/pgtable.c | 11 +- arch/arm64/net/bpf_jit_comp.c | 4 +- arch/powerpc/mm/book3s64/pgtable.c | 2 +- arch/riscv/include/asm/uaccess.h | 4 +- arch/riscv/include/uapi/asm/auxvec.h | 2 +- arch/riscv/kernel/patch.c | 8 + arch/riscv/kernel/process.c | 3 - arch/riscv/kvm/aia_aplic.c | 37 +- arch/s390/boot/vmem.c | 2 +- arch/s390/include/asm/pgtable.h | 4 +- arch/s390/kernel/entry.S | 1 + arch/s390/mm/gmap.c | 2 +- arch/s390/mm/hugetlbpage.c | 4 +- arch/s390/mm/pageattr.c | 2 +- arch/s390/mm/pgtable.c | 2 +- arch/s390/mm/vmem.c | 6 +- arch/s390/net/bpf_jit_comp.c | 46 +-- arch/sparc/mm/init_64.c | 2 +- arch/x86/Kconfig | 25 ++ arch/x86/boot/compressed/Makefile | 2 +- arch/x86/boot/compressed/misc.c | 16 + arch/x86/boot/compressed/sev.c | 3 + arch/x86/coco/core.c | 41 ++ arch/x86/entry/common.c | 10 +- arch/x86/entry/entry_64.S | 61 +++ arch/x86/entry/entry_64_compat.S | 16 + arch/x86/entry/syscall_32.c | 21 +- arch/x86/entry/syscall_64.c | 19 +- arch/x86/entry/syscall_x32.c | 10 +- arch/x86/events/amd/core.c | 24 +- arch/x86/events/amd/lbr.c | 16 +- arch/x86/events/intel/ds.c | 8 +- arch/x86/include/asm/asm-prototypes.h | 1 + arch/x86/include/asm/boot.h | 1 + arch/x86/include/asm/coco.h | 2 + arch/x86/include/asm/cpufeature.h | 8 +- arch/x86/include/asm/cpufeatures.h | 21 +- arch/x86/include/asm/disabled-features.h | 3 +- arch/x86/include/asm/init.h | 2 + arch/x86/include/asm/mem_encrypt.h | 8 +- arch/x86/include/asm/msr-index.h | 9 +- arch/x86/include/asm/nospec-branch.h | 88 +++-- arch/x86/include/asm/required-features.h | 3 +- arch/x86/include/asm/sev.h | 10 +- arch/x86/include/asm/syscall.h | 11 +- arch/x86/include/uapi/asm/bootparam.h | 1 + arch/x86/kernel/cpu/amd.c | 129 +++++-- arch/x86/kernel/cpu/bugs.c | 126 +++++- arch/x86/kernel/cpu/common.c | 24 +- arch/x86/kernel/cpu/mce/core.c | 4 +- arch/x86/kernel/cpu/scattered.c | 2 + arch/x86/kernel/head64.c | 3 +- arch/x86/kernel/mpparse.c | 10 +- arch/x86/kernel/setup.c | 2 + arch/x86/kernel/sev-shared.c | 23 +- arch/x86/kernel/sev.c | 14 +- arch/x86/kernel/vmlinux.lds.S | 7 +- arch/x86/kvm/mmu/mmu.c | 2 +- arch/x86/kvm/reverse_cpuid.h | 5 +- arch/x86/kvm/svm/sev.c | 45 ++- arch/x86/kvm/trace.h | 10 +- arch/x86/kvm/vmx/vmenter.S | 2 + arch/x86/kvm/x86.c | 2 +- arch/x86/lib/Makefile | 13 - arch/x86/lib/retpoline.S | 165 ++++---- arch/x86/mm/fault.c | 4 +- arch/x86/mm/ident_map.c | 23 +- arch/x86/mm/init_64.c | 4 +- arch/x86/mm/kasan_init_64.c | 2 +- arch/x86/mm/mem_encrypt_identity.c | 76 +--- arch/x86/mm/pat/memtype.c | 49 ++- arch/x86/mm/pat/set_memory.c | 6 +- arch/x86/mm/pgtable.c | 2 +- arch/x86/mm/pti.c | 2 +- arch/x86/net/bpf_jit_comp.c | 2 +- arch/x86/power/hibernate.c | 2 +- arch/x86/xen/mmu_pv.c | 4 +- drivers/acpi/acpica/dbnames.c | 8 +- drivers/ata/sata_mv.c | 63 ++- drivers/ata/sata_sx4.c | 6 +- drivers/base/core.c | 26 +- drivers/base/regmap/regcache-maple.c | 6 +- drivers/bluetooth/btqca.c | 8 +- drivers/bluetooth/hci_qca.c | 19 +- drivers/dma-buf/st-dma-fence-chain.c | 6 +- drivers/firmware/efi/libstub/efi-stub-helper.c | 8 + drivers/firmware/efi/libstub/efistub.h | 2 +- drivers/firmware/efi/libstub/x86-stub.c | 14 +- drivers/gpio/gpiolib-cdev.c | 58 ++- drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 43 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 10 +- .../amd/display/dc/dce110/dce110_hw_sequencer.c | 3 +- drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c | 11 +- drivers/gpu/drm/amd/include/amd_shared.h | 1 + drivers/gpu/drm/drm_prime.c | 7 +- drivers/gpu/drm/i915/Makefile | 1 + drivers/gpu/drm/i915/display/intel_cursor.c | 6 +- drivers/gpu/drm/i915/display/intel_display_types.h | 1 + drivers/gpu/drm/i915/display/intel_fb_pin.c | 10 + drivers/gpu/drm/i915/display/skl_universal_plane.c | 5 +- drivers/gpu/drm/i915/gem/i915_gem_create.c | 4 +- drivers/gpu/drm/i915/gt/gen8_engine_cs.c | 10 +- drivers/gpu/drm/i915/gt/intel_engine_cs.c | 21 +- drivers/gpu/drm/i915/gt/intel_engine_pm.c | 2 +- .../gpu/drm/i915/gt/intel_execlists_submission.c | 4 +- drivers/gpu/drm/i915/gt/intel_gt.h | 31 ++ drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c | 39 ++ drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h | 13 + drivers/gpu/drm/i915/gt/intel_gt_mcr.c | 7 +- drivers/gpu/drm/i915/gt/intel_gt_regs.h | 6 + drivers/gpu/drm/i915/gt/intel_lrc.c | 38 +- drivers/gpu/drm/i915/gt/intel_mocs.c | 23 +- drivers/gpu/drm/i915/gt/intel_rc6.c | 6 +- drivers/gpu/drm/i915/gt/intel_reset.c | 20 +- drivers/gpu/drm/i915/gt/intel_reset.h | 2 + drivers/gpu/drm/i915/gt/intel_rps.c | 2 +- drivers/gpu/drm/i915/gt/intel_workarounds.c | 422 +++++++-------------- drivers/gpu/drm/i915/gt/uc/intel_guc.c | 26 +- drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 6 +- drivers/gpu/drm/i915/i915_debugfs.c | 2 +- drivers/gpu/drm/i915/i915_drv.h | 4 - drivers/gpu/drm/i915/i915_perf.c | 11 +- drivers/gpu/drm/i915/intel_clock_gating.c | 8 - drivers/gpu/drm/nouveau/nouveau_uvmm.c | 6 +- drivers/gpu/drm/panfrost/panfrost_gpu.c | 6 +- drivers/md/dm-integrity.c | 2 +- drivers/net/dsa/mv88e6xxx/chip.c | 6 +- drivers/net/dsa/sja1105/sja1105_mdio.c | 2 +- drivers/net/ethernet/broadcom/asp2/bcmasp_intf.c | 28 +- drivers/net/ethernet/freescale/fec_main.c | 11 +- .../hns3/hns3_common/hclge_comm_tqp_stats.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 19 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 4 + drivers/net/ethernet/intel/e1000/e1000_hw.c | 46 +-- drivers/net/ethernet/intel/e1000e/80003es2lan.c | 3 +- drivers/net/ethernet/intel/e1000e/82571.c | 3 +- drivers/net/ethernet/intel/e1000e/ethtool.c | 7 +- drivers/net/ethernet/intel/e1000e/hw.h | 2 + drivers/net/ethernet/intel/e1000e/ich8lan.c | 56 +-- drivers/net/ethernet/intel/e1000e/mac.c | 2 +- drivers/net/ethernet/intel/e1000e/netdev.c | 35 +- drivers/net/ethernet/intel/e1000e/phy.c | 191 ++++++---- drivers/net/ethernet/intel/e1000e/phy.h | 2 + drivers/net/ethernet/intel/fm10k/fm10k_pf.c | 4 +- drivers/net/ethernet/intel/fm10k/fm10k_vf.c | 10 +- drivers/net/ethernet/intel/i40e/i40e.h | 63 ++- drivers/net/ethernet/intel/i40e/i40e_adminq.c | 8 +- drivers/net/ethernet/intel/i40e/i40e_adminq.h | 3 +- drivers/net/ethernet/intel/i40e/i40e_adminq_cmd.h | 2 + drivers/net/ethernet/intel/i40e/i40e_alloc.h | 24 +- drivers/net/ethernet/intel/i40e/i40e_client.c | 1 - drivers/net/ethernet/intel/i40e/i40e_common.c | 12 +- drivers/net/ethernet/intel/i40e/i40e_dcb.c | 4 +- drivers/net/ethernet/intel/i40e/i40e_dcb_nl.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_ddp.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_debug.h | 47 +++ drivers/net/ethernet/intel/i40e/i40e_debugfs.c | 3 +- drivers/net/ethernet/intel/i40e/i40e_diag.h | 5 +- drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 3 +- drivers/net/ethernet/intel/i40e/i40e_hmc.c | 16 +- drivers/net/ethernet/intel/i40e/i40e_hmc.h | 4 + drivers/net/ethernet/intel/i40e/i40e_io.h | 16 + drivers/net/ethernet/intel/i40e/i40e_lan_hmc.c | 9 +- drivers/net/ethernet/intel/i40e/i40e_lan_hmc.h | 2 + drivers/net/ethernet/intel/i40e/i40e_main.c | 70 ++-- drivers/net/ethernet/intel/i40e/i40e_nvm.c | 3 + drivers/net/ethernet/intel/i40e/i40e_osdep.h | 59 --- drivers/net/ethernet/intel/i40e/i40e_prototype.h | 4 +- drivers/net/ethernet/intel/i40e/i40e_ptp.c | 9 +- drivers/net/ethernet/intel/i40e/i40e_register.h | 5 + drivers/net/ethernet/intel/i40e/i40e_txrx.c | 89 +++-- drivers/net/ethernet/intel/i40e/i40e_txrx.h | 6 +- drivers/net/ethernet/intel/i40e/i40e_txrx_common.h | 2 + drivers/net/ethernet/intel/i40e/i40e_type.h | 54 +-- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 47 +-- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.h | 4 +- drivers/net/ethernet/intel/i40e/i40e_xsk.c | 4 - drivers/net/ethernet/intel/i40e/i40e_xsk.h | 4 + drivers/net/ethernet/intel/iavf/iavf_common.c | 3 +- drivers/net/ethernet/intel/iavf/iavf_ethtool.c | 5 +- drivers/net/ethernet/intel/iavf/iavf_fdir.c | 1 + drivers/net/ethernet/intel/iavf/iavf_txrx.c | 1 + drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 3 +- drivers/net/ethernet/intel/ice/ice_lag.c | 4 +- drivers/net/ethernet/intel/ice/ice_lib.c | 74 ++-- drivers/net/ethernet/intel/ice/ice_switch.c | 24 +- drivers/net/ethernet/intel/ice/ice_switch.h | 4 +- .../net/ethernet/intel/ice/ice_vf_vsi_vlan_ops.c | 18 +- drivers/net/ethernet/intel/igb/e1000_82575.c | 29 +- drivers/net/ethernet/intel/igb/e1000_i210.c | 19 +- drivers/net/ethernet/intel/igb/e1000_mac.c | 2 +- drivers/net/ethernet/intel/igb/e1000_nvm.c | 18 +- drivers/net/ethernet/intel/igb/e1000_phy.c | 13 +- drivers/net/ethernet/intel/igb/igb_ethtool.c | 8 +- drivers/net/ethernet/intel/igb/igb_main.c | 4 +- drivers/net/ethernet/intel/igbvf/mbx.c | 1 + drivers/net/ethernet/intel/igbvf/netdev.c | 33 +- drivers/net/ethernet/intel/igc/igc_i225.c | 1 + drivers/net/ethernet/intel/igc/igc_main.c | 4 - drivers/net/ethernet/intel/igc/igc_phy.c | 1 + drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 30 +- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 16 +- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_phy.c | 8 +- drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 8 +- drivers/net/ethernet/intel/ixgbe/ixgbe_x540.c | 8 +- drivers/net/ethernet/intel/ixgbe/ixgbe_x550.c | 19 +- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 + .../net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 2 + .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 2 +- .../net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 2 +- .../ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c | 31 +- drivers/net/ethernet/microchip/lan743x_main.c | 18 + drivers/net/ethernet/microchip/lan743x_main.h | 4 + drivers/net/ethernet/microsoft/mana/mana_en.c | 2 +- drivers/net/ethernet/realtek/r8169_main.c | 40 +- drivers/net/ethernet/renesas/ravb_main.c | 33 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 +- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 38 +- drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c | 8 +- drivers/net/phy/micrel.c | 31 +- drivers/net/usb/ax88179_178a.c | 2 + drivers/net/wireless/intel/iwlwifi/iwl-trans.h | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 4 +- drivers/net/wireless/intel/iwlwifi/mvm/rfi.c | 8 +- drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 31 +- drivers/net/wwan/t7xx/t7xx_cldma.c | 4 +- drivers/net/wwan/t7xx/t7xx_hif_cldma.c | 9 +- drivers/net/wwan/t7xx/t7xx_pcie_mac.c | 8 +- drivers/net/xen-netfront.c | 1 + drivers/of/dynamic.c | 12 + drivers/of/module.c | 8 + drivers/perf/riscv_pmu.c | 4 + drivers/s390/net/qeth_core_main.c | 38 +- drivers/scsi/myrb.c | 20 +- drivers/scsi/myrs.c | 24 +- drivers/scsi/sd.c | 2 +- drivers/spi/spi-pci1xxxx.c | 2 + drivers/spi/spi-s3c64xx.c | 80 ++-- drivers/usb/typec/ucsi/ucsi_glink.c | 14 + fs/btrfs/extent_io.c | 208 +++++++--- fs/btrfs/inode.c | 22 +- fs/nfsd/nfs4state.c | 7 +- fs/pipe.c | 17 +- fs/smb/client/cached_dir.c | 6 +- fs/smb/client/cifs_debug.c | 6 + fs/smb/client/cifsfs.c | 11 + fs/smb/client/cifsglob.h | 17 +- fs/smb/client/connect.c | 45 ++- fs/smb/client/dir.c | 15 + fs/smb/client/file.c | 111 +++++- fs/smb/client/fs_context.c | 6 +- fs/smb/client/fs_context.h | 12 + fs/smb/client/fscache.c | 16 +- fs/smb/client/fscache.h | 6 + fs/smb/client/inode.c | 2 + fs/smb/client/ioctl.c | 6 +- fs/smb/client/misc.c | 2 + fs/smb/client/smb1ops.c | 4 +- fs/smb/client/smb2misc.c | 4 + fs/smb/client/smb2ops.c | 11 +- fs/smb/client/smb2pdu.c | 2 +- fs/smb/server/ksmbd_netlink.h | 3 +- fs/smb/server/mgmt/share_config.c | 7 +- fs/smb/server/smb2ops.c | 10 +- fs/smb/server/smb2pdu.c | 3 +- fs/smb/server/transport_ipc.c | 37 ++ fs/vboxsf/super.c | 3 +- include/kvm/arm_pmu.h | 2 +- include/linux/avf/virtchnl.h | 5 + include/linux/bpf.h | 16 +- include/linux/device.h | 1 + include/linux/io_uring_types.h | 1 - include/linux/secretmem.h | 4 +- include/linux/skbuff.h | 7 +- include/linux/udp.h | 28 ++ include/net/bluetooth/hci.h | 9 + include/net/inet_connection_sock.h | 1 + include/net/mana/mana.h | 1 - include/net/sock.h | 7 + io_uring/io_uring.c | 18 +- io_uring/kbuf.c | 116 ++---- io_uring/kbuf.h | 8 +- kernel/bpf/syscall.c | 35 +- kernel/bpf/verifier.c | 5 + kernel/trace/bpf_trace.c | 10 +- mm/memory.c | 4 + net/9p/client.c | 10 +- net/ax25/ax25_dev.c | 2 +- net/bluetooth/hci_debugfs.c | 64 ++-- net/bluetooth/hci_event.c | 25 ++ net/bluetooth/hci_sync.c | 5 +- net/bridge/netfilter/ebtables.c | 6 + net/core/gro.c | 3 +- net/core/sock_map.c | 6 + net/hsr/hsr_slave.c | 3 +- net/ipv4/inet_connection_sock.c | 33 +- net/ipv4/inet_fragment.c | 70 +++- net/ipv4/ip_fragment.c | 2 +- net/ipv4/ip_gre.c | 5 + net/ipv4/netfilter/arp_tables.c | 4 + net/ipv4/netfilter/ip_tables.c | 4 + net/ipv4/tcp.c | 2 + net/ipv4/udp.c | 7 + net/ipv4/udp_offload.c | 23 +- net/ipv6/ip6_fib.c | 14 +- net/ipv6/ip6_gre.c | 3 + net/ipv6/netfilter/ip6_tables.c | 4 + net/ipv6/netfilter/nf_conntrack_reasm.c | 2 +- net/ipv6/udp.c | 2 +- net/ipv6/udp_offload.c | 8 +- net/mptcp/protocol.c | 106 ++---- net/mptcp/subflow.c | 2 + net/netfilter/nf_tables_api.c | 92 ++++- net/nfc/nci/core.c | 5 + net/rds/rdma.c | 2 +- net/sched/act_skbmod.c | 10 +- net/sched/sch_api.c | 2 +- net/sunrpc/svcsock.c | 10 +- net/tls/tls_sw.c | 7 +- net/vmw_vsock/virtio_transport.c | 3 +- scripts/bpf_doc.py | 4 +- scripts/mod/Makefile | 4 +- scripts/mod/modpost.c | 73 +--- scripts/mod/modpost.h | 25 ++ scripts/mod/symsearch.c | 199 ++++++++++ security/selinux/selinuxfs.c | 12 +- sound/pci/emu10k1/emu10k1_callback.c | 7 +- sound/pci/hda/cs35l56_hda.c | 4 +- sound/pci/hda/cs35l56_hda_i2c.c | 13 +- sound/pci/hda/cs35l56_hda_spi.c | 13 +- sound/pci/hda/patch_realtek.c | 3 +- sound/soc/amd/acp/acp-pci.c | 5 +- sound/soc/codecs/rt5682-sdw.c | 4 +- sound/soc/codecs/rt711-sdca-sdw.c | 4 +- sound/soc/codecs/rt711-sdw.c | 4 +- sound/soc/codecs/rt712-sdca-sdw.c | 5 +- sound/soc/codecs/rt722-sdca-sdw.c | 4 +- sound/soc/codecs/wm_adsp.c | 3 +- sound/soc/soc-ops.c | 2 +- sound/soc/sof/amd/acp.c | 8 +- tools/arch/x86/include/asm/cpufeatures.h | 2 +- tools/net/ynl/ynl-gen-c.py | 7 +- tools/testing/selftests/mm/vm_util.h | 2 +- tools/testing/selftests/net/mptcp/mptcp_connect.sh | 85 +++-- tools/testing/selftests/net/mptcp/mptcp_join.sh | 4 +- tools/testing/selftests/net/reuseaddr_conflict.c | 2 +- tools/testing/selftests/net/test_vxlan_mdb.sh | 205 ++++++---- tools/testing/selftests/net/udpgro_fwd.sh | 10 +- 355 files changed, 4162 insertions(+), 2344 deletions(-)

1 year, 2 months

3
2
0 0

[PATCH 6.1 000/137] 6.1.85-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.85 release. There are 137 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 11 Apr 2024 17:27:40 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.85-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.85-rc2 Daniel Sneddon <daniel.sneddon(a)linux.intel.com> KVM: x86: Add BHI_NO Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Mitigate KVM by default Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Add BHI mitigation knob Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Enumerate Branch History Injection (BHI) bug Daniel Sneddon <daniel.sneddon(a)linux.intel.com> x86/bhi: Define SPEC_CTRL_BHI_DIS_S Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Add support for clearing branch history at syscall entry Linus Torvalds <torvalds(a)linux-foundation.org> x86/syscall: Don't force use of indirect calls for system calls Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file min15.li <min15.li(a)samsung.com> nvme: fix miss command type check David Hildenbrand <david(a)redhat.com> mm/secretmem: fix GUP-fast succeeding on secretmem folios Geliang Tang <geliang.tang(a)suse.com> selftests: mptcp: display simult in extra_msg Davide Caratti <dcaratti(a)redhat.com> mptcp: don't account accept() of non-MPC client as fallback to TCP Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: join: fix dev in check_endpoint Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_network_name_deleted() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in is_valid_oplock_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_valid_lease_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_valid_oplock_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_stats_proc_show() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_stats_proc_write() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_debug_files_proc_show() Ritvik Budhiraja <rbudhiraja(a)microsoft.com> smb3: retrying on failed server close Stefan O'Rear <sorear(a)fastmail.com> riscv: process: Fix kernel gp leakage Samuel Holland <samuel.holland(a)sifive.com> riscv: Fix spurious errors from __get/put_kernel_nofault Sumanth Korikkar <sumanthk(a)linux.ibm.com> s390/entry: align system call table on 8 bytes Jason A. Donenfeld <Jason(a)zx2c4.com> x86/coco: Require seeding RNG with RDRAND on CoCo systems Borislav Petkov (AMD) <bp(a)alien8.de> x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() David Hildenbrand <david(a)redhat.com> x86/mm/pat: fix VM_PAT handling in COW mappings Herve Codina <herve.codina(a)bootlin.com> of: dynamic: Synchronize of_changeset_destroy() with the devlink removals Herve Codina <herve.codina(a)bootlin.com> driver core: Introduce device_link_wait_removal() I Gede Agastya Darma Laksana <gedeagas22(a)gmail.com> ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Christoffer Sandberg <cs(a)tuxedo.de> ALSA: hda/realtek - Fix inactive headset mic jack Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: do not set SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1 Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: validate payload size in ipc response Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: don't send oplock break if rename fails Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk Jeff Layton <jlayton(a)kernel.org> nfsd: hold a lighter-weight client reference over CB_RECALL_ANY Arnd Bergmann <arnd(a)arndb.de> ata: sata_mv: Fix PCI device ID table declaration compilation warning David Howells <dhowells(a)redhat.com> cifs: Fix caching to try to do open O_WRONLY as rdwr on server Li Nan <linan122(a)huawei.com> scsi: sd: Unregister device if device_add_disk() failed in sd_probe() Arnd Bergmann <arnd(a)arndb.de> scsi: mylex: Fix sysfs buffer lengths Arnd Bergmann <arnd(a)arndb.de> ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit Stephen Lee <slee08177(a)gmail.com> ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdca: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt5682-sdw: fix locking sequence Christian Hewitt <christianshewitt(a)gmail.com> drm/panfrost: fix power transition timeout warnings Pu Lehui <pulehui(a)huawei.com> drivers/perf: riscv: Disable PERF_SAMPLE_BRANCH_* while not supported Dominique Martinet <asmadeus(a)codewreck.org> 9p: Fix read/write debug statements to report server reply Jann Horn <jannh(a)google.com> fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() Ashish Kalra <ashish.kalra(a)amd.com> KVM: SVM: Add support for allowing zero SEV ASIDs Sean Christopherson <seanjc(a)google.com> KVM: SVM: Use unsigned integers when dealing with ASIDs Sean Christopherson <seanjc(a)google.com> KVM: SVM: WARN, but continue, if misc_cg_set_capacity() fails Alexander Mikhalitsyn <aleksandr.mikhalitsyn(a)canonical.com> KVM: SVM: enhance info printk's in SEV init Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always update error counters Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always process TX descriptor ring Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> net: ravb: Let IP-specific receive function to interrogate descriptors Wei Fang <wei.fang(a)nxp.com> net: fec: Set mac_managed_pm during probe Denis Kirjanov <dkirjanov(a)suse.de> drivers: net: convert to boolean for the mac_managed_pm flag Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses. Heiner Kallweit <hkallweit1(a)gmail.com> r8169: prepare rtl_hw_aspm_clkreq_enable for usage in atomic context Heiner Kallweit <hkallweit1(a)gmail.com> r8169: use spinlock to protect access to registers Config2 and Config5 Heiner Kallweit <hkallweit1(a)gmail.com> r8169: use spinlock to protect mac ocp register access Ivan Vecera <ivecera(a)redhat.com> i40e: Enforce software interrupt during busy-poll exit Ivan Vecera <ivecera(a)redhat.com> i40e: Remove _t suffix from enum type names Joe Damato <jdamato(a)fastly.com> i40e: Store the irq number in i40e_q_vector Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Flush GFXOFF requests in prepare stage Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Add concept of running prepare_suspend() sequence for IP blocks Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Evict resources during PM ops prepare() callback Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix vf may be used uninitialized in this function warning Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix i40e_count_filters() to count only active/new filters Aleksandr Mishin <amishin(a)t-argos.ru> octeontx2-af: Add array index check Su Hui <suhui(a)nfschina.com> octeontx2-pf: check negative error code in otx2_open() Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: Fix issue with loading coalesced KPU profiles Antoine Tenart <atenart(a)kernel.org> udp: prevent local UDP tunnel packets from being GROed Antoine Tenart <atenart(a)kernel.org> udp: do not transition UDP GRO fraglist partial checksums to unnecessary Antoine Tenart <atenart(a)kernel.org> udp: do not accept non-tunnel GSO skbs landing in a tunnel Atlas Yu <atlas.yu(a)canonical.com> r8169: skip DASH fw status checks when DASH is disabled David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop interface during shutdown Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Fix infinite recursion in fib6_dump_done(). Jakub Kicinski <kuba(a)kernel.org> selftests: reuseaddr_conflict: add missing new line at the end of the output Eric Dumazet <edumazet(a)google.com> erspan: make sure erspan_base_hdr is present in skb->head Ivan Vecera <ivecera(a)redhat.com> i40e: Fix VF MAC filter removal Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Fix the SRSO mitigation on Zen3/4 Antoine Tenart <atenart(a)kernel.org> gro: fix ownership transfer Antoine Tenart <atenart(a)kernel.org> selftests: net: gro fwd: update vxlan GRO test expectations Aleksandr Mishin <amishin(a)t-argos.ru> net: phy: micrel: Fix potential null pointer dereference Horatiu Vultur <horatiu.vultur(a)microchip.com> net: phy: micrel: lan8814: Fix when enabling/disabling 1-step timestamping Piotr Wejman <piotrwejman90(a)gmail.com> net: stmmac: fix rx queue priority assignment Eric Dumazet <edumazet(a)google.com> net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() Eric Dumazet <edumazet(a)google.com> net/sched: act_skbmod: prevent kernel-infoleak Jakub Sitnicki <jakub(a)cloudflare.com> bpf, sockmap: Prevent lock inversion deadlock in map delete elem Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> vboxsf: Avoid an spurious warning if load_nls_xxx() fails Eric Dumazet <edumazet(a)google.com> netfilter: validate user input for expected length Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: flush pending destroy work before exit_net release Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject new basechain after table flag update Ingo Molnar <mingo(a)kernel.org> Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Marco Pinna <marco.pinn95(a)gmail.com> vsock/virtio: fix packet delivery to tap device Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> net: usb: ax88179_178a: avoid the interface always configured as random address Mahmoud Adam <mngyadam(a)amazon.com> net/rds: fix possible cp null dereference Jesper Dangaard Brouer <hawk(a)kernel.org> xen-netfront: Add missing skb_mark_for_recycle Bastien Nocera <hadess(a)hadess.net> Bluetooth: Fix TOCTOU in HCI debugfs implementation Hui Wang <hui.wang(a)canonical.com> Bluetooth: hci_event: set the conn encrypted before conn establishes Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: add quirk for broken address properties Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix device-address endianness Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken Johan Hovold <johan+linaro(a)kernel.org> Revert "Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT" Sean Christopherson <seanjc(a)google.com> x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Fix host-programmed guest events in nVHE Sandipan Das <sandipan.das(a)amd.com> perf/x86/amd/lbr: Use freeze based on availability Sandipan Das <sandipan.das(a)amd.com> x86/cpufeatures: Add new word for scattered features Arnd Bergmann <arnd(a)arndb.de> dm integrity: fix out-of-range warning Florian Westphal <fw(a)strlen.de> inet: inet_defrag: prevent sk release while still in use Hariprasad Kelam <hkelam(a)marvell.com> Octeontx2-af: fix pause frame configuration in GMP mode Raju Lakkaraju <Raju.Lakkaraju(a)microchip.com> net: lan743x: Add set RFE read fifo threshold for PCI1x1x chips David Howells <dhowells(a)redhat.com> cifs: Fix duplicate fscache cookie warnings Andrei Matei <andreimatei1(a)gmail.com> bpf: Protect against int overflow for stack access size David Thompson <davthompson(a)nvidia.com> mlxbf_gige: call request_irq() after NAPI initialized Sabrina Dubroca <sd(a)queasysnail.net> tls: get psock ref after taking rxlock to avoid leak Sabrina Dubroca <sd(a)queasysnail.net> tls: adjust recv return with async crypto and failed copy to userspace Sabrina Dubroca <sd(a)queasysnail.net> tls: recv: process_rx_list shouldn't use an offset with kvec Jian Shen <shenjian15(a)huawei.com> net: hns3: mark unexcuted loopback test result as UNEXECUTED Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix kernel crash when devlink reload during pf initialization Jie Wang <wangjie125(a)huawei.com> net: hns3: fix index limit to support all queue stats Nikita Kiryushin <kiryushin(a)ancud.ru> ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() Bjørn Mork <bjorn(a)mork.no> net: wwan: t7xx: Split 64bit accesses to fix alignment issues Eric Dumazet <edumazet(a)google.com> tcp: properly terminate timers for kernel sockets Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: handle deferred cc1 Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: rfi: fix potential response leaks David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop PHY during open() error paths Ryosuke Yasuoka <ryasuoka(a)redhat.com> nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Pavel Sakharov <p.sakharov(a)ispras.ru> dma-buf: Fix NULL pointer dereference in sanitycheck() Hangbin Liu <liuhangbin(a)gmail.com> scripts/bpf_doc: Use silent mode when exec make cmd ------------- Diffstat: Documentation/admin-guide/hw-vuln/spectre.rst | 48 +++++++- Documentation/admin-guide/kernel-parameters.txt | 12 ++ Makefile | 4 +- arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 2 + arch/riscv/include/asm/uaccess.h | 4 +- arch/riscv/kernel/process.c | 3 - arch/s390/kernel/entry.S | 1 + arch/x86/Kconfig | 25 ++++ arch/x86/coco/core.c | 41 +++++++ arch/x86/entry/common.c | 10 +- arch/x86/entry/entry_64.S | 61 ++++++++++ arch/x86/entry/entry_64_compat.S | 16 +++ arch/x86/entry/syscall_32.c | 21 +++- arch/x86/entry/syscall_64.c | 19 ++- arch/x86/entry/syscall_x32.c | 10 +- arch/x86/events/amd/core.c | 4 +- arch/x86/events/amd/lbr.c | 16 ++- arch/x86/include/asm/asm-prototypes.h | 1 + arch/x86/include/asm/coco.h | 2 + arch/x86/include/asm/cpufeature.h | 8 +- arch/x86/include/asm/cpufeatures.h | 15 ++- arch/x86/include/asm/disabled-features.h | 3 +- arch/x86/include/asm/msr-index.h | 9 +- arch/x86/include/asm/nospec-branch.h | 37 +++++- arch/x86/include/asm/required-features.h | 3 +- arch/x86/include/asm/syscall.h | 11 +- arch/x86/kernel/cpu/bugs.c | 121 +++++++++++++++++-- arch/x86/kernel/cpu/common.c | 24 ++-- arch/x86/kernel/cpu/mce/core.c | 4 +- arch/x86/kernel/cpu/scattered.c | 2 + arch/x86/kernel/setup.c | 2 + arch/x86/kvm/reverse_cpuid.h | 5 +- arch/x86/kvm/svm/sev.c | 60 ++++++---- arch/x86/kvm/trace.h | 10 +- arch/x86/kvm/vmx/vmenter.S | 2 + arch/x86/kvm/x86.c | 2 +- arch/x86/lib/retpoline.S | 6 +- arch/x86/mm/ident_map.c | 23 +--- arch/x86/mm/pat/memtype.c | 49 +++++--- drivers/acpi/acpica/dbnames.c | 8 +- drivers/ata/sata_mv.c | 63 +++++----- drivers/ata/sata_sx4.c | 6 +- drivers/base/core.c | 26 +++- drivers/bluetooth/btqca.c | 8 +- drivers/bluetooth/hci_qca.c | 19 ++- drivers/dma-buf/st-dma-fence-chain.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 38 ++++++ drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 10 +- drivers/gpu/drm/amd/include/amd_shared.h | 1 + drivers/gpu/drm/panfrost/panfrost_gpu.c | 6 +- drivers/md/dm-integrity.c | 2 +- drivers/net/ethernet/freescale/fec_main.c | 11 +- .../hns3/hns3_common/hclge_comm_tqp_stats.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 19 ++- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 4 + drivers/net/ethernet/intel/i40e/i40e.h | 6 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 14 ++- drivers/net/ethernet/intel/i40e/i40e_ptp.c | 6 +- drivers/net/ethernet/intel/i40e/i40e_register.h | 3 + drivers/net/ethernet/intel/i40e/i40e_txrx.c | 82 +++++++++---- drivers/net/ethernet/intel/i40e/i40e_txrx.h | 5 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 45 ++++--- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 16 +-- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 + .../net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 2 + .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 2 +- .../net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 2 +- .../ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c | 31 +++-- drivers/net/ethernet/microchip/lan743x_main.c | 18 +++ drivers/net/ethernet/microchip/lan743x_main.h | 4 + drivers/net/ethernet/realtek/r8169_main.c | 131 +++++++++++++++++---- drivers/net/ethernet/renesas/ravb_main.c | 33 +++--- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 +++++-- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 38 ++++-- drivers/net/phy/micrel.c | 31 +++-- drivers/net/usb/asix_devices.c | 4 +- drivers/net/usb/ax88179_178a.c | 2 + drivers/net/wireless/intel/iwlwifi/mvm/rfi.c | 8 +- drivers/net/wwan/t7xx/t7xx_cldma.c | 4 +- drivers/net/wwan/t7xx/t7xx_hif_cldma.c | 9 +- drivers/net/wwan/t7xx/t7xx_pcie_mac.c | 8 +- drivers/net/xen-netfront.c | 1 + drivers/nvme/host/core.c | 4 +- drivers/nvme/host/ioctl.c | 3 +- drivers/nvme/host/nvme.h | 2 +- drivers/nvme/target/passthru.c | 3 +- drivers/of/dynamic.c | 12 ++ drivers/perf/riscv_pmu.c | 4 + drivers/s390/net/qeth_core_main.c | 38 +++++- drivers/scsi/myrb.c | 20 ++-- drivers/scsi/myrs.c | 24 ++-- drivers/scsi/sd.c | 2 +- fs/nfsd/nfs4state.c | 7 +- fs/pipe.c | 17 ++- fs/smb/client/cached_dir.c | 6 +- fs/smb/client/cifs_debug.c | 6 + fs/smb/client/cifsfs.c | 11 ++ fs/smb/client/cifsglob.h | 17 ++- fs/smb/client/connect.c | 2 + fs/smb/client/dir.c | 15 +++ fs/smb/client/file.c | 111 ++++++++++++++--- fs/smb/client/fscache.c | 16 ++- fs/smb/client/fscache.h | 6 + fs/smb/client/inode.c | 2 + fs/smb/client/misc.c | 2 + fs/smb/client/smb1ops.c | 4 +- fs/smb/client/smb2misc.c | 4 + fs/smb/client/smb2ops.c | 11 +- fs/smb/client/smb2pdu.c | 2 +- fs/smb/server/ksmbd_netlink.h | 3 +- fs/smb/server/mgmt/share_config.c | 7 +- fs/smb/server/smb2ops.c | 10 +- fs/smb/server/smb2pdu.c | 3 +- fs/smb/server/transport_ipc.c | 37 ++++++ fs/vboxsf/super.c | 3 +- include/kvm/arm_pmu.h | 2 +- include/linux/device.h | 1 + include/linux/secretmem.h | 4 +- include/linux/skbuff.h | 7 +- include/linux/udp.h | 28 +++++ include/net/bluetooth/hci.h | 9 ++ include/net/inet_connection_sock.h | 1 + include/net/sock.h | 7 ++ kernel/bpf/verifier.c | 5 + mm/memory.c | 4 + net/9p/client.c | 10 +- net/bluetooth/hci_debugfs.c | 64 ++++++---- net/bluetooth/hci_event.c | 25 ++++ net/bluetooth/hci_sync.c | 5 +- net/bridge/netfilter/ebtables.c | 6 + net/core/gro.c | 3 +- net/core/sock_map.c | 6 + net/ipv4/inet_connection_sock.c | 33 ++++-- net/ipv4/inet_fragment.c | 70 +++++++++-- net/ipv4/ip_fragment.c | 2 +- net/ipv4/ip_gre.c | 5 + net/ipv4/netfilter/arp_tables.c | 4 + net/ipv4/netfilter/ip_tables.c | 4 + net/ipv4/tcp.c | 2 + net/ipv4/udp.c | 7 ++ net/ipv4/udp_offload.c | 23 ++-- net/ipv6/ip6_fib.c | 14 +-- net/ipv6/ip6_gre.c | 3 + net/ipv6/netfilter/ip6_tables.c | 4 + net/ipv6/netfilter/nf_conntrack_reasm.c | 2 +- net/ipv6/udp.c | 2 +- net/ipv6/udp_offload.c | 8 +- net/mptcp/protocol.c | 3 - net/mptcp/subflow.c | 2 + net/netfilter/nf_tables_api.c | 13 +- net/nfc/nci/core.c | 5 + net/rds/rdma.c | 2 +- net/sched/act_skbmod.c | 10 +- net/sched/sch_api.c | 2 +- net/tls/tls_sw.c | 7 +- net/vmw_vsock/virtio_transport.c | 3 +- scripts/bpf_doc.py | 4 +- sound/pci/hda/patch_realtek.c | 3 +- sound/soc/codecs/rt5682-sdw.c | 4 +- sound/soc/codecs/rt711-sdca-sdw.c | 4 +- sound/soc/codecs/rt711-sdw.c | 4 +- sound/soc/soc-ops.c | 2 +- tools/testing/selftests/net/mptcp/mptcp_connect.sh | 7 ++ tools/testing/selftests/net/mptcp/mptcp_join.sh | 7 +- tools/testing/selftests/net/reuseaddr_conflict.c | 2 +- tools/testing/selftests/net/udpgro_fwd.sh | 10 +- 167 files changed, 1799 insertions(+), 555 deletions(-)

1 year, 2 months

2
1
0 0

[PATCH] mm,swapops: Update check in is_pfn_swap_entry for hwpoison entries

by Oscar Salvador

Tony reported that the Machine check recovery was broken in v6.9-rc1, as he was hitting a VM_BUG_ON when injecting uncorrectable memory errors to DRAM. After some more digging and debugging on his side, he realized that this went back to v6.1, with the introduction of 'commit 0d206b5d2e0d ("mm/swap: add swp_offset_pfn() to fetch PFN from swap entry")'. That commit, among other things, introduced swp_offset_pfn(), replacing hwpoison_entry_to_pfn() in its favour. The patch also introduced a VM_BUG_ON() check for is_pfn_swap_entry(), but is_pfn_swap_entry() never got updated to cover hwpoison entries, which means that we would hit the VM_BUG_ON whenever we would call swp_offset_pfn() for such entries on environments with CONFIG_DEBUG_VM set. Fix this by updating the check to cover hwpoison entries as well, and update the comment while we are it. Reported-by: Tony Luck <tony.luck(a)intel.com> Closes: https://lore.kernel.org/all/Zg8kLSl2yAlA3o5D@agluck-desk3/ Tested-by: Tony Luck <tony.luck(a)intel.com> Fixes: 0d206b5d2e0d ("mm/swap: add swp_offset_pfn() to fetch PFN from swap entry") Cc: <stable(a)vger.kernel.org> # 6.1.x Signed-off-by: Oscar Salvador <osalvador(a)suse.de> --- include/linux/swapops.h | 65 +++++++++++++++++++++-------------------- 1 file changed, 33 insertions(+), 32 deletions(-) diff --git a/include/linux/swapops.h b/include/linux/swapops.h index 48b700ba1d18..a5c560a2f8c2 100644 --- a/include/linux/swapops.h +++ b/include/linux/swapops.h @@ -390,6 +390,35 @@ static inline bool is_migration_entry_dirty(swp_entry_t entry) } #endif /* CONFIG_MIGRATION */ +#ifdef CONFIG_MEMORY_FAILURE + +/* + * Support for hardware poisoned pages + */ +static inline swp_entry_t make_hwpoison_entry(struct page *page) +{ + BUG_ON(!PageLocked(page)); + return swp_entry(SWP_HWPOISON, page_to_pfn(page)); +} + +static inline int is_hwpoison_entry(swp_entry_t entry) +{ + return swp_type(entry) == SWP_HWPOISON; +} + +#else + +static inline swp_entry_t make_hwpoison_entry(struct page *page) +{ + return swp_entry(0, 0); +} + +static inline int is_hwpoison_entry(swp_entry_t swp) +{ + return 0; +} +#endif + typedef unsigned long pte_marker; #define PTE_MARKER_UFFD_WP BIT(0) @@ -483,8 +512,9 @@ static inline struct folio *pfn_swap_entry_folio(swp_entry_t entry) /* * A pfn swap entry is a special type of swap entry that always has a pfn stored - * in the swap offset. They are used to represent unaddressable device memory - * and to restrict access to a page undergoing migration. + * in the swap offset. They can either be used to represent unaddressable device + * memory, to restrict access to a page undergoing migration or to represent a + * pfn which has been hwpoisoned and unmapped. */ static inline bool is_pfn_swap_entry(swp_entry_t entry) { @@ -492,7 +522,7 @@ static inline bool is_pfn_swap_entry(swp_entry_t entry) BUILD_BUG_ON(SWP_TYPE_SHIFT < SWP_PFN_BITS); return is_migration_entry(entry) || is_device_private_entry(entry) || - is_device_exclusive_entry(entry); + is_device_exclusive_entry(entry) || is_hwpoison_entry(entry); } struct page_vma_mapped_walk; @@ -561,35 +591,6 @@ static inline int is_pmd_migration_entry(pmd_t pmd) } #endif /* CONFIG_ARCH_ENABLE_THP_MIGRATION */ -#ifdef CONFIG_MEMORY_FAILURE - -/* - * Support for hardware poisoned pages - */ -static inline swp_entry_t make_hwpoison_entry(struct page *page) -{ - BUG_ON(!PageLocked(page)); - return swp_entry(SWP_HWPOISON, page_to_pfn(page)); -} - -static inline int is_hwpoison_entry(swp_entry_t entry) -{ - return swp_type(entry) == SWP_HWPOISON; -} - -#else - -static inline swp_entry_t make_hwpoison_entry(struct page *page) -{ - return swp_entry(0, 0); -} - -static inline int is_hwpoison_entry(swp_entry_t swp) -{ - return 0; -} -#endif - static inline int non_swap_entry(swp_entry_t entry) { return swp_type(entry) >= MAX_SWAPFILES; -- 2.44.0

1 year, 2 months

4
6
0 0

FAILED: patch "[PATCH] drm/i915/gt: Reset queue_priority_hint on parking" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 4a3859ea5240365d21f6053ee219bb240d520895 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024033042-ruckus-moonlight-d2e5@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4a3859ea5240365d21f6053ee219bb240d520895 Mon Sep 17 00:00:00 2001 From: Chris Wilson <chris(a)chris-wilson.co.uk> Date: Mon, 18 Mar 2024 14:58:47 +0100 Subject: [PATCH] drm/i915/gt: Reset queue_priority_hint on parking Originally, with strict in order execution, we could complete execution only when the queue was empty. Preempt-to-busy allows replacement of an active request that may complete before the preemption is processed by HW. If that happens, the request is retired from the queue, but the queue_priority_hint remains set, preventing direct submission until after the next CS interrupt is processed. This preempt-to-busy race can be triggered by the heartbeat, which will also act as the power-management barrier and upon completion allow us to idle the HW. We may process the completion of the heartbeat, and begin parking the engine before the CS event that restores the queue_priority_hint, causing us to fail the assertion that it is MIN. <3>[ 166.210729] __engine_park:283 GEM_BUG_ON(engine->sched_engine->queue_priority_hint != (-((int)(~0U >> 1)) - 1)) <0>[ 166.210781] Dumping ftrace buffer: <0>[ 166.210795] --------------------------------- ... <0>[ 167.302811] drm_fdin-1097 2..s1. 165741070us : trace_ports: 0000:00:02.0 rcs0: promote { ccid:20 1217:2 prio 0 } <0>[ 167.302861] drm_fdin-1097 2d.s2. 165741072us : execlists_submission_tasklet: 0000:00:02.0 rcs0: preempting last=1217:2, prio=0, hint=2147483646 <0>[ 167.302928] drm_fdin-1097 2d.s2. 165741072us : __i915_request_unsubmit: 0000:00:02.0 rcs0: fence 1217:2, current 0 <0>[ 167.302992] drm_fdin-1097 2d.s2. 165741073us : __i915_request_submit: 0000:00:02.0 rcs0: fence 3:4660, current 4659 <0>[ 167.303044] drm_fdin-1097 2d.s1. 165741076us : execlists_submission_tasklet: 0000:00:02.0 rcs0: context:3 schedule-in, ccid:40 <0>[ 167.303095] drm_fdin-1097 2d.s1. 165741077us : trace_ports: 0000:00:02.0 rcs0: submit { ccid:40 3:4660* prio 2147483646 } <0>[ 167.303159] kworker/-89 11..... 165741139us : i915_request_retire.part.0: 0000:00:02.0 rcs0: fence c90:2, current 2 <0>[ 167.303208] kworker/-89 11..... 165741148us : __intel_context_do_unpin: 0000:00:02.0 rcs0: context:c90 unpin <0>[ 167.303272] kworker/-89 11..... 165741159us : i915_request_retire.part.0: 0000:00:02.0 rcs0: fence 1217:2, current 2 <0>[ 167.303321] kworker/-89 11..... 165741166us : __intel_context_do_unpin: 0000:00:02.0 rcs0: context:1217 unpin <0>[ 167.303384] kworker/-89 11..... 165741170us : i915_request_retire.part.0: 0000:00:02.0 rcs0: fence 3:4660, current 4660 <0>[ 167.303434] kworker/-89 11d..1. 165741172us : __intel_context_retire: 0000:00:02.0 rcs0: context:1216 retire runtime: { total:56028ns, avg:56028ns } <0>[ 167.303484] kworker/-89 11..... 165741198us : __engine_park: 0000:00:02.0 rcs0: parked <0>[ 167.303534] <idle>-0 5d.H3. 165741207us : execlists_irq_handler: 0000:00:02.0 rcs0: semaphore yield: 00000040 <0>[ 167.303583] kworker/-89 11..... 165741397us : __intel_context_retire: 0000:00:02.0 rcs0: context:1217 retire runtime: { total:325575ns, avg:0ns } <0>[ 167.303756] kworker/-89 11..... 165741777us : __intel_context_retire: 0000:00:02.0 rcs0: context:c90 retire runtime: { total:0ns, avg:0ns } <0>[ 167.303806] kworker/-89 11..... 165742017us : __engine_park: __engine_park:283 GEM_BUG_ON(engine->sched_engine->queue_priority_hint != (-((int)(~0U >> 1)) - 1)) <0>[ 167.303811] --------------------------------- <4>[ 167.304722] ------------[ cut here ]------------ <2>[ 167.304725] kernel BUG at drivers/gpu/drm/i915/gt/intel_engine_pm.c:283! <4>[ 167.304731] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI <4>[ 167.304734] CPU: 11 PID: 89 Comm: kworker/11:1 Tainted: G W 6.8.0-rc2-CI_DRM_14193-gc655e0fd2804+ #1 <4>[ 167.304736] Hardware name: Intel Corporation Rocket Lake Client Platform/RocketLake S UDIMM 6L RVP, BIOS RKLSFWI1.R00.3173.A03.2204210138 04/21/2022 <4>[ 167.304738] Workqueue: i915-unordered retire_work_handler [i915] <4>[ 167.304839] RIP: 0010:__engine_park+0x3fd/0x680 [i915] <4>[ 167.304937] Code: 00 48 c7 c2 b0 e5 86 a0 48 8d 3d 00 00 00 00 e8 79 48 d4 e0 bf 01 00 00 00 e8 ef 0a d4 e0 31 f6 bf 09 00 00 00 e8 03 49 c0 e0 <0f> 0b 0f 0b be 01 00 00 00 e8 f5 61 fd ff 31 c0 e9 34 fd ff ff 48 <4>[ 167.304940] RSP: 0018:ffffc9000059fce0 EFLAGS: 00010246 <4>[ 167.304942] RAX: 0000000000000200 RBX: 0000000000000000 RCX: 0000000000000006 <4>[ 167.304944] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 <4>[ 167.304946] RBP: ffff8881330ca1b0 R08: 0000000000000001 R09: 0000000000000001 <4>[ 167.304947] R10: 0000000000000001 R11: 0000000000000001 R12: ffff8881330ca000 <4>[ 167.304948] R13: ffff888110f02aa0 R14: ffff88812d1d0205 R15: ffff88811277d4f0 <4>[ 167.304950] FS: 0000000000000000(0000) GS:ffff88844f780000(0000) knlGS:0000000000000000 <4>[ 167.304952] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 <4>[ 167.304953] CR2: 00007fc362200c40 CR3: 000000013306e003 CR4: 0000000000770ef0 <4>[ 167.304955] PKRU: 55555554 <4>[ 167.304957] Call Trace: <4>[ 167.304958] <TASK> <4>[ 167.305573] ____intel_wakeref_put_last+0x1d/0x80 [i915] <4>[ 167.305685] i915_request_retire.part.0+0x34f/0x600 [i915] <4>[ 167.305800] retire_requests+0x51/0x80 [i915] <4>[ 167.305892] intel_gt_retire_requests_timeout+0x27f/0x700 [i915] <4>[ 167.305985] process_scheduled_works+0x2db/0x530 <4>[ 167.305990] worker_thread+0x18c/0x350 <4>[ 167.305993] kthread+0xfe/0x130 <4>[ 167.305997] ret_from_fork+0x2c/0x50 <4>[ 167.306001] ret_from_fork_asm+0x1b/0x30 <4>[ 167.306004] </TASK> It is necessary for the queue_priority_hint to be lower than the next request submission upon waking up, as we rely on the hint to decide when to kick the tasklet to submit that first request. Fixes: 22b7a426bbe1 ("drm/i915/execlists: Preempt-to-busy") Closes: https://gitlab.freedesktop.org/drm/intel/issues/10154 Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Signed-off-by: Janusz Krzysztofik <janusz.krzysztofik(a)linux.intel.com> Cc: Mika Kuoppala <mika.kuoppala(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # v5.4+ Reviewed-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Reviewed-by: Andi Shyti <andi.shyti(a)linux.intel.com> Signed-off-by: Andi Shyti <andi.shyti(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240318135906.716055-2-janus… (cherry picked from commit 98850e96cf811dc2d0a7d0af491caff9f5d49c1e) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/gt/intel_engine_pm.c b/drivers/gpu/drm/i915/gt/intel_engine_pm.c index 96bdb93a948d..fb7bff27b45a 100644 --- a/drivers/gpu/drm/i915/gt/intel_engine_pm.c +++ b/drivers/gpu/drm/i915/gt/intel_engine_pm.c @@ -279,9 +279,6 @@ static int __engine_park(struct intel_wakeref *wf) intel_engine_park_heartbeat(engine); intel_breadcrumbs_park(engine->breadcrumbs); - /* Must be reset upon idling, or we may miss the busy wakeup. */ - GEM_BUG_ON(engine->sched_engine->queue_priority_hint != INT_MIN); - if (engine->park) engine->park(engine); diff --git a/drivers/gpu/drm/i915/gt/intel_execlists_submission.c b/drivers/gpu/drm/i915/gt/intel_execlists_submission.c index 42aade0faf2d..b061a0a0d6b0 100644 --- a/drivers/gpu/drm/i915/gt/intel_execlists_submission.c +++ b/drivers/gpu/drm/i915/gt/intel_execlists_submission.c @@ -3272,6 +3272,9 @@ static void execlists_park(struct intel_engine_cs *engine) { cancel_timer(&engine->execlists.timer); cancel_timer(&engine->execlists.preempt); + + /* Reset upon idling, or we may delay the busy wakeup. */ + WRITE_ONCE(engine->sched_engine->queue_priority_hint, INT_MIN); } static void add_to_engine(struct i915_request *rq)

1 year, 2 months

2
1
0 0

[PATCH 0/3] arm64: dts: qcom: Fix the msi-map entries

by Manivannan Sadhasivam

While adding the GIC ITS MSI support, it was found that the msi-map entries needed to be swapped to receive MSIs from the endpoint. But later it was identified that the swapping was needed due to a bug in the Qualcomm PCIe controller driver. And since the bug is now fixed with commit bf79e33cdd89 ("PCI: qcom: Enable BDF to SID translation properly"), let's fix the msi-map entries also to reflect the actual mapping in the hardware. Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> --- Manivannan Sadhasivam (3): arm64: dts: qcom: sm8450: Fix the msi-map entries arm64: dts: qcom: sm8550: Fix the msi-map entries arm64: dts: qcom: sm8650: Fix the msi-map entries arch/arm64/boot/dts/qcom/sm8450.dtsi | 16 ++++------------ arch/arm64/boot/dts/qcom/sm8550.dtsi | 10 ++++------ arch/arm64/boot/dts/qcom/sm8650.dtsi | 10 ++++------ 3 files changed, 12 insertions(+), 24 deletions(-) --- base-commit: f6cef5f8c37f58a3bc95b3754c3ae98e086631ca change-id: 20240318-pci-bdf-sid-fix-2e7db6fe4238 Best regards, -- Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org>

1 year, 2 months

3
4
0 0

kernel panic caused by recent changes in fs/cifs

by Chenglong Tang

Hi, developers, This is Chenglong Tang from the Google Container Optimized OS team. We recently received a kernel panic bug from the customers regarding cifs. This happened since the backport of following changes in cifs(in our kernel COS-5.10.208 and COS-5.15.146): cifs: Fix non-availability of dedup breaking generic/304: https://lore.kernel.org/r/3876191.1701555260@warthog.procyon.org.uk/ smb: client: fix potential NULL deref in parse_dfs_referrals(): Upstream commit 92414333eb375ed64f4ae92d34d579e826936480 ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE: Upstream commit 13736654481198e519059d4a2e2e3b20fa9fdb3e smb: client: fix NULL deref in asn1_ber_decoder(): Upstream commit 90d025c2e953c11974e76637977c473200593a46 smb: a few more smb changes... The line that crashed is line 197 in fs/cifs/dfs_cache.c ``` if (unlikely(strcmp(cp->charset, cache_cp->charset))) { ``` I attached the dmesg and backtrace for debugging purposes. Let me know if you need more information. Best, Chenglong

1 year, 2 months

1
1
0 0

Requesting backport for fc20c523211 (cifs: fixes for get_inode_info)

by Meetakshi Setiya

commit fc20c523211a38b87fc850a959cb2149e4fd64b0 upstream cifs: fixes for get_inode_info requesting backport to 6.8.x, 6.6.x, 6.5.x and 6.1.x This patch fixes memory leaks, adds error checking, and performs some important code modifications to the changes introduced by patch 2 of this patch series: https://lore.kernel.org/stable/CAFTVevX6=4qFo6nwV14sCnfPRO9yb9q+YsP3XPaHMsP… commit ffceb7640cbfe6ea60e7769e107451d63a2fe3d3 (smb: client: do not defer close open handles to deleted files) This patch and the three patches in the mails that precede this are related and fix an important customer reported bug on the linux smb client (explained in the mail for patch 1). Patches 2, 3 and 4 are meant to fix whatever regressions were introduced/exposed by patch 1. The patches have to be applied in the mentioned order and should be backported together. Patch 1: https://lore.kernel.org/stable/CAFTVevWEnEDAQbw59N-R03ppFgqa3qwTySfn61-+T4V… Patch 2: https://lore.kernel.org/stable/CAFTVevX6=4qFo6nwV14sCnfPRO9yb9q+YsP3XPaHMsP… Patch 3: https://lore.kernel.org/stable/CAFTVevX6Yzjm40EoGZzex6G-f3T-YNG2CZMAuy=fBSw… Patch 4: The current patch Thanks Meetakshi

1 year, 2 months

3
3
0 0

[PATCH v2] perf/x86: Fix out of range data

by Namhyung Kim

On x86 each cpu_hw_events maintains a table for counter assignment but it missed to update one for the deleted event in x86_pmu_del(). This can make perf_clear_dirty_counters() reset used counter if it's called before event scheduling or enabling. Then it would return out of range data which doesn't make sense. The following code can reproduce the problem. $ cat repro.c #include <pthread.h> #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <linux/perf_event.h> #include <sys/ioctl.h> #include <sys/mman.h> #include <sys/syscall.h> struct perf_event_attr attr = { .type = PERF_TYPE_HARDWARE, .config = PERF_COUNT_HW_CPU_CYCLES, .disabled = 1, }; void *worker(void *arg) { int cpu = (long)arg; int fd1 = syscall(SYS_perf_event_open, &attr, -1, cpu, -1, 0); int fd2 = syscall(SYS_perf_event_open, &attr, -1, cpu, -1, 0); void *p; do { ioctl(fd1, PERF_EVENT_IOC_ENABLE, 0); p = mmap(NULL, 4096, PROT_READ, MAP_SHARED, fd1, 0); ioctl(fd2, PERF_EVENT_IOC_ENABLE, 0); ioctl(fd2, PERF_EVENT_IOC_DISABLE, 0); munmap(p, 4096); ioctl(fd1, PERF_EVENT_IOC_DISABLE, 0); } while (1); return NULL; } int main(void) { int i; int n = sysconf(_SC_NPROCESSORS_ONLN); pthread_t *th = calloc(n, sizeof(*th)); for (i = 0; i < n; i++) pthread_create(&th[i], NULL, worker, (void *)(long)i); for (i = 0; i < n; i++) pthread_join(th[i], NULL); free(th); return 0; } And you can see the out of range data using perf stat like this. Probably it'd be easier to see on a large machine. $ gcc -o repro repro.c -pthread $ ./repro & $ sudo perf stat -A -I 1000 2>&1 | awk '{ if (length($3) > 15) print }' 1.001028462 CPU6 196,719,295,683,763 cycles # 194290.996 GHz (71.54%) 1.001028462 CPU3 396,077,485,787,730 branch-misses # 15804359784.80% of all branches (71.07%) 1.001028462 CPU17 197,608,350,727,877 branch-misses # 14594186554.56% of all branches (71.22%) 2.020064073 CPU4 198,372,472,612,140 cycles # 194681.113 GHz (70.95%) 2.020064073 CPU6 199,419,277,896,696 cycles # 195720.007 GHz (70.57%) 2.020064073 CPU20 198,147,174,025,639 cycles # 194474.654 GHz (71.03%) 2.020064073 CPU20 198,421,240,580,145 stalled-cycles-frontend # 100.14% frontend cycles idle (70.93%) 3.037443155 CPU4 197,382,689,923,416 cycles # 194043.065 GHz (71.30%) 3.037443155 CPU20 196,324,797,879,414 cycles # 193003.773 GHz (71.69%) 3.037443155 CPU5 197,679,956,608,205 stalled-cycles-backend # 1315606428.66% backend cycles idle (71.19%) 3.037443155 CPU5 198,571,860,474,851 instructions # 13215422.58 insn per cycle It should move the contents in the cpuc->assign as well. Fixes: 5471eea5d3bf ("perf/x86: Reset the dirty counter to prevent the leak for an RDPMC task") Reviewed-by: Kan Liang <kan.liang(a)linux.intel.com> Cc: stable(a)vger.kernel.org Signed-off-by: Namhyung Kim <namhyung(a)kernel.org> --- * add Kan's reviewed-by tag arch/x86/events/core.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/events/core.c b/arch/x86/events/core.c index 09050641ce5d..5b0dd07b1ef1 100644 --- a/arch/x86/events/core.c +++ b/arch/x86/events/core.c @@ -1644,6 +1644,7 @@ static void x86_pmu_del(struct perf_event *event, int flags) while (++i < cpuc->n_events) { cpuc->event_list[i-1] = cpuc->event_list[i]; cpuc->event_constraint[i-1] = cpuc->event_constraint[i]; + cpuc->assign[i-1] = cpuc->assign[i]; } cpuc->event_constraint[i-1] = NULL; --cpuc->n_events; -- 2.44.0.278.ge034bb2e1d-goog

1 year, 2 months

2
1
0 0

Late Filling (Extension)

by Marisol Alvarez

Hello, I trust this message finds you well. My name is Marisol Alvarez, and I am currently in search of a new tax preparer for Extension. I came across your services and would like to inquire about your availability for new clients for the extension period. Specifically, I need assistance with the preparation of my individual tax returns, which includes Schedule D and Schedule C. Could you please provide information on your fee structure for handling returns with these schedules? Additionally, I am interested in becoming a client and would like to know the steps involved in signing up for your tax preparation services. I appreciate your prompt response and look forward to the possibility of working with you. Kind regards, Marisol Alvarez Member Services Specialist

1 year, 2 months

1
0
0 0

[PATCH 5.15 000/690] 5.15.154-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.154 release. There are 690 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 10 Apr 2024 12:52:23 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.154-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.154-rc1 min15.li <min15.li(a)samsung.com> nvme: fix miss command type check Antoine Tenart <atenart(a)kernel.org> gro: fix ownership transfer David Hildenbrand <david(a)redhat.com> mm/secretmem: fix GUP-fast succeeding on secretmem folios Davide Caratti <dcaratti(a)redhat.com> mptcp: don't account accept() of non-MPC client as fallback to TCP Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Fix the SRSO mitigation on Zen3/4 Stefan O'Rear <sorear(a)fastmail.com> riscv: process: Fix kernel gp leakage Samuel Holland <samuel.holland(a)sifive.com> riscv: Fix spurious errors from __get/put_kernel_nofault Sumanth Korikkar <sumanthk(a)linux.ibm.com> s390/entry: align system call table on 8 bytes Borislav Petkov (AMD) <bp(a)alien8.de> x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() Herve Codina <herve.codina(a)bootlin.com> of: dynamic: Synchronize of_changeset_destroy() with the devlink removals Herve Codina <herve.codina(a)bootlin.com> driver core: Introduce device_link_wait_removal() I Gede Agastya Darma Laksana <gedeagas22(a)gmail.com> ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Jann Horn <jannh(a)google.com> fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() Jann Horn <jannh(a)google.com> openrisc: Fix pagewalk usage in arch_dma_{clear, set}_uncached Jann Horn <jannh(a)google.com> HID: uhid: Use READ_ONCE()/WRITE_ONCE() for ->running Jeff Layton <jlayton(a)kernel.org> nfsd: hold a lighter-weight client reference over CB_RECALL_ANY Arnd Bergmann <arnd(a)arndb.de> ata: sata_mv: Fix PCI device ID table declaration compilation warning Arnd Bergmann <arnd(a)arndb.de> scsi: mylex: Fix sysfs buffer lengths Arnd Bergmann <arnd(a)arndb.de> ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit Stephen Lee <slee08177(a)gmail.com> ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdca: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt5682-sdw: fix locking sequence Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always process TX descriptor ring Wei Fang <wei.fang(a)nxp.com> net: fec: Set mac_managed_pm during probe Denis Kirjanov <dkirjanov(a)suse.de> drivers: net: convert to boolean for the mac_managed_pm flag Oleksij Rempel <linux(a)rempel-privat.de> net: usb: asix: suspend embedded PHY if external is used Ivan Vecera <ivecera(a)redhat.com> i40e: Enforce software interrupt during busy-poll exit Ivan Vecera <ivecera(a)redhat.com> i40e: Remove _t suffix from enum type names Joe Damato <jdamato(a)fastly.com> i40e: Store the irq number in i40e_q_vector Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Check for notifications after init Alexander Stein <alexander.stein(a)ew.tq-group.com> Revert "usb: phy: generic: Get the vbus supply" Bikash Hazarika <bhazarika(a)marvell.com> scsi: qla2xxx: Update manufacturer detail Bikash Hazarika <bhazarika(a)marvell.com> scsi: qla2xxx: Update manufacturer details Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix vf may be used uninitialized in this function warning Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix i40e_count_filters() to count only active/new filters Su Hui <suhui(a)nfschina.com> octeontx2-pf: check negative error code in otx2_open() Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: Fix issue with loading coalesced KPU profiles Antoine Tenart <atenart(a)kernel.org> udp: prevent local UDP tunnel packets from being GROed Antoine Tenart <atenart(a)kernel.org> udp: do not transition UDP GRO fraglist partial checksums to unnecessary Antoine Tenart <atenart(a)kernel.org> udp: do not accept non-tunnel GSO skbs landing in a tunnel David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop interface during shutdown Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Fix infinite recursion in fib6_dump_done(). Jakub Kicinski <kuba(a)kernel.org> selftests: reuseaddr_conflict: add missing new line at the end of the output Eric Dumazet <edumazet(a)google.com> erspan: make sure erspan_base_hdr is present in skb->head Antoine Tenart <atenart(a)kernel.org> selftests: net: gro fwd: update vxlan GRO test expectations Piotr Wejman <piotrwejman90(a)gmail.com> net: stmmac: fix rx queue priority assignment Eric Dumazet <edumazet(a)google.com> net/sched: act_skbmod: prevent kernel-infoleak Jakub Sitnicki <jakub(a)cloudflare.com> bpf, sockmap: Prevent lock inversion deadlock in map delete elem Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> vboxsf: Avoid an spurious warning if load_nls_xxx() fails Eric Dumazet <edumazet(a)google.com> netfilter: validate user input for expected length Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: flush pending destroy work before exit_net release Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject new basechain after table flag update Sean Christopherson <seanjc(a)google.com> KVM: x86: Mark target gfn of emulated atomic instruction as dirty Sean Christopherson <seanjc(a)google.com> KVM: x86: Bail to userspace if emulation of atomic user access faults Ye Zhang <ye.zhang(a)rock-chips.com> thermal: devfreq_cooling: Fix perf state when calculate dfc res_util Vlastimil Babka <vbabka(a)suse.cz> mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations Ingo Molnar <mingo(a)kernel.org> Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Jens Axboe <axboe(a)kernel.dk> io_uring: ensure '0' is returned on file registration success Gokul krishna Krishnakumar <quic_gokukris(a)quicinc.com> locking/rwsem: Disable preemption while trying for rwsem lock Mahmoud Adam <mngyadam(a)amazon.com> net/rds: fix possible cp null dereference Jesper Dangaard Brouer <hawk(a)kernel.org> xen-netfront: Add missing skb_mark_for_recycle Bastien Nocera <hadess(a)hadess.net> Bluetooth: Fix TOCTOU in HCI debugfs implementation Hui Wang <hui.wang(a)canonical.com> Bluetooth: hci_event: set the conn encrypted before conn establishes Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken Sean Christopherson <seanjc(a)google.com> x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word Sandipan Das <sandipan.das(a)amd.com> x86/cpufeatures: Add new word for scattered features Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d Arnd Bergmann <arnd(a)arndb.de> dm integrity: fix out-of-range warning Hariprasad Kelam <hkelam(a)marvell.com> Octeontx2-af: fix pause frame configuration in GMP mode Andrei Matei <andreimatei1(a)gmail.com> bpf: Protect against int overflow for stack access size David Thompson <davthompson(a)nvidia.com> mlxbf_gige: call request_irq() after NAPI initialized Nikita Kiryushin <kiryushin(a)ancud.ru> ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() Eric Dumazet <edumazet(a)google.com> tcp: properly terminate timers for kernel sockets Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: handle deferred cc1 Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: rfi: fix potential response leaks Bixuan Cui <cuibixuan(a)linux.alibaba.com> iwlwifi: mvm: rfi: use kmemdup() to replace kzalloc + memcpy David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop PHY during open() error paths Ryosuke Yasuoka <ryasuoka(a)redhat.com> nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> USB: UAS: return ENODEV when submit urbs fail with device not attached Bart Van Assche <bvanassche(a)acm.org> scsi: usb: Stop using the SCSI pointer Bart Van Assche <bvanassche(a)acm.org> scsi: usb: Call scsi_done() directly Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix deadlock in usb_deauthorize_interface() Muhammad Usama Anjum <usama.anjum(a)collabora.com> scsi: lpfc: Correct size for wqe for memset() Mika Westerberg <mika.westerberg(a)linux.intel.com> PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports Kim Phillips <kim.phillips(a)amd.com> x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Delay I/O Abort on PCI error Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Change debug message during driver unload Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Fix double free of fcport Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix command flush on cable pull Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: NVME|FCP prefer flag not being honored Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Split FCE|EFT trace control Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix N2N stuck connection Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Prevent command send on chip reset Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Ack unsupported commands yuan linyu <yuanlinyu(a)hihonor.com> usb: udc: remove warning when queue disabled ep Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: gadget: LPM flow fix Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: gadget: Fix exiting from clock gating Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix ISOC flow in DDMA mode Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix hibernation flow Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix remote wakeup from hibernation Alan Stern <stern(a)rowland.harvard.edu> USB: core: Add hub_get() and hub_put() routines Dan Carpenter <dan.carpenter(a)linaro.org> staging: vc04_services: fix information leak in create_component() Arnd Bergmann <arnd(a)arndb.de> staging: vc04_services: changen strncpy() to strscpy_pad() Guilherme G. Piccoli <gpiccoli(a)igalia.com> scsi: core: Fix unremoved procfs host directory regression Duoming Zhou <duoming(a)zju.edu.cn> ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Preserve original aspect ratio in create stream Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/amdgpu: Use drm_mode_copy() Oliver Neukum <oneukum(a)suse.com> usb: cdc-wdm: close race between read and workqueue Chris Wilson <chris(a)chris-wilson.co.uk> drm/i915/gt: Reset queue_priority_hint on parking Claus Hansen Ries <chr(a)terma.com> net: ll_temac: platform_get_resource replaced by wrong function Mikko Rapeli <mikko.rapeli(a)linaro.org> mmc: core: Avoid negative index with array access Mikko Rapeli <mikko.rapeli(a)linaro.org> mmc: core: Initialize mmc_blk_ioc_data Nathan Chancellor <nathan(a)kernel.org> hexagon: vmlinux.lds.S: handle attributes section Max Filippov <jcmvbkbc(a)gmail.com> exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: use zone aware sb location for scrub John Sperbeck <jsperbeck(a)google.com> init: open /initrd.image with O_LARGEFILE Zi Yan <ziy(a)nvidia.com> mm/migrate: set swap entry values of THP tail pages properly. Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO Alex Williamson <alex.williamson(a)redhat.com> vfio/fsl-mc: Block calling interrupt handler without trigger Alex Williamson <alex.williamson(a)redhat.com> vfio/platform: Create persistent IRQ handlers Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Create persistent INTx handler Alex Williamson <alex.williamson(a)redhat.com> vfio: Introduce interface to flush virqfd inject workqueue Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Lock external INTx masking ops Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Disable auto-enable of exclusive INTx IRQ Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: diag: return KSFT_FAIL not test_cnt Nathan Chancellor <nathan(a)kernel.org> powerpc: xor_vmx: Add '-mhard-float' to CFLAGS Tim Schumacher <timschumi(a)gmx.de> efivarfs: Request at most 512 bytes for variable names Yang Jihong <yangjihong1(a)huawei.com> perf/core: Fix reentry problem in perf_output_read_group() Trond Myklebust <trond.myklebust(a)hammerspace.com> nfsd: Fix a regression in nfsd_setattr() NeilBrown <neilb(a)suse.de> nfsd: don't call locks_release_private() twice concurrently NeilBrown <neilb(a)suse.de> nfsd: don't take fi_lock in nfsd_break_deleg_cb() NeilBrown <neilb(a)suse.de> nfsd: fix RELEASE_LOCKOWNER Jeff Layton <jlayton(a)kernel.org> nfsd: drop the nfsd_put helper NeilBrown <neilb(a)suse.de> nfsd: call nfsd_last_thread() before final nfsd_put() Alexander Aring <aahringo(a)redhat.com> lockd: introduce safe async lock op NeilBrown <neilb(a)suse.de> NFSD: fix possible oops when nfsd/pool_stats is closed. Chuck Lever <chuck.lever(a)oracle.com> Documentation: Add missing documentation for EXPORT_OP flags NeilBrown <neilb(a)suse.de> nfsd: separate nfsd_last_thread() from nfsd_put() NeilBrown <neilb(a)suse.de> nfsd: Simplify code around svc_exit_thread() call in nfsd() NeilBrown <neilb(a)suse.de> nfsd: don't allow nfsd threads to be signalled. Tavian Barnes <tavianator(a)tavianator.com> nfsd: Fix creation time serialization order Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add an nfsd4_encode_nfstime4() helper NeilBrown <neilb(a)suse.de> lockd: drop inappropriate svc_get() from locked_get() Dan Carpenter <dan.carpenter(a)linaro.org> nfsd: fix double fget() bug in __write_ports_addfd() Jeff Layton <jlayton(a)kernel.org> nfsd: make a copy of struct iattr before calling notify_change Dai Ngo <dai.ngo(a)oracle.com> NFSD: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop Jeff Layton <jlayton(a)kernel.org> nfsd: simplify the delayed disposal list code Chuck Lever <chuck.lever(a)oracle.com> NFSD: Convert filecache to rhltable Jeff Layton <jlayton(a)kernel.org> nfsd: allow reaping files still under writeback Jeff Layton <jlayton(a)kernel.org> nfsd: update comment over __nfsd_file_cache_purge Jeff Layton <jlayton(a)kernel.org> nfsd: don't take/put an extra reference when putting a file Jeff Layton <jlayton(a)kernel.org> nfsd: add some comments to nfsd_file_do_acquire Jeff Layton <jlayton(a)kernel.org> nfsd: don't kill nfsd_files because of lease break error Jeff Layton <jlayton(a)kernel.org> nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator Jeff Layton <jlayton(a)kernel.org> nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries Jeff Layton <jlayton(a)kernel.org> nfsd: don't open-code clear_and_wake_up_bit Jeff Layton <jlayton(a)kernel.org> nfsd: call op_release, even when op_func returns an error Jeff Layton <jlayton(a)kernel.org> nfsd: don't replace page in rq_pages if it's a continuation of last page Chuck Lever <chuck.lever(a)oracle.com> NFSD: Protect against filesystem freezing Chuck Lever <chuck.lever(a)oracle.com> NFSD: copy the whole verifier in nfsd_copy_write_verifier Jeff Layton <jlayton(a)kernel.org> nfsd: don't fsync nfsd_files on last close Jeff Layton <jlayton(a)kernel.org> nfsd: fix courtesy client with deny mode handling in nfs4_upgrade_open Dai Ngo <dai.ngo(a)oracle.com> NFSD: fix problems with cleanup on errors in nfsd4_copy Jeff Layton <jlayton(a)kernel.org> nfsd: don't hand out delegation on setuid files being opened for write Dai Ngo <dai.ngo(a)oracle.com> NFSD: fix leaked reference count of nfsd4_ssc_umount_item Jeff Layton <jlayton(a)kernel.org> nfsd: clean up potential nfsd_file refcount leaks in COPY codepath Jeff Layton <jlayton(a)kernel.org> nfsd: allow nfsd_file_get to sanely handle a NULL pointer Dai Ngo <dai.ngo(a)oracle.com> NFSD: enhance inter-server copy cleanup Jeff Layton <jlayton(a)kernel.org> nfsd: don't destroy global nfs4_file table in per-net shutdown Jeff Layton <jlayton(a)kernel.org> nfsd: don't free files unconditionally in __nfsd_file_cache_purge Dai Ngo <dai.ngo(a)oracle.com> NFSD: replace delayed_work with work_struct for nfsd_client_shrinker Dai Ngo <dai.ngo(a)oracle.com> NFSD: register/unregister of nfsd-client shrinker at nfsd startup/shutdown time Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use set_bit(RQ_DROPME) Chuck Lever <chuck.lever(a)oracle.com> Revert "SUNRPC: Use RMW bitops in single-threaded hot paths" Jeff Layton <jlayton(a)kernel.org> nfsd: fix handling of cached open files in nfsd4_open codepath Jeff Layton <jlayton(a)kernel.org> nfsd: rework refcounting in filecache Kees Cook <keescook(a)chromium.org> NFSD: Avoid clashing function prototypes Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use only RQ_DROPME to signal the need to drop a reply Dai Ngo <dai.ngo(a)oracle.com> NFSD: add CB_RECALL_ANY tracepoints Dai Ngo <dai.ngo(a)oracle.com> NFSD: add delegation reaper to react to low memory condition Dai Ngo <dai.ngo(a)oracle.com> NFSD: add support for sending CB_RECALL_ANY Dai Ngo <dai.ngo(a)oracle.com> NFSD: refactoring courtesy_client_reaper to a generic low memory shrinker Chuck Lever <chuck.lever(a)oracle.com> trace: Relocate event helper files Jeff Layton <jlayton(a)kernel.org> lockd: fix file selection in nlmsvc_cancel_blocked Jeff Layton <jlayton(a)kernel.org> lockd: ensure we use the correct file descriptor when unlocking Jeff Layton <jlayton(a)kernel.org> lockd: set missing fl_flags field when retrieving args Xiu Jianfeng <xiujianfeng(a)huawei.com> NFSD: Use struct_size() helper in alloc_session() Jeff Layton <jlayton(a)kernel.org> nfsd: return error if nfs4_setacl fails Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add an nfsd_file_fsync tracepoint Jeff Layton <jlayton(a)kernel.org> nfsd: fix up the filecache laundrette scheduling Jeff Layton <jlayton(a)kernel.org> filelock: add a new locks_inode_context accessor function Jeff Layton <jlayton(a)kernel.org> nfsd: reorganize filecache.c Jeff Layton <jlayton(a)kernel.org> nfsd: remove the pages_flushed statistic from filecache Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix licensing header in filecache.c Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use rhashtable for managing nfs4_file objects Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor find_file() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up find_or_add_file() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add a nfsd4_file_hash_remove() helper Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfsd4_init_file() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update file_hashtbl() helpers Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use const pointers as parameters to fh_ helpers Chuck Lever <chuck.lever(a)oracle.com> NFSD: Trace delegation revocations Chuck Lever <chuck.lever(a)oracle.com> NFSD: Trace stateids returned via DELEGRETURN Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfs4_preprocess_stateid_op() call sites Chuck Lever <chuck.lever(a)oracle.com> NFSD: Flesh out a documenting comment for filecache.c Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add an NFSD_FILE_GC flag to enable nfsd_file garbage collection Chuck Lever <chuck.lever(a)oracle.com> NFSD: Revert "NFSD: NFSv4 CLOSE should release an nfsd_file immediately" Chuck Lever <chuck.lever(a)oracle.com> NFSD: Pass the target nfsd_file to nfsd_commit() David Disseldorp <ddiss(a)suse.de> exportfs: use pr_debug for unreachable debug statements Jeff Layton <jlayton(a)kernel.org> nfsd: allow disabling NFSv2 at compile time Jeff Layton <jlayton(a)kernel.org> nfsd: move nfserrno() to vfs.c Jeff Layton <jlayton(a)kernel.org> nfsd: ignore requests to disable unsupported versions Chuck Lever <chuck.lever(a)oracle.com> NFSD: Finish converting the NFSv3 GETACL result encoder Colin Ian King <colin.i.king(a)gmail.com> NFSD: Remove redundant assignment to variable host_err Anna Schumaker <Anna.Schumaker(a)Netapp.com> NFSD: Simplify READ_PLUS Jeff Layton <jlayton(a)kernel.org> nfsd: use locks_inode_context helper Jeff Layton <jlayton(a)kernel.org> lockd: use locks_inode_context helper Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix reads with a non-zero offset that don't end on a page boundary Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix trace_nfsd_fh_verify_err() crasher Jeff Layton <jlayton(a)kernel.org> nfsd: put the export reference in nfsd4_verify_deleg_dentry Jeff Layton <jlayton(a)kernel.org> nfsd: fix use-after-free in nfsd_file_do_acquire tracepoint Jeff Layton <jlayton(a)kernel.org> nfsd: fix net-namespace logic in __nfsd_file_cache_purge Jeff Layton <jlayton(a)kernel.org> nfsd: ensure we always call fh_verify_error tracepoint Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> NFSD: unregister shrinker when nfsd_init_net() fails Jeff Layton <jlayton(a)kernel.org> nfsd: rework hashtable handling in nfsd_do_file_acquire Jeff Layton <jlayton(a)kernel.org> nfsd: fix nfsd_file_unhash_and_dispose Gaosheng Cui <cuigaosheng1(a)huawei.com> fanotify: Remove obsoleted fanotify_event_has_path() Gaosheng Cui <cuigaosheng1(a)huawei.com> fsnotify: remove unused declaration Al Viro <viro(a)zeniv.linux.org.uk> fs/notify: constify path Jeff Layton <jlayton(a)kernel.org> nfsd: extra checks when freeing delegation stateids Jeff Layton <jlayton(a)kernel.org> nfsd: make nfsd4_run_cb a bool return function Jeff Layton <jlayton(a)kernel.org> nfsd: fix comments about spinlock handling with delegations Jeff Layton <jlayton(a)kernel.org> nfsd: only fill out return pointer on success in nfsd4_lookup_stateid Chuck Lever <chuck.lever(a)oracle.com> NFSD: Cap rsize_bop result based on send buffer size Chuck Lever <chuck.lever(a)oracle.com> NFSD: Rename the fields in copy_stateid_t ChenXiaoSong <chenxiaosong2(a)huawei.com> nfsd: use DEFINE_SHOW_ATTRIBUTE to define nfsd_file_cache_stats_fops ChenXiaoSong <chenxiaosong2(a)huawei.com> nfsd: use DEFINE_SHOW_ATTRIBUTE to define nfsd_reply_cache_stats_fops ChenXiaoSong <chenxiaosong2(a)huawei.com> nfsd: use DEFINE_SHOW_ATTRIBUTE to define client_info_fops ChenXiaoSong <chenxiaosong2(a)huawei.com> nfsd: use DEFINE_SHOW_ATTRIBUTE to define export_features_fops and supported_enctypes_fops ChenXiaoSong <chenxiaosong2(a)huawei.com> nfsd: use DEFINE_PROC_SHOW_ATTRIBUTE to define nfsd_proc_ops Chuck Lever <chuck.lever(a)oracle.com> NFSD: Pack struct nfsd4_compoundres Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove unused nfsd4_compoundargs::cachetype field Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove "inline" directives on op_rsize_bop helpers Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfs4svc_encode_compoundres() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up WRITE arg decoders Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use xdr_inline_decode() to decode NFSv3 symlinks Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor common code out of dirlist helpers Chuck Lever <chuck.lever(a)oracle.com> NFSD: Reduce amount of struct nfsd4_compoundargs that needs clearing Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Parametrize how much of argsize should be zeroed Dai Ngo <dai.ngo(a)oracle.com> NFSD: add shrinker to reap courtesy clients on low memory condition Dai Ngo <dai.ngo(a)oracle.com> NFSD: keep track of the number of courtesy clients in the system Chuck Lever <chuck.lever(a)oracle.com> NFSD: Make nfsd4_remove() wait before returning NFS4ERR_DELAY Chuck Lever <chuck.lever(a)oracle.com> NFSD: Make nfsd4_rename() wait before returning NFS4ERR_DELAY Chuck Lever <chuck.lever(a)oracle.com> NFSD: Make nfsd4_setattr() wait before returning NFS4ERR_DELAY Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd_setattr() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add a mechanism to wait for a DELEGRETURN Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add tracepoints to report NFSv4 callback completions Chuck Lever <chuck.lever(a)oracle.com> NFSD: Trace NFSv4 COMPOUND tags Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace dprintk() call site in fh_verify() Gaosheng Cui <cuigaosheng1(a)huawei.com> nfsd: remove nfsd4_prepare_cb_recall() declaration Jeff Layton <jlayton(a)kernel.org> nfsd: clean up mounted_on_fileid handling NeilBrown <neilb(a)suse.de> NFSD: drop fname and flen args from nfsd_create_locked() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Increase NFSD_MAX_OPS_PER_COMPOUND Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> nfsd: Propagate some error code returned by memdup_user() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> nfsd: Avoid some useless tests Jinpeng Cui <cui.jinpeng2(a)zte.com.cn> NFSD: remove redundant variable status Olga Kornievskaia <kolga(a)netapp.com> NFSD enforce filehandle check for source file in COPY Wolfram Sang <wsa+renesas(a)sang-engineering.com> lockd: move from strlcpy with unused retval to strscpy Wolfram Sang <wsa+renesas(a)sang-engineering.com> NFSD: move from strlcpy with unused retval to strscpy Al Viro <viro(a)zeniv.linux.org.uk> nfsd_splice_actor(): handle compound pages NeilBrown <neilb(a)suse.de> NFSD: fix regression with setting ACLs. NeilBrown <neilb(a)suse.de> NFSD: discard fh_locked flag and fh_lock/fh_unlock NeilBrown <neilb(a)suse.de> NFSD: use (un)lock_inode instead of fh_(un)lock for file operations NeilBrown <neilb(a)suse.de> NFSD: use explicit lock/unlock for directory ops NeilBrown <neilb(a)suse.de> NFSD: reduce locking in nfsd_lookup() NeilBrown <neilb(a)suse.de> NFSD: only call fh_unlock() once in nfsd_link() NeilBrown <neilb(a)suse.de> NFSD: always drop directory lock in nfsd_unlink() NeilBrown <neilb(a)suse.de> NFSD: change nfsd_create()/nfsd_symlink() to unlock directory before returning. NeilBrown <neilb(a)suse.de> NFSD: add posix ACLs to struct nfsd_attrs NeilBrown <neilb(a)suse.de> NFSD: add security label to struct nfsd_attrs NeilBrown <neilb(a)suse.de> NFSD: set attributes when creating symlinks NeilBrown <neilb(a)suse.de> NFSD: introduce struct nfsd_attrs Jeff Layton <jlayton(a)kernel.org> NFSD: verify the opened dentry after setting a delegation Jeff Layton <jlayton(a)kernel.org> NFSD: drop fh argument from alloc_init_deleg Chuck Lever <chuck.lever(a)oracle.com> NFSD: Move copy offload callback arguments into a separate structure Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add nfsd4_send_cb_offload() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove kmalloc from nfsd4_do_async_copy() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd4_do_copy() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd4_cleanup_inter_ssc() (2/2) Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd4_cleanup_inter_ssc() (1/2) Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace boolean fields in struct nfsd4_copy Chuck Lever <chuck.lever(a)oracle.com> NFSD: Make nfs4_put_copy() static Chuck Lever <chuck.lever(a)oracle.com> NFSD: Reorder the fields in struct nfsd4_op Chuck Lever <chuck.lever(a)oracle.com> NFSD: Shrink size of struct nfsd4_copy Chuck Lever <chuck.lever(a)oracle.com> NFSD: Shrink size of struct nfsd4_copy_notify Chuck Lever <chuck.lever(a)oracle.com> NFSD: nfserrno(-ENOMEM) is nfserr_jukebox Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix strncpy() fortify warning Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfsd4_encode_readlink() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use xdr_pad_size() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Simplify starting_len Chuck Lever <chuck.lever(a)oracle.com> NFSD: Optimize nfsd4_encode_readv() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add an nfsd4_read::rd_eof field Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up SPLICE_OK in nfsd4_encode_read() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Optimize nfsd4_encode_fattr() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Optimize nfsd4_encode_operation() Jeff Layton <jlayton(a)kernel.org> nfsd: silence extraneous printk on nfsd.ko insertion Dai Ngo <dai.ngo(a)oracle.com> NFSD: limit the number of v4 clients to 1024 per 1GB of system memory Dai Ngo <dai.ngo(a)oracle.com> NFSD: keep track of the number of v4 clients in the system Dai Ngo <dai.ngo(a)oracle.com> NFSD: refactoring v4 specific code to a helper in nfs4state.c Chuck Lever <chuck.lever(a)oracle.com> NFSD: Ensure nf_inode is never dereferenced Chuck Lever <chuck.lever(a)oracle.com> NFSD: NFSv4 CLOSE should release an nfsd_file immediately Chuck Lever <chuck.lever(a)oracle.com> NFSD: Move nfsd_file_trace_alloc() tracepoint Chuck Lever <chuck.lever(a)oracle.com> NFSD: Separate tracepoints for acquire and create Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up unused code after rhashtable conversion Chuck Lever <chuck.lever(a)oracle.com> NFSD: Convert the filecache to use rhashtable Chuck Lever <chuck.lever(a)oracle.com> NFSD: Set up an rhashtable for the filecache Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace the "init once" mechanism Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove nfsd_file::nf_hashval Chuck Lever <chuck.lever(a)oracle.com> NFSD: nfsd_file_hash_remove can compute hashval Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor __nfsd_file_close_inode() Chuck Lever <chuck.lever(a)oracle.com> NFSD: nfsd_file_unhash can compute hashval from nf->nf_inode Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove lockdep assertion from unhash_and_release_locked() Chuck Lever <chuck.lever(a)oracle.com> NFSD: No longer record nf_hashval in the trace log Chuck Lever <chuck.lever(a)oracle.com> NFSD: Never call nfsd_file_gc() in foreground paths Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix the filecache LRU shrinker Chuck Lever <chuck.lever(a)oracle.com> NFSD: Leave open files out of the filecache LRU Chuck Lever <chuck.lever(a)oracle.com> NFSD: Trace filecache LRU activity Chuck Lever <chuck.lever(a)oracle.com> NFSD: WARN when freeing an item still linked via nf_lru Chuck Lever <chuck.lever(a)oracle.com> NFSD: Hook up the filecache stat file Chuck Lever <chuck.lever(a)oracle.com> NFSD: Zero counters when the filecache is re-initialized Chuck Lever <chuck.lever(a)oracle.com> NFSD: Record number of flush calls Chuck Lever <chuck.lever(a)oracle.com> NFSD: Report the number of items evicted by the LRU walk Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd_file_lru_scan() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd_file_gc() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add nfsd_file_lru_dispose_list() helper Chuck Lever <chuck.lever(a)oracle.com> NFSD: Report average age of filecache items Chuck Lever <chuck.lever(a)oracle.com> NFSD: Report count of freed filecache items Chuck Lever <chuck.lever(a)oracle.com> NFSD: Report count of calls to nfsd_file_acquire() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Report filecache LRU size Chuck Lever <chuck.lever(a)oracle.com> NFSD: Demote a WARN to a pr_warn() Colin Ian King <colin.i.king(a)gmail.com> nfsd: remove redundant assignment to variable len Zhang Jiaming <jiaming(a)nfschina.com> NFSD: Fix space and spelling mistake Chuck Lever <chuck.lever(a)oracle.com> NFSD: Instrument fh_verify() Benjamin Coddington <bcodding(a)redhat.com> NLM: Defend against file_lock changes after vfs_test_lock() Xin Gao <gaoxin(a)cdjrlc.com> fsnotify: Fix comment typo Amir Goldstein <amir73il(a)gmail.com> fanotify: introduce FAN_MARK_IGNORE Amir Goldstein <amir73il(a)gmail.com> fanotify: cleanups for fanotify_mark() input validations Amir Goldstein <amir73il(a)gmail.com> fanotify: prepare for setting event flags in ignore mask Oliver Ford <ojford(a)gmail.com> fs: inotify: Fix typo in inotify comment Chuck Lever <chuck.lever(a)oracle.com> NFSD: Decode NFSv4 birth time attribute Amir Goldstein <amir73il(a)gmail.com> fanotify: refine the validation checks on non-dir inode mask NeilBrown <neilb(a)suse.de> NFS: restore module put when manager exits. Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix potential use-after-free in nfsd_file_put() Chuck Lever <chuck.lever(a)oracle.com> NFSD: nfsd_file_put() can sleep Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add documenting comment for nfsd4_release_lockowner() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Modernize nfsd4_release_lockowner() Zhang Xiaoxu <zhangxiaoxu5(a)huawei.com> nfsd: Fix null-ptr-deref in nfsd_fill_super() Zhang Xiaoxu <zhangxiaoxu5(a)huawei.com> nfsd: Unregister the cld notifier when laundry_wq create failed Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Use RMW bitops in single-threaded hot paths Chuck Lever <chuck.lever(a)oracle.com> NFSD: Trace filecache opens Chuck Lever <chuck.lever(a)oracle.com> NFSD: Move documenting comment for nfsd4_process_open2() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix whitespace Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove dprintk call sites from tail of nfsd4_open() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Instantiate a struct file when creating a regular NFSv4 file Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfsd_open_verified() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove do_nfsd_create() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor NFSv4 OPEN(CREATE) Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor NFSv3 CREATE Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd_create_setattr() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Avoid calling fh_drop_write() twice in do_nfsd_create() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfsd3_proc_create() Dai Ngo <dai.ngo(a)oracle.com> NFSD: Show state of courtesy client in client info Dai Ngo <dai.ngo(a)oracle.com> NFSD: add support for lock conflict to courteous server Dai Ngo <dai.ngo(a)oracle.com> fs/lock: add 2 callbacks to lock_manager_operations to resolve conflict Dai Ngo <dai.ngo(a)oracle.com> fs/lock: add helper locks_owner_has_blockers to check for blockers Dai Ngo <dai.ngo(a)oracle.com> NFSD: move create/destroy of laundry_wq to init_nfsd and exit_nfsd Dai Ngo <dai.ngo(a)oracle.com> NFSD: add support for share reservation conflict to courteous server Dai Ngo <dai.ngo(a)oracle.com> NFSD: add courteous server support for thread with only delegation Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfsd_splice_actor() Vasily Averin <vvs(a)openvz.org> fanotify: fix incorrect fmode_t casts Amir Goldstein <amir73il(a)gmail.com> fsnotify: consistent behavior for parent not watching children Amir Goldstein <amir73il(a)gmail.com> fsnotify: introduce mark type iterator Amir Goldstein <amir73il(a)gmail.com> fanotify: enable "evictable" inode marks Amir Goldstein <amir73il(a)gmail.com> fanotify: use fsnotify group lock helpers Amir Goldstein <amir73il(a)gmail.com> fanotify: implement "evictable" inode marks Amir Goldstein <amir73il(a)gmail.com> fanotify: factor out helper fanotify_mark_update_flags() Amir Goldstein <amir73il(a)gmail.com> fanotify: create helper fanotify_mark_user_flags() Amir Goldstein <amir73il(a)gmail.com> fsnotify: allow adding an inode mark without pinning inode Amir Goldstein <amir73il(a)gmail.com> dnotify: use fsnotify group lock helpers Amir Goldstein <amir73il(a)gmail.com> nfsd: use fsnotify group lock helpers Amir Goldstein <amir73il(a)gmail.com> inotify: use fsnotify group lock helpers Amir Goldstein <amir73il(a)gmail.com> fsnotify: create helpers for group mark_mutex lock Amir Goldstein <amir73il(a)gmail.com> fsnotify: make allow_dups a property of the group Amir Goldstein <amir73il(a)gmail.com> fsnotify: pass flags argument to fsnotify_alloc_group() Amir Goldstein <amir73il(a)gmail.com> inotify: move control flags from mask to mark flags Dai Ngo <dai.ngo(a)oracle.com> fs/lock: documentation cleanup. Replace inode->i_lock with flc_lock. Amir Goldstein <amir73il(a)gmail.com> fanotify: do not allow setting dirent events in mask of non-dir Trond Myklebust <trond.myklebust(a)hammerspace.com> nfsd: Clean up nfsd_file_put() Trond Myklebust <trond.myklebust(a)hammerspace.com> nfsd: Fix a write performance regression Bang Li <libang.linuxer(a)gmail.com> fsnotify: remove redundant parameter judgment Amir Goldstein <amir73il(a)gmail.com> fsnotify: optimize FS_MODIFY events with no ignored masks Amir Goldstein <amir73il(a)gmail.com> fsnotify: fix merge with parent's ignored mask Jakob Koschel <jakobkoschel(a)gmail.com> nfsd: fix using the correct variable for sizeof() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up _lm_ operation names Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove CONFIG_NFSD_V3 Chuck Lever <chuck.lever(a)oracle.com> NFSD: Move svc_serv_ops::svo_function into struct svc_serv Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove svc_serv_ops::svo_module Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Remove svc_shutdown_net() Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Rename svc_close_xprt() Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Rename svc_create_xprt() Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Remove svo_shutdown method Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Merge svc_do_enqueue_xprt() into svc_enqueue_xprt() Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Remove the .svo_enqueue_xprt method Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove NFSD_PROC_ARGS_* macros Chuck Lever <chuck.lever(a)oracle.com> NFSD: Streamline the rare "found" case Chuck Lever <chuck.lever(a)oracle.com> NFSD: Skip extra computation for RC_NOCACHE case Chuck Lever <chuck.lever(a)oracle.com> orDate: Thu Sep 30 19:19:57 2021 -0400 Ondrej Valousek <ondrej.valousek.xm(a)renesas.com> nfsd: Add support for the birth time attribute Chuck Lever <chuck.lever(a)oracle.com> NFSD: Deprecate NFS_OFFSET_MAX Amir Goldstein <amir73il(a)gmail.com> fsnotify: invalidate dcache before IN_DELETE event Chuck Lever <chuck.lever(a)oracle.com> NFSD: Move fill_pre_wcc() and fill_post_wcc() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Trace boot verifier resets Chuck Lever <chuck.lever(a)oracle.com> NFSD: Rename boot verifier functions Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up the nfsd_net::nfssvc_boot field Chuck Lever <chuck.lever(a)oracle.com> NFSD: Write verifier might go backwards Trond Myklebust <trond.myklebust(a)hammerspace.com> nfsd: Add a tracepoint for errors in nfsd4_clone_file_range() Chuck Lever <chuck.lever(a)oracle.com> NFSD: De-duplicate net_generic(SVC_NET(rqstp), nfsd_net_id) Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfsd_vfs_write() Jeff Layton <jeff.layton(a)primarydata.com> nfsd: Retry once in nfsd_open on an -EOPENSTALE return Jeff Layton <jeff.layton(a)primarydata.com> nfsd: Add errno mapping for EREMOTEIO Peng Tao <tao.peng(a)primarydata.com> nfsd: map EBADF Vasily Averin <vvs(a)virtuozzo.com> nfsd4: add refcount for nfsd4_blocked_lock J. Bruce Fields <bfields(a)redhat.com> nfs: block notification on fs with its own ->lock Chuck Lever <chuck.lever(a)oracle.com> NFSD: De-duplicate nfsd4_decode_bitmap4() J. Bruce Fields <bfields(a)redhat.com> nfsd: improve stateid access bitmask documentation Chuck Lever <chuck.lever(a)oracle.com> NFSD: Combine XDR error tracepoints NeilBrown <neilb(a)suse.de> NFSD: simplify per-net file cache management Jiapeng Chong <jiapeng.chong(a)linux.alibaba.com> NFSD: Fix inconsistent indenting Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove be32_to_cpu() from DRC hash function NeilBrown <neilb(a)suse.de> NFS: switch the callback service back to non-pooled. NeilBrown <neilb(a)suse.de> lockd: use svc_set_num_threads() for thread start and stop NeilBrown <neilb(a)suse.de> SUNRPC: always treat sv_nrpools==1 as "not pooled" NeilBrown <neilb(a)suse.de> SUNRPC: move the pool_map definitions (back) into svc.c NeilBrown <neilb(a)suse.de> lockd: rename lockd_create_svc() to lockd_get() NeilBrown <neilb(a)suse.de> lockd: introduce lockd_put() NeilBrown <neilb(a)suse.de> lockd: move svc_exit_thread() into the thread NeilBrown <neilb(a)suse.de> lockd: move lockd_start_svc() call into lockd_create_svc() NeilBrown <neilb(a)suse.de> lockd: simplify management of network status notifiers NeilBrown <neilb(a)suse.de> lockd: introduce nlmsvc_serv NeilBrown <neilb(a)suse.de> NFSD: simplify locking for network notifier. NeilBrown <neilb(a)suse.de> SUNRPC: discard svo_setup and rename svc_set_num_threads_sync() NeilBrown <neilb(a)suse.de> NFSD: Make it possible to use svc_set_num_threads_sync NeilBrown <neilb(a)suse.de> NFSD: narrow nfsd_mutex protection in nfsd thread NeilBrown <neilb(a)suse.de> SUNRPC: use sv_lock to protect updates to sv_nrthreads. NeilBrown <neilb(a)suse.de> nfsd: make nfsd_stats.th_cnt atomic_t NeilBrown <neilb(a)suse.de> SUNRPC: stop using ->sv_nrthreads as a refcount NeilBrown <neilb(a)suse.de> SUNRPC/NFSD: clean up get/put functions. NeilBrown <neilb(a)suse.de> SUNRPC: change svc_get() to return the svc. NeilBrown <neilb(a)suse.de> NFSD: handle errors better in write_ports_addfd() Eric W. Biederman <ebiederm(a)xmission.com> exit: Rename module_put_and_exit to module_put_and_kthread_exit Eric W. Biederman <ebiederm(a)xmission.com> exit: Implement kthread_exit Amir Goldstein <amir73il(a)gmail.com> fanotify: wire up FAN_RENAME event Amir Goldstein <amir73il(a)gmail.com> fanotify: report old and/or new parent+name in FAN_RENAME event Amir Goldstein <amir73il(a)gmail.com> fanotify: record either old name new name or both for FAN_RENAME Amir Goldstein <amir73il(a)gmail.com> fanotify: record old and new parent and name in FAN_RENAME event Amir Goldstein <amir73il(a)gmail.com> fanotify: support secondary dir fh and name in fanotify_info Amir Goldstein <amir73il(a)gmail.com> fanotify: use helpers to parcel fanotify_info buffer Amir Goldstein <amir73il(a)gmail.com> fanotify: use macros to get the offset to fanotify_info buffer Amir Goldstein <amir73il(a)gmail.com> fsnotify: generate FS_RENAME event with rich information Amir Goldstein <amir73il(a)gmail.com> fanotify: introduce group flag FAN_REPORT_TARGET_FID Amir Goldstein <amir73il(a)gmail.com> fsnotify: separate mark iterator type from object type enum Amir Goldstein <amir73il(a)gmail.com> fsnotify: clarify object type argument Gabriel Krisman Bertazi <krisman(a)collabora.com> ext4: fix error code saved on super block during file system abort J. Bruce Fields <bfields(a)redhat.com> nfsd4: remove obselete comment Changcheng Deng <deng.changcheng(a)zte.com.cn> NFSD:fix boolreturn.cocci warning J. Bruce Fields <bfields(a)redhat.com> nfsd: update create verifier comment Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Change return value type of .pc_encode Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Replace the "__be32 *p" parameter to .pc_encode Chuck Lever <chuck.lever(a)oracle.com> NFSD: Save location of NFSv4 COMPOUND status Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Change return value type of .pc_decode Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Replace the "__be32 *p" parameter to .pc_decode Colin Ian King <colin.king(a)canonical.com> NFSD: Initialize pointer ni with NULL and not plain integer 0 NeilBrown <neilb(a)suse.de> NFSD: simplify struct nfsfh NeilBrown <neilb(a)suse.de> NFSD: drop support for ancient filehandles NeilBrown <neilb(a)suse.de> NFSD: move filehandle format declarations out of "uapi". Chuck Lever <chuck.lever(a)oracle.com> NFSD: Optimize DRC bucket pruning Chuck Lever <chuck.lever(a)oracle.com> NFS: Move NFS protocol display macros to global header Chuck Lever <chuck.lever(a)oracle.com> NFS: Move generic FS show macros to global header Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Tracepoints should display tk_pid and cl_clid as a fixed-size field Chuck Lever <chuck.lever(a)oracle.com> NFS: Remove unnecessary TRACE_DEFINE_ENUM()s Gabriel Krisman Bertazi <krisman(a)collabora.com> docs: Document the FAN_FS_ERROR event Gabriel Krisman Bertazi <krisman(a)collabora.com> ext4: Send notifications on error Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Allow users to request FAN_FS_ERROR events Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Emit generic error info for error event Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Report fid info for file related file system errors Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: WARN_ON against too large file handles Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Add helpers to decide whether to report FID/DFID Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Wrap object_fh inline space in a creator macro Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Support merging of error events Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Support enqueueing of error events Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Pre-allocate pool of error events Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Reserve UAPI bits for FAN_FS_ERROR Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Support FS_ERROR event type Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Require fid_mode for any non-fd event Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Encode empty file handle when no inode is provided Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Allow file handle encoding for unhashed events Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Support null inode event in fanotify_dfid_inode Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Pass group argument to free_event Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Protect fsnotify_handle_inode_event from no-inode events Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Retrieve super block from the data field Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Add wrapper around fsnotify_add_event Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Add helper to detect overflow_event Gabriel Krisman Bertazi <krisman(a)collabora.com> inotify: Don't force FS_IN_IGNORED Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Split fsid check from other fid mode checks Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Fold event size calculation to its own function Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Don't insert unmergeable events in hashtable Amir Goldstein <amir73il(a)gmail.com> fsnotify: clarify contract for create event hooks Amir Goldstein <amir73il(a)gmail.com> fsnotify: pass dentry instead of inode data Amir Goldstein <amir73il(a)gmail.com> fsnotify: pass data_type to fsnotify_name() Peter Zijlstra <peterz(a)infradead.org> x86/static_call: Add support for Jcc tail-calls Peter Zijlstra <peterz(a)infradead.org> x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 instructions Peter Zijlstra <peterz(a)infradead.org> x86/alternatives: Introduce int3_emulate_jcc() Thomas Gleixner <tglx(a)linutronix.de> x86/asm: Differentiate between code and function alignment Peter Zijlstra <peterz(a)infradead.org> arch: Introduce CONFIG_FUNCTION_ALIGNMENT Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/rfds: Mitigate Register File Data Sampling (RFDS) Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> Documentation/hw-vuln: Add documentation for RFDS Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> KVM/VMX: Move VERW closer to VMentry for MDS mitigation Sean Christopherson <seanjc(a)google.com> KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/entry_32: Add VERW just before userspace transition Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/entry_64: Add VERW just before userspace transition Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Add asm helpers for executing VERW H. Peter Anvin (Intel) <hpa(a)zytor.com> x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Limit stage2_apply_range() batch size to largest block Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Work out supported block level at compile time Rickard x Andersson <rickaran(a)axis.com> tty: serial: imx: Fix broken RS485 John Ogness <john.ogness(a)linutronix.de> printk: Update @console_may_schedule in console_trylock_spinning() Nicolin Chen <nicolinc(a)nvidia.com> iommu/dma: Force swiotlb_max_mapping_size on an untrusted device John Garry <john.garry(a)huawei.com> dma-iommu: add iommu_dma_opt_mapping_size() John Garry <john.garry(a)huawei.com> dma-mapping: add dma_opt_mapping_size() Will Deacon <will(a)kernel.org> swiotlb: Fix alignment checks when both allocation and DMA masks are present David Laight <David.Laight(a)ACULAB.COM> minmax: add umin(a, b) and umax(a, b) André Rösti <an.roesti(a)gmail.com> entry: Respect changes to system call number by trace_sys_enter() Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> clocksource/drivers/arm_global_timer: Fix maximum prescaler value Jarred White <jarredwhite(a)linux.microsoft.com> ACPI: CPPC: Use access_width over bit_width for system memory accesses Maximilian Heyne <mheyne(a)amazon.de> xen/events: close evtchn after mapping cleanup Heiner Kallweit <hkallweit1(a)gmail.com> i2c: i801: Avoid potential double call to gpiod_remove_lookup_table Sumit Garg <sumit.garg(a)linaro.org> tee: optee: Fix kernel panic caused by incorrect error handling Bart Van Assche <bvanassche(a)acm.org> fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion Nicolas Pitre <nico(a)fluxnic.net> vt: fix unicode buffer corruption when deleting characters Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add arrow lake point H DID Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add arrow lake point S DID Sherry Sun <sherry.sun(a)nxp.com> tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled Mathias Nyman <mathias.nyman(a)linux.intel.com> usb: port: Don't try to peer unused USB ports based on location Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: gadget: ncm: Fix handling of zero block length packets Alan Stern <stern(a)rowland.harvard.edu> USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform Nirmoy Das <nirmoy.das(a)intel.com> drm/i915: Check before removing mm notifier Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Use .flush() call to wake up readers Sean Christopherson <seanjc(a)google.com> KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() Nathan Chancellor <nathan(a)kernel.org> xfrm: Avoid clang fortify warning in copy_to_user_tmpl() Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject constant set with timeout Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: disallow anonymous set with timeout flag Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> cpufreq: brcmstb-avs-cpufreq: fix up "add check for cpufreq_cpu_get's return value" Geert Uytterhoeven <geert+renesas(a)glider.be> net: ravb: Add R-Car Gen4 support Anton Altaparmakov <anton(a)tuxera.com> x86/pm: Work around false positive kmemleak report in msr_build_context() Mikulas Patocka <mpatocka(a)redhat.com> dm snapshot: fix lockup in dm_exception_table_exit Leo Ma <hanghong.ma(a)amd.com> drm/amd/display: Fix noise issue on HDMI AV mute Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> drm/amd/display: Return the correct HDCP error code Philip Yang <Philip.Yang(a)amd.com> drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag Conrad Kostecki <conikost(a)gentoo.org> ahci: asm1064: asm1166: don't limit reported ports Andrey Jr. Melnikov <temnota.am(a)gmail.com> ahci: asm1064: correct count of reported ports Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: netlink: access device through ctx instead of peer Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: netlink: check for dangling peer via is_dead instead of empty list Steven Rostedt (Google) <rostedt(a)goodmis.org> net: hns3: tracing: fix hclgevf trace event strings Steven Rostedt (Google) <rostedt(a)goodmis.org> NFSD: Fix nfsd_clid_class use of __string_len() macro Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Update the Zenbleed microcode revisions Marek Szyprowski <m.szyprowski(a)samsung.com> cpufreq: dt: always allocate zeroed cpumask Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: prevent kernel bug at submit_bh_wbc() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix failure to detect DAT corruption in btree and direct mappings Qiang Zhang <qiang4.zhang(a)intel.com> memtest: use {READ,WRITE}_ONCE in memory scanning Jani Nikula <jani.nikula(a)intel.com> drm/vc4: hdmi: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/imx/ipuv3: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/exynos: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/panel: do not return negative error codes from drm_panel_get_modes() Harald Freudenberger <freude(a)linux.ibm.com> s390/zcrypt: fix reference counting on zcrypt card objects Sean Anderson <sean.anderson(a)linux.dev> soc: fsl: qbman: Use raw spinlock for cgr_lock Sean Anderson <sean.anderson(a)seco.com> soc: fsl: qbman: Add CGR update function Sean Anderson <sean.anderson(a)seco.com> soc: fsl: qbman: Add helper for sanity checking cgr ops Sean Anderson <sean.anderson(a)linux.dev> soc: fsl: qbman: Always disable interrupts when taking cgr_lock Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix full_waiters_pending in poll Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix resetting of shortest_full Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Do not set shortest_full when full target is hit Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix waking up ring buffer readers Marios Makassikis <mmakassikis(a)freebox.fr> ksmbd: retrieve number of blocks using vfs_getattr in set_file_allocation_info Alex Williamson <alex.williamson(a)redhat.com> vfio/platform: Disable virqfds on cleanup Niklas Cassel <cassel(a)kernel.org> PCI: dwc: endpoint: Fix advertised resizable BAR size Nathan Chancellor <nathan(a)kernel.org> kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 Josef Bacik <josef(a)toxicpanda.com> nfs: fix UAF in direct writes Stanislaw Gruszka <stanislaw.gruszka(a)linux.intel.com> PCI/AER: Block runtime suspend when handling errors Samuel Thibault <samuel.thibault(a)ens-lyon.org> speakup: Fix 8bit characters from direct synth Wayne Chang <waynec(a)nvidia.com> usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic Wayne Chang <waynec(a)nvidia.com> phy: tegra: xusb: Add API to retrieve the port number of phy Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> slimbus: core: Remove usage of the deprecated ida_simple_xx() API Jerome Brunet <jbrunet(a)baylibre.com> nvmem: meson-efuse: fix function pointer type mismatch Maximilian Heyne <mheyne(a)amazon.de> ext4: fix corruption during on-line resize Josua Mayer <josua(a)solid-run.com> hwmon: (amc6821) add of_match table Mickaël Salaün <mic(a)digikod.net> landlock: Warn once if a Landlock action is requested while disabled Christian Gmeiner <cgmeiner(a)igalia.com> drm/etnaviv: Restore some id values Dominique Martinet <dominique.martinet(a)atmark-techno.com> mmc: core: Fix switch on gp3 partition Ryan Roberts <ryan.roberts(a)arm.com> mm: swap: fix race between free_swap_and_cache() and swapoff() Huang Ying <ying.huang(a)intel.com> swap: comments get_swap_device() with usage rule Fedor Pchelkin <pchelkin(a)ispras.ru> mac802154: fix llsec key resources release in mac802154_llsec_key_del Yu Kuai <yukuai3(a)huawei.com> dm-raid: fix lockdep waring in "pers->hot_add_disk" Paul Menzel <pmenzel(a)molgen.mpg.de> PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports Mika Westerberg <mika.westerberg(a)linux.intel.com> PCI/DPC: Quirk PIO log size for certain Intel Root Ports Mika Westerberg <mika.westerberg(a)linux.intel.com> PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited Bjorn Helgaas <bhelgaas(a)google.com> PCI: Work around Intel I210 ROM BAR overlap defect Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PCI/PM: Drain runtime-idle callbacks before driver removal Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> PCI: Drop pci_device_remove() test of pci_dev->driver Filipe Manana <fdmanana(a)suse.com> btrfs: fix off-by-one chunk length calculation at contains_pending_extent() Peter Collingbourne <pcc(a)google.com> serial: Lock console when calling into driver before registration Petr Mladek <pmladek(a)suse.com> printk/console: Split out code that enables default console Jameson Thies <jthies(a)google.com> usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros Miklos Szeredi <mszeredi(a)redhat.com> fuse: don't unhash root Miklos Szeredi <mszeredi(a)redhat.com> fuse: fix root lookup with nonzero generation Wolfram Sang <wsa+renesas(a)sang-engineering.com> mmc: tmio: avoid concurrent runs of mmc_request_done() Qingliang Li <qingliang.li(a)mediatek.com> PM: sleep: wakeirq: fix wake irq warning in system suspend Toru Katagiri <Toru.Katagiri(a)tdk.com> USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M Aurélien Jacobs <aurel(a)gnuage.org> USB: serial: option: add MeiG Smart SLM320 product Christian Häggström <christian.haggstrom(a)orexplore.com> USB: serial: cp210x: add ID for MGP Instruments PDS100 Cameron Williams <cang1(a)live.co.uk> USB: serial: add device ID for VeriFone adapter Daniel Vogelbacher <daniel(a)chaospixel.com> USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB Michael Ellerman <mpe(a)ellerman.id.au> powerpc/fsl: Fix mfpmr build errors with newer binutils Prashanth K <quic_prashk(a)quicinc.com> usb: xhci: Add error handling in xhci_map_urb_for_dma Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays Maulik Shah <quic_mkshah(a)quicinc.com> PM: suspend: Set mem_sleep_current during kernel command line setup Guenter Roeck <linux(a)roeck-us.net> parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds Guenter Roeck <linux(a)roeck-us.net> parisc: Fix csum_ipv6_magic on 64-bit systems Guenter Roeck <linux(a)roeck-us.net> parisc: Fix csum_ipv6_magic on 32-bit systems Guenter Roeck <linux(a)roeck-us.net> parisc: Fix ip_fast_csum John David Anglin <dave.anglin(a)bell.net> parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt macros Arseniy Krasnov <avkrasnov(a)salutedevices.com> mtd: rawnand: meson: fix scrambling mode value in command macro Zhang Yi <yi.zhang(a)huawei.com> ubi: correct the calculation of fastmap size Richard Weinberger <richard(a)nod.at> ubi: Check for too small LEB size in VTBL code Matthew Wilcox (Oracle) <willy(a)infradead.org> ubifs: Set page uptodate in the correct place Jan Kara <jack(a)suse.cz> fat: fix uninitialized field in nostale filehandles Matthew Wilcox (Oracle) <willy(a)infradead.org> bounds: support non-power-of-two CONFIG_NR_CPUS Arnd Bergmann <arnd(a)arndb.de> kasan/test: avoid gcc warning for intentional overflow Peter Collingbourne <pcc(a)google.com> kasan: test: add memcpy test that avoids out-of-bounds write Damien Le Moal <dlemoal(a)kernel.org> block: Clear zone limits for a non-zoned stacked queue Baokun Li <libaokun1(a)huawei.com> ext4: correct best extent lstart adjustment logic SeongJae Park <sj(a)kernel.org> selftests/mqueue: Set timeout to 180 seconds Damian Muszynski <damian.muszynski(a)intel.com> crypto: qat - resolve race condition during AER recovery Svyatoslav Pankratov <svyatoslav.pankratov(a)intel.com> crypto: qat - fix double free during reset Randy Dunlap <rdunlap(a)infradead.org> sparc: vDSO: fix return value of __setup handler Randy Dunlap <rdunlap(a)infradead.org> sparc64: NMI watchdog: fix return value of __setup handler Sean Christopherson <seanjc(a)google.com> KVM: Always flush async #PF workqueue when vCPU is being destroyed Gui-Dong Han <2045gemini(a)gmail.com> media: xc4000: Fix atomicity violation in xc4000_get_frequency Philipp Stanner <pstanner(a)redhat.com> pci_iounmap(): Fix MMIO mapping leak Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix possible null pointer derefence with invalid contexts Duje Mihanović <duje.mihanovic(a)skole.hr> arm: dts: marvell: Fix maxium->maxim typo in brownstone dts Roberto Sassu <roberto.sassu(a)huawei.com> smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() Roberto Sassu <roberto.sassu(a)huawei.com> smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() Amit Pundir <amit.pundir(a)linaro.org> clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd Hidenori Kobayashi <hidenorik(a)chromium.org> media: staging: ipu3-imgu: Set fields before media_entity_pads_init() Zheng Wang <zyytlz.wz(a)163.com> wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach Thomas Gleixner <tglx(a)linutronix.de> timers: Rename del_timer_sync() to timer_delete_sync() Thomas Gleixner <tglx(a)linutronix.de> timers: Use del_timer_sync() even on UP Thomas Gleixner <tglx(a)linutronix.de> timers: Update kernel-doc for various functions Jim Mattson <jmattson(a)google.com> KVM: x86: Use a switch statement and macros in __feature_translate() Jim Mattson <jmattson(a)google.com> KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace Sean Christopherson <seanjc(a)google.com> KVM: x86: Update KVM-only leaf handling to allow for 100% KVM-only leafs Borislav Petkov <bp(a)suse.de> x86/bugs: Use sysfs_emit() Kim Phillips <kim.phillips(a)amd.com> x86/cpu: Support AMD Automatic IBRS Lin Yujun <linyujun809(a)huawei.com> Documentation/hw-vuln: Update spectre doc ------------- Diffstat: Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + .../admin-guide/filesystem-monitoring.rst | 74 ++ Documentation/admin-guide/hw-vuln/index.rst | 1 + .../admin-guide/hw-vuln/reg-file-data-sampling.rst | 104 ++ Documentation/admin-guide/hw-vuln/spectre.rst | 18 +- Documentation/admin-guide/index.rst | 1 + Documentation/admin-guide/kernel-parameters.txt | 27 +- Documentation/core-api/dma-api.rst | 14 + Documentation/filesystems/locking.rst | 10 +- Documentation/filesystems/nfs/exporting.rst | 33 + Documentation/x86/mds.rst | 34 +- MAINTAINERS | 7 + Makefile | 8 +- arch/Kconfig | 24 + arch/arm/boot/dts/mmp2-brownstone.dts | 2 +- arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 2 + arch/arm64/include/asm/kvm_pgtable.h | 18 +- arch/arm64/include/asm/stage2_pgtable.h | 20 - arch/arm64/kvm/mmu.c | 9 +- arch/hexagon/kernel/vmlinux.lds.S | 1 + arch/ia64/Kconfig | 1 + arch/ia64/Makefile | 2 +- arch/openrisc/kernel/dma.c | 16 +- arch/parisc/include/asm/assembly.h | 18 +- arch/parisc/include/asm/checksum.h | 10 +- arch/powerpc/include/asm/reg_fsl_emb.h | 11 +- arch/powerpc/lib/Makefile | 2 +- arch/riscv/include/asm/uaccess.h | 4 +- arch/riscv/kernel/process.c | 3 - arch/s390/kernel/entry.S | 1 + arch/sparc/kernel/nmi.c | 2 +- arch/sparc/vdso/vma.c | 7 +- arch/x86/Kconfig | 13 + arch/x86/boot/compressed/head_64.S | 8 + arch/x86/entry/entry.S | 23 + arch/x86/entry/entry_32.S | 3 + arch/x86/entry/entry_64.S | 11 + arch/x86/entry/entry_64_compat.S | 1 + arch/x86/include/asm/asm-prototypes.h | 1 + arch/x86/include/asm/asm.h | 5 + arch/x86/include/asm/cpufeature.h | 8 +- arch/x86/include/asm/cpufeatures.h | 6 +- arch/x86/include/asm/disabled-features.h | 3 +- arch/x86/include/asm/entry-common.h | 1 - arch/x86/include/asm/linkage.h | 12 +- arch/x86/include/asm/msr-index.h | 10 + arch/x86/include/asm/nospec-branch.h | 47 +- arch/x86/include/asm/required-features.h | 3 +- arch/x86/include/asm/suspend_32.h | 10 +- arch/x86/include/asm/text-patching.h | 31 + arch/x86/kernel/alternative.c | 56 +- arch/x86/kernel/cpu/amd.c | 10 +- arch/x86/kernel/cpu/bugs.c | 245 ++-- arch/x86/kernel/cpu/common.c | 57 +- arch/x86/kernel/cpu/mce/core.c | 4 +- arch/x86/kernel/kprobes/core.c | 38 +- arch/x86/kernel/nmi.c | 3 - arch/x86/kernel/static_call.c | 50 +- arch/x86/kvm/cpuid.c | 29 +- arch/x86/kvm/reverse_cpuid.h | 44 +- arch/x86/kvm/svm/sev.c | 18 +- arch/x86/kvm/vmx/run_flags.h | 7 +- arch/x86/kvm/vmx/vmenter.S | 9 +- arch/x86/kvm/vmx/vmx.c | 12 +- arch/x86/kvm/x86.c | 17 +- arch/x86/lib/retpoline.S | 5 +- arch/x86/mm/ident_map.c | 23 +- block/blk-settings.c | 4 + crypto/algboss.c | 4 +- drivers/accessibility/speakup/synth.c | 4 +- drivers/acpi/acpica/dbnames.c | 8 +- drivers/acpi/cppc_acpi.c | 27 +- drivers/ata/ahci.c | 5 - drivers/ata/sata_mv.c | 63 +- drivers/ata/sata_sx4.c | 6 +- drivers/base/core.c | 26 +- drivers/base/cpu.c | 8 + drivers/base/power/wakeirq.c | 4 +- drivers/clk/qcom/gcc-ipq6018.c | 2 + drivers/clk/qcom/gcc-ipq8074.c | 2 + drivers/clk/qcom/gcc-sdm845.c | 1 + drivers/clk/qcom/mmcc-apq8084.c | 2 + drivers/clk/qcom/mmcc-msm8974.c | 2 + drivers/clocksource/arm_global_timer.c | 2 +- drivers/cpufreq/brcmstb-avs-cpufreq.c | 5 +- drivers/cpufreq/cpufreq-dt.c | 2 +- drivers/crypto/qat/qat_common/adf_aer.c | 23 +- drivers/firmware/efi/vars.c | 17 +- drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 8 +- drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c | 12 +- .../gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 + drivers/gpu/drm/drm_panel.c | 17 +- drivers/gpu/drm/etnaviv/etnaviv_drv.c | 2 +- drivers/gpu/drm/etnaviv/etnaviv_hwdb.c | 9 + drivers/gpu/drm/exynos/exynos_drm_vidi.c | 4 +- drivers/gpu/drm/exynos/exynos_hdmi.c | 4 +- drivers/gpu/drm/i915/gem/i915_gem_userptr.c | 3 + drivers/gpu/drm/i915/gt/intel_engine_pm.c | 3 - .../gpu/drm/i915/gt/intel_execlists_submission.c | 3 + drivers/gpu/drm/imx/parallel-display.c | 4 +- drivers/gpu/drm/vc4/vc4_hdmi.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 14 +- drivers/hid/uhid.c | 20 +- drivers/hwmon/amc6821.c | 11 + drivers/i2c/busses/i2c-i801.c | 4 +- drivers/infiniband/core/cm_trace.h | 2 +- drivers/infiniband/core/cma_trace.h | 2 +- drivers/iommu/dma-iommu.c | 15 + drivers/iommu/iova.c | 5 + drivers/md/dm-integrity.c | 2 +- drivers/md/dm-raid.c | 2 + drivers/md/dm-snap.c | 4 +- drivers/media/tuners/xc4000.c | 4 +- drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/mmc/core/block.c | 14 +- drivers/mmc/host/tmio_mmc_core.c | 2 + drivers/mtd/nand/raw/meson_nand.c | 2 +- drivers/mtd/ubi/fastmap.c | 7 +- drivers/mtd/ubi/vtbl.c | 6 + drivers/net/ethernet/freescale/fec_main.c | 11 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_trace.h | 8 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_trace.h | 8 +- drivers/net/ethernet/intel/i40e/i40e.h | 6 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 14 +- drivers/net/ethernet/intel/i40e/i40e_ptp.c | 6 +- drivers/net/ethernet/intel/i40e/i40e_register.h | 3 + drivers/net/ethernet/intel/i40e/i40e_txrx.c | 82 +- drivers/net/ethernet/intel/i40e/i40e_txrx.h | 5 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 34 +- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 16 +- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 + .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 2 +- .../net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 2 +- .../ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c | 31 +- drivers/net/ethernet/realtek/r8169_main.c | 11 +- drivers/net/ethernet/renesas/ravb_main.c | 8 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 +- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 38 +- drivers/net/ethernet/xilinx/ll_temac_main.c | 2 +- drivers/net/usb/asix.h | 3 + drivers/net/usb/asix_devices.c | 20 +- drivers/net/wireguard/netlink.c | 10 +- .../broadcom/brcm80211/brcmfmac/cfg80211.c | 4 +- drivers/net/wireless/intel/iwlwifi/mvm/rfi.c | 12 +- drivers/net/xen-netfront.c | 1 + drivers/nvme/host/core.c | 6 +- drivers/nvmem/meson-efuse.c | 25 +- drivers/of/dynamic.c | 12 + drivers/pci/controller/dwc/pcie-designware-ep.c | 7 +- drivers/pci/pci-driver.c | 23 +- drivers/pci/pcie/dpc.c | 15 +- drivers/pci/pcie/err.c | 20 + drivers/pci/quirks.c | 100 ++ drivers/pci/setup-res.c | 8 +- drivers/phy/tegra/xusb.c | 13 + drivers/s390/crypto/zcrypt_api.c | 2 + drivers/s390/net/qeth_core_main.c | 38 +- drivers/scsi/hosts.c | 7 +- drivers/scsi/lpfc/lpfc_nvmet.c | 2 +- drivers/scsi/myrb.c | 20 +- drivers/scsi/myrs.c | 24 +- drivers/scsi/qla2xxx/qla_attr.c | 14 +- drivers/scsi/qla2xxx/qla_def.h | 2 +- drivers/scsi/qla2xxx/qla_gbl.h | 2 +- drivers/scsi/qla2xxx/qla_gs.c | 2 +- drivers/scsi/qla2xxx/qla_init.c | 128 +-- drivers/scsi/qla2xxx/qla_iocb.c | 68 +- drivers/scsi/qla2xxx/qla_mbx.c | 2 +- drivers/scsi/qla2xxx/qla_os.c | 2 +- drivers/scsi/qla2xxx/qla_target.c | 10 + drivers/slimbus/core.c | 4 +- drivers/soc/fsl/qbman/qman.c | 98 +- drivers/staging/media/ipu3/ipu3-v4l2.c | 16 +- .../staging/vc04_services/vchiq-mmal/mmal-vchiq.c | 5 +- drivers/tee/optee/device.c | 3 +- drivers/thermal/devfreq_cooling.c | 2 +- drivers/tty/serial/8250/8250_port.c | 6 - drivers/tty/serial/fsl_lpuart.c | 7 +- drivers/tty/serial/imx.c | 22 +- drivers/tty/serial/sc16is7xx.c | 15 +- drivers/tty/serial/serial_core.c | 12 + drivers/tty/vt/vt.c | 2 +- drivers/usb/class/cdc-wdm.c | 6 +- drivers/usb/core/hub.c | 23 +- drivers/usb/core/hub.h | 2 + drivers/usb/core/port.c | 5 +- drivers/usb/core/sysfs.c | 16 +- drivers/usb/dwc2/core.h | 14 + drivers/usb/dwc2/core_intr.c | 72 +- drivers/usb/dwc2/gadget.c | 10 + drivers/usb/dwc2/hcd.c | 49 +- drivers/usb/dwc2/hcd_ddma.c | 17 +- drivers/usb/dwc2/hw.h | 2 +- drivers/usb/dwc2/platform.c | 2 +- drivers/usb/gadget/function/f_ncm.c | 2 +- drivers/usb/gadget/udc/core.c | 4 +- drivers/usb/gadget/udc/tegra-xudc.c | 39 +- drivers/usb/host/xhci.c | 2 + drivers/usb/phy/phy-generic.c | 7 - drivers/usb/serial/cp210x.c | 4 + drivers/usb/serial/ftdi_sio.c | 2 + drivers/usb/serial/ftdi_sio_ids.h | 6 + drivers/usb/serial/option.c | 6 + drivers/usb/storage/isd200.c | 23 +- drivers/usb/storage/scsiglue.c | 1 - drivers/usb/storage/uas.c | 81 +- drivers/usb/storage/usb.c | 4 +- drivers/usb/typec/ucsi/ucsi.c | 52 +- drivers/usb/typec/ucsi/ucsi.h | 4 +- drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c | 7 +- drivers/vfio/pci/vfio_pci_intrs.c | 188 +-- drivers/vfio/platform/vfio_platform_irq.c | 106 +- drivers/vfio/virqfd.c | 21 + drivers/xen/events/events_base.c | 5 +- fs/Kconfig | 2 +- fs/aio.c | 8 +- fs/btrfs/scrub.c | 12 +- fs/btrfs/volumes.c | 2 +- fs/cifs/connect.c | 2 +- fs/exec.c | 1 + fs/exportfs/expfs.c | 8 +- fs/ext4/mballoc.c | 17 +- fs/ext4/resize.c | 3 +- fs/ext4/super.c | 10 +- fs/fat/nfs.c | 6 + fs/fuse/dir.c | 4 + fs/fuse/fuse_i.h | 1 - fs/fuse/inode.c | 7 +- fs/ksmbd/smb2pdu.c | 10 +- fs/lockd/host.c | 2 +- fs/lockd/svc.c | 223 ++-- fs/lockd/svc4proc.c | 29 +- fs/lockd/svclock.c | 31 +- fs/lockd/svcproc.c | 30 +- fs/lockd/svcsubs.c | 4 +- fs/lockd/xdr.c | 152 ++- fs/lockd/xdr4.c | 153 ++- fs/locks.c | 85 +- fs/nfs/callback.c | 105 +- fs/nfs/callback_xdr.c | 5 +- fs/nfs/direct.c | 11 +- fs/nfs/export.c | 9 +- fs/nfs/nfs4state.c | 2 +- fs/nfs/nfs4trace.h | 477 +------- fs/nfs/nfstrace.h | 269 +---- fs/nfs/pnfs.h | 4 - fs/nfs/write.c | 2 +- fs/nfsd/Kconfig | 27 +- fs/nfsd/Makefile | 8 +- fs/nfsd/acl.h | 6 +- fs/nfsd/blocklayout.c | 1 + fs/nfsd/blocklayoutxdr.c | 1 + fs/nfsd/cache.h | 2 +- fs/nfsd/export.h | 1 - fs/nfsd/filecache.c | 1192 +++++++++++--------- fs/nfsd/filecache.h | 19 +- fs/nfsd/flexfilelayout.c | 3 +- fs/nfsd/lockd.c | 2 +- fs/nfsd/netns.h | 34 +- fs/nfsd/nfs2acl.c | 55 +- fs/nfsd/nfs3acl.c | 83 +- fs/nfsd/nfs3proc.c | 212 +++- fs/nfsd/nfs3xdr.c | 444 +++----- fs/nfsd/nfs4acl.c | 46 +- fs/nfsd/nfs4callback.c | 125 +- fs/nfsd/nfs4idmap.c | 9 +- fs/nfsd/nfs4layouts.c | 4 +- fs/nfsd/nfs4proc.c | 991 +++++++++------- fs/nfsd/nfs4recover.c | 12 +- fs/nfsd/nfs4state.c | 1049 +++++++++++++---- fs/nfsd/nfs4xdr.c | 1115 +++++++++--------- fs/nfsd/nfscache.c | 63 +- fs/nfsd/nfsctl.c | 146 ++- fs/nfsd/nfsd.h | 35 +- fs/nfsd/nfsfh.c | 264 ++--- fs/nfsd/nfsfh.h | 145 ++- fs/nfsd/nfsproc.c | 121 +- fs/nfsd/nfssvc.c | 275 ++--- fs/nfsd/nfsxdr.c | 178 ++- fs/nfsd/state.h | 59 +- fs/nfsd/stats.c | 16 +- fs/nfsd/stats.h | 4 +- fs/nfsd/trace.h | 692 ++++++++++-- fs/nfsd/vfs.c | 822 +++++++------- fs/nfsd/vfs.h | 56 +- fs/nfsd/xdr.h | 35 +- fs/nfsd/xdr3.h | 61 +- fs/nfsd/xdr4.h | 81 +- fs/nfsd/xdr4cb.h | 6 + fs/nilfs2/btree.c | 9 +- fs/nilfs2/direct.c | 9 +- fs/nilfs2/inode.c | 2 +- fs/notify/dnotify/dnotify.c | 15 +- fs/notify/fanotify/fanotify.c | 363 ++++-- fs/notify/fanotify/fanotify.h | 212 +++- fs/notify/fanotify/fanotify_user.c | 441 ++++++-- fs/notify/fdinfo.c | 16 +- fs/notify/fsnotify.c | 177 +-- fs/notify/fsnotify.h | 4 - fs/notify/group.c | 36 +- fs/notify/inotify/inotify.h | 11 +- fs/notify/inotify/inotify_fsnotify.c | 7 +- fs/notify/inotify/inotify_user.c | 53 +- fs/notify/mark.c | 137 ++- fs/notify/notification.c | 14 +- fs/open.c | 42 + fs/pipe.c | 17 +- fs/ubifs/file.c | 13 +- fs/vboxsf/super.c | 3 +- include/asm-generic/vmlinux.lds.h | 4 +- include/linux/cpu.h | 2 + include/linux/device.h | 1 + include/linux/dma-map-ops.h | 1 + include/linux/dma-mapping.h | 5 + include/linux/dnotify.h | 2 +- include/linux/exportfs.h | 17 +- include/linux/fanotify.h | 31 +- include/linux/fs.h | 26 + include/linux/fsnotify.h | 70 +- include/linux/fsnotify_backend.h | 356 +++++- include/linux/gfp.h | 9 + include/linux/hyperv.h | 22 +- include/linux/iova.h | 2 + include/linux/kthread.h | 1 + include/linux/linkage.h | 4 +- include/linux/lockd/lockd.h | 10 +- include/linux/lockd/xdr.h | 27 +- include/linux/lockd/xdr4.h | 29 +- include/linux/minmax.h | 17 + include/linux/module.h | 6 +- include/linux/nfs.h | 8 - include/linux/nfs4.h | 17 + include/linux/nfs_fs.h | 1 + include/linux/nfs_ssc.h | 4 +- include/linux/pci.h | 1 + include/linux/phy/tegra/xusb.h | 1 + include/linux/ring_buffer.h | 1 + include/linux/secretmem.h | 4 +- include/linux/sunrpc/svc.h | 93 +- include/linux/sunrpc/svc_xprt.h | 11 +- include/linux/sunrpc/svcsock.h | 7 +- include/linux/sunrpc/xdr.h | 2 + include/linux/timer.h | 18 +- include/linux/udp.h | 28 + include/linux/vfio.h | 2 + include/net/cfg802154.h | 1 + include/net/inet_connection_sock.h | 1 + include/net/sock.h | 7 + include/soc/fsl/qman.h | 9 + include/trace/events/rpcgss.h | 18 +- include/trace/events/rpcrdma.h | 44 +- include/trace/events/sunrpc.h | 74 +- include/trace/misc/fs.h | 122 ++ include/trace/misc/nfs.h | 387 +++++++ include/trace/{events => misc}/rdma.h | 0 include/trace/misc/sunrpc.h | 18 + include/uapi/linux/fanotify.h | 29 + include/uapi/linux/nfsd/nfsfh.h | 115 -- init/initramfs.c | 2 +- io_uring/io_uring.c | 2 +- kernel/audit_fsnotify.c | 8 +- kernel/audit_tree.c | 2 +- kernel/audit_watch.c | 5 +- kernel/bounds.c | 2 +- kernel/bpf/verifier.c | 5 + kernel/dma/mapping.c | 12 + kernel/dma/swiotlb.c | 11 +- kernel/entry/common.c | 8 +- kernel/events/core.c | 9 + kernel/kthread.c | 23 +- kernel/locking/rwsem.c | 14 +- kernel/module.c | 8 +- kernel/power/suspend.c | 1 + kernel/printk/printk.c | 63 +- kernel/time/timer.c | 160 +-- kernel/trace/ring_buffer.c | 233 ++-- kernel/trace/trace.c | 21 +- lib/Kconfig.debug | 1 + lib/pci_iomap.c | 2 +- lib/test_kasan.c | 21 +- mm/compaction.c | 7 +- mm/memtest.c | 4 +- mm/migrate.c | 6 +- mm/page_alloc.c | 10 +- mm/swapfile.c | 25 +- mm/vmscan.c | 5 +- net/bluetooth/bnep/core.c | 2 +- net/bluetooth/cmtp/core.c | 2 +- net/bluetooth/hci_debugfs.c | 64 +- net/bluetooth/hci_event.c | 25 + net/bluetooth/hidp/core.c | 2 +- net/bridge/netfilter/ebtables.c | 6 + net/core/skbuff.c | 6 +- net/core/sock_map.c | 6 + net/ipv4/inet_connection_sock.c | 14 + net/ipv4/ip_gre.c | 5 + net/ipv4/netfilter/arp_tables.c | 4 + net/ipv4/netfilter/ip_tables.c | 4 + net/ipv4/tcp.c | 2 + net/ipv4/udp.c | 7 + net/ipv4/udp_offload.c | 20 +- net/ipv6/ip6_fib.c | 14 +- net/ipv6/ip6_gre.c | 3 + net/ipv6/netfilter/ip6_tables.c | 4 + net/ipv6/udp.c | 2 +- net/ipv6/udp_offload.c | 8 +- net/mac80211/cfg.c | 5 +- net/mac802154/llsec.c | 18 +- net/mptcp/protocol.c | 3 - net/mptcp/subflow.c | 3 + net/netfilter/nf_tables_api.c | 20 +- net/nfc/nci/core.c | 5 + net/rds/rdma.c | 2 +- net/sched/act_skbmod.c | 10 +- net/sunrpc/svc.c | 227 ++-- net/sunrpc/svc_xprt.c | 84 +- net/sunrpc/svcsock.c | 24 +- net/sunrpc/xdr.c | 22 + net/sunrpc/xprtrdma/svc_rdma_backchannel.c | 2 +- net/xfrm/xfrm_user.c | 3 + scripts/Makefile.extrawarn | 2 + security/landlock/syscalls.c | 18 +- security/smack/smack_lsm.c | 12 +- sound/pci/hda/patch_realtek.c | 9 +- sound/sh/aica.c | 17 +- sound/soc/codecs/rt5682-sdw.c | 4 +- sound/soc/codecs/rt711-sdca-sdw.c | 4 +- sound/soc/codecs/rt711-sdw.c | 4 +- sound/soc/soc-ops.c | 2 +- tools/objtool/check.c | 3 +- tools/testing/selftests/mqueue/setting | 1 + tools/testing/selftests/net/mptcp/diag.sh | 6 +- tools/testing/selftests/net/mptcp/mptcp_connect.sh | 7 + tools/testing/selftests/net/reuseaddr_conflict.c | 2 +- tools/testing/selftests/net/udpgro_fwd.sh | 10 +- virt/kvm/async_pf.c | 31 +- 439 files changed, 11612 insertions(+), 6882 deletions(-)

1 year, 2 months

8
700
0 0

[PATCH 6.1 000/138] 6.1.85-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.85 release. There are 138 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 10 Apr 2024 12:52:23 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.85-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.85-rc1 min15.li <min15.li(a)samsung.com> nvme: fix miss command type check David Hildenbrand <david(a)redhat.com> mm/secretmem: fix GUP-fast succeeding on secretmem folios Geliang Tang <geliang.tang(a)suse.com> selftests: mptcp: display simult in extra_msg Davide Caratti <dcaratti(a)redhat.com> mptcp: don't account accept() of non-MPC client as fallback to TCP Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: join: fix dev in check_endpoint Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_network_name_deleted() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in is_valid_oplock_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_valid_lease_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_valid_oplock_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_stats_proc_show() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_stats_proc_write() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_debug_files_proc_show() Ritvik Budhiraja <rbudhiraja(a)microsoft.com> smb3: retrying on failed server close Stefan O'Rear <sorear(a)fastmail.com> riscv: process: Fix kernel gp leakage Samuel Holland <samuel.holland(a)sifive.com> riscv: Fix spurious errors from __get/put_kernel_nofault Sumanth Korikkar <sumanthk(a)linux.ibm.com> s390/entry: align system call table on 8 bytes Jason A. Donenfeld <Jason(a)zx2c4.com> x86/coco: Require seeding RNG with RDRAND on CoCo systems Borislav Petkov (AMD) <bp(a)alien8.de> x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() David Hildenbrand <david(a)redhat.com> x86/mm/pat: fix VM_PAT handling in COW mappings Herve Codina <herve.codina(a)bootlin.com> of: dynamic: Synchronize of_changeset_destroy() with the devlink removals Herve Codina <herve.codina(a)bootlin.com> driver core: Introduce device_link_wait_removal() I Gede Agastya Darma Laksana <gedeagas22(a)gmail.com> ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Christoffer Sandberg <cs(a)tuxedo.de> ALSA: hda/realtek - Fix inactive headset mic jack Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: do not set SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1 Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: validate payload size in ipc response Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: don't send oplock break if rename fails Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk Jeff Layton <jlayton(a)kernel.org> nfsd: hold a lighter-weight client reference over CB_RECALL_ANY Arnd Bergmann <arnd(a)arndb.de> ata: sata_mv: Fix PCI device ID table declaration compilation warning Thomas Richter <tmricht(a)linux.ibm.com> s390/pai: fix sampling event removal for PMU device driver Thomas Richter <tmricht(a)linux.ibm.com> s390/pai: rework paiXXX_start and paiXXX_stop functions Thomas Richter <tmricht(a)linux.ibm.com> s390/pai: cleanup event initialization Thomas Richter <tmricht(a)linux.ibm.com> s390/pai_crypto: remove per-cpu variable assignement in event initialization Thomas Richter <tmricht(a)linux.ibm.com> s390/pai: initialize event count once at initialization Thomas Richter <tmricht(a)linux.ibm.com> s390/pai_ext: replace atomic_t with refcount_t Thomas Richter <tmricht(a)linux.ibm.com> s390/pai: rename structure member users to active_events Thomas Richter <tmricht(a)linux.ibm.com> s390/pai: rework pai_crypto mapped buffer reference count David Howells <dhowells(a)redhat.com> cifs: Fix caching to try to do open O_WRONLY as rdwr on server Li Nan <linan122(a)huawei.com> scsi: sd: Unregister device if device_add_disk() failed in sd_probe() Arnd Bergmann <arnd(a)arndb.de> scsi: mylex: Fix sysfs buffer lengths Arnd Bergmann <arnd(a)arndb.de> ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit Stephen Lee <slee08177(a)gmail.com> ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdca: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt5682-sdw: fix locking sequence Christian Hewitt <christianshewitt(a)gmail.com> drm/panfrost: fix power transition timeout warnings Pu Lehui <pulehui(a)huawei.com> drivers/perf: riscv: Disable PERF_SAMPLE_BRANCH_* while not supported Dominique Martinet <asmadeus(a)codewreck.org> 9p: Fix read/write debug statements to report server reply Jann Horn <jannh(a)google.com> fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() Ashish Kalra <ashish.kalra(a)amd.com> KVM: SVM: Add support for allowing zero SEV ASIDs Sean Christopherson <seanjc(a)google.com> KVM: SVM: Use unsigned integers when dealing with ASIDs Sean Christopherson <seanjc(a)google.com> KVM: SVM: WARN, but continue, if misc_cg_set_capacity() fails Alexander Mikhalitsyn <aleksandr.mikhalitsyn(a)canonical.com> KVM: SVM: enhance info printk's in SEV init Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always update error counters Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always process TX descriptor ring Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> net: ravb: Let IP-specific receive function to interrogate descriptors Wei Fang <wei.fang(a)nxp.com> net: fec: Set mac_managed_pm during probe Denis Kirjanov <dkirjanov(a)suse.de> drivers: net: convert to boolean for the mac_managed_pm flag Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses. Heiner Kallweit <hkallweit1(a)gmail.com> r8169: prepare rtl_hw_aspm_clkreq_enable for usage in atomic context Heiner Kallweit <hkallweit1(a)gmail.com> r8169: use spinlock to protect access to registers Config2 and Config5 Heiner Kallweit <hkallweit1(a)gmail.com> r8169: use spinlock to protect mac ocp register access Ivan Vecera <ivecera(a)redhat.com> i40e: Enforce software interrupt during busy-poll exit Ivan Vecera <ivecera(a)redhat.com> i40e: Remove _t suffix from enum type names Joe Damato <jdamato(a)fastly.com> i40e: Store the irq number in i40e_q_vector Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Flush GFXOFF requests in prepare stage Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Add concept of running prepare_suspend() sequence for IP blocks Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Evict resources during PM ops prepare() callback Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Check for notifications after init Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix vf may be used uninitialized in this function warning Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix i40e_count_filters() to count only active/new filters Aleksandr Mishin <amishin(a)t-argos.ru> octeontx2-af: Add array index check Su Hui <suhui(a)nfschina.com> octeontx2-pf: check negative error code in otx2_open() Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: Fix issue with loading coalesced KPU profiles Antoine Tenart <atenart(a)kernel.org> udp: prevent local UDP tunnel packets from being GROed Antoine Tenart <atenart(a)kernel.org> udp: do not transition UDP GRO fraglist partial checksums to unnecessary Antoine Tenart <atenart(a)kernel.org> udp: do not accept non-tunnel GSO skbs landing in a tunnel Atlas Yu <atlas.yu(a)canonical.com> r8169: skip DASH fw status checks when DASH is disabled David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop interface during shutdown Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Fix infinite recursion in fib6_dump_done(). Jakub Kicinski <kuba(a)kernel.org> selftests: reuseaddr_conflict: add missing new line at the end of the output Eric Dumazet <edumazet(a)google.com> erspan: make sure erspan_base_hdr is present in skb->head Ivan Vecera <ivecera(a)redhat.com> i40e: Fix VF MAC filter removal Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Fix the SRSO mitigation on Zen3/4 Antoine Tenart <atenart(a)kernel.org> gro: fix ownership transfer Antoine Tenart <atenart(a)kernel.org> selftests: net: gro fwd: update vxlan GRO test expectations Aleksandr Mishin <amishin(a)t-argos.ru> net: phy: micrel: Fix potential null pointer dereference Horatiu Vultur <horatiu.vultur(a)microchip.com> net: phy: micrel: lan8814: Fix when enabling/disabling 1-step timestamping Piotr Wejman <piotrwejman90(a)gmail.com> net: stmmac: fix rx queue priority assignment Eric Dumazet <edumazet(a)google.com> net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() Eric Dumazet <edumazet(a)google.com> net/sched: act_skbmod: prevent kernel-infoleak Jakub Sitnicki <jakub(a)cloudflare.com> bpf, sockmap: Prevent lock inversion deadlock in map delete elem Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> vboxsf: Avoid an spurious warning if load_nls_xxx() fails Eric Dumazet <edumazet(a)google.com> netfilter: validate user input for expected length Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: flush pending destroy work before exit_net release Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject new basechain after table flag update Ingo Molnar <mingo(a)kernel.org> Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Marco Pinna <marco.pinn95(a)gmail.com> vsock/virtio: fix packet delivery to tap device Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> net: usb: ax88179_178a: avoid the interface always configured as random address Mahmoud Adam <mngyadam(a)amazon.com> net/rds: fix possible cp null dereference Jesper Dangaard Brouer <hawk(a)kernel.org> xen-netfront: Add missing skb_mark_for_recycle Bastien Nocera <hadess(a)hadess.net> Bluetooth: Fix TOCTOU in HCI debugfs implementation Hui Wang <hui.wang(a)canonical.com> Bluetooth: hci_event: set the conn encrypted before conn establishes Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: add quirk for broken address properties Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix device-address endianness Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken Johan Hovold <johan+linaro(a)kernel.org> Revert "Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT" Sean Christopherson <seanjc(a)google.com> x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Fix host-programmed guest events in nVHE Sandipan Das <sandipan.das(a)amd.com> perf/x86/amd/lbr: Use freeze based on availability Sandipan Das <sandipan.das(a)amd.com> x86/cpufeatures: Add new word for scattered features Arnd Bergmann <arnd(a)arndb.de> dm integrity: fix out-of-range warning Florian Westphal <fw(a)strlen.de> inet: inet_defrag: prevent sk release while still in use Hariprasad Kelam <hkelam(a)marvell.com> Octeontx2-af: fix pause frame configuration in GMP mode Raju Lakkaraju <Raju.Lakkaraju(a)microchip.com> net: lan743x: Add set RFE read fifo threshold for PCI1x1x chips David Howells <dhowells(a)redhat.com> cifs: Fix duplicate fscache cookie warnings Andrei Matei <andreimatei1(a)gmail.com> bpf: Protect against int overflow for stack access size David Thompson <davthompson(a)nvidia.com> mlxbf_gige: call request_irq() after NAPI initialized Sabrina Dubroca <sd(a)queasysnail.net> tls: get psock ref after taking rxlock to avoid leak Sabrina Dubroca <sd(a)queasysnail.net> tls: adjust recv return with async crypto and failed copy to userspace Sabrina Dubroca <sd(a)queasysnail.net> tls: recv: process_rx_list shouldn't use an offset with kvec Jian Shen <shenjian15(a)huawei.com> net: hns3: mark unexcuted loopback test result as UNEXECUTED Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix kernel crash when devlink reload during pf initialization Jie Wang <wangjie125(a)huawei.com> net: hns3: fix index limit to support all queue stats Nikita Kiryushin <kiryushin(a)ancud.ru> ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() Bjørn Mork <bjorn(a)mork.no> net: wwan: t7xx: Split 64bit accesses to fix alignment issues Eric Dumazet <edumazet(a)google.com> tcp: properly terminate timers for kernel sockets Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: handle deferred cc1 Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: rfi: fix potential response leaks David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop PHY during open() error paths Ryosuke Yasuoka <ryasuoka(a)redhat.com> nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Pavel Sakharov <p.sakharov(a)ispras.ru> dma-buf: Fix NULL pointer dereference in sanitycheck() Hangbin Liu <liuhangbin(a)gmail.com> scripts/bpf_doc: Use silent mode when exec make cmd ------------- Diffstat: Makefile | 4 +- arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 2 + arch/riscv/include/asm/uaccess.h | 4 +- arch/riscv/kernel/process.c | 3 - arch/s390/kernel/entry.S | 1 + arch/s390/kernel/perf_pai_crypto.c | 96 ++++++++------- arch/s390/kernel/perf_pai_ext.c | 66 ++++++----- arch/x86/coco/core.c | 41 +++++++ arch/x86/events/amd/core.c | 4 +- arch/x86/events/amd/lbr.c | 16 ++- arch/x86/include/asm/asm-prototypes.h | 1 + arch/x86/include/asm/coco.h | 2 + arch/x86/include/asm/cpufeature.h | 8 +- arch/x86/include/asm/cpufeatures.h | 10 +- arch/x86/include/asm/disabled-features.h | 3 +- arch/x86/include/asm/nospec-branch.h | 20 +++- arch/x86/include/asm/required-features.h | 3 +- arch/x86/kernel/cpu/mce/core.c | 4 +- arch/x86/kernel/cpu/scattered.c | 1 + arch/x86/kernel/setup.c | 2 + arch/x86/kvm/reverse_cpuid.h | 2 + arch/x86/kvm/svm/sev.c | 60 ++++++---- arch/x86/kvm/trace.h | 10 +- arch/x86/lib/retpoline.S | 6 +- arch/x86/mm/ident_map.c | 23 +--- arch/x86/mm/pat/memtype.c | 49 +++++--- drivers/acpi/acpica/dbnames.c | 8 +- drivers/ata/sata_mv.c | 63 +++++----- drivers/ata/sata_sx4.c | 6 +- drivers/base/core.c | 26 +++- drivers/bluetooth/btqca.c | 8 +- drivers/bluetooth/hci_qca.c | 19 ++- drivers/dma-buf/st-dma-fence-chain.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 38 ++++++ drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 10 +- drivers/gpu/drm/amd/include/amd_shared.h | 1 + drivers/gpu/drm/panfrost/panfrost_gpu.c | 6 +- drivers/md/dm-integrity.c | 2 +- drivers/net/ethernet/freescale/fec_main.c | 11 +- .../hns3/hns3_common/hclge_comm_tqp_stats.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 19 ++- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 4 + drivers/net/ethernet/intel/i40e/i40e.h | 6 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 14 ++- drivers/net/ethernet/intel/i40e/i40e_ptp.c | 6 +- drivers/net/ethernet/intel/i40e/i40e_register.h | 3 + drivers/net/ethernet/intel/i40e/i40e_txrx.c | 82 +++++++++---- drivers/net/ethernet/intel/i40e/i40e_txrx.h | 5 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 45 ++++--- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 16 +-- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 + .../net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 2 + .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 2 +- .../net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 2 +- .../ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c | 31 +++-- drivers/net/ethernet/microchip/lan743x_main.c | 18 +++ drivers/net/ethernet/microchip/lan743x_main.h | 4 + drivers/net/ethernet/realtek/r8169_main.c | 131 +++++++++++++++++---- drivers/net/ethernet/renesas/ravb_main.c | 33 +++--- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 +++++-- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 38 ++++-- drivers/net/phy/micrel.c | 31 +++-- drivers/net/usb/asix_devices.c | 4 +- drivers/net/usb/ax88179_178a.c | 2 + drivers/net/wireless/intel/iwlwifi/mvm/rfi.c | 8 +- drivers/net/wwan/t7xx/t7xx_cldma.c | 4 +- drivers/net/wwan/t7xx/t7xx_hif_cldma.c | 9 +- drivers/net/wwan/t7xx/t7xx_pcie_mac.c | 8 +- drivers/net/xen-netfront.c | 1 + drivers/nvme/host/core.c | 4 +- drivers/nvme/host/ioctl.c | 3 +- drivers/nvme/host/nvme.h | 2 +- drivers/nvme/target/passthru.c | 3 +- drivers/of/dynamic.c | 12 ++ drivers/perf/riscv_pmu.c | 4 + drivers/s390/net/qeth_core_main.c | 38 +++++- drivers/scsi/myrb.c | 20 ++-- drivers/scsi/myrs.c | 24 ++-- drivers/scsi/sd.c | 2 +- drivers/usb/typec/ucsi/ucsi.c | 10 +- fs/nfsd/nfs4state.c | 7 +- fs/pipe.c | 17 ++- fs/smb/client/cached_dir.c | 6 +- fs/smb/client/cifs_debug.c | 6 + fs/smb/client/cifsfs.c | 11 ++ fs/smb/client/cifsglob.h | 17 ++- fs/smb/client/connect.c | 2 + fs/smb/client/dir.c | 15 +++ fs/smb/client/file.c | 111 ++++++++++++++--- fs/smb/client/fscache.c | 16 ++- fs/smb/client/fscache.h | 6 + fs/smb/client/inode.c | 2 + fs/smb/client/misc.c | 2 + fs/smb/client/smb1ops.c | 4 +- fs/smb/client/smb2misc.c | 4 + fs/smb/client/smb2ops.c | 11 +- fs/smb/client/smb2pdu.c | 2 +- fs/smb/server/ksmbd_netlink.h | 3 +- fs/smb/server/mgmt/share_config.c | 7 +- fs/smb/server/smb2ops.c | 10 +- fs/smb/server/smb2pdu.c | 3 +- fs/smb/server/transport_ipc.c | 37 ++++++ fs/vboxsf/super.c | 3 +- include/kvm/arm_pmu.h | 2 +- include/linux/device.h | 1 + include/linux/secretmem.h | 4 +- include/linux/skbuff.h | 7 +- include/linux/udp.h | 28 +++++ include/net/bluetooth/hci.h | 9 ++ include/net/inet_connection_sock.h | 1 + include/net/sock.h | 7 ++ kernel/bpf/verifier.c | 5 + mm/memory.c | 4 + net/9p/client.c | 10 +- net/bluetooth/hci_debugfs.c | 64 ++++++---- net/bluetooth/hci_event.c | 25 ++++ net/bluetooth/hci_sync.c | 5 +- net/bridge/netfilter/ebtables.c | 6 + net/core/gro.c | 3 +- net/core/sock_map.c | 6 + net/ipv4/inet_connection_sock.c | 33 ++++-- net/ipv4/inet_fragment.c | 70 +++++++++-- net/ipv4/ip_fragment.c | 2 +- net/ipv4/ip_gre.c | 5 + net/ipv4/netfilter/arp_tables.c | 4 + net/ipv4/netfilter/ip_tables.c | 4 + net/ipv4/tcp.c | 2 + net/ipv4/udp.c | 7 ++ net/ipv4/udp_offload.c | 23 ++-- net/ipv6/ip6_fib.c | 14 +-- net/ipv6/ip6_gre.c | 3 + net/ipv6/netfilter/ip6_tables.c | 4 + net/ipv6/netfilter/nf_conntrack_reasm.c | 2 +- net/ipv6/udp.c | 2 +- net/ipv6/udp_offload.c | 8 +- net/mptcp/protocol.c | 3 - net/mptcp/subflow.c | 2 + net/netfilter/nf_tables_api.c | 13 +- net/nfc/nci/core.c | 5 + net/rds/rdma.c | 2 +- net/sched/act_skbmod.c | 10 +- net/sched/sch_api.c | 2 +- net/tls/tls_sw.c | 7 +- net/vmw_vsock/virtio_transport.c | 3 +- scripts/bpf_doc.py | 4 +- sound/pci/hda/patch_realtek.c | 3 +- sound/soc/codecs/rt5682-sdw.c | 4 +- sound/soc/codecs/rt711-sdca-sdw.c | 4 +- sound/soc/codecs/rt711-sdw.c | 4 +- sound/soc/soc-ops.c | 2 +- tools/testing/selftests/net/mptcp/mptcp_connect.sh | 7 ++ tools/testing/selftests/net/mptcp/mptcp_join.sh | 7 +- tools/testing/selftests/net/reuseaddr_conflict.c | 2 +- tools/testing/selftests/net/udpgro_fwd.sh | 10 +- 155 files changed, 1520 insertions(+), 589 deletions(-)

1 year, 2 months

11
148
0 0

[PATCH 6.6 000/252] 6.6.26-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.26 release. There are 252 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 10 Apr 2024 12:52:23 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.26-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.26-rc1 Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Remap kernel text read-only before dropping NX attribute Ard Biesheuvel <ardb(a)kernel.org> x86/sev: Move early startup code into .head.text section Ard Biesheuvel <ardb(a)kernel.org> x86/sme: Move early SME kernel encryption handling into .head.text Ard Biesheuvel <ardb(a)kernel.org> efi/libstub: Add generic support for parsing mem_encrypt= Hou Wenlong <houwenlong.hwl(a)antgroup.com> x86/head/64: Move the __head definition to <asm/init.h> Andrii Nakryiko <andrii(a)kernel.org> bpf: support deferring bpf_link dealloc to after RCU grace period Andrii Nakryiko <andrii(a)kernel.org> bpf: put uprobe link's path and task in release callback Davide Caratti <dcaratti(a)redhat.com> mptcp: don't account accept() of non-MPC client as fallback to TCP Davide Caratti <dcaratti(a)redhat.com> mptcp: don't overwrite sock_ops in mptcp_is_tcpsk() Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: connect: fix shellcheck warnings Sergey Shtylyov <s.shtylyov(a)omp.ru> of: module: prevent NULL pointer dereference in vsnprintf() Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "x86/mpparse: Register APIC address only once" Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Enable only one CCS for compute workload Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Do not generate the command streamer for all the CCS Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Disable HW load balancing for CCS Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_network_name_deleted() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in is_valid_oplock_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_valid_lease_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in smb2_is_valid_oplock_break() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_dump_full_key() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_stats_proc_show() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_stats_proc_write() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_debug_files_proc_show() Ritvik Budhiraja <rbudhiraja(a)microsoft.com> smb3: retrying on failed server close Paulo Alcantara <pc(a)manguebit.com> smb: client: serialise cifs_construct_tcon() with cifs_mount_mutex Paulo Alcantara <pc(a)manguebit.com> smb: client: handle DFS tcons in cifs_construct_tcon() Stefan O'Rear <sorear(a)fastmail.com> riscv: process: Fix kernel gp leakage Samuel Holland <samuel.holland(a)sifive.com> riscv: Fix spurious errors from __get/put_kernel_nofault Sumanth Korikkar <sumanthk(a)linux.ibm.com> s390/entry: align system call table on 8 bytes Edward Liaw <edliaw(a)google.com> selftests/mm: include strings.h for ffsl David Hildenbrand <david(a)redhat.com> mm/secretmem: fix GUP-fast succeeding on secretmem folios Mark Brown <broonie(a)kernel.org> arm64/ptrace: Use saved floating point state type to determine SVE layout Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/ds: Don't clear ->pebs_data_cfg for the last PEBS event Jason A. Donenfeld <Jason(a)zx2c4.com> x86/coco: Require seeding RNG with RDRAND on CoCo systems Borislav Petkov (AMD) <bp(a)alien8.de> x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() David Hildenbrand <david(a)redhat.com> x86/mm/pat: fix VM_PAT handling in COW mappings Herve Codina <herve.codina(a)bootlin.com> of: dynamic: Synchronize of_changeset_destroy() with the devlink removals Herve Codina <herve.codina(a)bootlin.com> driver core: Introduce device_link_wait_removal() Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: hold io_buffer_list reference over mmap Jens Axboe <axboe(a)kernel.dk> io_uring: use private workqueue for exit work Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: protect io_buffer_list teardown with a reference Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: get rid of bl->is_ready Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: get rid of lower BGID lists I Gede Agastya Darma Laksana <gedeagas22(a)gmail.com> ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Christoffer Sandberg <cs(a)tuxedo.de> ALSA: hda/realtek - Fix inactive headset mic jack Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: do not set SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1 Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: validate payload size in ipc response Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: don't send oplock break if rename fails Kent Gibson <warthog618(a)gmail.com> gpio: cdev: fix missed label sanitizing in debounce_setup() Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: cdev: check for NULL labels when sanitizing them for irqs Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk Jesse Brandeburg <jesse.brandeburg(a)intel.com> ice: fix typo in assignment Jeff Layton <jlayton(a)kernel.org> nfsd: hold a lighter-weight client reference over CB_RECALL_ANY Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Disable preemption when using patch_map() Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Fix a slow server-side memory leak with RPC-over-TCP Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: SOF: amd: fix for false dsp interrupts Arnd Bergmann <arnd(a)arndb.de> ata: sata_mv: Fix PCI device ID table declaration compilation warning Thomas Richter <tmricht(a)linux.ibm.com> s390/pai: fix sampling event removal for PMU device driver Thomas Richter <tmricht(a)linux.ibm.com> s390/pai: rework paiXXX_start and paiXXX_stop functions Thomas Richter <tmricht(a)linux.ibm.com> s390/pai: cleanup event initialization Thomas Richter <tmricht(a)linux.ibm.com> s390/pai_crypto: remove per-cpu variable assignement in event initialization Thomas Richter <tmricht(a)linux.ibm.com> s390/pai: initialize event count once at initialization Huai-Yuan Liu <qq810974084(a)gmail.com> spi: mchp-pci1xxx: Fix a possible null pointer dereference in pci1xxx_spi_probe David Howells <dhowells(a)redhat.com> cifs: Fix caching to try to do open O_WRONLY as rdwr on server Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> Revert "ALSA: emu10k1: fix synthesizer sample playback position and caching" Li Nan <linan122(a)huawei.com> scsi: sd: Unregister device if device_add_disk() failed in sd_probe() Arnd Bergmann <arnd(a)arndb.de> scsi: mylex: Fix sysfs buffer lengths Arnd Bergmann <arnd(a)arndb.de> ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit Richard Fitzgerald <rf(a)opensource.cirrus.com> regmap: maple: Fix uninitialized symbol 'ret' warnings Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: amd: acp: fix for acp_init function error handling Jaewon Kim <jaewon02.kim(a)samsung.com> spi: s3c64xx: Use DMA mode from fifo size Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: determine the fifo depth only once Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: allow full FIFO masks Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: define a magic value Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: remove else after return Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: explicitly include <linux/bits.h> Tudor Ambarus <tudor.ambarus(a)linaro.org> spi: s3c64xx: sort headers alphabetically Sam Protsenko <semen.protsenko(a)linaro.org> spi: s3c64xx: Extract FIFO depth calculation to a dedicated macro Stephen Lee <slee08177(a)gmail.com> ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt722-sdca-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt712-sdca-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdca: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt5682-sdw: fix locking sequence Rob Clark <robdclark(a)chromium.org> drm/prime: Unbreak virtgpu dma-buf export Dave Airlie <airlied(a)redhat.com> nouveau/uvmm: fix addr/range calcs for remap operations Christian Hewitt <christianshewitt(a)gmail.com> drm/panfrost: fix power transition timeout warnings Simon Trimmer <simont(a)opensource.cirrus.com> ALSA: hda: cs35l56: Add ACPI device match tables Richard Fitzgerald <rf(a)opensource.cirrus.com> regmap: maple: Fix cache corruption in regcache_maple_drop() Victor Isaev <victor(a)torrio.net> RISC-V: Update AT_VECTOR_SIZE_ARCH for new AT_MINSIGSTKSZ Pu Lehui <pulehui(a)huawei.com> drivers/perf: riscv: Disable PERF_SAMPLE_BRANCH_* while not supported Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: wm_adsp: Fix missing mutex_lock in wm_adsp_write_ctl() Dominique Martinet <asmadeus(a)codewreck.org> 9p: Fix read/write debug statements to report server reply Jann Horn <jannh(a)google.com> fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() Ashish Kalra <ashish.kalra(a)amd.com> KVM: SVM: Add support for allowing zero SEV ASIDs Sean Christopherson <seanjc(a)google.com> KVM: SVM: Use unsigned integers when dealing with ASIDs Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always update error counters Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always process TX descriptor ring Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> net: ravb: Let IP-specific receive function to interrogate descriptors Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: move force SMBUS from enable ulp function to avoid PHY loss issue Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: Minor flow correction in e1000_shutdown function Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: Workaround for sporadic MDI error on Meteor Lake systems Jesse Brandeburg <jesse.brandeburg(a)intel.com> intel: legacy: field get conversion Jesse Brandeburg <jesse.brandeburg(a)intel.com> intel: add bit macro includes where needed Ivan Vecera <ivecera(a)redhat.com> i40e: Remove circular header dependencies and fix headers Ivan Vecera <ivecera(a)redhat.com> i40e: Split i40e_osdep.h Ivan Vecera <ivecera(a)redhat.com> i40e: Move memory allocation structures to i40e_alloc.h Ivan Vecera <ivecera(a)redhat.com> i40e: Simplify memory allocation functions Ivan Vecera <ivecera(a)redhat.com> virtchnl: Add header dependencies Ivan Vecera <ivecera(a)redhat.com> i40e: Refactor I40E_MDIO_CLAUSE* macros Ivan Vecera <ivecera(a)redhat.com> i40e: Remove back pointer from i40e_hw structure Ivan Vecera <ivecera(a)redhat.com> i40e: Enforce software interrupt during busy-poll exit Ivan Vecera <ivecera(a)redhat.com> i40e: Remove _t suffix from enum type names Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Flush GFXOFF requests in prepare stage Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Add concept of running prepare_suspend() sequence for IP blocks Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Evict resources during PM ops prepare() callback Chris Park <chris.park(a)amd.com> drm/amd/display: Prevent crash when disable stream Dmytro Laktyushkin <dmytro.laktyushkin(a)amd.com> drm/amd/display: Fix DPSTREAM CLK on and off sequence Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Check for notifications after init Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: typec: ucsi: Fix race between typec_switch and role_switch Alexander Wetzel <Alexander(a)wetzel-home.de> scsi: sg: Avoid sg device teardown race Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix vf may be used uninitialized in this function warning Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix i40e_count_filters() to count only active/new filters Aleksandr Mishin <amishin(a)t-argos.ru> octeontx2-af: Add array index check Su Hui <suhui(a)nfschina.com> octeontx2-pf: check negative error code in otx2_open() Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: Fix issue with loading coalesced KPU profiles Antoine Tenart <atenart(a)kernel.org> udp: prevent local UDP tunnel packets from being GROed Antoine Tenart <atenart(a)kernel.org> udp: do not transition UDP GRO fraglist partial checksums to unnecessary Antoine Tenart <atenart(a)kernel.org> udp: do not accept non-tunnel GSO skbs landing in a tunnel Atlas Yu <atlas.yu(a)canonical.com> r8169: skip DASH fw status checks when DASH is disabled David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop interface during shutdown Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Fix infinite recursion in fib6_dump_done(). Duoming Zhou <duoming(a)zju.edu.cn> ax25: fix use-after-free bugs caused by ax25_ds_del_timer Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses. Jakub Kicinski <kuba(a)kernel.org> selftests: reuseaddr_conflict: add missing new line at the end of the output Eric Dumazet <edumazet(a)google.com> erspan: make sure erspan_base_hdr is present in skb->head Ivan Vecera <ivecera(a)redhat.com> i40e: Fix VF MAC filter removal Petr Oros <poros(a)redhat.com> ice: fix enabling RX VLAN filtering Antoine Tenart <atenart(a)kernel.org> gro: fix ownership transfer Antoine Tenart <atenart(a)kernel.org> selftests: net: gro fwd: update vxlan GRO test expectations Michael Krummsdorf <michael.krummsdorf(a)tq-group.com> net: dsa: mv88e6xxx: fix usable ports on 88e6020 Aleksandr Mishin <amishin(a)t-argos.ru> net: phy: micrel: Fix potential null pointer dereference Wei Fang <wei.fang(a)nxp.com> net: fec: Set mac_managed_pm during probe Duanqiang Wen <duanqiangwen(a)net-swift.com> net: txgbe: fix i2c dev name cannot match clkdev Horatiu Vultur <horatiu.vultur(a)microchip.com> net: phy: micrel: lan8814: Fix when enabling/disabling 1-step timestamping Piotr Wejman <piotrwejman90(a)gmail.com> net: stmmac: fix rx queue priority assignment Eric Dumazet <edumazet(a)google.com> net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net: dsa: sja1105: Fix parameters order in sja1110_pcs_mdio_write_c45() Eric Dumazet <edumazet(a)google.com> net/sched: act_skbmod: prevent kernel-infoleak Will Deacon <will(a)kernel.org> KVM: arm64: Ensure target address is granule-aligned for range TLBI Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO Jakub Sitnicki <jakub(a)cloudflare.com> bpf, sockmap: Prevent lock inversion deadlock in map delete elem Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> vboxsf: Avoid an spurious warning if load_nls_xxx() fails Eric Dumazet <edumazet(a)google.com> netfilter: validate user input for expected length Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: discard table flag update with pending basechain deletion Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: flush pending destroy work before exit_net release Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject new basechain after table flag update Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Fix the SRSO mitigation on Zen3/4 Josh Poimboeuf <jpoimboe(a)kernel.org> x86/nospec: Refactor UNTRAIN_RET[_*] Josh Poimboeuf <jpoimboe(a)kernel.org> x86/srso: Disentangle rethunk-dependent options Josh Poimboeuf <jpoimboe(a)kernel.org> x86/srso: Improve i-cache locality for alias mitigation Marco Pinna <marco.pinn95(a)gmail.com> vsock/virtio: fix packet delivery to tap device Haiyang Zhang <haiyangz(a)microsoft.com> net: mana: Fix Rx DMA datasize and skb_over_panic Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> net: usb: ax88179_178a: avoid the interface always configured as random address Mahmoud Adam <mngyadam(a)amazon.com> net/rds: fix possible cp null dereference Jesper Dangaard Brouer <hawk(a)kernel.org> xen-netfront: Add missing skb_mark_for_recycle Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: join: fix dev in check_endpoint Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: release batch on table validation from abort path Bastien Nocera <hadess(a)hadess.net> Bluetooth: Fix TOCTOU in HCI debugfs implementation Hui Wang <hui.wang(a)canonical.com> Bluetooth: hci_event: set the conn encrypted before conn establishes Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: add quirk for broken address properties Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix device-address endianness Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken Johan Hovold <johan+linaro(a)kernel.org> Revert "Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT" Uros Bizjak <ubizjak(a)gmail.com> x86/bpf: Fix IP after emitting call depth accounting Sean Christopherson <seanjc(a)google.com> x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d Christian Göttsche <cgzones(a)googlemail.com> selinux: avoid dereference of garbage after mount failure Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Fix host-programmed guest events in nVHE Anup Patel <apatel(a)ventanamicro.com> RISC-V: KVM: Fix APLIC in_clrip[x] read emulation Anup Patel <apatel(a)ventanamicro.com> RISC-V: KVM: Fix APLIC setipnum_le/be write emulation Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: cdev: sanitize the label before requesting the interrupt Masahiro Yamada <masahiroy(a)kernel.org> modpost: do not make find_tosym() return NULL Jack Brennen <jbrennen(a)google.com> modpost: Optimize symbol search from linear to binary search Sandipan Das <sandipan.das(a)amd.com> perf/x86/amd/lbr: Use freeze based on availability Sandipan Das <sandipan.das(a)amd.com> x86/cpufeatures: Add new word for scattered features Sandipan Das <sandipan.das(a)amd.com> perf/x86/amd/core: Update and fix stalled-cycles-* events for Zen 2 and later Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Add X86_FEATURE_ZEN1 Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Get rid of amd_erratum_1054[] Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Move the DIV0 bug detection to the Zen1 init function Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Move Zenbleed check to the Zen2 init function Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Move erratum 1076 fix into the Zen1 init function Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Carve out the erratum 1386 fix Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Add ZenX generations flags Filipe Manana <fdmanana(a)suse.com> btrfs: fix race when detecting delalloc ranges during fiemap Filipe Manana <fdmanana(a)suse.com> btrfs: ensure fiemap doesn't race with writes when FIEMAP_FLAG_SYNC is given Ingo Molnar <mingo(a)kernel.org> Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Peter Xu <peterx(a)redhat.com> mm/treewide: replace pud_large() with pud_leaf() Arnd Bergmann <arnd(a)arndb.de> dm integrity: fix out-of-range warning Tejas Upadhyay <tejas.upadhyay(a)intel.com> drm/i915/mtl: Update workaround 14018575942 Matt Roper <matthew.d.roper(a)intel.com> drm/i915/xelpg: Extend some workarounds/tuning to gfx version 12.74 Tejas Upadhyay <tejas.upadhyay(a)intel.com> drm/i915/mtl: Update workaround 14016712196 Matt Roper <matthew.d.roper(a)intel.com> drm/i915: Replace several IS_METEORLAKE with proper IP version checks Matt Roper <matthew.d.roper(a)intel.com> drm/i915: Eliminate IS_MTL_GRAPHICS_STEP Matt Roper <matthew.d.roper(a)intel.com> drm/i915/xelpg: Call Xe_LPG workaround functions based on IP version Matt Roper <matthew.d.roper(a)intel.com> drm/i915: Consolidate condition for Wa_22011802037 Matt Roper <matthew.d.roper(a)intel.com> drm/i915: Tidy workaround definitions Matt Roper <matthew.d.roper(a)intel.com> drm/i915/dg2: Drop pre-production GT workarounds Florian Westphal <fw(a)strlen.de> inet: inet_defrag: prevent sk release while still in use Hariprasad Kelam <hkelam(a)marvell.com> Octeontx2-af: fix pause frame configuration in GMP mode Raju Lakkaraju <Raju.Lakkaraju(a)microchip.com> net: lan743x: Add set RFE read fifo threshold for PCI1x1x chips Justin Chen <justin.chen(a)broadcom.com> net: bcmasp: Bring up unimac after PHY link up Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: skip netdev hook unregistration if table is dormant Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject table flag and netdev basechain updates Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject destroy command to remove basechain hooks David Howells <dhowells(a)redhat.com> cifs: Fix duplicate fscache cookie warnings Andrei Matei <andreimatei1(a)gmail.com> bpf: Protect against int overflow for stack access size David Thompson <davthompson(a)nvidia.com> mlxbf_gige: call request_irq() after NAPI initialized Sabrina Dubroca <sd(a)queasysnail.net> tls: get psock ref after taking rxlock to avoid leak Sabrina Dubroca <sd(a)queasysnail.net> tls: adjust recv return with async crypto and failed copy to userspace Sabrina Dubroca <sd(a)queasysnail.net> tls: recv: process_rx_list shouldn't use an offset with kvec Jian Shen <shenjian15(a)huawei.com> net: hns3: mark unexcuted loopback test result as UNEXECUTED Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix kernel crash when devlink reload during pf initialization Jie Wang <wangjie125(a)huawei.com> net: hns3: fix index limit to support all queue stats Nikita Kiryushin <kiryushin(a)ancud.ru> ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() Ido Schimmel <idosch(a)nvidia.com> selftests: vxlan_mdb: Fix failures with old libnet Bjørn Mork <bjorn(a)mork.no> net: wwan: t7xx: Split 64bit accesses to fix alignment issues Eric Dumazet <edumazet(a)google.com> tcp: properly terminate timers for kernel sockets Ravi Gunasekaran <r-gunasekaran(a)ti.com> net: hsr: hsr_slave: Fix the promiscuous mode in offload mode Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: handle deferred cc1 Kurt Kanzenbach <kurt(a)linutronix.de> igc: Remove stale comment about Tx timestamping Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() Jesse Brandeburg <jesse.brandeburg(a)intel.com> ice: fix memory corruption bug with suspend and rebuild Michal Swiatkowski <michal.swiatkowski(a)linux.intel.com> ice: realloc VSI stats arrays Steven Zou <steven.zou(a)intel.com> ice: Refactor FW data type and fix bitmap casting issue Simon Trimmer <simont(a)opensource.cirrus.com> ALSA: hda: cs35l56: Set the init_done flag before component_add() Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: mvm: include link ID when releasing frames Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: disable multi rx queue for 9000 Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: rfi: fix potential response leaks David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop PHY during open() error paths Jakub Kicinski <kuba(a)kernel.org> tools: ynl: fix setting presence bits in simple nests Ryosuke Yasuoka <ryasuoka(a)redhat.com> nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Artem Savkov <asavkov(a)redhat.com> arm64: bpf: fix 32bit unconditional bswap Pavel Sakharov <p.sakharov(a)ispras.ru> dma-buf: Fix NULL pointer dereference in sanitycheck() Puranjay Mohan <puranjay12(a)gmail.com> bpf, arm64: fix bug in BPF_LDX_MEMSX Ilya Leoshkevich <iii(a)linux.ibm.com> s390/bpf: Fix bpf_plt pointer arithmetic Hangbin Liu <liuhangbin(a)gmail.com> scripts/bpf_doc: Use silent mode when exec make cmd Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915: Pre-populate the cursor physical dma address Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> drm/i915/display: Use i915_gem_object_get_dma_address to get dma address ------------- Diffstat: Makefile | 4 +- arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 2 + arch/arm64/kernel/ptrace.c | 5 +- arch/arm64/kvm/hyp/pgtable.c | 11 +- arch/arm64/net/bpf_jit_comp.c | 4 +- arch/powerpc/mm/book3s64/pgtable.c | 2 +- arch/riscv/include/asm/uaccess.h | 4 +- arch/riscv/include/uapi/asm/auxvec.h | 2 +- arch/riscv/kernel/patch.c | 8 + arch/riscv/kernel/process.c | 3 - arch/riscv/kvm/aia_aplic.c | 37 +- arch/s390/boot/vmem.c | 2 +- arch/s390/include/asm/pgtable.h | 4 +- arch/s390/kernel/entry.S | 1 + arch/s390/kernel/perf_pai_crypto.c | 48 +-- arch/s390/kernel/perf_pai_ext.c | 43 +-- arch/s390/mm/gmap.c | 2 +- arch/s390/mm/hugetlbpage.c | 4 +- arch/s390/mm/pageattr.c | 2 +- arch/s390/mm/pgtable.c | 2 +- arch/s390/mm/vmem.c | 6 +- arch/s390/net/bpf_jit_comp.c | 46 +-- arch/sparc/mm/init_64.c | 2 +- arch/x86/boot/compressed/Makefile | 2 +- arch/x86/boot/compressed/misc.c | 1 + arch/x86/boot/compressed/sev.c | 3 + arch/x86/coco/core.c | 41 ++ arch/x86/events/amd/core.c | 24 +- arch/x86/events/amd/lbr.c | 16 +- arch/x86/events/intel/ds.c | 8 +- arch/x86/include/asm/asm-prototypes.h | 1 + arch/x86/include/asm/boot.h | 1 + arch/x86/include/asm/coco.h | 2 + arch/x86/include/asm/cpufeature.h | 8 +- arch/x86/include/asm/cpufeatures.h | 16 +- arch/x86/include/asm/disabled-features.h | 3 +- arch/x86/include/asm/init.h | 2 + arch/x86/include/asm/mem_encrypt.h | 8 +- arch/x86/include/asm/nospec-branch.h | 71 ++-- arch/x86/include/asm/required-features.h | 3 +- arch/x86/include/asm/sev.h | 10 +- arch/x86/kernel/cpu/amd.c | 129 +++++-- arch/x86/kernel/cpu/bugs.c | 5 +- arch/x86/kernel/cpu/mce/core.c | 4 +- arch/x86/kernel/cpu/scattered.c | 1 + arch/x86/kernel/head64.c | 3 +- arch/x86/kernel/mpparse.c | 10 +- arch/x86/kernel/setup.c | 2 + arch/x86/kernel/sev-shared.c | 23 +- arch/x86/kernel/sev.c | 14 +- arch/x86/kernel/vmlinux.lds.S | 7 +- arch/x86/kvm/mmu/mmu.c | 2 +- arch/x86/kvm/reverse_cpuid.h | 2 + arch/x86/kvm/svm/sev.c | 45 ++- arch/x86/kvm/trace.h | 10 +- arch/x86/lib/retpoline.S | 165 ++++---- arch/x86/mm/fault.c | 4 +- arch/x86/mm/ident_map.c | 23 +- arch/x86/mm/init_64.c | 4 +- arch/x86/mm/kasan_init_64.c | 2 +- arch/x86/mm/mem_encrypt_identity.c | 44 +-- arch/x86/mm/pat/memtype.c | 49 ++- arch/x86/mm/pat/set_memory.c | 6 +- arch/x86/mm/pgtable.c | 2 +- arch/x86/mm/pti.c | 2 +- arch/x86/net/bpf_jit_comp.c | 2 +- arch/x86/power/hibernate.c | 2 +- arch/x86/xen/mmu_pv.c | 4 +- drivers/acpi/acpica/dbnames.c | 8 +- drivers/ata/sata_mv.c | 63 ++- drivers/ata/sata_sx4.c | 6 +- drivers/base/core.c | 26 +- drivers/base/regmap/regcache-maple.c | 6 +- drivers/bluetooth/btqca.c | 8 +- drivers/bluetooth/hci_qca.c | 19 +- drivers/dma-buf/st-dma-fence-chain.c | 6 +- drivers/firmware/efi/libstub/efi-stub-helper.c | 8 + drivers/firmware/efi/libstub/efistub.h | 2 +- drivers/firmware/efi/libstub/x86-stub.c | 11 +- drivers/gpio/gpiolib-cdev.c | 58 ++- drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 43 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 10 +- .../amd/display/dc/dce110/dce110_hw_sequencer.c | 3 +- drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c | 11 +- drivers/gpu/drm/amd/include/amd_shared.h | 1 + drivers/gpu/drm/drm_prime.c | 7 +- drivers/gpu/drm/i915/Makefile | 1 + drivers/gpu/drm/i915/display/intel_cursor.c | 6 +- drivers/gpu/drm/i915/display/intel_display_types.h | 1 + drivers/gpu/drm/i915/display/intel_fb_pin.c | 10 + drivers/gpu/drm/i915/display/skl_universal_plane.c | 5 +- drivers/gpu/drm/i915/gem/i915_gem_create.c | 4 +- drivers/gpu/drm/i915/gt/gen8_engine_cs.c | 10 +- drivers/gpu/drm/i915/gt/intel_engine_cs.c | 21 +- drivers/gpu/drm/i915/gt/intel_engine_pm.c | 2 +- .../gpu/drm/i915/gt/intel_execlists_submission.c | 4 +- drivers/gpu/drm/i915/gt/intel_gt.h | 31 ++ drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c | 39 ++ drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h | 13 + drivers/gpu/drm/i915/gt/intel_gt_mcr.c | 7 +- drivers/gpu/drm/i915/gt/intel_gt_regs.h | 6 + drivers/gpu/drm/i915/gt/intel_lrc.c | 38 +- drivers/gpu/drm/i915/gt/intel_mocs.c | 23 +- drivers/gpu/drm/i915/gt/intel_rc6.c | 6 +- drivers/gpu/drm/i915/gt/intel_reset.c | 20 +- drivers/gpu/drm/i915/gt/intel_reset.h | 2 + drivers/gpu/drm/i915/gt/intel_rps.c | 2 +- drivers/gpu/drm/i915/gt/intel_workarounds.c | 422 +++++++-------------- drivers/gpu/drm/i915/gt/uc/intel_guc.c | 26 +- drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 6 +- drivers/gpu/drm/i915/i915_debugfs.c | 2 +- drivers/gpu/drm/i915/i915_drv.h | 4 - drivers/gpu/drm/i915/i915_perf.c | 11 +- drivers/gpu/drm/i915/intel_clock_gating.c | 8 - drivers/gpu/drm/nouveau/nouveau_uvmm.c | 6 +- drivers/gpu/drm/panfrost/panfrost_gpu.c | 6 +- drivers/md/dm-integrity.c | 2 +- drivers/net/dsa/mv88e6xxx/chip.c | 6 +- drivers/net/dsa/sja1105/sja1105_mdio.c | 2 +- drivers/net/ethernet/broadcom/asp2/bcmasp_intf.c | 28 +- drivers/net/ethernet/freescale/fec_main.c | 11 +- .../hns3/hns3_common/hclge_comm_tqp_stats.c | 2 +- drivers/net/ethernet/hisilicon/hns3/hns3_ethtool.c | 19 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 4 + drivers/net/ethernet/intel/e1000/e1000_hw.c | 46 +-- drivers/net/ethernet/intel/e1000e/80003es2lan.c | 3 +- drivers/net/ethernet/intel/e1000e/82571.c | 3 +- drivers/net/ethernet/intel/e1000e/ethtool.c | 7 +- drivers/net/ethernet/intel/e1000e/hw.h | 2 + drivers/net/ethernet/intel/e1000e/ich8lan.c | 56 +-- drivers/net/ethernet/intel/e1000e/mac.c | 2 +- drivers/net/ethernet/intel/e1000e/netdev.c | 35 +- drivers/net/ethernet/intel/e1000e/phy.c | 191 ++++++---- drivers/net/ethernet/intel/e1000e/phy.h | 2 + drivers/net/ethernet/intel/fm10k/fm10k_pf.c | 4 +- drivers/net/ethernet/intel/fm10k/fm10k_vf.c | 10 +- drivers/net/ethernet/intel/i40e/i40e.h | 63 ++- drivers/net/ethernet/intel/i40e/i40e_adminq.c | 8 +- drivers/net/ethernet/intel/i40e/i40e_adminq.h | 3 +- drivers/net/ethernet/intel/i40e/i40e_adminq_cmd.h | 2 + drivers/net/ethernet/intel/i40e/i40e_alloc.h | 24 +- drivers/net/ethernet/intel/i40e/i40e_client.c | 1 - drivers/net/ethernet/intel/i40e/i40e_common.c | 12 +- drivers/net/ethernet/intel/i40e/i40e_dcb.c | 4 +- drivers/net/ethernet/intel/i40e/i40e_dcb_nl.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_ddp.c | 2 +- drivers/net/ethernet/intel/i40e/i40e_debug.h | 47 +++ drivers/net/ethernet/intel/i40e/i40e_debugfs.c | 3 +- drivers/net/ethernet/intel/i40e/i40e_diag.h | 5 +- drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 3 +- drivers/net/ethernet/intel/i40e/i40e_hmc.c | 16 +- drivers/net/ethernet/intel/i40e/i40e_hmc.h | 4 + drivers/net/ethernet/intel/i40e/i40e_io.h | 16 + drivers/net/ethernet/intel/i40e/i40e_lan_hmc.c | 9 +- drivers/net/ethernet/intel/i40e/i40e_lan_hmc.h | 2 + drivers/net/ethernet/intel/i40e/i40e_main.c | 70 ++-- drivers/net/ethernet/intel/i40e/i40e_nvm.c | 3 + drivers/net/ethernet/intel/i40e/i40e_osdep.h | 59 --- drivers/net/ethernet/intel/i40e/i40e_prototype.h | 4 +- drivers/net/ethernet/intel/i40e/i40e_ptp.c | 9 +- drivers/net/ethernet/intel/i40e/i40e_register.h | 5 + drivers/net/ethernet/intel/i40e/i40e_txrx.c | 89 +++-- drivers/net/ethernet/intel/i40e/i40e_txrx.h | 6 +- drivers/net/ethernet/intel/i40e/i40e_txrx_common.h | 2 + drivers/net/ethernet/intel/i40e/i40e_type.h | 54 +-- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 47 +-- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.h | 4 +- drivers/net/ethernet/intel/i40e/i40e_xsk.c | 4 - drivers/net/ethernet/intel/i40e/i40e_xsk.h | 4 + drivers/net/ethernet/intel/iavf/iavf_common.c | 3 +- drivers/net/ethernet/intel/iavf/iavf_ethtool.c | 5 +- drivers/net/ethernet/intel/iavf/iavf_fdir.c | 1 + drivers/net/ethernet/intel/iavf/iavf_txrx.c | 1 + drivers/net/ethernet/intel/ice/ice_adminq_cmd.h | 3 +- drivers/net/ethernet/intel/ice/ice_lag.c | 4 +- drivers/net/ethernet/intel/ice/ice_lib.c | 74 ++-- drivers/net/ethernet/intel/ice/ice_switch.c | 24 +- drivers/net/ethernet/intel/ice/ice_switch.h | 4 +- .../net/ethernet/intel/ice/ice_vf_vsi_vlan_ops.c | 18 +- drivers/net/ethernet/intel/igb/e1000_82575.c | 29 +- drivers/net/ethernet/intel/igb/e1000_i210.c | 19 +- drivers/net/ethernet/intel/igb/e1000_mac.c | 2 +- drivers/net/ethernet/intel/igb/e1000_nvm.c | 18 +- drivers/net/ethernet/intel/igb/e1000_phy.c | 13 +- drivers/net/ethernet/intel/igb/igb_ethtool.c | 8 +- drivers/net/ethernet/intel/igb/igb_main.c | 4 +- drivers/net/ethernet/intel/igbvf/mbx.c | 1 + drivers/net/ethernet/intel/igbvf/netdev.c | 33 +- drivers/net/ethernet/intel/igc/igc_i225.c | 1 + drivers/net/ethernet/intel/igc/igc_main.c | 4 - drivers/net/ethernet/intel/igc/igc_phy.c | 1 + drivers/net/ethernet/intel/ixgbe/ixgbe_common.c | 30 +- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 16 +- drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_phy.c | 8 +- drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 8 +- drivers/net/ethernet/intel/ixgbe/ixgbe_x540.c | 8 +- drivers/net/ethernet/intel/ixgbe/ixgbe_x550.c | 19 +- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 + .../net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 2 + .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 2 +- .../net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 2 +- .../ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c | 31 +- drivers/net/ethernet/microchip/lan743x_main.c | 18 + drivers/net/ethernet/microchip/lan743x_main.h | 4 + drivers/net/ethernet/microsoft/mana/mana_en.c | 2 +- drivers/net/ethernet/realtek/r8169_main.c | 40 +- drivers/net/ethernet/renesas/ravb_main.c | 33 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 +- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 38 +- drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c | 8 +- drivers/net/phy/micrel.c | 31 +- drivers/net/usb/ax88179_178a.c | 2 + drivers/net/wireless/intel/iwlwifi/iwl-trans.h | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 4 +- drivers/net/wireless/intel/iwlwifi/mvm/rfi.c | 8 +- drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 31 +- drivers/net/wwan/t7xx/t7xx_cldma.c | 4 +- drivers/net/wwan/t7xx/t7xx_hif_cldma.c | 9 +- drivers/net/wwan/t7xx/t7xx_pcie_mac.c | 8 +- drivers/net/xen-netfront.c | 1 + drivers/of/dynamic.c | 12 + drivers/of/module.c | 8 + drivers/perf/riscv_pmu.c | 4 + drivers/s390/net/qeth_core_main.c | 38 +- drivers/scsi/myrb.c | 20 +- drivers/scsi/myrs.c | 24 +- drivers/scsi/sd.c | 2 +- drivers/scsi/sg.c | 4 +- drivers/spi/spi-pci1xxxx.c | 2 + drivers/spi/spi-s3c64xx.c | 80 ++-- drivers/usb/typec/ucsi/ucsi.c | 10 +- drivers/usb/typec/ucsi/ucsi_glink.c | 14 + fs/btrfs/extent_io.c | 208 +++++++--- fs/btrfs/inode.c | 22 +- fs/nfsd/nfs4state.c | 7 +- fs/pipe.c | 17 +- fs/smb/client/cached_dir.c | 6 +- fs/smb/client/cifs_debug.c | 6 + fs/smb/client/cifsfs.c | 11 + fs/smb/client/cifsglob.h | 17 +- fs/smb/client/connect.c | 45 ++- fs/smb/client/dir.c | 15 + fs/smb/client/file.c | 111 +++++- fs/smb/client/fs_context.c | 6 +- fs/smb/client/fs_context.h | 12 + fs/smb/client/fscache.c | 16 +- fs/smb/client/fscache.h | 6 + fs/smb/client/inode.c | 2 + fs/smb/client/ioctl.c | 6 +- fs/smb/client/misc.c | 2 + fs/smb/client/smb1ops.c | 4 +- fs/smb/client/smb2misc.c | 4 + fs/smb/client/smb2ops.c | 11 +- fs/smb/client/smb2pdu.c | 2 +- fs/smb/server/ksmbd_netlink.h | 3 +- fs/smb/server/mgmt/share_config.c | 7 +- fs/smb/server/smb2ops.c | 10 +- fs/smb/server/smb2pdu.c | 3 +- fs/smb/server/transport_ipc.c | 37 ++ fs/vboxsf/super.c | 3 +- include/kvm/arm_pmu.h | 2 +- include/linux/avf/virtchnl.h | 5 + include/linux/bpf.h | 16 +- include/linux/device.h | 1 + include/linux/io_uring_types.h | 1 - include/linux/secretmem.h | 4 +- include/linux/skbuff.h | 7 +- include/linux/udp.h | 28 ++ include/net/bluetooth/hci.h | 9 + include/net/inet_connection_sock.h | 1 + include/net/mana/mana.h | 1 - include/net/sock.h | 7 + io_uring/io_uring.c | 18 +- io_uring/kbuf.c | 116 ++---- io_uring/kbuf.h | 8 +- kernel/bpf/syscall.c | 35 +- kernel/bpf/verifier.c | 5 + kernel/trace/bpf_trace.c | 10 +- mm/memory.c | 4 + net/9p/client.c | 10 +- net/ax25/ax25_dev.c | 2 +- net/bluetooth/hci_debugfs.c | 64 ++-- net/bluetooth/hci_event.c | 25 ++ net/bluetooth/hci_sync.c | 5 +- net/bridge/netfilter/ebtables.c | 6 + net/core/gro.c | 3 +- net/core/sock_map.c | 6 + net/hsr/hsr_slave.c | 3 +- net/ipv4/inet_connection_sock.c | 33 +- net/ipv4/inet_fragment.c | 70 +++- net/ipv4/ip_fragment.c | 2 +- net/ipv4/ip_gre.c | 5 + net/ipv4/netfilter/arp_tables.c | 4 + net/ipv4/netfilter/ip_tables.c | 4 + net/ipv4/tcp.c | 2 + net/ipv4/udp.c | 7 + net/ipv4/udp_offload.c | 23 +- net/ipv6/ip6_fib.c | 14 +- net/ipv6/ip6_gre.c | 3 + net/ipv6/netfilter/ip6_tables.c | 4 + net/ipv6/netfilter/nf_conntrack_reasm.c | 2 +- net/ipv6/udp.c | 2 +- net/ipv6/udp_offload.c | 8 +- net/mptcp/protocol.c | 106 ++---- net/mptcp/subflow.c | 2 + net/netfilter/nf_tables_api.c | 92 ++++- net/nfc/nci/core.c | 5 + net/rds/rdma.c | 2 +- net/sched/act_skbmod.c | 10 +- net/sched/sch_api.c | 2 +- net/sunrpc/svcsock.c | 10 +- net/tls/tls_sw.c | 7 +- net/vmw_vsock/virtio_transport.c | 3 +- scripts/bpf_doc.py | 4 +- scripts/mod/Makefile | 4 +- scripts/mod/modpost.c | 73 +--- scripts/mod/modpost.h | 25 ++ scripts/mod/symsearch.c | 199 ++++++++++ security/selinux/selinuxfs.c | 12 +- sound/pci/emu10k1/emu10k1_callback.c | 7 +- sound/pci/hda/cs35l56_hda.c | 4 +- sound/pci/hda/cs35l56_hda_i2c.c | 13 +- sound/pci/hda/cs35l56_hda_spi.c | 13 +- sound/pci/hda/patch_realtek.c | 3 +- sound/soc/amd/acp/acp-pci.c | 5 +- sound/soc/codecs/rt5682-sdw.c | 4 +- sound/soc/codecs/rt711-sdca-sdw.c | 4 +- sound/soc/codecs/rt711-sdw.c | 4 +- sound/soc/codecs/rt712-sdca-sdw.c | 5 +- sound/soc/codecs/rt722-sdca-sdw.c | 4 +- sound/soc/codecs/wm_adsp.c | 3 +- sound/soc/soc-ops.c | 2 +- sound/soc/sof/amd/acp.c | 8 +- tools/arch/x86/include/asm/cpufeatures.h | 2 +- tools/net/ynl/ynl-gen-c.py | 7 +- tools/testing/selftests/mm/vm_util.h | 2 +- tools/testing/selftests/net/mptcp/mptcp_connect.sh | 85 +++-- tools/testing/selftests/net/mptcp/mptcp_join.sh | 4 +- tools/testing/selftests/net/reuseaddr_conflict.c | 2 +- tools/testing/selftests/net/test_vxlan_mdb.sh | 205 ++++++---- tools/testing/selftests/net/udpgro_fwd.sh | 10 +- 343 files changed, 3828 insertions(+), 2302 deletions(-)

1 year, 2 months

12
264
0 0

[PATCH 1/4] KVM: x86/mmu: Check kvm_mmu_page_ad_need_write_protect() when clearing TDP MMU dirty bits

by David Matlack

Check kvm_mmu_page_ad_need_write_protect() when deciding whether to write-protect or clear D-bits on TDP MMU SPTEs. TDP MMU SPTEs must be write-protected when the TDP MMU is being used to run an L2 (i.e. L1 has disabled EPT) and PML is enabled. KVM always disables the PML hardware when running L2, so failing to write-protect TDP MMU SPTEs will cause writes made by L2 to not be reflected in the dirty log. Reported-by: syzbot+900d58a45dcaab9e4821(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=900d58a45dcaab9e4821 Fixes: 5982a5392663 ("KVM: x86/mmu: Use kvm_ad_enabled() to determine if TDP MMU SPTEs need wrprot") Cc: stable(a)vger.kernel.org Cc: Vipin Sharma <vipinsh(a)google.com> Cc: Sean Christopherson <seanjc(a)google.com> Signed-off-by: David Matlack <dmatlack(a)google.com> --- arch/x86/kvm/mmu/tdp_mmu.c | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/arch/x86/kvm/mmu/tdp_mmu.c b/arch/x86/kvm/mmu/tdp_mmu.c index 6ae19b4ee5b1..c3c1a8f430ef 100644 --- a/arch/x86/kvm/mmu/tdp_mmu.c +++ b/arch/x86/kvm/mmu/tdp_mmu.c @@ -1498,6 +1498,16 @@ void kvm_tdp_mmu_try_split_huge_pages(struct kvm *kvm, } } +static bool tdp_mmu_need_write_protect(struct kvm_mmu_page *sp) +{ + /* + * All TDP MMU shadow pages share the same role as their root, aside + * from level, so it is valid to key off any shadow page to determine if + * write protection is needed for an entire tree. + */ + return kvm_mmu_page_ad_need_write_protect(sp) || !kvm_ad_enabled(); +} + /* * Clear the dirty status of all the SPTEs mapping GFNs in the memslot. If * AD bits are enabled, this will involve clearing the dirty bit on each SPTE. @@ -1508,7 +1518,8 @@ void kvm_tdp_mmu_try_split_huge_pages(struct kvm *kvm, static bool clear_dirty_gfn_range(struct kvm *kvm, struct kvm_mmu_page *root, gfn_t start, gfn_t end) { - u64 dbit = kvm_ad_enabled() ? shadow_dirty_mask : PT_WRITABLE_MASK; + const u64 dbit = tdp_mmu_need_write_protect(root) + ? PT_WRITABLE_MASK : shadow_dirty_mask; struct tdp_iter iter; bool spte_set = false; @@ -1523,7 +1534,7 @@ static bool clear_dirty_gfn_range(struct kvm *kvm, struct kvm_mmu_page *root, if (tdp_mmu_iter_cond_resched(kvm, &iter, false, true)) continue; - KVM_MMU_WARN_ON(kvm_ad_enabled() && + KVM_MMU_WARN_ON(dbit == shadow_dirty_mask && spte_ad_need_write_protect(iter.old_spte)); if (!(iter.old_spte & dbit)) @@ -1570,8 +1581,8 @@ bool kvm_tdp_mmu_clear_dirty_slot(struct kvm *kvm, static void clear_dirty_pt_masked(struct kvm *kvm, struct kvm_mmu_page *root, gfn_t gfn, unsigned long mask, bool wrprot) { - u64 dbit = (wrprot || !kvm_ad_enabled()) ? PT_WRITABLE_MASK : - shadow_dirty_mask; + const u64 dbit = (wrprot || tdp_mmu_need_write_protect(root)) + ? PT_WRITABLE_MASK : shadow_dirty_mask; struct tdp_iter iter; lockdep_assert_held_write(&kvm->mmu_lock); @@ -1583,7 +1594,7 @@ static void clear_dirty_pt_masked(struct kvm *kvm, struct kvm_mmu_page *root, if (!mask) break; - KVM_MMU_WARN_ON(kvm_ad_enabled() && + KVM_MMU_WARN_ON(dbit == shadow_dirty_mask && spte_ad_need_write_protect(iter.old_spte)); if (iter.level > PG_LEVEL_4K || -- 2.44.0.291.gc1ea87d7ee-goog

1 year, 2 months

2
1
0 0

+ mm-shmem-inline-shmem_is_huge-for-disabled-transparent-hugepages.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/shmem: Inline shmem_is_huge() for disabled transparent hugepages has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-shmem-inline-shmem_is_huge-for-disabled-transparent-hugepages.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Sumanth Korikkar <sumanthk(a)linux.ibm.com> Subject: mm/shmem: Inline shmem_is_huge() for disabled transparent hugepages Date: Tue, 9 Apr 2024 17:54:07 +0200 In order to minimize code size (CONFIG_CC_OPTIMIZE_FOR_SIZE=y), compiler might choose to make a regular function call (out-of-line) for shmem_is_huge() instead of inlining it. When transparent hugepages are disabled (CONFIG_TRANSPARENT_HUGEPAGE=n), it can cause compilation error. mm/shmem.c: In function `shmem_getattr': ./include/linux/huge_mm.h:383:27: note: in expansion of macro `BUILD_BUG' 383 | #define HPAGE_PMD_SIZE ({ BUILD_BUG(); 0; }) | ^~~~~~~~~ mm/shmem.c:1148:33: note: in expansion of macro `HPAGE_PMD_SIZE' 1148 | stat->blksize = HPAGE_PMD_SIZE; To prevent the possible error, always inline shmem_is_huge() when transparent hugepages are disabled. Link: https://lkml.kernel.org/r/20240409155407.2322714-1-sumanthk@linux.ibm.com Signed-off-by: Sumanth Korikkar <sumanthk(a)linux.ibm.com> Cc: Alexander Gordeev <agordeev(a)linux.ibm.com> Cc: Heiko Carstens <hca(a)linux.ibm.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Ilya Leoshkevich <iii(a)linux.ibm.com> Cc: Vasily Gorbik <gor(a)linux.ibm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/shmem_fs.h | 9 +++++++++ mm/shmem.c | 6 ------ 2 files changed, 9 insertions(+), 6 deletions(-) --- a/include/linux/shmem_fs.h~mm-shmem-inline-shmem_is_huge-for-disabled-transparent-hugepages +++ a/include/linux/shmem_fs.h @@ -110,8 +110,17 @@ extern struct page *shmem_read_mapping_p extern void shmem_truncate_range(struct inode *inode, loff_t start, loff_t end); int shmem_unuse(unsigned int type); +#ifdef CONFIG_TRANSPARENT_HUGEPAGE extern bool shmem_is_huge(struct inode *inode, pgoff_t index, bool shmem_huge_force, struct mm_struct *mm, unsigned long vm_flags); +#else +static __always_inline bool shmem_is_huge(struct inode *inode, pgoff_t index, bool shmem_huge_force, + struct mm_struct *mm, unsigned long vm_flags) +{ + return false; +} +#endif + #ifdef CONFIG_SHMEM extern unsigned long shmem_swap_usage(struct vm_area_struct *vma); #else --- a/mm/shmem.c~mm-shmem-inline-shmem_is_huge-for-disabled-transparent-hugepages +++ a/mm/shmem.c @@ -748,12 +748,6 @@ static long shmem_unused_huge_count(stru #define shmem_huge SHMEM_HUGE_DENY -bool shmem_is_huge(struct inode *inode, pgoff_t index, bool shmem_huge_force, - struct mm_struct *mm, unsigned long vm_flags) -{ - return false; -} - static unsigned long shmem_unused_huge_shrink(struct shmem_sb_info *sbinfo, struct shrink_control *sc, unsigned long nr_to_split) { _ Patches currently in -mm which might be from sumanthk(a)linux.ibm.com are mm-shmem-inline-shmem_is_huge-for-disabled-transparent-hugepages.patch

1 year, 2 months

1
0
0 0

[PATCH] arm64: dts: ti: verdin-am62: Set memory size to 2gb

by max.oss.09＠gmail.com

From: Max Krummenacher <max.krummenacher(a)toradex.com> The maximum DDR RAM size stuffed on the Verdin AM62 is 2GB, correct the memory node accordingly. Fixes: 316b80246b16 ("arm64: dts: ti: add verdin am62") Cc: stable(a)vger.kernel.org Signed-off-by: Max Krummenacher <max.krummenacher(a)toradex.com> --- arch/arm64/boot/dts/ti/k3-am62-verdin.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/boot/dts/ti/k3-am62-verdin.dtsi b/arch/arm64/boot/dts/ti/k3-am62-verdin.dtsi index e8d8857ad51f..8c837467069b 100644 --- a/arch/arm64/boot/dts/ti/k3-am62-verdin.dtsi +++ b/arch/arm64/boot/dts/ti/k3-am62-verdin.dtsi @@ -76,7 +76,7 @@ verdin_key_wakeup: key-wakeup { memory@80000000 { device_type = "memory"; - reg = <0x00000000 0x80000000 0x00000000 0x40000000>; /* 1G RAM */ + reg = <0x00000000 0x80000000 0x00000000 0x80000000>; /* 2G RAM */ }; opp-table { -- 2.42.0

1 year, 2 months

3
2
0 0

+ kexec-fix-the-unexpected-kexec_dprintk-macro.patch added to mm-nonmm-unstable branch

by Andrew Morton

The patch titled Subject: kexec: fix the unexpected kexec_dprintk() macro has been added to the -mm mm-nonmm-unstable branch. Its filename is kexec-fix-the-unexpected-kexec_dprintk-macro.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-nonmm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Baoquan He <bhe(a)redhat.com> Subject: kexec: fix the unexpected kexec_dprintk() macro Date: Tue, 9 Apr 2024 12:22:38 +0800 Jiri reported that the current kexec_dprintk() always prints out debugging message whenever kexec/kdmmp loading is triggered. That is not wanted. The debugging message is supposed to be printed out when 'kexec -s -d' is specified for kexec/kdump loading. After investigating, the reason is the current kexec_dprintk() takes printk(KERN_INFO) or printk(KERN_DEBUG) depending on whether '-d' is specified. However, distros usually have defaulg log level like below: [~]# cat /proc/sys/kernel/printk 7 4 1 7 So, even though '-d' is not specified, printk(KERN_DEBUG) also always prints out. I thought printk(KERN_DEBUG) is equal to pr_debug(), it's not. Fix it by changing to use pr_info() instead which are expected to work. Link: https://lkml.kernel.org/r/20240409042238.1240462-1-bhe@redhat.com Fixes: cbc2fe9d9cb2 ("kexec_file: add kexec_file flag to control debug printing") Signed-off-by: Baoquan He <bhe(a)redhat.com> Reported-by: Jiri Slaby <jirislaby(a)kernel.org> Closes: https://lore.kernel.org/all/4c775fca-5def-4a2d-8437-7130b02722a2@kernel.org Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/kexec.h | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) --- a/include/linux/kexec.h~kexec-fix-the-unexpected-kexec_dprintk-macro +++ a/include/linux/kexec.h @@ -461,10 +461,8 @@ static inline void arch_kexec_pre_free_p extern bool kexec_file_dbg_print; -#define kexec_dprintk(fmt, ...) \ - printk("%s" fmt, \ - kexec_file_dbg_print ? KERN_INFO : KERN_DEBUG, \ - ##__VA_ARGS__) +#define kexec_dprintk(fmt, arg...) \ + do { if (kexec_file_dbg_print) pr_info(fmt, ##arg); } while (0) #else /* !CONFIG_KEXEC_CORE */ struct pt_regs; _ Patches currently in -mm which might be from bhe(a)redhat.com are mm-vmallocc-optimize-to-reduce-arguments-of-alloc_vmap_area.patch x86-remove-unneeded-memblock_find_dma_reserve.patch mm-mm_initc-remove-the-useless-dma_reserve.patch mm-mm_initc-add-new-function-calc_nr_all_pages.patch mm-mm_initc-remove-meaningless-calculation-of-zone-managed_pages-in-free_area_init_core.patch mm-mm_initc-remove-meaningless-calculation-of-zone-managed_pages-in-free_area_init_core-v3.patch mm-mm_initc-remove-unneeded-calc_memmap_size.patch mm-mm_initc-remove-arch_reserved_kernel_pages.patch mm-move-array-mem_section-init-code-out-of-memory_present.patch mm-init-remove-the-unnecessary-special-treatment-for-memory-less-node.patch mm-make-__absent_pages_in_range-as-static.patch mm-page_allocc-remove-unneeded-codes-in-numa-version-of-build_zonelists.patch mm-page_allocc-remove-unneeded-codes-in-numa-version-of-build_zonelists-v2.patch mm-mm_initc-remove-the-outdated-code-comment-above-deferred_grow_zone.patch mm-page_allocc-dont-show-protection-in-zones-lowmem_reserve-for-empty-zone.patch mm-page_allocc-change-the-array-length-to-migrate_pcptypes.patch arch-loongarch-clean-up-the-left-code-and-kconfig-item-related-to-crash_core.patch documentation-kdump-clean-up-the-outdated-description.patch kexec-fix-the-unexpected-kexec_dprintk-macro.patch

1 year, 2 months

1
0
0 0

+ squashfs-check-the-inode-number-is-not-the-invalid-value-of-zero.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: Squashfs: check the inode number is not the invalid value of zero has been added to the -mm mm-hotfixes-unstable branch. Its filename is squashfs-check-the-inode-number-is-not-the-invalid-value-of-zero.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Phillip Lougher <phillip(a)squashfs.org.uk> Subject: Squashfs: check the inode number is not the invalid value of zero Date: Mon, 8 Apr 2024 23:02:06 +0100 Syskiller has produced an out of bounds access in fill_meta_index(). That out of bounds access is ultimately caused because the inode has an inode number with the invalid value of zero, which was not checked. The reason this causes the out of bounds access is due to following sequence of events: 1. Fill_meta_index() is called to allocate (via empty_meta_index()) and fill a metadata index. It however suffers a data read error and aborts, invalidating the newly returned empty metadata index. It does this by setting the inode number of the index to zero, which means unused (zero is not a valid inode number). 2. When fill_meta_index() is subsequently called again on another read operation, locate_meta_index() returns the previous index because it matches the inode number of 0. Because this index has been returned it is expected to have been filled, and because it hasn't been, an out of bounds access is performed. This patch adds a sanity check which checks that the inode number is not zero when the inode is created and returns -EINVAL if it is. Link: https://lkml.kernel.org/r/20240408220206.435788-1-phillip@squashfs.org.uk Signed-off-by: Phillip Lougher <phillip(a)squashfs.org.uk> Reported-by: "Ubisectech Sirius" <bugreport(a)ubisectech.com> Closes: https://lore.kernel.org/lkml/87f5c007-b8a5-41ae-8b57-431e924c5915.bugreport… Cc: Christian Brauner <brauner(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/squashfs/inode.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) --- a/fs/squashfs/inode.c~squashfs-check-the-inode-number-is-not-the-invalid-value-of-zero +++ a/fs/squashfs/inode.c @@ -48,6 +48,10 @@ static int squashfs_new_inode(struct sup gid_t i_gid; int err; + inode->i_ino = le32_to_cpu(sqsh_ino->inode_number); + if(inode->i_ino == 0) + return -EINVAL; + err = squashfs_get_id(sb, le16_to_cpu(sqsh_ino->uid), &i_uid); if (err) return err; @@ -58,7 +62,6 @@ static int squashfs_new_inode(struct sup i_uid_write(inode, i_uid); i_gid_write(inode, i_gid); - inode->i_ino = le32_to_cpu(sqsh_ino->inode_number); inode_set_mtime(inode, le32_to_cpu(sqsh_ino->mtime), 0); inode_set_atime(inode, inode_get_mtime_sec(inode), 0); inode_set_ctime(inode, inode_get_mtime_sec(inode), 0); _ Patches currently in -mm which might be from phillip(a)squashfs.org.uk are squashfs-check-the-inode-number-is-not-the-invalid-value-of-zero.patch squashfs-remove-deprecated-strncpy-by-not-copying-the-string.patch

1 year, 2 months

1
0
0 0

Re: [PATCH 6.8 000/280] 6.8.5-rc3 review

by Ronald Warsow

Hi Greg *no* regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

1 year, 2 months

1
0
0 0

[PATCH] memory: tegra210-emc: processing the null pointer of the nominal EMC table.

by Elizaveta Gorina

From: Elizaveta Gorina <s02220065(a)gse.cs.msu.ru> If the device is unavailable, of_reserved_mem_device_init_by_name returns 0, and emc->nominal is not initialized and the null pointer is dereferenced. Make a return from the tegra210_emc_probe function when emc->nominal is equal to the null pointer. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 0553d7b204ef ("memory: tegra: Support derated timings on Tegra210") Cc: stable(a)vger.kernel.org Signed-off-by: Elizaveta Gorina <s02220065(a)gse.cs.msu.ru> --- drivers/memory/tegra/tegra210-emc-core.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/memory/tegra/tegra210-emc-core.c b/drivers/memory/tegra/tegra210-emc-core.c index 78ca1d6c0977..a49a5e36ba34 100644 --- a/drivers/memory/tegra/tegra210-emc-core.c +++ b/drivers/memory/tegra/tegra210-emc-core.c @@ -1865,6 +1865,9 @@ static int tegra210_emc_probe(struct platform_device *pdev) emc->num_timings); if (err < 0) goto release; + } else { + err = -ENODEV; + goto release; } if (emc->derated) { -- 2.25.1

1 year, 2 months

1
0
0 0

[PATCH 5.15 000/696] 5.15.154-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.154 release. There are 696 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 11 Apr 2024 17:27:40 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.154-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.154-rc2 Daniel Sneddon <daniel.sneddon(a)linux.intel.com> KVM: x86: Add BHI_NO Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Mitigate KVM by default Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Add BHI mitigation knob Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Enumerate Branch History Injection (BHI) bug Daniel Sneddon <daniel.sneddon(a)linux.intel.com> x86/bhi: Define SPEC_CTRL_BHI_DIS_S Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Add support for clearing branch history at syscall entry Linus Torvalds <torvalds(a)linux-foundation.org> x86/syscall: Don't force use of indirect calls for system calls Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file min15.li <min15.li(a)samsung.com> nvme: fix miss command type check Antoine Tenart <atenart(a)kernel.org> gro: fix ownership transfer David Hildenbrand <david(a)redhat.com> mm/secretmem: fix GUP-fast succeeding on secretmem folios Davide Caratti <dcaratti(a)redhat.com> mptcp: don't account accept() of non-MPC client as fallback to TCP Borislav Petkov (AMD) <bp(a)alien8.de> x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO Borislav Petkov (AMD) <bp(a)alien8.de> x86/bugs: Fix the SRSO mitigation on Zen3/4 Stefan O'Rear <sorear(a)fastmail.com> riscv: process: Fix kernel gp leakage Samuel Holland <samuel.holland(a)sifive.com> riscv: Fix spurious errors from __get/put_kernel_nofault Sumanth Korikkar <sumanthk(a)linux.ibm.com> s390/entry: align system call table on 8 bytes Borislav Petkov (AMD) <bp(a)alien8.de> x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() Herve Codina <herve.codina(a)bootlin.com> of: dynamic: Synchronize of_changeset_destroy() with the devlink removals Herve Codina <herve.codina(a)bootlin.com> driver core: Introduce device_link_wait_removal() I Gede Agastya Darma Laksana <gedeagas22(a)gmail.com> ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone Jann Horn <jannh(a)google.com> fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() Jann Horn <jannh(a)google.com> openrisc: Fix pagewalk usage in arch_dma_{clear, set}_uncached Jann Horn <jannh(a)google.com> HID: uhid: Use READ_ONCE()/WRITE_ONCE() for ->running Jeff Layton <jlayton(a)kernel.org> nfsd: hold a lighter-weight client reference over CB_RECALL_ANY Arnd Bergmann <arnd(a)arndb.de> ata: sata_mv: Fix PCI device ID table declaration compilation warning Arnd Bergmann <arnd(a)arndb.de> scsi: mylex: Fix sysfs buffer lengths Arnd Bergmann <arnd(a)arndb.de> ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit Stephen Lee <slee08177(a)gmail.com> ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdw: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt711-sdca: fix locking sequence Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: rt5682-sdw: fix locking sequence Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Always process TX descriptor ring Wei Fang <wei.fang(a)nxp.com> net: fec: Set mac_managed_pm during probe Denis Kirjanov <dkirjanov(a)suse.de> drivers: net: convert to boolean for the mac_managed_pm flag Oleksij Rempel <linux(a)rempel-privat.de> net: usb: asix: suspend embedded PHY if external is used Ivan Vecera <ivecera(a)redhat.com> i40e: Enforce software interrupt during busy-poll exit Ivan Vecera <ivecera(a)redhat.com> i40e: Remove _t suffix from enum type names Joe Damato <jdamato(a)fastly.com> i40e: Store the irq number in i40e_q_vector Alexander Stein <alexander.stein(a)ew.tq-group.com> Revert "usb: phy: generic: Get the vbus supply" Bikash Hazarika <bhazarika(a)marvell.com> scsi: qla2xxx: Update manufacturer detail Bikash Hazarika <bhazarika(a)marvell.com> scsi: qla2xxx: Update manufacturer details Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix vf may be used uninitialized in this function warning Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix i40e_count_filters() to count only active/new filters Su Hui <suhui(a)nfschina.com> octeontx2-pf: check negative error code in otx2_open() Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: Fix issue with loading coalesced KPU profiles Antoine Tenart <atenart(a)kernel.org> udp: prevent local UDP tunnel packets from being GROed Antoine Tenart <atenart(a)kernel.org> udp: do not transition UDP GRO fraglist partial checksums to unnecessary Antoine Tenart <atenart(a)kernel.org> udp: do not accept non-tunnel GSO skbs landing in a tunnel David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop interface during shutdown Kuniyuki Iwashima <kuniyu(a)amazon.com> ipv6: Fix infinite recursion in fib6_dump_done(). Jakub Kicinski <kuba(a)kernel.org> selftests: reuseaddr_conflict: add missing new line at the end of the output Eric Dumazet <edumazet(a)google.com> erspan: make sure erspan_base_hdr is present in skb->head Antoine Tenart <atenart(a)kernel.org> selftests: net: gro fwd: update vxlan GRO test expectations Piotr Wejman <piotrwejman90(a)gmail.com> net: stmmac: fix rx queue priority assignment Eric Dumazet <edumazet(a)google.com> net/sched: act_skbmod: prevent kernel-infoleak Jakub Sitnicki <jakub(a)cloudflare.com> bpf, sockmap: Prevent lock inversion deadlock in map delete elem Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> vboxsf: Avoid an spurious warning if load_nls_xxx() fails Eric Dumazet <edumazet(a)google.com> netfilter: validate user input for expected length Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: flush pending destroy work before exit_net release Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject new basechain after table flag update Sean Christopherson <seanjc(a)google.com> KVM: x86: Mark target gfn of emulated atomic instruction as dirty Sean Christopherson <seanjc(a)google.com> KVM: x86: Bail to userspace if emulation of atomic user access faults Ye Zhang <ye.zhang(a)rock-chips.com> thermal: devfreq_cooling: Fix perf state when calculate dfc res_util Vlastimil Babka <vbabka(a)suse.cz> mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations Ingo Molnar <mingo(a)kernel.org> Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." Jens Axboe <axboe(a)kernel.dk> io_uring: ensure '0' is returned on file registration success Gokul krishna Krishnakumar <quic_gokukris(a)quicinc.com> locking/rwsem: Disable preemption while trying for rwsem lock Mahmoud Adam <mngyadam(a)amazon.com> net/rds: fix possible cp null dereference Jesper Dangaard Brouer <hawk(a)kernel.org> xen-netfront: Add missing skb_mark_for_recycle Bastien Nocera <hadess(a)hadess.net> Bluetooth: Fix TOCTOU in HCI debugfs implementation Hui Wang <hui.wang(a)canonical.com> Bluetooth: hci_event: set the conn encrypted before conn establishes Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc7180-trogdor: mark bluetooth address as broken Sean Christopherson <seanjc(a)google.com> x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word Sandipan Das <sandipan.das(a)amd.com> x86/cpufeatures: Add new word for scattered features Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d Arnd Bergmann <arnd(a)arndb.de> dm integrity: fix out-of-range warning Hariprasad Kelam <hkelam(a)marvell.com> Octeontx2-af: fix pause frame configuration in GMP mode Andrei Matei <andreimatei1(a)gmail.com> bpf: Protect against int overflow for stack access size David Thompson <davthompson(a)nvidia.com> mlxbf_gige: call request_irq() after NAPI initialized Nikita Kiryushin <kiryushin(a)ancud.ru> ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() Eric Dumazet <edumazet(a)google.com> tcp: properly terminate timers for kernel sockets Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: handle deferred cc1 Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: rfi: fix potential response leaks Bixuan Cui <cuibixuan(a)linux.alibaba.com> iwlwifi: mvm: rfi: use kmemdup() to replace kzalloc + memcpy David Thompson <davthompson(a)nvidia.com> mlxbf_gige: stop PHY during open() error paths Ryosuke Yasuoka <ryasuoka(a)redhat.com> nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> USB: UAS: return ENODEV when submit urbs fail with device not attached Bart Van Assche <bvanassche(a)acm.org> scsi: usb: Stop using the SCSI pointer Bart Van Assche <bvanassche(a)acm.org> scsi: usb: Call scsi_done() directly Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix deadlock in usb_deauthorize_interface() Muhammad Usama Anjum <usama.anjum(a)collabora.com> scsi: lpfc: Correct size for wqe for memset() Mika Westerberg <mika.westerberg(a)linux.intel.com> PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports Kim Phillips <kim.phillips(a)amd.com> x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Delay I/O Abort on PCI error Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Change debug message during driver unload Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Fix double free of fcport Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix command flush on cable pull Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: NVME|FCP prefer flag not being honored Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Split FCE|EFT trace control Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix N2N stuck connection Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Prevent command send on chip reset Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Ack unsupported commands yuan linyu <yuanlinyu(a)hihonor.com> usb: udc: remove warning when queue disabled ep Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: gadget: LPM flow fix Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: gadget: Fix exiting from clock gating Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix ISOC flow in DDMA mode Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix hibernation flow Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix remote wakeup from hibernation Alan Stern <stern(a)rowland.harvard.edu> USB: core: Add hub_get() and hub_put() routines Dan Carpenter <dan.carpenter(a)linaro.org> staging: vc04_services: fix information leak in create_component() Arnd Bergmann <arnd(a)arndb.de> staging: vc04_services: changen strncpy() to strscpy_pad() Guilherme G. Piccoli <gpiccoli(a)igalia.com> scsi: core: Fix unremoved procfs host directory regression Duoming Zhou <duoming(a)zju.edu.cn> ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Preserve original aspect ratio in create stream Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/amdgpu: Use drm_mode_copy() Oliver Neukum <oneukum(a)suse.com> usb: cdc-wdm: close race between read and workqueue Chris Wilson <chris(a)chris-wilson.co.uk> drm/i915/gt: Reset queue_priority_hint on parking Claus Hansen Ries <chr(a)terma.com> net: ll_temac: platform_get_resource replaced by wrong function Mikko Rapeli <mikko.rapeli(a)linaro.org> mmc: core: Avoid negative index with array access Mikko Rapeli <mikko.rapeli(a)linaro.org> mmc: core: Initialize mmc_blk_ioc_data Nathan Chancellor <nathan(a)kernel.org> hexagon: vmlinux.lds.S: handle attributes section Max Filippov <jcmvbkbc(a)gmail.com> exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: use zone aware sb location for scrub John Sperbeck <jsperbeck(a)google.com> init: open /initrd.image with O_LARGEFILE Zi Yan <ziy(a)nvidia.com> mm/migrate: set swap entry values of THP tail pages properly. Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO Alex Williamson <alex.williamson(a)redhat.com> vfio/fsl-mc: Block calling interrupt handler without trigger Alex Williamson <alex.williamson(a)redhat.com> vfio/platform: Create persistent IRQ handlers Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Create persistent INTx handler Alex Williamson <alex.williamson(a)redhat.com> vfio: Introduce interface to flush virqfd inject workqueue Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Lock external INTx masking ops Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Disable auto-enable of exclusive INTx IRQ Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: diag: return KSFT_FAIL not test_cnt Nathan Chancellor <nathan(a)kernel.org> powerpc: xor_vmx: Add '-mhard-float' to CFLAGS Tim Schumacher <timschumi(a)gmx.de> efivarfs: Request at most 512 bytes for variable names Yang Jihong <yangjihong1(a)huawei.com> perf/core: Fix reentry problem in perf_output_read_group() Trond Myklebust <trond.myklebust(a)hammerspace.com> nfsd: Fix a regression in nfsd_setattr() NeilBrown <neilb(a)suse.de> nfsd: don't call locks_release_private() twice concurrently NeilBrown <neilb(a)suse.de> nfsd: don't take fi_lock in nfsd_break_deleg_cb() NeilBrown <neilb(a)suse.de> nfsd: fix RELEASE_LOCKOWNER Jeff Layton <jlayton(a)kernel.org> nfsd: drop the nfsd_put helper NeilBrown <neilb(a)suse.de> nfsd: call nfsd_last_thread() before final nfsd_put() Alexander Aring <aahringo(a)redhat.com> lockd: introduce safe async lock op NeilBrown <neilb(a)suse.de> NFSD: fix possible oops when nfsd/pool_stats is closed. Chuck Lever <chuck.lever(a)oracle.com> Documentation: Add missing documentation for EXPORT_OP flags NeilBrown <neilb(a)suse.de> nfsd: separate nfsd_last_thread() from nfsd_put() NeilBrown <neilb(a)suse.de> nfsd: Simplify code around svc_exit_thread() call in nfsd() Tavian Barnes <tavianator(a)tavianator.com> nfsd: Fix creation time serialization order Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add an nfsd4_encode_nfstime4() helper NeilBrown <neilb(a)suse.de> lockd: drop inappropriate svc_get() from locked_get() Dan Carpenter <dan.carpenter(a)linaro.org> nfsd: fix double fget() bug in __write_ports_addfd() Jeff Layton <jlayton(a)kernel.org> nfsd: make a copy of struct iattr before calling notify_change Dai Ngo <dai.ngo(a)oracle.com> NFSD: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop Jeff Layton <jlayton(a)kernel.org> nfsd: simplify the delayed disposal list code Chuck Lever <chuck.lever(a)oracle.com> NFSD: Convert filecache to rhltable Jeff Layton <jlayton(a)kernel.org> nfsd: allow reaping files still under writeback Jeff Layton <jlayton(a)kernel.org> nfsd: update comment over __nfsd_file_cache_purge Jeff Layton <jlayton(a)kernel.org> nfsd: don't take/put an extra reference when putting a file Jeff Layton <jlayton(a)kernel.org> nfsd: add some comments to nfsd_file_do_acquire Jeff Layton <jlayton(a)kernel.org> nfsd: don't kill nfsd_files because of lease break error Jeff Layton <jlayton(a)kernel.org> nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator Jeff Layton <jlayton(a)kernel.org> nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries Jeff Layton <jlayton(a)kernel.org> nfsd: don't open-code clear_and_wake_up_bit Jeff Layton <jlayton(a)kernel.org> nfsd: call op_release, even when op_func returns an error Jeff Layton <jlayton(a)kernel.org> nfsd: don't replace page in rq_pages if it's a continuation of last page Chuck Lever <chuck.lever(a)oracle.com> NFSD: Protect against filesystem freezing Chuck Lever <chuck.lever(a)oracle.com> NFSD: copy the whole verifier in nfsd_copy_write_verifier Jeff Layton <jlayton(a)kernel.org> nfsd: don't fsync nfsd_files on last close Jeff Layton <jlayton(a)kernel.org> nfsd: fix courtesy client with deny mode handling in nfs4_upgrade_open Dai Ngo <dai.ngo(a)oracle.com> NFSD: fix problems with cleanup on errors in nfsd4_copy Jeff Layton <jlayton(a)kernel.org> nfsd: don't hand out delegation on setuid files being opened for write Dai Ngo <dai.ngo(a)oracle.com> NFSD: fix leaked reference count of nfsd4_ssc_umount_item Jeff Layton <jlayton(a)kernel.org> nfsd: clean up potential nfsd_file refcount leaks in COPY codepath Jeff Layton <jlayton(a)kernel.org> nfsd: allow nfsd_file_get to sanely handle a NULL pointer Dai Ngo <dai.ngo(a)oracle.com> NFSD: enhance inter-server copy cleanup Jeff Layton <jlayton(a)kernel.org> nfsd: don't destroy global nfs4_file table in per-net shutdown Jeff Layton <jlayton(a)kernel.org> nfsd: don't free files unconditionally in __nfsd_file_cache_purge Dai Ngo <dai.ngo(a)oracle.com> NFSD: replace delayed_work with work_struct for nfsd_client_shrinker Dai Ngo <dai.ngo(a)oracle.com> NFSD: register/unregister of nfsd-client shrinker at nfsd startup/shutdown time Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use set_bit(RQ_DROPME) Chuck Lever <chuck.lever(a)oracle.com> Revert "SUNRPC: Use RMW bitops in single-threaded hot paths" Jeff Layton <jlayton(a)kernel.org> nfsd: fix handling of cached open files in nfsd4_open codepath Jeff Layton <jlayton(a)kernel.org> nfsd: rework refcounting in filecache Kees Cook <keescook(a)chromium.org> NFSD: Avoid clashing function prototypes Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use only RQ_DROPME to signal the need to drop a reply Dai Ngo <dai.ngo(a)oracle.com> NFSD: add CB_RECALL_ANY tracepoints Dai Ngo <dai.ngo(a)oracle.com> NFSD: add delegation reaper to react to low memory condition Dai Ngo <dai.ngo(a)oracle.com> NFSD: add support for sending CB_RECALL_ANY Dai Ngo <dai.ngo(a)oracle.com> NFSD: refactoring courtesy_client_reaper to a generic low memory shrinker Chuck Lever <chuck.lever(a)oracle.com> trace: Relocate event helper files Jeff Layton <jlayton(a)kernel.org> lockd: fix file selection in nlmsvc_cancel_blocked Jeff Layton <jlayton(a)kernel.org> lockd: ensure we use the correct file descriptor when unlocking Jeff Layton <jlayton(a)kernel.org> lockd: set missing fl_flags field when retrieving args Xiu Jianfeng <xiujianfeng(a)huawei.com> NFSD: Use struct_size() helper in alloc_session() Jeff Layton <jlayton(a)kernel.org> nfsd: return error if nfs4_setacl fails Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add an nfsd_file_fsync tracepoint Jeff Layton <jlayton(a)kernel.org> nfsd: fix up the filecache laundrette scheduling Jeff Layton <jlayton(a)kernel.org> filelock: add a new locks_inode_context accessor function Jeff Layton <jlayton(a)kernel.org> nfsd: reorganize filecache.c Jeff Layton <jlayton(a)kernel.org> nfsd: remove the pages_flushed statistic from filecache Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix licensing header in filecache.c Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use rhashtable for managing nfs4_file objects Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor find_file() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up find_or_add_file() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add a nfsd4_file_hash_remove() helper Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfsd4_init_file() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update file_hashtbl() helpers Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use const pointers as parameters to fh_ helpers Chuck Lever <chuck.lever(a)oracle.com> NFSD: Trace delegation revocations Chuck Lever <chuck.lever(a)oracle.com> NFSD: Trace stateids returned via DELEGRETURN Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfs4_preprocess_stateid_op() call sites Chuck Lever <chuck.lever(a)oracle.com> NFSD: Flesh out a documenting comment for filecache.c Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add an NFSD_FILE_GC flag to enable nfsd_file garbage collection Chuck Lever <chuck.lever(a)oracle.com> NFSD: Revert "NFSD: NFSv4 CLOSE should release an nfsd_file immediately" Chuck Lever <chuck.lever(a)oracle.com> NFSD: Pass the target nfsd_file to nfsd_commit() David Disseldorp <ddiss(a)suse.de> exportfs: use pr_debug for unreachable debug statements Jeff Layton <jlayton(a)kernel.org> nfsd: allow disabling NFSv2 at compile time Jeff Layton <jlayton(a)kernel.org> nfsd: move nfserrno() to vfs.c Jeff Layton <jlayton(a)kernel.org> nfsd: ignore requests to disable unsupported versions Chuck Lever <chuck.lever(a)oracle.com> NFSD: Finish converting the NFSv3 GETACL result encoder Colin Ian King <colin.i.king(a)gmail.com> NFSD: Remove redundant assignment to variable host_err Anna Schumaker <Anna.Schumaker(a)Netapp.com> NFSD: Simplify READ_PLUS Jeff Layton <jlayton(a)kernel.org> nfsd: use locks_inode_context helper Jeff Layton <jlayton(a)kernel.org> lockd: use locks_inode_context helper Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix reads with a non-zero offset that don't end on a page boundary Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix trace_nfsd_fh_verify_err() crasher Jeff Layton <jlayton(a)kernel.org> nfsd: put the export reference in nfsd4_verify_deleg_dentry Jeff Layton <jlayton(a)kernel.org> nfsd: fix use-after-free in nfsd_file_do_acquire tracepoint Jeff Layton <jlayton(a)kernel.org> nfsd: fix net-namespace logic in __nfsd_file_cache_purge Jeff Layton <jlayton(a)kernel.org> nfsd: ensure we always call fh_verify_error tracepoint Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> NFSD: unregister shrinker when nfsd_init_net() fails Jeff Layton <jlayton(a)kernel.org> nfsd: rework hashtable handling in nfsd_do_file_acquire Jeff Layton <jlayton(a)kernel.org> nfsd: fix nfsd_file_unhash_and_dispose Gaosheng Cui <cuigaosheng1(a)huawei.com> fanotify: Remove obsoleted fanotify_event_has_path() Gaosheng Cui <cuigaosheng1(a)huawei.com> fsnotify: remove unused declaration Al Viro <viro(a)zeniv.linux.org.uk> fs/notify: constify path Jeff Layton <jlayton(a)kernel.org> nfsd: extra checks when freeing delegation stateids Jeff Layton <jlayton(a)kernel.org> nfsd: make nfsd4_run_cb a bool return function Jeff Layton <jlayton(a)kernel.org> nfsd: fix comments about spinlock handling with delegations Jeff Layton <jlayton(a)kernel.org> nfsd: only fill out return pointer on success in nfsd4_lookup_stateid Chuck Lever <chuck.lever(a)oracle.com> NFSD: Cap rsize_bop result based on send buffer size Chuck Lever <chuck.lever(a)oracle.com> NFSD: Rename the fields in copy_stateid_t ChenXiaoSong <chenxiaosong2(a)huawei.com> nfsd: use DEFINE_SHOW_ATTRIBUTE to define nfsd_file_cache_stats_fops ChenXiaoSong <chenxiaosong2(a)huawei.com> nfsd: use DEFINE_SHOW_ATTRIBUTE to define nfsd_reply_cache_stats_fops ChenXiaoSong <chenxiaosong2(a)huawei.com> nfsd: use DEFINE_SHOW_ATTRIBUTE to define client_info_fops ChenXiaoSong <chenxiaosong2(a)huawei.com> nfsd: use DEFINE_SHOW_ATTRIBUTE to define export_features_fops and supported_enctypes_fops ChenXiaoSong <chenxiaosong2(a)huawei.com> nfsd: use DEFINE_PROC_SHOW_ATTRIBUTE to define nfsd_proc_ops Chuck Lever <chuck.lever(a)oracle.com> NFSD: Pack struct nfsd4_compoundres Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove unused nfsd4_compoundargs::cachetype field Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove "inline" directives on op_rsize_bop helpers Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfs4svc_encode_compoundres() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up WRITE arg decoders Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use xdr_inline_decode() to decode NFSv3 symlinks Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor common code out of dirlist helpers Chuck Lever <chuck.lever(a)oracle.com> NFSD: Reduce amount of struct nfsd4_compoundargs that needs clearing Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Parametrize how much of argsize should be zeroed Dai Ngo <dai.ngo(a)oracle.com> NFSD: add shrinker to reap courtesy clients on low memory condition Dai Ngo <dai.ngo(a)oracle.com> NFSD: keep track of the number of courtesy clients in the system Chuck Lever <chuck.lever(a)oracle.com> NFSD: Make nfsd4_remove() wait before returning NFS4ERR_DELAY Chuck Lever <chuck.lever(a)oracle.com> NFSD: Make nfsd4_rename() wait before returning NFS4ERR_DELAY Chuck Lever <chuck.lever(a)oracle.com> NFSD: Make nfsd4_setattr() wait before returning NFS4ERR_DELAY Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd_setattr() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add a mechanism to wait for a DELEGRETURN Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add tracepoints to report NFSv4 callback completions Chuck Lever <chuck.lever(a)oracle.com> NFSD: Trace NFSv4 COMPOUND tags Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace dprintk() call site in fh_verify() Gaosheng Cui <cuigaosheng1(a)huawei.com> nfsd: remove nfsd4_prepare_cb_recall() declaration Jeff Layton <jlayton(a)kernel.org> nfsd: clean up mounted_on_fileid handling NeilBrown <neilb(a)suse.de> NFSD: drop fname and flen args from nfsd_create_locked() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Increase NFSD_MAX_OPS_PER_COMPOUND Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> nfsd: Propagate some error code returned by memdup_user() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> nfsd: Avoid some useless tests Jinpeng Cui <cui.jinpeng2(a)zte.com.cn> NFSD: remove redundant variable status Olga Kornievskaia <kolga(a)netapp.com> NFSD enforce filehandle check for source file in COPY Wolfram Sang <wsa+renesas(a)sang-engineering.com> lockd: move from strlcpy with unused retval to strscpy Wolfram Sang <wsa+renesas(a)sang-engineering.com> NFSD: move from strlcpy with unused retval to strscpy Al Viro <viro(a)zeniv.linux.org.uk> nfsd_splice_actor(): handle compound pages NeilBrown <neilb(a)suse.de> NFSD: fix regression with setting ACLs. NeilBrown <neilb(a)suse.de> NFSD: discard fh_locked flag and fh_lock/fh_unlock NeilBrown <neilb(a)suse.de> NFSD: use (un)lock_inode instead of fh_(un)lock for file operations NeilBrown <neilb(a)suse.de> NFSD: use explicit lock/unlock for directory ops NeilBrown <neilb(a)suse.de> NFSD: reduce locking in nfsd_lookup() NeilBrown <neilb(a)suse.de> NFSD: only call fh_unlock() once in nfsd_link() NeilBrown <neilb(a)suse.de> NFSD: always drop directory lock in nfsd_unlink() NeilBrown <neilb(a)suse.de> NFSD: change nfsd_create()/nfsd_symlink() to unlock directory before returning. NeilBrown <neilb(a)suse.de> NFSD: add posix ACLs to struct nfsd_attrs NeilBrown <neilb(a)suse.de> NFSD: add security label to struct nfsd_attrs NeilBrown <neilb(a)suse.de> NFSD: set attributes when creating symlinks NeilBrown <neilb(a)suse.de> NFSD: introduce struct nfsd_attrs Jeff Layton <jlayton(a)kernel.org> NFSD: verify the opened dentry after setting a delegation Jeff Layton <jlayton(a)kernel.org> NFSD: drop fh argument from alloc_init_deleg Chuck Lever <chuck.lever(a)oracle.com> NFSD: Move copy offload callback arguments into a separate structure Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add nfsd4_send_cb_offload() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove kmalloc from nfsd4_do_async_copy() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd4_do_copy() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd4_cleanup_inter_ssc() (2/2) Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd4_cleanup_inter_ssc() (1/2) Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace boolean fields in struct nfsd4_copy Chuck Lever <chuck.lever(a)oracle.com> NFSD: Make nfs4_put_copy() static Chuck Lever <chuck.lever(a)oracle.com> NFSD: Reorder the fields in struct nfsd4_op Chuck Lever <chuck.lever(a)oracle.com> NFSD: Shrink size of struct nfsd4_copy Chuck Lever <chuck.lever(a)oracle.com> NFSD: Shrink size of struct nfsd4_copy_notify Chuck Lever <chuck.lever(a)oracle.com> NFSD: nfserrno(-ENOMEM) is nfserr_jukebox Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix strncpy() fortify warning Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfsd4_encode_readlink() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use xdr_pad_size() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Simplify starting_len Chuck Lever <chuck.lever(a)oracle.com> NFSD: Optimize nfsd4_encode_readv() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add an nfsd4_read::rd_eof field Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up SPLICE_OK in nfsd4_encode_read() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Optimize nfsd4_encode_fattr() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Optimize nfsd4_encode_operation() Jeff Layton <jlayton(a)kernel.org> nfsd: silence extraneous printk on nfsd.ko insertion Dai Ngo <dai.ngo(a)oracle.com> NFSD: limit the number of v4 clients to 1024 per 1GB of system memory Dai Ngo <dai.ngo(a)oracle.com> NFSD: keep track of the number of v4 clients in the system Dai Ngo <dai.ngo(a)oracle.com> NFSD: refactoring v4 specific code to a helper in nfs4state.c Chuck Lever <chuck.lever(a)oracle.com> NFSD: Ensure nf_inode is never dereferenced Chuck Lever <chuck.lever(a)oracle.com> NFSD: NFSv4 CLOSE should release an nfsd_file immediately Chuck Lever <chuck.lever(a)oracle.com> NFSD: Move nfsd_file_trace_alloc() tracepoint Chuck Lever <chuck.lever(a)oracle.com> NFSD: Separate tracepoints for acquire and create Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up unused code after rhashtable conversion Chuck Lever <chuck.lever(a)oracle.com> NFSD: Convert the filecache to use rhashtable Chuck Lever <chuck.lever(a)oracle.com> NFSD: Set up an rhashtable for the filecache Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace the "init once" mechanism Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove nfsd_file::nf_hashval Chuck Lever <chuck.lever(a)oracle.com> NFSD: nfsd_file_hash_remove can compute hashval Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor __nfsd_file_close_inode() Chuck Lever <chuck.lever(a)oracle.com> NFSD: nfsd_file_unhash can compute hashval from nf->nf_inode Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove lockdep assertion from unhash_and_release_locked() Chuck Lever <chuck.lever(a)oracle.com> NFSD: No longer record nf_hashval in the trace log Chuck Lever <chuck.lever(a)oracle.com> NFSD: Never call nfsd_file_gc() in foreground paths Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix the filecache LRU shrinker Chuck Lever <chuck.lever(a)oracle.com> NFSD: Leave open files out of the filecache LRU Chuck Lever <chuck.lever(a)oracle.com> NFSD: Trace filecache LRU activity Chuck Lever <chuck.lever(a)oracle.com> NFSD: WARN when freeing an item still linked via nf_lru Chuck Lever <chuck.lever(a)oracle.com> NFSD: Hook up the filecache stat file Chuck Lever <chuck.lever(a)oracle.com> NFSD: Zero counters when the filecache is re-initialized Chuck Lever <chuck.lever(a)oracle.com> NFSD: Record number of flush calls Chuck Lever <chuck.lever(a)oracle.com> NFSD: Report the number of items evicted by the LRU walk Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd_file_lru_scan() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd_file_gc() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add nfsd_file_lru_dispose_list() helper Chuck Lever <chuck.lever(a)oracle.com> NFSD: Report average age of filecache items Chuck Lever <chuck.lever(a)oracle.com> NFSD: Report count of freed filecache items Chuck Lever <chuck.lever(a)oracle.com> NFSD: Report count of calls to nfsd_file_acquire() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Report filecache LRU size Chuck Lever <chuck.lever(a)oracle.com> NFSD: Demote a WARN to a pr_warn() Colin Ian King <colin.i.king(a)gmail.com> nfsd: remove redundant assignment to variable len Zhang Jiaming <jiaming(a)nfschina.com> NFSD: Fix space and spelling mistake Chuck Lever <chuck.lever(a)oracle.com> NFSD: Instrument fh_verify() Benjamin Coddington <bcodding(a)redhat.com> NLM: Defend against file_lock changes after vfs_test_lock() Xin Gao <gaoxin(a)cdjrlc.com> fsnotify: Fix comment typo Amir Goldstein <amir73il(a)gmail.com> fanotify: introduce FAN_MARK_IGNORE Amir Goldstein <amir73il(a)gmail.com> fanotify: cleanups for fanotify_mark() input validations Amir Goldstein <amir73il(a)gmail.com> fanotify: prepare for setting event flags in ignore mask Oliver Ford <ojford(a)gmail.com> fs: inotify: Fix typo in inotify comment Chuck Lever <chuck.lever(a)oracle.com> NFSD: Decode NFSv4 birth time attribute Amir Goldstein <amir73il(a)gmail.com> fanotify: refine the validation checks on non-dir inode mask NeilBrown <neilb(a)suse.de> NFS: restore module put when manager exits. Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix potential use-after-free in nfsd_file_put() Chuck Lever <chuck.lever(a)oracle.com> NFSD: nfsd_file_put() can sleep Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add documenting comment for nfsd4_release_lockowner() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Modernize nfsd4_release_lockowner() Zhang Xiaoxu <zhangxiaoxu5(a)huawei.com> nfsd: Fix null-ptr-deref in nfsd_fill_super() Zhang Xiaoxu <zhangxiaoxu5(a)huawei.com> nfsd: Unregister the cld notifier when laundry_wq create failed Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Use RMW bitops in single-threaded hot paths Chuck Lever <chuck.lever(a)oracle.com> NFSD: Trace filecache opens Chuck Lever <chuck.lever(a)oracle.com> NFSD: Move documenting comment for nfsd4_process_open2() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix whitespace Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove dprintk call sites from tail of nfsd4_open() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Instantiate a struct file when creating a regular NFSv4 file Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfsd_open_verified() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove do_nfsd_create() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor NFSv4 OPEN(CREATE) Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor NFSv3 CREATE Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd_create_setattr() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Avoid calling fh_drop_write() twice in do_nfsd_create() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfsd3_proc_create() Dai Ngo <dai.ngo(a)oracle.com> NFSD: Show state of courtesy client in client info Dai Ngo <dai.ngo(a)oracle.com> NFSD: add support for lock conflict to courteous server Dai Ngo <dai.ngo(a)oracle.com> fs/lock: add 2 callbacks to lock_manager_operations to resolve conflict Dai Ngo <dai.ngo(a)oracle.com> fs/lock: add helper locks_owner_has_blockers to check for blockers Dai Ngo <dai.ngo(a)oracle.com> NFSD: move create/destroy of laundry_wq to init_nfsd and exit_nfsd Dai Ngo <dai.ngo(a)oracle.com> NFSD: add support for share reservation conflict to courteous server Dai Ngo <dai.ngo(a)oracle.com> NFSD: add courteous server support for thread with only delegation Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfsd_splice_actor() Vasily Averin <vvs(a)openvz.org> fanotify: fix incorrect fmode_t casts Amir Goldstein <amir73il(a)gmail.com> fsnotify: consistent behavior for parent not watching children Amir Goldstein <amir73il(a)gmail.com> fsnotify: introduce mark type iterator Amir Goldstein <amir73il(a)gmail.com> fanotify: enable "evictable" inode marks Amir Goldstein <amir73il(a)gmail.com> fanotify: use fsnotify group lock helpers Amir Goldstein <amir73il(a)gmail.com> fanotify: implement "evictable" inode marks Amir Goldstein <amir73il(a)gmail.com> fanotify: factor out helper fanotify_mark_update_flags() Amir Goldstein <amir73il(a)gmail.com> fanotify: create helper fanotify_mark_user_flags() Amir Goldstein <amir73il(a)gmail.com> fsnotify: allow adding an inode mark without pinning inode Amir Goldstein <amir73il(a)gmail.com> dnotify: use fsnotify group lock helpers Amir Goldstein <amir73il(a)gmail.com> nfsd: use fsnotify group lock helpers Amir Goldstein <amir73il(a)gmail.com> inotify: use fsnotify group lock helpers Amir Goldstein <amir73il(a)gmail.com> fsnotify: create helpers for group mark_mutex lock Amir Goldstein <amir73il(a)gmail.com> fsnotify: make allow_dups a property of the group Amir Goldstein <amir73il(a)gmail.com> fsnotify: pass flags argument to fsnotify_alloc_group() Amir Goldstein <amir73il(a)gmail.com> inotify: move control flags from mask to mark flags Dai Ngo <dai.ngo(a)oracle.com> fs/lock: documentation cleanup. Replace inode->i_lock with flc_lock. Amir Goldstein <amir73il(a)gmail.com> fanotify: do not allow setting dirent events in mask of non-dir Trond Myklebust <trond.myklebust(a)hammerspace.com> nfsd: Clean up nfsd_file_put() Trond Myklebust <trond.myklebust(a)hammerspace.com> nfsd: Fix a write performance regression Bang Li <libang.linuxer(a)gmail.com> fsnotify: remove redundant parameter judgment Amir Goldstein <amir73il(a)gmail.com> fsnotify: optimize FS_MODIFY events with no ignored masks Amir Goldstein <amir73il(a)gmail.com> fsnotify: fix merge with parent's ignored mask Jakob Koschel <jakobkoschel(a)gmail.com> nfsd: fix using the correct variable for sizeof() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up _lm_ operation names Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove CONFIG_NFSD_V3 Chuck Lever <chuck.lever(a)oracle.com> NFSD: Move svc_serv_ops::svo_function into struct svc_serv Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove svc_serv_ops::svo_module Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Remove svc_shutdown_net() Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Rename svc_close_xprt() Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Rename svc_create_xprt() Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Remove svo_shutdown method Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Merge svc_do_enqueue_xprt() into svc_enqueue_xprt() Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Remove the .svo_enqueue_xprt method Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove NFSD_PROC_ARGS_* macros Chuck Lever <chuck.lever(a)oracle.com> NFSD: Streamline the rare "found" case Chuck Lever <chuck.lever(a)oracle.com> NFSD: Skip extra computation for RC_NOCACHE case Chuck Lever <chuck.lever(a)oracle.com> orDate: Thu Sep 30 19:19:57 2021 -0400 Ondrej Valousek <ondrej.valousek.xm(a)renesas.com> nfsd: Add support for the birth time attribute Chuck Lever <chuck.lever(a)oracle.com> NFSD: Deprecate NFS_OFFSET_MAX Amir Goldstein <amir73il(a)gmail.com> fsnotify: invalidate dcache before IN_DELETE event Chuck Lever <chuck.lever(a)oracle.com> NFSD: Move fill_pre_wcc() and fill_post_wcc() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Trace boot verifier resets Chuck Lever <chuck.lever(a)oracle.com> NFSD: Rename boot verifier functions Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up the nfsd_net::nfssvc_boot field Chuck Lever <chuck.lever(a)oracle.com> NFSD: Write verifier might go backwards Trond Myklebust <trond.myklebust(a)hammerspace.com> nfsd: Add a tracepoint for errors in nfsd4_clone_file_range() Chuck Lever <chuck.lever(a)oracle.com> NFSD: De-duplicate net_generic(SVC_NET(rqstp), nfsd_net_id) Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfsd_vfs_write() Jeff Layton <jeff.layton(a)primarydata.com> nfsd: Retry once in nfsd_open on an -EOPENSTALE return Jeff Layton <jeff.layton(a)primarydata.com> nfsd: Add errno mapping for EREMOTEIO Peng Tao <tao.peng(a)primarydata.com> nfsd: map EBADF Vasily Averin <vvs(a)virtuozzo.com> nfsd4: add refcount for nfsd4_blocked_lock J. Bruce Fields <bfields(a)redhat.com> nfs: block notification on fs with its own ->lock Chuck Lever <chuck.lever(a)oracle.com> NFSD: De-duplicate nfsd4_decode_bitmap4() J. Bruce Fields <bfields(a)redhat.com> nfsd: improve stateid access bitmask documentation Chuck Lever <chuck.lever(a)oracle.com> NFSD: Combine XDR error tracepoints NeilBrown <neilb(a)suse.de> NFSD: simplify per-net file cache management Jiapeng Chong <jiapeng.chong(a)linux.alibaba.com> NFSD: Fix inconsistent indenting Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove be32_to_cpu() from DRC hash function NeilBrown <neilb(a)suse.de> NFS: switch the callback service back to non-pooled. NeilBrown <neilb(a)suse.de> lockd: use svc_set_num_threads() for thread start and stop NeilBrown <neilb(a)suse.de> SUNRPC: always treat sv_nrpools==1 as "not pooled" NeilBrown <neilb(a)suse.de> SUNRPC: move the pool_map definitions (back) into svc.c NeilBrown <neilb(a)suse.de> lockd: rename lockd_create_svc() to lockd_get() NeilBrown <neilb(a)suse.de> lockd: introduce lockd_put() NeilBrown <neilb(a)suse.de> lockd: move svc_exit_thread() into the thread NeilBrown <neilb(a)suse.de> lockd: move lockd_start_svc() call into lockd_create_svc() NeilBrown <neilb(a)suse.de> lockd: simplify management of network status notifiers NeilBrown <neilb(a)suse.de> lockd: introduce nlmsvc_serv NeilBrown <neilb(a)suse.de> NFSD: simplify locking for network notifier. NeilBrown <neilb(a)suse.de> SUNRPC: discard svo_setup and rename svc_set_num_threads_sync() NeilBrown <neilb(a)suse.de> NFSD: Make it possible to use svc_set_num_threads_sync NeilBrown <neilb(a)suse.de> NFSD: narrow nfsd_mutex protection in nfsd thread NeilBrown <neilb(a)suse.de> SUNRPC: use sv_lock to protect updates to sv_nrthreads. NeilBrown <neilb(a)suse.de> nfsd: make nfsd_stats.th_cnt atomic_t NeilBrown <neilb(a)suse.de> SUNRPC: stop using ->sv_nrthreads as a refcount NeilBrown <neilb(a)suse.de> SUNRPC/NFSD: clean up get/put functions. NeilBrown <neilb(a)suse.de> SUNRPC: change svc_get() to return the svc. NeilBrown <neilb(a)suse.de> NFSD: handle errors better in write_ports_addfd() Eric W. Biederman <ebiederm(a)xmission.com> exit: Rename module_put_and_exit to module_put_and_kthread_exit Eric W. Biederman <ebiederm(a)xmission.com> exit: Implement kthread_exit Amir Goldstein <amir73il(a)gmail.com> fanotify: wire up FAN_RENAME event Amir Goldstein <amir73il(a)gmail.com> fanotify: report old and/or new parent+name in FAN_RENAME event Amir Goldstein <amir73il(a)gmail.com> fanotify: record either old name new name or both for FAN_RENAME Amir Goldstein <amir73il(a)gmail.com> fanotify: record old and new parent and name in FAN_RENAME event Amir Goldstein <amir73il(a)gmail.com> fanotify: support secondary dir fh and name in fanotify_info Amir Goldstein <amir73il(a)gmail.com> fanotify: use helpers to parcel fanotify_info buffer Amir Goldstein <amir73il(a)gmail.com> fanotify: use macros to get the offset to fanotify_info buffer Amir Goldstein <amir73il(a)gmail.com> fsnotify: generate FS_RENAME event with rich information Amir Goldstein <amir73il(a)gmail.com> fanotify: introduce group flag FAN_REPORT_TARGET_FID Amir Goldstein <amir73il(a)gmail.com> fsnotify: separate mark iterator type from object type enum Amir Goldstein <amir73il(a)gmail.com> fsnotify: clarify object type argument Gabriel Krisman Bertazi <krisman(a)collabora.com> ext4: fix error code saved on super block during file system abort J. Bruce Fields <bfields(a)redhat.com> nfsd4: remove obselete comment Changcheng Deng <deng.changcheng(a)zte.com.cn> NFSD:fix boolreturn.cocci warning J. Bruce Fields <bfields(a)redhat.com> nfsd: update create verifier comment Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Change return value type of .pc_encode Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Replace the "__be32 *p" parameter to .pc_encode Chuck Lever <chuck.lever(a)oracle.com> NFSD: Save location of NFSv4 COMPOUND status Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Change return value type of .pc_decode Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Replace the "__be32 *p" parameter to .pc_decode Colin Ian King <colin.king(a)canonical.com> NFSD: Initialize pointer ni with NULL and not plain integer 0 NeilBrown <neilb(a)suse.de> NFSD: simplify struct nfsfh NeilBrown <neilb(a)suse.de> NFSD: drop support for ancient filehandles NeilBrown <neilb(a)suse.de> NFSD: move filehandle format declarations out of "uapi". Chuck Lever <chuck.lever(a)oracle.com> NFSD: Optimize DRC bucket pruning Chuck Lever <chuck.lever(a)oracle.com> NFS: Move NFS protocol display macros to global header Chuck Lever <chuck.lever(a)oracle.com> NFS: Move generic FS show macros to global header Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Tracepoints should display tk_pid and cl_clid as a fixed-size field Chuck Lever <chuck.lever(a)oracle.com> NFS: Remove unnecessary TRACE_DEFINE_ENUM()s Gabriel Krisman Bertazi <krisman(a)collabora.com> docs: Document the FAN_FS_ERROR event Gabriel Krisman Bertazi <krisman(a)collabora.com> ext4: Send notifications on error Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Allow users to request FAN_FS_ERROR events Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Emit generic error info for error event Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Report fid info for file related file system errors Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: WARN_ON against too large file handles Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Add helpers to decide whether to report FID/DFID Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Wrap object_fh inline space in a creator macro Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Support merging of error events Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Support enqueueing of error events Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Pre-allocate pool of error events Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Reserve UAPI bits for FAN_FS_ERROR Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Support FS_ERROR event type Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Require fid_mode for any non-fd event Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Encode empty file handle when no inode is provided Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Allow file handle encoding for unhashed events Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Support null inode event in fanotify_dfid_inode Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Pass group argument to free_event Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Protect fsnotify_handle_inode_event from no-inode events Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Retrieve super block from the data field Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Add wrapper around fsnotify_add_event Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Add helper to detect overflow_event Gabriel Krisman Bertazi <krisman(a)collabora.com> inotify: Don't force FS_IN_IGNORED Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Split fsid check from other fid mode checks Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Fold event size calculation to its own function Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Don't insert unmergeable events in hashtable Amir Goldstein <amir73il(a)gmail.com> fsnotify: clarify contract for create event hooks Amir Goldstein <amir73il(a)gmail.com> fsnotify: pass dentry instead of inode data Amir Goldstein <amir73il(a)gmail.com> fsnotify: pass data_type to fsnotify_name() Peter Zijlstra <peterz(a)infradead.org> x86/static_call: Add support for Jcc tail-calls Peter Zijlstra <peterz(a)infradead.org> x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 instructions Peter Zijlstra <peterz(a)infradead.org> x86/alternatives: Introduce int3_emulate_jcc() Thomas Gleixner <tglx(a)linutronix.de> x86/asm: Differentiate between code and function alignment Peter Zijlstra <peterz(a)infradead.org> arch: Introduce CONFIG_FUNCTION_ALIGNMENT Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/rfds: Mitigate Register File Data Sampling (RFDS) Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> Documentation/hw-vuln: Add documentation for RFDS Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> KVM/VMX: Move VERW closer to VMentry for MDS mitigation Sean Christopherson <seanjc(a)google.com> KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/entry_32: Add VERW just before userspace transition Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/entry_64: Add VERW just before userspace transition Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Add asm helpers for executing VERW H. Peter Anvin (Intel) <hpa(a)zytor.com> x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Limit stage2_apply_range() batch size to largest block Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Work out supported block level at compile time Rickard x Andersson <rickaran(a)axis.com> tty: serial: imx: Fix broken RS485 John Ogness <john.ogness(a)linutronix.de> printk: Update @console_may_schedule in console_trylock_spinning() Nicolin Chen <nicolinc(a)nvidia.com> iommu/dma: Force swiotlb_max_mapping_size on an untrusted device John Garry <john.garry(a)huawei.com> dma-iommu: add iommu_dma_opt_mapping_size() John Garry <john.garry(a)huawei.com> dma-mapping: add dma_opt_mapping_size() Will Deacon <will(a)kernel.org> swiotlb: Fix alignment checks when both allocation and DMA masks are present David Laight <David.Laight(a)ACULAB.COM> minmax: add umin(a, b) and umax(a, b) André Rösti <an.roesti(a)gmail.com> entry: Respect changes to system call number by trace_sys_enter() Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> clocksource/drivers/arm_global_timer: Fix maximum prescaler value Jarred White <jarredwhite(a)linux.microsoft.com> ACPI: CPPC: Use access_width over bit_width for system memory accesses Maximilian Heyne <mheyne(a)amazon.de> xen/events: close evtchn after mapping cleanup Heiner Kallweit <hkallweit1(a)gmail.com> i2c: i801: Avoid potential double call to gpiod_remove_lookup_table Sumit Garg <sumit.garg(a)linaro.org> tee: optee: Fix kernel panic caused by incorrect error handling Bart Van Assche <bvanassche(a)acm.org> fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion Nicolas Pitre <nico(a)fluxnic.net> vt: fix unicode buffer corruption when deleting characters Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add arrow lake point H DID Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add arrow lake point S DID Sherry Sun <sherry.sun(a)nxp.com> tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled Mathias Nyman <mathias.nyman(a)linux.intel.com> usb: port: Don't try to peer unused USB ports based on location Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: gadget: ncm: Fix handling of zero block length packets Alan Stern <stern(a)rowland.harvard.edu> USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform Nirmoy Das <nirmoy.das(a)intel.com> drm/i915: Check before removing mm notifier Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Use .flush() call to wake up readers Sean Christopherson <seanjc(a)google.com> KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() Nathan Chancellor <nathan(a)kernel.org> xfrm: Avoid clang fortify warning in copy_to_user_tmpl() Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject constant set with timeout Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: disallow anonymous set with timeout flag Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> cpufreq: brcmstb-avs-cpufreq: fix up "add check for cpufreq_cpu_get's return value" Geert Uytterhoeven <geert+renesas(a)glider.be> net: ravb: Add R-Car Gen4 support Anton Altaparmakov <anton(a)tuxera.com> x86/pm: Work around false positive kmemleak report in msr_build_context() Mikulas Patocka <mpatocka(a)redhat.com> dm snapshot: fix lockup in dm_exception_table_exit Leo Ma <hanghong.ma(a)amd.com> drm/amd/display: Fix noise issue on HDMI AV mute Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> drm/amd/display: Return the correct HDCP error code Philip Yang <Philip.Yang(a)amd.com> drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag Conrad Kostecki <conikost(a)gentoo.org> ahci: asm1064: asm1166: don't limit reported ports Andrey Jr. Melnikov <temnota.am(a)gmail.com> ahci: asm1064: correct count of reported ports Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: netlink: access device through ctx instead of peer Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: netlink: check for dangling peer via is_dead instead of empty list Steven Rostedt (Google) <rostedt(a)goodmis.org> net: hns3: tracing: fix hclgevf trace event strings Steven Rostedt (Google) <rostedt(a)goodmis.org> NFSD: Fix nfsd_clid_class use of __string_len() macro Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Update the Zenbleed microcode revisions Marek Szyprowski <m.szyprowski(a)samsung.com> cpufreq: dt: always allocate zeroed cpumask Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: prevent kernel bug at submit_bh_wbc() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix failure to detect DAT corruption in btree and direct mappings Qiang Zhang <qiang4.zhang(a)intel.com> memtest: use {READ,WRITE}_ONCE in memory scanning Jani Nikula <jani.nikula(a)intel.com> drm/vc4: hdmi: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/imx/ipuv3: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/exynos: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/panel: do not return negative error codes from drm_panel_get_modes() Harald Freudenberger <freude(a)linux.ibm.com> s390/zcrypt: fix reference counting on zcrypt card objects Sean Anderson <sean.anderson(a)linux.dev> soc: fsl: qbman: Use raw spinlock for cgr_lock Sean Anderson <sean.anderson(a)seco.com> soc: fsl: qbman: Add CGR update function Sean Anderson <sean.anderson(a)seco.com> soc: fsl: qbman: Add helper for sanity checking cgr ops Sean Anderson <sean.anderson(a)linux.dev> soc: fsl: qbman: Always disable interrupts when taking cgr_lock Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix full_waiters_pending in poll Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix resetting of shortest_full Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Do not set shortest_full when full target is hit Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix waking up ring buffer readers Marios Makassikis <mmakassikis(a)freebox.fr> ksmbd: retrieve number of blocks using vfs_getattr in set_file_allocation_info Alex Williamson <alex.williamson(a)redhat.com> vfio/platform: Disable virqfds on cleanup Niklas Cassel <cassel(a)kernel.org> PCI: dwc: endpoint: Fix advertised resizable BAR size Nathan Chancellor <nathan(a)kernel.org> kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 Josef Bacik <josef(a)toxicpanda.com> nfs: fix UAF in direct writes Stanislaw Gruszka <stanislaw.gruszka(a)linux.intel.com> PCI/AER: Block runtime suspend when handling errors Samuel Thibault <samuel.thibault(a)ens-lyon.org> speakup: Fix 8bit characters from direct synth Wayne Chang <waynec(a)nvidia.com> usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic Wayne Chang <waynec(a)nvidia.com> phy: tegra: xusb: Add API to retrieve the port number of phy Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> slimbus: core: Remove usage of the deprecated ida_simple_xx() API Jerome Brunet <jbrunet(a)baylibre.com> nvmem: meson-efuse: fix function pointer type mismatch Maximilian Heyne <mheyne(a)amazon.de> ext4: fix corruption during on-line resize Josua Mayer <josua(a)solid-run.com> hwmon: (amc6821) add of_match table Mickaël Salaün <mic(a)digikod.net> landlock: Warn once if a Landlock action is requested while disabled Christian Gmeiner <cgmeiner(a)igalia.com> drm/etnaviv: Restore some id values Dominique Martinet <dominique.martinet(a)atmark-techno.com> mmc: core: Fix switch on gp3 partition Ryan Roberts <ryan.roberts(a)arm.com> mm: swap: fix race between free_swap_and_cache() and swapoff() Huang Ying <ying.huang(a)intel.com> swap: comments get_swap_device() with usage rule Fedor Pchelkin <pchelkin(a)ispras.ru> mac802154: fix llsec key resources release in mac802154_llsec_key_del Yu Kuai <yukuai3(a)huawei.com> dm-raid: fix lockdep waring in "pers->hot_add_disk" Paul Menzel <pmenzel(a)molgen.mpg.de> PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports Mika Westerberg <mika.westerberg(a)linux.intel.com> PCI/DPC: Quirk PIO log size for certain Intel Root Ports Mika Westerberg <mika.westerberg(a)linux.intel.com> PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited Bjorn Helgaas <bhelgaas(a)google.com> PCI: Work around Intel I210 ROM BAR overlap defect Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PCI/PM: Drain runtime-idle callbacks before driver removal Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> PCI: Drop pci_device_remove() test of pci_dev->driver Filipe Manana <fdmanana(a)suse.com> btrfs: fix off-by-one chunk length calculation at contains_pending_extent() Peter Collingbourne <pcc(a)google.com> serial: Lock console when calling into driver before registration Petr Mladek <pmladek(a)suse.com> printk/console: Split out code that enables default console Jameson Thies <jthies(a)google.com> usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros Miklos Szeredi <mszeredi(a)redhat.com> fuse: don't unhash root Miklos Szeredi <mszeredi(a)redhat.com> fuse: fix root lookup with nonzero generation Wolfram Sang <wsa+renesas(a)sang-engineering.com> mmc: tmio: avoid concurrent runs of mmc_request_done() Qingliang Li <qingliang.li(a)mediatek.com> PM: sleep: wakeirq: fix wake irq warning in system suspend Toru Katagiri <Toru.Katagiri(a)tdk.com> USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M Aurélien Jacobs <aurel(a)gnuage.org> USB: serial: option: add MeiG Smart SLM320 product Christian Häggström <christian.haggstrom(a)orexplore.com> USB: serial: cp210x: add ID for MGP Instruments PDS100 Cameron Williams <cang1(a)live.co.uk> USB: serial: add device ID for VeriFone adapter Daniel Vogelbacher <daniel(a)chaospixel.com> USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB Michael Ellerman <mpe(a)ellerman.id.au> powerpc/fsl: Fix mfpmr build errors with newer binutils Prashanth K <quic_prashk(a)quicinc.com> usb: xhci: Add error handling in xhci_map_urb_for_dma Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays Maulik Shah <quic_mkshah(a)quicinc.com> PM: suspend: Set mem_sleep_current during kernel command line setup Guenter Roeck <linux(a)roeck-us.net> parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds Guenter Roeck <linux(a)roeck-us.net> parisc: Fix csum_ipv6_magic on 64-bit systems Guenter Roeck <linux(a)roeck-us.net> parisc: Fix csum_ipv6_magic on 32-bit systems Guenter Roeck <linux(a)roeck-us.net> parisc: Fix ip_fast_csum John David Anglin <dave.anglin(a)bell.net> parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt macros Arseniy Krasnov <avkrasnov(a)salutedevices.com> mtd: rawnand: meson: fix scrambling mode value in command macro Zhang Yi <yi.zhang(a)huawei.com> ubi: correct the calculation of fastmap size Richard Weinberger <richard(a)nod.at> ubi: Check for too small LEB size in VTBL code Matthew Wilcox (Oracle) <willy(a)infradead.org> ubifs: Set page uptodate in the correct place Jan Kara <jack(a)suse.cz> fat: fix uninitialized field in nostale filehandles Matthew Wilcox (Oracle) <willy(a)infradead.org> bounds: support non-power-of-two CONFIG_NR_CPUS Arnd Bergmann <arnd(a)arndb.de> kasan/test: avoid gcc warning for intentional overflow Peter Collingbourne <pcc(a)google.com> kasan: test: add memcpy test that avoids out-of-bounds write Damien Le Moal <dlemoal(a)kernel.org> block: Clear zone limits for a non-zoned stacked queue Baokun Li <libaokun1(a)huawei.com> ext4: correct best extent lstart adjustment logic SeongJae Park <sj(a)kernel.org> selftests/mqueue: Set timeout to 180 seconds Damian Muszynski <damian.muszynski(a)intel.com> crypto: qat - resolve race condition during AER recovery Svyatoslav Pankratov <svyatoslav.pankratov(a)intel.com> crypto: qat - fix double free during reset Randy Dunlap <rdunlap(a)infradead.org> sparc: vDSO: fix return value of __setup handler Randy Dunlap <rdunlap(a)infradead.org> sparc64: NMI watchdog: fix return value of __setup handler Sean Christopherson <seanjc(a)google.com> KVM: Always flush async #PF workqueue when vCPU is being destroyed Gui-Dong Han <2045gemini(a)gmail.com> media: xc4000: Fix atomicity violation in xc4000_get_frequency Philipp Stanner <pstanner(a)redhat.com> pci_iounmap(): Fix MMIO mapping leak Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix possible null pointer derefence with invalid contexts Duje Mihanović <duje.mihanovic(a)skole.hr> arm: dts: marvell: Fix maxium->maxim typo in brownstone dts Roberto Sassu <roberto.sassu(a)huawei.com> smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() Roberto Sassu <roberto.sassu(a)huawei.com> smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() Amit Pundir <amit.pundir(a)linaro.org> clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd Hidenori Kobayashi <hidenorik(a)chromium.org> media: staging: ipu3-imgu: Set fields before media_entity_pads_init() Zheng Wang <zyytlz.wz(a)163.com> wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach Thomas Gleixner <tglx(a)linutronix.de> timers: Rename del_timer_sync() to timer_delete_sync() Thomas Gleixner <tglx(a)linutronix.de> timers: Use del_timer_sync() even on UP Thomas Gleixner <tglx(a)linutronix.de> timers: Update kernel-doc for various functions Jim Mattson <jmattson(a)google.com> KVM: x86: Use a switch statement and macros in __feature_translate() Jim Mattson <jmattson(a)google.com> KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace Sean Christopherson <seanjc(a)google.com> KVM: x86: Update KVM-only leaf handling to allow for 100% KVM-only leafs Borislav Petkov <bp(a)suse.de> x86/bugs: Use sysfs_emit() Kim Phillips <kim.phillips(a)amd.com> x86/cpu: Support AMD Automatic IBRS Lin Yujun <linyujun809(a)huawei.com> Documentation/hw-vuln: Update spectre doc ------------- Diffstat: Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + .../admin-guide/filesystem-monitoring.rst | 74 ++ Documentation/admin-guide/hw-vuln/index.rst | 1 + .../admin-guide/hw-vuln/reg-file-data-sampling.rst | 104 ++ Documentation/admin-guide/hw-vuln/spectre.rst | 66 +- Documentation/admin-guide/index.rst | 1 + Documentation/admin-guide/kernel-parameters.txt | 39 +- Documentation/core-api/dma-api.rst | 14 + Documentation/filesystems/locking.rst | 10 +- Documentation/filesystems/nfs/exporting.rst | 33 + Documentation/x86/mds.rst | 34 +- MAINTAINERS | 7 + Makefile | 8 +- arch/Kconfig | 24 + arch/arm/boot/dts/mmp2-brownstone.dts | 2 +- arch/arm64/boot/dts/qcom/sc7180-trogdor.dtsi | 2 + arch/arm64/include/asm/kvm_pgtable.h | 18 +- arch/arm64/include/asm/stage2_pgtable.h | 20 - arch/arm64/kvm/mmu.c | 9 +- arch/hexagon/kernel/vmlinux.lds.S | 1 + arch/ia64/Kconfig | 1 + arch/ia64/Makefile | 2 +- arch/openrisc/kernel/dma.c | 16 +- arch/parisc/include/asm/assembly.h | 18 +- arch/parisc/include/asm/checksum.h | 10 +- arch/powerpc/include/asm/reg_fsl_emb.h | 11 +- arch/powerpc/lib/Makefile | 2 +- arch/riscv/include/asm/uaccess.h | 4 +- arch/riscv/kernel/process.c | 3 - arch/s390/kernel/entry.S | 1 + arch/sparc/kernel/nmi.c | 2 +- arch/sparc/vdso/vma.c | 7 +- arch/x86/Kconfig | 38 + arch/x86/boot/compressed/head_64.S | 8 + arch/x86/entry/common.c | 6 +- arch/x86/entry/entry.S | 23 + arch/x86/entry/entry_32.S | 3 + arch/x86/entry/entry_64.S | 72 ++ arch/x86/entry/entry_64_compat.S | 4 + arch/x86/entry/syscall_32.c | 21 +- arch/x86/entry/syscall_64.c | 19 +- arch/x86/entry/syscall_x32.c | 10 +- arch/x86/include/asm/asm-prototypes.h | 1 + arch/x86/include/asm/asm.h | 5 + arch/x86/include/asm/cpufeature.h | 8 +- arch/x86/include/asm/cpufeatures.h | 18 +- arch/x86/include/asm/disabled-features.h | 3 +- arch/x86/include/asm/entry-common.h | 1 - arch/x86/include/asm/linkage.h | 12 +- arch/x86/include/asm/msr-index.h | 19 +- arch/x86/include/asm/nospec-branch.h | 64 +- arch/x86/include/asm/required-features.h | 3 +- arch/x86/include/asm/suspend_32.h | 10 +- arch/x86/include/asm/syscall.h | 10 +- arch/x86/include/asm/text-patching.h | 31 + arch/x86/kernel/alternative.c | 56 +- arch/x86/kernel/cpu/amd.c | 10 +- arch/x86/kernel/cpu/bugs.c | 360 ++++-- arch/x86/kernel/cpu/common.c | 77 +- arch/x86/kernel/cpu/mce/core.c | 4 +- arch/x86/kernel/cpu/scattered.c | 1 + arch/x86/kernel/kprobes/core.c | 38 +- arch/x86/kernel/nmi.c | 3 - arch/x86/kernel/static_call.c | 50 +- arch/x86/kvm/cpuid.c | 29 +- arch/x86/kvm/reverse_cpuid.h | 45 +- arch/x86/kvm/svm/sev.c | 18 +- arch/x86/kvm/vmx/run_flags.h | 7 +- arch/x86/kvm/vmx/vmenter.S | 11 +- arch/x86/kvm/vmx/vmx.c | 12 +- arch/x86/kvm/x86.c | 17 +- arch/x86/lib/retpoline.S | 5 +- arch/x86/mm/ident_map.c | 23 +- block/blk-settings.c | 4 + crypto/algboss.c | 4 +- drivers/accessibility/speakup/synth.c | 4 +- drivers/acpi/acpica/dbnames.c | 8 +- drivers/acpi/cppc_acpi.c | 27 +- drivers/ata/ahci.c | 5 - drivers/ata/sata_mv.c | 63 +- drivers/ata/sata_sx4.c | 6 +- drivers/base/core.c | 26 +- drivers/base/cpu.c | 8 + drivers/base/power/wakeirq.c | 4 +- drivers/clk/qcom/gcc-ipq6018.c | 2 + drivers/clk/qcom/gcc-ipq8074.c | 2 + drivers/clk/qcom/gcc-sdm845.c | 1 + drivers/clk/qcom/mmcc-apq8084.c | 2 + drivers/clk/qcom/mmcc-msm8974.c | 2 + drivers/clocksource/arm_global_timer.c | 2 +- drivers/cpufreq/brcmstb-avs-cpufreq.c | 5 +- drivers/cpufreq/cpufreq-dt.c | 2 +- drivers/crypto/qat/qat_common/adf_aer.c | 23 +- drivers/firmware/efi/vars.c | 17 +- drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 8 +- drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c | 12 +- .../gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 + drivers/gpu/drm/drm_panel.c | 17 +- drivers/gpu/drm/etnaviv/etnaviv_drv.c | 2 +- drivers/gpu/drm/etnaviv/etnaviv_hwdb.c | 9 + drivers/gpu/drm/exynos/exynos_drm_vidi.c | 4 +- drivers/gpu/drm/exynos/exynos_hdmi.c | 4 +- drivers/gpu/drm/i915/gem/i915_gem_userptr.c | 3 + drivers/gpu/drm/i915/gt/intel_engine_pm.c | 3 - .../gpu/drm/i915/gt/intel_execlists_submission.c | 3 + drivers/gpu/drm/imx/parallel-display.c | 4 +- drivers/gpu/drm/vc4/vc4_hdmi.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 14 +- drivers/hid/uhid.c | 20 +- drivers/hwmon/amc6821.c | 11 + drivers/i2c/busses/i2c-i801.c | 4 +- drivers/infiniband/core/cm_trace.h | 2 +- drivers/infiniband/core/cma_trace.h | 2 +- drivers/iommu/dma-iommu.c | 15 + drivers/iommu/iova.c | 5 + drivers/md/dm-integrity.c | 2 +- drivers/md/dm-raid.c | 2 + drivers/md/dm-snap.c | 4 +- drivers/media/tuners/xc4000.c | 4 +- drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/mmc/core/block.c | 14 +- drivers/mmc/host/tmio_mmc_core.c | 2 + drivers/mtd/nand/raw/meson_nand.c | 2 +- drivers/mtd/ubi/fastmap.c | 7 +- drivers/mtd/ubi/vtbl.c | 6 + drivers/net/ethernet/freescale/fec_main.c | 11 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_trace.h | 8 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_trace.h | 8 +- drivers/net/ethernet/intel/i40e/i40e.h | 6 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 14 +- drivers/net/ethernet/intel/i40e/i40e_ptp.c | 6 +- drivers/net/ethernet/intel/i40e/i40e_register.h | 3 + drivers/net/ethernet/intel/i40e/i40e_txrx.c | 82 +- drivers/net/ethernet/intel/i40e/i40e_txrx.h | 5 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 34 +- drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 16 +- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 + .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 2 +- .../net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 2 +- .../ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c | 31 +- drivers/net/ethernet/realtek/r8169_main.c | 11 +- drivers/net/ethernet/renesas/ravb_main.c | 8 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 40 +- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 38 +- drivers/net/ethernet/xilinx/ll_temac_main.c | 2 +- drivers/net/usb/asix.h | 3 + drivers/net/usb/asix_devices.c | 20 +- drivers/net/wireguard/netlink.c | 10 +- .../broadcom/brcm80211/brcmfmac/cfg80211.c | 4 +- drivers/net/wireless/intel/iwlwifi/mvm/rfi.c | 12 +- drivers/net/xen-netfront.c | 1 + drivers/nvme/host/core.c | 6 +- drivers/nvmem/meson-efuse.c | 25 +- drivers/of/dynamic.c | 12 + drivers/pci/controller/dwc/pcie-designware-ep.c | 7 +- drivers/pci/pci-driver.c | 23 +- drivers/pci/pcie/dpc.c | 15 +- drivers/pci/pcie/err.c | 20 + drivers/pci/quirks.c | 100 ++ drivers/pci/setup-res.c | 8 +- drivers/phy/tegra/xusb.c | 13 + drivers/s390/crypto/zcrypt_api.c | 2 + drivers/s390/net/qeth_core_main.c | 38 +- drivers/scsi/hosts.c | 7 +- drivers/scsi/lpfc/lpfc_nvmet.c | 2 +- drivers/scsi/myrb.c | 20 +- drivers/scsi/myrs.c | 24 +- drivers/scsi/qla2xxx/qla_attr.c | 14 +- drivers/scsi/qla2xxx/qla_def.h | 2 +- drivers/scsi/qla2xxx/qla_gbl.h | 2 +- drivers/scsi/qla2xxx/qla_gs.c | 2 +- drivers/scsi/qla2xxx/qla_init.c | 128 +-- drivers/scsi/qla2xxx/qla_iocb.c | 68 +- drivers/scsi/qla2xxx/qla_mbx.c | 2 +- drivers/scsi/qla2xxx/qla_os.c | 2 +- drivers/scsi/qla2xxx/qla_target.c | 10 + drivers/slimbus/core.c | 4 +- drivers/soc/fsl/qbman/qman.c | 98 +- drivers/staging/media/ipu3/ipu3-v4l2.c | 16 +- .../staging/vc04_services/vchiq-mmal/mmal-vchiq.c | 5 +- drivers/tee/optee/device.c | 3 +- drivers/thermal/devfreq_cooling.c | 2 +- drivers/tty/serial/8250/8250_port.c | 6 - drivers/tty/serial/fsl_lpuart.c | 7 +- drivers/tty/serial/imx.c | 22 +- drivers/tty/serial/sc16is7xx.c | 15 +- drivers/tty/serial/serial_core.c | 12 + drivers/tty/vt/vt.c | 2 +- drivers/usb/class/cdc-wdm.c | 6 +- drivers/usb/core/hub.c | 23 +- drivers/usb/core/hub.h | 2 + drivers/usb/core/port.c | 5 +- drivers/usb/core/sysfs.c | 16 +- drivers/usb/dwc2/core.h | 14 + drivers/usb/dwc2/core_intr.c | 72 +- drivers/usb/dwc2/gadget.c | 10 + drivers/usb/dwc2/hcd.c | 49 +- drivers/usb/dwc2/hcd_ddma.c | 17 +- drivers/usb/dwc2/hw.h | 2 +- drivers/usb/dwc2/platform.c | 2 +- drivers/usb/gadget/function/f_ncm.c | 2 +- drivers/usb/gadget/udc/core.c | 4 +- drivers/usb/gadget/udc/tegra-xudc.c | 39 +- drivers/usb/host/xhci.c | 2 + drivers/usb/phy/phy-generic.c | 7 - drivers/usb/serial/cp210x.c | 4 + drivers/usb/serial/ftdi_sio.c | 2 + drivers/usb/serial/ftdi_sio_ids.h | 6 + drivers/usb/serial/option.c | 6 + drivers/usb/storage/isd200.c | 23 +- drivers/usb/storage/scsiglue.c | 1 - drivers/usb/storage/uas.c | 81 +- drivers/usb/storage/usb.c | 4 +- drivers/usb/typec/ucsi/ucsi.c | 42 +- drivers/usb/typec/ucsi/ucsi.h | 4 +- drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c | 7 +- drivers/vfio/pci/vfio_pci_intrs.c | 188 +-- drivers/vfio/platform/vfio_platform_irq.c | 106 +- drivers/vfio/virqfd.c | 21 + drivers/xen/events/events_base.c | 5 +- fs/Kconfig | 2 +- fs/aio.c | 8 +- fs/btrfs/scrub.c | 12 +- fs/btrfs/volumes.c | 2 +- fs/cifs/connect.c | 2 +- fs/exec.c | 1 + fs/exportfs/expfs.c | 8 +- fs/ext4/mballoc.c | 17 +- fs/ext4/resize.c | 3 +- fs/ext4/super.c | 10 +- fs/fat/nfs.c | 6 + fs/fuse/dir.c | 4 + fs/fuse/fuse_i.h | 1 - fs/fuse/inode.c | 7 +- fs/ksmbd/smb2pdu.c | 10 +- fs/lockd/host.c | 2 +- fs/lockd/svc.c | 223 ++-- fs/lockd/svc4proc.c | 29 +- fs/lockd/svclock.c | 31 +- fs/lockd/svcproc.c | 30 +- fs/lockd/svcsubs.c | 4 +- fs/lockd/xdr.c | 152 ++- fs/lockd/xdr4.c | 153 ++- fs/locks.c | 85 +- fs/nfs/callback.c | 96 +- fs/nfs/callback_xdr.c | 5 +- fs/nfs/direct.c | 11 +- fs/nfs/export.c | 9 +- fs/nfs/nfs4state.c | 2 +- fs/nfs/nfs4trace.h | 477 +------- fs/nfs/nfstrace.h | 269 +---- fs/nfs/pnfs.h | 4 - fs/nfs/write.c | 2 +- fs/nfsd/Kconfig | 27 +- fs/nfsd/Makefile | 8 +- fs/nfsd/acl.h | 6 +- fs/nfsd/blocklayout.c | 1 + fs/nfsd/blocklayoutxdr.c | 1 + fs/nfsd/cache.h | 2 +- fs/nfsd/export.h | 1 - fs/nfsd/filecache.c | 1192 +++++++++++--------- fs/nfsd/filecache.h | 19 +- fs/nfsd/flexfilelayout.c | 3 +- fs/nfsd/lockd.c | 2 +- fs/nfsd/netns.h | 34 +- fs/nfsd/nfs2acl.c | 55 +- fs/nfsd/nfs3acl.c | 83 +- fs/nfsd/nfs3proc.c | 212 +++- fs/nfsd/nfs3xdr.c | 444 +++----- fs/nfsd/nfs4acl.c | 46 +- fs/nfsd/nfs4callback.c | 125 +- fs/nfsd/nfs4idmap.c | 9 +- fs/nfsd/nfs4layouts.c | 4 +- fs/nfsd/nfs4proc.c | 986 +++++++++------- fs/nfsd/nfs4recover.c | 12 +- fs/nfsd/nfs4state.c | 1049 +++++++++++++---- fs/nfsd/nfs4xdr.c | 1115 +++++++++--------- fs/nfsd/nfscache.c | 63 +- fs/nfsd/nfsctl.c | 146 ++- fs/nfsd/nfsd.h | 35 +- fs/nfsd/nfsfh.c | 264 ++--- fs/nfsd/nfsfh.h | 145 ++- fs/nfsd/nfsproc.c | 121 +- fs/nfsd/nfssvc.c | 263 ++--- fs/nfsd/nfsxdr.c | 178 ++- fs/nfsd/state.h | 59 +- fs/nfsd/stats.c | 16 +- fs/nfsd/stats.h | 4 +- fs/nfsd/trace.h | 692 ++++++++++-- fs/nfsd/vfs.c | 822 +++++++------- fs/nfsd/vfs.h | 56 +- fs/nfsd/xdr.h | 35 +- fs/nfsd/xdr3.h | 61 +- fs/nfsd/xdr4.h | 81 +- fs/nfsd/xdr4cb.h | 6 + fs/nilfs2/btree.c | 9 +- fs/nilfs2/direct.c | 9 +- fs/nilfs2/inode.c | 2 +- fs/notify/dnotify/dnotify.c | 15 +- fs/notify/fanotify/fanotify.c | 363 ++++-- fs/notify/fanotify/fanotify.h | 212 +++- fs/notify/fanotify/fanotify_user.c | 441 ++++++-- fs/notify/fdinfo.c | 16 +- fs/notify/fsnotify.c | 177 +-- fs/notify/fsnotify.h | 4 - fs/notify/group.c | 36 +- fs/notify/inotify/inotify.h | 11 +- fs/notify/inotify/inotify_fsnotify.c | 7 +- fs/notify/inotify/inotify_user.c | 53 +- fs/notify/mark.c | 137 ++- fs/notify/notification.c | 14 +- fs/open.c | 42 + fs/pipe.c | 17 +- fs/ubifs/file.c | 13 +- fs/vboxsf/super.c | 3 +- include/asm-generic/vmlinux.lds.h | 4 +- include/linux/cpu.h | 2 + include/linux/device.h | 1 + include/linux/dma-map-ops.h | 1 + include/linux/dma-mapping.h | 5 + include/linux/dnotify.h | 2 +- include/linux/exportfs.h | 17 +- include/linux/fanotify.h | 31 +- include/linux/fs.h | 26 + include/linux/fsnotify.h | 70 +- include/linux/fsnotify_backend.h | 356 +++++- include/linux/gfp.h | 9 + include/linux/hyperv.h | 22 +- include/linux/iova.h | 2 + include/linux/kthread.h | 1 + include/linux/linkage.h | 4 +- include/linux/lockd/lockd.h | 10 +- include/linux/lockd/xdr.h | 27 +- include/linux/lockd/xdr4.h | 29 +- include/linux/minmax.h | 17 + include/linux/module.h | 6 +- include/linux/nfs.h | 8 - include/linux/nfs4.h | 17 + include/linux/nfs_fs.h | 1 + include/linux/nfs_ssc.h | 4 +- include/linux/pci.h | 1 + include/linux/phy/tegra/xusb.h | 1 + include/linux/ring_buffer.h | 1 + include/linux/secretmem.h | 4 +- include/linux/sunrpc/svc.h | 93 +- include/linux/sunrpc/svc_xprt.h | 11 +- include/linux/sunrpc/svcsock.h | 7 +- include/linux/sunrpc/xdr.h | 2 + include/linux/timer.h | 18 +- include/linux/udp.h | 28 + include/linux/vfio.h | 2 + include/net/cfg802154.h | 1 + include/net/inet_connection_sock.h | 1 + include/net/sock.h | 7 + include/soc/fsl/qman.h | 9 + include/trace/events/rpcgss.h | 18 +- include/trace/events/rpcrdma.h | 44 +- include/trace/events/sunrpc.h | 74 +- include/trace/misc/fs.h | 122 ++ include/trace/misc/nfs.h | 387 +++++++ include/trace/{events => misc}/rdma.h | 0 include/trace/misc/sunrpc.h | 18 + include/uapi/linux/fanotify.h | 29 + include/uapi/linux/nfsd/nfsfh.h | 115 -- init/initramfs.c | 2 +- io_uring/io_uring.c | 2 +- kernel/audit_fsnotify.c | 8 +- kernel/audit_tree.c | 2 +- kernel/audit_watch.c | 5 +- kernel/bounds.c | 2 +- kernel/bpf/verifier.c | 5 + kernel/dma/mapping.c | 12 + kernel/dma/swiotlb.c | 11 +- kernel/entry/common.c | 8 +- kernel/events/core.c | 9 + kernel/kthread.c | 23 +- kernel/locking/rwsem.c | 14 +- kernel/module.c | 8 +- kernel/power/suspend.c | 1 + kernel/printk/printk.c | 63 +- kernel/time/timer.c | 160 +-- kernel/trace/ring_buffer.c | 233 ++-- kernel/trace/trace.c | 21 +- lib/Kconfig.debug | 1 + lib/pci_iomap.c | 2 +- lib/test_kasan.c | 21 +- mm/compaction.c | 7 +- mm/memtest.c | 4 +- mm/migrate.c | 6 +- mm/page_alloc.c | 10 +- mm/swapfile.c | 25 +- mm/vmscan.c | 5 +- net/bluetooth/bnep/core.c | 2 +- net/bluetooth/cmtp/core.c | 2 +- net/bluetooth/hci_debugfs.c | 64 +- net/bluetooth/hci_event.c | 25 + net/bluetooth/hidp/core.c | 2 +- net/bridge/netfilter/ebtables.c | 6 + net/core/skbuff.c | 6 +- net/core/sock_map.c | 6 + net/ipv4/inet_connection_sock.c | 14 + net/ipv4/ip_gre.c | 5 + net/ipv4/netfilter/arp_tables.c | 4 + net/ipv4/netfilter/ip_tables.c | 4 + net/ipv4/tcp.c | 2 + net/ipv4/udp.c | 7 + net/ipv4/udp_offload.c | 20 +- net/ipv6/ip6_fib.c | 14 +- net/ipv6/ip6_gre.c | 3 + net/ipv6/netfilter/ip6_tables.c | 4 + net/ipv6/udp.c | 2 +- net/ipv6/udp_offload.c | 8 +- net/mac80211/cfg.c | 5 +- net/mac802154/llsec.c | 18 +- net/mptcp/protocol.c | 3 - net/mptcp/subflow.c | 3 + net/netfilter/nf_tables_api.c | 20 +- net/nfc/nci/core.c | 5 + net/rds/rdma.c | 2 +- net/sched/act_skbmod.c | 10 +- net/sunrpc/svc.c | 227 ++-- net/sunrpc/svc_xprt.c | 68 +- net/sunrpc/svcsock.c | 24 +- net/sunrpc/xdr.c | 22 + net/sunrpc/xprtrdma/svc_rdma_backchannel.c | 2 +- net/xfrm/xfrm_user.c | 3 + scripts/Makefile.extrawarn | 2 + security/landlock/syscalls.c | 18 +- security/smack/smack_lsm.c | 12 +- sound/pci/hda/patch_realtek.c | 9 +- sound/sh/aica.c | 17 +- sound/soc/codecs/rt5682-sdw.c | 4 +- sound/soc/codecs/rt711-sdca-sdw.c | 4 +- sound/soc/codecs/rt711-sdw.c | 4 +- sound/soc/soc-ops.c | 2 +- tools/objtool/check.c | 3 +- tools/testing/selftests/mqueue/setting | 1 + tools/testing/selftests/net/mptcp/diag.sh | 6 +- tools/testing/selftests/net/mptcp/mptcp_connect.sh | 7 + tools/testing/selftests/net/reuseaddr_conflict.c | 2 +- tools/testing/selftests/net/udpgro_fwd.sh | 10 +- virt/kvm/async_pf.c | 31 +- 445 files changed, 11948 insertions(+), 6886 deletions(-)

1 year, 2 months

1
0
0 0

[tip: timers/urgent] selftests/timers/posix_timers: Reimplement check_timer_distribution()

by tip-bot2 for Oleg Nesterov

The following commit has been merged into the timers/urgent branch of tip: Commit-ID: 6d029c25b71f2de2838a6f093ce0fa0e69336154 Gitweb: https://git.kernel.org/tip/6d029c25b71f2de2838a6f093ce0fa0e69336154 Author: Oleg Nesterov <oleg(a)redhat.com> AuthorDate: Tue, 09 Apr 2024 15:38:03 +02:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Tue, 09 Apr 2024 17:48:19 +02:00 selftests/timers/posix_timers: Reimplement check_timer_distribution() check_timer_distribution() runs ten threads in a busy loop and tries to test that the kernel distributes a process posix CPU timer signal to every thread over time. There is not guarantee that this is true even after commit bcb7ee79029d ("posix-timers: Prefer delivery of signals to the current thread") because that commit only avoids waking up the sleeping process leader thread, but that has nothing to do with the actual signal delivery. As the signal is process wide the first thread which observes sigpending and wins the race to lock sighand will deliver the signal. Testing shows that this hangs on a regular base because some threads never win the race. The comment "This primarily tests that the kernel does not favour any one." is wrong. The kernel does favour a thread which hits the timer interrupt when CLOCK_PROCESS_CPUTIME_ID expires. Rewrite the test so it only checks that the group leader sleeping in join() never receives SIGALRM and the thread which burns CPU cycles receives all signals. In older kernels which do not have commit bcb7ee79029d ("posix-timers: Prefer delivery of signals to the current thread") the test-case fails immediately, the very 1st tick wakes the leader up. Otherwise it quickly succeeds after 100 ticks. CI testing wants to use newer selftest versions on stable kernels. In this case the test is guaranteed to fail. So check in the failure case whether the kernel version is less than v6.3 and skip the test result in that case. [ tglx: Massaged change log, renamed the version check helper ] Fixes: e797203fb3ba ("selftests/timers/posix_timers: Test delivery of signals across threads") Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240409133802.GD29396@redhat.com --- tools/testing/selftests/kselftest.h | 13 ++- tools/testing/selftests/timers/posix_timers.c | 103 +++++++---------- 2 files changed, 60 insertions(+), 56 deletions(-) diff --git a/tools/testing/selftests/kselftest.h b/tools/testing/selftests/kselftest.h index 541bf19..973b18e 100644 --- a/tools/testing/selftests/kselftest.h +++ b/tools/testing/selftests/kselftest.h @@ -51,6 +51,7 @@ #include <stdarg.h> #include <string.h> #include <stdio.h> +#include <sys/utsname.h> #endif #ifndef ARRAY_SIZE @@ -388,4 +389,16 @@ static inline __printf(1, 2) int ksft_exit_skip(const char *msg, ...) exit(KSFT_SKIP); } +static inline int ksft_min_kernel_version(unsigned int min_major, + unsigned int min_minor) +{ + unsigned int major, minor; + struct utsname info; + + if (uname(&info) || sscanf(info.release, "%u.%u.", &major, &minor) != 2) + ksft_exit_fail_msg("Can't parse kernel version\n"); + + return major > min_major || (major == min_major && minor >= min_minor); +} + #endif /* __KSELFTEST_H */ diff --git a/tools/testing/selftests/timers/posix_timers.c b/tools/testing/selftests/timers/posix_timers.c index d49dd3f..d86a0e0 100644 --- a/tools/testing/selftests/timers/posix_timers.c +++ b/tools/testing/selftests/timers/posix_timers.c @@ -184,80 +184,71 @@ static int check_timer_create(int which) return 0; } -int remain; -__thread int got_signal; +static pthread_t ctd_thread; +static volatile int ctd_count, ctd_failed; -static void *distribution_thread(void *arg) +static void ctd_sighandler(int sig) { - while (__atomic_load_n(&remain, __ATOMIC_RELAXED)); - return NULL; + if (pthread_self() != ctd_thread) + ctd_failed = 1; + ctd_count--; } -static void distribution_handler(int nr) +static void *ctd_thread_func(void *arg) { - if (!__atomic_exchange_n(&got_signal, 1, __ATOMIC_RELAXED)) - __atomic_fetch_sub(&remain, 1, __ATOMIC_RELAXED); -} - -/* - * Test that all running threads _eventually_ receive CLOCK_PROCESS_CPUTIME_ID - * timer signals. This primarily tests that the kernel does not favour any one. - */ -static int check_timer_distribution(void) -{ - int err, i; - timer_t id; - const int nthreads = 10; - pthread_t threads[nthreads]; struct itimerspec val = { .it_value.tv_sec = 0, .it_value.tv_nsec = 1000 * 1000, .it_interval.tv_sec = 0, .it_interval.tv_nsec = 1000 * 1000, }; + timer_t id; - remain = nthreads + 1; /* worker threads + this thread */ - signal(SIGALRM, distribution_handler); - err = timer_create(CLOCK_PROCESS_CPUTIME_ID, NULL, &id); - if (err < 0) { - ksft_perror("Can't create timer"); - return -1; - } - err = timer_settime(id, 0, &val, NULL); - if (err < 0) { - ksft_perror("Can't set timer"); - return -1; - } + /* 1/10 seconds to ensure the leader sleeps */ + usleep(10000); - for (i = 0; i < nthreads; i++) { - err = pthread_create(&threads[i], NULL, distribution_thread, - NULL); - if (err) { - ksft_print_msg("Can't create thread: %s (%d)\n", - strerror(errno), errno); - return -1; - } - } + ctd_count = 100; + if (timer_create(CLOCK_PROCESS_CPUTIME_ID, NULL, &id)) + return "Can't create timer\n"; + if (timer_settime(id, 0, &val, NULL)) + return "Can't set timer\n"; - /* Wait for all threads to receive the signal. */ - while (__atomic_load_n(&remain, __ATOMIC_RELAXED)); + while (ctd_count > 0 && !ctd_failed) + ; - for (i = 0; i < nthreads; i++) { - err = pthread_join(threads[i], NULL); - if (err) { - ksft_print_msg("Can't join thread: %s (%d)\n", - strerror(errno), errno); - return -1; - } - } + if (timer_delete(id)) + return "Can't delete timer\n"; - if (timer_delete(id)) { - ksft_perror("Can't delete timer"); - return -1; - } + return NULL; +} + +/* + * Test that only the running thread receives the timer signal. + */ +static int check_timer_distribution(void) +{ + const char *errmsg; - ksft_test_result_pass("check_timer_distribution\n"); + signal(SIGALRM, ctd_sighandler); + + errmsg = "Can't create thread\n"; + if (pthread_create(&ctd_thread, NULL, ctd_thread_func, NULL)) + goto err; + + errmsg = "Can't join thread\n"; + if (pthread_join(ctd_thread, (void **)&errmsg) || errmsg) + goto err; + + if (!ctd_failed) + ksft_test_result_pass("check signal distribution\n"); + else if (ksft_min_kernel_version(6, 3)) + ksft_test_result_fail("check signal distribution\n"); + else + ksft_test_result_skip("check signal distribution (old kernel)\n"); return 0; +err: + ksft_print_msg(errmsg); + return -1; } int main(int argc, char **argv)

1 year, 2 months

1
0
0 0

[PATCH 3/5] drm/vmwgfx: Fix prime import/export

by Zack Rusin

vmwgfx never supported prime import of external buffers. Furthermore the driver exposes two different objects to userspace: vmw_surface's and gem buffers but prime import/export only worked with vmw_surfaces. Because gem buffers are used through the dumb_buffer interface this meant that the driver created buffers couldn't have been prime exported or imported. Fix prime import/export. Makes IGT's kms_prime pass. Signed-off-by: Zack Rusin <zack.rusin(a)broadcom.com> Fixes: 8afa13a0583f ("drm/vmwgfx: Implement DRIVER_GEM") Cc: <stable(a)vger.kernel.org> # v6.6+ --- drivers/gpu/drm/vmwgfx/vmwgfx_blit.c | 35 +++++++++++++++-- drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 7 ++-- drivers/gpu/drm/vmwgfx/vmwgfx_bo.h | 2 + drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 1 + drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 3 ++ drivers/gpu/drm/vmwgfx/vmwgfx_gem.c | 32 ++++++++++++++++ drivers/gpu/drm/vmwgfx/vmwgfx_prime.c | 15 +++++++- drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c | 44 +++++++++++++++------- 8 files changed, 117 insertions(+), 22 deletions(-) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_blit.c b/drivers/gpu/drm/vmwgfx/vmwgfx_blit.c index c52c7bf1485b..717d624e9a05 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_blit.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_blit.c @@ -456,8 +456,10 @@ int vmw_bo_cpu_blit(struct ttm_buffer_object *dst, .no_wait_gpu = false }; u32 j, initial_line = dst_offset / dst_stride; - struct vmw_bo_blit_line_data d; + struct vmw_bo_blit_line_data d = {0}; int ret = 0; + struct page **dst_pages = NULL; + struct page **src_pages = NULL; /* Buffer objects need to be either pinned or reserved: */ if (!(dst->pin_count)) @@ -477,12 +479,35 @@ int vmw_bo_cpu_blit(struct ttm_buffer_object *dst, return ret; } + if (!src->ttm->pages && src->ttm->sg) { + src_pages = kvmalloc_array(src->ttm->num_pages, + sizeof(struct page *), GFP_KERNEL); + if (!src_pages) + return -ENOMEM; + ret = drm_prime_sg_to_page_array(src->ttm->sg, src_pages, + src->ttm->num_pages); + if (ret) + goto out; + } + if (!dst->ttm->pages && dst->ttm->sg) { + dst_pages = kvmalloc_array(dst->ttm->num_pages, + sizeof(struct page *), GFP_KERNEL); + if (!dst_pages) { + ret = -ENOMEM; + goto out; + } + ret = drm_prime_sg_to_page_array(dst->ttm->sg, dst_pages, + dst->ttm->num_pages); + if (ret) + goto out; + } + d.mapped_dst = 0; d.mapped_src = 0; d.dst_addr = NULL; d.src_addr = NULL; - d.dst_pages = dst->ttm->pages; - d.src_pages = src->ttm->pages; + d.dst_pages = dst->ttm->pages ? dst->ttm->pages : dst_pages; + d.src_pages = src->ttm->pages ? src->ttm->pages : src_pages; d.dst_num_pages = PFN_UP(dst->resource->size); d.src_num_pages = PFN_UP(src->resource->size); d.dst_prot = ttm_io_prot(dst, dst->resource, PAGE_KERNEL); @@ -504,6 +529,10 @@ int vmw_bo_cpu_blit(struct ttm_buffer_object *dst, kunmap_atomic(d.src_addr); if (d.dst_addr) kunmap_atomic(d.dst_addr); + if (src_pages) + kvfree(src_pages); + if (dst_pages) + kvfree(dst_pages); return ret; } diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c index bfd41ce3c8f4..e5eb21a471a6 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c @@ -377,7 +377,8 @@ static int vmw_bo_init(struct vmw_private *dev_priv, { struct ttm_operation_ctx ctx = { .interruptible = params->bo_type != ttm_bo_type_kernel, - .no_wait_gpu = false + .no_wait_gpu = false, + .resv = params->resv, }; struct ttm_device *bdev = &dev_priv->bdev; struct drm_device *vdev = &dev_priv->drm; @@ -394,8 +395,8 @@ static int vmw_bo_init(struct vmw_private *dev_priv, vmw_bo_placement_set(vmw_bo, params->domain, params->busy_domain); ret = ttm_bo_init_reserved(bdev, &vmw_bo->tbo, params->bo_type, - &vmw_bo->placement, 0, &ctx, NULL, - NULL, destroy); + &vmw_bo->placement, 0, &ctx, + params->sg, params->resv, destroy); if (unlikely(ret)) return ret; diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h index 0d496dc9c6af..f349642e6190 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h @@ -55,6 +55,8 @@ struct vmw_bo_params { enum ttm_bo_type bo_type; size_t size; bool pin; + struct dma_resv *resv; + struct sg_table *sg; }; /** diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c index 89d3679d2608..41ad13e45554 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c @@ -1631,6 +1631,7 @@ static const struct drm_driver driver = { .prime_fd_to_handle = vmw_prime_fd_to_handle, .prime_handle_to_fd = vmw_prime_handle_to_fd, + .gem_prime_import_sg_table = vmw_prime_import_sg_table, .fops = &vmwgfx_driver_fops, .name = VMWGFX_DRIVER_NAME, diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h index ddbceaa31b59..4ecaea0026fc 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h @@ -1107,6 +1107,9 @@ extern int vmw_prime_handle_to_fd(struct drm_device *dev, struct drm_file *file_priv, uint32_t handle, uint32_t flags, int *prime_fd); +struct drm_gem_object *vmw_prime_import_sg_table(struct drm_device *dev, + struct dma_buf_attachment *attach, + struct sg_table *table); /* * MemoryOBject management - vmwgfx_mob.c diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_gem.c b/drivers/gpu/drm/vmwgfx/vmwgfx_gem.c index 186150f41fbc..2132a8ad8c0c 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_gem.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_gem.c @@ -136,6 +136,38 @@ int vmw_gem_object_create_with_handle(struct vmw_private *dev_priv, return ret; } +struct drm_gem_object *vmw_prime_import_sg_table(struct drm_device *dev, + struct dma_buf_attachment *attach, + struct sg_table *table) +{ + int ret; + struct vmw_private *dev_priv = vmw_priv(dev); + struct drm_gem_object *gem = NULL; + struct vmw_bo *vbo; + struct vmw_bo_params params = { + .domain = (dev_priv->has_mob) ? VMW_BO_DOMAIN_SYS : VMW_BO_DOMAIN_VRAM, + .busy_domain = VMW_BO_DOMAIN_SYS, + .bo_type = ttm_bo_type_sg, + .size = attach->dmabuf->size, + .pin = false, + .resv = attach->dmabuf->resv, + .sg = table, + + }; + + dma_resv_lock(params.resv, NULL); + + ret = vmw_bo_create(dev_priv, &params, &vbo); + if (ret != 0) + goto out_no_bo; + + vbo->tbo.base.funcs = &vmw_gem_object_funcs; + + gem = &vbo->tbo.base; +out_no_bo: + dma_resv_unlock(params.resv); + return gem; +} int vmw_gem_object_create_ioctl(struct drm_device *dev, void *data, struct drm_file *filp) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_prime.c b/drivers/gpu/drm/vmwgfx/vmwgfx_prime.c index 2d72a5ee7c0c..c99cad444991 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_prime.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_prime.c @@ -75,8 +75,12 @@ int vmw_prime_fd_to_handle(struct drm_device *dev, int fd, u32 *handle) { struct ttm_object_file *tfile = vmw_fpriv(file_priv)->tfile; + int ret = ttm_prime_fd_to_handle(tfile, fd, handle); - return ttm_prime_fd_to_handle(tfile, fd, handle); + if (ret) + ret = drm_gem_prime_fd_to_handle(dev, file_priv, fd, handle); + + return ret; } int vmw_prime_handle_to_fd(struct drm_device *dev, @@ -85,5 +89,12 @@ int vmw_prime_handle_to_fd(struct drm_device *dev, int *prime_fd) { struct ttm_object_file *tfile = vmw_fpriv(file_priv)->tfile; - return ttm_prime_handle_to_fd(tfile, handle, flags, prime_fd); + int ret; + + if (handle > VMWGFX_NUM_MOB) + ret = ttm_prime_handle_to_fd(tfile, handle, flags, prime_fd); + else + ret = drm_gem_prime_handle_to_fd(dev, file_priv, handle, flags, prime_fd); + + return ret; } diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c index 4d23d0a70bcb..621d98b376bb 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ttm_buffer.c @@ -188,13 +188,18 @@ static int vmw_ttm_map_dma(struct vmw_ttm_tt *vmw_tt) switch (dev_priv->map_mode) { case vmw_dma_map_bind: case vmw_dma_map_populate: - vsgt->sgt = &vmw_tt->sgt; - ret = sg_alloc_table_from_pages_segment( - &vmw_tt->sgt, vsgt->pages, vsgt->num_pages, 0, - (unsigned long)vsgt->num_pages << PAGE_SHIFT, - dma_get_max_seg_size(dev_priv->drm.dev), GFP_KERNEL); - if (ret) - goto out_sg_alloc_fail; + if (vmw_tt->dma_ttm.page_flags & TTM_TT_FLAG_EXTERNAL) { + vsgt->sgt = vmw_tt->dma_ttm.sg; + } else { + vsgt->sgt = &vmw_tt->sgt; + ret = sg_alloc_table_from_pages_segment(&vmw_tt->sgt, + vsgt->pages, vsgt->num_pages, 0, + (unsigned long)vsgt->num_pages << PAGE_SHIFT, + dma_get_max_seg_size(dev_priv->drm.dev), + GFP_KERNEL); + if (ret) + goto out_sg_alloc_fail; + } ret = vmw_ttm_map_for_dma(vmw_tt); if (unlikely(ret != 0)) @@ -209,8 +214,9 @@ static int vmw_ttm_map_dma(struct vmw_ttm_tt *vmw_tt) return 0; out_map_fail: - sg_free_table(vmw_tt->vsgt.sgt); - vmw_tt->vsgt.sgt = NULL; + drm_warn(&dev_priv->drm, "VSG table map failed!"); + sg_free_table(vsgt->sgt); + vsgt->sgt = NULL; out_sg_alloc_fail: return ret; } @@ -356,15 +362,17 @@ static void vmw_ttm_destroy(struct ttm_device *bdev, struct ttm_tt *ttm) static int vmw_ttm_populate(struct ttm_device *bdev, struct ttm_tt *ttm, struct ttm_operation_ctx *ctx) { - int ret; + bool external = (ttm->page_flags & TTM_TT_FLAG_EXTERNAL) != 0; - /* TODO: maybe completely drop this ? */ if (ttm_tt_is_populated(ttm)) return 0; - ret = ttm_pool_alloc(&bdev->pool, ttm, ctx); + if (external && ttm->sg) + return drm_prime_sg_to_dma_addr_array(ttm->sg, + ttm->dma_address, + ttm->num_pages); - return ret; + return ttm_pool_alloc(&bdev->pool, ttm, ctx); } static void vmw_ttm_unpopulate(struct ttm_device *bdev, @@ -372,6 +380,10 @@ static void vmw_ttm_unpopulate(struct ttm_device *bdev, { struct vmw_ttm_tt *vmw_tt = container_of(ttm, struct vmw_ttm_tt, dma_ttm); + bool external = (ttm->page_flags & TTM_TT_FLAG_EXTERNAL) != 0; + + if (external) + return; vmw_ttm_unbind(bdev, ttm); @@ -390,6 +402,7 @@ static struct ttm_tt *vmw_ttm_tt_create(struct ttm_buffer_object *bo, { struct vmw_ttm_tt *vmw_be; int ret; + bool external = bo->type == ttm_bo_type_sg; vmw_be = kzalloc(sizeof(*vmw_be), GFP_KERNEL); if (!vmw_be) @@ -398,7 +411,10 @@ static struct ttm_tt *vmw_ttm_tt_create(struct ttm_buffer_object *bo, vmw_be->dev_priv = vmw_priv_from_ttm(bo->bdev); vmw_be->mob = NULL; - if (vmw_be->dev_priv->map_mode == vmw_dma_alloc_coherent) + if (external) + page_flags |= TTM_TT_FLAG_EXTERNAL | TTM_TT_FLAG_EXTERNAL_MAPPABLE; + + if (vmw_be->dev_priv->map_mode == vmw_dma_alloc_coherent || external) ret = ttm_sg_tt_init(&vmw_be->dma_ttm, bo, page_flags, ttm_cached); else -- 2.40.1

1 year, 2 months

2
1
0 0

[PATCH 4/5] drm/vmwgfx: Fix crtc's atomic check conditional

by Zack Rusin

The conditional was supposed to prevent enabling of a crtc state without a set primary plane. Accidently it also prevented disabling crtc state with a set primary plane. Neither is correct. Fix the conditional and just driver-warn when a crtc state has been enabled without a primary plane which will help debug broken userspace. Fixes IGT's kms_atomic_interruptible and kms_atomic_transition tests. Signed-off-by: Zack Rusin <zack.rusin(a)broadcom.com> Fixes: 06ec41909e31 ("drm/vmwgfx: Add and connect CRTC helper functions") Cc: Broadcom internal kernel review list <bcm-kernel-feedback-list(a)broadcom.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v4.12+ --- drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c index e33e5993d8fc..13b2820cae51 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c @@ -931,6 +931,7 @@ int vmw_du_cursor_plane_atomic_check(struct drm_plane *plane, int vmw_du_crtc_atomic_check(struct drm_crtc *crtc, struct drm_atomic_state *state) { + struct vmw_private *vmw = vmw_priv(crtc->dev); struct drm_crtc_state *new_state = drm_atomic_get_new_crtc_state(state, crtc); struct vmw_display_unit *du = vmw_crtc_to_du(new_state->crtc); @@ -938,9 +939,13 @@ int vmw_du_crtc_atomic_check(struct drm_crtc *crtc, bool has_primary = new_state->plane_mask & drm_plane_mask(crtc->primary); - /* We always want to have an active plane with an active CRTC */ - if (has_primary != new_state->enable) - return -EINVAL; + /* + * This is fine in general, but broken userspace might expect + * some actual rendering so give a clue as why it's blank. + */ + if (new_state->enable && !has_primary) + drm_dbg_driver(&vmw->drm, + "CRTC without a primary plane will be blank.\n"); if (new_state->connector_mask != connector_mask && -- 2.40.1

1 year, 2 months

3
2
0 0

[bug report] nvme not re-recognize when changed M.2 SSD in S3 mode

by Ricky WU

Hi All, Here is my PC info OS Name : Ubuntu 20.04.06 LTS OS Type : 64-bit Kernel version: 6.8.0 System sleep support: cat /sys/power/mem_sleep s2idle [deep] M.2 SSD1 : Kingston A2000 250GB M.2 SSD2 : Intel 760p 256GB I find some problem in S3 mode maybe S2idle has the same situation. The current situation is: Enter S3 mode I unplugged a correctly recognized Kingston A2000 250GB and switched it for a Intel 760p 256GB, when back to S0 there is also Kingston A2000 still installed. It did not call pciehp_ist(), pciehp_handle_presence_or_link_change() when back to S0, I don't know if this is the reason. Back to S3 lspci: ------------------------------------------------------------------------------------------------------------------------------------------- 00:00.0 Host bridge: Intel Corporation Device 3e0f (rev 07) 00:02.0 VGA compatible controller: Intel Corporation Device 3e90 00:12.0 Signal processing controller: Intel Corporation Cannon Lake PCH Thermal Controller (rev 10) 00:14.0 USB controller: Intel Corporation Cannon Lake PCH USB 3.1 xHCI Host Controller (rev 10) 00:14.2 RAM memory: Intel Corporation Cannon Lake PCH Shared SRAM (rev 10) 00:16.0 Communication controller: Intel Corporation Cannon Lake PCH HECI Controller (rev 10) 00:17.0 SATA controller: Intel Corporation Cannon Lake PCH SATA AHCI Controller (rev 10) 00:1b.0 PCI bridge: Intel Corporation Cannon Lake PCH PCI Express Root Port #21 (rev f0) 00:1c.0 PCI bridge: Intel Corporation Cannon Lake PCH PCI Express Root Port #5 (rev f0) 00:1d.0 PCI bridge: Intel Corporation Cannon Lake PCH PCI Express Root Port #9 (rev f0) 00:1d.3 PCI bridge: Intel Corporation Cannon Lake PCH PCI Express Root Port #12 (rev f0) 00:1f.0 ISA bridge: Intel Corporation H370 Chipset LPC/eSPI Controller (rev 10) 00:1f.3 Audio device: Intel Corporation Cannon Lake PCH cAVS (rev 10) 00:1f.4 SMBus: Intel Corporation Cannon Lake PCH SMBus Controller (rev 10) 00:1f.5 Serial bus controller [0c80]: Intel Corporation Cannon Lake PCH SPI Controller (rev 10) 00:1f.6 Ethernet controller: Intel Corporation Ethernet Connection (7) I219-V (rev 10) 04:00.0 Non-Volatile memory controller: Kingston Technology Company, Inc. Device 2263 (rev 03) ------------------------------------------------------------------------------------------------------------------------------------------- Dmesg Log as below(boot ->plug Kingston A2000->S3->change Kingston A2000 to Intel 760p->S0): [ 0.000000] Linux version 6.8.0 (root@cr-desktop) (gcc (Ubuntu 9.4.0-1ubuntu1~20.04.2) 9.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34) #30 SMP PREEMPT_DYNAMIC Mon Apr 8 14:25:58 CST 2024 [ 0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-6.8.0 root=UUID=74fe52d0-e90f-4b0a-92f4-581b5fa98519 ro quiet splash resume=UUID=74fe52d0-e90f-4b0a-92f4-581b5fa98519 resume_offset=2172927 resumedelay=15 vt.handoff=7 [ 0.000000] KERNEL supported cpus: [ 0.000000] Intel GenuineIntel [ 0.000000] AMD AuthenticAMD [ 0.000000] Hygon HygonGenuine [ 0.000000] Centaur CentaurHauls [ 0.000000] zhaoxin Shanghai [ 0.000000] BIOS-provided physical RAM map: [ 0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000005efff] usable [ 0.000000] BIOS-e820: [mem 0x000000000005f000-0x000000000005ffff] reserved [ 0.000000] BIOS-e820: [mem 0x0000000000060000-0x000000000009ffff] usable [ 0.000000] BIOS-e820: [mem 0x00000000000a0000-0x00000000000fffff] reserved [ 0.000000] BIOS-e820: [mem 0x0000000000100000-0x000000007c764fff] usable [ 0.000000] BIOS-e820: [mem 0x000000007c765000-0x000000007dfd0fff] reserved [ 0.000000] BIOS-e820: [mem 0x000000007dfd1000-0x000000007e04dfff] ACPI data [ 0.000000] BIOS-e820: [mem 0x000000007e04e000-0x000000007e526fff] ACPI NVS [ 0.000000] BIOS-e820: [mem 0x000000007e527000-0x000000007ed0dfff] reserved [ 0.000000] BIOS-e820: [mem 0x000000007ed0e000-0x000000007ed0efff] usable [ 0.000000] BIOS-e820: [mem 0x000000007ed0f000-0x000000008fffffff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000e0000000-0x00000000efffffff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000fe000000-0x00000000fe010fff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000fec00000-0x00000000fec00fff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000fed00000-0x00000000fed03fff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000fee00000-0x00000000fee00fff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000ff000000-0x00000000ffffffff] reserved [ 0.000000] BIOS-e820: [mem 0x0000000100000000-0x000000016dffffff] usable [ 0.000000] NX (Execute Disable) protection: active [ 0.000000] APIC: Static calls initialized [ 0.000000] e820: update [mem 0x67cec018-0x67cfc057] usable ==> usable [ 0.000000] e820: update [mem 0x67cec018-0x67cfc057] usable ==> usable [ 0.000000] e820: update [mem 0x67cdb018-0x67cebe57] usable ==> usable [ 0.000000] e820: update [mem 0x67cdb018-0x67cebe57] usable ==> usable [ 0.000000] extended physical RAM map: [ 0.000000] reserve setup_data: [mem 0x0000000000000000-0x000000000005efff] usable [ 0.000000] reserve setup_data: [mem 0x000000000005f000-0x000000000005ffff] reserved [ 0.000000] reserve setup_data: [mem 0x0000000000060000-0x000000000009ffff] usable [ 0.000000] reserve setup_data: [mem 0x00000000000a0000-0x00000000000fffff] reserved [ 0.000000] reserve setup_data: [mem 0x0000000000100000-0x0000000067cdb017] usable [ 0.000000] reserve setup_data: [mem 0x0000000067cdb018-0x0000000067cebe57] usable [ 0.000000] reserve setup_data: [mem 0x0000000067cebe58-0x0000000067cec017] usable [ 0.000000] reserve setup_data: [mem 0x0000000067cec018-0x0000000067cfc057] usable [ 0.000000] reserve setup_data: [mem 0x0000000067cfc058-0x000000007c764fff] usable [ 0.000000] reserve setup_data: [mem 0x000000007c765000-0x000000007dfd0fff] reserved [ 0.000000] reserve setup_data: [mem 0x000000007dfd1000-0x000000007e04dfff] ACPI data [ 0.000000] reserve setup_data: [mem 0x000000007e04e000-0x000000007e526fff] ACPI NVS [ 0.000000] reserve setup_data: [mem 0x000000007e527000-0x000000007ed0dfff] reserved [ 0.000000] reserve setup_data: [mem 0x000000007ed0e000-0x000000007ed0efff] usable [ 0.000000] reserve setup_data: [mem 0x000000007ed0f000-0x000000008fffffff] reserved [ 0.000000] reserve setup_data: [mem 0x00000000e0000000-0x00000000efffffff] reserved [ 0.000000] reserve setup_data: [mem 0x00000000fe000000-0x00000000fe010fff] reserved [ 0.000000] reserve setup_data: [mem 0x00000000fec00000-0x00000000fec00fff] reserved [ 0.000000] reserve setup_data: [mem 0x00000000fed00000-0x00000000fed03fff] reserved [ 0.000000] reserve setup_data: [mem 0x00000000fee00000-0x00000000fee00fff] reserved [ 0.000000] reserve setup_data: [mem 0x00000000ff000000-0x00000000ffffffff] reserved [ 0.000000] reserve setup_data: [mem 0x0000000100000000-0x000000016dffffff] usable [ 0.000000] efi: EFI v2.7 by American Megatrends [ 0.000000] efi: ACPI 2.0=0x7e468000 ACPI=0x7e468000 TPMFinalLog=0x7e4d1000 SMBIOS=0x7ea7a000 SMBIOS 3.0=0x7ea79000 MEMATTR=0x79559098 ESRT=0x7adddd18 MOKvar=0x7ea92000 RNG=0x7e04d018 TPMEventLog=0x67cfd018 [ 0.000000] random: crng init done [ 0.000000] efi: Remove mem44: MMIO range=[0xe0000000-0xefffffff] (256MB) from e820 map [ 0.000000] e820: remove [mem 0xe0000000-0xefffffff] reserved [ 0.000000] efi: Not removing mem45: MMIO range=[0xfe000000-0xfe010fff] (68KB) from e820 map [ 0.000000] efi: Not removing mem46: MMIO range=[0xfec00000-0xfec00fff] (4KB) from e820 map [ 0.000000] efi: Not removing mem47: MMIO range=[0xfed00000-0xfed03fff] (16KB) from e820 map [ 0.000000] efi: Not removing mem48: MMIO range=[0xfee00000-0xfee00fff] (4KB) from e820 map [ 0.000000] efi: Remove mem49: MMIO range=[0xff000000-0xffffffff] (16MB) from e820 map [ 0.000000] e820: remove [mem 0xff000000-0xffffffff] reserved [ 0.000000] SMBIOS 3.1.1 present. [ 0.000000] DMI: To Be Filled By O.E.M. To Be Filled By O.E.M./H370M Pro4, BIOS P3.40 10/25/2018 [ 0.000000] tsc: Detected 3700.000 MHz processor [ 0.000000] tsc: Detected 3699.850 MHz TSC [ 0.000569] e820: update [mem 0x00000000-0x00000fff] usable ==> reserved [ 0.000572] e820: remove [mem 0x000a0000-0x000fffff] usable [ 0.000578] last_pfn = 0x16e000 max_arch_pfn = 0x400000000 [ 0.000582] MTRR map: 5 entries (3 fixed + 2 variable; max 23), built from 10 variable MTRRs [ 0.000584] x86/PAT: Configuration [0-7]: WB WC UC- UC WB WP UC- WT [ 0.000964] last_pfn = 0x7ed0f max_arch_pfn = 0x400000000 [ 0.006982] found SMP MP-table at [mem 0x000fcd40-0x000fcd4f] [ 0.006992] esrt: Reserving ESRT space from 0x000000007adddd18 to 0x000000007adddd50. [ 0.006997] e820: update [mem 0x7addd000-0x7adddfff] usable ==> reserved [ 0.007010] Using GB pages for direct mapping [ 0.007366] Secure boot disabled [ 0.007366] RAMDISK: [mem 0x67d08000-0x70f30fff] [ 0.007370] ACPI: Early table checksum verification disabled [ 0.007373] ACPI: RSDP 0x000000007E468000 000024 (v02 ALASKA) [ 0.007376] ACPI: XSDT 0x000000007E4680B0 0000DC (v01 ALASKA A M I 01072009 AMI 00010013) [ 0.007381] ACPI: FACP 0x000000007E4A7808 000114 (v06 ALASKA A M I 01072009 AMI 00010013) [ 0.007386] ACPI: DSDT 0x000000007E468220 03F5E6 (v02 ALASKA A M I 01072009 INTL 20160527) [ 0.007389] ACPI: FACS 0x000000007E526080 000040 [ 0.007391] ACPI: APIC 0x000000007E4A7920 000084 (v04 ALASKA A M I 01072009 AMI 00010013) [ 0.007394] ACPI: FPDT 0x000000007E4A79A8 000044 (v01 ALASKA A M I 01072009 AMI 00010013) [ 0.007397] ACPI: FIDT 0x000000007E4A79F0 00009C (v01 ALASKA A M I 01072009 AMI 00010013) [ 0.007399] ACPI: MCFG 0x000000007E4A7A90 00003C (v01 ALASKA A M I 01072009 MSFT 00000097) [ 0.007402] ACPI: SSDT 0x000000007E4A7AD0 000378 (v01 SataRe SataTabl 00001000 INTL 20160527) [ 0.007405] ACPI: SSDT 0x000000007E4A7E48 001B1C (v02 CpuRef CpuSsdt 00003000 INTL 20160527) [ 0.007407] ACPI: AAFT 0x000000007E4A9968 00023D (v01 ALASKA OEMAAFT 01072009 MSFT 00000097) [ 0.007410] ACPI: SSDT 0x000000007E4A9BA8 0031C6 (v02 SaSsdt SaSsdt 00003000 INTL 20160527) [ 0.007413] ACPI: HPET 0x000000007E4ACD70 000038 (v01 ALASKA A M I 00000002 01000013) [ 0.007416] ACPI: SSDT 0x000000007E4ACDA8 001C01 (v02 ALASKA CflS_Rvp 00001000 INTL 20160527) [ 0.007418] ACPI: SSDT 0x000000007E4AE9B0 002950 (v02 INTEL xh_cfsd4 00000000 INTL 20160527) [ 0.007421] ACPI: UEFI 0x000000007E4B1300 000042 (v01 ALASKA A M I 00000002 01000013) [ 0.007424] ACPI: LPIT 0x000000007E4B1348 00005C (v01 ALASKA A M I 00000002 01000013) [ 0.007426] ACPI: SSDT 0x000000007E4B13A8 0014E2 (v02 ALASKA TbtTypeC 00000000 INTL 20160527) [ 0.007429] ACPI: DBGP 0x000000007E4B2890 000034 (v01 ALASKA A M I 00000002 01000013) [ 0.007432] ACPI: DBG2 0x000000007E4B28C8 000054 (v00 ALASKA A M I 00000002 01000013) [ 0.007434] ACPI: SSDT 0x000000007E4B2920 001B67 (v02 ALASKA UsbCTabl 00001000 INTL 20160527) [ 0.007437] ACPI: SSDT 0x000000007E4B4488 000144 (v02 Intel ADebTabl 00001000 INTL 20160527) [ 0.007439] ACPI: DMAR 0x000000007E4B45D0 0000A8 (v01 INTEL EDK2 00000002 01000013) [ 0.007442] ACPI: BGRT 0x000000007E4B4678 000038 (v01 ALASKA A M I 01072009 AMI 00010013) [ 0.007445] ACPI: TPM2 0x000000007E4B46B0 000034 (v04 ALASKA A M I 00000001 AMI 00000000) [ 0.007447] ACPI: WSMT 0x000000007E4B46E8 000028 (v01 ALASKA A M I 01072009 AMI 00010013) [ 0.007450] ACPI: Reserving FACP table memory at [mem 0x7e4a7808-0x7e4a791b] [ 0.007451] ACPI: Reserving DSDT table memory at [mem 0x7e468220-0x7e4a7805] [ 0.007452] ACPI: Reserving FACS table memory at [mem 0x7e526080-0x7e5260bf] [ 0.007452] ACPI: Reserving APIC table memory at [mem 0x7e4a7920-0x7e4a79a3] [ 0.007453] ACPI: Reserving FPDT table memory at [mem 0x7e4a79a8-0x7e4a79eb] [ 0.007454] ACPI: Reserving FIDT table memory at [mem 0x7e4a79f0-0x7e4a7a8b] [ 0.007454] ACPI: Reserving MCFG table memory at [mem 0x7e4a7a90-0x7e4a7acb] [ 0.007455] ACPI: Reserving SSDT table memory at [mem 0x7e4a7ad0-0x7e4a7e47] [ 0.007456] ACPI: Reserving SSDT table memory at [mem 0x7e4a7e48-0x7e4a9963] [ 0.007456] ACPI: Reserving AAFT table memory at [mem 0x7e4a9968-0x7e4a9ba4] [ 0.007457] ACPI: Reserving SSDT table memory at [mem 0x7e4a9ba8-0x7e4acd6d] [ 0.007458] ACPI: Reserving HPET table memory at [mem 0x7e4acd70-0x7e4acda7] [ 0.007458] ACPI: Reserving SSDT table memory at [mem 0x7e4acda8-0x7e4ae9a8] [ 0.007459] ACPI: Reserving SSDT table memory at [mem 0x7e4ae9b0-0x7e4b12ff] [ 0.007460] ACPI: Reserving UEFI table memory at [mem 0x7e4b1300-0x7e4b1341] [ 0.007460] ACPI: Reserving LPIT table memory at [mem 0x7e4b1348-0x7e4b13a3] [ 0.007461] ACPI: Reserving SSDT table memory at [mem 0x7e4b13a8-0x7e4b2889] [ 0.007462] ACPI: Reserving DBGP table memory at [mem 0x7e4b2890-0x7e4b28c3] [ 0.007462] ACPI: Reserving DBG2 table memory at [mem 0x7e4b28c8-0x7e4b291b] [ 0.007463] ACPI: Reserving SSDT table memory at [mem 0x7e4b2920-0x7e4b4486] [ 0.007464] ACPI: Reserving SSDT table memory at [mem 0x7e4b4488-0x7e4b45cb] [ 0.007464] ACPI: Reserving DMAR table memory at [mem 0x7e4b45d0-0x7e4b4677] [ 0.007465] ACPI: Reserving BGRT table memory at [mem 0x7e4b4678-0x7e4b46af] [ 0.007466] ACPI: Reserving TPM2 table memory at [mem 0x7e4b46b0-0x7e4b46e3] [ 0.007466] ACPI: Reserving WSMT table memory at [mem 0x7e4b46e8-0x7e4b470f] [ 0.007743] No NUMA configuration found [ 0.007744] Faking a node at [mem 0x0000000000000000-0x000000016dffffff] [ 0.007751] NODE_DATA(0) allocated [mem 0x16dfd5000-0x16dffffff] [ 0.007886] Zone ranges: [ 0.007887] DMA [mem 0x0000000000001000-0x0000000000ffffff] [ 0.007888] DMA32 [mem 0x0000000001000000-0x00000000ffffffff] [ 0.007890] Normal [mem 0x0000000100000000-0x000000016dffffff] [ 0.007891] Device empty [ 0.007892] Movable zone start for each node [ 0.007894] Early memory node ranges [ 0.007894] node 0: [mem 0x0000000000001000-0x000000000005efff] [ 0.007896] node 0: [mem 0x0000000000060000-0x000000000009ffff] [ 0.007896] node 0: [mem 0x0000000000100000-0x000000007c764fff] [ 0.007897] node 0: [mem 0x000000007ed0e000-0x000000007ed0efff] [ 0.007898] node 0: [mem 0x0000000100000000-0x000000016dffffff] [ 0.007899] Initmem setup node 0 [mem 0x0000000000001000-0x000000016dffffff] [ 0.007902] On node 0, zone DMA: 1 pages in unavailable ranges [ 0.007903] On node 0, zone DMA: 1 pages in unavailable ranges [ 0.007923] On node 0, zone DMA: 96 pages in unavailable ranges [ 0.012542] On node 0, zone DMA32: 9641 pages in unavailable ranges [ 0.016729] On node 0, zone Normal: 4849 pages in unavailable ranges [ 0.016857] On node 0, zone Normal: 8192 pages in unavailable ranges [ 0.016875] Reserving Intel graphics memory at [mem 0x80000000-0x8fffffff] [ 0.017335] ACPI: PM-Timer IO Port: 0x1808 [ 0.017341] ACPI: LAPIC_NMI (acpi_id[0x01] high edge lint[0x1]) [ 0.017342] ACPI: LAPIC_NMI (acpi_id[0x02] high edge lint[0x1]) [ 0.017343] ACPI: LAPIC_NMI (acpi_id[0x03] high edge lint[0x1]) [ 0.017344] ACPI: LAPIC_NMI (acpi_id[0x04] high edge lint[0x1]) [ 0.017405] IOAPIC[0]: apic_id 2, version 32, address 0xfec00000, GSI 0-119 [ 0.017407] ACPI: INT_SRC_OVR (bus 0 bus_irq 0 global_irq 2 dfl dfl) [ 0.017409] ACPI: INT_SRC_OVR (bus 0 bus_irq 9 global_irq 9 high level) [ 0.017413] ACPI: Using ACPI (MADT) for SMP configuration information [ 0.017414] ACPI: HPET id: 0x8086a201 base: 0xfed00000 [ 0.017419] e820: update [mem 0x78a53000-0x78a93fff] usable ==> reserved [ 0.017429] TSC deadline timer available [ 0.017430] smpboot: Allowing 4 CPUs, 0 hotplug CPUs [ 0.017441] PM: hibernation: Registered nosave memory: [mem 0x00000000-0x00000fff] [ 0.017443] PM: hibernation: Registered nosave memory: [mem 0x0005f000-0x0005ffff] [ 0.017444] PM: hibernation: Registered nosave memory: [mem 0x000a0000-0x000fffff] [ 0.017445] PM: hibernation: Registered nosave memory: [mem 0x67cdb000-0x67cdbfff] [ 0.017447] PM: hibernation: Registered nosave memory: [mem 0x67ceb000-0x67cebfff] [ 0.017447] PM: hibernation: Registered nosave memory: [mem 0x67cec000-0x67cecfff] [ 0.017449] PM: hibernation: Registered nosave memory: [mem 0x67cfc000-0x67cfcfff] [ 0.017450] PM: hibernation: Registered nosave memory: [mem 0x78a53000-0x78a93fff] [ 0.017451] PM: hibernation: Registered nosave memory: [mem 0x7addd000-0x7adddfff] [ 0.017452] PM: hibernation: Registered nosave memory: [mem 0x7c765000-0x7dfd0fff] [ 0.017453] PM: hibernation: Registered nosave memory: [mem 0x7dfd1000-0x7e04dfff] [ 0.017454] PM: hibernation: Registered nosave memory: [mem 0x7e04e000-0x7e526fff] [ 0.017454] PM: hibernation: Registered nosave memory: [mem 0x7e527000-0x7ed0dfff] [ 0.017455] PM: hibernation: Registered nosave memory: [mem 0x7ed0f000-0x8fffffff] [ 0.017456] PM: hibernation: Registered nosave memory: [mem 0x90000000-0xfdffffff] [ 0.017457] PM: hibernation: Registered nosave memory: [mem 0xfe000000-0xfe010fff] [ 0.017457] PM: hibernation: Registered nosave memory: [mem 0xfe011000-0xfebfffff] [ 0.017458] PM: hibernation: Registered nosave memory: [mem 0xfec00000-0xfec00fff] [ 0.017458] PM: hibernation: Registered nosave memory: [mem 0xfec01000-0xfecfffff] [ 0.017459] PM: hibernation: Registered nosave memory: [mem 0xfed00000-0xfed03fff] [ 0.017459] PM: hibernation: Registered nosave memory: [mem 0xfed04000-0xfedfffff] [ 0.017460] PM: hibernation: Registered nosave memory: [mem 0xfee00000-0xfee00fff] [ 0.017460] PM: hibernation: Registered nosave memory: [mem 0xfee01000-0xffffffff] [ 0.017462] [mem 0x90000000-0xfdffffff] available for PCI devices [ 0.017463] Booting paravirtualized kernel on bare hardware [ 0.017465] clocksource: refined-jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645519600211568 ns [ 0.017470] setup_percpu: NR_CPUS:8192 nr_cpumask_bits:4 nr_cpu_ids:4 nr_node_ids:1 [ 0.017929] percpu: Embedded 64 pages/cpu s225280 r8192 d28672 u524288 [ 0.017934] pcpu-alloc: s225280 r8192 d28672 u524288 alloc=1*2097152 [ 0.017936] pcpu-alloc: [0] 0 1 2 3 [ 0.017953] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-6.8.0 root=UUID=74fe52d0-e90f-4b0a-92f4-581b5fa98519 ro quiet splash resume=UUID=74fe52d0-e90f-4b0a-92f4-581b5fa98519 resume_offset=2172927 resumedelay=15 vt.handoff=7 [ 0.018044] Unknown kernel command line parameters "splash BOOT_IMAGE=/boot/vmlinuz-6.8.0", will be passed to user space. [ 0.018648] Dentry cache hash table entries: 524288 (order: 10, 4194304 bytes, linear) [ 0.018930] Inode-cache hash table entries: 262144 (order: 9, 2097152 bytes, linear) [ 0.018995] Fallback order for Node 0: 0 [ 0.018998] Built 1 zonelists, mobility grouping on. Total pages: 945096 [ 0.018999] Policy zone: Normal [ 0.019003] mem auto-init: stack:off, heap alloc:on, heap free:off [ 0.019010] software IO TLB: area num 4. [ 0.048669] Memory: 3464128K/3841040K available (18432K kernel code, 3225K rwdata, 7212K rodata, 4580K init, 4312K bss, 376652K reserved, 0K cma-reserved) [ 0.048874] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=4, Nodes=1 [ 0.048885] Kernel/User page tables isolation: enabled [ 0.048912] ftrace: allocating 53981 entries in 211 pages [ 0.056577] ftrace: allocated 211 pages with 5 groups [ 0.057207] Dynamic Preempt: voluntary [ 0.057236] rcu: Preemptible hierarchical RCU implementation. [ 0.057237] rcu: RCU restricting CPUs from NR_CPUS=8192 to nr_cpu_ids=4. [ 0.057238] Trampoline variant of Tasks RCU enabled. [ 0.057239] Rude variant of Tasks RCU enabled. [ 0.057239] Tracing variant of Tasks RCU enabled. [ 0.057239] rcu: RCU calculated value of scheduler-enlistment delay is 25 jiffies. [ 0.057240] rcu: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=4 [ 0.059780] NR_IRQS: 524544, nr_irqs: 1024, preallocated irqs: 16 [ 0.060068] rcu: srcu_init: Setting srcu_struct sizes based on contention. [ 0.060424] Console: colour dummy device 80x25 [ 0.060426] printk: legacy console [tty0] enabled [ 0.060464] ACPI: Core revision 20230628 [ 0.060875] clocksource: hpet: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 79635855245 ns [ 0.061032] APIC: Switch to symmetric I/O mode setup [ 0.061034] DMAR: Host address width 39 [ 0.061035] DMAR: DRHD base: 0x000000fed90000 flags: 0x0 [ 0.061040] DMAR: dmar0: reg_base_addr fed90000 ver 1:0 cap 1c0000c40660462 ecap 19e2ff0505e [ 0.061042] DMAR: DRHD base: 0x000000fed91000 flags: 0x1 [ 0.061045] DMAR: dmar1: reg_base_addr fed91000 ver 1:0 cap d2008c40660462 ecap f050da [ 0.061047] DMAR: RMRR base: 0x0000007e809000 end: 0x0000007ea52fff [ 0.061048] DMAR: RMRR base: 0x0000007f800000 end: 0x0000008fffffff [ 0.061050] DMAR-IR: IOAPIC id 2 under DRHD base 0xfed91000 IOMMU 1 [ 0.061051] DMAR-IR: HPET id 0 under DRHD base 0xfed91000 [ 0.061051] DMAR-IR: Queued invalidation will be enabled to support x2apic and Intr-remapping. [ 0.064470] DMAR-IR: Enabled IRQ remapping in x2apic mode [ 0.064472] x2apic enabled [ 0.064535] APIC: Switched APIC routing to: cluster x2apic [ 0.073916] ..TIMER: vector=0x30 apic1=0 pin1=2 apic2=-1 pin2=-1 [ 0.092939] clocksource: tsc-early: mask: 0xffffffffffffffff max_cycles: 0x6aa99074b1c, max_idle_ns: 881590506587 ns [ 0.092944] Calibrating delay loop (skipped), value calculated using timer frequency.. 7399.70 BogoMIPS (lpj=14799400) [ 0.092963] x86/cpu: SGX disabled by BIOS. [ 0.092969] CPU0: Thermal monitoring enabled (TM1) [ 0.093005] process: using mwait in idle threads [ 0.093007] Last level iTLB entries: 4KB 64, 2MB 8, 4MB 8 [ 0.093008] Last level dTLB entries: 4KB 64, 2MB 0, 4MB 0, 1GB 4 [ 0.093011] Spectre V1 : Mitigation: usercopy/swapgs barriers and __user pointer sanitization [ 0.093013] Spectre V2 : Mitigation: IBRS [ 0.093014] Spectre V2 : Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch [ 0.093015] Spectre V2 : Spectre v2 / SpectreRSB : Filling RSB on VMEXIT [ 0.093015] RETBleed: Mitigation: IBRS [ 0.093017] Spectre V2 : mitigation: Enabling conditional Indirect Branch Prediction Barrier [ 0.093018] Spectre V2 : User space: Mitigation: STIBP via prctl [ 0.093019] Speculative Store Bypass: Mitigation: Speculative Store Bypass disabled via prctl [ 0.093024] MDS: Mitigation: Clear CPU buffers [ 0.093025] MMIO Stale Data: Mitigation: Clear CPU buffers [ 0.093029] SRBDS: Mitigation: Microcode [ 0.093034] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers' [ 0.093035] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers' [ 0.093036] x86/fpu: Supporting XSAVE feature 0x008: 'MPX bounds registers' [ 0.093037] x86/fpu: Supporting XSAVE feature 0x010: 'MPX CSR' [ 0.093039] x86/fpu: xstate_offset[3]: 576, xstate_sizes[3]: 64 [ 0.093040] x86/fpu: xstate_offset[4]: 640, xstate_sizes[4]: 64 [ 0.093041] x86/fpu: Enabled xstate features 0x1b, context size is 704 bytes, using 'compacted' format. [ 0.121725] Freeing SMP alternatives memory: 44K [ 0.121729] pid_max: default: 32768 minimum: 301 [ 0.124293] LSM: initializing lsm=lockdown,capability,yama,apparmor,integrity [ 0.124307] Yama: becoming mindful. [ 0.124340] AppArmor: AppArmor initialized [ 0.124372] Mount-cache hash table entries: 8192 (order: 4, 65536 bytes, linear) [ 0.124378] Mountpoint-cache hash table entries: 8192 (order: 4, 65536 bytes, linear) [ 0.124847] smpboot: CPU0: Intel(R) Pentium(R) Gold G5400 CPU @ 3.70GHz (family: 0x6, model: 0x9e, stepping: 0xa) [ 0.124941] RCU Tasks: Setting shift to 2 and lim to 1 rcu_task_cb_adjust=1. [ 0.124941] RCU Tasks Rude: Setting shift to 2 and lim to 1 rcu_task_cb_adjust=1. [ 0.124941] RCU Tasks Trace: Setting shift to 2 and lim to 1 rcu_task_cb_adjust=1. [ 0.124941] Performance Events: PEBS fmt3+, Skylake events, 32-deep LBR, full-width counters, Intel PMU driver. [ 0.124941] ... version: 4 [ 0.124941] ... bit width: 48 [ 0.124941] ... generic registers: 4 [ 0.124941] ... value mask: 0000ffffffffffff [ 0.124941] ... max period: 00007fffffffffff [ 0.124941] ... fixed-purpose events: 3 [ 0.124941] ... event mask: 000000070000000f [ 0.124941] signal: max sigframe size: 2032 [ 0.124941] Estimated ratio of average max frequency by base frequency (times 1024): 1024 [ 0.124941] rcu: Hierarchical SRCU implementation. [ 0.124941] rcu: Max phase no-delay instances is 1000. [ 0.124941] NMI watchdog: Enabled. Permanently consumes one hw-PMU counter. [ 0.124941] smp: Bringing up secondary CPUs ... [ 0.124941] smpboot: x86: Booting SMP configuration: [ 0.124941] .... node #0, CPUs: #1 #2 #3 [ 0.125036] MDS CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html for more details. [ 0.125036] MMIO Stale Data CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/processor_mmio_s… for more details. [ 0.125036] smp: Brought up 1 node, 4 CPUs [ 0.125036] smpboot: Max logical packages: 1 [ 0.125036] smpboot: Total of 4 processors activated (29598.80 BogoMIPS) [ 0.126698] devtmpfs: initialized [ 0.126698] x86/mm: Memory block size: 128MB [ 0.126698] ACPI: PM: Registering ACPI NVS region [mem 0x7e04e000-0x7e526fff] (5083136 bytes) [ 0.126698] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645041785100000 ns [ 0.126698] futex hash table entries: 1024 (order: 4, 65536 bytes, linear) [ 0.126698] pinctrl core: initialized pinctrl subsystem [ 0.126698] PM: RTC time: 20:41:21, date: 2024-04-08 [ 0.126698] NET: Registered PF_NETLINK/PF_ROUTE protocol family [ 0.126698] DMA: preallocated 512 KiB GFP_KERNEL pool for atomic allocations [ 0.126698] DMA: preallocated 512 KiB GFP_KERNEL|GFP_DMA pool for atomic allocations [ 0.128994] DMA: preallocated 512 KiB GFP_KERNEL|GFP_DMA32 pool for atomic allocations [ 0.129014] audit: initializing netlink subsys (disabled) [ 0.129023] audit: type=2000 audit(1712608881.060:1): state=initialized audit_enabled=0 res=1 [ 0.129066] thermal_sys: Registered thermal governor 'fair_share' [ 0.129067] thermal_sys: Registered thermal governor 'bang_bang' [ 0.129068] thermal_sys: Registered thermal governor 'step_wise' [ 0.129069] thermal_sys: Registered thermal governor 'user_space' [ 0.129070] thermal_sys: Registered thermal governor 'power_allocator' [ 0.129076] EISA bus registered [ 0.129085] cpuidle: using governor ladder [ 0.129089] cpuidle: using governor menu [ 0.129023] acpiphp: ACPI Hot Plug PCI Controller Driver version: 0.5 [ 0.129121] PCI: ECAM [mem 0xe0000000-0xefffffff] (base 0xe0000000) for domain 0000 [bus 00-ff] [ 0.129125] PCI: not using ECAM ([mem 0xe0000000-0xefffffff] not reserved) [ 0.129127] PCI: Using configuration type 1 for base access [ 0.129243] kprobes: kprobe jump-optimization is enabled. All kprobes are optimized if possible. [ 0.129243] HugeTLB: registered 1.00 GiB page size, pre-allocated 0 pages [ 0.129243] HugeTLB: 16380 KiB vmemmap can be freed for a 1.00 GiB page [ 0.129243] HugeTLB: registered 2.00 MiB page size, pre-allocated 0 pages [ 0.129243] HugeTLB: 28 KiB vmemmap can be freed for a 2.00 MiB page [ 0.129243] fbcon: Taking over console [ 0.129243] ACPI: Added _OSI(Module Device) [ 0.129243] ACPI: Added _OSI(Processor Device) [ 0.129243] ACPI: Added _OSI(3.0 _SCP Extensions) [ 0.129243] ACPI: Added _OSI(Processor Aggregator Device) [ 0.204834] ACPI: 9 ACPI AML tables successfully acquired and loaded [ 0.217305] ACPI: Dynamic OEM Table Load: [ 0.217312] ACPI: SSDT 0xFFFF8F8D802FD000 000400 (v02 PmRef Cpu0Cst 00003001 INTL 20160527) [ 0.219074] ACPI: Dynamic OEM Table Load: [ 0.219079] ACPI: SSDT 0xFFFF8F8D80CBB000 0006CB (v02 PmRef Cpu0Ist 00003000 INTL 20160527) [ 0.220930] ACPI: Dynamic OEM Table Load: [ 0.220934] ACPI: SSDT 0xFFFF8F8D80D51100 0000F4 (v02 PmRef Cpu0Psd 00003000 INTL 20160527) [ 0.222906] ACPI: Dynamic OEM Table Load: [ 0.222912] ACPI: SSDT 0xFFFF8F8D80CBD000 0005FC (v02 PmRef ApIst 00003000 INTL 20160527) [ 0.224911] ACPI: Dynamic OEM Table Load: [ 0.224918] ACPI: SSDT 0xFFFF8F8D80164000 000AB0 (v02 PmRef ApPsd 00003000 INTL 20160527) [ 0.227368] ACPI: Dynamic OEM Table Load: [ 0.227373] ACPI: SSDT 0xFFFF8F8D802FC400 00030A (v02 PmRef ApCst 00003000 INTL 20160527) [ 0.231078] ACPI: _OSC evaluated successfully for all CPUs [ 0.232407] ACPI: Interpreter enabled [ 0.232441] ACPI: PM: (supports S0 S3 S4 S5) [ 0.232443] ACPI: Using IOAPIC for interrupt routing [ 0.232557] PCI: ECAM [mem 0xe0000000-0xefffffff] (base 0xe0000000) for domain 0000 [bus 00-ff] [ 0.234390] PCI: ECAM [mem 0xe0000000-0xefffffff] reserved as ACPI motherboard resource [ 0.234401] PCI: Using host bridge windows from ACPI; if necessary, use "pci=nocrs" and report a bug [ 0.234402] PCI: Using E820 reservations for host bridge windows [ 0.235868] ACPI: Enabled 9 GPEs in block 00 to 7F [ 0.253437] ACPI: \_SB_.PCI0.XDCI.USBC: New power resource [ 0.253626] ACPI: \_SB_.PCI0.PAUD: New power resource [ 0.257492] ACPI: \SPR2: New power resource [ 0.257844] ACPI: \_SB_.PCI0.SAT0.VOL0.V0PR: New power resource [ 0.258294] ACPI: \_SB_.PCI0.SAT0.VOL1.V1PR: New power resource [ 0.258734] ACPI: \_SB_.PCI0.SAT0.VOL2.V2PR: New power resource [ 0.265560] ACPI: \_SB_.PCI0.I2C1.PXTC: New power resource [ 0.273523] ACPI: \_SB_.PCI0.CNVW.WRST: New power resource [ 0.280011] ACPI: \PIN_: New power resource [ 0.280212] ACPI: \SPR0: New power resource [ 0.280276] ACPI: \SPR1: New power resource [ 0.280338] ACPI: \SPR3: New power resource [ 0.280403] ACPI: \SPR5: New power resource [ 0.280755] ACPI: \ZPDR: New power resource [ 0.281265] ACPI: PCI Root Bridge [PCI0] (domain 0000 [bus 00-fe]) [ 0.281271] acpi PNP0A08:00: _OSC: OS supports [ExtendedConfig ASPM ClockPM Segments MSI HPX-Type3] [ 0.284463] acpi PNP0A08:00: _OSC: OS now controls [PCIeHotplug SHPCHotplug PME AER PCIeCapability LTR] [ 0.285976] PCI host bridge to bus 0000:00 [ 0.285978] pci_bus 0000:00: root bus resource [io 0x0000-0x0cf7 window] [ 0.285980] pci_bus 0000:00: root bus resource [io 0x0d00-0xffff window] [ 0.285981] pci_bus 0000:00: root bus resource [mem 0x000a0000-0x000bffff window] [ 0.285983] pci_bus 0000:00: root bus resource [mem 0x90000000-0xdfffffff window] [ 0.285984] pci_bus 0000:00: root bus resource [mem 0xfc800000-0xfe7fffff window] [ 0.285986] pci_bus 0000:00: root bus resource [bus 00-fe] [ 0.286079] pci 0000:00:00.0: [8086:3e0f] type 00 class 0x060000 conventional PCI endpoint [ 0.286170] pci 0000:00:02.0: [8086:3e90] type 00 class 0x030000 PCIe Root Complex Integrated Endpoint [ 0.286178] pci 0000:00:02.0: BAR 0 [mem 0xa2000000-0xa2ffffff 64bit] [ 0.286183] pci 0000:00:02.0: BAR 2 [mem 0x90000000-0x9fffffff 64bit pref] [ 0.286187] pci 0000:00:02.0: BAR 4 [io 0x6000-0x603f] [ 0.286200] pci 0000:00:02.0: BAR 2: assigned to efifb [ 0.286203] pci 0000:00:02.0: Video device with shadowed ROM at [mem 0x000c0000-0x000dffff] [ 0.286575] pci 0000:00:12.0: [8086:a379] type 00 class 0x118000 conventional PCI endpoint [ 0.286601] pci 0000:00:12.0: BAR 0 [mem 0xa4f3d000-0xa4f3dfff 64bit] [ 0.286830] pci 0000:00:14.0: [8086:a36d] type 00 class 0x0c0330 conventional PCI endpoint [ 0.286857] pci 0000:00:14.0: BAR 0 [mem 0xa4f20000-0xa4f2ffff 64bit] [ 0.286959] pci 0000:00:14.0: PME# supported from D3hot D3cold [ 0.288441] pci 0000:00:14.2: [8086:a36f] type 00 class 0x050000 conventional PCI endpoint [ 0.288464] pci 0000:00:14.2: BAR 0 [mem 0xa4f36000-0xa4f37fff 64bit] [ 0.288479] pci 0000:00:14.2: BAR 2 [mem 0xa4f3c000-0xa4f3cfff 64bit] [ 0.288655] pci 0000:00:16.0: [8086:a360] type 00 class 0x078000 conventional PCI endpoint [ 0.288679] pci 0000:00:16.0: BAR 0 [mem 0xa4f3b000-0xa4f3bfff 64bit] [ 0.288766] pci 0000:00:16.0: PME# supported from D3hot [ 0.289286] pci 0000:00:17.0: [8086:a352] type 00 class 0x010601 conventional PCI endpoint [ 0.289307] pci 0000:00:17.0: BAR 0 [mem 0xa4f34000-0xa4f35fff] [ 0.289319] pci 0000:00:17.0: BAR 1 [mem 0xa4f3a000-0xa4f3a0ff] [ 0.289330] pci 0000:00:17.0: BAR 2 [io 0x6090-0x6097] [ 0.289341] pci 0000:00:17.0: BAR 3 [io 0x6080-0x6083] [ 0.289353] pci 0000:00:17.0: BAR 4 [io 0x6060-0x607f] [ 0.289364] pci 0000:00:17.0: BAR 5 [mem 0xa4f39000-0xa4f397ff] [ 0.289427] pci 0000:00:17.0: PME# supported from D3hot [ 0.289970] pci 0000:00:1b.0: [8086:a32c] type 01 class 0x060400 PCIe Root Port [ 0.290013] pci 0000:00:1b.0: PCI bridge to [bus 01] [ 0.290019] pci 0000:00:1b.0: bridge window [io 0x5000-0x5fff] [ 0.290023] pci 0000:00:1b.0: bridge window [mem 0xa4500000-0xa4efffff] [ 0.290038] pci 0000:00:1b.0: bridge window [mem 0xa1400000-0xa1dfffff 64bit pref] [ 0.290141] pci 0000:00:1b.0: PME# supported from D0 D3hot D3cold [ 0.290178] pci 0000:00:1b.0: PTM enabled (root), 4ns granularity [ 0.290913] pci 0000:00:1c.0: [8086:a33c] type 01 class 0x060400 PCIe Root Port [ 0.290956] pci 0000:00:1c.0: PCI bridge to [bus 02] [ 0.290962] pci 0000:00:1c.0: bridge window [io 0x4000-0x4fff] [ 0.290966] pci 0000:00:1c.0: bridge window [mem 0xa3b00000-0xa44fffff] [ 0.290980] pci 0000:00:1c.0: bridge window [mem 0xa0a00000-0xa13fffff 64bit pref] [ 0.291084] pci 0000:00:1c.0: PME# supported from D0 D3hot D3cold [ 0.291127] pci 0000:00:1c.0: PTM enabled (root), 4ns granularity [ 0.291874] pci 0000:00:1d.0: [8086:a330] type 01 class 0x060400 PCIe Root Port [ 0.291915] pci 0000:00:1d.0: PCI bridge to [bus 03] [ 0.292021] pci 0000:00:1d.0: PME# supported from D0 D3hot D3cold [ 0.292724] pci 0000:00:1d.3: [8086:a333] type 01 class 0x060400 PCIe Root Port [ 0.292767] pci 0000:00:1d.3: PCI bridge to [bus 04] [ 0.292773] pci 0000:00:1d.3: bridge window [io 0x3000-0x3fff] [ 0.292777] pci 0000:00:1d.3: bridge window [mem 0xa3100000-0xa3afffff] [ 0.292791] pci 0000:00:1d.3: bridge window [mem 0xa0000000-0xa09fffff 64bit pref] [ 0.292902] pci 0000:00:1d.3: PME# supported from D0 D3hot D3cold [ 0.292950] pci 0000:00:1d.3: PTM enabled (root), 4ns granularity [ 0.293667] pci 0000:00:1f.0: [8086:a304] type 00 class 0x060100 conventional PCI endpoint [ 0.294210] pci 0000:00:1f.3: [8086:a348] type 00 class 0x040300 conventional PCI endpoint [ 0.294270] pci 0000:00:1f.3: BAR 0 [mem 0xa4f30000-0xa4f33fff 64bit] [ 0.294354] pci 0000:00:1f.3: BAR 4 [mem 0xa3000000-0xa30fffff 64bit] [ 0.294494] pci 0000:00:1f.3: PME# supported from D3hot D3cold [ 0.297344] pci 0000:00:1f.4: [8086:a323] type 00 class 0x0c0500 conventional PCI endpoint [ 0.297388] pci 0000:00:1f.4: BAR 0 [mem 0xa4f38000-0xa4f380ff 64bit] [ 0.297440] pci 0000:00:1f.4: BAR 4 [io 0xefa0-0xefbf] [ 0.297782] pci 0000:00:1f.5: [8086:a324] type 00 class 0x0c8000 conventional PCI endpoint [ 0.297802] pci 0000:00:1f.5: BAR 0 [mem 0xfe010000-0xfe010fff] [ 0.297972] pci 0000:00:1f.6: [8086:15bc] type 00 class 0x020000 conventional PCI endpoint [ 0.298017] pci 0000:00:1f.6: BAR 0 [mem 0xa4f00000-0xa4f1ffff] [ 0.298251] pci 0000:00:1f.6: PME# supported from D0 D3hot D3cold [ 0.298447] pci 0000:00:1b.0: PCI bridge to [bus 01] [ 0.298557] pci 0000:00:1c.0: PCI bridge to [bus 02] [ 0.298666] acpiphp: Slot [1] registered [ 0.298679] pci 0000:00:1d.0: PCI bridge to [bus 03] [ 0.298786] pci 0000:00:1d.3: PCI bridge to [bus 04] [ 0.300193] ACPI: PCI: Interrupt link LNKA configured for IRQ 0 [ 0.300279] ACPI: PCI: Interrupt link LNKB configured for IRQ 1 [ 0.300362] ACPI: PCI: Interrupt link LNKC configured for IRQ 0 [ 0.300445] ACPI: PCI: Interrupt link LNKD configured for IRQ 0 [ 0.300528] ACPI: PCI: Interrupt link LNKE configured for IRQ 0 [ 0.300610] ACPI: PCI: Interrupt link LNKF configured for IRQ 0 [ 0.300693] ACPI: PCI: Interrupt link LNKG configured for IRQ 0 [ 0.300775] ACPI: PCI: Interrupt link LNKH configured for IRQ 0 [ 0.307402] iommu: Default domain type: Translated [ 0.307402] iommu: DMA domain TLB invalidation policy: lazy mode [ 0.307402] SCSI subsystem initialized [ 0.307402] libata version 3.00 loaded. [ 0.307402] ACPI: bus type USB registered [ 0.307402] usbcore: registered new interface driver usbfs [ 0.307402] usbcore: registered new interface driver hub [ 0.307402] usbcore: registered new device driver usb [ 0.307402] pps_core: LinuxPPS API ver. 1 registered [ 0.307402] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti <giometti(a)linux.it> [ 0.307402] PTP clock support registered [ 0.307402] EDAC MC: Ver: 3.0.0 [ 0.307402] efivars: Registered efivars operations [ 0.307402] NetLabel: Initializing [ 0.307402] NetLabel: domain hash size = 128 [ 0.307402] NetLabel: protocols = UNLABELED CIPSOv4 CALIPSO [ 0.307402] NetLabel: unlabeled traffic allowed by default [ 0.307402] PCI: Using ACPI for IRQ routing [ 0.387885] PCI: pci_cache_line_size set to 64 bytes [ 0.387962] e820: reserve RAM buffer [mem 0x0005f000-0x0005ffff] [ 0.387964] e820: reserve RAM buffer [mem 0x67cdb018-0x67ffffff] [ 0.387965] e820: reserve RAM buffer [mem 0x67cec018-0x67ffffff] [ 0.387966] e820: reserve RAM buffer [mem 0x78a53000-0x7bffffff] [ 0.387967] e820: reserve RAM buffer [mem 0x7addd000-0x7bffffff] [ 0.387968] e820: reserve RAM buffer [mem 0x7c765000-0x7fffffff] [ 0.387969] e820: reserve RAM buffer [mem 0x7ed0f000-0x7fffffff] [ 0.387970] e820: reserve RAM buffer [mem 0x16e000000-0x16fffffff] [ 0.388946] pci 0000:00:02.0: vgaarb: setting as boot VGA device [ 0.388948] pci 0000:00:02.0: vgaarb: bridge control possible [ 0.388949] pci 0000:00:02.0: vgaarb: VGA device added: decodes=io+mem,owns=io+mem,locks=none [ 0.388953] vgaarb: loaded [ 0.389019] hpet0: at MMIO 0xfed00000, IRQs 2, 8, 0, 0, 0, 0, 0, 0 [ 0.389026] hpet0: 8 comparators, 64-bit 24.000000 MHz counter [ 0.392953] clocksource: Switched to clocksource tsc-early [ 0.392953] VFS: Disk quotas dquot_6.6.0 [ 0.392953] VFS: Dquot-cache hash table entries: 512 (order 0, 4096 bytes) [ 0.392953] AppArmor: AppArmor Filesystem Enabled [ 0.392953] pnp: PnP ACPI init [ 0.392953] system 00:00: [io 0x0280-0x028f] has been reserved [ 0.392953] system 00:00: [io 0x0290-0x029f] has been reserved [ 0.392953] system 00:00: [io 0x02a0-0x02af] has been reserved [ 0.392953] system 00:00: [io 0x02b0-0x02bf] has been reserved [ 0.392953] pnp 00:01: [dma 0 disabled] [ 0.392953] system 00:02: [io 0x0680-0x069f] has been reserved [ 0.392953] system 00:02: [io 0x164e-0x164f] has been reserved [ 0.392953] system 00:03: [io 0x1854-0x1857] has been reserved [ 0.392953] system 00:04: [mem 0xfed10000-0xfed17fff] has been reserved [ 0.392953] system 00:04: [mem 0xfed18000-0xfed18fff] has been reserved [ 0.392953] system 00:04: [mem 0xfed19000-0xfed19fff] has been reserved [ 0.392953] system 00:04: [mem 0xe0000000-0xefffffff] has been reserved [ 0.392953] system 00:04: [mem 0xfed20000-0xfed3ffff] has been reserved [ 0.392953] system 00:04: [mem 0xfed90000-0xfed93fff] could not be reserved [ 0.392953] system 00:04: [mem 0xfed45000-0xfed8ffff] has been reserved [ 0.392953] system 00:04: [mem 0xfee00000-0xfeefffff] could not be reserved [ 0.392953] system 00:05: [io 0x1800-0x18fe] could not be reserved [ 0.392953] system 00:05: [mem 0xfd000000-0xfd69ffff] has been reserved [ 0.392953] system 00:05: [mem 0xfd6c0000-0xfd6cffff] has been reserved [ 0.392953] system 00:05: [mem 0xfd6f0000-0xfdffffff] has been reserved [ 0.392953] system 00:05: [mem 0xfe000000-0xfe01ffff] could not be reserved [ 0.392953] system 00:05: [mem 0xfe200000-0xfe7fffff] has been reserved [ 0.392953] system 00:05: [mem 0xff000000-0xffffffff] has been reserved [ 0.392953] system 00:06: [io 0x2000-0x20fe] has been reserved [ 0.392953] system 00:07: [mem 0xfd6e0000-0xfd6effff] has been reserved [ 0.392953] system 00:07: [mem 0xfd6d0000-0xfd6dffff] has been reserved [ 0.392953] system 00:07: [mem 0xfd6b0000-0xfd6bffff] has been reserved [ 0.392953] system 00:07: [mem 0xfd6a0000-0xfd6affff] has been reserved [ 0.397330] pnp: PnP ACPI: found 9 devices [ 0.403152] clocksource: acpi_pm: mask: 0xffffff max_cycles: 0xffffff, max_idle_ns: 2085701024 ns [ 0.403263] NET: Registered PF_INET protocol family [ 0.403305] IP idents hash table entries: 65536 (order: 7, 524288 bytes, linear) [ 0.403921] tcp_listen_portaddr_hash hash table entries: 2048 (order: 3, 32768 bytes, linear) [ 0.403940] Table-perturb hash table entries: 65536 (order: 6, 262144 bytes, linear) [ 0.403965] TCP established hash table entries: 32768 (order: 6, 262144 bytes, linear) [ 0.404035] TCP bind hash table entries: 32768 (order: 8, 1048576 bytes, linear) [ 0.404127] TCP: Hash tables configured (established 32768 bind 32768) [ 0.404171] MPTCP token hash table entries: 4096 (order: 4, 98304 bytes, linear) [ 0.404187] UDP hash table entries: 2048 (order: 4, 65536 bytes, linear) [ 0.404196] UDP-Lite hash table entries: 2048 (order: 4, 65536 bytes, linear) [ 0.404226] NET: Registered PF_UNIX/PF_LOCAL protocol family [ 0.404232] NET: Registered PF_XDP protocol family [ 0.404242] pci 0000:00:1b.0: PCI bridge to [bus 01] [ 0.404255] pci 0000:00:1b.0: bridge window [io 0x5000-0x5fff] [ 0.404261] pci 0000:00:1b.0: bridge window [mem 0xa4500000-0xa4efffff] [ 0.404265] pci 0000:00:1b.0: bridge window [mem 0xa1400000-0xa1dfffff 64bit pref] [ 0.404272] pci 0000:00:1c.0: PCI bridge to [bus 02] [ 0.404275] pci 0000:00:1c.0: bridge window [io 0x4000-0x4fff] [ 0.404280] pci 0000:00:1c.0: bridge window [mem 0xa3b00000-0xa44fffff] [ 0.404285] pci 0000:00:1c.0: bridge window [mem 0xa0a00000-0xa13fffff 64bit pref] [ 0.404292] pci 0000:00:1d.0: PCI bridge to [bus 03] [ 0.404306] pci 0000:00:1d.3: PCI bridge to [bus 04] [ 0.404309] pci 0000:00:1d.3: bridge window [io 0x3000-0x3fff] [ 0.404314] pci 0000:00:1d.3: bridge window [mem 0xa3100000-0xa3afffff] [ 0.404318] pci 0000:00:1d.3: bridge window [mem 0xa0000000-0xa09fffff 64bit pref] [ 0.404326] pci_bus 0000:00: resource 4 [io 0x0000-0x0cf7 window] [ 0.404328] pci_bus 0000:00: resource 5 [io 0x0d00-0xffff window] [ 0.404329] pci_bus 0000:00: resource 6 [mem 0x000a0000-0x000bffff window] [ 0.404330] pci_bus 0000:00: resource 7 [mem 0x90000000-0xdfffffff window] [ 0.404332] pci_bus 0000:00: resource 8 [mem 0xfc800000-0xfe7fffff window] [ 0.404333] pci_bus 0000:01: resource 0 [io 0x5000-0x5fff] [ 0.404334] pci_bus 0000:01: resource 1 [mem 0xa4500000-0xa4efffff] [ 0.404336] pci_bus 0000:01: resource 2 [mem 0xa1400000-0xa1dfffff 64bit pref] [ 0.404337] pci_bus 0000:02: resource 0 [io 0x4000-0x4fff] [ 0.404338] pci_bus 0000:02: resource 1 [mem 0xa3b00000-0xa44fffff] [ 0.404339] pci_bus 0000:02: resource 2 [mem 0xa0a00000-0xa13fffff 64bit pref] [ 0.404341] pci_bus 0000:04: resource 0 [io 0x3000-0x3fff] [ 0.404342] pci_bus 0000:04: resource 1 [mem 0xa3100000-0xa3afffff] [ 0.404343] pci_bus 0000:04: resource 2 [mem 0xa0000000-0xa09fffff 64bit pref] [ 0.405350] PCI: CLS 64 bytes, default 64 [ 0.405367] PCI-DMA: Using software bounce buffering for IO (SWIOTLB) [ 0.405368] software IO TLB: mapped [mem 0x0000000074a53000-0x0000000078a53000] (64MB) [ 0.405402] Trying to unpack rootfs image as initramfs... [ 0.408717] platform rtc_cmos: registered platform RTC device (no PNP device found) [ 0.409329] Initialise system trusted keyrings [ 0.409340] Key type blacklist registered [ 0.409414] workingset: timestamp_bits=36 max_order=20 bucket_order=0 [ 0.409425] zbud: loaded [ 0.409724] squashfs: version 4.0 (2009/01/31) Phillip Lougher [ 0.409829] fuse: init (API version 7.39) [ 0.409966] integrity: Platform Keyring initialized [ 0.424763] Key type asymmetric registered [ 0.424767] Asymmetric key parser 'x509' registered [ 0.424793] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 243) [ 0.424858] io scheduler mq-deadline registered [ 0.425417] pcieport 0000:00:1b.0: PME: Signaling with IRQ 122 [ 0.425472] pcieport 0000:00:1b.0: pciehp: Slot #24 AttnBtn- PwrCtrl- MRL- AttnInd- PwrInd- HotPlug+ Surprise+ Interlock- NoCompl+ IbPresDis- LLActRep+ [ 0.425920] pcieport 0000:00:1c.0: PME: Signaling with IRQ 123 [ 0.425968] pcieport 0000:00:1c.0: pciehp: Slot #8 AttnBtn- PwrCtrl- MRL- AttnInd- PwrInd- HotPlug+ Surprise+ Interlock- NoCompl+ IbPresDis- LLActRep+ [ 0.426240] pcieport 0000:00:1d.0: PME: Signaling with IRQ 124 [ 0.426604] pcieport 0000:00:1d.3: PME: Signaling with IRQ 125 [ 0.426651] pcieport 0000:00:1d.3: pciehp: Slot #15 AttnBtn- PwrCtrl- MRL- AttnInd- PwrInd- HotPlug+ Surprise+ Interlock- NoCompl+ IbPresDis- LLActRep+ [ 0.426889] shpchp: Standard Hot Plug PCI Controller Driver version: 0.4 [ 0.428539] input: Sleep Button as /devices/LNXSYSTM:00/LNXSYBUS:00/PNP0C0E:00/input/input0 [ 0.428580] ACPI: button: Sleep Button [SLPB] [ 0.428623] input: Power Button as /devices/LNXSYSTM:00/LNXSYBUS:00/PNP0C0C:00/input/input1 [ 0.428658] ACPI: button: Power Button [PWRB] [ 0.428704] input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input2 [ 0.428758] ACPI: button: Power Button [PWRF] [ 0.429339] Serial: 8250/16550 driver, 32 ports, IRQ sharing enabled [ 0.451391] 00:01: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A [ 0.457017] Linux agpgart interface v0.103 [ 0.467644] loop: module loaded [ 0.468054] tun: Universal TUN/TAP device driver, 1.6 [ 0.468123] PPP generic driver version 2.4.2 [ 0.468343] VFIO - User Level meta-driver version: 0.3 [ 0.468474] i8042: PNP: No PS/2 controller found. [ 0.468556] mousedev: PS/2 mouse device common for all mice [ 0.468715] rtc_cmos rtc_cmos: RTC can wake from S4 [ 0.470316] rtc_cmos rtc_cmos: registered as rtc0 [ 0.470633] rtc_cmos rtc_cmos: setting system clock to 2024-04-08T20:41:22 UTC (1712608882) [ 0.470675] rtc_cmos rtc_cmos: alarms up to one month, y3k, 114 bytes nvram [ 0.470686] i2c_dev: i2c /dev entries driver [ 0.470759] device-mapper: core: CONFIG_IMA_DISABLE_HTABLE is disabled. Duplicate IMA measurements will not be recorded in the IMA log. [ 0.470773] device-mapper: uevent: version 1.0.3 [ 0.470817] device-mapper: ioctl: 4.48.0-ioctl (2023-03-01) initialised: dm-devel(a)redhat.com [ 0.470848] platform eisa.0: Probing EISA bus 0 [ 0.470851] platform eisa.0: EISA: Cannot allocate resource for mainboard [ 0.470853] platform eisa.0: Cannot allocate resource for EISA slot 1 [ 0.470854] platform eisa.0: Cannot allocate resource for EISA slot 2 [ 0.470856] platform eisa.0: Cannot allocate resource for EISA slot 3 [ 0.470858] platform eisa.0: Cannot allocate resource for EISA slot 4 [ 0.470859] platform eisa.0: Cannot allocate resource for EISA slot 5 [ 0.470861] platform eisa.0: Cannot allocate resource for EISA slot 6 [ 0.470862] platform eisa.0: Cannot allocate resource for EISA slot 7 [ 0.470864] platform eisa.0: Cannot allocate resource for EISA slot 8 [ 0.470865] platform eisa.0: EISA: Detected 0 cards [ 0.470868] intel_pstate: Intel P-state driver initializing [ 0.471134] intel_pstate: Disabling energy efficiency optimization [ 0.471135] intel_pstate: HWP enabled [ 0.471231] ledtrig-cpu: registered to indicate activity on CPUs [ 0.471261] efifb: probing for efifb [ 0.471282] efifb: showing boot graphics [ 0.472356] efifb: framebuffer at 0x90000000, using 8100k, total 8100k [ 0.472359] efifb: mode is 1920x1080x32, linelength=7680, pages=1 [ 0.472361] efifb: scrolling: redraw [ 0.472362] efifb: Truecolor: size=8:8:8:8, shift=24:16:8:0 [ 0.472508] Console: switching to colour frame buffer device 240x67 [ 0.474661] fb0: EFI VGA frame buffer device [ 0.474815] drop_monitor: Initializing network drop monitor service [ 0.474926] NET: Registered PF_INET6 protocol family [ 0.782617] Freeing initrd memory: 149668K [ 0.789019] Segment Routing with IPv6 [ 0.789032] In-situ OAM (IOAM) with IPv6 [ 0.789070] NET: Registered PF_PACKET protocol family [ 0.789161] Key type dns_resolver registered [ 0.789588] ENERGY_PERF_BIAS: Set to 'normal', was 'performance' [ 0.789686] microcode: Current revision: 0x000000f4 [ 0.789687] microcode: Updated early from: 0x00000096 [ 0.789830] IPI shorthand broadcast: enabled [ 0.791749] sched_clock: Marking stable (781258941, 8557784)->(794638026, -4821301) [ 0.791916] registered taskstats version 1 [ 0.792047] Loading compiled-in X.509 certificates [ 0.792520] Loaded X.509 cert 'Build time autogenerated kernel key: 8b7471cc9a0f57660f75ca5499023b7650454f8d' [ 0.794869] Key type .fscrypt registered [ 0.794870] Key type fscrypt-provisioning registered [ 0.794918] Key type trusted registered [ 0.809365] Key type encrypted registered [ 0.809370] AppArmor: AppArmor sha256 policy hashing enabled [ 0.810322] integrity: Loading X.509 certificate: UEFI:db [ 0.810350] integrity: Loaded X.509 cert 'Microsoft Corporation UEFI CA 2011: 13adbf4309bd82709c8cd54f316ed522988a1bd4' [ 0.810351] integrity: Loading X.509 certificate: UEFI:db [ 0.810366] integrity: Loaded X.509 cert 'Microsoft Windows Production PCA 2011: a92902398e16c49778cd90f99e4f9ae17c55af53' [ 0.811113] Loading compiled-in module X.509 certificates [ 0.811556] Loaded X.509 cert 'Build time autogenerated kernel key: 8b7471cc9a0f57660f75ca5499023b7650454f8d' [ 0.811558] ima: Allocated hash algorithm: sha1 [ 0.840837] ima: No architecture policies found [ 0.840878] evm: Initialising EVM extended attributes: [ 0.840880] evm: security.selinux [ 0.840885] evm: security.SMACK64 [ 0.840888] evm: security.SMACK64EXEC [ 0.840891] evm: security.SMACK64TRANSMUTE [ 0.840894] evm: security.SMACK64MMAP [ 0.840897] evm: security.apparmor [ 0.840900] evm: security.ima [ 0.840903] evm: security.capability [ 0.840906] evm: HMAC attrs: 0x1 [ 0.841814] PM: Magic number: 4:842:699 [ 0.841898] acpi LNXCPU:0d: hash matches [ 0.842475] RAS: Correctable Errors collector initialized. [ 0.842498] PM: hibernation: Waiting 15sec before reading resume device ... [ 1.412662] tsc: Refined TSC clocksource calibration: 3696.002 MHz [ 1.412682] clocksource: tsc: mask: 0xffffffffffffffff max_cycles: 0x6a8d2ad56ed, max_idle_ns: 881591064802 ns [ 1.412758] clocksource: Switched to clocksource tsc [ 15.908715] clk: Disabling unused clocks [ 15.912586] Freeing unused decrypted memory: 2028K [ 15.914552] Freeing unused kernel image (initmem) memory: 4580K [ 15.924674] Write protecting the kernel read-only data: 26624k [ 15.925123] Freeing unused kernel image (rodata/data gap) memory: 980K [ 15.977580] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 15.977582] x86/mm: Checking user space page tables [ 16.017472] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 16.017477] Run /init as init process [ 16.017478] with arguments: [ 16.017479] /init [ 16.017480] splash [ 16.017481] with environment: [ 16.017482] HOME=/ [ 16.017482] TERM=linux [ 16.017483] BOOT_IMAGE=/boot/vmlinuz-6.8.0 [ 16.170300] xhci_hcd 0000:00:14.0: xHCI Host Controller [ 16.171573] xhci_hcd 0000:00:14.0: new USB bus registered, assigned bus number 1 [ 16.172727] xhci_hcd 0000:00:14.0: hcc params 0x200077c1 hci version 0x110 quirks 0x0000000000009810 [ 16.173265] xhci_hcd 0000:00:14.0: xHCI Host Controller [ 16.173271] xhci_hcd 0000:00:14.0: new USB bus registered, assigned bus number 2 [ 16.173275] xhci_hcd 0000:00:14.0: Host supports USB 3.1 Enhanced SuperSpeed [ 16.173339] usb usb1: New USB device found, idVendor=1d6b, idProduct=0002, bcdDevice= 6.08 [ 16.173343] usb usb1: New USB device strings: Mfr=3, Product=2, SerialNumber=1 [ 16.173345] usb usb1: Product: xHCI Host Controller [ 16.173347] usb usb1: Manufacturer: Linux 6.8.0 xhci-hcd [ 16.173349] usb usb1: SerialNumber: 0000:00:14.0 [ 16.173641] hub 1-0:1.0: USB hub found [ 16.173679] hub 1-0:1.0: 16 ports detected [ 16.178278] e1000e: Intel(R) PRO/1000 Network Driver [ 16.178280] e1000e: Copyright(c) 1999 - 2015 Intel Corporation. [ 16.179081] usb usb2: New USB device found, idVendor=1d6b, idProduct=0003, bcdDevice= 6.08 [ 16.179085] usb usb2: New USB device strings: Mfr=3, Product=2, SerialNumber=1 [ 16.179087] usb usb2: Product: xHCI Host Controller [ 16.179089] usb usb2: Manufacturer: Linux 6.8.0 xhci-hcd [ 16.179091] usb usb2: SerialNumber: 0000:00:14.0 [ 16.179385] ahci 0000:00:17.0: version 3.0 [ 16.179740] e1000e 0000:00:1f.6: Interrupt Throttling Rate (ints/sec) set to dynamic conservative mode [ 16.179899] ahci 0000:00:17.0: AHCI 0001.0301 32 slots 6 ports 6 Gbps 0x3f impl SATA mode [ 16.179904] ahci 0000:00:17.0: flags: 64bit ncq sntf clo only pio slum part ems deso sadm sds apst [ 16.182014] i801_smbus 0000:00:1f.4: SMBus using PCI interrupt [ 16.191840] hub 2-0:1.0: USB hub found [ 16.192490] i2c i2c-0: 1/4 memory slots populated (from DMI) [ 16.192585] hub 2-0:1.0: 8 ports detected [ 16.193275] i2c i2c-0: Successfully instantiated SPD at 0x51 [ 16.237227] scsi host0: ahci [ 16.237441] scsi host1: ahci [ 16.237612] scsi host2: ahci [ 16.237795] scsi host3: ahci [ 16.237927] scsi host4: ahci [ 16.238094] scsi host5: ahci [ 16.238148] ata1: SATA max UDMA/133 abar m2048@0xa4f39000 port 0xa4f39100 irq 131 lpm-pol 0 [ 16.238151] ata2: SATA max UDMA/133 abar m2048@0xa4f39000 port 0xa4f39180 irq 131 lpm-pol 0 [ 16.238154] ata3: SATA max UDMA/133 abar m2048@0xa4f39000 port 0xa4f39200 irq 131 lpm-pol 0 [ 16.238157] ata4: SATA max UDMA/133 abar m2048@0xa4f39000 port 0xa4f39280 irq 131 lpm-pol 0 [ 16.238160] ata5: SATA max UDMA/133 abar m2048@0xa4f39000 port 0xa4f39300 irq 131 lpm-pol 0 [ 16.238162] ata6: SATA max UDMA/133 abar m2048@0xa4f39000 port 0xa4f39380 irq 131 lpm-pol 0 [ 16.392898] e1000e 0000:00:1f.6 0000:00:1f.6 (uninitialized): registered PHC clock [ 16.432643] usb 1-7: new low-speed USB device number 2 using xhci_hcd [ 16.463479] e1000e 0000:00:1f.6 eth0: (PCI Express:2.5GT/s:Width x1) 70:85:c2:a4:19:95 [ 16.463497] e1000e 0000:00:1f.6 eth0: Intel(R) PRO/1000 Network Connection [ 16.463712] e1000e 0000:00:1f.6 eth0: MAC: 13, PHY: 12, PBA No: FFFFFF-0FF [ 16.552119] ata5: SATA link down (SStatus 4 SControl 300) [ 16.552171] ata6: SATA link down (SStatus 4 SControl 300) [ 16.552224] ata2: SATA link down (SStatus 4 SControl 300) [ 16.552274] ata1: SATA link down (SStatus 4 SControl 300) [ 16.552330] ata3: SATA link up 6.0 Gbps (SStatus 133 SControl 300) [ 16.552377] ata4: SATA link down (SStatus 4 SControl 300) [ 16.558591] ata3.00: ACPI cmd f5/00:00:00:00:00:00(SECURITY FREEZE LOCK) filtered out [ 16.558607] ata3.00: ACPI cmd b1/c1:00:00:00:00:00(DEVICE CONFIGURATION OVERLAY) filtered out [ 16.561746] ata3.00: ATA-11: WDC WDS250G2B0A-00SM50, 401020WD, max UDMA/133 [ 16.564786] ata3.00: 488397168 sectors, multi 1: LBA48 NCQ (depth 32), AA [ 16.566382] ata3.00: Features: Dev-Sleep [ 16.572793] ata3.00: ACPI cmd f5/00:00:00:00:00:00(SECURITY FREEZE LOCK) filtered out [ 16.572809] ata3.00: ACPI cmd b1/c1:00:00:00:00:00(DEVICE CONFIGURATION OVERLAY) filtered out [ 16.581110] ata3.00: configured for UDMA/133 [ 16.581423] scsi 2:0:0:0: Direct-Access ATA WDC WDS250G2B0A 20WD PQ: 0 ANSI: 5 [ 16.582938] sd 2:0:0:0: Attached scsi generic sg0 type 0 [ 16.583063] sd 2:0:0:0: [sda] 488397168 512-byte logical blocks: (250 GB/233 GiB) [ 16.583096] sd 2:0:0:0: [sda] Write Protect is off [ 16.583106] sd 2:0:0:0: [sda] Mode Sense: 00 3a 00 00 [ 16.583164] sd 2:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA [ 16.583244] sd 2:0:0:0: [sda] Preferred minimum I/O size 512 bytes [ 16.585312] usb 1-7: New USB device found, idVendor=17ef, idProduct=6044, bcdDevice= 0.08 [ 16.585327] usb 1-7: New USB device strings: Mfr=0, Product=2, SerialNumber=0 [ 16.585335] usb 1-7: Product: ThinkPad USB Laser Mouse [ 16.586761] sda: sda1 sda2 [ 16.587436] sd 2:0:0:0: [sda] Attached SCSI disk [ 16.648704] e1000e 0000:00:1f.6 eno1: renamed from eth0 [ 16.736642] usb 1-8: new low-speed USB device number 3 using xhci_hcd [ 16.890225] usb 1-8: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice=64.00 [ 16.890239] usb 1-8: New USB device strings: Mfr=1, Product=2, SerialNumber=0 [ 16.890247] usb 1-8: Product: USB Keyboard [ 16.890254] usb 1-8: Manufacturer: Logitech [ 16.922543] hid: raw HID events driver (C) Jiri Kosina [ 16.942368] usbcore: registered new interface driver usbhid [ 16.942372] usbhid: USB HID core driver [ 16.948215] input: ThinkPad USB Laser Mouse as /devices/pci0000:00/0000:00:14.0/usb1/1-7/1-7:1.0/0003:17EF:6044.0001/input/input3 [ 16.948488] hid-generic 0003:17EF:6044.0001: input,hidraw0: USB HID v1.11 Mouse [ThinkPad USB Laser Mouse] on usb-0000:00:14.0-7/input0 [ 16.948965] input: Logitech USB Keyboard as /devices/pci0000:00/0000:00:14.0/usb1/1-8/1-8:1.0/0003:046D:C31C.0002/input/input4 [ 17.009119] hid-generic 0003:046D:C31C.0002: input,hidraw1: USB HID v1.10 Keyboard [Logitech USB Keyboard] on usb-0000:00:14.0-8/input0 [ 17.009907] input: Logitech USB Keyboard Consumer Control as /devices/pci0000:00/0000:00:14.0/usb1/1-8/1-8:1.1/0003:046D:C31C.0003/input/input5 [ 17.069095] input: Logitech USB Keyboard System Control as /devices/pci0000:00/0000:00:14.0/usb1/1-8/1-8:1.1/0003:046D:C31C.0003/input/input6 [ 17.069584] hid-generic 0003:046D:C31C.0003: input,hidraw2: USB HID v1.10 Device [Logitech USB Keyboard] on usb-0000:00:14.0-8/input1 [ 17.124193] random: crng reseeded on system resumption [ 17.124511] PM: hibernation: Marking nosave pages: [mem 0x00000000-0x00000fff] [ 17.124523] PM: hibernation: Marking nosave pages: [mem 0x0005f000-0x0005ffff] [ 17.124529] PM: hibernation: Marking nosave pages: [mem 0x000a0000-0x000fffff] [ 17.124544] PM: hibernation: Marking nosave pages: [mem 0x67cdb000-0x67cdbfff] [ 17.124550] PM: hibernation: Marking nosave pages: [mem 0x67ceb000-0x67cecfff] [ 17.124555] PM: hibernation: Marking nosave pages: [mem 0x67cfc000-0x67cfcfff] [ 17.124605] PM: hibernation: Marking nosave pages: [mem 0x78a53000-0x78a93fff] [ 17.124617] PM: hibernation: Marking nosave pages: [mem 0x7addd000-0x7adddfff] [ 17.124622] PM: hibernation: Marking nosave pages: [mem 0x7c765000-0x7ed0dfff] [ 17.125677] PM: hibernation: Marking nosave pages: [mem 0x7ed0f000-0xffffffff] [ 17.153575] PM: hibernation: Basic memory bitmaps created [ 17.154248] PM: hibernation: Basic memory bitmaps freed [ 17.206422] EXT4-fs (sda2): mounted filesystem 74fe52d0-e90f-4b0a-92f4-581b5fa98519 ro with ordered data mode. Quota mode: none. [ 17.489082] systemd[1]: Inserted module 'autofs4' [ 17.574371] systemd[1]: systemd 245.4-4ubuntu3.22 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=hybrid) [ 17.574485] systemd[1]: Detected architecture x86-64. [ 17.605098] systemd[1]: Set hostname to <cr-desktop>. [ 17.828325] systemd[1]: Created slice system-modprobe.slice. [ 17.828586] systemd[1]: Created slice system-postfix.slice. [ 17.828805] systemd[1]: Created slice system-systemd\x2dfsck.slice. [ 17.829003] systemd[1]: Created slice User and Session Slice. [ 17.829068] systemd[1]: Started Forward Password Requests to Wall Directory Watch. [ 17.829235] systemd[1]: Set up automount Arbitrary Executable File Formats File System Automount Point. [ 17.829305] systemd[1]: Reached target User and Group Name Lookups. [ 17.829320] systemd[1]: Reached target Remote File Systems. [ 17.829333] systemd[1]: Reached target Slices. [ 17.829353] systemd[1]: Reached target Mounting snaps. [ 17.829373] systemd[1]: Reached target System Time Set. [ 17.829490] systemd[1]: Listening on Syslog Socket. [ 17.829580] systemd[1]: Listening on fsck to fsckd communication Socket. [ 17.829630] systemd[1]: Listening on initctl Compatibility Named Pipe. [ 17.829828] systemd[1]: Listening on Journal Audit Socket. [ 17.829910] systemd[1]: Listening on Journal Socket (/dev/log). [ 17.830011] systemd[1]: Listening on Journal Socket. [ 17.830118] systemd[1]: Listening on udev Control Socket. [ 17.830185] systemd[1]: Listening on udev Kernel Socket. [ 17.861047] systemd[1]: Mounting Huge Pages File System... [ 17.864870] systemd[1]: Mounting POSIX Message Queue File System... [ 17.870881] systemd[1]: Mounting Kernel Debug File System... [ 17.875994] systemd[1]: Mounting Kernel Trace File System... [ 17.881259] systemd[1]: Starting Journal Service... [ 17.885476] systemd[1]: Starting Set the console keyboard layout... [ 17.888676] systemd[1]: Starting Create list of static device nodes for the current kernel... [ 17.892091] systemd[1]: Starting Load Kernel Module chromeos_pstore... [ 17.895452] systemd[1]: Starting Load Kernel Module drm... [ 17.897820] systemd[1]: Starting Load Kernel Module efi_pstore... [ 17.900366] systemd[1]: Starting Load Kernel Module pstore_blk... [ 17.902535] systemd[1]: Starting Load Kernel Module pstore_zone... [ 17.904397] systemd[1]: Starting Load Kernel Module ramoops... [ 17.905785] systemd[1]: Condition check resulted in Set Up Additional Binary Formats being skipped. [ 17.905847] systemd[1]: Condition check resulted in File System Check on Root Device being skipped. [ 17.907472] pstore: Using crash dump compression: deflate [ 17.917262] systemd[1]: Starting Load Kernel Modules... [ 17.921146] systemd[1]: Starting Remount Root and Kernel File Systems... [ 17.926852] systemd[1]: Starting udev Coldplug all Devices... [ 17.934312] systemd[1]: Starting Uncomplicated firewall... [ 17.936122] pstore: Registered efi_pstore as persistent store backend [ 17.941335] systemd[1]: Mounted Huge Pages File System. [ 17.941511] systemd[1]: Mounted POSIX Message Queue File System. [ 17.941673] systemd[1]: Mounted Kernel Debug File System. [ 17.941827] systemd[1]: Mounted Kernel Trace File System. [ 17.942505] systemd[1]: Finished Create list of static device nodes for the current kernel. [ 17.942862] systemd[1]: modprobe(a)pstore_blk.service: Succeeded. [ 17.943298] systemd[1]: Finished Load Kernel Module pstore_blk. [ 17.943751] systemd[1]: modprobe(a)pstore_zone.service: Succeeded. [ 17.944803] systemd[1]: Finished Load Kernel Module pstore_zone. [ 17.950639] systemd[1]: Finished Uncomplicated firewall. [ 17.968943] systemd[1]: modprobe(a)chromeos_pstore.service: Succeeded. [ 17.969471] systemd[1]: Finished Load Kernel Module chromeos_pstore. [ 17.969941] systemd[1]: modprobe(a)efi_pstore.service: Succeeded. [ 17.971520] systemd[1]: Finished Load Kernel Module efi_pstore. [ 17.984578] EXT4-fs (sda2): re-mounted 74fe52d0-e90f-4b0a-92f4-581b5fa98519 r/w. Quota mode: none. [ 17.999187] ACPI: bus type drm_connector registered [ 17.999774] systemd[1]: Finished Remount Root and Kernel File Systems. [ 18.004947] systemd[1]: Activating swap /swapfile... [ 18.005395] systemd[1]: Condition check resulted in Rebuild Hardware Database being skipped. [ 18.007550] systemd[1]: Starting Load/Save Random Seed... [ 18.008920] lp: driver loaded but no devices found [ 18.010652] systemd[1]: Starting Create System Users... [ 18.011023] systemd[1]: Started Journal Service. [ 18.016817] Adding 4194300k swap on /swapfile. Priority:-2 extents:59 across:78897152k SS [ 18.023271] ppdev: user-space parallel port driver [ 18.028678] systemd-journald[243]: Received client request to flush runtime journal. [ 18.078395] loop0: detected capacity change from 0 to 8 [ 18.101076] loop1: detected capacity change from 0 to 114000 [ 18.101166] loop2: detected capacity change from 0 to 113992 [ 18.101335] loop3: detected capacity change from 0 to 129944 [ 18.128700] loop4: detected capacity change from 0 to 448512 [ 18.128790] loop5: detected capacity change from 0 to 994336 [ 18.128840] loop6: detected capacity change from 0 to 994336 [ 18.128915] loop7: detected capacity change from 0 to 133320 [ 18.129506] loop9: detected capacity change from 0 to 25240 [ 18.129584] loop8: detected capacity change from 0 to 104360 [ 18.129721] loop11: detected capacity change from 0 to 130848 [ 18.129747] loop12: detected capacity change from 0 to 657576 [ 18.129860] loop13: detected capacity change from 0 to 109072 [ 18.129929] loop10: detected capacity change from 0 to 133424 [ 18.145144] loop15: detected capacity change from 0 to 447264 [ 18.145144] loop14: detected capacity change from 0 to 187776 [ 18.148957] loop16: detected capacity change from 0 to 151296 [ 18.477424] EDAC ie31200: No ECC support [ 18.543387] mei_me 0000:00:16.0: enabling device (0000 -> 0002) [ 18.562874] ee1004 0-0051: 512 byte EE1004-compliant SPD EEPROM, read-only [ 18.637726] RAPL PMU: API unit is 2^-32 Joules, 4 fixed counters, 655360 ms ovfl timer [ 18.637730] RAPL PMU: hw unit of domain pp0-core 2^-14 Joules [ 18.637732] RAPL PMU: hw unit of domain package 2^-14 Joules [ 18.637733] RAPL PMU: hw unit of domain dram 2^-14 Joules [ 18.637734] RAPL PMU: hw unit of domain pp1-gpu 2^-14 Joules [ 18.674453] cryptd: max_cpu_qlen set to 1000 [ 18.712485] SSE version of gcm_enc/dec engaged. [ 19.311225] Console: switching to colour dummy device 80x25 [ 19.311299] i915 0000:00:02.0: vgaarb: deactivate vga console [ 19.320389] i915 0000:00:02.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 19.324206] mei_hdcp 0000:00:16.0-b638ab7e-94e2-4ea2-a552-d1c54b627f04: bound 0000:00:02.0 (ops i915_hdcp_ops [i915]) [ 19.327998] i915 0000:00:02.0: [drm] Finished loading DMC firmware i915/kbl_dmc_ver1_04.bin (v1.4) [ 19.357712] intel_rapl_common: Found RAPL domain package [ 19.357716] intel_rapl_common: Found RAPL domain core [ 19.357717] intel_rapl_common: Found RAPL domain uncore [ 19.357718] intel_rapl_common: Found RAPL domain dram [ 19.727131] i915 0000:00:02.0: [drm] [ENCODER:94:DDI A/PHY A] failed to retrieve link info, disabling eDP [ 19.727389] i915 0000:00:02.0: [drm] [ENCODER:94:DDI B/PHY B] is disabled/in DSI mode with an ungated DDI clock, gate it [ 19.727393] i915 0000:00:02.0: [drm] [ENCODER:108:DDI D/PHY D] is disabled/in DSI mode with an ungated DDI clock, gate it [ 19.727397] i915 0000:00:02.0: [drm] [ENCODER:119:DDI E/PHY E] is disabled/in DSI mode with an ungated DDI clock, gate it [ 19.753023] [drm] Initialized i915 1.6.0 20230929 for 0000:00:02.0 on minor 0 [ 19.764038] ACPI: video: Video Device [GFX0] (multi-head: yes rom: no post: no) [ 19.765874] input: Video Bus as /devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/LNXVIDEO:00/input/input7 [ 19.766756] i915 display info: display version: 9 [ 19.766769] i915 display info: cursor_needs_physical: no [ 19.766780] i915 display info: has_cdclk_crawl: no [ 19.766787] i915 display info: has_cdclk_squash: no [ 19.766793] i915 display info: has_ddi: yes [ 19.766800] i915 display info: has_dp_mst: yes [ 19.766806] i915 display info: has_dsb: no [ 19.766812] i915 display info: has_fpga_dbg: yes [ 19.766818] i915 display info: has_gmch: no [ 19.766824] i915 display info: has_hotplug: yes [ 19.766830] i915 display info: has_hti: no [ 19.766836] i915 display info: has_ipc: yes [ 19.766842] i915 display info: has_overlay: no [ 19.766848] i915 display info: has_psr: yes [ 19.766854] i915 display info: has_psr_hw_tracking: yes [ 19.766860] i915 display info: overlay_needs_physical: no [ 19.766866] i915 display info: supports_tv: no [ 19.766872] i915 display info: has_hdcp: yes [ 19.766877] i915 display info: has_dmc: yes [ 19.766881] i915 display info: has_dsc: no [ 19.767058] snd_hda_intel 0000:00:1f.3: bound 0000:00:02.0 (ops i915_audio_component_bind_ops [i915]) [ 19.840416] audit: type=1400 audit(1712608901.862:2): apparmor="STATUS" operation="profile_load" profile="unconfined" name="libreoffice-senddoc" pid=470 comm="apparmor_parser" [ 19.840424] audit: type=1400 audit(1712608901.862:3): apparmor="STATUS" operation="profile_load" profile="unconfined" name="libreoffice-xpdfimport" pid=469 comm="apparmor_parser" [ 19.849674] audit: type=1400 audit(1712608901.874:4): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/snapd/snap-confine" pid=473 comm="apparmor_parser" [ 19.849681] audit: type=1400 audit(1712608901.874:5): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/snapd/snap-confine//mount-namespace-capture-helper" pid=473 comm="apparmor_parser" [ 19.851702] audit: type=1400 audit(1712608901.874:6): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=468 comm="apparmor_parser" [ 19.851708] audit: type=1400 audit(1712608901.874:7): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/NetworkManager/nm-dhcp-helper" pid=468 comm="apparmor_parser" [ 19.851713] audit: type=1400 audit(1712608901.874:8): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/connman/scripts/dhclient-script" pid=468 comm="apparmor_parser" [ 19.851717] audit: type=1400 audit(1712608901.874:9): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/{,usr/}sbin/dhclient" pid=468 comm="apparmor_parser" [ 19.857123] audit: type=1400 audit(1712608901.882:10): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/sbin/cups-browsed" pid=474 comm="apparmor_parser" [ 19.864174] audit: type=1400 audit(1712608901.886:11): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=476 comm="apparmor_parser" [ 19.901794] fbcon: i915drmfb (fb0) is primary device [ 19.950198] Console: switching to colour frame buffer device 240x67 [ 19.969279] i915 0000:00:02.0: [drm] fb0: i915drmfb frame buffer device [ 20.006017] snd_hda_codec_realtek hdaudioC0D0: autoconfig for ALC892: line_outs=1 (0x14/0x0/0x0/0x0/0x0) type:line [ 20.006024] snd_hda_codec_realtek hdaudioC0D0: speaker_outs=0 (0x0/0x0/0x0/0x0/0x0) [ 20.006026] snd_hda_codec_realtek hdaudioC0D0: hp_outs=1 (0x1b/0x0/0x0/0x0/0x0) [ 20.006028] snd_hda_codec_realtek hdaudioC0D0: mono: mono_out=0x0 [ 20.006030] snd_hda_codec_realtek hdaudioC0D0: inputs: [ 20.006031] snd_hda_codec_realtek hdaudioC0D0: Front Mic=0x19 [ 20.006033] snd_hda_codec_realtek hdaudioC0D0: Rear Mic=0x18 [ 20.006034] snd_hda_codec_realtek hdaudioC0D0: Line=0x1a [ 20.072462] input: HDA Intel PCH Front Mic as /devices/pci0000:00/0000:00:1f.3/sound/card0/input8 [ 20.074752] input: HDA Intel PCH Rear Mic as /devices/pci0000:00/0000:00:1f.3/sound/card0/input9 [ 20.079934] input: HDA Intel PCH Line as /devices/pci0000:00/0000:00:1f.3/sound/card0/input10 [ 20.085472] input: HDA Intel PCH Line Out as /devices/pci0000:00/0000:00:1f.3/sound/card0/input11 [ 20.086707] input: HDA Intel PCH Front Headphone as /devices/pci0000:00/0000:00:1f.3/sound/card0/input12 [ 20.089926] input: HDA Intel PCH HDMI/DP,pcm=3 as /devices/pci0000:00/0000:00:1f.3/sound/card0/input13 [ 20.097574] input: HDA Intel PCH HDMI/DP,pcm=7 as /devices/pci0000:00/0000:00:1f.3/sound/card0/input14 [ 20.098247] input: HDA Intel PCH HDMI/DP,pcm=8 as /devices/pci0000:00/0000:00:1f.3/sound/card0/input15 [ 21.899828] loop17: detected capacity change from 0 to 8 [ 25.812150] rfkill: input handler disabled [ 26.329380] kauditd_printk_skb: 29 callbacks suppressed [ 26.329383] audit: type=1400 audit(1712608908.342:41): apparmor="DENIED" operation="capable" class="cap" profile="/snap/snapd/19457/usr/lib/snapd/snap-confine" pid=1346 comm="snap-confine" capability=4 capname="fsetid" [ 29.327836] fwupd[2147]: segfault at 8 ip 00005577414a410d sp 00007ffdd5e5f700 error 4 in fwupd[55774149f000+26000] likely on CPU 2 (core 0, socket 0) [ 29.327849] Code: ff 85 c0 0f 85 97 02 00 00 48 8b 7c 24 30 e8 5a d5 ff ff e9 67 01 00 00 48 8b 44 24 28 48 8d 3d d9 14 02 00 41 be 01 00 00 00 <48> 8b 70 08 31 c0 e8 08 f4 ff ff 4d 85 e4 74 08 4c 89 e7 e8 2b db [ 42.363911] pcieport 0000:00:1d.3: pciehp: Slot(15): Card present [ 42.363915] pcieport 0000:00:1d.3: pciehp: Slot(15): Link Up [ 42.496936] pci 0000:04:00.0: [2646:2263] type 00 class 0x010802 PCIe Endpoint [ 42.497041] pci 0000:04:00.0: BAR 0 [mem 0x00000000-0x00003fff 64bit] [ 42.497435] pci 0000:04:00.0: 7.876 Gb/s available PCIe bandwidth, limited by 8.0 GT/s PCIe x1 link at 0000:00:1d.3 (capable of 31.504 Gb/s with 8.0 GT/s PCIe x4 link) [ 42.498278] pci 0000:04:00.0: BAR 0 [mem 0xa3100000-0xa3103fff 64bit]: assigned [ 42.498368] pcieport 0000:00:1d.3: PCI bridge to [bus 04] [ 42.498385] pcieport 0000:00:1d.3: bridge window [io 0x3000-0x3fff] [ 42.498411] pcieport 0000:00:1d.3: bridge window [mem 0xa3100000-0xa3afffff] [ 42.498435] pcieport 0000:00:1d.3: bridge window [mem 0xa0000000-0xa09fffff 64bit pref] [ 42.560689] nvme nvme0: pci function 0000:04:00.0 [ 42.560756] nvme 0000:04:00.0: enabling device (0000 -> 0002) [ 42.593330] nvme nvme0: missing or invalid SUBNQN field. [ 42.599528] nvme nvme0: 4/0/0 default/read/poll queues [ 42.604972] nvme0n1: p1 p2 p3 p4 p5 [ 47.843145] PM: suspend entry (deep) [ 47.911562] Filesystems sync: 0.068 seconds [ 47.912244] Freezing user space processes [ 47.916421] Freezing user space processes completed (elapsed 0.004 seconds) [ 47.916435] OOM killer disabled. [ 47.916438] Freezing remaining freezable tasks [ 47.917787] Freezing remaining freezable tasks completed (elapsed 0.001 seconds) [ 47.917881] printk: Suspending console(s) (use no_console_suspend to debug) [ 47.933715] serial 00:01: disabled [ 47.933852] e1000e: EEE TX LPI TIMER: 00000011 [ 47.944891] sd 2:0:0:0: [sda] Synchronizing SCSI cache [ 47.950919] ata3.00: Entering standby power mode [ 48.318069] ACPI: PM: Preparing to enter system sleep state S3 [ 48.685977] ACPI: PM: Saving platform NVS memory [ 48.686137] Disabling non-boot CPUs ... [ 48.688277] smpboot: CPU 1 is now offline [ 48.691594] smpboot: CPU 2 is now offline [ 48.693971] smpboot: CPU 3 is now offline [ 48.698985] ACPI: PM: Low-level resume complete [ 48.699055] ACPI: PM: Restoring platform NVS memory [ 48.700054] Enabling non-boot CPUs ... [ 48.700078] smpboot: Booting Node 0 Processor 1 APIC 0x2 [ 48.703570] CPU1 is up [ 48.703590] smpboot: Booting Node 0 Processor 2 APIC 0x1 [ 48.704280] CPU2 is up [ 48.704297] smpboot: Booting Node 0 Processor 3 APIC 0x3 [ 48.704895] CPU3 is up [ 48.706559] ACPI: PM: Waking up from system sleep state S3 [ 49.799631] i915 0000:00:02.0: [drm] [ENCODER:94:DDI B/PHY B] is disabled/in DSI mode with an ungated DDI clock, gate it [ 49.799636] i915 0000:00:02.0: [drm] [ENCODER:104:DDI C/PHY C] is disabled/in DSI mode with an ungated DDI clock, gate it [ 49.799639] i915 0000:00:02.0: [drm] [ENCODER:108:DDI D/PHY D] is disabled/in DSI mode with an ungated DDI clock, gate it [ 49.799643] i915 0000:00:02.0: [drm] [ENCODER:119:DDI E/PHY E] is disabled/in DSI mode with an ungated DDI clock, gate it [ 49.802306] serial 00:01: activated [ 49.883191] nvme nvme0: 4/0/0 default/read/poll queues [ 49.883323] nvme nvme0: identifiers changed for nsid 1 [ 50.176065] ata4: SATA link down (SStatus 4 SControl 300) [ 50.176095] ata1: SATA link down (SStatus 4 SControl 300) [ 50.176116] ata5: SATA link down (SStatus 4 SControl 300) [ 50.176133] ata2: SATA link down (SStatus 4 SControl 300) [ 50.176152] ata6: SATA link down (SStatus 4 SControl 300) [ 50.176176] ata3: SATA link up 6.0 Gbps (SStatus 133 SControl 300) [ 50.177333] ata3.00: ACPI cmd f5/00:00:00:00:00:00(SECURITY FREEZE LOCK) filtered out [ 50.177337] ata3.00: ACPI cmd b1/c1:00:00:00:00:00(DEVICE CONFIGURATION OVERLAY) filtered out [ 50.181374] ata3.00: ACPI cmd f5/00:00:00:00:00:00(SECURITY FREEZE LOCK) filtered out [ 50.181377] ata3.00: ACPI cmd b1/c1:00:00:00:00:00(DEVICE CONFIGURATION OVERLAY) filtered out [ 50.184293] ata3.00: configured for UDMA/133 [ 50.908446] mei_hdcp 0000:00:16.0-b638ab7e-94e2-4ea2-a552-d1c54b627f04: bound 0000:00:02.0 (ops i915_hdcp_ops [i915]) [ 50.914602] OOM killer enabled. [ 50.914609] Restarting tasks ... done. [ 50.922689] random: crng reseeded on system resumption [ 50.922724] PM: suspend exit [ 51.166103] e1000e 0000:00:1f.6 eno1: NIC Link is Down [ 54.743511] audit: type=1400 audit(1712608955.040:42): apparmor="DENIED" operation="open" class="file" profile="snap.snap-store.ubuntu-software" name="/etc/appstream.conf" pid=1346 comm="snap-store" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 [ 54.802553] fwupd[2428]: segfault at 8 ip 000056021e74a10d sp 00007ffcb0d24140 error 4 in fwupd[56021e745000+26000] likely on CPU 0 (core 0, socket 0) [ 54.802569] Code: ff 85 c0 0f 85 97 02 00 00 48 8b 7c 24 30 e8 5a d5 ff ff e9 67 01 00 00 48 8b 44 24 28 48 8d 3d d9 14 02 00 41 be 01 00 00 00 <48> 8b 70 08 31 c0 e8 08 f4 ff ff 4d 85 e4 74 08 4c 89 e7 e8 2b db

1 year, 2 months

2
1
0 0

[RESEND PATCH v2] ASoC: tegra: Fix DSPK 16-bit playback

by Sameer Pujar

DSPK configuration is wrong for 16-bit playback and this happens because the client config is always fixed at 24-bit in hw_params(). Fix this by updating the client config to 16-bit for the respective playback. Fixes: 327ef6470266 ("ASoC: tegra: Add Tegra186 based DSPK driver") Cc: stable(a)vger.kernel.org Signed-off-by: Sameer Pujar <spujar(a)nvidia.com> --- changes in v2: * moved common setting to S32_LE switch case. sound/soc/tegra/tegra186_dspk.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/sound/soc/tegra/tegra186_dspk.c b/sound/soc/tegra/tegra186_dspk.c index aa37c4ab0adb..21cd41fec7a9 100644 --- a/sound/soc/tegra/tegra186_dspk.c +++ b/sound/soc/tegra/tegra186_dspk.c @@ -1,8 +1,7 @@ // SPDX-License-Identifier: GPL-2.0-only +// SPDX-FileCopyrightText: Copyright (c) 2020-2024 NVIDIA CORPORATION & AFFILIATES. All rights reserved. // // tegra186_dspk.c - Tegra186 DSPK driver -// -// Copyright (c) 2020 NVIDIA CORPORATION. All rights reserved. #include <linux/clk.h> #include <linux/device.h> @@ -241,14 +240,14 @@ static int tegra186_dspk_hw_params(struct snd_pcm_substream *substream, return -EINVAL; } - cif_conf.client_bits = TEGRA_ACIF_BITS_24; - switch (params_format(params)) { case SNDRV_PCM_FORMAT_S16_LE: cif_conf.audio_bits = TEGRA_ACIF_BITS_16; + cif_conf.client_bits = TEGRA_ACIF_BITS_16; break; case SNDRV_PCM_FORMAT_S32_LE: cif_conf.audio_bits = TEGRA_ACIF_BITS_32; + cif_conf.client_bits = TEGRA_ACIF_BITS_24; break; default: dev_err(dev, "unsupported format!\n"); -- 2.25.1

1 year, 2 months

3
2
0 0

[PATCH] btrfs: fix wrong block_start calculation for btrfs_drop_extent_map_range()

by Qu Wenruo

[BUG] During my extent_map cleanup/refactor, with more than too strict sanity checks, extent-map-tests::test_case_7() would crash my extent_map sanity checks. The problem is, after btrfs_drop_extent_map_range(), the resulted extent_map has a @block_start way too large. Meanwhile my btrfs_file_extent_item based members are returning a correct @disk_bytenr along with correct @offset. The extent map layout looks like this: 0 16K 32K 48K | PINNED | | Regular | The regular em at [32K, 48K) also has 32K @block_start. Then drop range [0, 36K), which should shrink the regular one to be [36K, 48K). However the @block_start is incorrect, we expect 32K + 4K, but got 52K. [CAUSE] Inside btrfs_drop_extent_map_range() function, if we hit an extent_map that covers the target range but is still beyond it, we need to split that extent map into half: |<-- drop range -->| |<----- existing extent_map --->| And if the extent map is not compressed, we need to forward extent_map::block_start by the difference between the end of drop range and the extent map start. However in that particular case, the difference is calculated using (start + len - em->start). The problem is @start can be modified if the drop range covers any pinned extent. This leads to wrong calculation, and would be caught by my later extent_map sanity checks, which checks the em::block_start against btrfs_file_extent_item::disk_bytenr + btrfs_file_extent_item::offset. And unfortunately this is going to cause data corruption, as the splitted em is pointing an incorrect location, can cause either unexpected read error or wild writes. [FIX] Fix it by avoiding using @start completely, and use @end - em->start instead, which @end is exclusive bytenr number. And update the test case to verify the @block_start to prevent such problem from happening. CC: stable(a)vger.kernel.org # 6.7+ Fixes: c962098ca4af ("btrfs: fix incorrect splitting in btrfs_drop_extent_map_range") Signed-off-by: Qu Wenruo <wqu(a)suse.com> --- fs/btrfs/extent_map.c | 2 +- fs/btrfs/tests/extent-map-tests.c | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/fs/btrfs/extent_map.c b/fs/btrfs/extent_map.c index 471654cb65b0..955ce300e5a1 100644 --- a/fs/btrfs/extent_map.c +++ b/fs/btrfs/extent_map.c @@ -799,7 +799,7 @@ void btrfs_drop_extent_map_range(struct btrfs_inode *inode, u64 start, u64 end, split->block_len = em->block_len; split->orig_start = em->orig_start; } else { - const u64 diff = start + len - em->start; + const u64 diff = end - em->start; split->block_len = split->len; split->block_start += diff; diff --git a/fs/btrfs/tests/extent-map-tests.c b/fs/btrfs/tests/extent-map-tests.c index 253cce7ffecf..80e71c5cb7ab 100644 --- a/fs/btrfs/tests/extent-map-tests.c +++ b/fs/btrfs/tests/extent-map-tests.c @@ -818,7 +818,6 @@ static int test_case_7(struct btrfs_fs_info *fs_info) test_err("em->len is %llu, expected 16K", em->len); goto out; } - free_extent_map(em); read_lock(&em_tree->lock); @@ -847,6 +846,11 @@ static int test_case_7(struct btrfs_fs_info *fs_info) goto out; } + if (em->block_start != SZ_32K + SZ_4K) { + test_err("em->block_start is %llu, expected 36K", em->block_start); + goto out; + } + free_extent_map(em); read_lock(&em_tree->lock); -- 2.44.0

1 year, 2 months

6
5
0 0

[PATCH] drm/vmwgfx: Enable DMA mappings with SEV

by Zack Rusin

Enable DMA mappings in vmwgfx after TTM has been fixed in commit 3bf3710e3718 ("drm/ttm: Add a generic TTM memcpy move for page-based iomem") This enables full guest-backed memory support and in particular allows usage of screen targets as the presentation mechanism. Signed-off-by: Zack Rusin <zack.rusin(a)broadcom.com> Reported-by: Ye Li <ye.li(a)broadcom.com> Tested-by: Ye Li <ye.li(a)broadcom.com> Fixes: 3b0d6458c705 ("drm/vmwgfx: Refuse DMA operation when SEV encryption is active") Cc: Broadcom internal kernel review list <bcm-kernel-feedback-list(a)broadcom.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v6.6+ --- drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c index 41ad13e45554..bdad93864b98 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c @@ -667,11 +667,12 @@ static int vmw_dma_select_mode(struct vmw_private *dev_priv) [vmw_dma_map_populate] = "Caching DMA mappings.", [vmw_dma_map_bind] = "Giving up DMA mappings early."}; - /* TTM currently doesn't fully support SEV encryption. */ - if (cc_platform_has(CC_ATTR_MEM_ENCRYPT)) - return -EINVAL; - - if (vmw_force_coherent) + /* + * When running with SEV we always want dma mappings, because + * otherwise ttm tt pool pages will bounce through swiotlb running + * out of available space. + */ + if (vmw_force_coherent || cc_platform_has(CC_ATTR_MEM_ENCRYPT)) dev_priv->map_mode = vmw_dma_alloc_coherent; else if (vmw_restrict_iommu) dev_priv->map_mode = vmw_dma_map_bind; -- 2.40.1

1 year, 2 months

2
1
0 0

[PATCH v3] btrfs: fix wrong block_start calculation for btrfs_drop_extent_map_range()

by Qu Wenruo

[BUG] During my extent_map cleanup/refactor, with extra sanity checks, extent-map-tests::test_case_7() would not pass the checks. The problem is, after btrfs_drop_extent_map_range(), the resulted extent_map has a @block_start way too large. Meanwhile my btrfs_file_extent_item based members are returning a correct @disk_bytenr/@offset combination. The extent map layout looks like this: 0 16K 32K 48K | PINNED | | Regular | The regular em at [32K, 48K) also has 32K @block_start. Then drop range [0, 36K), which should shrink the regular one to be [36K, 48K). However the @block_start is incorrect, we expect 32K + 4K, but got 52K. [CAUSE] Inside btrfs_drop_extent_map_range() function, if we hit an extent_map that covers the target range but is still beyond it, we need to split that extent map into half: |<-- drop range -->| |<----- existing extent_map --->| And if the extent map is not compressed, we need to forward extent_map::block_start by the difference between the end of drop range and the extent map start. However in that particular case, the difference is calculated using (start + len - em->start). The problem is @start can be modified if the drop range covers any pinned extent. This leads to wrong calculation, and would be caught by my later extent_map sanity checks, which checks the em::block_start against btrfs_file_extent_item::disk_bytenr + btrfs_file_extent_item::offset. This is a regression caused by commit c962098ca4af ("btrfs: fix incorrect splitting in btrfs_drop_extent_map_range"), which removed the @len update for pinned extents. [FIX] Fix it by avoiding using @start completely, and use @end - em->start instead, which @end is exclusive bytenr number. And update the test case to verify the @block_start to prevent such problem from happening. Thankfully this is not going to lead to any data corruption, as IO path does not utilize btrfs_drop_extent_map_range() with @skip_pinned set. So this fix is only here for the sake of consistency/correctness. CC: stable(a)vger.kernel.org # 6.5+ Fixes: c962098ca4af ("btrfs: fix incorrect splitting in btrfs_drop_extent_map_range") Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: Qu Wenruo <wqu(a)suse.com> --- Changelog: v2: - Remove the mention of possible corruption Thankfully this bug does not affect IO path thus it's fine. - Explain why c962098ca4af is the cause v3: - Fix an accidental removal of a newline --- fs/btrfs/extent_map.c | 2 +- fs/btrfs/tests/extent-map-tests.c | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/fs/btrfs/extent_map.c b/fs/btrfs/extent_map.c index 471654cb65b0..955ce300e5a1 100644 --- a/fs/btrfs/extent_map.c +++ b/fs/btrfs/extent_map.c @@ -799,7 +799,7 @@ void btrfs_drop_extent_map_range(struct btrfs_inode *inode, u64 start, u64 end, split->block_len = em->block_len; split->orig_start = em->orig_start; } else { - const u64 diff = start + len - em->start; + const u64 diff = end - em->start; split->block_len = split->len; split->block_start += diff; diff --git a/fs/btrfs/tests/extent-map-tests.c b/fs/btrfs/tests/extent-map-tests.c index 253cce7ffecf..47b5d301038e 100644 --- a/fs/btrfs/tests/extent-map-tests.c +++ b/fs/btrfs/tests/extent-map-tests.c @@ -847,6 +847,11 @@ static int test_case_7(struct btrfs_fs_info *fs_info) goto out; } + if (em->block_start != SZ_32K + SZ_4K) { + test_err("em->block_start is %llu, expected 36K", em->block_start); + goto out; + } + free_extent_map(em); read_lock(&em_tree->lock); -- 2.44.0

1 year, 2 months

1
0
0 0

[PATCH v2] btrfs: fix wrong block_start calculation for btrfs_drop_extent_map_range()

by Qu Wenruo

[BUG] During my extent_map cleanup/refactor, with extra sanity checks, extent-map-tests::test_case_7() would not pass the checks. The problem is, after btrfs_drop_extent_map_range(), the resulted extent_map has a @block_start way too large. Meanwhile my btrfs_file_extent_item based members are returning a correct @disk_bytenr/@offset combination. The extent map layout looks like this: 0 16K 32K 48K | PINNED | | Regular | The regular em at [32K, 48K) also has 32K @block_start. Then drop range [0, 36K), which should shrink the regular one to be [36K, 48K). However the @block_start is incorrect, we expect 32K + 4K, but got 52K. [CAUSE] Inside btrfs_drop_extent_map_range() function, if we hit an extent_map that covers the target range but is still beyond it, we need to split that extent map into half: |<-- drop range -->| |<----- existing extent_map --->| And if the extent map is not compressed, we need to forward extent_map::block_start by the difference between the end of drop range and the extent map start. However in that particular case, the difference is calculated using (start + len - em->start). The problem is @start can be modified if the drop range covers any pinned extent. This leads to wrong calculation, and would be caught by my later extent_map sanity checks, which checks the em::block_start against btrfs_file_extent_item::disk_bytenr + btrfs_file_extent_item::offset. This is a regression caused by commit c962098ca4af ("btrfs: fix incorrect splitting in btrfs_drop_extent_map_range"), which removed the @len update for pinned extents. [FIX] Fix it by avoiding using @start completely, and use @end - em->start instead, which @end is exclusive bytenr number. And update the test case to verify the @block_start to prevent such problem from happening. Thankfully this is not going to lead to any data corruption, as IO path does not utilize btrfs_drop_extent_map_range() with @skip_pinned set. So this fix is only here for the sake of consistency/correctness. CC: stable(a)vger.kernel.org # 6.5+ Fixes: c962098ca4af ("btrfs: fix incorrect splitting in btrfs_drop_extent_map_range") Signed-off-by: Qu Wenruo <wqu(a)suse.com> --- Changelog: v2: - Remove the mention of possible corruption Thankfully this bug does not affect IO path thus it's fine. - Explain why c962098ca4af is the cause --- fs/btrfs/extent_map.c | 2 +- fs/btrfs/tests/extent-map-tests.c | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/fs/btrfs/extent_map.c b/fs/btrfs/extent_map.c index 471654cb65b0..955ce300e5a1 100644 --- a/fs/btrfs/extent_map.c +++ b/fs/btrfs/extent_map.c @@ -799,7 +799,7 @@ void btrfs_drop_extent_map_range(struct btrfs_inode *inode, u64 start, u64 end, split->block_len = em->block_len; split->orig_start = em->orig_start; } else { - const u64 diff = start + len - em->start; + const u64 diff = end - em->start; split->block_len = split->len; split->block_start += diff; diff --git a/fs/btrfs/tests/extent-map-tests.c b/fs/btrfs/tests/extent-map-tests.c index 253cce7ffecf..80e71c5cb7ab 100644 --- a/fs/btrfs/tests/extent-map-tests.c +++ b/fs/btrfs/tests/extent-map-tests.c @@ -818,7 +818,6 @@ static int test_case_7(struct btrfs_fs_info *fs_info) test_err("em->len is %llu, expected 16K", em->len); goto out; } - free_extent_map(em); read_lock(&em_tree->lock); @@ -847,6 +846,11 @@ static int test_case_7(struct btrfs_fs_info *fs_info) goto out; } + if (em->block_start != SZ_32K + SZ_4K) { + test_err("em->block_start is %llu, expected 36K", em->block_start); + goto out; + } + free_extent_map(em); read_lock(&em_tree->lock); -- 2.44.0

1 year, 2 months

2
1
0 0

[PATCH net 0/2] Add check for usbnet_get_endpoints and cleanup

by Yi Yang

I split before patch to two patch. one for bugfix, anorther one for cleanup Yi Yang (2): net: usb: asix: Add check for usbnet_get_endpoints net: usb: asix: Replace the direct return with goto statement drivers/net/usb/asix_devices.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) -- 2.25.1

1 year, 2 months

3
4
0 0

[PATCH v4] mtd: rawnand: qcom: Fix broken OP_RESET_DEVICE command in qcom_misc_cmd_type_exec()

by Christian Marangi

While migrating to exec_ops in commit a82990c8a409 ("mtd: rawnand: qcom: Add read/read_start ops in exec_op path"), OP_RESET_DEVICE command handling got broken unintentionally. Right now for the OP_RESET_DEVICE command, qcom_misc_cmd_type_exec() will simply return 0 without handling it. Even, if that gets fixed, an unnecessary FLASH_STATUS read descriptor command is being added in the middle and that seems to be causing the command to fail on IPQ806x devices. So let's fix the above two issues to make OP_RESET_DEVICE command working again. Fixes: a82990c8a409 ("mtd: rawnand: qcom: Add read/read_start ops in exec_op path") Cc: stable(a)vger.kernel.org Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Signed-off-by: Christian Marangi <ansuelsmth(a)gmail.com> --- Changes v4: - Rework commit title and description as suggested. - Add Reviewed-by tag Changes v3: - Merge patches - Rework commit description Changes v2: - Split patches drivers/mtd/nand/raw/qcom_nandc.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/drivers/mtd/nand/raw/qcom_nandc.c b/drivers/mtd/nand/raw/qcom_nandc.c index b079605c84d3..b8cff9240b28 100644 --- a/drivers/mtd/nand/raw/qcom_nandc.c +++ b/drivers/mtd/nand/raw/qcom_nandc.c @@ -2815,7 +2815,7 @@ static int qcom_misc_cmd_type_exec(struct nand_chip *chip, const struct nand_sub host->cfg0_raw & ~(7 << CW_PER_PAGE)); nandc_set_reg(chip, NAND_DEV0_CFG1, host->cfg1_raw); instrs = 3; - } else { + } else if (q_op.cmd_reg != OP_RESET_DEVICE) { return 0; } @@ -2830,9 +2830,8 @@ static int qcom_misc_cmd_type_exec(struct nand_chip *chip, const struct nand_sub nandc_set_reg(chip, NAND_EXEC_CMD, 1); write_reg_dma(nandc, NAND_FLASH_CMD, instrs, NAND_BAM_NEXT_SGL); - (q_op.cmd_reg == OP_BLOCK_ERASE) ? write_reg_dma(nandc, NAND_DEV0_CFG0, - 2, NAND_BAM_NEXT_SGL) : read_reg_dma(nandc, - NAND_FLASH_STATUS, 1, NAND_BAM_NEXT_SGL); + if (q_op.cmd_reg == OP_BLOCK_ERASE) + write_reg_dma(nandc, NAND_DEV0_CFG0, 2, NAND_BAM_NEXT_SGL); write_reg_dma(nandc, NAND_EXEC_CMD, 1, NAND_BAM_NEXT_SGL); read_reg_dma(nandc, NAND_FLASH_STATUS, 1, NAND_BAM_NEXT_SGL); -- 2.43.0

1 year, 2 months

2
1
0 0

[PATCH] mtd: diskonchip: work around ubsan link failure

by Arnd Bergmann

From: Arnd Bergmann <arnd(a)arndb.de> I ran into a randconfig build failure with UBSAN using gcc-13.2: arm-linux-gnueabi-ld: error: unplaced orphan section `.bss..Lubsan_data31' from `drivers/mtd/nand/raw/diskonchip.o' I'm not entirely sure what is going on here, but I suspect this has something to do with the check for the end of the doc_locations[] array that contains an (unsigned long)0xffffffff element, which is compared against the signed (int)0xffffffff. If this is the case, we should get a runtime check for undefined behavior, but we instead get an unexpected build-time error. I would have expected this to work fine on 32-bit architectures despite the signed integer overflow, though on 64-bit architectures this likely won't ever work. Changing the contition to instead check for the size of the array makes the code safe everywhere and avoids the ubsan check that leads to the link error. The loop code goes back to before 2.6.12. Cc: stable(a)vger.kernel.org Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> --- drivers/mtd/nand/raw/diskonchip.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/mtd/nand/raw/diskonchip.c b/drivers/mtd/nand/raw/diskonchip.c index 5243fab9face..8db7fc424571 100644 --- a/drivers/mtd/nand/raw/diskonchip.c +++ b/drivers/mtd/nand/raw/diskonchip.c @@ -53,7 +53,7 @@ static unsigned long doc_locations[] __initdata = { 0xe8000, 0xea000, 0xec000, 0xee000, #endif #endif - 0xffffffff }; +}; static struct mtd_info *doclist = NULL; @@ -1554,7 +1554,7 @@ static int __init init_nanddoc(void) if (ret < 0) return ret; } else { - for (i = 0; (doc_locations[i] != 0xffffffff); i++) { + for (i = 0; i < ARRAY_SIZE(doc_locations); i++) { doc_probe(doc_locations[i]); } } -- 2.39.2

1 year, 2 months

2
1
0 0

[PATCH 5.4.y] drm/vkms: call drm_atomic_helper_shutdown before drm_dev_put()

by Guo Mengqi

commit 73a82b22963d ("drm/atomic: Fix potential use-after-free in nonblocking commits") introduced drm_dev_get/put() to drm_atomic_helper_shutdown(). And this cause problem in vkms driver exit process. vkms_exit() drm_dev_put() vkms_release() drm_atomic_helper_shutdown() drm_dev_get() drm_dev_put() vkms_release() ------ use after free Using 5.4 stable x86 image on qemu, below stacktrace can be triggered by load and unload vkms.ko. root:~ # insmod vkms.ko [ 76.957802] [drm] Supports vblank timestamp caching Rev 2 (21.10.2013). [ 76.961490] [drm] Driver supports precise vblank timestamp query. [ 76.964416] [drm] Initialized vkms 1.0.0 20180514 for vkms on minor 0 root:~ # rmmod vkms.ko [ 79.650202] refcount_t: addition on 0; use-after-free. [ 79.650249] WARNING: CPU: 2 PID: 3533 at ../lib/refcount.c:25 refcount_warn_saturate+0xcf/0xf0 [ 79.654241] Modules linked in: vkms(-) [ 79.654249] CPU: 2 PID: 3533 Comm: rmmod Not tainted 5.4.273 #4 [ 79.654251] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 [ 79.654262] RIP: 0010:refcount_warn_saturate+0xcf/0xf0 ... [ 79.654296] Call Trace: [ 79.654462] ? __warn+0x80/0xd0 [ 79.654473] ? refcount_warn_saturate+0xcf/0xf0 [ 79.654481] ? report_bug+0xb6/0x130 [ 79.654484] ? refcount_warn_saturate+0xcf/0xf0 [ 79.654489] ? fixup_bug.part.12+0x13/0x30 [ 79.654492] ? do_error_trap+0x90/0xb0 [ 79.654495] ? do_invalid_op+0x31/0x40 [ 79.654497] ? refcount_warn_saturate+0xcf/0xf0 [ 79.654504] ? invalid_op+0x1e/0x30 [ 79.654508] ? refcount_warn_saturate+0xcf/0xf0 [ 79.654516] drm_atomic_state_init+0x68/0xb0 [ 79.654543] drm_atomic_state_alloc+0x43/0x60 [ 79.654551] drm_atomic_helper_disable_all+0x13/0x180 [ 79.654562] drm_atomic_helper_shutdown+0x5f/0xb0 [ 79.654571] vkms_release+0x18/0x40 [vkms] [ 79.654575] vkms_exit+0x29/0xc00 [vkms] [ 79.654582] __x64_sys_delete_module+0x155/0x220 [ 79.654592] do_syscall_64+0x43/0x120 [ 79.654603] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 79.654619] ---[ end trace ce0c02f57ea6bf73 ]--- It seems that the proper unload sequence is: drm_atomic_helper_shutdown(); drm_dev_put(); Just put drm_atomic_helper_shutdown() before drm_dev_put() should solve the problem. Note that vkms exit code is refactored by commit 53d77aaa3f76 ("drm/vkms: Use devm_drm_dev_alloc") in tags/v5.10-rc1. So this bug only exists on 4.19 and 5.4. Fixes: 380c7ceabdde ("drm/atomic: Fix potential use-after-free in nonblocking commits") Fixes: 2ead1be54b22 ("drm/vkms: Fix connector leak at the module removal") Signed-off-by: Guo Mengqi <guomengqi3(a)huawei.com> --- drivers/gpu/drm/vkms/vkms_drv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/vkms/vkms_drv.c b/drivers/gpu/drm/vkms/vkms_drv.c index 44ab9f8ef8be..86043d7c0e4b 100644 --- a/drivers/gpu/drm/vkms/vkms_drv.c +++ b/drivers/gpu/drm/vkms/vkms_drv.c @@ -60,7 +60,6 @@ static void vkms_release(struct drm_device *dev) struct vkms_device *vkms = container_of(dev, struct vkms_device, drm); platform_device_unregister(vkms->platform); - drm_atomic_helper_shutdown(&vkms->drm); drm_mode_config_cleanup(&vkms->drm); drm_dev_fini(&vkms->drm); destroy_workqueue(vkms->output.composer_workq); @@ -194,6 +193,7 @@ static void __exit vkms_exit(void) } drm_dev_unregister(&vkms_device->drm); + drm_atomic_helper_shutdown(&vkms_device->drm); drm_dev_put(&vkms_device->drm); kfree(vkms_device); -- 2.17.1

1 year, 2 months

1
0
0 0

[PATCH] bpf: dereference of null in __cgroup_bpf_query() function

by Mikhail Lobanov

In the __cgroup_bpf_query() function, it is possible to dereference the null pointer in the line id = prog->aux->id; since there is no check for a non-zero value of the variable prog. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: af6eea57437a ("bpf: Implement bpf_link-based cgroup BPF program attachment") Cc: stable(a)vger.kernel.org Signed-off-by: Mikhail Lobanov <m.lobanov(a)rosalinux.ru> --- kernel/bpf/cgroup.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kernel/bpf/cgroup.c b/kernel/bpf/cgroup.c index 491d20038cbe..7f2db96f0c6a 100644 --- a/kernel/bpf/cgroup.c +++ b/kernel/bpf/cgroup.c @@ -1092,6 +1092,8 @@ static int __cgroup_bpf_query(struct cgroup *cgrp, const union bpf_attr *attr, i = 0; hlist_for_each_entry(pl, progs, node) { prog = prog_list_prog(pl); + if (!prog_list_prog(pl)) + continue; id = prog->aux->id; if (copy_to_user(prog_ids + i, &id, sizeof(id))) return -EFAULT; -- 2.43.0

1 year, 2 months

2
1
0 0

[PATCH 2/2] of: property: fw_devlink: Fix links to supplier when created from phandles

by Herve Codina

Since commit 1a50d9403fb9 ("treewide: Fix probing of devices in DT overlays"), when using device-tree overlays, the FWNODE_FLAG_NOT_DEVICE is set on each overlay nodes. This flag is cleared when a struct device is actually created for the DT node. Also, when a device is created, the device DT node is parsed for known phandle and devlinks consumer/supplier links are created between the device (consumer) and the devices referenced by phandles (suppliers). As these supplier device can have a struct device not already created, the FWNODE_FLAG_NOT_DEVICE can be set for suppliers and leads the devlink supplier point to the device's parent instead of the device itself. Avoid this situation clearing the supplier FWNODE_FLAG_NOT_DEVICE just before the devlink creation if a device is supposed to be created and handled later in the process. Fixes: 1a50d9403fb9 ("treewide: Fix probing of devices in DT overlays") Cc: <stable(a)vger.kernel.org> Signed-off-by: Herve Codina <herve.codina(a)bootlin.com> --- drivers/of/property.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/drivers/of/property.c b/drivers/of/property.c index 641a40cf5cf3..ff5cac477dbe 100644 --- a/drivers/of/property.c +++ b/drivers/of/property.c @@ -1097,6 +1097,7 @@ static void of_link_to_phandle(struct device_node *con_np, struct device_node *sup_np) { struct device_node *tmp_np = of_node_get(sup_np); + struct fwnode_handle *sup_fwnode; /* Check that sup_np and its ancestors are available. */ while (tmp_np) { @@ -1113,7 +1114,20 @@ static void of_link_to_phandle(struct device_node *con_np, tmp_np = of_get_next_parent(tmp_np); } - fwnode_link_add(of_fwnode_handle(con_np), of_fwnode_handle(sup_np)); + /* + * In case of overlays, the fwnode are added with FWNODE_FLAG_NOT_DEVICE + * flag set. A node can have a phandle that references an other node + * added by the overlay. + * Clear the supplier's FWNODE_FLAG_NOT_DEVICE so that fw_devlink links + * to this supplier instead of linking to its parent. + */ + sup_fwnode = of_fwnode_handle(sup_np); + if (sup_fwnode->flags & FWNODE_FLAG_NOT_DEVICE) { + if (of_property_present(sup_np, "compatible") && + of_device_is_available(sup_np)) + sup_fwnode->flags &= ~FWNODE_FLAG_NOT_DEVICE; + } + fwnode_link_add(of_fwnode_handle(con_np), sup_fwnode); } /** -- 2.43.0

1 year, 2 months

2
7
0 0

[PATCH AUTOSEL 6.8 01/98] drm/vc4: don't check if plane->state->fb == state->fb

by Sasha Levin

From: Maíra Canal <mcanal(a)igalia.com> [ Upstream commit 5ee0d47dcf33efd8950b347dcf4d20bab12a3fa9 ] Currently, when using non-blocking commits, we can see the following kernel warning: [ 110.908514] ------------[ cut here ]------------ [ 110.908529] refcount_t: underflow; use-after-free. [ 110.908620] WARNING: CPU: 0 PID: 1866 at lib/refcount.c:87 refcount_dec_not_one+0xb8/0xc0 [ 110.908664] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device cmac algif_hash aes_arm64 aes_generic algif_skcipher af_alg bnep hid_logitech_hidpp vc4 brcmfmac hci_uart btbcm brcmutil bluetooth snd_soc_hdmi_codec cfg80211 cec drm_display_helper drm_dma_helper drm_kms_helper snd_soc_core snd_compress snd_pcm_dmaengine fb_sys_fops sysimgblt syscopyarea sysfillrect raspberrypi_hwmon ecdh_generic ecc rfkill libaes i2c_bcm2835 binfmt_misc joydev snd_bcm2835(C) bcm2835_codec(C) bcm2835_isp(C) v4l2_mem2mem videobuf2_dma_contig snd_pcm bcm2835_v4l2(C) raspberrypi_gpiomem bcm2835_mmal_vchiq(C) videobuf2_v4l2 snd_timer videobuf2_vmalloc videobuf2_memops videobuf2_common snd videodev vc_sm_cma(C) mc hid_logitech_dj uio_pdrv_genirq uio i2c_dev drm fuse dm_mod drm_panel_orientation_quirks backlight ip_tables x_tables ipv6 [ 110.909086] CPU: 0 PID: 1866 Comm: kodi.bin Tainted: G C 6.1.66-v8+ #32 [ 110.909104] Hardware name: Raspberry Pi 3 Model B Rev 1.2 (DT) [ 110.909114] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 110.909132] pc : refcount_dec_not_one+0xb8/0xc0 [ 110.909152] lr : refcount_dec_not_one+0xb4/0xc0 [ 110.909170] sp : ffffffc00913b9c0 [ 110.909177] x29: ffffffc00913b9c0 x28: 000000556969bbb0 x27: 000000556990df60 [ 110.909205] x26: 0000000000000002 x25: 0000000000000004 x24: ffffff8004448480 [ 110.909230] x23: ffffff800570b500 x22: ffffff802e03a7bc x21: ffffffecfca68c78 [ 110.909257] x20: ffffff8002b42000 x19: ffffff802e03a600 x18: 0000000000000000 [ 110.909283] x17: 0000000000000011 x16: ffffffffffffffff x15: 0000000000000004 [ 110.909308] x14: 0000000000000fff x13: ffffffed577e47e0 x12: 0000000000000003 [ 110.909333] x11: 0000000000000000 x10: 0000000000000027 x9 : c912d0d083728c00 [ 110.909359] x8 : c912d0d083728c00 x7 : 65646e75203a745f x6 : 746e756f63666572 [ 110.909384] x5 : ffffffed579f62ee x4 : ffffffed579eb01e x3 : 0000000000000000 [ 110.909409] x2 : 0000000000000000 x1 : ffffffc00913b750 x0 : 0000000000000001 [ 110.909434] Call trace: [ 110.909441] refcount_dec_not_one+0xb8/0xc0 [ 110.909461] vc4_bo_dec_usecnt+0x4c/0x1b0 [vc4] [ 110.909903] vc4_cleanup_fb+0x44/0x50 [vc4] [ 110.910315] drm_atomic_helper_cleanup_planes+0x88/0xa4 [drm_kms_helper] [ 110.910669] vc4_atomic_commit_tail+0x390/0x9dc [vc4] [ 110.911079] commit_tail+0xb0/0x164 [drm_kms_helper] [ 110.911397] drm_atomic_helper_commit+0x1d0/0x1f0 [drm_kms_helper] [ 110.911716] drm_atomic_commit+0xb0/0xdc [drm] [ 110.912569] drm_mode_atomic_ioctl+0x348/0x4b8 [drm] [ 110.913330] drm_ioctl_kernel+0xec/0x15c [drm] [ 110.914091] drm_ioctl+0x24c/0x3b0 [drm] [ 110.914850] __arm64_sys_ioctl+0x9c/0xd4 [ 110.914873] invoke_syscall+0x4c/0x114 [ 110.914897] el0_svc_common+0xd0/0x118 [ 110.914917] do_el0_svc+0x38/0xd0 [ 110.914936] el0_svc+0x30/0x8c [ 110.914958] el0t_64_sync_handler+0x84/0xf0 [ 110.914979] el0t_64_sync+0x18c/0x190 [ 110.914996] ---[ end trace 0000000000000000 ]--- This happens because, although `prepare_fb` and `cleanup_fb` are perfectly balanced, we cannot guarantee consistency in the check plane->state->fb == state->fb. This means that sometimes we can increase the refcount in `prepare_fb` and don't decrease it in `cleanup_fb`. The opposite can also be true. In fact, the struct drm_plane .state shouldn't be accessed directly but instead, the `drm_atomic_get_new_plane_state()` helper function should be used. So, we could stick to this check, but using `drm_atomic_get_new_plane_state()`. But actually, this check is not really needed. We can increase and decrease the refcount symmetrically without problems. This is going to make the code more simple and consistent. Signed-off-by: Maíra Canal <mcanal(a)igalia.com> Acked-by: Maxime Ripard <mripard(a)kernel.org> Link: https://patchwork.freedesktop.org/patch/msgid/20240105175908.242000-1-mcana… Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/gpu/drm/vc4/vc4_plane.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/drivers/gpu/drm/vc4/vc4_plane.c b/drivers/gpu/drm/vc4/vc4_plane.c index 00e713faecd5a..5948e34f7f813 100644 --- a/drivers/gpu/drm/vc4/vc4_plane.c +++ b/drivers/gpu/drm/vc4/vc4_plane.c @@ -1505,9 +1505,6 @@ static int vc4_prepare_fb(struct drm_plane *plane, drm_gem_plane_helper_prepare_fb(plane, state); - if (plane->state->fb == state->fb) - return 0; - return vc4_bo_inc_usecnt(bo); } @@ -1516,7 +1513,7 @@ static void vc4_cleanup_fb(struct drm_plane *plane, { struct vc4_bo *bo; - if (plane->state->fb == state->fb || !state->fb) + if (!state->fb) return; bo = to_vc4_bo(&drm_fb_dma_get_gem_obj(state->fb, 0)->base); -- 2.43.0

1 year, 2 months

5
106
0 0

[PATCH -stable,5.10.x 0/3] Netfilter fixes for -stable

by Pablo Neira Ayuso

Hi Greg, Sasha, This batch contains a backport for recent fixes already upstream for 5.10.x, to add them on top of your enqueued patches: 994209ddf4f4 ("netfilter: nf_tables: reject new basechain after table flag update") 24cea9677025 ("netfilter: nf_tables: flush pending destroy work before exit_net release") a45e6889575c ("netfilter: nf_tables: release batch on table validation from abort path") 0d459e2ffb54 ("netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path") 1bc83a019bbe ("netfilter: nf_tables: discard table flag update with pending basechain deletion") Please, apply, thanks. Pablo Neira Ayuso (5): netfilter: nf_tables: reject new basechain after table flag update netfilter: nf_tables: flush pending destroy work before exit_net release netfilter: nf_tables: release batch on table validation from abort path netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path netfilter: nf_tables: discard table flag update with pending basechain deletion net/netfilter/nf_tables_api.c | 51 ++++++++++++++++++++++++++++------- 1 file changed, 41 insertions(+), 10 deletions(-) -- 2.30.2

1 year, 2 months

1
6
0 0

[PATCH -stable,5.4.x 0/5] Netfilter fixes for -stable

by Pablo Neira Ayuso

Hi Greg, Sasha, This batch contains a backport for recent fixes already upstream for 5.10.x, to add them on top of your enqueued patches: 994209ddf4f4 ("netfilter: nf_tables: reject new basechain after table flag update") 24cea9677025 ("netfilter: nf_tables: flush pending destroy work before exit_net release") a45e6889575c ("netfilter: nf_tables: release batch on table validation from abort path") 0d459e2ffb54 ("netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path") 1bc83a019bbe ("netfilter: nf_tables: discard table flag update with pending basechain deletion") Please, apply, thanks. Pablo Neira Ayuso (5): netfilter: nf_tables: reject new basechain after table flag update netfilter: nf_tables: flush pending destroy work before exit_net release netfilter: nf_tables: release batch on table validation from abort path netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path netfilter: nf_tables: discard table flag update with pending basechain deletion net/netfilter/nf_tables_api.c | 51 ++++++++++++++++++++++++++++------- 1 file changed, 41 insertions(+), 10 deletions(-) -- 2.30.2

1 year, 2 months

1
5
0 0

[PATCH -stable,5.15.x 0/3] Netfilter fixes for -stable

by Pablo Neira Ayuso

Hi Greg, Sasha, This batch contains a backport for recent fixes already upstream for 6.1.x, to add them on top of your enqueued patches: a45e6889575c ("netfilter: nf_tables: release batch on table validation from abort path") 0d459e2ffb54 ("netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path") 1bc83a019bbe ("netfilter: nf_tables: discard table flag update with pending basechain deletion") Please, apply, thanks. Pablo Neira Ayuso (3): netfilter: nf_tables: release batch on table validation from abort path netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path netfilter: nf_tables: discard table flag update with pending basechain deletion net/netfilter/nf_tables_api.c | 47 +++++++++++++++++++++++++++-------- 1 file changed, 36 insertions(+), 11 deletions(-) -- 2.30.2

1 year, 2 months

1
3
0 0

[PATCH] mm/userfaultfd: Allow hugetlb change protection upon poison entry

by peterx＠redhat.com

From: Peter Xu <peterx(a)redhat.com> After UFFDIO_POISON, there can be two kinds of hugetlb pte markers, either the POISON one or UFFD_WP one. Allow change protection to run on a poisoned marker just like !hugetlb cases, ignoring the marker irrelevant of the permission. Here the two bits are mutual exclusive. For example, when install a poisoned entry it must not be UFFD_WP already (by checking pte_none() before such install). And it also means if UFFD_WP is set there must have no POISON bit set. It makes sense because UFFD_WP is a bit to reflect permission, and permissions do not apply if the pte is poisoned and destined to sigbus. So here we simply check uffd_wp bit set first, do nothing otherwise. Attach the Fixes to UFFDIO_POISON work, as before that it should not be possible to have poison entry for hugetlb (e.g., hugetlb doesn't do swap, so no chance of swapin errors). Cc: Axel Rasmussen <axelrasmussen(a)google.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: linux-stable <stable(a)vger.kernel.org> # 6.6+ Link: https://lore.kernel.org/r/000000000000920d5e0615602dd1@google.com Reported-by: syzbot+b07c8ac8eee3d4d8440f(a)syzkaller.appspotmail.com Fixes: fc71884a5f59 ("mm: userfaultfd: add new UFFDIO_POISON ioctl") Signed-off-by: Peter Xu <peterx(a)redhat.com> --- mm/hugetlb.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 8267e221ca5d..ba7162441adf 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -6960,9 +6960,13 @@ long hugetlb_change_protection(struct vm_area_struct *vma, if (!pte_same(pte, newpte)) set_huge_pte_at(mm, address, ptep, newpte, psize); } else if (unlikely(is_pte_marker(pte))) { - /* No other markers apply for now. */ - WARN_ON_ONCE(!pte_marker_uffd_wp(pte)); - if (uffd_wp_resolve) + /* + * Do nothing on a poison marker; page is + * corrupted, permissons do not apply. Here + * pte_marker_uffd_wp()==true implies !poison + * because they're mutual exclusive. + */ + if (pte_marker_uffd_wp(pte) && uffd_wp_resolve) /* Safe to modify directly (non-present->none). */ huge_pte_clear(mm, address, ptep, psize); } else if (!huge_pte_none(pte)) { -- 2.44.0

1 year, 2 months

3
2
0 0

+ ocfs2-use-coarse-time-for-new-created-files.patch added to mm-nonmm-unstable branch

by Andrew Morton

The patch titled Subject: ocfs2: use coarse time for new created files has been added to the -mm mm-nonmm-unstable branch. Its filename is ocfs2-use-coarse-time-for-new-created-files.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-nonmm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Su Yue <glass.su(a)suse.com> Subject: ocfs2: use coarse time for new created files Date: Mon, 8 Apr 2024 16:20:41 +0800 The default atime related mount option is '-o realtime' which means file atime should be updated if atime <= ctime or atime <= mtime. atime should be updated in the following scenario, but it is not: ========================================================== $ rm /mnt/testfile; $ echo test > /mnt/testfile $ stat -c "%X %Y %Z" /mnt/testfile 1711881646 1711881646 1711881646 $ sleep 5 $ cat /mnt/testfile > /dev/null $ stat -c "%X %Y %Z" /mnt/testfile 1711881646 1711881646 1711881646 ========================================================== And the reason the atime in the test is not updated is that ocfs2 calls ktime_get_real_ts64() in __ocfs2_mknod_locked during file creation. Then inode_set_ctime_current() is called in inode_set_ctime_current() calls ktime_get_coarse_real_ts64() to get current time. ktime_get_real_ts64() is more accurate than ktime_get_coarse_real_ts64(). In my test box, I saw ctime set by ktime_get_coarse_real_ts64() is less than ktime_get_real_ts64() even ctime is set later. The ctime of the new inode is smaller than atime. The call trace is like: ocfs2_create ocfs2_mknod __ocfs2_mknod_locked .... ktime_get_real_ts64 <------- set atime,ctime,mtime, more accurate ocfs2_populate_inode ... ocfs2_init_acl ocfs2_acl_set_mode inode_set_ctime_current current_time ktime_get_coarse_real_ts64 <-------less accurate ocfs2_file_read_iter ocfs2_inode_lock_atime ocfs2_should_update_atime atime <= ctime ? <-------- false, ctime < atime due to accuracy So here call ktime_get_coarse_real_ts64 to set inode time coarser while creating new files. It may lower the accuracy of file times. But it's not a big deal since we already use coarse time in other places like ocfs2_update_inode_atime and inode_set_ctime_current. Link: https://lkml.kernel.org/r/20240408082041.20925-5-glass.su@suse.com Fixes: c62c38f6b91b ("ocfs2: replace CURRENT_TIME macro") Signed-off-by: Su Yue <glass.su(a)suse.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Gang He <ghe(a)suse.com> Cc: Jun Piao <piaojun(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/namei.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/ocfs2/namei.c~ocfs2-use-coarse-time-for-new-created-files +++ a/fs/ocfs2/namei.c @@ -566,7 +566,7 @@ static int __ocfs2_mknod_locked(struct i fe->i_last_eb_blk = 0; strcpy(fe->i_signature, OCFS2_INODE_SIGNATURE); fe->i_flags |= cpu_to_le32(OCFS2_VALID_FL); - ktime_get_real_ts64(&ts); + ktime_get_coarse_real_ts64(&ts); fe->i_atime = fe->i_ctime = fe->i_mtime = cpu_to_le64(ts.tv_sec); fe->i_mtime_nsec = fe->i_ctime_nsec = fe->i_atime_nsec = _ Patches currently in -mm which might be from glass.su(a)suse.com are ocfs2-update-inode-ctime-in-ocfs2_fileattr_set.patch ocfs2-return-real-error-code-in-ocfs2_dio_wr_get_block.patch ocfs2-fix-races-between-hole-punching-and-aiodio.patch ocfs2-update-inode-fsync-transaction-id-in-ocfs2_unlink-and-ocfs2_link.patch ocfs2-use-coarse-time-for-new-created-files.patch

1 year, 2 months

1
0
0 0

+ ocfs2-update-inode-fsync-transaction-id-in-ocfs2_unlink-and-ocfs2_link.patch added to mm-nonmm-unstable branch

by Andrew Morton

The patch titled Subject: ocfs2: update inode fsync transaction id in ocfs2_unlink and ocfs2_link has been added to the -mm mm-nonmm-unstable branch. Its filename is ocfs2-update-inode-fsync-transaction-id-in-ocfs2_unlink-and-ocfs2_link.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-nonmm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Su Yue <glass.su(a)suse.com> Subject: ocfs2: update inode fsync transaction id in ocfs2_unlink and ocfs2_link Date: Mon, 8 Apr 2024 16:20:40 +0800 transaction id should be updated in ocfs2_unlink and ocfs2_link. Otherwise, inode link will be wrong after journal replay even fsync was called before power failure: ======================================================================= $ touch testdir/bar $ ln testdir/bar testdir/bar_link $ fsync testdir/bar $ stat -c %h $SCRATCH_MNT/testdir/bar 1 $ stat -c %h $SCRATCH_MNT/testdir/bar 1 ======================================================================= Link: https://lkml.kernel.org/r/20240408082041.20925-4-glass.su@suse.com Fixes: ccd979bdbce9 ("[PATCH] OCFS2: The Second Oracle Cluster Filesystem") Signed-off-by: Su Yue <glass.su(a)suse.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Gang He <ghe(a)suse.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Jun Piao <piaojun(a)huawei.com> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/namei.c | 2 ++ 1 file changed, 2 insertions(+) --- a/fs/ocfs2/namei.c~ocfs2-update-inode-fsync-transaction-id-in-ocfs2_unlink-and-ocfs2_link +++ a/fs/ocfs2/namei.c @@ -797,6 +797,7 @@ static int ocfs2_link(struct dentry *old ocfs2_set_links_count(fe, inode->i_nlink); fe->i_ctime = cpu_to_le64(inode_get_ctime_sec(inode)); fe->i_ctime_nsec = cpu_to_le32(inode_get_ctime_nsec(inode)); + ocfs2_update_inode_fsync_trans(handle, inode, 0); ocfs2_journal_dirty(handle, fe_bh); err = ocfs2_add_entry(handle, dentry, inode, @@ -993,6 +994,7 @@ static int ocfs2_unlink(struct inode *di drop_nlink(inode); drop_nlink(inode); ocfs2_set_links_count(fe, inode->i_nlink); + ocfs2_update_inode_fsync_trans(handle, inode, 0); ocfs2_journal_dirty(handle, fe_bh); inode_set_mtime_to_ts(dir, inode_set_ctime_current(dir)); _ Patches currently in -mm which might be from glass.su(a)suse.com are ocfs2-update-inode-ctime-in-ocfs2_fileattr_set.patch ocfs2-return-real-error-code-in-ocfs2_dio_wr_get_block.patch ocfs2-fix-races-between-hole-punching-and-aiodio.patch ocfs2-update-inode-fsync-transaction-id-in-ocfs2_unlink-and-ocfs2_link.patch ocfs2-use-coarse-time-for-new-created-files.patch

1 year, 2 months

1
0
0 0

+ ocfs2-fix-races-between-hole-punching-and-aiodio.patch added to mm-nonmm-unstable branch

by Andrew Morton

The patch titled Subject: ocfs2: fix races between hole punching and AIO+DIO has been added to the -mm mm-nonmm-unstable branch. Its filename is ocfs2-fix-races-between-hole-punching-and-aiodio.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-nonmm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Su Yue <glass.su(a)suse.com> Subject: ocfs2: fix races between hole punching and AIO+DIO Date: Mon, 8 Apr 2024 16:20:39 +0800 After commit "ocfs2: return real error code in ocfs2_dio_wr_get_block", fstests/generic/300 become from always failed to sometimes failed: ======================================================================== [ 473.293420 ] run fstests generic/300 [ 475.296983 ] JBD2: Ignoring recovery information on journal [ 475.302473 ] ocfs2: Mounting device (253,1) on (node local, slot 0) with ordered data mode. [ 494.290998 ] OCFS2: ERROR (device dm-1): ocfs2_change_extent_flag: Owner 5668 has an extent at cpos 78723 which can no longer be found [ 494.291609 ] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 494.292018 ] OCFS2: File system is now read-only. [ 494.292224 ] (kworker/19:11,2628,19):ocfs2_mark_extent_written:5272 ERROR: status = -30 [ 494.292602 ] (kworker/19:11,2628,19):ocfs2_dio_end_io_write:2374 ERROR: status = -3 fio: io_u error on file /mnt/scratch/racer: Read-only file system: write offset=460849152, buflen=131072 ========================================================================= In __blockdev_direct_IO, ocfs2_dio_wr_get_block is called to add unwritten extents to a list. extents are also inserted into extent tree in ocfs2_write_begin_nolock. Then another thread call fallocate to puch a hole at one of the unwritten extent. The extent at cpos was removed by ocfs2_remove_extent(). At end io worker thread, ocfs2_search_extent_list found there is no such extent at the cpos. T1 T2 T3 inode lock ... insert extents ... inode unlock ocfs2_fallocate __ocfs2_change_file_space inode lock lock ip_alloc_sem ocfs2_remove_inode_range inode ocfs2_remove_btree_range ocfs2_remove_extent ^---remove the extent at cpos 78723 ... unlock ip_alloc_sem inode unlock ocfs2_dio_end_io ocfs2_dio_end_io_write lock ip_alloc_sem ocfs2_mark_extent_written ocfs2_change_extent_flag ocfs2_search_extent_list ^---failed to find extent ... unlock ip_alloc_sem In most filesystems, fallocate is not compatible with racing with AIO+DIO, so fix it by adding to wait for all dio before fallocate/punch_hole like ext4. Link: https://lkml.kernel.org/r/20240408082041.20925-3-glass.su@suse.com Fixes: b25801038da5 ("ocfs2: Support xfs style space reservation ioctls") Signed-off-by: Su Yue <glass.su(a)suse.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Gang He <ghe(a)suse.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Jun Piao <piaojun(a)huawei.com> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/file.c | 2 ++ 1 file changed, 2 insertions(+) --- a/fs/ocfs2/file.c~ocfs2-fix-races-between-hole-punching-and-aiodio +++ a/fs/ocfs2/file.c @@ -1936,6 +1936,8 @@ static int __ocfs2_change_file_space(str inode_lock(inode); + /* Wait all existing dio workers, newcomers will block on i_rwsem */ + inode_dio_wait(inode); /* * This prevents concurrent writes on other nodes */ _ Patches currently in -mm which might be from glass.su(a)suse.com are ocfs2-update-inode-ctime-in-ocfs2_fileattr_set.patch ocfs2-return-real-error-code-in-ocfs2_dio_wr_get_block.patch ocfs2-fix-races-between-hole-punching-and-aiodio.patch ocfs2-update-inode-fsync-transaction-id-in-ocfs2_unlink-and-ocfs2_link.patch ocfs2-use-coarse-time-for-new-created-files.patch

1 year, 2 months

1
0
0 0

+ mmswapops-update-check-in-is_pfn_swap_entry-for-hwpoison-entries.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm,swapops: update check in is_pfn_swap_entry for hwpoison entries has been added to the -mm mm-hotfixes-unstable branch. Its filename is mmswapops-update-check-in-is_pfn_swap_entry-for-hwpoison-entries.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Oscar Salvador <osalvador(a)suse.de> Subject: mm,swapops: update check in is_pfn_swap_entry for hwpoison entries Date: Sun, 7 Apr 2024 15:05:37 +0200 Tony reported that the Machine check recovery was broken in v6.9-rc1, as he was hitting a VM_BUG_ON when injecting uncorrectable memory errors to DRAM. After some more digging and debugging on his side, he realized that this went back to v6.1, with the introduction of 'commit 0d206b5d2e0d ("mm/swap: add swp_offset_pfn() to fetch PFN from swap entry")'. That commit, among other things, introduced swp_offset_pfn(), replacing hwpoison_entry_to_pfn() in its favour. The patch also introduced a VM_BUG_ON() check for is_pfn_swap_entry(), but is_pfn_swap_entry() never got updated to cover hwpoison entries, which means that we would hit the VM_BUG_ON whenever we would call swp_offset_pfn() for such entries on environments with CONFIG_DEBUG_VM set. Fix this by updating the check to cover hwpoison entries as well, and update the comment while we are it. Link: https://lkml.kernel.org/r/20240407130537.16977-1-osalvador@suse.de Fixes: 0d206b5d2e0d ("mm/swap: add swp_offset_pfn() to fetch PFN from swap entry") Signed-off-by: Oscar Salvador <osalvador(a)suse.de> Reported-by: Tony Luck <tony.luck(a)intel.com> Closes: https://lore.kernel.org/all/Zg8kLSl2yAlA3o5D@agluck-desk3/ Tested-by: Tony Luck <tony.luck(a)intel.com> Reviewed-by: Peter Xu <peterx(a)redhat.com> Reviewed-by: David Hildenbrand <david(a)redhat.com> Acked-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: <stable(a)vger.kernel.org> [6.1.x] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/swapops.h | 65 +++++++++++++++++++------------------- 1 file changed, 33 insertions(+), 32 deletions(-) --- a/include/linux/swapops.h~mmswapops-update-check-in-is_pfn_swap_entry-for-hwpoison-entries +++ a/include/linux/swapops.h @@ -390,6 +390,35 @@ static inline bool is_migration_entry_di } #endif /* CONFIG_MIGRATION */ +#ifdef CONFIG_MEMORY_FAILURE + +/* + * Support for hardware poisoned pages + */ +static inline swp_entry_t make_hwpoison_entry(struct page *page) +{ + BUG_ON(!PageLocked(page)); + return swp_entry(SWP_HWPOISON, page_to_pfn(page)); +} + +static inline int is_hwpoison_entry(swp_entry_t entry) +{ + return swp_type(entry) == SWP_HWPOISON; +} + +#else + +static inline swp_entry_t make_hwpoison_entry(struct page *page) +{ + return swp_entry(0, 0); +} + +static inline int is_hwpoison_entry(swp_entry_t swp) +{ + return 0; +} +#endif + typedef unsigned long pte_marker; #define PTE_MARKER_UFFD_WP BIT(0) @@ -483,8 +512,9 @@ static inline struct folio *pfn_swap_ent /* * A pfn swap entry is a special type of swap entry that always has a pfn stored - * in the swap offset. They are used to represent unaddressable device memory - * and to restrict access to a page undergoing migration. + * in the swap offset. They can either be used to represent unaddressable device + * memory, to restrict access to a page undergoing migration or to represent a + * pfn which has been hwpoisoned and unmapped. */ static inline bool is_pfn_swap_entry(swp_entry_t entry) { @@ -492,7 +522,7 @@ static inline bool is_pfn_swap_entry(swp BUILD_BUG_ON(SWP_TYPE_SHIFT < SWP_PFN_BITS); return is_migration_entry(entry) || is_device_private_entry(entry) || - is_device_exclusive_entry(entry); + is_device_exclusive_entry(entry) || is_hwpoison_entry(entry); } struct page_vma_mapped_walk; @@ -561,35 +591,6 @@ static inline int is_pmd_migration_entry } #endif /* CONFIG_ARCH_ENABLE_THP_MIGRATION */ -#ifdef CONFIG_MEMORY_FAILURE - -/* - * Support for hardware poisoned pages - */ -static inline swp_entry_t make_hwpoison_entry(struct page *page) -{ - BUG_ON(!PageLocked(page)); - return swp_entry(SWP_HWPOISON, page_to_pfn(page)); -} - -static inline int is_hwpoison_entry(swp_entry_t entry) -{ - return swp_type(entry) == SWP_HWPOISON; -} - -#else - -static inline swp_entry_t make_hwpoison_entry(struct page *page) -{ - return swp_entry(0, 0); -} - -static inline int is_hwpoison_entry(swp_entry_t swp) -{ - return 0; -} -#endif - static inline int non_swap_entry(swp_entry_t entry) { return swp_type(entry) >= MAX_SWAPFILES; _ Patches currently in -mm which might be from osalvador(a)suse.de are mmpage_owner-update-metadata-for-tail-pages.patch mmpage_owner-fix-refcount-imbalance.patch mmpage_owner-fix-accounting-of-pages-when-migrating.patch mmpage_owner-fix-printing-of-stack-records.patch mmswapops-update-check-in-is_pfn_swap_entry-for-hwpoison-entries.patch

1 year, 2 months

1
0
0 0

+ mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Miaohe Lin <linmiaohe(a)huawei.com> Subject: mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled Date: Sun, 7 Apr 2024 16:54:56 +0800 When I did hard offline test with hugetlb pages, below deadlock occurs: ====================================================== WARNING: possible circular locking dependency detected 6.8.0-11409-gf6cef5f8c37f #1 Not tainted ------------------------------------------------------ bash/46904 is trying to acquire lock: ffffffffabe68910 (cpu_hotplug_lock){++++}-{0:0}, at: static_key_slow_dec+0x16/0x60 but task is already holding lock: ffffffffabf92ea8 (pcp_batch_high_lock){+.+.}-{3:3}, at: zone_pcp_disable+0x16/0x40 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (pcp_batch_high_lock){+.+.}-{3:3}: __mutex_lock+0x6c/0x770 page_alloc_cpu_online+0x3c/0x70 cpuhp_invoke_callback+0x397/0x5f0 __cpuhp_invoke_callback_range+0x71/0xe0 _cpu_up+0xeb/0x210 cpu_up+0x91/0xe0 cpuhp_bringup_mask+0x49/0xb0 bringup_nonboot_cpus+0xb7/0xe0 smp_init+0x25/0xa0 kernel_init_freeable+0x15f/0x3e0 kernel_init+0x15/0x1b0 ret_from_fork+0x2f/0x50 ret_from_fork_asm+0x1a/0x30 -> #0 (cpu_hotplug_lock){++++}-{0:0}: __lock_acquire+0x1298/0x1cd0 lock_acquire+0xc0/0x2b0 cpus_read_lock+0x2a/0xc0 static_key_slow_dec+0x16/0x60 __hugetlb_vmemmap_restore_folio+0x1b9/0x200 dissolve_free_huge_page+0x211/0x260 __page_handle_poison+0x45/0xc0 memory_failure+0x65e/0xc70 hard_offline_page_store+0x55/0xa0 kernfs_fop_write_iter+0x12c/0x1d0 vfs_write+0x387/0x550 ksys_write+0x64/0xe0 do_syscall_64+0xca/0x1e0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(pcp_batch_high_lock); lock(cpu_hotplug_lock); lock(pcp_batch_high_lock); rlock(cpu_hotplug_lock); *** DEADLOCK *** 5 locks held by bash/46904: #0: ffff98f6c3bb23f0 (sb_writers#5){.+.+}-{0:0}, at: ksys_write+0x64/0xe0 #1: ffff98f6c328e488 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0xf8/0x1d0 #2: ffff98ef83b31890 (kn->active#113){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x100/0x1d0 #3: ffffffffabf9db48 (mf_mutex){+.+.}-{3:3}, at: memory_failure+0x44/0xc70 #4: ffffffffabf92ea8 (pcp_batch_high_lock){+.+.}-{3:3}, at: zone_pcp_disable+0x16/0x40 stack backtrace: CPU: 10 PID: 46904 Comm: bash Kdump: loaded Not tainted 6.8.0-11409-gf6cef5f8c37f #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x68/0xa0 check_noncircular+0x129/0x140 __lock_acquire+0x1298/0x1cd0 lock_acquire+0xc0/0x2b0 cpus_read_lock+0x2a/0xc0 static_key_slow_dec+0x16/0x60 __hugetlb_vmemmap_restore_folio+0x1b9/0x200 dissolve_free_huge_page+0x211/0x260 __page_handle_poison+0x45/0xc0 memory_failure+0x65e/0xc70 hard_offline_page_store+0x55/0xa0 kernfs_fop_write_iter+0x12c/0x1d0 vfs_write+0x387/0x550 ksys_write+0x64/0xe0 do_syscall_64+0xca/0x1e0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 RIP: 0033:0x7fc862314887 Code: 10 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 48 89 54 24 18 48 89 74 24 RSP: 002b:00007fff19311268 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007fc862314887 RDX: 000000000000000c RSI: 000056405645fe10 RDI: 0000000000000001 RBP: 000056405645fe10 R08: 00007fc8623d1460 R09: 000000007fffffff R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c R13: 00007fc86241b780 R14: 00007fc862417600 R15: 00007fc862416a00 In short, below scene breaks the lock dependency chain: memory_failure __page_handle_poison zone_pcp_disable -- lock(pcp_batch_high_lock) dissolve_free_huge_page __hugetlb_vmemmap_restore_folio static_key_slow_dec cpus_read_lock -- rlock(cpu_hotplug_lock) Fix this by calling drain_all_pages() instead. Link: https://lkml.kernel.org/r/20240407085456.2798193-1-linmiaohe@huawei.com Fixes: 510d25c92ec4a ("mm/hwpoison: disable pcp for page_handle_poison()") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Naoya Horiguchi <naoya.horiguchi(a)nec.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory-failure.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) --- a/mm/memory-failure.c~mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled +++ a/mm/memory-failure.c @@ -154,11 +154,17 @@ static int __page_handle_poison(struct p { int ret; - zone_pcp_disable(page_zone(page)); + /* + * zone_pcp_disable() can't be used here. It will hold pcp_batch_high_lock and + * dissolve_free_huge_page() might hold cpu_hotplug_lock via static_key_slow_dec() + * when hugetlb vmemmap optimization is enabled. This will break current lock + * dependency chain and leads to deadlock. + */ ret = dissolve_free_huge_page(page); - if (!ret) + if (!ret) { + drain_all_pages(page_zone(page)); ret = take_page_off_buddy(page); - zone_pcp_enable(page_zone(page)); + } return ret; } _ Patches currently in -mm which might be from linmiaohe(a)huawei.com are mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled.patch

1 year, 2 months

1
0
0 0

+ mm-userfaultfd-allow-hugetlb-change-protection-upon-poison-entry.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/userfaultfd: Allow hugetlb change protection upon poison entry has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-userfaultfd-allow-hugetlb-change-protection-upon-poison-entry.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Peter Xu <peterx(a)redhat.com> Subject: mm/userfaultfd: Allow hugetlb change protection upon poison entry Date: Fri, 5 Apr 2024 19:19:20 -0400 After UFFDIO_POISON, there can be two kinds of hugetlb pte markers, either the POISON one or UFFD_WP one. Allow change protection to run on a poisoned marker just like !hugetlb cases, ignoring the marker irrelevant of the permission. Here the two bits are mutual exclusive. For example, when install a poisoned entry it must not be UFFD_WP already (by checking pte_none() before such install). And it also means if UFFD_WP is set there must have no POISON bit set. It makes sense because UFFD_WP is a bit to reflect permission, and permissions do not apply if the pte is poisoned and destined to sigbus. So here we simply check uffd_wp bit set first, do nothing otherwise. Attach the Fixes to UFFDIO_POISON work, as before that it should not be possible to have poison entry for hugetlb (e.g., hugetlb doesn't do swap, so no chance of swapin errors). Link: https://lkml.kernel.org/r/20240405231920.1772199-1-peterx@redhat.com Link: https://lore.kernel.org/r/000000000000920d5e0615602dd1@google.com Reported-by: syzbot+b07c8ac8eee3d4d8440f(a)syzkaller.appspotmail.com Fixes: fc71884a5f59 ("mm: userfaultfd: add new UFFDIO_POISON ioctl") Signed-off-by: Peter Xu <peterx(a)redhat.com> Cc: Axel Rasmussen <axelrasmussen(a)google.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: <stable(a)vger.kernel.org> [6.6+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) --- a/mm/hugetlb.c~mm-userfaultfd-allow-hugetlb-change-protection-upon-poison-entry +++ a/mm/hugetlb.c @@ -7044,9 +7044,13 @@ long hugetlb_change_protection(struct vm if (!pte_same(pte, newpte)) set_huge_pte_at(mm, address, ptep, newpte, psize); } else if (unlikely(is_pte_marker(pte))) { - /* No other markers apply for now. */ - WARN_ON_ONCE(!pte_marker_uffd_wp(pte)); - if (uffd_wp_resolve) + /* + * Do nothing on a poison marker; page is + * corrupted, permissons do not apply. Here + * pte_marker_uffd_wp()==true implies !poison + * because they're mutual exclusive. + */ + if (pte_marker_uffd_wp(pte) && uffd_wp_resolve) /* Safe to modify directly (non-present->none). */ huge_pte_clear(mm, address, ptep, psize); } else if (!huge_pte_none(pte)) { _ Patches currently in -mm which might be from peterx(a)redhat.com are mm-userfaultfd-allow-hugetlb-change-protection-upon-poison-entry.patch mm-hmm-process-pud-swap-entry-without-pud_huge.patch mm-gup-cache-p4d-in-follow_p4d_mask.patch mm-gup-check-p4d-presence-before-going-on.patch mm-x86-change-pxd_huge-behavior-to-exclude-swap-entries.patch mm-sparc-change-pxd_huge-behavior-to-exclude-swap-entries.patch mm-arm-use-macros-to-define-pmd-pud-helpers.patch mm-arm-redefine-pmd_huge-with-pmd_leaf.patch mm-arm64-merge-pxd_huge-and-pxd_leaf-definitions.patch mm-powerpc-redefine-pxd_huge-with-pxd_leaf.patch mm-gup-merge-pxd-huge-mapping-checks.patch mm-treewide-replace-pxd_huge-with-pxd_leaf.patch mm-treewide-remove-pxd_huge.patch mm-arm-remove-pmd_thp_or_huge.patch mm-document-pxd_leaf-api.patch selftests-mm-run_vmtestssh-fix-hugetlb-mem-size-calculation.patch selftests-mm-run_vmtestssh-fix-hugetlb-mem-size-calculation-fix.patch mm-kconfig-config_pgtable_has_huge_leaves.patch mm-hugetlb-declare-hugetlbfs_pagecache_present-non-static.patch mm-make-hpage_pxd_-macros-even-if-thp.patch mm-introduce-vma_pgtable_walk_beginend.patch mm-arch-provide-pud_pfn-fallback.patch mm-arch-provide-pud_pfn-fallback-fix.patch mm-gup-drop-folio_fast_pin_allowed-in-hugepd-processing.patch mm-gup-refactor-record_subpages-to-find-1st-small-page.patch mm-gup-handle-hugetlb-for-no_page_table.patch mm-gup-cache-pudp-in-follow_pud_mask.patch mm-gup-handle-huge-pud-for-follow_pud_mask.patch mm-gup-handle-huge-pmd-for-follow_pmd_mask.patch mm-gup-handle-huge-pmd-for-follow_pmd_mask-fix.patch mm-gup-handle-hugepd-for-follow_page.patch mm-gup-handle-hugetlb-in-the-generic-follow_page_mask-code.patch mm-allow-anon-exclusive-check-over-hugetlb-tail-pages.patch

1 year, 2 months

1
0
0 0

[PATCH] drm/ttm: Print the memory decryption status just once

by Zack Rusin

Stop printing the TT memory decryption status info each time tt is created and instead print it just once. Reduces the spam in the system logs when running guests with SEV enabled. Signed-off-by: Zack Rusin <zack.rusin(a)broadcom.com> Fixes: 71ce046327cf ("drm/ttm: Make sure the mapped tt pages are decrypted when needed") Cc: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Cc: Christian König <christian.koenig(a)amd.com> Cc: dri-devel(a)lists.freedesktop.org Cc: linux-kernel(a)vger.kernel.org Cc: <stable(a)vger.kernel.org> # v5.14+ --- drivers/gpu/drm/ttm/ttm_tt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/ttm/ttm_tt.c b/drivers/gpu/drm/ttm/ttm_tt.c index 578a7c37f00b..d776e3f87064 100644 --- a/drivers/gpu/drm/ttm/ttm_tt.c +++ b/drivers/gpu/drm/ttm/ttm_tt.c @@ -92,7 +92,7 @@ int ttm_tt_create(struct ttm_buffer_object *bo, bool zero_alloc) */ if (bdev->pool.use_dma_alloc && cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT)) { page_flags |= TTM_TT_FLAG_DECRYPTED; - drm_info(ddev, "TT memory decryption enabled."); + drm_info_once(ddev, "TT memory decryption enabled."); } bo->ttm = bdev->funcs->ttm_tt_create(bo, page_flags); -- 2.40.1

1 year, 2 months

2
1
0 0

[REGRESSION] ax88179_178a assigns the same MAC address to all USB network interfaces

by Jarkko Palviainen

Hi, Starting from kernel version 6.7.4 I hit the following problem: when I connect two or more USB-to-ethernet adapters to the computer they get assigned the same MAC address. Furthermore, the address is not the one specified in any of the device labels but is selected seemingly at random on boot. This becomes a blocking issue when trying to use SYSTEMD.LINK(5) to match the interfaces. 6.7.3 is OK, 6.7.4 introduces this behavior in the following upstream commit: d2689b6a86b9 net: usb: ax88179_178a: avoid two consecutive device resets Reverting this commit in 6.7.4 fixes the issue. The behavior is also present in LTS 6.6.23. The commit has been backported in 6.6.16. Example system log when connecting two adapters. Both interfaces are assigned address 02:a5:ab:80:e6:94. kernel: usb 2-5.4: new SuperSpeed USB device number 3 using xhci_hcd kernel: usb 2-5.4: New USB device found, idVendor=2001, idProduct=4a00, bcdDevice= 1.00 kernel: usb 2-5.4: New USB device strings: Mfr=1, Product=2, SerialNumber=3 kernel: usb 2-5.4: Product: D-Link DUB-1312 kernel: usb 2-5.4: Manufacturer: D-Link Elec. Corp. kernel: usb 2-5.4: SerialNumber: 00000000001D4D mtp-probe[2431]: checking bus 2, device 3: "/sys/devices/pci0000:00/0000:00:14.0/usb2/2-5/2-5.4" mtp-probe[2431]: bus: 2, device: 3 was not an MTP device kernel: ax88179_178a 2-5.4:1.0 eth0: register 'ax88179_178a' at usb-0000:00:14.0-5.4, D-Link DUB-1312 USB 3.0 to Gigabit Ethernet Adapter, 02:a5:ab:80:e6:94 kernel: usbcore: registered new interface driver ax88179_178a mtp-probe[2436]: checking bus 2, device 3: "/sys/devices/pci0000:00/0000:00:14.0/usb2/2-5/2-5.4" mtp-probe[2436]: bus: 2, device: 3 was not an MTP device kernel: ax88179_178a 2-5.4:1.0 enp0s20f0u5u4: renamed from eth0 systemd-networkd[469]: eth0: Interface name change detected, renamed to enp0s20f0u5u4. kernel: usb 1-5.3: new high-speed USB device number 8 using xhci_hcd kernel: usb 1-5.3: New USB device found, idVendor=0b95, idProduct=1790, bcdDevice= 1.00 kernel: usb 1-5.3: New USB device strings: Mfr=1, Product=2, SerialNumber=3 kernel: usb 1-5.3: Product: AX88179 kernel: usb 1-5.3: Manufacturer: ASIX Elec. Corp. kernel: usb 1-5.3: SerialNumber: 0000249B2BAEC8 kernel: ax88179_178a 1-5.3:1.0 eth0: register 'ax88179_178a' at usb-0000:00:14.0-5.3, ASIX AX88179 USB 3.0 Gigabit Ethernet, 02:a5:ab:80:e6:94 mtp-probe[2440]: checking bus 1, device 8: "/sys/devices/pci0000:00/0000:00:14.0/usb1/1-5/1-5.3" mtp-probe[2440]: bus: 1, device: 8 was not an MTP device kernel: ax88179_178a 1-5.3:1.0 enp0s20f0u5u3: renamed from eth0 systemd-networkd[469]: eth0: Interface name change detected, renamed to enp0s20f0u5u3. mtp-probe[2444]: checking bus 1, device 8: "/sys/devices/pci0000:00/0000:00:14.0/usb1/1-5/1-5.3" mtp-probe[2444]: bus: 1, device: 8 was not an MTP device

1 year, 2 months

2
1
0 0

Re: [PATCH 6.8 000/273] 6.8.5-rc1 review

by Ronald Warsow

Hi Greg *no* regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

1 year, 2 months

1
0
0 0

[tip: timers/urgent] irqflags: Explicitly ignore lockdep_hrtimer_exit() argument

by tip-bot2 for Arnd Bergmann

The following commit has been merged into the timers/urgent branch of tip: Commit-ID: c1d11fc2c8320871b40730991071dd0a0b405bc8 Gitweb: https://git.kernel.org/tip/c1d11fc2c8320871b40730991071dd0a0b405bc8 Author: Arnd Bergmann <arnd(a)arndb.de> AuthorDate: Mon, 08 Apr 2024 09:46:01 +02:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Mon, 08 Apr 2024 16:34:18 +02:00 irqflags: Explicitly ignore lockdep_hrtimer_exit() argument When building with 'make W=1' but CONFIG_TRACE_IRQFLAGS=n, the unused argument to lockdep_hrtimer_exit() causes a warning: kernel/time/hrtimer.c:1655:14: error: variable 'expires_in_hardirq' set but not used [-Werror=unused-but-set-variable] This is intentional behavior, so add a cast to void to shut up the warning. Fixes: 73d20564e0dc ("hrtimer: Don't dereference the hrtimer pointer after the callback") Reported-by: kernel test robot <lkp(a)intel.com> Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Reviewed-by: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240408074609.3170807-1-arnd@kernel.org Closes: https://lore.kernel.org/oe-kbuild-all/202311191229.55QXHVc6-lkp@intel.com/ --- include/linux/irqflags.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/irqflags.h b/include/linux/irqflags.h index 147feeb..3f003d5 100644 --- a/include/linux/irqflags.h +++ b/include/linux/irqflags.h @@ -114,7 +114,7 @@ do { \ # define lockdep_softirq_enter() do { } while (0) # define lockdep_softirq_exit() do { } while (0) # define lockdep_hrtimer_enter(__hrtimer) false -# define lockdep_hrtimer_exit(__context) do { } while (0) +# define lockdep_hrtimer_exit(__context) do { (void)(__context); } while (0) # define lockdep_posixtimer_enter() do { } while (0) # define lockdep_posixtimer_exit() do { } while (0) # define lockdep_irq_work_enter(__work) do { } while (0)

1 year, 2 months

1
0
0 0

[PATCH 6.1] wifi: mac80211: avoid lockdep checking when removing deflink

by Alexander Ofitserov

From: Benjamin Berg <benjamin.berg(a)intel.com> [ Upstream commit b8b80770b26c4591f20f1cde3328e5f1489c4488 ] struct sta_info may be removed without holding sta_mtx if it has not yet been inserted. To support this, only assert that the lock is held for links other than the deflink. This fixes lockdep issues that may be triggered in error cases. Signed-off-by: Benjamin Berg <benjamin.berg(a)intel.com> Signed-off-by: Gregory Greenman <gregory.greenman(a)intel.com> Link: https://lore.kernel.org/r/20230619161906.cdd81377dea0.If5a6734b4b85608a2275… Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Alexander Ofitserov <oficerovas(a)altlinux.org> Cc: stable(a)vger.kernel.org --- net/mac80211/sta_info.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c index bd56015b29258..edec857edbd25 100644 --- a/net/mac80211/sta_info.c +++ b/net/mac80211/sta_info.c @@ -357,8 +357,9 @@ static void sta_remove_link(struct sta_info *sta, unsigned int link_id, struct sta_link_alloc *alloc = NULL; struct link_sta_info *link_sta; - link_sta = rcu_dereference_protected(sta->link[link_id], - lockdep_is_held(&sta->local->sta_mtx)); + link_sta = rcu_access_pointer(sta->link[link_id]); + if (link_sta != &sta->deflink) + lockdep_assert_held(&sta->local->sta_mtx); if (WARN_ON(!link_sta)) return; -- 2.42.1

1 year, 2 months

1
0
0 0

[PATCH v4] x86/asm: Force native_apic_mem_read() to use the MOV instruction

by Adam Dunlap

When done from a virtual machine, instructions that touch APIC memory must be emulated. By convention, MMIO access are typically performed via io.h helpers such as 'readl()' or 'writeq()' to simplify instruction emulation/decoding (ex: in KVM hosts and SEV guests) [0]. Currently, native_apic_mem_read() does not follow this convention, allowing the compiler to emit instructions other than the MOV instruction generated by readl(). In particular, when compiled with clang and run as a SEV-ES or SEV-SNP guest, the compiler would emit a TESTL instruction which is not supported by the SEV-ES emulator, causing a boot failure in that environment. It is likely the same problem would happen in a TDX guest as that uses the same instruction emulator as SEV-ES. To make sure all emulators can emulate APIC memory reads via MOV, use the readl() function in native_apic_mem_read(). It is expected that any emulator would support MOV in any addressing mode it is the most generic and is what is ususally emitted currently. The TESTL instruction is emitted when native_apic_mem_read() is inlined into apic_mem_wait_icr_idle(). The emulator comes from insn_decode_mmio in arch/x86/lib/insn-eval.c. It's not worth it to extend insn_decode_mmio to support more instructions since, in theory, the compiler could choose to output nearly any instruction for such reads which would bloat the emulator beyond reason. [0] https://lore.kernel.org/all/20220405232939.73860-12-kirill.shutemov@linux.i… Signed-off-by: Adam Dunlap <acdunlap(a)google.com> Tested-by: Kevin Loughlin <kevinloughlin(a)google.com> Reviewed-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org --- An alterative to this approach would be to use inline assembly instead of the readl() helper, as that is what native_apic_mem_write() does. I consider using readl() to be cleaner since it is documented to be a simple wrapper and inline assembly is less readable. native_apic_mem_write() cannot be trivially updated to use writel since it appears to use custom asm to workaround for a processor-specific bug. Patch changelog: V1 -> V2: Replaced asm with readl function which does the same thing V2 -> V3: Updated commit message to show more motivation and justification V3 -> V4: Fixed nits in commit message Link to v2 discussion: https://lore.kernel.org/all/20220908170456.3177635-1-acdunlap@google.com/ arch/x86/include/asm/apic.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h index 9d159b771dc8..dddd3fc195ef 100644 --- a/arch/x86/include/asm/apic.h +++ b/arch/x86/include/asm/apic.h @@ -13,6 +13,7 @@ #include <asm/mpspec.h> #include <asm/msr.h> #include <asm/hardirq.h> +#include <asm/io.h> #define ARCH_APICTIMER_STOPS_ON_C3 1 @@ -96,7 +97,7 @@ static inline void native_apic_mem_write(u32 reg, u32 v) static inline u32 native_apic_mem_read(u32 reg) { - return *((volatile u32 *)(APIC_BASE + reg)); + return readl((void __iomem *)(APIC_BASE + reg)); } static inline void native_apic_mem_eoi(void) -- 2.43.0.594.gd9cf4e227d-goog

1 year, 2 months

3
2
0 0

[PATCH 5.15] x86/mm/pat: clear VM_PAT if copy_p4d_range failed

by Alexander Ofitserov

From: Ma Wupeng <mawupeng1(a)huawei.com> [ Upstream commit d155df53f31068c3340733d586eb9b3ddfd70fc5 ] Syzbot reports a warning in untrack_pfn(). Digging into the root we found that this is due to memory allocation failure in pmd_alloc_one. And this failure is produced due to failslab. In copy_page_range(), memory alloaction for pmd failed. During the error handling process in copy_page_range(), mmput() is called to remove all vmas. While untrack_pfn this empty pfn, warning happens. Here's a simplified flow: dup_mm dup_mmap copy_page_range copy_p4d_range copy_pud_range copy_pmd_range pmd_alloc __pmd_alloc pmd_alloc_one page = alloc_pages(gfp, 0); if (!page) return NULL; mmput exit_mmap unmap_vmas unmap_single_vma untrack_pfn follow_phys WARN_ON_ONCE(1); Since this vma is not generate successfully, we can clear flag VM_PAT. In this case, untrack_pfn() will not be called while cleaning this vma. Function untrack_pfn_moved() has also been renamed to fit the new logic. Link: https://lkml.kernel.org/r/20230217025615.1595558-1-mawupeng1@huawei.com Signed-off-by: Ma Wupeng <mawupeng1(a)huawei.com> Reported-by: <syzbot+5f488e922d047d8f00cc(a)syzkaller.appspotmail.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Alexander Ofitserov <oficerovas(a)altlinux.org> Cc: stable(a)vger.kernel.org --- arch/x86/mm/pat/memtype.c | 12 ++++++++---- include/linux/pgtable.h | 7 ++++--- mm/memory.c | 1 + mm/mremap.c | 2 +- 4 files changed, 14 insertions(+), 8 deletions(-) diff --git a/arch/x86/mm/pat/memtype.c b/arch/x86/mm/pat/memtype.c index d5ef64ddd35e9..fd819f112a7a7 100644 --- a/arch/x86/mm/pat/memtype.c +++ b/arch/x86/mm/pat/memtype.c @@ -1108,11 +1108,15 @@ void untrack_pfn(struct vm_area_struct *vma, unsigned long pfn, } /* - * untrack_pfn_moved is called, while mremapping a pfnmap for a new region, - * with the old vma after its pfnmap page table has been removed. The new - * vma has a new pfnmap to the same pfn & cache type with VM_PAT set. + * untrack_pfn_clear is called if the following situation fits: + * + * 1) while mremapping a pfnmap for a new region, with the old vma after + * its pfnmap page table has been removed. The new vma has a new pfnmap + * to the same pfn & cache type with VM_PAT set. + * 2) while duplicating vm area, the new vma fails to copy the pgtable from + * old vma. */ -void untrack_pfn_moved(struct vm_area_struct *vma) +void untrack_pfn_clear(struct vm_area_struct *vma) { vma->vm_flags &= ~VM_PAT; } diff --git a/include/linux/pgtable.h b/include/linux/pgtable.h index d468efcf48f45..734d5e707fe6d 100644 --- a/include/linux/pgtable.h +++ b/include/linux/pgtable.h @@ -1121,9 +1121,10 @@ static inline void untrack_pfn(struct vm_area_struct *vma, } /* - * untrack_pfn_moved is called while mremapping a pfnmap for a new region. + * untrack_pfn_clear is called while mremapping a pfnmap for a new region + * or fails to copy pgtable during duplicate vm area. */ -static inline void untrack_pfn_moved(struct vm_area_struct *vma) +static inline void untrack_pfn_clear(struct vm_area_struct *vma) { } #else @@ -1135,7 +1136,7 @@ extern void track_pfn_insert(struct vm_area_struct *vma, pgprot_t *prot, extern int track_pfn_copy(struct vm_area_struct *vma); extern void untrack_pfn(struct vm_area_struct *vma, unsigned long pfn, unsigned long size); -extern void untrack_pfn_moved(struct vm_area_struct *vma); +extern void untrack_pfn_clear(struct vm_area_struct *vma); #endif #ifdef CONFIG_MMU diff --git a/mm/memory.c b/mm/memory.c index 8d71a82462dd5..95db1df5fd03a 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -1289,6 +1289,7 @@ copy_page_range(struct vm_area_struct *dst_vma, struct vm_area_struct *src_vma) continue; if (unlikely(copy_p4d_range(dst_vma, src_vma, dst_pgd, src_pgd, addr, next))) { + untrack_pfn_clear(dst_vma); ret = -ENOMEM; break; } diff --git a/mm/mremap.c b/mm/mremap.c index 3a3cf4cc2c632..9457a1e06b5ae 100644 --- a/mm/mremap.c +++ b/mm/mremap.c @@ -668,7 +668,7 @@ static unsigned long move_vma(struct vm_area_struct *vma, /* Tell pfnmap has moved from this vma */ if (unlikely(vma->vm_flags & VM_PFNMAP)) - untrack_pfn_moved(vma); + untrack_pfn_clear(vma); if (unlikely(!err && (flags & MREMAP_DONTUNMAP))) { /* We always clear VM_LOCKED[ONFAULT] on the old vma */ -- 2.42.1

1 year, 2 months

1
0
0 0

[PATCH -for-stable-v6.6+ 0/6] EFI/x86 updates for secure boot

by Ard Biesheuvel

From: Ard Biesheuvel <ardb(a)kernel.org> Please merge the attached series into stable branches v6.6 and v6.8. They backport changes that are part of the work to harden the EFI stub and make it compatible with MS requirements on EFI memory protections on secure boot enabled systems. Note that the first patch by Hou Wenlong is already in v6.8. The remaining ones should apply equally to v6.6 and v6.8. Only patch #5 was tweaked for context changes due to backports that overtook this one. Thanks. Ard Biesheuvel (5): efi/libstub: Add generic support for parsing mem_encrypt= x86/boot: Move mem_encrypt= parsing to the decompressor x86/sme: Move early SME kernel encryption handling into .head.text x86/sev: Move early startup code into .head.text section x86/efistub: Remap kernel text read-only before dropping NX attribute Hou Wenlong (1): x86/head/64: Move the __head definition to <asm/init.h> arch/x86/boot/compressed/Makefile | 2 +- arch/x86/boot/compressed/misc.c | 16 +++++ arch/x86/boot/compressed/sev.c | 3 + arch/x86/include/asm/boot.h | 1 + arch/x86/include/asm/init.h | 2 + arch/x86/include/asm/mem_encrypt.h | 8 +-- arch/x86/include/asm/sev.h | 10 +-- arch/x86/include/uapi/asm/bootparam.h | 1 + arch/x86/kernel/head64.c | 3 +- arch/x86/kernel/sev-shared.c | 23 +++--- arch/x86/kernel/sev.c | 14 ++-- arch/x86/lib/Makefile | 13 ---- arch/x86/mm/mem_encrypt_identity.c | 74 ++++++-------------- drivers/firmware/efi/libstub/efi-stub-helper.c | 8 +++ drivers/firmware/efi/libstub/efistub.h | 2 +- drivers/firmware/efi/libstub/x86-stub.c | 14 +++- 16 files changed, 94 insertions(+), 100 deletions(-) -- 2.44.0.478.gd926399ef9-goog

1 year, 2 months

3
9
0 0

[PATCH 5.10] x86/mm/pat: clear VM_PAT if copy_p4d_range failed

by Alexander Ofitserov

From: Ma Wupeng <mawupeng1(a)huawei.com> [ Upstream commit d155df53f31068c3340733d586eb9b3ddfd70fc5 ] Syzbot reports a warning in untrack_pfn(). Digging into the root we found that this is due to memory allocation failure in pmd_alloc_one. And this failure is produced due to failslab. In copy_page_range(), memory alloaction for pmd failed. During the error handling process in copy_page_range(), mmput() is called to remove all vmas. While untrack_pfn this empty pfn, warning happens. Here's a simplified flow: dup_mm dup_mmap copy_page_range copy_p4d_range copy_pud_range copy_pmd_range pmd_alloc __pmd_alloc pmd_alloc_one page = alloc_pages(gfp, 0); if (!page) return NULL; mmput exit_mmap unmap_vmas unmap_single_vma untrack_pfn follow_phys WARN_ON_ONCE(1); Since this vma is not generate successfully, we can clear flag VM_PAT. In this case, untrack_pfn() will not be called while cleaning this vma. Function untrack_pfn_moved() has also been renamed to fit the new logic. Link: https://lkml.kernel.org/r/20230217025615.1595558-1-mawupeng1@huawei.com Signed-off-by: Ma Wupeng <mawupeng1(a)huawei.com> Reported-by: <syzbot+5f488e922d047d8f00cc(a)syzkaller.appspotmail.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Alexander Ofitserov <oficerovas(a)altlinux.org> Cc: stable(a)vger.kernel.org --- arch/x86/mm/pat/memtype.c | 12 ++++++++---- include/linux/pgtable.h | 7 ++++--- mm/memory.c | 1 + mm/mremap.c | 2 +- 4 files changed, 14 insertions(+), 8 deletions(-) diff --git a/arch/x86/mm/pat/memtype.c b/arch/x86/mm/pat/memtype.c index f9c53a7107407..7c57001f79b83 100644 --- a/arch/x86/mm/pat/memtype.c +++ b/arch/x86/mm/pat/memtype.c @@ -1106,11 +1106,15 @@ void untrack_pfn(struct vm_area_struct *vma, unsigned long pfn, } /* - * untrack_pfn_moved is called, while mremapping a pfnmap for a new region, - * with the old vma after its pfnmap page table has been removed. The new - * vma has a new pfnmap to the same pfn & cache type with VM_PAT set. + * untrack_pfn_clear is called if the following situation fits: + * + * 1) while mremapping a pfnmap for a new region, with the old vma after + * its pfnmap page table has been removed. The new vma has a new pfnmap + * to the same pfn & cache type with VM_PAT set. + * 2) while duplicating vm area, the new vma fails to copy the pgtable from + * old vma. */ -void untrack_pfn_moved(struct vm_area_struct *vma) +void untrack_pfn_clear(struct vm_area_struct *vma) { vma->vm_flags &= ~VM_PAT; } diff --git a/include/linux/pgtable.h b/include/linux/pgtable.h index f924468d84ec4..b04a675fa320e 100644 --- a/include/linux/pgtable.h +++ b/include/linux/pgtable.h @@ -1048,9 +1048,10 @@ static inline void untrack_pfn(struct vm_area_struct *vma, } /* - * untrack_pfn_moved is called while mremapping a pfnmap for a new region. + * untrack_pfn_clear is called while mremapping a pfnmap for a new region + * or fails to copy pgtable during duplicate vm area. */ -static inline void untrack_pfn_moved(struct vm_area_struct *vma) +static inline void untrack_pfn_clear(struct vm_area_struct *vma) { } #else @@ -1062,7 +1063,7 @@ extern void track_pfn_insert(struct vm_area_struct *vma, pgprot_t *prot, extern int track_pfn_copy(struct vm_area_struct *vma); extern void untrack_pfn(struct vm_area_struct *vma, unsigned long pfn, unsigned long size); -extern void untrack_pfn_moved(struct vm_area_struct *vma); +extern void untrack_pfn_clear(struct vm_area_struct *vma); #endif #ifdef __HAVE_COLOR_ZERO_PAGE diff --git a/mm/memory.c b/mm/memory.c index fddd2e9aff245..cbd62138dfff0 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -1204,6 +1204,7 @@ copy_page_range(struct vm_area_struct *dst_vma, struct vm_area_struct *src_vma) continue; if (unlikely(copy_p4d_range(dst_vma, src_vma, dst_pgd, src_pgd, addr, next))) { + untrack_pfn_clear(dst_vma); ret = -ENOMEM; break; } diff --git a/mm/mremap.c b/mm/mremap.c index 3334c40222101..af4398387b49e 100644 --- a/mm/mremap.c +++ b/mm/mremap.c @@ -421,7 +421,7 @@ static unsigned long move_vma(struct vm_area_struct *vma, /* Tell pfnmap has moved from this vma */ if (unlikely(vma->vm_flags & VM_PFNMAP)) - untrack_pfn_moved(vma); + untrack_pfn_clear(vma); if (unlikely(!err && (flags & MREMAP_DONTUNMAP))) { if (vm_flags & VM_ACCOUNT) { -- 2.42.1

1 year, 2 months

1
0
0 0

[PATCH 6.1] x86/mm/pat: clear VM_PAT if copy_p4d_range failed

by Alexander Ofitserov

From: Ma Wupeng <mawupeng1(a)huawei.com> [ Upstream commit d155df53f31068c3340733d586eb9b3ddfd70fc5 ] Syzbot reports a warning in untrack_pfn(). Digging into the root we found that this is due to memory allocation failure in pmd_alloc_one. And this failure is produced due to failslab. In copy_page_range(), memory alloaction for pmd failed. During the error handling process in copy_page_range(), mmput() is called to remove all vmas. While untrack_pfn this empty pfn, warning happens. Here's a simplified flow: dup_mm dup_mmap copy_page_range copy_p4d_range copy_pud_range copy_pmd_range pmd_alloc __pmd_alloc pmd_alloc_one page = alloc_pages(gfp, 0); if (!page) return NULL; mmput exit_mmap unmap_vmas unmap_single_vma untrack_pfn follow_phys WARN_ON_ONCE(1); Since this vma is not generate successfully, we can clear flag VM_PAT. In this case, untrack_pfn() will not be called while cleaning this vma. Function untrack_pfn_moved() has also been renamed to fit the new logic. Link: https://lkml.kernel.org/r/20230217025615.1595558-1-mawupeng1@huawei.com Signed-off-by: Ma Wupeng <mawupeng1(a)huawei.com> Reported-by: <syzbot+5f488e922d047d8f00cc(a)syzkaller.appspotmail.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Alexander Ofitserov <oficerovas(a)altlinux.org> Cc: stable(a)vger.kernel.org --- arch/x86/mm/pat/memtype.c | 12 ++++++++---- include/linux/pgtable.h | 7 ++++--- mm/memory.c | 1 + mm/mremap.c | 2 +- 4 files changed, 14 insertions(+), 8 deletions(-) diff --git a/arch/x86/mm/pat/memtype.c b/arch/x86/mm/pat/memtype.c index 66a209f7eb86d..ed07807845ab0 100644 --- a/arch/x86/mm/pat/memtype.c +++ b/arch/x86/mm/pat/memtype.c @@ -1116,11 +1116,15 @@ void untrack_pfn(struct vm_area_struct *vma, unsigned long pfn, } /* - * untrack_pfn_moved is called, while mremapping a pfnmap for a new region, - * with the old vma after its pfnmap page table has been removed. The new - * vma has a new pfnmap to the same pfn & cache type with VM_PAT set. + * untrack_pfn_clear is called if the following situation fits: + * + * 1) while mremapping a pfnmap for a new region, with the old vma after + * its pfnmap page table has been removed. The new vma has a new pfnmap + * to the same pfn & cache type with VM_PAT set. + * 2) while duplicating vm area, the new vma fails to copy the pgtable from + * old vma. */ -void untrack_pfn_moved(struct vm_area_struct *vma) +void untrack_pfn_clear(struct vm_area_struct *vma) { vma->vm_flags &= ~VM_PAT; } diff --git a/include/linux/pgtable.h b/include/linux/pgtable.h index 5f0d7d0b9471b..cce5f8ab461c6 100644 --- a/include/linux/pgtable.h +++ b/include/linux/pgtable.h @@ -1214,9 +1214,10 @@ static inline void untrack_pfn(struct vm_area_struct *vma, } /* - * untrack_pfn_moved is called while mremapping a pfnmap for a new region. + * untrack_pfn_clear is called while mremapping a pfnmap for a new region + * or fails to copy pgtable during duplicate vm area. */ -static inline void untrack_pfn_moved(struct vm_area_struct *vma) +static inline void untrack_pfn_clear(struct vm_area_struct *vma) { } #else @@ -1228,7 +1229,7 @@ extern void track_pfn_insert(struct vm_area_struct *vma, pgprot_t *prot, extern int track_pfn_copy(struct vm_area_struct *vma); extern void untrack_pfn(struct vm_area_struct *vma, unsigned long pfn, unsigned long size); -extern void untrack_pfn_moved(struct vm_area_struct *vma); +extern void untrack_pfn_clear(struct vm_area_struct *vma); #endif #ifdef CONFIG_MMU diff --git a/mm/memory.c b/mm/memory.c index fb83cf56377ab..91e2d4520e4d4 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -1335,6 +1335,7 @@ copy_page_range(struct vm_area_struct *dst_vma, struct vm_area_struct *src_vma) continue; if (unlikely(copy_p4d_range(dst_vma, src_vma, dst_pgd, src_pgd, addr, next))) { + untrack_pfn_clear(dst_vma); ret = -ENOMEM; break; } diff --git a/mm/mremap.c b/mm/mremap.c index 930f65c315c02..6ed28eeae5a84 100644 --- a/mm/mremap.c +++ b/mm/mremap.c @@ -682,7 +682,7 @@ static unsigned long move_vma(struct vm_area_struct *vma, /* Tell pfnmap has moved from this vma */ if (unlikely(vma->vm_flags & VM_PFNMAP)) - untrack_pfn_moved(vma); + untrack_pfn_clear(vma); if (unlikely(!err && (flags & MREMAP_DONTUNMAP))) { /* We always clear VM_LOCKED[ONFAULT] on the old vma */ -- 2.42.1

1 year, 2 months

1
0
0 0

FAILED: patch "[PATCH] bpf: support deferring bpf_link dealloc to after RCU grace" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 1a80dbcb2dbaf6e4c216e62e30fa7d3daa8001ce # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040548-lid-mahogany-fd86@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1a80dbcb2dbaf6e4c216e62e30fa7d3daa8001ce Mon Sep 17 00:00:00 2001 From: Andrii Nakryiko <andrii(a)kernel.org> Date: Wed, 27 Mar 2024 22:24:26 -0700 Subject: [PATCH] bpf: support deferring bpf_link dealloc to after RCU grace period BPF link for some program types is passed as a "context" which can be used by those BPF programs to look up additional information. E.g., for multi-kprobes and multi-uprobes, link is used to fetch BPF cookie values. Because of this runtime dependency, when bpf_link refcnt drops to zero there could still be active BPF programs running accessing link data. This patch adds generic support to defer bpf_link dealloc callback to after RCU GP, if requested. This is done by exposing two different deallocation callbacks, one synchronous and one deferred. If deferred one is provided, bpf_link_free() will schedule dealloc_deferred() callback to happen after RCU GP. BPF is using two flavors of RCU: "classic" non-sleepable one and RCU tasks trace one. The latter is used when sleepable BPF programs are used. bpf_link_free() accommodates that by checking underlying BPF program's sleepable flag, and goes either through normal RCU GP only for non-sleepable, or through RCU tasks trace GP *and* then normal RCU GP (taking into account rcu_trace_implies_rcu_gp() optimization), if BPF program is sleepable. We use this for multi-kprobe and multi-uprobe links, which dereference link during program run. We also preventively switch raw_tp link to use deferred dealloc callback, as upcoming changes in bpf-next tree expose raw_tp link data (specifically, cookie value) to BPF program at runtime as well. Fixes: 0dcac2725406 ("bpf: Add multi kprobe link") Fixes: 89ae89f53d20 ("bpf: Add multi uprobe link") Reported-by: syzbot+981935d9485a560bfbcb(a)syzkaller.appspotmail.com Reported-by: syzbot+2cb5a6c573e98db598cc(a)syzkaller.appspotmail.com Reported-by: syzbot+62d8b26793e8a2bd0516(a)syzkaller.appspotmail.com Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Acked-by: Jiri Olsa <jolsa(a)kernel.org> Link: https://lore.kernel.org/r/20240328052426.3042617-2-andrii@kernel.org Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> diff --git a/include/linux/bpf.h b/include/linux/bpf.h index 4f20f62f9d63..890e152d553e 100644 --- a/include/linux/bpf.h +++ b/include/linux/bpf.h @@ -1574,12 +1574,26 @@ struct bpf_link { enum bpf_link_type type; const struct bpf_link_ops *ops; struct bpf_prog *prog; - struct work_struct work; + /* rcu is used before freeing, work can be used to schedule that + * RCU-based freeing before that, so they never overlap + */ + union { + struct rcu_head rcu; + struct work_struct work; + }; }; struct bpf_link_ops { void (*release)(struct bpf_link *link); + /* deallocate link resources callback, called without RCU grace period + * waiting + */ void (*dealloc)(struct bpf_link *link); + /* deallocate link resources callback, called after RCU grace period; + * if underlying BPF program is sleepable we go through tasks trace + * RCU GP and then "classic" RCU GP + */ + void (*dealloc_deferred)(struct bpf_link *link); int (*detach)(struct bpf_link *link); int (*update_prog)(struct bpf_link *link, struct bpf_prog *new_prog, struct bpf_prog *old_prog); diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c index ae2ff73bde7e..c287925471f6 100644 --- a/kernel/bpf/syscall.c +++ b/kernel/bpf/syscall.c @@ -3024,17 +3024,46 @@ void bpf_link_inc(struct bpf_link *link) atomic64_inc(&link->refcnt); } +static void bpf_link_defer_dealloc_rcu_gp(struct rcu_head *rcu) +{ + struct bpf_link *link = container_of(rcu, struct bpf_link, rcu); + + /* free bpf_link and its containing memory */ + link->ops->dealloc_deferred(link); +} + +static void bpf_link_defer_dealloc_mult_rcu_gp(struct rcu_head *rcu) +{ + if (rcu_trace_implies_rcu_gp()) + bpf_link_defer_dealloc_rcu_gp(rcu); + else + call_rcu(rcu, bpf_link_defer_dealloc_rcu_gp); +} + /* bpf_link_free is guaranteed to be called from process context */ static void bpf_link_free(struct bpf_link *link) { + bool sleepable = false; + bpf_link_free_id(link->id); if (link->prog) { + sleepable = link->prog->sleepable; /* detach BPF program, clean up used resources */ link->ops->release(link); bpf_prog_put(link->prog); } - /* free bpf_link and its containing memory */ - link->ops->dealloc(link); + if (link->ops->dealloc_deferred) { + /* schedule BPF link deallocation; if underlying BPF program + * is sleepable, we need to first wait for RCU tasks trace + * sync, then go through "classic" RCU grace period + */ + if (sleepable) + call_rcu_tasks_trace(&link->rcu, bpf_link_defer_dealloc_mult_rcu_gp); + else + call_rcu(&link->rcu, bpf_link_defer_dealloc_rcu_gp); + } + if (link->ops->dealloc) + link->ops->dealloc(link); } static void bpf_link_put_deferred(struct work_struct *work) @@ -3544,7 +3573,7 @@ static int bpf_raw_tp_link_fill_link_info(const struct bpf_link *link, static const struct bpf_link_ops bpf_raw_tp_link_lops = { .release = bpf_raw_tp_link_release, - .dealloc = bpf_raw_tp_link_dealloc, + .dealloc_deferred = bpf_raw_tp_link_dealloc, .show_fdinfo = bpf_raw_tp_link_show_fdinfo, .fill_link_info = bpf_raw_tp_link_fill_link_info, }; diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index 0b73fe5f7206..9dc605f08a23 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -2728,7 +2728,7 @@ static int bpf_kprobe_multi_link_fill_link_info(const struct bpf_link *link, static const struct bpf_link_ops bpf_kprobe_multi_link_lops = { .release = bpf_kprobe_multi_link_release, - .dealloc = bpf_kprobe_multi_link_dealloc, + .dealloc_deferred = bpf_kprobe_multi_link_dealloc, .fill_link_info = bpf_kprobe_multi_link_fill_link_info, }; @@ -3242,7 +3242,7 @@ static int bpf_uprobe_multi_link_fill_link_info(const struct bpf_link *link, static const struct bpf_link_ops bpf_uprobe_multi_link_lops = { .release = bpf_uprobe_multi_link_release, - .dealloc = bpf_uprobe_multi_link_dealloc, + .dealloc_deferred = bpf_uprobe_multi_link_dealloc, .fill_link_info = bpf_uprobe_multi_link_fill_link_info, };

1 year, 2 months

3
3
0 0

[PATCH for 5.15.y] nvme: fix miss command type check

by Tokunori Ikegami

From: "min15.li" <min15.li(a)samsung.com> commit 31a5978243d24d77be4bacca56c78a0fbc43b00d upstream. In the function nvme_passthru_end(), only the value of the command opcode is checked, without checking the command type (IO command or Admin command). When we send a Dataset Management command (The opcode of the Dataset Management command is the same as the Set Feature command), kernel thinks it is a set feature command, then sets the controller's keep alive interval, and calls nvme_keep_alive_work(). Signed-off-by: min15.li <min15.li(a)samsung.com> Reviewed-by: Kanchan Joshi <joshi.k(a)samsung.com> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Signed-off-by: Keith Busch <kbusch(a)kernel.org> Fixes: b58da2d270db ("nvme: update keep alive interval when kato is modified") Signed-off-by: Tokunori Ikegami <ikegami.t(a)gmail.com> --- drivers/nvme/host/core.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c index 8f06e5c1706b..960a31e3307a 100644 --- a/drivers/nvme/host/core.c +++ b/drivers/nvme/host/core.c @@ -1185,7 +1185,7 @@ static u32 nvme_passthru_start(struct nvme_ctrl *ctrl, struct nvme_ns *ns, return effects; } -static void nvme_passthru_end(struct nvme_ctrl *ctrl, u32 effects, +static void nvme_passthru_end(struct nvme_ctrl *ctrl, struct nvme_ns *ns, u32 effects, struct nvme_command *cmd, int status) { if (effects & NVME_CMD_EFFECTS_CSE_MASK) { @@ -1201,6 +1201,8 @@ static void nvme_passthru_end(struct nvme_ctrl *ctrl, u32 effects, nvme_queue_scan(ctrl); flush_work(&ctrl->scan_work); } + if (ns) + return; switch (cmd->common.opcode) { case nvme_admin_set_features: @@ -1235,7 +1237,7 @@ int nvme_execute_passthru_rq(struct request *rq) effects = nvme_passthru_start(ctrl, ns, cmd->common.opcode); ret = nvme_execute_rq(disk, rq, false); if (effects) /* nothing to be done for zero cmd effects */ - nvme_passthru_end(ctrl, effects, cmd, ret); + nvme_passthru_end(ctrl, ns, effects, cmd, ret); return ret; } -- 2.40.1

1 year, 2 months

2
1
0 0

FAILED: patch "[PATCH] gro: fix ownership transfer" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x ed4cccef64c1d0d5b91e69f7a8a6697c3a865486 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040543-backdrop-sequester-2458@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ed4cccef64c1d0d5b91e69f7a8a6697c3a865486 Mon Sep 17 00:00:00 2001 From: Antoine Tenart <atenart(a)kernel.org> Date: Tue, 26 Mar 2024 12:33:59 +0100 Subject: [PATCH] gro: fix ownership transfer If packets are GROed with fraglist they might be segmented later on and continue their journey in the stack. In skb_segment_list those skbs can be reused as-is. This is an issue as their destructor was removed in skb_gro_receive_list but not the reference to their socket, and then they can't be orphaned. Fix this by also removing the reference to the socket. For example this could be observed, kernel BUG at include/linux/skbuff.h:3131! (skb_orphan) RIP: 0010:ip6_rcv_core+0x11bc/0x19a0 Call Trace: ipv6_list_rcv+0x250/0x3f0 __netif_receive_skb_list_core+0x49d/0x8f0 netif_receive_skb_list_internal+0x634/0xd40 napi_complete_done+0x1d2/0x7d0 gro_cell_poll+0x118/0x1f0 A similar construction is found in skb_gro_receive, apply the same change there. Fixes: 5e10da5385d2 ("skbuff: allow 'slow_gro' for skb carring sock reference") Signed-off-by: Antoine Tenart <atenart(a)kernel.org> Reviewed-by: Willem de Bruijn <willemb(a)google.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/net/core/gro.c b/net/core/gro.c index ee30d4f0c038..83f35d99a682 100644 --- a/net/core/gro.c +++ b/net/core/gro.c @@ -192,8 +192,9 @@ int skb_gro_receive(struct sk_buff *p, struct sk_buff *skb) } merge: - /* sk owenrship - if any - completely transferred to the aggregated packet */ + /* sk ownership - if any - completely transferred to the aggregated packet */ skb->destructor = NULL; + skb->sk = NULL; delta_truesize = skb->truesize; if (offset > headlen) { unsigned int eat = offset - headlen; diff --git a/net/ipv4/udp_offload.c b/net/ipv4/udp_offload.c index e9719afe91cf..3bb69464930b 100644 --- a/net/ipv4/udp_offload.c +++ b/net/ipv4/udp_offload.c @@ -449,8 +449,9 @@ static int skb_gro_receive_list(struct sk_buff *p, struct sk_buff *skb) NAPI_GRO_CB(p)->count++; p->data_len += skb->len; - /* sk owenrship - if any - completely transferred to the aggregated packet */ + /* sk ownership - if any - completely transferred to the aggregated packet */ skb->destructor = NULL; + skb->sk = NULL; p->truesize += skb->truesize; p->len += skb->len;

1 year, 2 months

3
2
0 0

FAILED: patch "[PATCH] mm/secretmem: fix GUP-fast succeeding on secretmem folios" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 65291dcfcf8936e1b23cfd7718fdfde7cfaf7706 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040819-elf-bamboo-00f6@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 65291dcfcf89 ("mm/secretmem: fix GUP-fast succeeding on secretmem folios") 8f9ff2deb8b9 ("secretmem: convert page_is_secretmem() to folio_is_secretmem()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 65291dcfcf8936e1b23cfd7718fdfde7cfaf7706 Mon Sep 17 00:00:00 2001 From: David Hildenbrand <david(a)redhat.com> Date: Tue, 26 Mar 2024 15:32:08 +0100 Subject: [PATCH] mm/secretmem: fix GUP-fast succeeding on secretmem folios folio_is_secretmem() currently relies on secretmem folios being LRU folios, to save some cycles. However, folios might reside in a folio batch without the LRU flag set, or temporarily have their LRU flag cleared. Consequently, the LRU flag is unreliable for this purpose. In particular, this is the case when secretmem_fault() allocates a fresh page and calls filemap_add_folio()->folio_add_lru(). The folio might be added to the per-cpu folio batch and won't get the LRU flag set until the batch was drained using e.g., lru_add_drain(). Consequently, folio_is_secretmem() might not detect secretmem folios and GUP-fast can succeed in grabbing a secretmem folio, crashing the kernel when we would later try reading/writing to the folio, because the folio has been unmapped from the directmap. Fix it by removing that unreliable check. Link: https://lkml.kernel.org/r/20240326143210.291116-2-david@redhat.com Fixes: 1507f51255c9 ("mm: introduce memfd_secret system call to create "secret" memory areas") Signed-off-by: David Hildenbrand <david(a)redhat.com> Reported-by: xingwei lee <xrivendell7(a)gmail.com> Reported-by: yue sun <samsun1006219(a)gmail.com> Closes: https://lore.kernel.org/lkml/CABOYnLyevJeravW=QrH0JUPYEcDN160aZFb7kwndm-J2r… Debugged-by: Miklos Szeredi <miklos(a)szeredi.hu> Tested-by: Miklos Szeredi <mszeredi(a)redhat.com> Reviewed-by: Mike Rapoport (IBM) <rppt(a)kernel.org> Cc: Lorenzo Stoakes <lstoakes(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/include/linux/secretmem.h b/include/linux/secretmem.h index 35f3a4a8ceb1..acf7e1a3f3de 100644 --- a/include/linux/secretmem.h +++ b/include/linux/secretmem.h @@ -13,10 +13,10 @@ static inline bool folio_is_secretmem(struct folio *folio) /* * Using folio_mapping() is quite slow because of the actual call * instruction. - * We know that secretmem pages are not compound and LRU so we can + * We know that secretmem pages are not compound, so we can * save a couple of cycles here. */ - if (folio_test_large(folio) || !folio_test_lru(folio)) + if (folio_test_large(folio)) return false; mapping = (struct address_space *)

1 year, 2 months

3
4
0 0

FAILED: patch "[PATCH] x86/bugs: Fix the SRSO mitigation on Zen3/4" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 4535e1a4174c4111d92c5a9a21e542d232e0fcaa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024033031-efficient-gallows-6872@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4535e1a4174c4111d92c5a9a21e542d232e0fcaa Mon Sep 17 00:00:00 2001 From: "Borislav Petkov (AMD)" <bp(a)alien8.de> Date: Thu, 28 Mar 2024 13:59:05 +0100 Subject: [PATCH] x86/bugs: Fix the SRSO mitigation on Zen3/4 The original version of the mitigation would patch in the calls to the untraining routines directly. That is, the alternative() in UNTRAIN_RET will patch in the CALL to srso_alias_untrain_ret() directly. However, even if commit e7c25c441e9e ("x86/cpu: Cleanup the untrain mess") meant well in trying to clean up the situation, due to micro- architectural reasons, the untraining routine srso_alias_untrain_ret() must be the target of a CALL instruction and not of a JMP instruction as it is done now. Reshuffle the alternative macros to accomplish that. Fixes: e7c25c441e9e ("x86/cpu: Cleanup the untrain mess") Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Reviewed-by: Ingo Molnar <mingo(a)kernel.org> Cc: stable(a)kernel.org Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/arch/x86/include/asm/asm-prototypes.h b/arch/x86/include/asm/asm-prototypes.h index 076bf8dee702..25466c4d2134 100644 --- a/arch/x86/include/asm/asm-prototypes.h +++ b/arch/x86/include/asm/asm-prototypes.h @@ -14,6 +14,7 @@ #include <asm/asm.h> #include <asm/fred.h> #include <asm/gsseg.h> +#include <asm/nospec-branch.h> #ifndef CONFIG_X86_CMPXCHG64 extern void cmpxchg8b_emu(void); diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h index fc3a8a3c7ffe..170c89ed22fc 100644 --- a/arch/x86/include/asm/nospec-branch.h +++ b/arch/x86/include/asm/nospec-branch.h @@ -262,11 +262,20 @@ .Lskip_rsb_\@: .endm +/* + * The CALL to srso_alias_untrain_ret() must be patched in directly at + * the spot where untraining must be done, ie., srso_alias_untrain_ret() + * must be the target of a CALL instruction instead of indirectly + * jumping to a wrapper which then calls it. Therefore, this macro is + * called outside of __UNTRAIN_RET below, for the time being, before the + * kernel can support nested alternatives with arbitrary nesting. + */ +.macro CALL_UNTRAIN_RET #if defined(CONFIG_MITIGATION_UNRET_ENTRY) || defined(CONFIG_MITIGATION_SRSO) -#define CALL_UNTRAIN_RET "call entry_untrain_ret" -#else -#define CALL_UNTRAIN_RET "" + ALTERNATIVE_2 "", "call entry_untrain_ret", X86_FEATURE_UNRET, \ + "call srso_alias_untrain_ret", X86_FEATURE_SRSO_ALIAS #endif +.endm /* * Mitigate RETBleed for AMD/Hygon Zen uarch. Requires KERNEL CR3 because the @@ -282,8 +291,8 @@ .macro __UNTRAIN_RET ibpb_feature, call_depth_insns #if defined(CONFIG_MITIGATION_RETHUNK) || defined(CONFIG_MITIGATION_IBPB_ENTRY) VALIDATE_UNRET_END - ALTERNATIVE_3 "", \ - CALL_UNTRAIN_RET, X86_FEATURE_UNRET, \ + CALL_UNTRAIN_RET + ALTERNATIVE_2 "", \ "call entry_ibpb", \ibpb_feature, \ __stringify(\call_depth_insns), X86_FEATURE_CALL_DEPTH #endif @@ -342,6 +351,8 @@ extern void retbleed_return_thunk(void); static inline void retbleed_return_thunk(void) {} #endif +extern void srso_alias_untrain_ret(void); + #ifdef CONFIG_MITIGATION_SRSO extern void srso_return_thunk(void); extern void srso_alias_return_thunk(void); diff --git a/arch/x86/lib/retpoline.S b/arch/x86/lib/retpoline.S index 721b528da9ac..02cde194a99e 100644 --- a/arch/x86/lib/retpoline.S +++ b/arch/x86/lib/retpoline.S @@ -163,6 +163,7 @@ SYM_CODE_START_NOALIGN(srso_alias_untrain_ret) lfence jmp srso_alias_return_thunk SYM_FUNC_END(srso_alias_untrain_ret) +__EXPORT_THUNK(srso_alias_untrain_ret) .popsection .pushsection .text..__x86.rethunk_safe @@ -224,10 +225,12 @@ SYM_CODE_START(srso_return_thunk) SYM_CODE_END(srso_return_thunk) #define JMP_SRSO_UNTRAIN_RET "jmp srso_untrain_ret" -#define JMP_SRSO_ALIAS_UNTRAIN_RET "jmp srso_alias_untrain_ret" #else /* !CONFIG_MITIGATION_SRSO */ +/* Dummy for the alternative in CALL_UNTRAIN_RET. */ +SYM_CODE_START(srso_alias_untrain_ret) + RET +SYM_FUNC_END(srso_alias_untrain_ret) #define JMP_SRSO_UNTRAIN_RET "ud2" -#define JMP_SRSO_ALIAS_UNTRAIN_RET "ud2" #endif /* CONFIG_MITIGATION_SRSO */ #ifdef CONFIG_MITIGATION_UNRET_ENTRY @@ -319,9 +322,7 @@ SYM_FUNC_END(retbleed_untrain_ret) #if defined(CONFIG_MITIGATION_UNRET_ENTRY) || defined(CONFIG_MITIGATION_SRSO) SYM_FUNC_START(entry_untrain_ret) - ALTERNATIVE_2 JMP_RETBLEED_UNTRAIN_RET, \ - JMP_SRSO_UNTRAIN_RET, X86_FEATURE_SRSO, \ - JMP_SRSO_ALIAS_UNTRAIN_RET, X86_FEATURE_SRSO_ALIAS + ALTERNATIVE JMP_RETBLEED_UNTRAIN_RET, JMP_SRSO_UNTRAIN_RET, X86_FEATURE_SRSO SYM_FUNC_END(entry_untrain_ret) __EXPORT_THUNK(entry_untrain_ret)

1 year, 2 months

3
3
0 0

stable v6.6.24 regression: boot fails: bisected to "x86/mpparse: Register APIC address only once"

by Wolfgang Walter

Hello, after upgrading to v6.6.24 from v6.6.23 some old boxes (i686; Intel Celeron M) stop to boot: They hang after: Decompressing Linux... Parsing ELF... No relocation needed... done. Booting the kernel (entry_offset: 0x00000000). After some minutes they reboot. I bisected this down to commit bebb5af001dc6cb4f505bb21c4d5e2efbdc112e2 Author: Thomas Gleixner <tglx(a)linutronix.de> Date: Fri Mar 22 19:56:39 2024 +0100 x86/mpparse: Register APIC address only once [ Upstream commit f2208aa12c27bfada3c15c550c03ca81d42dcac2 ] The APIC address is registered twice. First during the early detection and afterwards when actually scanning the table for APIC IDs. The APIC and topology core warn about the second attempt. Restrict it to the early detection call. Fixes: 81287ad65da5 ("x86/apic: Sanitize APIC address setup") Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Tested-by: Guenter Roeck <linux(a)roeck-us.net> Link: https://lore.kernel.org/r/20240322185305.297774848@linutronix.de Signed-off-by: Sasha Levin <sashal(a)kernel.org> Reverting this commit in v6.6.24 solves the problem. Regards, -- Wolfgang Walter Studierendenwerk München Oberbayern Anstalt des öffentlichen Rechts

1 year, 2 months

3
9
0 0

FAILED: patch "[PATCH] mm/secretmem: fix GUP-fast succeeding on secretmem folios" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 65291dcfcf8936e1b23cfd7718fdfde7cfaf7706 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040823-spilt-marsupial-8d2f@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 65291dcfcf89 ("mm/secretmem: fix GUP-fast succeeding on secretmem folios") 8f9ff2deb8b9 ("secretmem: convert page_is_secretmem() to folio_is_secretmem()") b0496fe4effd ("mm/gup: Convert gup_pte_range() to use a folio") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 65291dcfcf8936e1b23cfd7718fdfde7cfaf7706 Mon Sep 17 00:00:00 2001 From: David Hildenbrand <david(a)redhat.com> Date: Tue, 26 Mar 2024 15:32:08 +0100 Subject: [PATCH] mm/secretmem: fix GUP-fast succeeding on secretmem folios folio_is_secretmem() currently relies on secretmem folios being LRU folios, to save some cycles. However, folios might reside in a folio batch without the LRU flag set, or temporarily have their LRU flag cleared. Consequently, the LRU flag is unreliable for this purpose. In particular, this is the case when secretmem_fault() allocates a fresh page and calls filemap_add_folio()->folio_add_lru(). The folio might be added to the per-cpu folio batch and won't get the LRU flag set until the batch was drained using e.g., lru_add_drain(). Consequently, folio_is_secretmem() might not detect secretmem folios and GUP-fast can succeed in grabbing a secretmem folio, crashing the kernel when we would later try reading/writing to the folio, because the folio has been unmapped from the directmap. Fix it by removing that unreliable check. Link: https://lkml.kernel.org/r/20240326143210.291116-2-david@redhat.com Fixes: 1507f51255c9 ("mm: introduce memfd_secret system call to create "secret" memory areas") Signed-off-by: David Hildenbrand <david(a)redhat.com> Reported-by: xingwei lee <xrivendell7(a)gmail.com> Reported-by: yue sun <samsun1006219(a)gmail.com> Closes: https://lore.kernel.org/lkml/CABOYnLyevJeravW=QrH0JUPYEcDN160aZFb7kwndm-J2r… Debugged-by: Miklos Szeredi <miklos(a)szeredi.hu> Tested-by: Miklos Szeredi <mszeredi(a)redhat.com> Reviewed-by: Mike Rapoport (IBM) <rppt(a)kernel.org> Cc: Lorenzo Stoakes <lstoakes(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/include/linux/secretmem.h b/include/linux/secretmem.h index 35f3a4a8ceb1..acf7e1a3f3de 100644 --- a/include/linux/secretmem.h +++ b/include/linux/secretmem.h @@ -13,10 +13,10 @@ static inline bool folio_is_secretmem(struct folio *folio) /* * Using folio_mapping() is quite slow because of the actual call * instruction. - * We know that secretmem pages are not compound and LRU so we can + * We know that secretmem pages are not compound, so we can * save a couple of cycles here. */ - if (folio_test_large(folio) || !folio_test_lru(folio)) + if (folio_test_large(folio)) return false; mapping = (struct address_space *)

1 year, 2 months

2
1
0 0

[PATCH v6.1.y 0/14 ] ACPI: resource: Add IRQ override quirks (backport changes from v6.9-rc3)

by kovalev＠altlinux.org

Added support internal keyboard for the following models: Asus ExpertBook (B1502CBA, B1502CGA, B1502CVA, B2402FBA, B2502FBA), Asus Vivobook (E1504GA, E1504GA, E1504GAB), TongFang GM6BGEQ / PCSpecialist Elimina Pro 16 M, RTX 3050, TongFang GM6BG5Q, RTX 4050, TongFang GM6BG0Q / PCSpecialist Elimina Pro 16 M, RTX 4060, Maibenben X565. Successfully tested on the available Asus ExpertBook B1502CVA model. [PATCH 6.1.y 01/14] ACPI: resource: Skip IRQ override on Asus Expertbook [PATCH 6.1.y 02/14] ACPI: resource: Skip IRQ override on ASUS ExpertBook [PATCH 6.1.y 03/14] ACPI: resource: Always use MADT override IRQ settings [PATCH 6.1.y 04/14] ACPI: resource: Honor MADT INT_SRC_OVR settings for [PATCH 6.1.y 05/14] ACPI: resource: Add IRQ override quirk for PCSpecialist [PATCH 6.1.y 06/14] ACPI: resource: Fix IRQ override quirk for PCSpecialist [PATCH 6.1.y 07/14] ACPI: resource: Consolidate IRQ trigger-type override [PATCH 6.1.y 08/14] ACPI: resource: Drop .ident values from dmi_system_id [PATCH 6.1.y 09/14] ACPI: resource: Add TongFang GM6BGEQ, GM6BG5Q and [PATCH 6.1.y 10/14] ACPI: resource: Add DMI quirks for ASUS Vivobook [PATCH 6.1.y 11/14] ACPI: resource: Skip IRQ override on ASUS ExpertBook [PATCH 6.1.y 12/14] ACPI: resource: Skip IRQ override on ASUS ExpertBook [PATCH 6.1.y 13/14] ACPI: resource: Add IRQ override quirk for ASUS [PATCH 6.1.y 14/14] ACPI: resource: Use IRQ override on Maibenben X565

1 year, 2 months

1
14
0 0

[PATCH v6.6.y 0/7 ] ACPI: resource: Add IRQ override quirks (backport changes from v6.9-rc3)

by kovalev＠altlinux.org

Added support internal keyboard for the following models: Asus ExpertBook (B1502CGA, B1502CVA, B2502FBA), Asus Vivobook (E1504GA, E1504GAB), Maibenben X565. Successfully tested on the available Asus ExpertBook B1502CVA model. [PATCH 6.6.y 1/7] ACPI: resource: Consolidate IRQ trigger-type override DMI [PATCH 6.6.y 2/7] ACPI: resource: Drop .ident values from dmi_system_id [PATCH 6.6.y 3/7] ACPI: resource: Add DMI quirks for ASUS Vivobook E1504GA [PATCH 6.6.y 4/7] ACPI: resource: Skip IRQ override on ASUS ExpertBook [PATCH 6.6.y 5/7] ACPI: resource: Skip IRQ override on ASUS ExpertBook [PATCH 6.6.y 6/7] ACPI: resource: Add IRQ override quirk for ASUS [PATCH 6.6.y 7/7] ACPI: resource: Use IRQ override on Maibenben X565

1 year, 2 months

1
7
0 0

[PATCH v6.8.y 0/3 ] ACPI: resource: Add IRQ override quirks (backport changes from v6.9-rc3)

by kovalev＠altlinux.org

Added support internal keyboard for the following models: Asus ExpertBook (B1502CVA, B2502FBA), Maibenben X565. Successfully tested on the available Asus ExpertBook B1502CVA model. [PATCH 6.8.y 1/3] ACPI: resource: Skip IRQ override on ASUS ExpertBook [PATCH 6.8.y 2/3] ACPI: resource: Add IRQ override quirk for ASUS [PATCH 6.8.y 3/3] ACPI: resource: Use IRQ override on Maibenben X565

1 year, 2 months

1
3
0 0

FAILED: patch "[PATCH] drm/xe: Make TLB invalidation fences unordered" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x fd1c8085113fb7c803fd81280f7e0bb25a5797ab # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040820-unfocused-ricotta-37e3@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: fd1c8085113f ("drm/xe: Make TLB invalidation fences unordered") 6240c2c43fd0 ("drm/xe: Document nested struct members according to guidelines") 997a55caa1c3 ("drm/xe/gsc: Initialize GSC proxy") 7c0f97cb62dc ("drm/xe: Invert access counter queue head / tail") 1fd77ceaf0d8 ("drm/xe: Invert page fault queue head / tail") 6ae24344e2e3 ("drm/xe: Add exec_queue.sched_props.job_timeout_ms") a8004af338f6 ("drm/xe: Fix modifying exec_queue priority in xe_migrate_init") b16483f9f812 ("drm/xe: Fix guc_exec_queue_set_priority") 9d612ee52c60 ("drm/xe: Annotate multiple mmio pointers with __iomem") fa78e188d8d1 ("drm/xe/dgfx: Release mmap mappings on rpm suspend") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fd1c8085113fb7c803fd81280f7e0bb25a5797ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Hellstr=C3=B6m?= <thomas.hellstrom(a)linux.intel.com> Date: Wed, 27 Mar 2024 10:11:35 +0100 Subject: [PATCH] drm/xe: Make TLB invalidation fences unordered MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit They can actually complete out-of-order, so allocate a unique fence context for each fence. Fixes: 5387e865d90e ("drm/xe: Add TLB invalidation fence after rebinds issued from execs") Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.8+ Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Reviewed-by: Matthew Brost <matthew.brost(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240327091136.3271-4-thomas.… (cherry picked from commit 0453f1757501df2e82b66b3183a24bba5a6f8fa3) Signed-off-by: Lucas De Marchi <lucas.demarchi(a)intel.com> diff --git a/drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c b/drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c index f03e077f81a0..e598a4363d01 100644 --- a/drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c +++ b/drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c @@ -61,7 +61,6 @@ int xe_gt_tlb_invalidation_init(struct xe_gt *gt) INIT_LIST_HEAD(&gt->tlb_invalidation.pending_fences); spin_lock_init(&gt->tlb_invalidation.pending_lock); spin_lock_init(&gt->tlb_invalidation.lock); - gt->tlb_invalidation.fence_context = dma_fence_context_alloc(1); INIT_DELAYED_WORK(&gt->tlb_invalidation.fence_tdr, xe_gt_tlb_fence_timeout); diff --git a/drivers/gpu/drm/xe/xe_gt_types.h b/drivers/gpu/drm/xe/xe_gt_types.h index 70c615dd1498..07b2f724ec45 100644 --- a/drivers/gpu/drm/xe/xe_gt_types.h +++ b/drivers/gpu/drm/xe/xe_gt_types.h @@ -177,13 +177,6 @@ struct xe_gt { * xe_gt_tlb_fence_timeout after the timeut interval is over. */ struct delayed_work fence_tdr; - /** @tlb_invalidation.fence_context: context for TLB invalidation fences */ - u64 fence_context; - /** - * @tlb_invalidation.fence_seqno: seqno to TLB invalidation fences, protected by - * tlb_invalidation.lock - */ - u32 fence_seqno; /** @tlb_invalidation.lock: protects TLB invalidation fences */ spinlock_t lock; } tlb_invalidation; diff --git a/drivers/gpu/drm/xe/xe_pt.c b/drivers/gpu/drm/xe/xe_pt.c index 5fc4ad1e4298..29d1a31f9804 100644 --- a/drivers/gpu/drm/xe/xe_pt.c +++ b/drivers/gpu/drm/xe/xe_pt.c @@ -1135,8 +1135,7 @@ static int invalidation_fence_init(struct xe_gt *gt, spin_lock_irq(&gt->tlb_invalidation.lock); dma_fence_init(&ifence->base.base, &invalidation_fence_ops, &gt->tlb_invalidation.lock, - gt->tlb_invalidation.fence_context, - ++gt->tlb_invalidation.fence_seqno); + dma_fence_context_alloc(1), 1); spin_unlock_irq(&gt->tlb_invalidation.lock); INIT_LIST_HEAD(&ifence->base.link);

1 year, 2 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915/mst: Reject FEC+MST on ICL" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 99f855082f228cdcecd6ab768d3b8b505e0eb028 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040803-tackling-bogged-527d@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 99f855082f22 ("drm/i915/mst: Reject FEC+MST on ICL") 126f94e87e79 ("drm/i915: Fix FEC pipe A vs. DDI A mixup") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 99f855082f228cdcecd6ab768d3b8b505e0eb028 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= <ville.syrjala(a)linux.intel.com> Date: Tue, 2 Apr 2024 16:51:47 +0300 Subject: [PATCH] drm/i915/mst: Reject FEC+MST on ICL MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ICL supposedly doesn't support FEC on MST. Reject it. Cc: stable(a)vger.kernel.org Fixes: d51f25eb479a ("drm/i915: Add DSC support to MST path") Reviewed-by: Uma Shankar <uma.shankar(a)intel.com> Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240402135148.23011-7-ville.… (cherry picked from commit b648ce2a28ba83c4fa67c61fcc5983e15e9d4afb) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_dp.c b/drivers/gpu/drm/i915/display/intel_dp.c index 36afbb68d87d..abd62bebc46d 100644 --- a/drivers/gpu/drm/i915/display/intel_dp.c +++ b/drivers/gpu/drm/i915/display/intel_dp.c @@ -1422,7 +1422,8 @@ static bool intel_dp_source_supports_fec(struct intel_dp *intel_dp, if (DISPLAY_VER(dev_priv) >= 12) return true; - if (DISPLAY_VER(dev_priv) == 11 && encoder->port != PORT_A) + if (DISPLAY_VER(dev_priv) == 11 && encoder->port != PORT_A && + !intel_crtc_has_type(pipe_config, INTEL_OUTPUT_DP_MST)) return true; return false;

1 year, 2 months

1
0
0 0

FAILED: patch "[PATCH] drm/i915/mst: Limit MST+DSC to TGL+" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 51bc63392e96ca45d7be98bc43c180b174ffca09 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040851-nail-pectin-26a4@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 51bc63392e96 ("drm/i915/mst: Limit MST+DSC to TGL+") d19daffc89fe ("drm/i915/dp_mst: Use connector DSC DPCD in intel_dp_mst_mode_valid_ctx()") 8d5284765a43 ("drm/i915/dp: Use consistent name for link bpp and compressed bpp") 3a4b4809c8cc ("drm/i915/dp: Move compressed bpp check with 420 format inside the helper") a1476c2a9715 ("drm/i915/dp: Consider output_format while computing dsc bpp") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 51bc63392e96ca45d7be98bc43c180b174ffca09 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= <ville.syrjala(a)linux.intel.com> Date: Tue, 2 Apr 2024 16:51:46 +0300 Subject: [PATCH] drm/i915/mst: Limit MST+DSC to TGL+ MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The MST code currently assumes that glk+ already supports MST+DSC, which is incorrect. We need to check for TGL+ actually. ICL does support SST+DSC, but supposedly it can't do MST+FEC which will also rule out MST+DSC. Note that a straight TGL+ check doesn't work here because DSC support can get fused out, so we do need to also check 'has_dsc'. Cc: stable(a)vger.kernel.org Fixes: d51f25eb479a ("drm/i915: Add DSC support to MST path") Reviewed-by: Uma Shankar <uma.shankar(a)intel.com> Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240402135148.23011-6-ville.… (cherry picked from commit c9c92f286dbdf872390ef3e74dbe5f0641e46f55) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/i915/display/intel_display_device.h b/drivers/gpu/drm/i915/display/intel_display_device.h index fe4268813786..9b1bce2624b9 100644 --- a/drivers/gpu/drm/i915/display/intel_display_device.h +++ b/drivers/gpu/drm/i915/display/intel_display_device.h @@ -47,6 +47,7 @@ struct drm_printer; #define HAS_DPT(i915) (DISPLAY_VER(i915) >= 13) #define HAS_DSB(i915) (DISPLAY_INFO(i915)->has_dsb) #define HAS_DSC(__i915) (DISPLAY_RUNTIME_INFO(__i915)->has_dsc) +#define HAS_DSC_MST(__i915) (DISPLAY_VER(__i915) >= 12 && HAS_DSC(__i915)) #define HAS_FBC(i915) (DISPLAY_RUNTIME_INFO(i915)->fbc_mask != 0) #define HAS_FPGA_DBG_UNCLAIMED(i915) (DISPLAY_INFO(i915)->has_fpga_dbg) #define HAS_FW_BLC(i915) (DISPLAY_VER(i915) >= 3) diff --git a/drivers/gpu/drm/i915/display/intel_dp_mst.c b/drivers/gpu/drm/i915/display/intel_dp_mst.c index 53aec023ce92..b651c990af85 100644 --- a/drivers/gpu/drm/i915/display/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/display/intel_dp_mst.c @@ -1355,7 +1355,7 @@ intel_dp_mst_mode_valid_ctx(struct drm_connector *connector, return 0; } - if (DISPLAY_VER(dev_priv) >= 10 && + if (HAS_DSC_MST(dev_priv) && drm_dp_sink_supports_dsc(intel_connector->dp.dsc_dpcd)) { /* * TBD pass the connector BPC,

1 year, 2 months

1
0
0 0

FAILED: patch "[PATCH] smb: client: fix potential UAF in cifs_dump_full_key()" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 58acd1f497162e7d282077f816faa519487be045 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040829-upcoming-gnat-69ec@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 58acd1f49716 ("smb: client: fix potential UAF in cifs_dump_full_key()") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") 8e3554150d6c ("cifs: fix sharing of DFS connections") 2f4e429c8469 ("cifs: lock chan_lock outside match_session") 396935de1455 ("cifs: fix use-after-free bug in refresh_cache_worker()") b56bce502f55 ("cifs: set DFS root session in cifs_get_smb_ses()") b9ee2e307c6b ("cifs: improve checking of DFS links over STATUS_OBJECT_NAME_INVALID") 7ad54b98fc1f ("cifs: use origin fullpath for automounts") 466611e4af82 ("cifs: fix source pathname comparison of dfs supers") 6916881f443f ("cifs: fix refresh of cached referrals") cb3f6d876452 ("cifs: don't refresh cached referrals from unactive mounts") a1c0d00572fc ("cifs: share dfs connections and supers") a73a26d97eca ("cifs: split out ses and tcon retrieval from mount_get_conns()") 2301bc103ac4 ("cifs: remove unused smb3_fs_context::mount_options") abdb1742a312 ("cifs: get rid of mount options string parsing") 9fd29a5bae6e ("cifs: use fs_context for automounts") c877ce47e137 ("cifs: reduce roundtrips on create/qinfo requests") 83fb8abec293 ("cifs: Add "extbuf" and "extbuflen" args to smb2_compound_op()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 58acd1f497162e7d282077f816faa519487be045 Mon Sep 17 00:00:00 2001 From: Paulo Alcantara <pc(a)manguebit.com> Date: Tue, 2 Apr 2024 16:33:54 -0300 Subject: [PATCH] smb: client: fix potential UAF in cifs_dump_full_key() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF. Cc: stable(a)vger.kernel.org Signed-off-by: Paulo Alcantara (Red Hat) <pc(a)manguebit.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/ioctl.c b/fs/smb/client/ioctl.c index c012dfdba80d..855ac5a62edf 100644 --- a/fs/smb/client/ioctl.c +++ b/fs/smb/client/ioctl.c @@ -247,7 +247,9 @@ static int cifs_dump_full_key(struct cifs_tcon *tcon, struct smb3_full_key_debug spin_lock(&cifs_tcp_ses_lock); list_for_each_entry(server_it, &cifs_tcp_ses_list, tcp_ses_list) { list_for_each_entry(ses_it, &server_it->smb_ses_list, smb_ses_list) { - if (ses_it->Suid == out.session_id) { + spin_lock(&ses_it->ses_lock); + if (ses_it->ses_status != SES_EXITING && + ses_it->Suid == out.session_id) { ses = ses_it; /* * since we are using the session outside the crit @@ -255,9 +257,11 @@ static int cifs_dump_full_key(struct cifs_tcon *tcon, struct smb3_full_key_debug * so increment its refcount */ cifs_smb_ses_inc_refcount(ses); + spin_unlock(&ses_it->ses_lock); found = true; goto search_end; } + spin_unlock(&ses_it->ses_lock); } } search_end:

1 year, 2 months

1
0
0 0

FAILED: patch "[PATCH] smb: client: refresh referral without acquiring refpath_lock" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 0a05ad21d77a188d06481c36d6016805a881bcc0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040810-corporate-splinter-3a5f@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 0a05ad21d77a ("smb: client: refresh referral without acquiring refpath_lock") 062a7f0ff46e ("smb: client: guarantee refcounted children from parent session") d8392c203e84 ("smb3: show beginning time for per share stats") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0a05ad21d77a188d06481c36d6016805a881bcc0 Mon Sep 17 00:00:00 2001 From: Paulo Alcantara <pc(a)manguebit.com> Date: Mon, 1 Apr 2024 22:44:07 -0300 Subject: [PATCH] smb: client: refresh referral without acquiring refpath_lock Avoid refreshing DFS referral with refpath_lock acquired as the I/O could block for a while due to a potentially disconnected or slow DFS root server and then making other threads - that use same @server and don't require a DFS root server - unable to make any progress. Cc: stable(a)vger.kernel.org # 6.4+ Signed-off-by: Paulo Alcantara (Red Hat) <pc(a)manguebit.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/dfs_cache.c b/fs/smb/client/dfs_cache.c index 0552a864ff08..11c8efecf7aa 100644 --- a/fs/smb/client/dfs_cache.c +++ b/fs/smb/client/dfs_cache.c @@ -1172,8 +1172,8 @@ static bool is_ses_good(struct cifs_ses *ses) return ret; } -/* Refresh dfs referral of tcon and mark it for reconnect if needed */ -static int __refresh_tcon(const char *path, struct cifs_ses *ses, bool force_refresh) +/* Refresh dfs referral of @ses and mark it for reconnect if needed */ +static void __refresh_ses_referral(struct cifs_ses *ses, bool force_refresh) { struct TCP_Server_Info *server = ses->server; DFS_CACHE_TGT_LIST(old_tl); @@ -1181,10 +1181,21 @@ static int __refresh_tcon(const char *path, struct cifs_ses *ses, bool force_ref bool needs_refresh = false; struct cache_entry *ce; unsigned int xid; + char *path = NULL; int rc = 0; xid = get_xid(); + mutex_lock(&server->refpath_lock); + if (server->leaf_fullpath) { + path = kstrdup(server->leaf_fullpath + 1, GFP_ATOMIC); + if (!path) + rc = -ENOMEM; + } + mutex_unlock(&server->refpath_lock); + if (!path) + goto out; + down_read(&htable_rw_lock); ce = lookup_cache_entry(path); needs_refresh = force_refresh || IS_ERR(ce) || cache_entry_expired(ce); @@ -1218,19 +1229,17 @@ static int __refresh_tcon(const char *path, struct cifs_ses *ses, bool force_ref free_xid(xid); dfs_cache_free_tgts(&old_tl); dfs_cache_free_tgts(&new_tl); - return rc; + kfree(path); } -static int refresh_tcon(struct cifs_tcon *tcon, bool force_refresh) +static inline void refresh_ses_referral(struct cifs_ses *ses) { - struct TCP_Server_Info *server = tcon->ses->server; - struct cifs_ses *ses = tcon->ses; + __refresh_ses_referral(ses, false); +} - mutex_lock(&server->refpath_lock); - if (server->leaf_fullpath) - __refresh_tcon(server->leaf_fullpath + 1, ses, force_refresh); - mutex_unlock(&server->refpath_lock); - return 0; +static inline void force_refresh_ses_referral(struct cifs_ses *ses) +{ + __refresh_ses_referral(ses, true); } /** @@ -1271,25 +1280,20 @@ int dfs_cache_remount_fs(struct cifs_sb_info *cifs_sb) */ cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_USE_PREFIX_PATH; - return refresh_tcon(tcon, true); + force_refresh_ses_referral(tcon->ses); + return 0; } /* Refresh all DFS referrals related to DFS tcon */ void dfs_cache_refresh(struct work_struct *work) { - struct TCP_Server_Info *server; struct cifs_tcon *tcon; struct cifs_ses *ses; tcon = container_of(work, struct cifs_tcon, dfs_cache_work.work); - for (ses = tcon->ses; ses; ses = ses->dfs_root_ses) { - server = ses->server; - mutex_lock(&server->refpath_lock); - if (server->leaf_fullpath) - __refresh_tcon(server->leaf_fullpath + 1, ses, false); - mutex_unlock(&server->refpath_lock); - } + for (ses = tcon->ses; ses; ses = ses->dfs_root_ses) + refresh_ses_referral(ses); queue_delayed_work(dfscache_wq, &tcon->dfs_cache_work, atomic_read(&dfs_cache_ttl) * HZ);

1 year, 2 months

1
0
0 0

FAILED: patch "[PATCH] smb: client: guarantee refcounted children from parent" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 062a7f0ff46eb57aff526897bd2bebfdb1d3046a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040857-earthworm-untimely-552b@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 062a7f0ff46e ("smb: client: guarantee refcounted children from parent session") d8392c203e84 ("smb3: show beginning time for per share stats") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 062a7f0ff46eb57aff526897bd2bebfdb1d3046a Mon Sep 17 00:00:00 2001 From: Paulo Alcantara <pc(a)manguebit.com> Date: Mon, 1 Apr 2024 22:37:42 -0500 Subject: [PATCH] smb: client: guarantee refcounted children from parent session Avoid potential use-after-free bugs when walking DFS referrals, mounting and performing DFS failover by ensuring that all children from parent @tcon->ses are also refcounted. They're all needed across the entire DFS mount. Get rid of @tcon->dfs_ses_list while we're at it, too. Cc: stable(a)vger.kernel.org # 6.4+ Reported-by: kernel test robot <lkp(a)intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202404021527.ZlRkIxgv-lkp@intel.com/ Signed-off-by: Paulo Alcantara (Red Hat) <pc(a)manguebit.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/cifsglob.h b/fs/smb/client/cifsglob.h index 7ed9d05f6890..286afbe346be 100644 --- a/fs/smb/client/cifsglob.h +++ b/fs/smb/client/cifsglob.h @@ -1281,7 +1281,6 @@ struct cifs_tcon { struct cached_fids *cfids; /* BB add field for back pointer to sb struct(s)? */ #ifdef CONFIG_CIFS_DFS_UPCALL - struct list_head dfs_ses_list; struct delayed_work dfs_cache_work; #endif struct delayed_work query_interfaces; /* query interfaces workqueue job */ @@ -1804,7 +1803,6 @@ struct cifs_mount_ctx { struct TCP_Server_Info *server; struct cifs_ses *ses; struct cifs_tcon *tcon; - struct list_head dfs_ses_list; }; static inline void __free_dfs_info_param(struct dfs_info3_param *param) diff --git a/fs/smb/client/cifsproto.h b/fs/smb/client/cifsproto.h index 0723e1b57256..8e0a348f1f66 100644 --- a/fs/smb/client/cifsproto.h +++ b/fs/smb/client/cifsproto.h @@ -725,31 +725,31 @@ struct super_block *cifs_get_tcon_super(struct cifs_tcon *tcon); void cifs_put_tcon_super(struct super_block *sb); int cifs_wait_for_server_reconnect(struct TCP_Server_Info *server, bool retry); -/* Put references of @ses and @ses->dfs_root_ses */ +/* Put references of @ses and its children */ static inline void cifs_put_smb_ses(struct cifs_ses *ses) { - struct cifs_ses *rses = ses->dfs_root_ses; + struct cifs_ses *next; - __cifs_put_smb_ses(ses); - if (rses) - __cifs_put_smb_ses(rses); + do { + next = ses->dfs_root_ses; + __cifs_put_smb_ses(ses); + } while ((ses = next)); } -/* Get an active reference of @ses and @ses->dfs_root_ses. +/* Get an active reference of @ses and its children. * * NOTE: make sure to call this function when incrementing reference count of * @ses to ensure that any DFS root session attached to it (@ses->dfs_root_ses) * will also get its reference count incremented. * - * cifs_put_smb_ses() will put both references, so call it when you're done. + * cifs_put_smb_ses() will put all references, so call it when you're done. */ static inline void cifs_smb_ses_inc_refcount(struct cifs_ses *ses) { lockdep_assert_held(&cifs_tcp_ses_lock); - ses->ses_count++; - if (ses->dfs_root_ses) - ses->dfs_root_ses->ses_count++; + for (; ses; ses = ses->dfs_root_ses) + ses->ses_count++; } static inline bool dfs_src_pathname_equal(const char *s1, const char *s2) diff --git a/fs/smb/client/connect.c b/fs/smb/client/connect.c index ee29bc57300c..38b75cfa06e3 100644 --- a/fs/smb/client/connect.c +++ b/fs/smb/client/connect.c @@ -1866,6 +1866,9 @@ static int match_session(struct cifs_ses *ses, struct smb3_fs_context *ctx) ctx->sectype != ses->sectype) return 0; + if (ctx->dfs_root_ses != ses->dfs_root_ses) + return 0; + /* * If an existing session is limited to less channels than * requested, it should not be reused @@ -2358,9 +2361,9 @@ cifs_get_smb_ses(struct TCP_Server_Info *server, struct smb3_fs_context *ctx) * need to lock before changing something in the session. */ spin_lock(&cifs_tcp_ses_lock); + if (ctx->dfs_root_ses) + cifs_smb_ses_inc_refcount(ctx->dfs_root_ses); ses->dfs_root_ses = ctx->dfs_root_ses; - if (ses->dfs_root_ses) - ses->dfs_root_ses->ses_count++; list_add(&ses->smb_ses_list, &server->smb_ses_list); spin_unlock(&cifs_tcp_ses_lock); @@ -3311,6 +3314,9 @@ void cifs_mount_put_conns(struct cifs_mount_ctx *mnt_ctx) cifs_put_smb_ses(mnt_ctx->ses); else if (mnt_ctx->server) cifs_put_tcp_session(mnt_ctx->server, 0); + mnt_ctx->ses = NULL; + mnt_ctx->tcon = NULL; + mnt_ctx->server = NULL; mnt_ctx->cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_POSIX_PATHS; free_xid(mnt_ctx->xid); } @@ -3589,8 +3595,6 @@ int cifs_mount(struct cifs_sb_info *cifs_sb, struct smb3_fs_context *ctx) bool isdfs; int rc; - INIT_LIST_HEAD(&mnt_ctx.dfs_ses_list); - rc = dfs_mount_share(&mnt_ctx, &isdfs); if (rc) goto error; @@ -3621,7 +3625,6 @@ int cifs_mount(struct cifs_sb_info *cifs_sb, struct smb3_fs_context *ctx) return rc; error: - dfs_put_root_smb_sessions(&mnt_ctx.dfs_ses_list); cifs_mount_put_conns(&mnt_ctx); return rc; } @@ -3636,6 +3639,18 @@ int cifs_mount(struct cifs_sb_info *cifs_sb, struct smb3_fs_context *ctx) goto error; rc = cifs_mount_get_tcon(&mnt_ctx); + if (!rc) { + /* + * Prevent superblock from being created with any missing + * connections. + */ + if (WARN_ON(!mnt_ctx.server)) + rc = -EHOSTDOWN; + else if (WARN_ON(!mnt_ctx.ses)) + rc = -EACCES; + else if (WARN_ON(!mnt_ctx.tcon)) + rc = -ENOENT; + } if (rc) goto error; diff --git a/fs/smb/client/dfs.c b/fs/smb/client/dfs.c index 449c59830039..3ec965547e3d 100644 --- a/fs/smb/client/dfs.c +++ b/fs/smb/client/dfs.c @@ -66,33 +66,20 @@ static int get_session(struct cifs_mount_ctx *mnt_ctx, const char *full_path) } /* - * Track individual DFS referral servers used by new DFS mount. - * - * On success, their lifetime will be shared by final tcon (dfs_ses_list). - * Otherwise, they will be put by dfs_put_root_smb_sessions() in cifs_mount(). + * Get an active reference of @ses so that next call to cifs_put_tcon() won't + * release it as any new DFS referrals must go through its IPC tcon. */ -static int add_root_smb_session(struct cifs_mount_ctx *mnt_ctx) +static void add_root_smb_session(struct cifs_mount_ctx *mnt_ctx) { struct smb3_fs_context *ctx = mnt_ctx->fs_ctx; - struct dfs_root_ses *root_ses; struct cifs_ses *ses = mnt_ctx->ses; if (ses) { - root_ses = kmalloc(sizeof(*root_ses), GFP_KERNEL); - if (!root_ses) - return -ENOMEM; - - INIT_LIST_HEAD(&root_ses->list); - spin_lock(&cifs_tcp_ses_lock); cifs_smb_ses_inc_refcount(ses); spin_unlock(&cifs_tcp_ses_lock); - root_ses->ses = ses; - list_add_tail(&root_ses->list, &mnt_ctx->dfs_ses_list); } - /* Select new DFS referral server so that new referrals go through it */ ctx->dfs_root_ses = ses; - return 0; } static inline int parse_dfs_target(struct smb3_fs_context *ctx, @@ -185,11 +172,8 @@ static int __dfs_referral_walk(struct cifs_mount_ctx *mnt_ctx, continue; } - if (is_refsrv) { - rc = add_root_smb_session(mnt_ctx); - if (rc) - goto out; - } + if (is_refsrv) + add_root_smb_session(mnt_ctx); rc = ref_walk_advance(rw); if (!rc) { @@ -232,6 +216,7 @@ static int __dfs_mount_share(struct cifs_mount_ctx *mnt_ctx) struct smb3_fs_context *ctx = mnt_ctx->fs_ctx; struct cifs_tcon *tcon; char *origin_fullpath; + bool new_tcon = true; int rc; origin_fullpath = dfs_get_path(cifs_sb, ctx->source); @@ -239,6 +224,18 @@ static int __dfs_mount_share(struct cifs_mount_ctx *mnt_ctx) return PTR_ERR(origin_fullpath); rc = dfs_referral_walk(mnt_ctx); + if (!rc) { + /* + * Prevent superblock from being created with any missing + * connections. + */ + if (WARN_ON(!mnt_ctx->server)) + rc = -EHOSTDOWN; + else if (WARN_ON(!mnt_ctx->ses)) + rc = -EACCES; + else if (WARN_ON(!mnt_ctx->tcon)) + rc = -ENOENT; + } if (rc) goto out; @@ -247,15 +244,14 @@ static int __dfs_mount_share(struct cifs_mount_ctx *mnt_ctx) if (!tcon->origin_fullpath) { tcon->origin_fullpath = origin_fullpath; origin_fullpath = NULL; + } else { + new_tcon = false; } spin_unlock(&tcon->tc_lock); - if (list_empty(&tcon->dfs_ses_list)) { - list_replace_init(&mnt_ctx->dfs_ses_list, &tcon->dfs_ses_list); + if (new_tcon) { queue_delayed_work(dfscache_wq, &tcon->dfs_cache_work, dfs_cache_get_ttl() * HZ); - } else { - dfs_put_root_smb_sessions(&mnt_ctx->dfs_ses_list); } out: @@ -298,7 +294,6 @@ int dfs_mount_share(struct cifs_mount_ctx *mnt_ctx, bool *isdfs) if (rc) return rc; - ctx->dfs_root_ses = mnt_ctx->ses; /* * If called with 'nodfs' mount option, then skip DFS resolving. Otherwise unconditionally * try to get an DFS referral (even cached) to determine whether it is an DFS mount. @@ -324,7 +319,9 @@ int dfs_mount_share(struct cifs_mount_ctx *mnt_ctx, bool *isdfs) *isdfs = true; add_root_smb_session(mnt_ctx); - return __dfs_mount_share(mnt_ctx); + rc = __dfs_mount_share(mnt_ctx); + dfs_put_root_smb_sessions(mnt_ctx); + return rc; } /* Update dfs referral path of superblock */ diff --git a/fs/smb/client/dfs.h b/fs/smb/client/dfs.h index 875ab7ae57fc..e5c4dcf83750 100644 --- a/fs/smb/client/dfs.h +++ b/fs/smb/client/dfs.h @@ -7,7 +7,9 @@ #define _CIFS_DFS_H #include "cifsglob.h" +#include "cifsproto.h" #include "fs_context.h" +#include "dfs_cache.h" #include "cifs_unicode.h" #include <linux/namei.h> @@ -114,11 +116,6 @@ static inline void ref_walk_set_tgt_hint(struct dfs_ref_walk *rw) ref_walk_tit(rw)); } -struct dfs_root_ses { - struct list_head list; - struct cifs_ses *ses; -}; - int dfs_parse_target_referral(const char *full_path, const struct dfs_info3_param *ref, struct smb3_fs_context *ctx); int dfs_mount_share(struct cifs_mount_ctx *mnt_ctx, bool *isdfs); @@ -133,20 +130,32 @@ static inline int dfs_get_referral(struct cifs_mount_ctx *mnt_ctx, const char *p { struct smb3_fs_context *ctx = mnt_ctx->fs_ctx; struct cifs_sb_info *cifs_sb = mnt_ctx->cifs_sb; + struct cifs_ses *rses = ctx->dfs_root_ses ?: mnt_ctx->ses; - return dfs_cache_find(mnt_ctx->xid, ctx->dfs_root_ses, cifs_sb->local_nls, + return dfs_cache_find(mnt_ctx->xid, rses, cifs_sb->local_nls, cifs_remap(cifs_sb), path, ref, tl); } -static inline void dfs_put_root_smb_sessions(struct list_head *head) +/* + * cifs_get_smb_ses() already guarantees an active reference of + * @ses->dfs_root_ses when a new session is created, so we need to put extra + * references of all DFS root sessions that were used across the mount process + * in dfs_mount_share(). + */ +static inline void dfs_put_root_smb_sessions(struct cifs_mount_ctx *mnt_ctx) { - struct dfs_root_ses *root, *tmp; + const struct smb3_fs_context *ctx = mnt_ctx->fs_ctx; + struct cifs_ses *ses = ctx->dfs_root_ses; + struct cifs_ses *cur; - list_for_each_entry_safe(root, tmp, head, list) { - list_del_init(&root->list); - cifs_put_smb_ses(root->ses); - kfree(root); + if (!ses) + return; + + for (cur = ses; cur; cur = cur->dfs_root_ses) { + if (cur->dfs_root_ses) + cifs_put_smb_ses(cur->dfs_root_ses); } + cifs_put_smb_ses(ses); } #endif /* _CIFS_DFS_H */ diff --git a/fs/smb/client/dfs_cache.c b/fs/smb/client/dfs_cache.c index 508d831fabe3..0552a864ff08 100644 --- a/fs/smb/client/dfs_cache.c +++ b/fs/smb/client/dfs_cache.c @@ -1278,21 +1278,12 @@ int dfs_cache_remount_fs(struct cifs_sb_info *cifs_sb) void dfs_cache_refresh(struct work_struct *work) { struct TCP_Server_Info *server; - struct dfs_root_ses *rses; struct cifs_tcon *tcon; struct cifs_ses *ses; tcon = container_of(work, struct cifs_tcon, dfs_cache_work.work); - ses = tcon->ses; - server = ses->server; - mutex_lock(&server->refpath_lock); - if (server->leaf_fullpath) - __refresh_tcon(server->leaf_fullpath + 1, ses, false); - mutex_unlock(&server->refpath_lock); - - list_for_each_entry(rses, &tcon->dfs_ses_list, list) { - ses = rses->ses; + for (ses = tcon->ses; ses; ses = ses->dfs_root_ses) { server = ses->server; mutex_lock(&server->refpath_lock); if (server->leaf_fullpath) diff --git a/fs/smb/client/misc.c b/fs/smb/client/misc.c index c3771fc81328..1ea22b3955a2 100644 --- a/fs/smb/client/misc.c +++ b/fs/smb/client/misc.c @@ -138,9 +138,6 @@ tcon_info_alloc(bool dir_leases_enabled) atomic_set(&ret_buf->num_local_opens, 0); atomic_set(&ret_buf->num_remote_opens, 0); ret_buf->stats_from_time = ktime_get_real_seconds(); -#ifdef CONFIG_CIFS_DFS_UPCALL - INIT_LIST_HEAD(&ret_buf->dfs_ses_list); -#endif return ret_buf; } @@ -156,9 +153,6 @@ tconInfoFree(struct cifs_tcon *tcon) atomic_dec(&tconInfoAllocCount); kfree(tcon->nativeFileSystem); kfree_sensitive(tcon->password); -#ifdef CONFIG_CIFS_DFS_UPCALL - dfs_put_root_smb_sessions(&tcon->dfs_ses_list); -#endif kfree(tcon->origin_fullpath); kfree(tcon); }

1 year, 2 months

1
0
0 0

FAILED: patch "[PATCH] smb: client: fix UAF in smb2_reconnect_server()" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 24a9799aa8efecd0eb55a75e35f9d8e6400063aa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040843-empathic-duller-2cb9@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 24a9799aa8ef ("smb: client: fix UAF in smb2_reconnect_server()") 7257bcf3bdc7 ("cifs: cifs_chan_is_iface_active should be called with chan_lock held") 27e1fd343f80 ("cifs: after disabling multichannel, mark tcon for reconnect") fa1d0508bdd4 ("cifs: account for primary channel in the interface list") a6d8fb54a515 ("cifs: distribute channels across interfaces based on speed") c37ed2d7d098 ("smb: client: remove extra @chan_count check in __cifs_put_smb_ses()") ff7d80a9f271 ("cifs: fix session state transition to avoid use-after-free issue") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") 943fb67b0902 ("cifs: missing lock when updating session status") bc962159e8e3 ("cifs: avoid race conditions with parallel reconnects") 1bcd548d935a ("cifs: prevent data race in cifs_reconnect_tcon()") e77978de4765 ("cifs: update ip_addr for ses only for primary chan setup") 3c0070f54b31 ("cifs: prevent data race in smb2_reconnect()") 05844bd661d9 ("cifs: print last update time for interface list") 25cf01b7c920 ("cifs: set correct status of tcon ipc when reconnecting") abdb1742a312 ("cifs: get rid of mount options string parsing") 9fd29a5bae6e ("cifs: use fs_context for automounts") f391d6ee002e ("cifs: Use after free in debug code") 68e14569d7e5 ("smb3: add dynamic trace points for tree disconnect") 13609a8b3ac6 ("cifs: move from strlcpy with unused retval to strscpy") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 24a9799aa8efecd0eb55a75e35f9d8e6400063aa Mon Sep 17 00:00:00 2001 From: Paulo Alcantara <pc(a)manguebit.com> Date: Mon, 1 Apr 2024 14:13:10 -0300 Subject: [PATCH] smb: client: fix UAF in smb2_reconnect_server() The UAF bug is due to smb2_reconnect_server() accessing a session that is already being teared down by another thread that is executing __cifs_put_smb_ses(). This can happen when (a) the client has connection to the server but no session or (b) another thread ends up setting @ses->ses_status again to something different than SES_EXITING. To fix this, we need to make sure to unconditionally set @ses->ses_status to SES_EXITING and prevent any other threads from setting a new status while we're still tearing it down. The following can be reproduced by adding some delay to right after the ipc is freed in __cifs_put_smb_ses() - which will give smb2_reconnect_server() worker a chance to run and then accessing @ses->ipc: kinit ... mount.cifs //srv/share /mnt/1 -o sec=krb5,nohandlecache,echo_interval=10 [disconnect srv] ls /mnt/1 &>/dev/null sleep 30 kdestroy [reconnect srv] sleep 10 umount /mnt/1 ... CIFS: VFS: Verify user has a krb5 ticket and keyutils is installed CIFS: VFS: \\srv Send error in SessSetup = -126 CIFS: VFS: Verify user has a krb5 ticket and keyutils is installed CIFS: VFS: \\srv Send error in SessSetup = -126 general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b6b: 0000 [#1] PREEMPT SMP NOPTI CPU: 3 PID: 50 Comm: kworker/3:1 Not tainted 6.9.0-rc2 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-1.fc39 04/01/2014 Workqueue: cifsiod smb2_reconnect_server [cifs] RIP: 0010:__list_del_entry_valid_or_report+0x33/0xf0 Code: 4f 08 48 85 d2 74 42 48 85 c9 74 59 48 b8 00 01 00 00 00 00 ad de 48 39 c2 74 61 48 b8 22 01 00 00 00 00 74 69 <48> 8b 01 48 39 f8 75 7b 48 8b 72 08 48 39 c6 0f 85 88 00 00 00 b8 RSP: 0018:ffffc900001bfd70 EFLAGS: 00010a83 RAX: dead000000000122 RBX: ffff88810da53838 RCX: 6b6b6b6b6b6b6b6b RDX: 6b6b6b6b6b6b6b6b RSI: ffffffffc02f6878 RDI: ffff88810da53800 RBP: ffff88810da53800 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000001 R12: ffff88810c064000 R13: 0000000000000001 R14: ffff88810c064000 R15: ffff8881039cc000 FS: 0000000000000000(0000) GS:ffff888157c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fe3728b1000 CR3: 000000010caa4000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: <TASK> ? die_addr+0x36/0x90 ? exc_general_protection+0x1c1/0x3f0 ? asm_exc_general_protection+0x26/0x30 ? __list_del_entry_valid_or_report+0x33/0xf0 __cifs_put_smb_ses+0x1ae/0x500 [cifs] smb2_reconnect_server+0x4ed/0x710 [cifs] process_one_work+0x205/0x6b0 worker_thread+0x191/0x360 ? __pfx_worker_thread+0x10/0x10 kthread+0xe2/0x110 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> Cc: stable(a)vger.kernel.org Signed-off-by: Paulo Alcantara (Red Hat) <pc(a)manguebit.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/connect.c b/fs/smb/client/connect.c index 9b85b5341822..ee29bc57300c 100644 --- a/fs/smb/client/connect.c +++ b/fs/smb/client/connect.c @@ -232,7 +232,13 @@ cifs_mark_tcp_ses_conns_for_reconnect(struct TCP_Server_Info *server, spin_lock(&cifs_tcp_ses_lock); list_for_each_entry_safe(ses, nses, &pserver->smb_ses_list, smb_ses_list) { - /* check if iface is still active */ + spin_lock(&ses->ses_lock); + if (ses->ses_status == SES_EXITING) { + spin_unlock(&ses->ses_lock); + continue; + } + spin_unlock(&ses->ses_lock); + spin_lock(&ses->chan_lock); if (cifs_ses_get_chan_index(ses, server) == CIFS_INVAL_CHAN_INDEX) { @@ -1963,31 +1969,6 @@ cifs_setup_ipc(struct cifs_ses *ses, struct smb3_fs_context *ctx) return rc; } -/** - * cifs_free_ipc - helper to release the session IPC tcon - * @ses: smb session to unmount the IPC from - * - * Needs to be called everytime a session is destroyed. - * - * On session close, the IPC is closed and the server must release all tcons of the session. - * No need to send a tree disconnect here. - * - * Besides, it will make the server to not close durable and resilient files on session close, as - * specified in MS-SMB2 3.3.5.6 Receiving an SMB2 LOGOFF Request. - */ -static int -cifs_free_ipc(struct cifs_ses *ses) -{ - struct cifs_tcon *tcon = ses->tcon_ipc; - - if (tcon == NULL) - return 0; - - tconInfoFree(tcon); - ses->tcon_ipc = NULL; - return 0; -} - static struct cifs_ses * cifs_find_smb_ses(struct TCP_Server_Info *server, struct smb3_fs_context *ctx) { @@ -2019,48 +2000,52 @@ cifs_find_smb_ses(struct TCP_Server_Info *server, struct smb3_fs_context *ctx) void __cifs_put_smb_ses(struct cifs_ses *ses) { struct TCP_Server_Info *server = ses->server; + struct cifs_tcon *tcon; unsigned int xid; size_t i; + bool do_logoff; int rc; - spin_lock(&ses->ses_lock); - if (ses->ses_status == SES_EXITING) { - spin_unlock(&ses->ses_lock); - return; - } - spin_unlock(&ses->ses_lock); - - cifs_dbg(FYI, "%s: ses_count=%d\n", __func__, ses->ses_count); - cifs_dbg(FYI, - "%s: ses ipc: %s\n", __func__, ses->tcon_ipc ? ses->tcon_ipc->tree_name : "NONE"); - spin_lock(&cifs_tcp_ses_lock); - if (--ses->ses_count > 0) { + spin_lock(&ses->ses_lock); + cifs_dbg(FYI, "%s: id=0x%llx ses_count=%d ses_status=%u ipc=%s\n", + __func__, ses->Suid, ses->ses_count, ses->ses_status, + ses->tcon_ipc ? ses->tcon_ipc->tree_name : "none"); + if (ses->ses_status == SES_EXITING || --ses->ses_count > 0) { + spin_unlock(&ses->ses_lock); spin_unlock(&cifs_tcp_ses_lock); return; } - spin_lock(&ses->ses_lock); - if (ses->ses_status == SES_GOOD) - ses->ses_status = SES_EXITING; - spin_unlock(&ses->ses_lock); - spin_unlock(&cifs_tcp_ses_lock); - /* ses_count can never go negative */ WARN_ON(ses->ses_count < 0); - spin_lock(&ses->ses_lock); - if (ses->ses_status == SES_EXITING && server->ops->logoff) { - spin_unlock(&ses->ses_lock); - cifs_free_ipc(ses); + spin_lock(&ses->chan_lock); + cifs_chan_clear_need_reconnect(ses, server); + spin_unlock(&ses->chan_lock); + + do_logoff = ses->ses_status == SES_GOOD && server->ops->logoff; + ses->ses_status = SES_EXITING; + tcon = ses->tcon_ipc; + ses->tcon_ipc = NULL; + spin_unlock(&ses->ses_lock); + spin_unlock(&cifs_tcp_ses_lock); + + /* + * On session close, the IPC is closed and the server must release all + * tcons of the session. No need to send a tree disconnect here. + * + * Besides, it will make the server to not close durable and resilient + * files on session close, as specified in MS-SMB2 3.3.5.6 Receiving an + * SMB2 LOGOFF Request. + */ + tconInfoFree(tcon); + if (do_logoff) { xid = get_xid(); rc = server->ops->logoff(xid, ses); if (rc) cifs_server_dbg(VFS, "%s: Session Logoff failure rc=%d\n", __func__, rc); _free_xid(xid); - } else { - spin_unlock(&ses->ses_lock); - cifs_free_ipc(ses); } spin_lock(&cifs_tcp_ses_lock);

1 year, 2 months

1
0
0 0

FAILED: patch "[PATCH] smb: client: fix UAF in smb2_reconnect_server()" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 24a9799aa8efecd0eb55a75e35f9d8e6400063aa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040841-scarcity-subarctic-4f20@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 24a9799aa8ef ("smb: client: fix UAF in smb2_reconnect_server()") 7257bcf3bdc7 ("cifs: cifs_chan_is_iface_active should be called with chan_lock held") 27e1fd343f80 ("cifs: after disabling multichannel, mark tcon for reconnect") fa1d0508bdd4 ("cifs: account for primary channel in the interface list") a6d8fb54a515 ("cifs: distribute channels across interfaces based on speed") c37ed2d7d098 ("smb: client: remove extra @chan_count check in __cifs_put_smb_ses()") ff7d80a9f271 ("cifs: fix session state transition to avoid use-after-free issue") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") 943fb67b0902 ("cifs: missing lock when updating session status") bc962159e8e3 ("cifs: avoid race conditions with parallel reconnects") 1bcd548d935a ("cifs: prevent data race in cifs_reconnect_tcon()") e77978de4765 ("cifs: update ip_addr for ses only for primary chan setup") 3c0070f54b31 ("cifs: prevent data race in smb2_reconnect()") 05844bd661d9 ("cifs: print last update time for interface list") 25cf01b7c920 ("cifs: set correct status of tcon ipc when reconnecting") abdb1742a312 ("cifs: get rid of mount options string parsing") 9fd29a5bae6e ("cifs: use fs_context for automounts") f391d6ee002e ("cifs: Use after free in debug code") 68e14569d7e5 ("smb3: add dynamic trace points for tree disconnect") 13609a8b3ac6 ("cifs: move from strlcpy with unused retval to strscpy") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 24a9799aa8efecd0eb55a75e35f9d8e6400063aa Mon Sep 17 00:00:00 2001 From: Paulo Alcantara <pc(a)manguebit.com> Date: Mon, 1 Apr 2024 14:13:10 -0300 Subject: [PATCH] smb: client: fix UAF in smb2_reconnect_server() The UAF bug is due to smb2_reconnect_server() accessing a session that is already being teared down by another thread that is executing __cifs_put_smb_ses(). This can happen when (a) the client has connection to the server but no session or (b) another thread ends up setting @ses->ses_status again to something different than SES_EXITING. To fix this, we need to make sure to unconditionally set @ses->ses_status to SES_EXITING and prevent any other threads from setting a new status while we're still tearing it down. The following can be reproduced by adding some delay to right after the ipc is freed in __cifs_put_smb_ses() - which will give smb2_reconnect_server() worker a chance to run and then accessing @ses->ipc: kinit ... mount.cifs //srv/share /mnt/1 -o sec=krb5,nohandlecache,echo_interval=10 [disconnect srv] ls /mnt/1 &>/dev/null sleep 30 kdestroy [reconnect srv] sleep 10 umount /mnt/1 ... CIFS: VFS: Verify user has a krb5 ticket and keyutils is installed CIFS: VFS: \\srv Send error in SessSetup = -126 CIFS: VFS: Verify user has a krb5 ticket and keyutils is installed CIFS: VFS: \\srv Send error in SessSetup = -126 general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b6b: 0000 [#1] PREEMPT SMP NOPTI CPU: 3 PID: 50 Comm: kworker/3:1 Not tainted 6.9.0-rc2 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-1.fc39 04/01/2014 Workqueue: cifsiod smb2_reconnect_server [cifs] RIP: 0010:__list_del_entry_valid_or_report+0x33/0xf0 Code: 4f 08 48 85 d2 74 42 48 85 c9 74 59 48 b8 00 01 00 00 00 00 ad de 48 39 c2 74 61 48 b8 22 01 00 00 00 00 74 69 <48> 8b 01 48 39 f8 75 7b 48 8b 72 08 48 39 c6 0f 85 88 00 00 00 b8 RSP: 0018:ffffc900001bfd70 EFLAGS: 00010a83 RAX: dead000000000122 RBX: ffff88810da53838 RCX: 6b6b6b6b6b6b6b6b RDX: 6b6b6b6b6b6b6b6b RSI: ffffffffc02f6878 RDI: ffff88810da53800 RBP: ffff88810da53800 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000001 R12: ffff88810c064000 R13: 0000000000000001 R14: ffff88810c064000 R15: ffff8881039cc000 FS: 0000000000000000(0000) GS:ffff888157c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fe3728b1000 CR3: 000000010caa4000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: <TASK> ? die_addr+0x36/0x90 ? exc_general_protection+0x1c1/0x3f0 ? asm_exc_general_protection+0x26/0x30 ? __list_del_entry_valid_or_report+0x33/0xf0 __cifs_put_smb_ses+0x1ae/0x500 [cifs] smb2_reconnect_server+0x4ed/0x710 [cifs] process_one_work+0x205/0x6b0 worker_thread+0x191/0x360 ? __pfx_worker_thread+0x10/0x10 kthread+0xe2/0x110 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> Cc: stable(a)vger.kernel.org Signed-off-by: Paulo Alcantara (Red Hat) <pc(a)manguebit.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/connect.c b/fs/smb/client/connect.c index 9b85b5341822..ee29bc57300c 100644 --- a/fs/smb/client/connect.c +++ b/fs/smb/client/connect.c @@ -232,7 +232,13 @@ cifs_mark_tcp_ses_conns_for_reconnect(struct TCP_Server_Info *server, spin_lock(&cifs_tcp_ses_lock); list_for_each_entry_safe(ses, nses, &pserver->smb_ses_list, smb_ses_list) { - /* check if iface is still active */ + spin_lock(&ses->ses_lock); + if (ses->ses_status == SES_EXITING) { + spin_unlock(&ses->ses_lock); + continue; + } + spin_unlock(&ses->ses_lock); + spin_lock(&ses->chan_lock); if (cifs_ses_get_chan_index(ses, server) == CIFS_INVAL_CHAN_INDEX) { @@ -1963,31 +1969,6 @@ cifs_setup_ipc(struct cifs_ses *ses, struct smb3_fs_context *ctx) return rc; } -/** - * cifs_free_ipc - helper to release the session IPC tcon - * @ses: smb session to unmount the IPC from - * - * Needs to be called everytime a session is destroyed. - * - * On session close, the IPC is closed and the server must release all tcons of the session. - * No need to send a tree disconnect here. - * - * Besides, it will make the server to not close durable and resilient files on session close, as - * specified in MS-SMB2 3.3.5.6 Receiving an SMB2 LOGOFF Request. - */ -static int -cifs_free_ipc(struct cifs_ses *ses) -{ - struct cifs_tcon *tcon = ses->tcon_ipc; - - if (tcon == NULL) - return 0; - - tconInfoFree(tcon); - ses->tcon_ipc = NULL; - return 0; -} - static struct cifs_ses * cifs_find_smb_ses(struct TCP_Server_Info *server, struct smb3_fs_context *ctx) { @@ -2019,48 +2000,52 @@ cifs_find_smb_ses(struct TCP_Server_Info *server, struct smb3_fs_context *ctx) void __cifs_put_smb_ses(struct cifs_ses *ses) { struct TCP_Server_Info *server = ses->server; + struct cifs_tcon *tcon; unsigned int xid; size_t i; + bool do_logoff; int rc; - spin_lock(&ses->ses_lock); - if (ses->ses_status == SES_EXITING) { - spin_unlock(&ses->ses_lock); - return; - } - spin_unlock(&ses->ses_lock); - - cifs_dbg(FYI, "%s: ses_count=%d\n", __func__, ses->ses_count); - cifs_dbg(FYI, - "%s: ses ipc: %s\n", __func__, ses->tcon_ipc ? ses->tcon_ipc->tree_name : "NONE"); - spin_lock(&cifs_tcp_ses_lock); - if (--ses->ses_count > 0) { + spin_lock(&ses->ses_lock); + cifs_dbg(FYI, "%s: id=0x%llx ses_count=%d ses_status=%u ipc=%s\n", + __func__, ses->Suid, ses->ses_count, ses->ses_status, + ses->tcon_ipc ? ses->tcon_ipc->tree_name : "none"); + if (ses->ses_status == SES_EXITING || --ses->ses_count > 0) { + spin_unlock(&ses->ses_lock); spin_unlock(&cifs_tcp_ses_lock); return; } - spin_lock(&ses->ses_lock); - if (ses->ses_status == SES_GOOD) - ses->ses_status = SES_EXITING; - spin_unlock(&ses->ses_lock); - spin_unlock(&cifs_tcp_ses_lock); - /* ses_count can never go negative */ WARN_ON(ses->ses_count < 0); - spin_lock(&ses->ses_lock); - if (ses->ses_status == SES_EXITING && server->ops->logoff) { - spin_unlock(&ses->ses_lock); - cifs_free_ipc(ses); + spin_lock(&ses->chan_lock); + cifs_chan_clear_need_reconnect(ses, server); + spin_unlock(&ses->chan_lock); + + do_logoff = ses->ses_status == SES_GOOD && server->ops->logoff; + ses->ses_status = SES_EXITING; + tcon = ses->tcon_ipc; + ses->tcon_ipc = NULL; + spin_unlock(&ses->ses_lock); + spin_unlock(&cifs_tcp_ses_lock); + + /* + * On session close, the IPC is closed and the server must release all + * tcons of the session. No need to send a tree disconnect here. + * + * Besides, it will make the server to not close durable and resilient + * files on session close, as specified in MS-SMB2 3.3.5.6 Receiving an + * SMB2 LOGOFF Request. + */ + tconInfoFree(tcon); + if (do_logoff) { xid = get_xid(); rc = server->ops->logoff(xid, ses); if (rc) cifs_server_dbg(VFS, "%s: Session Logoff failure rc=%d\n", __func__, rc); _free_xid(xid); - } else { - spin_unlock(&ses->ses_lock); - cifs_free_ipc(ses); } spin_lock(&cifs_tcp_ses_lock);

1 year, 2 months

1
0
0 0

FAILED: patch "[PATCH] smb: client: fix UAF in smb2_reconnect_server()" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 24a9799aa8efecd0eb55a75e35f9d8e6400063aa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040839-drainage-uninvited-614e@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 24a9799aa8ef ("smb: client: fix UAF in smb2_reconnect_server()") 7257bcf3bdc7 ("cifs: cifs_chan_is_iface_active should be called with chan_lock held") 27e1fd343f80 ("cifs: after disabling multichannel, mark tcon for reconnect") fa1d0508bdd4 ("cifs: account for primary channel in the interface list") a6d8fb54a515 ("cifs: distribute channels across interfaces based on speed") c37ed2d7d098 ("smb: client: remove extra @chan_count check in __cifs_put_smb_ses()") ff7d80a9f271 ("cifs: fix session state transition to avoid use-after-free issue") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") 943fb67b0902 ("cifs: missing lock when updating session status") bc962159e8e3 ("cifs: avoid race conditions with parallel reconnects") 1bcd548d935a ("cifs: prevent data race in cifs_reconnect_tcon()") e77978de4765 ("cifs: update ip_addr for ses only for primary chan setup") 3c0070f54b31 ("cifs: prevent data race in smb2_reconnect()") 05844bd661d9 ("cifs: print last update time for interface list") 25cf01b7c920 ("cifs: set correct status of tcon ipc when reconnecting") abdb1742a312 ("cifs: get rid of mount options string parsing") 9fd29a5bae6e ("cifs: use fs_context for automounts") f391d6ee002e ("cifs: Use after free in debug code") 68e14569d7e5 ("smb3: add dynamic trace points for tree disconnect") 13609a8b3ac6 ("cifs: move from strlcpy with unused retval to strscpy") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 24a9799aa8efecd0eb55a75e35f9d8e6400063aa Mon Sep 17 00:00:00 2001 From: Paulo Alcantara <pc(a)manguebit.com> Date: Mon, 1 Apr 2024 14:13:10 -0300 Subject: [PATCH] smb: client: fix UAF in smb2_reconnect_server() The UAF bug is due to smb2_reconnect_server() accessing a session that is already being teared down by another thread that is executing __cifs_put_smb_ses(). This can happen when (a) the client has connection to the server but no session or (b) another thread ends up setting @ses->ses_status again to something different than SES_EXITING. To fix this, we need to make sure to unconditionally set @ses->ses_status to SES_EXITING and prevent any other threads from setting a new status while we're still tearing it down. The following can be reproduced by adding some delay to right after the ipc is freed in __cifs_put_smb_ses() - which will give smb2_reconnect_server() worker a chance to run and then accessing @ses->ipc: kinit ... mount.cifs //srv/share /mnt/1 -o sec=krb5,nohandlecache,echo_interval=10 [disconnect srv] ls /mnt/1 &>/dev/null sleep 30 kdestroy [reconnect srv] sleep 10 umount /mnt/1 ... CIFS: VFS: Verify user has a krb5 ticket and keyutils is installed CIFS: VFS: \\srv Send error in SessSetup = -126 CIFS: VFS: Verify user has a krb5 ticket and keyutils is installed CIFS: VFS: \\srv Send error in SessSetup = -126 general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b6b: 0000 [#1] PREEMPT SMP NOPTI CPU: 3 PID: 50 Comm: kworker/3:1 Not tainted 6.9.0-rc2 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-1.fc39 04/01/2014 Workqueue: cifsiod smb2_reconnect_server [cifs] RIP: 0010:__list_del_entry_valid_or_report+0x33/0xf0 Code: 4f 08 48 85 d2 74 42 48 85 c9 74 59 48 b8 00 01 00 00 00 00 ad de 48 39 c2 74 61 48 b8 22 01 00 00 00 00 74 69 <48> 8b 01 48 39 f8 75 7b 48 8b 72 08 48 39 c6 0f 85 88 00 00 00 b8 RSP: 0018:ffffc900001bfd70 EFLAGS: 00010a83 RAX: dead000000000122 RBX: ffff88810da53838 RCX: 6b6b6b6b6b6b6b6b RDX: 6b6b6b6b6b6b6b6b RSI: ffffffffc02f6878 RDI: ffff88810da53800 RBP: ffff88810da53800 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000001 R12: ffff88810c064000 R13: 0000000000000001 R14: ffff88810c064000 R15: ffff8881039cc000 FS: 0000000000000000(0000) GS:ffff888157c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fe3728b1000 CR3: 000000010caa4000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: <TASK> ? die_addr+0x36/0x90 ? exc_general_protection+0x1c1/0x3f0 ? asm_exc_general_protection+0x26/0x30 ? __list_del_entry_valid_or_report+0x33/0xf0 __cifs_put_smb_ses+0x1ae/0x500 [cifs] smb2_reconnect_server+0x4ed/0x710 [cifs] process_one_work+0x205/0x6b0 worker_thread+0x191/0x360 ? __pfx_worker_thread+0x10/0x10 kthread+0xe2/0x110 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> Cc: stable(a)vger.kernel.org Signed-off-by: Paulo Alcantara (Red Hat) <pc(a)manguebit.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/connect.c b/fs/smb/client/connect.c index 9b85b5341822..ee29bc57300c 100644 --- a/fs/smb/client/connect.c +++ b/fs/smb/client/connect.c @@ -232,7 +232,13 @@ cifs_mark_tcp_ses_conns_for_reconnect(struct TCP_Server_Info *server, spin_lock(&cifs_tcp_ses_lock); list_for_each_entry_safe(ses, nses, &pserver->smb_ses_list, smb_ses_list) { - /* check if iface is still active */ + spin_lock(&ses->ses_lock); + if (ses->ses_status == SES_EXITING) { + spin_unlock(&ses->ses_lock); + continue; + } + spin_unlock(&ses->ses_lock); + spin_lock(&ses->chan_lock); if (cifs_ses_get_chan_index(ses, server) == CIFS_INVAL_CHAN_INDEX) { @@ -1963,31 +1969,6 @@ cifs_setup_ipc(struct cifs_ses *ses, struct smb3_fs_context *ctx) return rc; } -/** - * cifs_free_ipc - helper to release the session IPC tcon - * @ses: smb session to unmount the IPC from - * - * Needs to be called everytime a session is destroyed. - * - * On session close, the IPC is closed and the server must release all tcons of the session. - * No need to send a tree disconnect here. - * - * Besides, it will make the server to not close durable and resilient files on session close, as - * specified in MS-SMB2 3.3.5.6 Receiving an SMB2 LOGOFF Request. - */ -static int -cifs_free_ipc(struct cifs_ses *ses) -{ - struct cifs_tcon *tcon = ses->tcon_ipc; - - if (tcon == NULL) - return 0; - - tconInfoFree(tcon); - ses->tcon_ipc = NULL; - return 0; -} - static struct cifs_ses * cifs_find_smb_ses(struct TCP_Server_Info *server, struct smb3_fs_context *ctx) { @@ -2019,48 +2000,52 @@ cifs_find_smb_ses(struct TCP_Server_Info *server, struct smb3_fs_context *ctx) void __cifs_put_smb_ses(struct cifs_ses *ses) { struct TCP_Server_Info *server = ses->server; + struct cifs_tcon *tcon; unsigned int xid; size_t i; + bool do_logoff; int rc; - spin_lock(&ses->ses_lock); - if (ses->ses_status == SES_EXITING) { - spin_unlock(&ses->ses_lock); - return; - } - spin_unlock(&ses->ses_lock); - - cifs_dbg(FYI, "%s: ses_count=%d\n", __func__, ses->ses_count); - cifs_dbg(FYI, - "%s: ses ipc: %s\n", __func__, ses->tcon_ipc ? ses->tcon_ipc->tree_name : "NONE"); - spin_lock(&cifs_tcp_ses_lock); - if (--ses->ses_count > 0) { + spin_lock(&ses->ses_lock); + cifs_dbg(FYI, "%s: id=0x%llx ses_count=%d ses_status=%u ipc=%s\n", + __func__, ses->Suid, ses->ses_count, ses->ses_status, + ses->tcon_ipc ? ses->tcon_ipc->tree_name : "none"); + if (ses->ses_status == SES_EXITING || --ses->ses_count > 0) { + spin_unlock(&ses->ses_lock); spin_unlock(&cifs_tcp_ses_lock); return; } - spin_lock(&ses->ses_lock); - if (ses->ses_status == SES_GOOD) - ses->ses_status = SES_EXITING; - spin_unlock(&ses->ses_lock); - spin_unlock(&cifs_tcp_ses_lock); - /* ses_count can never go negative */ WARN_ON(ses->ses_count < 0); - spin_lock(&ses->ses_lock); - if (ses->ses_status == SES_EXITING && server->ops->logoff) { - spin_unlock(&ses->ses_lock); - cifs_free_ipc(ses); + spin_lock(&ses->chan_lock); + cifs_chan_clear_need_reconnect(ses, server); + spin_unlock(&ses->chan_lock); + + do_logoff = ses->ses_status == SES_GOOD && server->ops->logoff; + ses->ses_status = SES_EXITING; + tcon = ses->tcon_ipc; + ses->tcon_ipc = NULL; + spin_unlock(&ses->ses_lock); + spin_unlock(&cifs_tcp_ses_lock); + + /* + * On session close, the IPC is closed and the server must release all + * tcons of the session. No need to send a tree disconnect here. + * + * Besides, it will make the server to not close durable and resilient + * files on session close, as specified in MS-SMB2 3.3.5.6 Receiving an + * SMB2 LOGOFF Request. + */ + tconInfoFree(tcon); + if (do_logoff) { xid = get_xid(); rc = server->ops->logoff(xid, ses); if (rc) cifs_server_dbg(VFS, "%s: Session Logoff failure rc=%d\n", __func__, rc); _free_xid(xid); - } else { - spin_unlock(&ses->ses_lock); - cifs_free_ipc(ses); } spin_lock(&cifs_tcp_ses_lock);

1 year, 2 months

1
0
0 0

FAILED: patch "[PATCH] smb: client: fix UAF in smb2_reconnect_server()" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 24a9799aa8efecd0eb55a75e35f9d8e6400063aa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040837-alkaline-motor-f911@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 24a9799aa8ef ("smb: client: fix UAF in smb2_reconnect_server()") 7257bcf3bdc7 ("cifs: cifs_chan_is_iface_active should be called with chan_lock held") 27e1fd343f80 ("cifs: after disabling multichannel, mark tcon for reconnect") fa1d0508bdd4 ("cifs: account for primary channel in the interface list") a6d8fb54a515 ("cifs: distribute channels across interfaces based on speed") c37ed2d7d098 ("smb: client: remove extra @chan_count check in __cifs_put_smb_ses()") ff7d80a9f271 ("cifs: fix session state transition to avoid use-after-free issue") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") 943fb67b0902 ("cifs: missing lock when updating session status") bc962159e8e3 ("cifs: avoid race conditions with parallel reconnects") 1bcd548d935a ("cifs: prevent data race in cifs_reconnect_tcon()") e77978de4765 ("cifs: update ip_addr for ses only for primary chan setup") 3c0070f54b31 ("cifs: prevent data race in smb2_reconnect()") 05844bd661d9 ("cifs: print last update time for interface list") 25cf01b7c920 ("cifs: set correct status of tcon ipc when reconnecting") abdb1742a312 ("cifs: get rid of mount options string parsing") 9fd29a5bae6e ("cifs: use fs_context for automounts") f391d6ee002e ("cifs: Use after free in debug code") 68e14569d7e5 ("smb3: add dynamic trace points for tree disconnect") 13609a8b3ac6 ("cifs: move from strlcpy with unused retval to strscpy") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 24a9799aa8efecd0eb55a75e35f9d8e6400063aa Mon Sep 17 00:00:00 2001 From: Paulo Alcantara <pc(a)manguebit.com> Date: Mon, 1 Apr 2024 14:13:10 -0300 Subject: [PATCH] smb: client: fix UAF in smb2_reconnect_server() The UAF bug is due to smb2_reconnect_server() accessing a session that is already being teared down by another thread that is executing __cifs_put_smb_ses(). This can happen when (a) the client has connection to the server but no session or (b) another thread ends up setting @ses->ses_status again to something different than SES_EXITING. To fix this, we need to make sure to unconditionally set @ses->ses_status to SES_EXITING and prevent any other threads from setting a new status while we're still tearing it down. The following can be reproduced by adding some delay to right after the ipc is freed in __cifs_put_smb_ses() - which will give smb2_reconnect_server() worker a chance to run and then accessing @ses->ipc: kinit ... mount.cifs //srv/share /mnt/1 -o sec=krb5,nohandlecache,echo_interval=10 [disconnect srv] ls /mnt/1 &>/dev/null sleep 30 kdestroy [reconnect srv] sleep 10 umount /mnt/1 ... CIFS: VFS: Verify user has a krb5 ticket and keyutils is installed CIFS: VFS: \\srv Send error in SessSetup = -126 CIFS: VFS: Verify user has a krb5 ticket and keyutils is installed CIFS: VFS: \\srv Send error in SessSetup = -126 general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b6b: 0000 [#1] PREEMPT SMP NOPTI CPU: 3 PID: 50 Comm: kworker/3:1 Not tainted 6.9.0-rc2 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-1.fc39 04/01/2014 Workqueue: cifsiod smb2_reconnect_server [cifs] RIP: 0010:__list_del_entry_valid_or_report+0x33/0xf0 Code: 4f 08 48 85 d2 74 42 48 85 c9 74 59 48 b8 00 01 00 00 00 00 ad de 48 39 c2 74 61 48 b8 22 01 00 00 00 00 74 69 <48> 8b 01 48 39 f8 75 7b 48 8b 72 08 48 39 c6 0f 85 88 00 00 00 b8 RSP: 0018:ffffc900001bfd70 EFLAGS: 00010a83 RAX: dead000000000122 RBX: ffff88810da53838 RCX: 6b6b6b6b6b6b6b6b RDX: 6b6b6b6b6b6b6b6b RSI: ffffffffc02f6878 RDI: ffff88810da53800 RBP: ffff88810da53800 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000001 R12: ffff88810c064000 R13: 0000000000000001 R14: ffff88810c064000 R15: ffff8881039cc000 FS: 0000000000000000(0000) GS:ffff888157c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fe3728b1000 CR3: 000000010caa4000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: <TASK> ? die_addr+0x36/0x90 ? exc_general_protection+0x1c1/0x3f0 ? asm_exc_general_protection+0x26/0x30 ? __list_del_entry_valid_or_report+0x33/0xf0 __cifs_put_smb_ses+0x1ae/0x500 [cifs] smb2_reconnect_server+0x4ed/0x710 [cifs] process_one_work+0x205/0x6b0 worker_thread+0x191/0x360 ? __pfx_worker_thread+0x10/0x10 kthread+0xe2/0x110 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> Cc: stable(a)vger.kernel.org Signed-off-by: Paulo Alcantara (Red Hat) <pc(a)manguebit.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/connect.c b/fs/smb/client/connect.c index 9b85b5341822..ee29bc57300c 100644 --- a/fs/smb/client/connect.c +++ b/fs/smb/client/connect.c @@ -232,7 +232,13 @@ cifs_mark_tcp_ses_conns_for_reconnect(struct TCP_Server_Info *server, spin_lock(&cifs_tcp_ses_lock); list_for_each_entry_safe(ses, nses, &pserver->smb_ses_list, smb_ses_list) { - /* check if iface is still active */ + spin_lock(&ses->ses_lock); + if (ses->ses_status == SES_EXITING) { + spin_unlock(&ses->ses_lock); + continue; + } + spin_unlock(&ses->ses_lock); + spin_lock(&ses->chan_lock); if (cifs_ses_get_chan_index(ses, server) == CIFS_INVAL_CHAN_INDEX) { @@ -1963,31 +1969,6 @@ cifs_setup_ipc(struct cifs_ses *ses, struct smb3_fs_context *ctx) return rc; } -/** - * cifs_free_ipc - helper to release the session IPC tcon - * @ses: smb session to unmount the IPC from - * - * Needs to be called everytime a session is destroyed. - * - * On session close, the IPC is closed and the server must release all tcons of the session. - * No need to send a tree disconnect here. - * - * Besides, it will make the server to not close durable and resilient files on session close, as - * specified in MS-SMB2 3.3.5.6 Receiving an SMB2 LOGOFF Request. - */ -static int -cifs_free_ipc(struct cifs_ses *ses) -{ - struct cifs_tcon *tcon = ses->tcon_ipc; - - if (tcon == NULL) - return 0; - - tconInfoFree(tcon); - ses->tcon_ipc = NULL; - return 0; -} - static struct cifs_ses * cifs_find_smb_ses(struct TCP_Server_Info *server, struct smb3_fs_context *ctx) { @@ -2019,48 +2000,52 @@ cifs_find_smb_ses(struct TCP_Server_Info *server, struct smb3_fs_context *ctx) void __cifs_put_smb_ses(struct cifs_ses *ses) { struct TCP_Server_Info *server = ses->server; + struct cifs_tcon *tcon; unsigned int xid; size_t i; + bool do_logoff; int rc; - spin_lock(&ses->ses_lock); - if (ses->ses_status == SES_EXITING) { - spin_unlock(&ses->ses_lock); - return; - } - spin_unlock(&ses->ses_lock); - - cifs_dbg(FYI, "%s: ses_count=%d\n", __func__, ses->ses_count); - cifs_dbg(FYI, - "%s: ses ipc: %s\n", __func__, ses->tcon_ipc ? ses->tcon_ipc->tree_name : "NONE"); - spin_lock(&cifs_tcp_ses_lock); - if (--ses->ses_count > 0) { + spin_lock(&ses->ses_lock); + cifs_dbg(FYI, "%s: id=0x%llx ses_count=%d ses_status=%u ipc=%s\n", + __func__, ses->Suid, ses->ses_count, ses->ses_status, + ses->tcon_ipc ? ses->tcon_ipc->tree_name : "none"); + if (ses->ses_status == SES_EXITING || --ses->ses_count > 0) { + spin_unlock(&ses->ses_lock); spin_unlock(&cifs_tcp_ses_lock); return; } - spin_lock(&ses->ses_lock); - if (ses->ses_status == SES_GOOD) - ses->ses_status = SES_EXITING; - spin_unlock(&ses->ses_lock); - spin_unlock(&cifs_tcp_ses_lock); - /* ses_count can never go negative */ WARN_ON(ses->ses_count < 0); - spin_lock(&ses->ses_lock); - if (ses->ses_status == SES_EXITING && server->ops->logoff) { - spin_unlock(&ses->ses_lock); - cifs_free_ipc(ses); + spin_lock(&ses->chan_lock); + cifs_chan_clear_need_reconnect(ses, server); + spin_unlock(&ses->chan_lock); + + do_logoff = ses->ses_status == SES_GOOD && server->ops->logoff; + ses->ses_status = SES_EXITING; + tcon = ses->tcon_ipc; + ses->tcon_ipc = NULL; + spin_unlock(&ses->ses_lock); + spin_unlock(&cifs_tcp_ses_lock); + + /* + * On session close, the IPC is closed and the server must release all + * tcons of the session. No need to send a tree disconnect here. + * + * Besides, it will make the server to not close durable and resilient + * files on session close, as specified in MS-SMB2 3.3.5.6 Receiving an + * SMB2 LOGOFF Request. + */ + tconInfoFree(tcon); + if (do_logoff) { xid = get_xid(); rc = server->ops->logoff(xid, ses); if (rc) cifs_server_dbg(VFS, "%s: Session Logoff failure rc=%d\n", __func__, rc); _free_xid(xid); - } else { - spin_unlock(&ses->ses_lock); - cifs_free_ipc(ses); } spin_lock(&cifs_tcp_ses_lock);

1 year, 2 months

1
0
0 0

FAILED: patch "[PATCH] smb: client: fix UAF in smb2_reconnect_server()" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 24a9799aa8efecd0eb55a75e35f9d8e6400063aa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040832-episode-phrasing-9e1a@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 24a9799aa8ef ("smb: client: fix UAF in smb2_reconnect_server()") 7257bcf3bdc7 ("cifs: cifs_chan_is_iface_active should be called with chan_lock held") 27e1fd343f80 ("cifs: after disabling multichannel, mark tcon for reconnect") fa1d0508bdd4 ("cifs: account for primary channel in the interface list") a6d8fb54a515 ("cifs: distribute channels across interfaces based on speed") c37ed2d7d098 ("smb: client: remove extra @chan_count check in __cifs_put_smb_ses()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 24a9799aa8efecd0eb55a75e35f9d8e6400063aa Mon Sep 17 00:00:00 2001 From: Paulo Alcantara <pc(a)manguebit.com> Date: Mon, 1 Apr 2024 14:13:10 -0300 Subject: [PATCH] smb: client: fix UAF in smb2_reconnect_server() The UAF bug is due to smb2_reconnect_server() accessing a session that is already being teared down by another thread that is executing __cifs_put_smb_ses(). This can happen when (a) the client has connection to the server but no session or (b) another thread ends up setting @ses->ses_status again to something different than SES_EXITING. To fix this, we need to make sure to unconditionally set @ses->ses_status to SES_EXITING and prevent any other threads from setting a new status while we're still tearing it down. The following can be reproduced by adding some delay to right after the ipc is freed in __cifs_put_smb_ses() - which will give smb2_reconnect_server() worker a chance to run and then accessing @ses->ipc: kinit ... mount.cifs //srv/share /mnt/1 -o sec=krb5,nohandlecache,echo_interval=10 [disconnect srv] ls /mnt/1 &>/dev/null sleep 30 kdestroy [reconnect srv] sleep 10 umount /mnt/1 ... CIFS: VFS: Verify user has a krb5 ticket and keyutils is installed CIFS: VFS: \\srv Send error in SessSetup = -126 CIFS: VFS: Verify user has a krb5 ticket and keyutils is installed CIFS: VFS: \\srv Send error in SessSetup = -126 general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b6b: 0000 [#1] PREEMPT SMP NOPTI CPU: 3 PID: 50 Comm: kworker/3:1 Not tainted 6.9.0-rc2 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-1.fc39 04/01/2014 Workqueue: cifsiod smb2_reconnect_server [cifs] RIP: 0010:__list_del_entry_valid_or_report+0x33/0xf0 Code: 4f 08 48 85 d2 74 42 48 85 c9 74 59 48 b8 00 01 00 00 00 00 ad de 48 39 c2 74 61 48 b8 22 01 00 00 00 00 74 69 <48> 8b 01 48 39 f8 75 7b 48 8b 72 08 48 39 c6 0f 85 88 00 00 00 b8 RSP: 0018:ffffc900001bfd70 EFLAGS: 00010a83 RAX: dead000000000122 RBX: ffff88810da53838 RCX: 6b6b6b6b6b6b6b6b RDX: 6b6b6b6b6b6b6b6b RSI: ffffffffc02f6878 RDI: ffff88810da53800 RBP: ffff88810da53800 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000001 R12: ffff88810c064000 R13: 0000000000000001 R14: ffff88810c064000 R15: ffff8881039cc000 FS: 0000000000000000(0000) GS:ffff888157c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fe3728b1000 CR3: 000000010caa4000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: <TASK> ? die_addr+0x36/0x90 ? exc_general_protection+0x1c1/0x3f0 ? asm_exc_general_protection+0x26/0x30 ? __list_del_entry_valid_or_report+0x33/0xf0 __cifs_put_smb_ses+0x1ae/0x500 [cifs] smb2_reconnect_server+0x4ed/0x710 [cifs] process_one_work+0x205/0x6b0 worker_thread+0x191/0x360 ? __pfx_worker_thread+0x10/0x10 kthread+0xe2/0x110 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> Cc: stable(a)vger.kernel.org Signed-off-by: Paulo Alcantara (Red Hat) <pc(a)manguebit.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/connect.c b/fs/smb/client/connect.c index 9b85b5341822..ee29bc57300c 100644 --- a/fs/smb/client/connect.c +++ b/fs/smb/client/connect.c @@ -232,7 +232,13 @@ cifs_mark_tcp_ses_conns_for_reconnect(struct TCP_Server_Info *server, spin_lock(&cifs_tcp_ses_lock); list_for_each_entry_safe(ses, nses, &pserver->smb_ses_list, smb_ses_list) { - /* check if iface is still active */ + spin_lock(&ses->ses_lock); + if (ses->ses_status == SES_EXITING) { + spin_unlock(&ses->ses_lock); + continue; + } + spin_unlock(&ses->ses_lock); + spin_lock(&ses->chan_lock); if (cifs_ses_get_chan_index(ses, server) == CIFS_INVAL_CHAN_INDEX) { @@ -1963,31 +1969,6 @@ cifs_setup_ipc(struct cifs_ses *ses, struct smb3_fs_context *ctx) return rc; } -/** - * cifs_free_ipc - helper to release the session IPC tcon - * @ses: smb session to unmount the IPC from - * - * Needs to be called everytime a session is destroyed. - * - * On session close, the IPC is closed and the server must release all tcons of the session. - * No need to send a tree disconnect here. - * - * Besides, it will make the server to not close durable and resilient files on session close, as - * specified in MS-SMB2 3.3.5.6 Receiving an SMB2 LOGOFF Request. - */ -static int -cifs_free_ipc(struct cifs_ses *ses) -{ - struct cifs_tcon *tcon = ses->tcon_ipc; - - if (tcon == NULL) - return 0; - - tconInfoFree(tcon); - ses->tcon_ipc = NULL; - return 0; -} - static struct cifs_ses * cifs_find_smb_ses(struct TCP_Server_Info *server, struct smb3_fs_context *ctx) { @@ -2019,48 +2000,52 @@ cifs_find_smb_ses(struct TCP_Server_Info *server, struct smb3_fs_context *ctx) void __cifs_put_smb_ses(struct cifs_ses *ses) { struct TCP_Server_Info *server = ses->server; + struct cifs_tcon *tcon; unsigned int xid; size_t i; + bool do_logoff; int rc; - spin_lock(&ses->ses_lock); - if (ses->ses_status == SES_EXITING) { - spin_unlock(&ses->ses_lock); - return; - } - spin_unlock(&ses->ses_lock); - - cifs_dbg(FYI, "%s: ses_count=%d\n", __func__, ses->ses_count); - cifs_dbg(FYI, - "%s: ses ipc: %s\n", __func__, ses->tcon_ipc ? ses->tcon_ipc->tree_name : "NONE"); - spin_lock(&cifs_tcp_ses_lock); - if (--ses->ses_count > 0) { + spin_lock(&ses->ses_lock); + cifs_dbg(FYI, "%s: id=0x%llx ses_count=%d ses_status=%u ipc=%s\n", + __func__, ses->Suid, ses->ses_count, ses->ses_status, + ses->tcon_ipc ? ses->tcon_ipc->tree_name : "none"); + if (ses->ses_status == SES_EXITING || --ses->ses_count > 0) { + spin_unlock(&ses->ses_lock); spin_unlock(&cifs_tcp_ses_lock); return; } - spin_lock(&ses->ses_lock); - if (ses->ses_status == SES_GOOD) - ses->ses_status = SES_EXITING; - spin_unlock(&ses->ses_lock); - spin_unlock(&cifs_tcp_ses_lock); - /* ses_count can never go negative */ WARN_ON(ses->ses_count < 0); - spin_lock(&ses->ses_lock); - if (ses->ses_status == SES_EXITING && server->ops->logoff) { - spin_unlock(&ses->ses_lock); - cifs_free_ipc(ses); + spin_lock(&ses->chan_lock); + cifs_chan_clear_need_reconnect(ses, server); + spin_unlock(&ses->chan_lock); + + do_logoff = ses->ses_status == SES_GOOD && server->ops->logoff; + ses->ses_status = SES_EXITING; + tcon = ses->tcon_ipc; + ses->tcon_ipc = NULL; + spin_unlock(&ses->ses_lock); + spin_unlock(&cifs_tcp_ses_lock); + + /* + * On session close, the IPC is closed and the server must release all + * tcons of the session. No need to send a tree disconnect here. + * + * Besides, it will make the server to not close durable and resilient + * files on session close, as specified in MS-SMB2 3.3.5.6 Receiving an + * SMB2 LOGOFF Request. + */ + tconInfoFree(tcon); + if (do_logoff) { xid = get_xid(); rc = server->ops->logoff(xid, ses); if (rc) cifs_server_dbg(VFS, "%s: Session Logoff failure rc=%d\n", __func__, rc); _free_xid(xid); - } else { - spin_unlock(&ses->ses_lock); - cifs_free_ipc(ses); } spin_lock(&cifs_tcp_ses_lock);

1 year, 2 months

1
0
0 0

FAILED: patch "[PATCH] riscv: process: Fix kernel gp leakage" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x d14fa1fcf69db9d070e75f1c4425211fa619dfc8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040817-unplowed-heavily-b59d@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: d14fa1fcf69d ("riscv: process: Fix kernel gp leakage") fea2fed201ee ("riscv: Enable per-task stack canaries") d7071743db31 ("RISC-V: Add EFI stub support.") f2c9699f6555 ("riscv: Add STACKPROTECTOR supported") a5d8e55b2c7d ("Merge tag 'v5.7-rc7' into efi/core, to refresh the branch and pick up fixes") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d14fa1fcf69db9d070e75f1c4425211fa619dfc8 Mon Sep 17 00:00:00 2001 From: Stefan O'Rear <sorear(a)fastmail.com> Date: Wed, 27 Mar 2024 02:12:58 -0400 Subject: [PATCH] riscv: process: Fix kernel gp leakage childregs represents the registers which are active for the new thread in user context. For a kernel thread, childregs->gp is never used since the kernel gp is not touched by switch_to. For a user mode helper, the gp value can be observed in user space after execve or possibly by other means. [From the email thread] The /* Kernel thread */ comment is somewhat inaccurate in that it is also used for user_mode_helper threads, which exec a user process, e.g. /sbin/init or when /proc/sys/kernel/core_pattern is a pipe. Such threads do not have PF_KTHREAD set and are valid targets for ptrace etc. even before they exec. childregs is the *user* context during syscall execution and it is observable from userspace in at least five ways: 1. kernel_execve does not currently clear integer registers, so the starting register state for PID 1 and other user processes started by the kernel has sp = user stack, gp = kernel __global_pointer$, all other integer registers zeroed by the memset in the patch comment. This is a bug in its own right, but I'm unwilling to bet that it is the only way to exploit the issue addressed by this patch. 2. ptrace(PTRACE_GETREGSET): you can PTRACE_ATTACH to a user_mode_helper thread before it execs, but ptrace requires SIGSTOP to be delivered which can only happen at user/kernel boundaries. 3. /proc/*/task/*/syscall: this is perfectly happy to read pt_regs for user_mode_helpers before the exec completes, but gp is not one of the registers it returns. 4. PERF_SAMPLE_REGS_USER: LOCKDOWN_PERF normally prevents access to kernel addresses via PERF_SAMPLE_REGS_INTR, but due to this bug kernel addresses are also exposed via PERF_SAMPLE_REGS_USER which is permitted under LOCKDOWN_PERF. I have not attempted to write exploit code. 5. Much of the tracing infrastructure allows access to user registers. I have not attempted to determine which forms of tracing allow access to user registers without already allowing access to kernel registers. Fixes: 7db91e57a0ac ("RISC-V: Task implementation") Cc: stable(a)vger.kernel.org Signed-off-by: Stefan O'Rear <sorear(a)fastmail.com> Reviewed-by: Alexandre Ghiti <alexghiti(a)rivosinc.com> Link: https://lore.kernel.org/r/20240327061258.2370291-1-sorear@fastmail.com Signed-off-by: Palmer Dabbelt <palmer(a)rivosinc.com> diff --git a/arch/riscv/kernel/process.c b/arch/riscv/kernel/process.c index 6abeecbfc51d..e4bc61c4e58a 100644 --- a/arch/riscv/kernel/process.c +++ b/arch/riscv/kernel/process.c @@ -27,8 +27,6 @@ #include <asm/vector.h> #include <asm/cpufeature.h> -register unsigned long gp_in_global __asm__("gp"); - #if defined(CONFIG_STACKPROTECTOR) && !defined(CONFIG_STACKPROTECTOR_PER_TASK) #include <linux/stackprotector.h> unsigned long __stack_chk_guard __read_mostly; @@ -207,7 +205,6 @@ int copy_thread(struct task_struct *p, const struct kernel_clone_args *args) if (unlikely(args->fn)) { /* Kernel thread */ memset(childregs, 0, sizeof(struct pt_regs)); - childregs->gp = gp_in_global; /* Supervisor/Machine, irqs on: */ childregs->status = SR_PP | SR_PIE;

1 year, 2 months

1
0
0 0

FAILED: patch "[PATCH] riscv: process: Fix kernel gp leakage" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x d14fa1fcf69db9d070e75f1c4425211fa619dfc8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040815-geometric-quaintly-f4a7@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: d14fa1fcf69d ("riscv: process: Fix kernel gp leakage") fea2fed201ee ("riscv: Enable per-task stack canaries") d7071743db31 ("RISC-V: Add EFI stub support.") f2c9699f6555 ("riscv: Add STACKPROTECTOR supported") a5d8e55b2c7d ("Merge tag 'v5.7-rc7' into efi/core, to refresh the branch and pick up fixes") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d14fa1fcf69db9d070e75f1c4425211fa619dfc8 Mon Sep 17 00:00:00 2001 From: Stefan O'Rear <sorear(a)fastmail.com> Date: Wed, 27 Mar 2024 02:12:58 -0400 Subject: [PATCH] riscv: process: Fix kernel gp leakage childregs represents the registers which are active for the new thread in user context. For a kernel thread, childregs->gp is never used since the kernel gp is not touched by switch_to. For a user mode helper, the gp value can be observed in user space after execve or possibly by other means. [From the email thread] The /* Kernel thread */ comment is somewhat inaccurate in that it is also used for user_mode_helper threads, which exec a user process, e.g. /sbin/init or when /proc/sys/kernel/core_pattern is a pipe. Such threads do not have PF_KTHREAD set and are valid targets for ptrace etc. even before they exec. childregs is the *user* context during syscall execution and it is observable from userspace in at least five ways: 1. kernel_execve does not currently clear integer registers, so the starting register state for PID 1 and other user processes started by the kernel has sp = user stack, gp = kernel __global_pointer$, all other integer registers zeroed by the memset in the patch comment. This is a bug in its own right, but I'm unwilling to bet that it is the only way to exploit the issue addressed by this patch. 2. ptrace(PTRACE_GETREGSET): you can PTRACE_ATTACH to a user_mode_helper thread before it execs, but ptrace requires SIGSTOP to be delivered which can only happen at user/kernel boundaries. 3. /proc/*/task/*/syscall: this is perfectly happy to read pt_regs for user_mode_helpers before the exec completes, but gp is not one of the registers it returns. 4. PERF_SAMPLE_REGS_USER: LOCKDOWN_PERF normally prevents access to kernel addresses via PERF_SAMPLE_REGS_INTR, but due to this bug kernel addresses are also exposed via PERF_SAMPLE_REGS_USER which is permitted under LOCKDOWN_PERF. I have not attempted to write exploit code. 5. Much of the tracing infrastructure allows access to user registers. I have not attempted to determine which forms of tracing allow access to user registers without already allowing access to kernel registers. Fixes: 7db91e57a0ac ("RISC-V: Task implementation") Cc: stable(a)vger.kernel.org Signed-off-by: Stefan O'Rear <sorear(a)fastmail.com> Reviewed-by: Alexandre Ghiti <alexghiti(a)rivosinc.com> Link: https://lore.kernel.org/r/20240327061258.2370291-1-sorear@fastmail.com Signed-off-by: Palmer Dabbelt <palmer(a)rivosinc.com> diff --git a/arch/riscv/kernel/process.c b/arch/riscv/kernel/process.c index 6abeecbfc51d..e4bc61c4e58a 100644 --- a/arch/riscv/kernel/process.c +++ b/arch/riscv/kernel/process.c @@ -27,8 +27,6 @@ #include <asm/vector.h> #include <asm/cpufeature.h> -register unsigned long gp_in_global __asm__("gp"); - #if defined(CONFIG_STACKPROTECTOR) && !defined(CONFIG_STACKPROTECTOR_PER_TASK) #include <linux/stackprotector.h> unsigned long __stack_chk_guard __read_mostly; @@ -207,7 +205,6 @@ int copy_thread(struct task_struct *p, const struct kernel_clone_args *args) if (unlikely(args->fn)) { /* Kernel thread */ memset(childregs, 0, sizeof(struct pt_regs)); - childregs->gp = gp_in_global; /* Supervisor/Machine, irqs on: */ childregs->status = SR_PP | SR_PIE;

1 year, 2 months

1
0
0 0

FAILED: patch "[PATCH] riscv: process: Fix kernel gp leakage" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x d14fa1fcf69db9d070e75f1c4425211fa619dfc8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040813-decline-blinker-ebc3@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: d14fa1fcf69d ("riscv: process: Fix kernel gp leakage") fea2fed201ee ("riscv: Enable per-task stack canaries") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d14fa1fcf69db9d070e75f1c4425211fa619dfc8 Mon Sep 17 00:00:00 2001 From: Stefan O'Rear <sorear(a)fastmail.com> Date: Wed, 27 Mar 2024 02:12:58 -0400 Subject: [PATCH] riscv: process: Fix kernel gp leakage childregs represents the registers which are active for the new thread in user context. For a kernel thread, childregs->gp is never used since the kernel gp is not touched by switch_to. For a user mode helper, the gp value can be observed in user space after execve or possibly by other means. [From the email thread] The /* Kernel thread */ comment is somewhat inaccurate in that it is also used for user_mode_helper threads, which exec a user process, e.g. /sbin/init or when /proc/sys/kernel/core_pattern is a pipe. Such threads do not have PF_KTHREAD set and are valid targets for ptrace etc. even before they exec. childregs is the *user* context during syscall execution and it is observable from userspace in at least five ways: 1. kernel_execve does not currently clear integer registers, so the starting register state for PID 1 and other user processes started by the kernel has sp = user stack, gp = kernel __global_pointer$, all other integer registers zeroed by the memset in the patch comment. This is a bug in its own right, but I'm unwilling to bet that it is the only way to exploit the issue addressed by this patch. 2. ptrace(PTRACE_GETREGSET): you can PTRACE_ATTACH to a user_mode_helper thread before it execs, but ptrace requires SIGSTOP to be delivered which can only happen at user/kernel boundaries. 3. /proc/*/task/*/syscall: this is perfectly happy to read pt_regs for user_mode_helpers before the exec completes, but gp is not one of the registers it returns. 4. PERF_SAMPLE_REGS_USER: LOCKDOWN_PERF normally prevents access to kernel addresses via PERF_SAMPLE_REGS_INTR, but due to this bug kernel addresses are also exposed via PERF_SAMPLE_REGS_USER which is permitted under LOCKDOWN_PERF. I have not attempted to write exploit code. 5. Much of the tracing infrastructure allows access to user registers. I have not attempted to determine which forms of tracing allow access to user registers without already allowing access to kernel registers. Fixes: 7db91e57a0ac ("RISC-V: Task implementation") Cc: stable(a)vger.kernel.org Signed-off-by: Stefan O'Rear <sorear(a)fastmail.com> Reviewed-by: Alexandre Ghiti <alexghiti(a)rivosinc.com> Link: https://lore.kernel.org/r/20240327061258.2370291-1-sorear@fastmail.com Signed-off-by: Palmer Dabbelt <palmer(a)rivosinc.com> diff --git a/arch/riscv/kernel/process.c b/arch/riscv/kernel/process.c index 6abeecbfc51d..e4bc61c4e58a 100644 --- a/arch/riscv/kernel/process.c +++ b/arch/riscv/kernel/process.c @@ -27,8 +27,6 @@ #include <asm/vector.h> #include <asm/cpufeature.h> -register unsigned long gp_in_global __asm__("gp"); - #if defined(CONFIG_STACKPROTECTOR) && !defined(CONFIG_STACKPROTECTOR_PER_TASK) #include <linux/stackprotector.h> unsigned long __stack_chk_guard __read_mostly; @@ -207,7 +205,6 @@ int copy_thread(struct task_struct *p, const struct kernel_clone_args *args) if (unlikely(args->fn)) { /* Kernel thread */ memset(childregs, 0, sizeof(struct pt_regs)); - childregs->gp = gp_in_global; /* Supervisor/Machine, irqs on: */ childregs->status = SR_PP | SR_PIE;

1 year, 2 months

1
0
0 0

[PATCH] drm/xe: Fix bo leak in intel_fb_bo_framebuffer_init

by Maarten Lankhorst

Add a unreference bo in the error path, to prevent leaking a bo ref. Return 0 on success to clarify the success path. Signed-off-by: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Fixes: 44e694958b95 ("drm/xe/display: Implement display support") Cc: <stable(a)vger.kernel.org> # v6.8+ --- drivers/gpu/drm/xe/display/intel_fb_bo.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/xe/display/intel_fb_bo.c b/drivers/gpu/drm/xe/display/intel_fb_bo.c index dba327f53ac5..e18521acc516 100644 --- a/drivers/gpu/drm/xe/display/intel_fb_bo.c +++ b/drivers/gpu/drm/xe/display/intel_fb_bo.c @@ -31,7 +31,7 @@ int intel_fb_bo_framebuffer_init(struct intel_framebuffer *intel_fb, ret = ttm_bo_reserve(&bo->ttm, true, false, NULL); if (ret) - return ret; + goto err; if (!(bo->flags & XE_BO_FLAG_SCANOUT)) { /* @@ -42,12 +42,16 @@ int intel_fb_bo_framebuffer_init(struct intel_framebuffer *intel_fb, */ if (XE_IOCTL_DBG(i915, !list_empty(&bo->ttm.base.gpuva.list))) { ttm_bo_unreserve(&bo->ttm); - return -EINVAL; + ret = -EINVAL; + goto err; } bo->flags |= XE_BO_FLAG_SCANOUT; } ttm_bo_unreserve(&bo->ttm); + return 0; +err: + xe_bo_put(bo); return ret; } -- 2.43.0

1 year, 2 months

2
1
0 0

Re: Patch "ASoC: tas2781: mark dvc_tlv with __maybe_unused" has been added to the 6.8-stable tree

by Gergo Koteles

Hi, On Sun, 2024-04-07 at 16:13 -0400, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > ASoC: tas2781: mark dvc_tlv with __maybe_unused > > to the 6.8-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > asoc-tas2781-mark-dvc_tlv-with-__maybe_unused.patch > and it can be found in the queue-6.8 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > Is this necessary for stable? It only fixes a W=1 build warning. Regards, Gergo

1 year, 2 months

2
1
0 0

[PATCH v3 0/3] arm64: dts: hi3798cv200: fix GICR size, add cache info, maintenance irq and GICH, GICV spaces

by Yang Xiwen via B4 Relay

The patchset fixes some warnings reported by the kernel during boot. The cache size info is from Processor_Datasheet_v2XX.pdf [1], Section 2.2.1 Master Processor. The cache line size and the set-associative info are from Cortex-A53 Documentation [2]. From the doc, it can be concluded that L1 i-cache is 4-way assoc, L1 d-cache is 2-way assoc and L2 cache is 16-way assoc. Calculate the dts props accordingly. Also, to use KVM's VGIC code, GICH, GICV registers spaces and maintenance IRQ are added to the dts with verification. [1]: https://github.com/96boards/documentation/blob/master/enterprise/poplar/har… [2]: https://developer.arm.com/documentation/ddi0500/j/Level-1-Memory-System Signed-off-by: Yang Xiwen <forbidden405(a)outlook.com> --- Changes in v3: - send patches to stable (Andrew Lunn) - rewrite the commit logs more formally (Andrew Lunn) - rename l2-cache0 to l2-cache (Krzysztof Kozlowski) - Link to v2: https://lore.kernel.org/r/20240218-cache-v2-0-1fd919e2bd3e@outlook.com Changes in v2: - arm64: dts: hi3798cv200: add GICH, GICV register spces and maintainance IRQ. - Link to v1: https://lore.kernel.org/r/20240218-cache-v1-0-2c0a8a4472e7@outlook.com --- Yang Xiwen (3): arm64: dts: hi3798cv200: fix the size of GICR arm64: dts: hi3798cv200: add GICH, GICV register space and irq arm64: dts: hi3798cv200: add cache info arch/arm64/boot/dts/hisilicon/hi3798cv200.dtsi | 43 +++++++++++++++++++++++++- 1 file changed, 42 insertions(+), 1 deletion(-) --- base-commit: 8d3dea210042f54b952b481838c1e7dfc4ec751d change-id: 20240218-cache-11c8bf7566c2 Best regards, -- Yang Xiwen <forbidden405(a)outlook.com>

1 year, 2 months

5
13
0 0

[PATCH 6/8] accel/ivpu: Return max freq for DRM_IVPU_PARAM_CORE_CLOCK_RATE

by Jacek Lawrynowicz

DRM_IVPU_PARAM_CORE_CLOCK_RATE returned current NPU frequency which could be 0 if device was sleeping. This value wasn't really useful to the user space, so return max freq instead which can be used to estimate NPU performance. Fixes: c39dc15191c4 ("accel/ivpu: Read clock rate only if device is up") Cc: <stable(a)vger.kernel.org> # v6.7 Signed-off-by: Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> --- drivers/accel/ivpu/ivpu_drv.c | 18 +----------------- drivers/accel/ivpu/ivpu_hw.h | 6 ++++++ drivers/accel/ivpu/ivpu_hw_37xx.c | 7 ++++--- drivers/accel/ivpu/ivpu_hw_40xx.c | 6 ++++++ 4 files changed, 17 insertions(+), 20 deletions(-) diff --git a/drivers/accel/ivpu/ivpu_drv.c b/drivers/accel/ivpu/ivpu_drv.c index 303d92753387..77283daaedd1 100644 --- a/drivers/accel/ivpu/ivpu_drv.c +++ b/drivers/accel/ivpu/ivpu_drv.c @@ -131,22 +131,6 @@ static int ivpu_get_capabilities(struct ivpu_device *vdev, struct drm_ivpu_param return 0; } -static int ivpu_get_core_clock_rate(struct ivpu_device *vdev, u64 *clk_rate) -{ - int ret; - - ret = ivpu_rpm_get_if_active(vdev); - if (ret < 0) - return ret; - - *clk_rate = ret ? ivpu_hw_reg_pll_freq_get(vdev) : 0; - - if (ret) - ivpu_rpm_put(vdev); - - return 0; -} - static int ivpu_get_param_ioctl(struct drm_device *dev, void *data, struct drm_file *file) { struct ivpu_file_priv *file_priv = file->driver_priv; @@ -170,7 +154,7 @@ static int ivpu_get_param_ioctl(struct drm_device *dev, void *data, struct drm_f args->value = vdev->platform; break; case DRM_IVPU_PARAM_CORE_CLOCK_RATE: - ret = ivpu_get_core_clock_rate(vdev, &args->value); + args->value = ivpu_hw_ratio_to_freq(vdev, vdev->hw->pll.max_ratio); break; case DRM_IVPU_PARAM_NUM_CONTEXTS: args->value = ivpu_get_context_count(vdev); diff --git a/drivers/accel/ivpu/ivpu_hw.h b/drivers/accel/ivpu/ivpu_hw.h index b2909168a0a6..094c659d2800 100644 --- a/drivers/accel/ivpu/ivpu_hw.h +++ b/drivers/accel/ivpu/ivpu_hw.h @@ -21,6 +21,7 @@ struct ivpu_hw_ops { u32 (*profiling_freq_get)(struct ivpu_device *vdev); void (*profiling_freq_drive)(struct ivpu_device *vdev, bool enable); u32 (*reg_pll_freq_get)(struct ivpu_device *vdev); + u32 (*ratio_to_freq)(struct ivpu_device *vdev, u32 ratio); u32 (*reg_telemetry_offset_get)(struct ivpu_device *vdev); u32 (*reg_telemetry_size_get)(struct ivpu_device *vdev); u32 (*reg_telemetry_enable_get)(struct ivpu_device *vdev); @@ -130,6 +131,11 @@ static inline u32 ivpu_hw_reg_pll_freq_get(struct ivpu_device *vdev) return vdev->hw->ops->reg_pll_freq_get(vdev); }; +static inline u32 ivpu_hw_ratio_to_freq(struct ivpu_device *vdev, u32 ratio) +{ + return vdev->hw->ops->ratio_to_freq(vdev, ratio); +} + static inline u32 ivpu_hw_reg_telemetry_offset_get(struct ivpu_device *vdev) { return vdev->hw->ops->reg_telemetry_offset_get(vdev); diff --git a/drivers/accel/ivpu/ivpu_hw_37xx.c b/drivers/accel/ivpu/ivpu_hw_37xx.c index 5e2865f9f7d6..bd25e2d9fb0f 100644 --- a/drivers/accel/ivpu/ivpu_hw_37xx.c +++ b/drivers/accel/ivpu/ivpu_hw_37xx.c @@ -803,12 +803,12 @@ static void ivpu_hw_37xx_profiling_freq_drive(struct ivpu_device *vdev, bool ena /* Profiling freq - is a debug feature. Unavailable on VPU 37XX. */ } -static u32 ivpu_hw_37xx_pll_to_freq(u32 ratio, u32 config) +static u32 ivpu_hw_37xx_ratio_to_freq(struct ivpu_device *vdev, u32 ratio) { u32 pll_clock = PLL_REF_CLK_FREQ * ratio; u32 cpu_clock; - if ((config & 0xff) == PLL_RATIO_4_3) + if ((vdev->hw->config & 0xff) == PLL_RATIO_4_3) cpu_clock = pll_clock * 2 / 4; else cpu_clock = pll_clock * 2 / 5; @@ -827,7 +827,7 @@ static u32 ivpu_hw_37xx_reg_pll_freq_get(struct ivpu_device *vdev) if (!ivpu_is_silicon(vdev)) return PLL_SIMULATION_FREQ; - return ivpu_hw_37xx_pll_to_freq(pll_curr_ratio, vdev->hw->config); + return ivpu_hw_37xx_ratio_to_freq(vdev, pll_curr_ratio); } static u32 ivpu_hw_37xx_reg_telemetry_offset_get(struct ivpu_device *vdev) @@ -1050,6 +1050,7 @@ const struct ivpu_hw_ops ivpu_hw_37xx_ops = { .profiling_freq_get = ivpu_hw_37xx_profiling_freq_get, .profiling_freq_drive = ivpu_hw_37xx_profiling_freq_drive, .reg_pll_freq_get = ivpu_hw_37xx_reg_pll_freq_get, + .ratio_to_freq = ivpu_hw_37xx_ratio_to_freq, .reg_telemetry_offset_get = ivpu_hw_37xx_reg_telemetry_offset_get, .reg_telemetry_size_get = ivpu_hw_37xx_reg_telemetry_size_get, .reg_telemetry_enable_get = ivpu_hw_37xx_reg_telemetry_enable_get, diff --git a/drivers/accel/ivpu/ivpu_hw_40xx.c b/drivers/accel/ivpu/ivpu_hw_40xx.c index e4eddbf5d11c..b0b88d4c8926 100644 --- a/drivers/accel/ivpu/ivpu_hw_40xx.c +++ b/drivers/accel/ivpu/ivpu_hw_40xx.c @@ -980,6 +980,11 @@ static u32 ivpu_hw_40xx_reg_pll_freq_get(struct ivpu_device *vdev) return PLL_RATIO_TO_FREQ(pll_curr_ratio); } +static u32 ivpu_hw_40xx_ratio_to_freq(struct ivpu_device *vdev, u32 ratio) +{ + return PLL_RATIO_TO_FREQ(ratio); +} + static u32 ivpu_hw_40xx_reg_telemetry_offset_get(struct ivpu_device *vdev) { return REGB_RD32(VPU_40XX_BUTTRESS_VPU_TELEMETRY_OFFSET); @@ -1230,6 +1235,7 @@ const struct ivpu_hw_ops ivpu_hw_40xx_ops = { .profiling_freq_get = ivpu_hw_40xx_profiling_freq_get, .profiling_freq_drive = ivpu_hw_40xx_profiling_freq_drive, .reg_pll_freq_get = ivpu_hw_40xx_reg_pll_freq_get, + .ratio_to_freq = ivpu_hw_40xx_ratio_to_freq, .reg_telemetry_offset_get = ivpu_hw_40xx_reg_telemetry_offset_get, .reg_telemetry_size_get = ivpu_hw_40xx_reg_telemetry_size_get, .reg_telemetry_enable_get = ivpu_hw_40xx_reg_telemetry_enable_get, -- 2.43.2

1 year, 2 months

2
2
0 0

[PATCH v5 00/10] x86/sev: KEXEC/KDUMP support for SEV-ES guests

by vsntk18＠gmail.com

From: Vasant Karasulli <vkarasulli(a)suse.de> Hi, here are changes to enable kexec/kdump in SEV-ES guests. The biggest problem for supporting kexec/kdump under SEV-ES is to find a way to hand the non-boot CPUs (APs) from one kernel to another. Without SEV-ES the first kernel parks the CPUs in a HLT loop until they get reset by the kexec'ed kernel via an INIT-SIPI-SIPI sequence. For virtual machines the CPU reset is emulated by the hypervisor, which sets the vCPU registers back to reset state. This does not work under SEV-ES, because the hypervisor has no access to the vCPU registers and can't make modifications to them. So an SEV-ES guest needs to reset the vCPU itself and park it using the AP-reset-hold protocol. Upon wakeup the guest needs to jump to real-mode and to the reset-vector configured in the AP-Jump-Table. The code to do this is the main part of this patch-set. It works by placing code on the AP Jump-Table page itself to park the vCPU and for jumping to the reset vector upon wakeup. The code on the AP Jump Table runs in 16-bit protected mode with segment base set to the beginning of the page. The AP Jump-Table is usually not within the first 1MB of memory, so the code can't run in real-mode. The AP Jump-Table is the best place to put the parking code, because the memory is owned, but read-only by the firmware and writeable by the OS. Only the first 4 bytes are used for the reset-vector, leaving the rest of the page for code/data/stack to park a vCPU. The code can't be in kernel memory because by the time the vCPU wakes up the memory will be owned by the new kernel, which might have overwritten it already. The other patches add initial GHCB Version 2 protocol support, because kexec/kdump need the MSR-based (without a GHCB) AP-reset-hold VMGEXIT, which is a GHCB protocol version 2 feature. The kexec'ed kernel is also entered via the decompressor and needs MMIO support there, so this patch-set also adds MMIO #VC support to the decompressor and support for handling CLFLUSH instructions. Finally there is also code to disable kexec/kdump support at runtime when the environment does not support it (e.g. no GHCB protocol version 2 support or AP Jump Table over 4GB). The diffstat looks big, but most of it is moving code for MMIO #VC support around to make it available to the decompressor. The previous version of this patch-set can be found here: https://lore.kernel.org/kvm/20240311161727.14916-1-vsntk18@gmail.com/ Please review. Thanks, Vasant Changes v4->v5: - Rebased to v6.9-rc2 kernel - Applied review comments by Tom Lendacky - Exclude the AP jump table related code for SEV-SNP guests Changes v3->v4: - Rebased to v6.8 kernel - Applied review comments by Sean Christopherson - Combined sev_es_setup_ap_jump_table() and sev_setup_ap_jump_table() into a single function which makes caching jump table address unnecessary - annotated struct sev_ap_jump_table_header with __packed attribute - added code to set up real mode data segment at boot time instead of hardcoding the value. Changes v2->v3: - Rebased to v5.17-rc1 - Applied most review comments by Boris - Use the name 'AP jump table' consistently - Make kexec-disabling for unsupported guests x86-specific - Cleanup and consolidate patches to detect GHCB v2 protocol support Joerg Roedel (9): x86/kexec/64: Disable kexec when SEV-ES is active x86/sev: Save and print negotiated GHCB protocol version x86/sev: Set GHCB data structure version x86/sev: Setup code to park APs in the AP Jump Table x86/sev: Park APs on AP Jump Table with GHCB protocol version 2 x86/sev: Use AP Jump Table blob to stop CPU x86/sev: Add MMIO handling support to boot/compressed/ code x86/sev: Handle CLFLUSH MMIO events x86/kexec/64: Support kexec under SEV-ES with AP Jump Table Blob Vasant Karasulli (1): x86/sev: Exclude AP jump table related code for SEV-SNP guests arch/x86/boot/compressed/sev.c | 45 +- arch/x86/include/asm/insn-eval.h | 1 + arch/x86/include/asm/realmode.h | 5 + arch/x86/include/asm/sev-ap-jumptable.h | 30 + arch/x86/include/asm/sev.h | 7 + arch/x86/kernel/machine_kexec_64.c | 12 + arch/x86/kernel/process.c | 8 + arch/x86/kernel/sev-shared.c | 234 +++++- arch/x86/kernel/sev.c | 376 +++++----- arch/x86/lib/insn-eval-shared.c | 921 ++++++++++++++++++++++++ arch/x86/lib/insn-eval.c | 911 +---------------------- arch/x86/realmode/Makefile | 9 +- arch/x86/realmode/init.c | 5 +- arch/x86/realmode/rm/Makefile | 11 +- arch/x86/realmode/rm/header.S | 3 + arch/x86/realmode/rm/sev.S | 85 +++ arch/x86/realmode/rmpiggy.S | 6 + arch/x86/realmode/sev/Makefile | 33 + arch/x86/realmode/sev/ap_jump_table.S | 131 ++++ arch/x86/realmode/sev/ap_jump_table.lds | 24 + 20 files changed, 1711 insertions(+), 1146 deletions(-) create mode 100644 arch/x86/include/asm/sev-ap-jumptable.h create mode 100644 arch/x86/lib/insn-eval-shared.c create mode 100644 arch/x86/realmode/rm/sev.S create mode 100644 arch/x86/realmode/sev/Makefile create mode 100644 arch/x86/realmode/sev/ap_jump_table.S create mode 100644 arch/x86/realmode/sev/ap_jump_table.lds base-commit: 39cd87c4eb2b893354f3b850f916353f2658ae6f -- 2.34.1

1 year, 2 months

2
10
0 0

[PATCH] spmi: hisi-spmi-controller: Do not override device identifier

by Vamshi Gajjela

'nr' member of struct spmi_controller, which serves as an identifier for the controller/bus. This value is a dynamic ID assigned in spmi_controller_alloc, and overriding it from the driver results in an ida_free error "ida_free called for id=xx which is not allocated". Signed-off-by: Vamshi Gajjela <vamshigajjela(a)google.com> Fixes: 70f59c90c819 ("staging: spmi: add Hikey 970 SPMI controller driver") Cc: stable(a)vger.kernel.org --- drivers/spmi/hisi-spmi-controller.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/spmi/hisi-spmi-controller.c b/drivers/spmi/hisi-spmi-controller.c index 674a350cc676..fa068b34b040 100644 --- a/drivers/spmi/hisi-spmi-controller.c +++ b/drivers/spmi/hisi-spmi-controller.c @@ -300,7 +300,6 @@ static int spmi_controller_probe(struct platform_device *pdev) spin_lock_init(&spmi_controller->lock); - ctrl->nr = spmi_controller->channel; ctrl->dev.parent = pdev->dev.parent; ctrl->dev.of_node = of_node_get(pdev->dev.of_node); -- 2.44.0.rc1.240.g4c46232300-goog

1 year, 2 months

4
3
0 0

[PATCH AUTOSEL 6.8 01/28] tools: iio: replace seekdir() in iio_generic_buffer

by Sasha Levin

From: Petre Rodan <petre.rodan(a)subdimension.ro> [ Upstream commit 4e6500bfa053dc133021f9c144261b77b0ba7dc8 ] Replace seekdir() with rewinddir() in order to fix a localized glibc bug. One of the glibc patches that stable Gentoo is using causes an improper directory stream positioning bug on 32bit arm. That in turn ends up as a floating point exception in iio_generic_buffer. The attached patch provides a fix by using an equivalent function which should not cause trouble for other distros and is easier to reason about in general as it obviously always goes back to to the start. https://sourceware.org/bugzilla/show_bug.cgi?id=31212 Signed-off-by: Petre Rodan <petre.rodan(a)subdimension.ro> Link: https://lore.kernel.org/r/20240108103224.3986-1-petre.rodan@subdimension.ro Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/iio/iio_utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/iio/iio_utils.c b/tools/iio/iio_utils.c index 6a00a6eecaef0..c5c5082cb24e5 100644 --- a/tools/iio/iio_utils.c +++ b/tools/iio/iio_utils.c @@ -376,7 +376,7 @@ int build_channel_array(const char *device_dir, int buffer_idx, goto error_close_dir; } - seekdir(dp, 0); + rewinddir(dp); while (ent = readdir(dp), ent) { if (strcmp(ent->d_name + strlen(ent->d_name) - strlen("_en"), "_en") == 0) { -- 2.43.0

1 year, 2 months

2
29
0 0

[PATCH AUTOSEL 6.1 01/52] drm/vc4: don't check if plane->state->fb == state->fb

by Sasha Levin

From: Maíra Canal <mcanal(a)igalia.com> [ Upstream commit 5ee0d47dcf33efd8950b347dcf4d20bab12a3fa9 ] Currently, when using non-blocking commits, we can see the following kernel warning: [ 110.908514] ------------[ cut here ]------------ [ 110.908529] refcount_t: underflow; use-after-free. [ 110.908620] WARNING: CPU: 0 PID: 1866 at lib/refcount.c:87 refcount_dec_not_one+0xb8/0xc0 [ 110.908664] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device cmac algif_hash aes_arm64 aes_generic algif_skcipher af_alg bnep hid_logitech_hidpp vc4 brcmfmac hci_uart btbcm brcmutil bluetooth snd_soc_hdmi_codec cfg80211 cec drm_display_helper drm_dma_helper drm_kms_helper snd_soc_core snd_compress snd_pcm_dmaengine fb_sys_fops sysimgblt syscopyarea sysfillrect raspberrypi_hwmon ecdh_generic ecc rfkill libaes i2c_bcm2835 binfmt_misc joydev snd_bcm2835(C) bcm2835_codec(C) bcm2835_isp(C) v4l2_mem2mem videobuf2_dma_contig snd_pcm bcm2835_v4l2(C) raspberrypi_gpiomem bcm2835_mmal_vchiq(C) videobuf2_v4l2 snd_timer videobuf2_vmalloc videobuf2_memops videobuf2_common snd videodev vc_sm_cma(C) mc hid_logitech_dj uio_pdrv_genirq uio i2c_dev drm fuse dm_mod drm_panel_orientation_quirks backlight ip_tables x_tables ipv6 [ 110.909086] CPU: 0 PID: 1866 Comm: kodi.bin Tainted: G C 6.1.66-v8+ #32 [ 110.909104] Hardware name: Raspberry Pi 3 Model B Rev 1.2 (DT) [ 110.909114] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 110.909132] pc : refcount_dec_not_one+0xb8/0xc0 [ 110.909152] lr : refcount_dec_not_one+0xb4/0xc0 [ 110.909170] sp : ffffffc00913b9c0 [ 110.909177] x29: ffffffc00913b9c0 x28: 000000556969bbb0 x27: 000000556990df60 [ 110.909205] x26: 0000000000000002 x25: 0000000000000004 x24: ffffff8004448480 [ 110.909230] x23: ffffff800570b500 x22: ffffff802e03a7bc x21: ffffffecfca68c78 [ 110.909257] x20: ffffff8002b42000 x19: ffffff802e03a600 x18: 0000000000000000 [ 110.909283] x17: 0000000000000011 x16: ffffffffffffffff x15: 0000000000000004 [ 110.909308] x14: 0000000000000fff x13: ffffffed577e47e0 x12: 0000000000000003 [ 110.909333] x11: 0000000000000000 x10: 0000000000000027 x9 : c912d0d083728c00 [ 110.909359] x8 : c912d0d083728c00 x7 : 65646e75203a745f x6 : 746e756f63666572 [ 110.909384] x5 : ffffffed579f62ee x4 : ffffffed579eb01e x3 : 0000000000000000 [ 110.909409] x2 : 0000000000000000 x1 : ffffffc00913b750 x0 : 0000000000000001 [ 110.909434] Call trace: [ 110.909441] refcount_dec_not_one+0xb8/0xc0 [ 110.909461] vc4_bo_dec_usecnt+0x4c/0x1b0 [vc4] [ 110.909903] vc4_cleanup_fb+0x44/0x50 [vc4] [ 110.910315] drm_atomic_helper_cleanup_planes+0x88/0xa4 [drm_kms_helper] [ 110.910669] vc4_atomic_commit_tail+0x390/0x9dc [vc4] [ 110.911079] commit_tail+0xb0/0x164 [drm_kms_helper] [ 110.911397] drm_atomic_helper_commit+0x1d0/0x1f0 [drm_kms_helper] [ 110.911716] drm_atomic_commit+0xb0/0xdc [drm] [ 110.912569] drm_mode_atomic_ioctl+0x348/0x4b8 [drm] [ 110.913330] drm_ioctl_kernel+0xec/0x15c [drm] [ 110.914091] drm_ioctl+0x24c/0x3b0 [drm] [ 110.914850] __arm64_sys_ioctl+0x9c/0xd4 [ 110.914873] invoke_syscall+0x4c/0x114 [ 110.914897] el0_svc_common+0xd0/0x118 [ 110.914917] do_el0_svc+0x38/0xd0 [ 110.914936] el0_svc+0x30/0x8c [ 110.914958] el0t_64_sync_handler+0x84/0xf0 [ 110.914979] el0t_64_sync+0x18c/0x190 [ 110.914996] ---[ end trace 0000000000000000 ]--- This happens because, although `prepare_fb` and `cleanup_fb` are perfectly balanced, we cannot guarantee consistency in the check plane->state->fb == state->fb. This means that sometimes we can increase the refcount in `prepare_fb` and don't decrease it in `cleanup_fb`. The opposite can also be true. In fact, the struct drm_plane .state shouldn't be accessed directly but instead, the `drm_atomic_get_new_plane_state()` helper function should be used. So, we could stick to this check, but using `drm_atomic_get_new_plane_state()`. But actually, this check is not really needed. We can increase and decrease the refcount symmetrically without problems. This is going to make the code more simple and consistent. Signed-off-by: Maíra Canal <mcanal(a)igalia.com> Acked-by: Maxime Ripard <mripard(a)kernel.org> Link: https://patchwork.freedesktop.org/patch/msgid/20240105175908.242000-1-mcana… Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/gpu/drm/vc4/vc4_plane.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/drivers/gpu/drm/vc4/vc4_plane.c b/drivers/gpu/drm/vc4/vc4_plane.c index eb08020154f30..7e6648b277b25 100644 --- a/drivers/gpu/drm/vc4/vc4_plane.c +++ b/drivers/gpu/drm/vc4/vc4_plane.c @@ -1415,9 +1415,6 @@ static int vc4_prepare_fb(struct drm_plane *plane, drm_gem_plane_helper_prepare_fb(plane, state); - if (plane->state->fb == state->fb) - return 0; - return vc4_bo_inc_usecnt(bo); } @@ -1426,7 +1423,7 @@ static void vc4_cleanup_fb(struct drm_plane *plane, { struct vc4_bo *bo; - if (plane->state->fb == state->fb || !state->fb) + if (!state->fb) return; bo = to_vc4_bo(&drm_fb_dma_get_gem_obj(state->fb, 0)->base); -- 2.43.0

1 year, 2 months

2
53
0 0

[PATCH AUTOSEL 6.6 01/75] drm/vc4: don't check if plane->state->fb == state->fb

by Sasha Levin

From: Maíra Canal <mcanal(a)igalia.com> [ Upstream commit 5ee0d47dcf33efd8950b347dcf4d20bab12a3fa9 ] Currently, when using non-blocking commits, we can see the following kernel warning: [ 110.908514] ------------[ cut here ]------------ [ 110.908529] refcount_t: underflow; use-after-free. [ 110.908620] WARNING: CPU: 0 PID: 1866 at lib/refcount.c:87 refcount_dec_not_one+0xb8/0xc0 [ 110.908664] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device cmac algif_hash aes_arm64 aes_generic algif_skcipher af_alg bnep hid_logitech_hidpp vc4 brcmfmac hci_uart btbcm brcmutil bluetooth snd_soc_hdmi_codec cfg80211 cec drm_display_helper drm_dma_helper drm_kms_helper snd_soc_core snd_compress snd_pcm_dmaengine fb_sys_fops sysimgblt syscopyarea sysfillrect raspberrypi_hwmon ecdh_generic ecc rfkill libaes i2c_bcm2835 binfmt_misc joydev snd_bcm2835(C) bcm2835_codec(C) bcm2835_isp(C) v4l2_mem2mem videobuf2_dma_contig snd_pcm bcm2835_v4l2(C) raspberrypi_gpiomem bcm2835_mmal_vchiq(C) videobuf2_v4l2 snd_timer videobuf2_vmalloc videobuf2_memops videobuf2_common snd videodev vc_sm_cma(C) mc hid_logitech_dj uio_pdrv_genirq uio i2c_dev drm fuse dm_mod drm_panel_orientation_quirks backlight ip_tables x_tables ipv6 [ 110.909086] CPU: 0 PID: 1866 Comm: kodi.bin Tainted: G C 6.1.66-v8+ #32 [ 110.909104] Hardware name: Raspberry Pi 3 Model B Rev 1.2 (DT) [ 110.909114] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 110.909132] pc : refcount_dec_not_one+0xb8/0xc0 [ 110.909152] lr : refcount_dec_not_one+0xb4/0xc0 [ 110.909170] sp : ffffffc00913b9c0 [ 110.909177] x29: ffffffc00913b9c0 x28: 000000556969bbb0 x27: 000000556990df60 [ 110.909205] x26: 0000000000000002 x25: 0000000000000004 x24: ffffff8004448480 [ 110.909230] x23: ffffff800570b500 x22: ffffff802e03a7bc x21: ffffffecfca68c78 [ 110.909257] x20: ffffff8002b42000 x19: ffffff802e03a600 x18: 0000000000000000 [ 110.909283] x17: 0000000000000011 x16: ffffffffffffffff x15: 0000000000000004 [ 110.909308] x14: 0000000000000fff x13: ffffffed577e47e0 x12: 0000000000000003 [ 110.909333] x11: 0000000000000000 x10: 0000000000000027 x9 : c912d0d083728c00 [ 110.909359] x8 : c912d0d083728c00 x7 : 65646e75203a745f x6 : 746e756f63666572 [ 110.909384] x5 : ffffffed579f62ee x4 : ffffffed579eb01e x3 : 0000000000000000 [ 110.909409] x2 : 0000000000000000 x1 : ffffffc00913b750 x0 : 0000000000000001 [ 110.909434] Call trace: [ 110.909441] refcount_dec_not_one+0xb8/0xc0 [ 110.909461] vc4_bo_dec_usecnt+0x4c/0x1b0 [vc4] [ 110.909903] vc4_cleanup_fb+0x44/0x50 [vc4] [ 110.910315] drm_atomic_helper_cleanup_planes+0x88/0xa4 [drm_kms_helper] [ 110.910669] vc4_atomic_commit_tail+0x390/0x9dc [vc4] [ 110.911079] commit_tail+0xb0/0x164 [drm_kms_helper] [ 110.911397] drm_atomic_helper_commit+0x1d0/0x1f0 [drm_kms_helper] [ 110.911716] drm_atomic_commit+0xb0/0xdc [drm] [ 110.912569] drm_mode_atomic_ioctl+0x348/0x4b8 [drm] [ 110.913330] drm_ioctl_kernel+0xec/0x15c [drm] [ 110.914091] drm_ioctl+0x24c/0x3b0 [drm] [ 110.914850] __arm64_sys_ioctl+0x9c/0xd4 [ 110.914873] invoke_syscall+0x4c/0x114 [ 110.914897] el0_svc_common+0xd0/0x118 [ 110.914917] do_el0_svc+0x38/0xd0 [ 110.914936] el0_svc+0x30/0x8c [ 110.914958] el0t_64_sync_handler+0x84/0xf0 [ 110.914979] el0t_64_sync+0x18c/0x190 [ 110.914996] ---[ end trace 0000000000000000 ]--- This happens because, although `prepare_fb` and `cleanup_fb` are perfectly balanced, we cannot guarantee consistency in the check plane->state->fb == state->fb. This means that sometimes we can increase the refcount in `prepare_fb` and don't decrease it in `cleanup_fb`. The opposite can also be true. In fact, the struct drm_plane .state shouldn't be accessed directly but instead, the `drm_atomic_get_new_plane_state()` helper function should be used. So, we could stick to this check, but using `drm_atomic_get_new_plane_state()`. But actually, this check is not really needed. We can increase and decrease the refcount symmetrically without problems. This is going to make the code more simple and consistent. Signed-off-by: Maíra Canal <mcanal(a)igalia.com> Acked-by: Maxime Ripard <mripard(a)kernel.org> Link: https://patchwork.freedesktop.org/patch/msgid/20240105175908.242000-1-mcana… Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/gpu/drm/vc4/vc4_plane.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/drivers/gpu/drm/vc4/vc4_plane.c b/drivers/gpu/drm/vc4/vc4_plane.c index 00e713faecd5a..5948e34f7f813 100644 --- a/drivers/gpu/drm/vc4/vc4_plane.c +++ b/drivers/gpu/drm/vc4/vc4_plane.c @@ -1505,9 +1505,6 @@ static int vc4_prepare_fb(struct drm_plane *plane, drm_gem_plane_helper_prepare_fb(plane, state); - if (plane->state->fb == state->fb) - return 0; - return vc4_bo_inc_usecnt(bo); } @@ -1516,7 +1513,7 @@ static void vc4_cleanup_fb(struct drm_plane *plane, { struct vc4_bo *bo; - if (plane->state->fb == state->fb || !state->fb) + if (!state->fb) return; bo = to_vc4_bo(&drm_fb_dma_get_gem_obj(state->fb, 0)->base); -- 2.43.0

1 year, 2 months

2
76
0 0

[PATCH AUTOSEL 6.8 01/68] wifi: ath9k: fix LNA selection in ath_ant_try_scan()

by Sasha Levin

From: Dmitry Antipov <dmantipov(a)yandex.ru> [ Upstream commit d6b27eb997ef9a2aa51633b3111bc4a04748e6d3 ] In 'ath_ant_try_scan()', (most likely) the 2nd LNA's signal strength should be used in comparison against RSSI when selecting first LNA as the main one. Compile tested only. Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by: Dmitry Antipov <dmantipov(a)yandex.ru> Acked-by: Toke Høiland-Jørgensen <toke(a)toke.dk> Signed-off-by: Kalle Valo <quic_kvalo(a)quicinc.com> Link: https://msgid.link/20231211172502.25202-1-dmantipov@yandex.ru Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/net/wireless/ath/ath9k/antenna.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/wireless/ath/ath9k/antenna.c b/drivers/net/wireless/ath/ath9k/antenna.c index 988222cea9dfe..acc84e6711b0e 100644 --- a/drivers/net/wireless/ath/ath9k/antenna.c +++ b/drivers/net/wireless/ath/ath9k/antenna.c @@ -643,7 +643,7 @@ static void ath_ant_try_scan(struct ath_ant_comb *antcomb, conf->main_lna_conf = ATH_ANT_DIV_COMB_LNA1; conf->alt_lna_conf = ATH_ANT_DIV_COMB_LNA1_PLUS_LNA2; } else if (antcomb->rssi_sub > - antcomb->rssi_lna1) { + antcomb->rssi_lna2) { /* set to A-B */ conf->main_lna_conf = ATH_ANT_DIV_COMB_LNA1; conf->alt_lna_conf = ATH_ANT_DIV_COMB_LNA1_MINUS_LNA2; -- 2.43.0

1 year, 2 months

3
72
0 0

[PATCH v2] phy: freescale: imx8m-pcie: fix pcie link-up instability

by Marcel Ziswiler

From: Marcel Ziswiler <marcel.ziswiler(a)toradex.com> On the i.MX 8M Mini, the AUX_PLL_REFCLK_SEL has to be left at its reset default of AUX_IN (PLL clock). Background Information: In our automated testing setup, we use Delock Mini-PCIe SATA cards [1]. While this setup has proven very stable overall we noticed upstream on the i.MX 8M Mini fails quite regularly (about 50/50) to bring up the PCIe link while with NXP's downstream BSP 5.15.71_2.2.2 it always works. As that old downstream stuff was quite different, I first also tried NXP's latest downstream BSP 6.1.55_2.2.0 which from a PCIe point of view is fairly vanilla, however, also there the PCIe link-up was not stable. Comparing and debugging I noticed that upstream explicitly configures the AUX_PLL_REFCLK_SEL to I_PLL_REFCLK_FROM_SYSPLL while working downstream [2] leaving it at reset defaults of AUX_IN (PLL clock). Unfortunately, the TRM does not mention any further details about this register (both for the i.MX 8M Mini as well as the Plus). NXP confirmed their validation codes for the i.MX8MM PCIe doesn't configure cmn_reg063 (offset: 0x18C). BTW: On the i.MX 8M Plus we have not seen any issues with PCIe with the exact same setup which is why I left it unchanged. [1] https://www.delock.com/produkt/95233/merkmale.html [2] https://github.com/nxp-imx/linux-imx/blob/lf-5.15.71-2.2.0/drivers/pci/cont… Fixes: 1aa97b002258 ("phy: freescale: pcie: Initialize the imx8 pcie standalone phy driver") Cc: stable(a)vger.kernel.org # 6.1.x: ca679c49: phy: freescale: imx8m-pcie: Refine i.MX8MM PCIe PHY driver Cc: stable(a)vger.kernel.org # 6.1.x Signed-off-by: Marcel Ziswiler <marcel.ziswiler(a)toradex.com> Reviewed-by: Richard Zhu <hongxing.zhu(a)nxp.com> Link: https://lore.kernel.org/all/AS8PR04MB867661386FEA07649771FBE18C362@AS8PR04M… --- Changes in v2: - Reword the commmit message. - Meld the background information from the cover letter into the commit message as suggested by Fabio. Thanks! - Document NXP's confirmation from their validation codes and add Richard Zhu's reviewed-by. Thanks! drivers/phy/freescale/phy-fsl-imx8m-pcie.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/phy/freescale/phy-fsl-imx8m-pcie.c b/drivers/phy/freescale/phy-fsl-imx8m-pcie.c index b700f52b7b67..11fcb1867118 100644 --- a/drivers/phy/freescale/phy-fsl-imx8m-pcie.c +++ b/drivers/phy/freescale/phy-fsl-imx8m-pcie.c @@ -110,8 +110,10 @@ static int imx8_pcie_phy_power_on(struct phy *phy) /* Source clock from SoC internal PLL */ writel(ANA_PLL_CLK_OUT_TO_EXT_IO_SEL, imx8_phy->base + IMX8MM_PCIE_PHY_CMN_REG062); - writel(AUX_PLL_REFCLK_SEL_SYS_PLL, - imx8_phy->base + IMX8MM_PCIE_PHY_CMN_REG063); + if (imx8_phy->drvdata->variant != IMX8MM) { + writel(AUX_PLL_REFCLK_SEL_SYS_PLL, + imx8_phy->base + IMX8MM_PCIE_PHY_CMN_REG063); + } val = ANA_AUX_RX_TX_SEL_TX | ANA_AUX_TX_TERM; writel(val | ANA_AUX_RX_TERM_GND_EN, imx8_phy->base + IMX8MM_PCIE_PHY_CMN_REG064); -- 2.44.0

1 year, 2 months

3
3
0 0

[PATCH v3] rust: make mutually exclusive with CFI_CLANG

by Conor Dooley

From: Conor Dooley <conor.dooley(a)microchip.com> On RISC-V and arm64, and presumably x86, if CFI_CLANG is enabled, loading a rust module will trigger a kernel panic. Support for sanitisers, including kcfi (CFI_CLANG), is in the works, but for now they're nightly-only options in rustc. Make RUST depend on !CFI_CLANG to prevent configuring a kernel without symmetrical support for kfi. Fixes: 2f7ab1267dc9 ("Kbuild: add Rust support") cc: stable(a)vger.kernel.org Signed-off-by: Conor Dooley <conor.dooley(a)microchip.com> --- Sending this one on its own, there's no explicit dep on this for the riscv enabling patch, v3 to continue the numbering from there. Nothing has changed since v2. CC: Miguel Ojeda <ojeda(a)kernel.org> CC: Alex Gaynor <alex.gaynor(a)gmail.com> CC: Wedson Almeida Filho <wedsonaf(a)gmail.com> CC: linux-kernel(a)vger.kernel.org (open list) CC: rust-for-linux(a)vger.kernel.org CC: Sami Tolvanen <samitolvanen(a)google.com> CC: Kees Cook <keescook(a)chromium.org> CC: Nathan Chancellor <nathan(a)kernel.org> CC: llvm(a)lists.linux.dev --- init/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/init/Kconfig b/init/Kconfig index aa02aec6aa7d..ad9a2da27dc9 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -1899,6 +1899,7 @@ config RUST bool "Rust support" depends on HAVE_RUST depends on RUST_IS_AVAILABLE + depends on !CFI_CLANG depends on !MODVERSIONS depends on !GCC_PLUGINS depends on !RANDSTRUCT -- 2.43.0

1 year, 2 months

5
8
0 0

[PATCH v4] rust: init: remove impl Zeroable for Infallible

by Laine Taffin Altman

In Rust, producing an invalid value of any type is immediate undefined behavior (UB); this includes via zeroing memory. Therefore, since an uninhabited type has no valid values, producing any values at all for it is UB. The Rust standard library type `core::convert::Infallible` is uninhabited, by virtue of having been declared as an enum with no cases, which always produces uninhabited types in Rust. The current kernel code allows this UB to be triggered, for example by code like `Box::<core::convert::Infallible>::init(kernel::init::zeroed())`. Thus, remove the implementation of `Zeroable` for `Infallible`, thereby avoiding the unsoundness (potential for future UB). Cc: stable(a)vger.kernel.org Fixes: 38cde0bd7b67 ("rust: init: add `Zeroable` trait and `init::zeroed` function") Closes: https://github.com/Rust-for-Linux/pinned-init/pull/13 Signed-off-by: Laine Taffin Altman <alexanderaltman(a)me.com> Reviewed-by: Alice Ryhl <aliceryhl(a)google.com> Reviewed-by: Boqun Feng <boqun.feng(a)gmail.com> --- V3 -> V4: Address review nits; run checkpatch properly. V2 -> V3: Email formatting correction. V1 -> V2: Added more documentation to the comment, with links; also added more details to the commit message. rust/kernel/init.rs | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/rust/kernel/init.rs b/rust/kernel/init.rs index 424257284d16..3859c7ff81b7 100644 --- a/rust/kernel/init.rs +++ b/rust/kernel/init.rs @@ -1292,8 +1292,15 @@ macro_rules! impl_zeroable { i8, i16, i32, i64, i128, isize, f32, f64, - // SAFETY: These are ZSTs, there is nothing to zero. - {<T: ?Sized>} PhantomData<T>, core::marker::PhantomPinned, Infallible, (), + // Note: do not add uninhabited types (such as `!` or `core::convert::Infallible`) to this list; + // creating an instance of an uninhabited type is immediate undefined behavior. For more on + // uninhabited/empty types, consult The Rustonomicon: + // https://doc.rust-lang.org/stable/nomicon/exotic-sizes.html#empty-types The Rust Reference + // also has information on undefined behavior: + // https://doc.rust-lang.org/stable/reference/behavior-considered-undefined.ht… + // + // SAFETY: These are inhabited ZSTs; there is nothing to zero and a valid value exists. + {<T: ?Sized>} PhantomData<T>, core::marker::PhantomPinned, (), // SAFETY: Type is allowed to take any value, including all zeros. {<T>} MaybeUninit<T>, base-commit: c85af715cac0a951eea97393378e84bb49384734 -- 2.44.0

1 year, 2 months

3
6
0 0

Re: Patch "usb: typec: ucsi: Check for notifications after init" has been added to the 6.8-stable tree

by Christian Ehrhardt

Hi Sasha, On Sun, Apr 07, 2024 at 08:53:40AM -0400, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > usb: typec: ucsi: Check for notifications after init > > to the 6.8-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… This patch contains an out of bounds memory access and should not be included in the stable backports until a fix is available. A fix is already queued in Greg's usb-linus branch. Please drop the above patch from all stable trees for now. Sorry for the inconvenience. > The filename of the patch is: > usb-typec-ucsi-check-for-notifications-after-init.patch > and it can be found in the queue-6.8 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit 903bfed719f3e87b607956bbe4d855c71831a43a > Author: Christian A. Ehrhardt <lk(a)c--e.de> > Date: Wed Mar 20 08:39:23 2024 +0100 > > usb: typec: ucsi: Check for notifications after init > > [ Upstream commit 808a8b9e0b87bbc72bcc1f7ddfe5d04746e7ce56 ] > > The completion notification for the final SET_NOTIFICATION_ENABLE > command during initialization can include a connector change > notification. However, at the time this completion notification is > processed, the ucsi struct is not ready to handle this notification. > As a result the notification is ignored and the controller > never sends an interrupt again. > > Re-check CCI for a pending connector state change after > initialization is complete. Adjust the corresponding debug > message accordingly. > > Fixes: 71a1fa0df2a3 ("usb: typec: ucsi: Store the notification mask") > Cc: stable(a)vger.kernel.org > Signed-off-by: Christian A. Ehrhardt <lk(a)c--e.de> > Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> > Tested-by: Neil Armstrong <neil.armstrong(a)linaro.org> # on SM8550-QRD > Link: https://lore.kernel.org/r/20240320073927.1641788-3-lk@c--e.de > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/drivers/usb/typec/ucsi/ucsi.c b/drivers/usb/typec/ucsi/ucsi.c > index 0bfe5e906e543..96da828f556a9 100644 > --- a/drivers/usb/typec/ucsi/ucsi.c > +++ b/drivers/usb/typec/ucsi/ucsi.c > @@ -962,7 +962,7 @@ void ucsi_connector_change(struct ucsi *ucsi, u8 num) > struct ucsi_connector *con = &ucsi->connector[num - 1]; > > if (!(ucsi->ntfy & UCSI_ENABLE_NTFY_CONNECTOR_CHANGE)) { > - dev_dbg(ucsi->dev, "Bogus connector change event\n"); > + dev_dbg(ucsi->dev, "Early connector change event\n"); > return; > } > > @@ -1393,6 +1393,7 @@ static int ucsi_init(struct ucsi *ucsi) > { > struct ucsi_connector *con, *connector; > u64 command, ntfy; > + u32 cci; > int ret; > int i; > > @@ -1445,6 +1446,13 @@ static int ucsi_init(struct ucsi *ucsi) > > ucsi->connector = connector; > ucsi->ntfy = ntfy; > + > + ret = ucsi->ops->read(ucsi, UCSI_CCI, &cci, sizeof(cci)); > + if (ret) > + return ret; > + if (UCSI_CCI_CONNECTOR(READ_ONCE(cci))) > + ucsi_connector_change(ucsi, cci); > + > return 0; > > err_unregister: > Best regards Christian

1 year, 2 months

1
0
0 0

[PATCH 0/3] dmaengine: xilinx: xdma: Various fixes for xdma

by Louis Chauvet

The current driver have some issues, this series fixes them. PATCH 1 is fixing a wrong offset computation in the dma descriptor address PATCH 2 is fixing the xdma_synchronize callback, which was not waiting properly for the last transfer. PATCH 3 is clarifing the documentation for xdma_fill_descs --- Louis Chauvet (1): dmaengine: xilinx: xdma: Fix synchronization issue Miquel Raynal (2): dmaengine: xilinx: xdma: Fix wrong offsets in the buffers addresses in dma descriptor dmaengine: xilinx: xdma: Clarify kdoc in XDMA driver drivers/dma/xilinx/xdma-regs.h | 3 +++ drivers/dma/xilinx/xdma.c | 42 +++++++++++++++++++++++++++--------------- 2 files changed, 30 insertions(+), 15 deletions(-) --- base-commit: 8e938e39866920ddc266898e6ae1fffc5c8f51aa change-id: 20240322-digigram-xdma-fixes-aa13451b7474 Best regards, -- Louis Chauvet <louis.chauvet(a)bootlin.com>

1 year, 2 months

5
9
0 0

[PATCH net v4] virtio_net: Do not send RSS key if it is not supported

by Breno Leitao

There is a bug when setting the RSS options in virtio_net that can break the whole machine, getting the kernel into an infinite loop. Running the following command in any QEMU virtual machine with virtionet will reproduce this problem: # ethtool -X eth0 hfunc toeplitz This is how the problem happens: 1) ethtool_set_rxfh() calls virtnet_set_rxfh() 2) virtnet_set_rxfh() calls virtnet_commit_rss_command() 3) virtnet_commit_rss_command() populates 4 entries for the rss scatter-gather 4) Since the command above does not have a key, then the last scatter-gatter entry will be zeroed, since rss_key_size == 0. sg_buf_size = vi->rss_key_size; 5) This buffer is passed to qemu, but qemu is not happy with a buffer with zero length, and do the following in virtqueue_map_desc() (QEMU function): if (!sz) { virtio_error(vdev, "virtio: zero sized buffers are not allowed"); 6) virtio_error() (also QEMU function) set the device as broken vdev->broken = true; 7) Qemu bails out, and do not repond this crazy kernel. 8) The kernel is waiting for the response to come back (function virtnet_send_command()) 9) The kernel is waiting doing the following : while (!virtqueue_get_buf(vi->cvq, &tmp) && !virtqueue_is_broken(vi->cvq)) cpu_relax(); 10) None of the following functions above is true, thus, the kernel loops here forever. Keeping in mind that virtqueue_is_broken() does not look at the qemu `vdev->broken`, so, it never realizes that the vitio is broken at QEMU side. Fix it by not sending RSS commands if the feature is not available in the device. Fixes: c7114b1249fa ("drivers/net/virtio_net: Added basic RSS support.") Cc: stable(a)vger.kernel.org Cc: qemu-devel(a)nongnu.org Signed-off-by: Breno Leitao <leitao(a)debian.org> Reviewed-by: Heng Qi <hengqi(a)linux.alibaba.com> --- Changelog: V2: * Moved from creating a valid packet, by rejecting the request completely. V3: * Got some good feedback from and Xuan Zhuo and Heng Qi, and reworked the rejection path. V4: * Added a comment in an "if" clause, as suggested by Michael S. Tsirkin. --- drivers/net/virtio_net.c | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c index c22d1118a133..115c3c5414f2 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -3807,6 +3807,7 @@ static int virtnet_set_rxfh(struct net_device *dev, struct netlink_ext_ack *extack) { struct virtnet_info *vi = netdev_priv(dev); + bool update = false; int i; if (rxfh->hfunc != ETH_RSS_HASH_NO_CHANGE && @@ -3814,13 +3815,28 @@ static int virtnet_set_rxfh(struct net_device *dev, return -EOPNOTSUPP; if (rxfh->indir) { + if (!vi->has_rss) + return -EOPNOTSUPP; + for (i = 0; i < vi->rss_indir_table_size; ++i) vi->ctrl->rss.indirection_table[i] = rxfh->indir[i]; + update = true; } - if (rxfh->key) + + if (rxfh->key) { + /* If either _F_HASH_REPORT or _F_RSS are negotiated, the + * device provides hash calculation capabilities, that is, + * hash_key is configured. + */ + if (!vi->has_rss && !vi->has_rss_hash_report) + return -EOPNOTSUPP; + memcpy(vi->ctrl->rss.key, rxfh->key, vi->rss_key_size); + update = true; + } - virtnet_commit_rss_command(vi); + if (update) + virtnet_commit_rss_command(vi); return 0; } @@ -4729,13 +4745,15 @@ static int virtnet_probe(struct virtio_device *vdev) if (virtio_has_feature(vdev, VIRTIO_NET_F_HASH_REPORT)) vi->has_rss_hash_report = true; - if (virtio_has_feature(vdev, VIRTIO_NET_F_RSS)) + if (virtio_has_feature(vdev, VIRTIO_NET_F_RSS)) { vi->has_rss = true; - if (vi->has_rss || vi->has_rss_hash_report) { vi->rss_indir_table_size = virtio_cread16(vdev, offsetof(struct virtio_net_config, rss_max_indirection_table_length)); + } + + if (vi->has_rss || vi->has_rss_hash_report) { vi->rss_key_size = virtio_cread8(vdev, offsetof(struct virtio_net_config, rss_max_key_size)); -- 2.43.0

1 year, 2 months

3
2
0 0

[PATCH AUTOSEL 4.19 1/5] scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic

by Sasha Levin

From: Justin Tee <justin.tee(a)broadcom.com> [ Upstream commit bb011631435c705cdeddca68d5c85fd40a4320f9 ] Typically when an out of resource CQE status is detected, the lpfc_ramp_down_queue_handler() logic is called to help reduce I/O load by reducing an sdev's queue_depth. However, the current lpfc_rampdown_queue_depth() logic does not help reduce queue_depth. num_cmd_success is never updated and is always zero, which means new_queue_depth will always be set to sdev->queue_depth. So, new_queue_depth = sdev->queue_depth - new_queue_depth always sets new_queue_depth to zero. And, scsi_change_queue_depth(sdev, 0) is essentially a no-op. Change the lpfc_ramp_down_queue_handler() logic to set new_queue_depth equal to sdev->queue_depth subtracted from number of times num_rsrc_err was incremented. If num_rsrc_err is >= sdev->queue_depth, then set new_queue_depth equal to 1. Eventually, the frequency of Good_Status frames will signal SCSI upper layer to auto increase the queue_depth back to the driver default of 64 via scsi_handle_queue_ramp_up(). Signed-off-by: Justin Tee <justin.tee(a)broadcom.com> Link: https://lore.kernel.org/r/20240305200503.57317-5-justintee8345@gmail.com Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/scsi/lpfc/lpfc.h | 1 - drivers/scsi/lpfc/lpfc_scsi.c | 13 ++++--------- 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/drivers/scsi/lpfc/lpfc.h b/drivers/scsi/lpfc/lpfc.h index 53b661793268f..5698928d8029c 100644 --- a/drivers/scsi/lpfc/lpfc.h +++ b/drivers/scsi/lpfc/lpfc.h @@ -989,7 +989,6 @@ struct lpfc_hba { unsigned long bit_flags; #define FABRIC_COMANDS_BLOCKED 0 atomic_t num_rsrc_err; - atomic_t num_cmd_success; unsigned long last_rsrc_error_time; unsigned long last_ramp_down_time; #ifdef CONFIG_SCSI_LPFC_DEBUG_FS diff --git a/drivers/scsi/lpfc/lpfc_scsi.c b/drivers/scsi/lpfc/lpfc_scsi.c index 425b83618a2e5..02d067e1fc45c 100644 --- a/drivers/scsi/lpfc/lpfc_scsi.c +++ b/drivers/scsi/lpfc/lpfc_scsi.c @@ -303,11 +303,10 @@ lpfc_ramp_down_queue_handler(struct lpfc_hba *phba) struct Scsi_Host *shost; struct scsi_device *sdev; unsigned long new_queue_depth; - unsigned long num_rsrc_err, num_cmd_success; + unsigned long num_rsrc_err; int i; num_rsrc_err = atomic_read(&phba->num_rsrc_err); - num_cmd_success = atomic_read(&phba->num_cmd_success); /* * The error and success command counters are global per @@ -322,20 +321,16 @@ lpfc_ramp_down_queue_handler(struct lpfc_hba *phba) for (i = 0; i <= phba->max_vports && vports[i] != NULL; i++) { shost = lpfc_shost_from_vport(vports[i]); shost_for_each_device(sdev, shost) { - new_queue_depth = - sdev->queue_depth * num_rsrc_err / - (num_rsrc_err + num_cmd_success); - if (!new_queue_depth) - new_queue_depth = sdev->queue_depth - 1; + if (num_rsrc_err >= sdev->queue_depth) + new_queue_depth = 1; else new_queue_depth = sdev->queue_depth - - new_queue_depth; + num_rsrc_err; scsi_change_queue_depth(sdev, new_queue_depth); } } lpfc_destroy_vport_work_array(phba, vports); atomic_set(&phba->num_rsrc_err, 0); - atomic_set(&phba->num_cmd_success, 0); } /** -- 2.43.0

1 year, 2 months

1
4
0 0

[PATCH AUTOSEL 5.4 1/6] scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic

by Sasha Levin

From: Justin Tee <justin.tee(a)broadcom.com> [ Upstream commit bb011631435c705cdeddca68d5c85fd40a4320f9 ] Typically when an out of resource CQE status is detected, the lpfc_ramp_down_queue_handler() logic is called to help reduce I/O load by reducing an sdev's queue_depth. However, the current lpfc_rampdown_queue_depth() logic does not help reduce queue_depth. num_cmd_success is never updated and is always zero, which means new_queue_depth will always be set to sdev->queue_depth. So, new_queue_depth = sdev->queue_depth - new_queue_depth always sets new_queue_depth to zero. And, scsi_change_queue_depth(sdev, 0) is essentially a no-op. Change the lpfc_ramp_down_queue_handler() logic to set new_queue_depth equal to sdev->queue_depth subtracted from number of times num_rsrc_err was incremented. If num_rsrc_err is >= sdev->queue_depth, then set new_queue_depth equal to 1. Eventually, the frequency of Good_Status frames will signal SCSI upper layer to auto increase the queue_depth back to the driver default of 64 via scsi_handle_queue_ramp_up(). Signed-off-by: Justin Tee <justin.tee(a)broadcom.com> Link: https://lore.kernel.org/r/20240305200503.57317-5-justintee8345@gmail.com Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/scsi/lpfc/lpfc.h | 1 - drivers/scsi/lpfc/lpfc_scsi.c | 13 ++++--------- 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/drivers/scsi/lpfc/lpfc.h b/drivers/scsi/lpfc/lpfc.h index 7ce0d94cdc018..98ab07c3774ed 100644 --- a/drivers/scsi/lpfc/lpfc.h +++ b/drivers/scsi/lpfc/lpfc.h @@ -1039,7 +1039,6 @@ struct lpfc_hba { unsigned long bit_flags; #define FABRIC_COMANDS_BLOCKED 0 atomic_t num_rsrc_err; - atomic_t num_cmd_success; unsigned long last_rsrc_error_time; unsigned long last_ramp_down_time; #ifdef CONFIG_SCSI_LPFC_DEBUG_FS diff --git a/drivers/scsi/lpfc/lpfc_scsi.c b/drivers/scsi/lpfc/lpfc_scsi.c index 816235ccd2992..f238e0f41f07c 100644 --- a/drivers/scsi/lpfc/lpfc_scsi.c +++ b/drivers/scsi/lpfc/lpfc_scsi.c @@ -246,11 +246,10 @@ lpfc_ramp_down_queue_handler(struct lpfc_hba *phba) struct Scsi_Host *shost; struct scsi_device *sdev; unsigned long new_queue_depth; - unsigned long num_rsrc_err, num_cmd_success; + unsigned long num_rsrc_err; int i; num_rsrc_err = atomic_read(&phba->num_rsrc_err); - num_cmd_success = atomic_read(&phba->num_cmd_success); /* * The error and success command counters are global per @@ -265,20 +264,16 @@ lpfc_ramp_down_queue_handler(struct lpfc_hba *phba) for (i = 0; i <= phba->max_vports && vports[i] != NULL; i++) { shost = lpfc_shost_from_vport(vports[i]); shost_for_each_device(sdev, shost) { - new_queue_depth = - sdev->queue_depth * num_rsrc_err / - (num_rsrc_err + num_cmd_success); - if (!new_queue_depth) - new_queue_depth = sdev->queue_depth - 1; + if (num_rsrc_err >= sdev->queue_depth) + new_queue_depth = 1; else new_queue_depth = sdev->queue_depth - - new_queue_depth; + num_rsrc_err; scsi_change_queue_depth(sdev, new_queue_depth); } } lpfc_destroy_vport_work_array(phba, vports); atomic_set(&phba->num_rsrc_err, 0); - atomic_set(&phba->num_cmd_success, 0); } /** -- 2.43.0

1 year, 2 months

1
5
0 0

[PATCH AUTOSEL 5.10 1/7] scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic

by Sasha Levin

From: Justin Tee <justin.tee(a)broadcom.com> [ Upstream commit bb011631435c705cdeddca68d5c85fd40a4320f9 ] Typically when an out of resource CQE status is detected, the lpfc_ramp_down_queue_handler() logic is called to help reduce I/O load by reducing an sdev's queue_depth. However, the current lpfc_rampdown_queue_depth() logic does not help reduce queue_depth. num_cmd_success is never updated and is always zero, which means new_queue_depth will always be set to sdev->queue_depth. So, new_queue_depth = sdev->queue_depth - new_queue_depth always sets new_queue_depth to zero. And, scsi_change_queue_depth(sdev, 0) is essentially a no-op. Change the lpfc_ramp_down_queue_handler() logic to set new_queue_depth equal to sdev->queue_depth subtracted from number of times num_rsrc_err was incremented. If num_rsrc_err is >= sdev->queue_depth, then set new_queue_depth equal to 1. Eventually, the frequency of Good_Status frames will signal SCSI upper layer to auto increase the queue_depth back to the driver default of 64 via scsi_handle_queue_ramp_up(). Signed-off-by: Justin Tee <justin.tee(a)broadcom.com> Link: https://lore.kernel.org/r/20240305200503.57317-5-justintee8345@gmail.com Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/scsi/lpfc/lpfc.h | 1 - drivers/scsi/lpfc/lpfc_scsi.c | 13 ++++--------- 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/drivers/scsi/lpfc/lpfc.h b/drivers/scsi/lpfc/lpfc.h index cf69f831a7253..8f1b5b0ee8cd8 100644 --- a/drivers/scsi/lpfc/lpfc.h +++ b/drivers/scsi/lpfc/lpfc.h @@ -1065,7 +1065,6 @@ struct lpfc_hba { unsigned long bit_flags; #define FABRIC_COMANDS_BLOCKED 0 atomic_t num_rsrc_err; - atomic_t num_cmd_success; unsigned long last_rsrc_error_time; unsigned long last_ramp_down_time; #ifdef CONFIG_SCSI_LPFC_DEBUG_FS diff --git a/drivers/scsi/lpfc/lpfc_scsi.c b/drivers/scsi/lpfc/lpfc_scsi.c index b4b87e5d8b291..2121534838747 100644 --- a/drivers/scsi/lpfc/lpfc_scsi.c +++ b/drivers/scsi/lpfc/lpfc_scsi.c @@ -246,11 +246,10 @@ lpfc_ramp_down_queue_handler(struct lpfc_hba *phba) struct Scsi_Host *shost; struct scsi_device *sdev; unsigned long new_queue_depth; - unsigned long num_rsrc_err, num_cmd_success; + unsigned long num_rsrc_err; int i; num_rsrc_err = atomic_read(&phba->num_rsrc_err); - num_cmd_success = atomic_read(&phba->num_cmd_success); /* * The error and success command counters are global per @@ -265,20 +264,16 @@ lpfc_ramp_down_queue_handler(struct lpfc_hba *phba) for (i = 0; i <= phba->max_vports && vports[i] != NULL; i++) { shost = lpfc_shost_from_vport(vports[i]); shost_for_each_device(sdev, shost) { - new_queue_depth = - sdev->queue_depth * num_rsrc_err / - (num_rsrc_err + num_cmd_success); - if (!new_queue_depth) - new_queue_depth = sdev->queue_depth - 1; + if (num_rsrc_err >= sdev->queue_depth) + new_queue_depth = 1; else new_queue_depth = sdev->queue_depth - - new_queue_depth; + num_rsrc_err; scsi_change_queue_depth(sdev, new_queue_depth); } } lpfc_destroy_vport_work_array(phba, vports); atomic_set(&phba->num_rsrc_err, 0); - atomic_set(&phba->num_cmd_success, 0); } /** -- 2.43.0

1 year, 2 months

1
6
0 0

[PATCH AUTOSEL 5.15 01/10] scsi: lpfc: Move NPIV's transport unregistration to after resource clean up

by Sasha Levin

From: Justin Tee <justin.tee(a)broadcom.com> [ Upstream commit 4ddf01f2f1504fa08b766e8cfeec558e9f8eef6c ] There are cases after NPIV deletion where the fabric switch still believes the NPIV is logged into the fabric. This occurs when a vport is unregistered before the Remove All DA_ID CT and LOGO ELS are sent to the fabric. Currently fc_remove_host(), which calls dev_loss_tmo for all D_IDs including the fabric D_ID, removes the last ndlp reference and frees the ndlp rport object. This sometimes causes the race condition where the final DA_ID and LOGO are skipped from being sent to the fabric switch. Fix by moving the fc_remove_host() and scsi_remove_host() calls after DA_ID and LOGO are sent. Signed-off-by: Justin Tee <justin.tee(a)broadcom.com> Link: https://lore.kernel.org/r/20240305200503.57317-3-justintee8345@gmail.com Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/scsi/lpfc/lpfc_vport.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/scsi/lpfc/lpfc_vport.c b/drivers/scsi/lpfc/lpfc_vport.c index da9a1f72d9383..b1071226e27fb 100644 --- a/drivers/scsi/lpfc/lpfc_vport.c +++ b/drivers/scsi/lpfc/lpfc_vport.c @@ -651,10 +651,6 @@ lpfc_vport_delete(struct fc_vport *fc_vport) lpfc_free_sysfs_attr(vport); lpfc_debugfs_terminate(vport); - /* Remove FC host to break driver binding. */ - fc_remove_host(shost); - scsi_remove_host(shost); - /* Send the DA_ID and Fabric LOGO to cleanup Nameserver entries. */ ndlp = lpfc_findnode_did(vport, Fabric_DID); if (!ndlp) @@ -700,6 +696,10 @@ lpfc_vport_delete(struct fc_vport *fc_vport) skip_logo: + /* Remove FC host to break driver binding. */ + fc_remove_host(shost); + scsi_remove_host(shost); + lpfc_cleanup(vport); /* Remove scsi host now. The nodes are cleaned up. */ -- 2.43.0

1 year, 2 months

1
9
0 0

[PATCH AUTOSEL 6.1 01/13] scsi: lpfc: Move NPIV's transport unregistration to after resource clean up

by Sasha Levin

From: Justin Tee <justin.tee(a)broadcom.com> [ Upstream commit 4ddf01f2f1504fa08b766e8cfeec558e9f8eef6c ] There are cases after NPIV deletion where the fabric switch still believes the NPIV is logged into the fabric. This occurs when a vport is unregistered before the Remove All DA_ID CT and LOGO ELS are sent to the fabric. Currently fc_remove_host(), which calls dev_loss_tmo for all D_IDs including the fabric D_ID, removes the last ndlp reference and frees the ndlp rport object. This sometimes causes the race condition where the final DA_ID and LOGO are skipped from being sent to the fabric switch. Fix by moving the fc_remove_host() and scsi_remove_host() calls after DA_ID and LOGO are sent. Signed-off-by: Justin Tee <justin.tee(a)broadcom.com> Link: https://lore.kernel.org/r/20240305200503.57317-3-justintee8345@gmail.com Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/scsi/lpfc/lpfc_vport.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/scsi/lpfc/lpfc_vport.c b/drivers/scsi/lpfc/lpfc_vport.c index 4d171f5c213f7..6b4259894584f 100644 --- a/drivers/scsi/lpfc/lpfc_vport.c +++ b/drivers/scsi/lpfc/lpfc_vport.c @@ -693,10 +693,6 @@ lpfc_vport_delete(struct fc_vport *fc_vport) lpfc_free_sysfs_attr(vport); lpfc_debugfs_terminate(vport); - /* Remove FC host to break driver binding. */ - fc_remove_host(shost); - scsi_remove_host(shost); - /* Send the DA_ID and Fabric LOGO to cleanup Nameserver entries. */ ndlp = lpfc_findnode_did(vport, Fabric_DID); if (!ndlp) @@ -740,6 +736,10 @@ lpfc_vport_delete(struct fc_vport *fc_vport) skip_logo: + /* Remove FC host to break driver binding. */ + fc_remove_host(shost); + scsi_remove_host(shost); + lpfc_cleanup(vport); /* Remove scsi host now. The nodes are cleaned up. */ -- 2.43.0

1 year, 2 months

1
12
0 0

[PATCH AUTOSEL 6.6 01/22] scsi: ufs: core: Fix MCQ MAC configuration

by Sasha Levin

From: Rohit Ner <rohitner(a)google.com> [ Upstream commit 767712f91de76abd22a45184e6e3440120b8bfce ] As per JEDEC Standard No. 223E Section 5.9.2, the max # active commands value programmed by the host sw in MCQConfig.MAC should be one less than the actual value. Signed-off-by: Rohit Ner <rohitner(a)google.com> Link: https://lore.kernel.org/r/20240220095637.2900067-1-rohitner@google.com Reviewed-by: Peter Wang <peter.wang(a)mediatek.com> Reviewed-by: Can Guo <quic_cang(a)quicinc.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/ufs/core/ufs-mcq.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/ufs/core/ufs-mcq.c b/drivers/ufs/core/ufs-mcq.c index 0787456c2b892..c873fd8239427 100644 --- a/drivers/ufs/core/ufs-mcq.c +++ b/drivers/ufs/core/ufs-mcq.c @@ -94,7 +94,7 @@ void ufshcd_mcq_config_mac(struct ufs_hba *hba, u32 max_active_cmds) val = ufshcd_readl(hba, REG_UFS_MCQ_CFG); val &= ~MCQ_CFG_MAC_MASK; - val |= FIELD_PREP(MCQ_CFG_MAC_MASK, max_active_cmds); + val |= FIELD_PREP(MCQ_CFG_MAC_MASK, max_active_cmds - 1); ufshcd_writel(hba, val, REG_UFS_MCQ_CFG); } EXPORT_SYMBOL_GPL(ufshcd_mcq_config_mac); -- 2.43.0

1 year, 2 months

1
21
0 0

[PATCH AUTOSEL 6.8 01/25] scsi: ufs: core: Fix MCQ MAC configuration

by Sasha Levin

From: Rohit Ner <rohitner(a)google.com> [ Upstream commit 767712f91de76abd22a45184e6e3440120b8bfce ] As per JEDEC Standard No. 223E Section 5.9.2, the max # active commands value programmed by the host sw in MCQConfig.MAC should be one less than the actual value. Signed-off-by: Rohit Ner <rohitner(a)google.com> Link: https://lore.kernel.org/r/20240220095637.2900067-1-rohitner@google.com Reviewed-by: Peter Wang <peter.wang(a)mediatek.com> Reviewed-by: Can Guo <quic_cang(a)quicinc.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/ufs/core/ufs-mcq.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/ufs/core/ufs-mcq.c b/drivers/ufs/core/ufs-mcq.c index 0787456c2b892..c873fd8239427 100644 --- a/drivers/ufs/core/ufs-mcq.c +++ b/drivers/ufs/core/ufs-mcq.c @@ -94,7 +94,7 @@ void ufshcd_mcq_config_mac(struct ufs_hba *hba, u32 max_active_cmds) val = ufshcd_readl(hba, REG_UFS_MCQ_CFG); val &= ~MCQ_CFG_MAC_MASK; - val |= FIELD_PREP(MCQ_CFG_MAC_MASK, max_active_cmds); + val |= FIELD_PREP(MCQ_CFG_MAC_MASK, max_active_cmds - 1); ufshcd_writel(hba, val, REG_UFS_MCQ_CFG); } EXPORT_SYMBOL_GPL(ufshcd_mcq_config_mac); -- 2.43.0

1 year, 2 months

1
24
0 0

Regression in kernel 6.8.2 fails in various ways (USB, BT, ...)

by Norbert Preining

Hi all (please cc) I am running Arch Linux on a Lenovo X1 Carbon Gen 10. Tests are made with uptodate system, and besides the kernel no difference. The kernels are as distributed by Arch, but if necessary I can compile locally. Arch Linux kernel 6.8.1 works without any problems. Upgrading to 6.8.2 breaks a lot of things: * Plugging in my Yubikey C does not trigger any reaction (as a consequence scdaemon hangs) * sending of bluetooth firmware data fails with Oops (see below) * shutdown hangs and does not turn off the computer I can repeat this behaviour on every reboot into 6.8.2. I have dmesg/journalctl -b for both kernels collected, if required, I can send them. I checked the diffs but nothing really did stand out. Yubikey plugin: On 6.8.1 when I plug in the yubikey it lights up, and in the logs I see: [ 370.767739] usb 3-1: new full-speed USB device number 5 using xhci_hcd [ 370.910392] usb 3-1: New USB device found, idVendor=1050, idProduct=0407, bcdDevice= 5.43 [ 370.910403] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0 [ 370.910407] usb 3-1: Product: YubiKey OTP+FIDO+CCID [ 370.910409] usb 3-1: Manufacturer: Yubico [ 371.497496] input: Yubico YubiKey OTP+FIDO+CCID as /devices/pci0000:00/0000:00:14.0/usb3/3-1/3-1:1.0/0003:1050:0407.0005/input/input21 [ 371.555342] hid-generic 0003:1050:0407.0005: input,hidraw4: USB HID v1.10 Keyboard [Yubico YubiKey OTP+FIDO+CCID] on usb-0000:00:14.0-1/input0 [ 371.557021] hid-generic 0003:1050:0407.0006: hiddev96,hidraw5: USB HID v1.10 Device [Yubico YubiKey OTP+FIDO+CCID] on usb-0000:00:14.0-1/input1 [ 371.557145] usbcore: registered new interface driver usbhid [ 371.557151] usbhid: USB HID core driver On 6.8.2 not short blinking, and nothing in the logs. Bluetooth Ooops: 14.271713] usb usb3-port10: disabled by hub (EMI?), re-enabling... [ 14.271725] usb 3-10: USB disconnect, device number 4 [ 14.271893] Bluetooth: hci0: Failed to send firmware data (-19) [ 14.271953] Bluetooth: hci0: sending frame failed (-19) [ 14.271976] Bluetooth: hci0: Intel reset sent to retry FW download [ 14.427765] Bluetooth: hci0: sending frame failed (-19) [ 14.427811] BUG: kernel NULL pointer dereference, address: 0000000000000070 [ 14.427814] #PF: supervisor read access in kernel mode [ 14.427815] #PF: error_code(0x0000) - not-present page [ 14.427816] PGD 0 P4D 0 [ 14.427819] Oops: 0000 [#1] PREEMPT SMP NOPTI [ 14.427820] CPU: 0 PID: 198 Comm: kworker/u41:0 Tainted: G OE 6.8.2-arch2-1 #1 a430fb92f7ba43092b62bbe6bac995458d3d442d [ 14.427823] Hardware name: LENOVO 21CBCTO1WW/21CBCTO1WW, BIOS N3AET80W (1.45 ) 02/20/2024 [ 14.427824] Workqueue: hci0 hci_power_on [bluetooth] [ 14.427874] RIP: 0010:btintel_read_debug_features+0x4d/0xf0 [btintel] [ 14.427880] Code: 65 48 8b 04 25 28 00 00 00 48 89 44 24 08 31 c0 48 8d 4c 24 07 c6 44 24 07 01 e8 de a9 ef ff 48 89 c3 48 3d 00 f0 ff ff 77 49 <83> 78 70 13 75 67 48 8b 80 d0 00 00 00 be 02 00 00 00 48 89 df 48 [ 14.427881] RSP: 0018:ffffb7ba80aa3cc0 EFLAGS: 00010207 [ 14.427882] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff965ac0ddaab0 [ 14.427884] RDX: 0000000000000000 RSI: 0000000000000202 RDI: ffff965ac0ddaaa8 [ 14.427884] RBP: ffffb7ba80aa3cf0 R08: ffff965ac0ddaab0 R09: 0000000000000000 [ 14.427885] R10: 0000000000000001 R11: 0000000000000100 R12: ffff965ac0dda000 [ 14.427886] R13: ffff965a84746900 R14: ffff965a8208ca05 R15: ffff965ac0dda6d0 [ 14.427887] FS: 0000000000000000(0000) GS:ffff9661bf400000(0000) knlGS:0000000000000000 [ 14.427888] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 14.427889] CR2: 0000000000000070 CR3: 00000002bb620000 CR4: 0000000000f50ef0 [ 14.427889] PKRU: 55555554 [ 14.427890] Call Trace: [ 14.427891] <TASK> [ 14.427893] ? __die+0x23/0x70 [ 14.427898] ? page_fault_oops+0x171/0x4e0 [ 14.427901] ? __timer_delete_sync+0x7d/0xe0 [ 14.427905] ? exc_page_fault+0x7f/0x180 [ 14.427908] ? asm_exc_page_fault+0x26/0x30 [ 14.427912] ? btintel_read_debug_features+0x4d/0xf0 [btintel 6735e787c9ed982ceaa471c7ab364a390a1acb37] [ 14.427916] btintel_register_devcoredump_support.isra.0+0x3e/0x110 [btintel 6735e787c9ed982ceaa471c7ab364a390a1acb37] [ 14.427921] btintel_setup_combined+0x503/0x790 [btintel 6735e787c9ed982ceaa471c7ab364a390a1acb37] [ 14.427925] hci_dev_open_sync+0x102/0xc20 [bluetooth 81a2e5f6c3a85f38dade670bfe91d861a9119613] [ 14.427953] ? __schedule+0x3ee/0x1520 [ 14.427956] hci_dev_do_open+0x23/0x60 [bluetooth 81a2e5f6c3a85f38dade670bfe91d861a9119613] [ 14.427975] hci_power_on+0x51/0x260 [bluetooth 81a2e5f6c3a85f38dade670bfe91d861a9119613] [ 14.427994] process_one_work+0x183/0x370 [ 14.427998] worker_thread+0x3ab/0x4f0 [ 14.428000] ? __pfx_worker_thread+0x10/0x10 [ 14.428001] kthread+0xe5/0x120 [ 14.428005] ? __pfx_kthread+0x10/0x10 [ 14.428006] ret_from_fork+0x31/0x50 [ 14.428009] ? __pfx_kthread+0x10/0x10 [ 14.428011] ret_from_fork_asm+0x1b/0x30 [ 14.428014] </TASK> [ 14.428015] Modules linked in: nf_tables bnep tun btusb btrtl btintel btbcm btmtk bluetooth gpio_ljca i2c_ljca ecdh_generic hid_sensor_custom_intel_hinge hid_sensor_trigger industrialio_triggered_buffer kfifo_buf hid_sensor_iio_common industrialio hid_sensor_custom hid_sensor_hub intel_ishtp_hid joydev vfat fat ext4 crc16 mbcache jbd2 snd_ctl_led snd_soc_skl_hda_dsp snd_soc_hdac_hdmi snd_soc_intel_hda_dsp_common snd_sof_probes hid_multitouch hid_generic mousedev snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_codec_generic snd_soc_dmic snd_sof_pci_intel_tgl snd_sof_intel_hda_common soundwire_intel snd_sof_intel_hda_mlink soundwire_cadence snd_sof_intel_hda snd_sof_pci snd_sof_xtensa_dsp snd_sof snd_sof_utils snd_soc_hdac_hda snd_hda_ext_core snd_soc_acpi_intel_match intel_uncore_frequency intel_uncore_frequency_common snd_soc_acpi intel_tcc_cooling iwlmvm soundwire_generic_allocation soundwire_bus x86_pkg_temp_thermal intel_powerclamp snd_soc_core mac80211 coretemp snd_compress ac97_bus snd_pcm_dmaengine kvm_intel [ 14.428048] snd_hda_intel libarc4 ptp snd_intel_dspcfg pps_core snd_intel_sdw_acpi snd_hda_codec processor_thermal_device_pci kvm processor_thermal_device processor_thermal_wt_hint snd_hda_core processor_thermal_rfim iwlwifi iTCO_wdt irqbypass intel_rapl_msr processor_thermal_rapl mei_pxp snd_hwdep ucsi_acpi mei_hdcp mei_wdt rapl intel_rapl_common intel_pmc_bxt typec_ucsi iTCO_vendor_support intel_lpss_pci intel_cstate thinkpad_acpi mei_me think_lmi snd_pcm spi_nor processor_thermal_wt_req intel_ish_ipc typec ntfs3 i2c_i801 intel_lpss nxp_nci_i2c ledtrig_audio processor_thermal_power_floor cfg80211 wmi_bmof intel_uncore psmouse pcspkr firmware_attributes_class mtd thunderbolt mei snd_timer idma64 intel_ishtp i2c_smbus ov2740 roles platform_profile igen6_edac processor_thermal_mbox nxp_nci v4l2_fwnode nci snd intel_skl_int3472_tps68470 int3403_thermal v4l2_async intel_pmc_core soc_button_array tps68470_regulator nfc soundcore int340x_thermal_zone clk_tps68470 mei_vsc_hw rfkill videodev intel_vsec i2c_hid_acpi [ 14.428085] intel_hid int3400_thermal i2c_hid pmt_telemetry mc pinctrl_tigerlake sparse_keymap acpi_pad acpi_thermal_rel intel_skl_int3472_discrete acpi_tad pmt_class mac_hid i2c_dev corefreqk(OE) sg crypto_user fuse loop nfnetlink ip_tables x_tables btrfs blake2b_generic libcrc32c crc32c_generic xor raid6_pq dm_crypt cbc encrypted_keys trusted asn1_encoder tee dm_mod xe drm_ttm_helper gpu_sched drm_suballoc_helper drm_gpuvm drm_exec spi_ljca usb_ljca i915 crct10dif_pclmul crc32_pclmul crc32c_intel polyval_clmulni polyval_generic gf128mul ghash_clmulni_intel sha512_ssse3 serio_raw sha256_ssse3 atkbd i2c_algo_bit sha1_ssse3 drm_buddy libps2 vivaldi_fmap aesni_intel ttm nvme intel_gtt crypto_simd nvme_core cryptd drm_display_helper video xhci_pci spi_intel_pci i8042 nvme_auth xhci_pci_renesas spi_intel cec serio wmi [ 14.428121] CR2: 0000000000000070 [ 14.428123] ---[ end trace 0000000000000000 ]--- [ 14.428124] RIP: 0010:btintel_read_debug_features+0x4d/0xf0 [btintel] [ 14.428128] Code: 65 48 8b 04 25 28 00 00 00 48 89 44 24 08 31 c0 48 8d 4c 24 07 c6 44 24 07 01 e8 de a9 ef ff 48 89 c3 48 3d 00 f0 ff ff 77 49 <83> 78 70 13 75 67 48 8b 80 d0 00 00 00 be 02 00 00 00 48 89 df 48 [ 14.428130] RSP: 0018:ffffb7ba80aa3cc0 EFLAGS: 00010207 [ 14.428131] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff965ac0ddaab0 [ 14.428131] RDX: 0000000000000000 RSI: 0000000000000202 RDI: ffff965ac0ddaaa8 [ 14.428132] RBP: ffffb7ba80aa3cf0 R08: ffff965ac0ddaab0 R09: 0000000000000000 [ 14.428133] R10: 0000000000000001 R11: 0000000000000100 R12: ffff965ac0dda000 [ 14.428133] R13: ffff965a84746900 R14: ffff965a8208ca05 R15: ffff965ac0dda6d0 [ 14.428134] FS: 0000000000000000(0000) GS:ffff9661bf400000(0000) knlGS:0000000000000000 [ 14.428135] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 14.428136] CR2: 0000000000000070 CR3: 00000002bb620000 CR4: 0000000000f50ef0 [ 14.428137] PKRU: 55555554 [ 14.428137] note: kworker/u41:0[198] exited with irqs disabled [ 16.434794] Bluetooth: hci0: command 0xfc09 tx timeout Thanks for any suggestions and best regards (and please Cc) Norbert -- PREINING Norbert https://www.preining.info arXiv / Cornell University + IFMGA Guide + TU Wien + TeX Live GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13

1 year, 2 months

4
10
0 0

Linux 6.8.4

by Greg Kroah-Hartman

I'm announcing the release of the 6.8.4 kernel. All users of the 6.8 kernel series must upgrade. The updated 6.8.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.8.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 include/linux/workqueue.h | 35 -- kernel/workqueue.c | 757 +++++++--------------------------------------- 3 files changed, 131 insertions(+), 663 deletions(-) Greg Kroah-Hartman (12): Revert "workqueue: Shorten events_freezable_power_efficient name" Revert "workqueue: Don't call cpumask_test_cpu() with -1 CPU in wq_update_node_max_active()" Revert "workqueue: Implement system-wide nr_active enforcement for unbound workqueues" Revert "workqueue: Introduce struct wq_node_nr_active" Revert "workqueue: RCU protect wq->dfl_pwq and implement accessors for it" Revert "workqueue: Make wq_adjust_max_active() round-robin pwqs while activating" Revert "workqueue: Move nr_active handling into helpers" Revert "workqueue: Replace pwq_activate_inactive_work() with [__]pwq_activate_work()" Revert "workqueue: Factor out pwq_is_empty()" Revert "workqueue: Move pwq->max_active to wq->max_active" Revert "workqueue.c: Increase workqueue name length" Linux 6.8.4

1 year, 2 months

2
7
0 0

Re: Broken Domain Validation in 6.1.84+

by James Bottomley

[cc stable to see if they have any ideas about fixing this] On Sat, 2024-04-06 at 12:16 -0400, John David Anglin wrote: > On 2024-04-06 11:06 a.m., James Bottomley wrote: > > On Sat, 2024-04-06 at 10:30 -0400, John David Anglin wrote: > > > On 2024-04-05 3:36 p.m., Bart Van Assche wrote: > > > > On 4/4/24 13:07, John David Anglin wrote: > > > > > On 2024-04-04 12:32 p.m., Bart Van Assche wrote: > > > > > > Can you please help with verifying whether this kernel warn > > > > > > ing is only triggered by the 6.1 stable kernel series or > > > > > > whether it is also > > > > > > triggered by a vanilla kernel, e.g. kernel v6.8? That will > > > > > > tell us whether we > > > > > > need to review the upstream changes or the backp > > > > > > orts on the v6.1 branch. > > > > > Stable kernel v6.8.3 is okay. > > > > Would it be possible to bisect this issue on the linux-6.1.y > > > > branch? That probably will be faster than reviewing all > > > > backports > > > > of SCSI patches on that branch. > > > The warning triggers with v6.1.81. It doesn't trigger with > > > v6.1.80. > > It's this patch: > > > > https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=… > > > > The specific problem being that the update to scsi_execute doesn't > > set the sense_len that the WARN_ON is checking. > > > > This isn't a problem in mainline because we've converted all uses > > of scsi_execute. Stable needs to either complete the conversion or > > back out the inital patch. This change depends on the above change: > https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=… > > Thus, more than just the initial patch needs to be backed out. OK, so the reason the bad patch got pulled in is because it's a precursor of this fixes tagged backport: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=… Which is presumably the other patch you had to back out to fix the issue. The problem is that Mike's series updating and then removing scsi_execute() went into the tree as one series, so no-one notice the first patch had this bug because the buggy routine got removed at the end of the series. This also means there's nothing to fix and backport in upstream. The bug is also more widely spread than simply domain validation, because every use of scsi_execute in the current stable tree will trip this. I'm not sure what the best fix is. I can certainly come up with a one line fix for stable adding the missing length in the #define, but it can't come from upstream as stated above. We could back the two patches out then do a stable specific fix for the UAS problem (I don't think we can leave the UAS patch backed out because the problem was pretty serious). What does stable want to do? James

1 year, 2 months

2
1
0 0

[PATCH for 6.1.y] nvme: fix miss command type check

by Tokunori Ikegami

From: "min15.li" <min15.li(a)samsung.com> commit 31a5978243d24d77be4bacca56c78a0fbc43b00d upstream. In the function nvme_passthru_end(), only the value of the command opcode is checked, without checking the command type (IO command or Admin command). When we send a Dataset Management command (The opcode of the Dataset Management command is the same as the Set Feature command), kernel thinks it is a set feature command, then sets the controller's keep alive interval, and calls nvme_keep_alive_work(). Signed-off-by: min15.li <min15.li(a)samsung.com> Reviewed-by: Kanchan Joshi <joshi.k(a)samsung.com> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Signed-off-by: Keith Busch <kbusch(a)kernel.org> Fixes: b58da2d270db ("nvme: update keep alive interval when kato is modified") Signed-off-by: Tokunori Ikegami <ikegami.t(a)gmail.com> --- drivers/nvme/host/core.c | 4 +++- drivers/nvme/host/ioctl.c | 3 ++- drivers/nvme/host/nvme.h | 2 +- drivers/nvme/target/passthru.c | 3 ++- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c index d7516e99275b..20160683e868 100644 --- a/drivers/nvme/host/core.c +++ b/drivers/nvme/host/core.c @@ -1151,7 +1151,7 @@ static u32 nvme_passthru_start(struct nvme_ctrl *ctrl, struct nvme_ns *ns, return effects; } -void nvme_passthru_end(struct nvme_ctrl *ctrl, u32 effects, +void nvme_passthru_end(struct nvme_ctrl *ctrl, struct nvme_ns *ns, u32 effects, struct nvme_command *cmd, int status) { if (effects & NVME_CMD_EFFECTS_CSE_MASK) { @@ -1167,6 +1167,8 @@ void nvme_passthru_end(struct nvme_ctrl *ctrl, u32 effects, nvme_queue_scan(ctrl); flush_work(&ctrl->scan_work); } + if (ns) + return; switch (cmd->common.opcode) { case nvme_admin_set_features: diff --git a/drivers/nvme/host/ioctl.c b/drivers/nvme/host/ioctl.c index 91e6d0347579..b3e322e4ade3 100644 --- a/drivers/nvme/host/ioctl.c +++ b/drivers/nvme/host/ioctl.c @@ -147,6 +147,7 @@ static int nvme_submit_user_cmd(struct request_queue *q, unsigned bufflen, void __user *meta_buffer, unsigned meta_len, u32 meta_seed, u64 *result, unsigned timeout, bool vec) { + struct nvme_ns *ns = q->queuedata; struct nvme_ctrl *ctrl; struct request *req; void *meta = NULL; @@ -181,7 +182,7 @@ static int nvme_submit_user_cmd(struct request_queue *q, blk_mq_free_request(req); if (effects) - nvme_passthru_end(ctrl, effects, cmd, ret); + nvme_passthru_end(ctrl, ns, effects, cmd, ret); return ret; } diff --git a/drivers/nvme/host/nvme.h b/drivers/nvme/host/nvme.h index a892d679e338..8e28d2de45c0 100644 --- a/drivers/nvme/host/nvme.h +++ b/drivers/nvme/host/nvme.h @@ -1063,7 +1063,7 @@ static inline void nvme_auth_free(struct nvme_ctrl *ctrl) {}; u32 nvme_command_effects(struct nvme_ctrl *ctrl, struct nvme_ns *ns, u8 opcode); int nvme_execute_passthru_rq(struct request *rq, u32 *effects); -void nvme_passthru_end(struct nvme_ctrl *ctrl, u32 effects, +void nvme_passthru_end(struct nvme_ctrl *ctrl, struct nvme_ns *ns, u32 effects, struct nvme_command *cmd, int status); struct nvme_ctrl *nvme_ctrl_from_file(struct file *file); struct nvme_ns *nvme_find_get_ns(struct nvme_ctrl *ctrl, unsigned nsid); diff --git a/drivers/nvme/target/passthru.c b/drivers/nvme/target/passthru.c index adc0958755d6..a0a292d49588 100644 --- a/drivers/nvme/target/passthru.c +++ b/drivers/nvme/target/passthru.c @@ -216,6 +216,7 @@ static void nvmet_passthru_execute_cmd_work(struct work_struct *w) struct nvmet_req *req = container_of(w, struct nvmet_req, p.work); struct request *rq = req->p.rq; struct nvme_ctrl *ctrl = nvme_req(rq)->ctrl; + struct nvme_ns *ns = rq->q->queuedata; u32 effects; int status; @@ -242,7 +243,7 @@ static void nvmet_passthru_execute_cmd_work(struct work_struct *w) blk_mq_free_request(rq); if (effects) - nvme_passthru_end(ctrl, effects, req->cmd, status); + nvme_passthru_end(ctrl, ns, effects, req->cmd, status); } static enum rq_end_io_ret nvmet_passthru_req_done(struct request *rq, -- 2.40.1

1 year, 2 months

1
0
0 0

[PATCH v2 0/1] cifs: Convert struct fealist away from 1-element array

by Vitaly Chikunov

Backport of the mainline fix to the kernel panic when Wine is run over CIFS share. This is intended for linux-6.1.y tree. Please apply. Bug and testing details: Jan 24 15:15:20 kalt2test.dpt.local kernel: detected buffer overflow in strncpy Jan 24 15:15:20 kalt2test.dpt.local kernel: ------------[ cut here ]------------ Jan 24 15:15:20 kalt2test.dpt.local kernel: kernel BUG at lib/string_helpers.c:1027! Jan 24 15:15:20 kalt2test.dpt.local kernel: invalid opcode: 0000 [#1] PREEMPT SMP PTI Jan 24 15:15:20 kalt2test.dpt.local kernel: CPU: 1 PID: 4532 Comm: vr402352.res Tainted: G OE 6.1.73-un-def-alt1 #1 Jan 24 15:15:20 kalt2test.dpt.local kernel: Hardware name: Gigabyte Technology Co., Ltd. B360M-D3H/B360M D3H-CF, BIOS F12 03/14/2019 Jan 24 15:15:20 kalt2test.dpt.local kernel: RIP: 0010:fortify_panic+0xf/0x11 ... Jan 24 15:15:20 kalt2test.dpt.local kernel: Call Trace: Jan 24 15:15:20 kalt2test.dpt.local kernel: <TASK> Jan 24 15:15:20 kalt2test.dpt.local kernel: ? __die_body.cold+0x1a/0x1f Jan 24 15:15:20 kalt2test.dpt.local kernel: ? die+0x2b/0x50 Jan 24 15:15:20 kalt2test.dpt.local kernel: ? do_trap+0xcf/0x120 Jan 24 15:15:20 kalt2test.dpt.local kernel: ? fortify_panic+0xf/0x11 Jan 24 15:15:20 kalt2test.dpt.local kernel: ? do_error_trap+0x83/0xb0 Jan 24 15:15:20 kalt2test.dpt.local kernel: ? fortify_panic+0xf/0x11 Jan 24 15:15:20 kalt2test.dpt.local kernel: ? exc_invalid_op+0x4e/0x70 Jan 24 15:15:20 kalt2test.dpt.local kernel: ? fortify_panic+0xf/0x11 Jan 24 15:15:20 kalt2test.dpt.local kernel: ? asm_exc_invalid_op+0x16/0x20 Jan 24 15:15:20 kalt2test.dpt.local kernel: ? fortify_panic+0xf/0x11 Jan 24 15:15:20 kalt2test.dpt.local kernel: CIFSSMBSetEA.cold+0xc/0x18 [cifs] Jan 24 15:15:20 kalt2test.dpt.local kernel: cifs_xattr_set+0x596/0x690 [cifs] Jan 24 15:15:20 kalt2test.dpt.local kernel: ? evm_protected_xattr_common+0x41/0xb0 Jan 24 15:15:20 kalt2test.dpt.local kernel: __vfs_removexattr+0x52/0x70 Jan 24 15:15:20 kalt2test.dpt.local kernel: __vfs_removexattr_locked+0xbc/0x150 Jan 24 15:15:20 kalt2test.dpt.local kernel: vfs_removexattr+0x56/0x100 Jan 24 15:15:20 kalt2test.dpt.local kernel: removexattr+0x58/0x90 Jan 24 15:15:20 kalt2test.dpt.local kernel: ? get_vtime_delta+0xf/0xb0 Jan 24 15:15:20 kalt2test.dpt.local kernel: ? ct_kernel_exit.constprop.0+0x6b/0x80 Jan 24 15:15:20 kalt2test.dpt.local kernel: ? __ct_user_enter+0x5a/0xd0 Jan 24 15:15:20 kalt2test.dpt.local kernel: ? syscall_exit_to_user_mode+0x31/0x50 Jan 24 15:15:20 kalt2test.dpt.local kernel: ? int80_emulation+0xb9/0x110 Jan 24 15:15:20 kalt2test.dpt.local kernel: ? get_vtime_delta+0xf/0xb0 Jan 24 15:15:20 kalt2test.dpt.local kernel: ? ct_kernel_exit.constprop.0+0x6b/0x80 Jan 24 15:15:20 kalt2test.dpt.local kernel: ? __ct_user_enter+0x5a/0xd0 Jan 24 15:15:20 kalt2test.dpt.local kernel: ? __fget_light.part.0+0x83/0xd0 Jan 24 15:15:20 kalt2test.dpt.local kernel: __ia32_sys_fremovexattr+0x80/0xa0 Jan 24 15:15:20 kalt2test.dpt.local kernel: int80_emulation+0xa9/0x110 Jan 24 15:15:20 kalt2test.dpt.local kernel: ? get_vtime_delta+0xf/0xb0 Jan 24 15:15:20 kalt2test.dpt.local kernel: ? vtime_user_exit+0x1c/0x70 Jan 24 15:15:20 kalt2test.dpt.local kernel: ? __ct_user_exit+0x6c/0xc0 Jan 24 15:15:20 kalt2test.dpt.local kernel: ? int80_emulation+0x1b/0x110 Jan 24 15:15:20 kalt2test.dpt.local kernel: asm_int80_emulation+0x16/0x20 Jan 24 15:15:20 kalt2test.dpt.local kernel: RIP: 0023:0xf7e3b9b1 This backport is a simple cherry-pick of mainline commit 398d5843c032 ("cifs: Convert struct fealist away from 1-element array"). Build and runtime tested to fix the problem. Downstream bug report and test report: https://bugzilla.altlinux.org/49177 Difference from v0: - No changes, only a cover letter is added with bug details. Kees Cook (1): cifs: Convert struct fealist away from 1-element array fs/smb/client/cifspdu.h | 4 ++-- fs/smb/client/cifssmb.c | 16 ++++++++-------- 2 files changed, 10 insertions(+), 10 deletions(-) -- 2.42.1

1 year, 2 months

1
1
0 0

[OOPS][STABLE] NULL pointer dereferenced with Linux 6.8.4

by Chris Rankin

Hi, Just noticed this OOPS in my vanilla 6.8.4 kernel dmesg log. The USB device here is an optical drive, although oddly I wasn't unplugging it at the time. I was actually remounting it as a different user: $ udisksctl unmount -b /dev/sr1 <SWITCH USER> $ udisksctl mount -b /dev/sr1 [ 7737.972588] usb 2-4: USB disconnect, device number 3 [ 7743.332135] BUG: kernel NULL pointer dereference, address: 0000000000000370 [ 7743.337805] #PF: supervisor write access in kernel mode [ 7743.341730] #PF: error_code(0x0002) - not-present page [ 7743.345569] PGD 0 P4D 0 [ 7743.346830] Oops: 0002 [#1] PREEMPT SMP PTI [ 7743.349711] CPU: 4 PID: 27870 Comm: kworker/4:0 Tainted: G I 6.8.4 #1 [ 7743.356237] Hardware name: Gigabyte Technology Co., Ltd. EX58-UD3R/EX58-UD3R, BIOS FB 05/04/2009 [ 7743.363830] Workqueue: events sg_remove_sfp_usercontext [sg] [ 7743.368196] RIP: 0010:mutex_lock+0x1e/0x2e [ 7743.370997] Code: 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 51 48 89 3c 24 2e 2e 2e 31 c0 31 c0 48 8b 3c 24 65 48 8b 14 25 40 c2 02 00 <f0> 48 0f b1 17 74 03 5a eb b9 58 c3 cc cc cc cc 90 90 90 90 90 90 [ 7743.388443] RSP: 0018:ffffc90004667e00 EFLAGS: 00010246 [ 7743.392368] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00000000810000d2 [ 7743.398201] RDX: ffff88805bf30e40 RSI: ffffffffa1bbd20d RDI: 0000000000000370 [ 7743.404034] RBP: 0000000000000370 R08: ffff8881144e2d70 R09: 00000000810000d2 [ 7743.409867] R10: 000000000000023e R11: 000000000000023e R12: ffff8881424039c0 [ 7743.415698] R13: dead000000000100 R14: ffff88826223a000 R15: ffff88826223a030 [ 7743.421522] FS: 0000000000000000(0000) GS:ffff888343d00000(0000) knlGS:0000000000000000 [ 7743.428308] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 7743.432745] CR2: 0000000000000370 CR3: 000000000221a000 CR4: 00000000000006f0 [ 7743.438570] Call Trace: [ 7743.439715] <TASK> [ 7743.440513] ? __die_body+0x1a/0x5c [ 7743.442707] ? page_fault_oops+0x32a/0x377 [ 7743.445504] ? fixup_exception+0x22/0x250 [ 7743.448217] ? exc_page_fault+0x105/0x117 [ 7743.450928] ? asm_exc_page_fault+0x22/0x30 [ 7743.453850] ? __pfx_sg_device_destroy+0x10/0x10 [sg] [ 7743.457602] ? mutex_lock+0x1e/0x2e [ 7743.459839] blk_trace_remove+0x15/0x35 [ 7743.462378] sg_device_destroy+0x1d/0x60 [sg] [ 7743.465438] sg_remove_sfp_usercontext+0xd2/0xe9 [sg] [ 7743.469190] process_scheduled_works+0x198/0x296 [ 7743.472510] worker_thread+0x1c6/0x220 [ 7743.474962] ? __pfx_worker_thread+0x10/0x10 [ 7743.477934] kthread+0xf7/0xff [ 7743.479694] ? __pfx_kthread+0x10/0x10 [ 7743.482146] ret_from_fork+0x24/0x36 [ 7743.484425] ? __pfx_kthread+0x10/0x10 [ 7743.486877] ret_from_fork_asm+0x1b/0x30 [ 7743.489506] </TASK> [ 7743.490397] Modules linked in: udf usb_storage sg algif_hash af_alg snd_seq_dummy rpcrdma rdma_cm iw_cm ib_cm ib_core nf_nat_ftp nf_conntrack_ftp cfg80211 af_packet nf_conntrack_netbios_ns nf_conntrack_broadcast nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_tables ebtable_nat ebtable_broute ip6table_nat ip6table_mangle ip6table_raw ip6table_security iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c iptable_mangle iptable_raw iptable_security nfnetlink ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter ip_tables x_tables bnep it87 hwmon_vid binfmt_misc snd_hda_codec_realtek snd_hda_codec_generic snd_hda_codec_hdmi snd_hda_intel uvcvideo intel_powerclamp btusb btintel snd_usb_audio snd_intel_dspcfg coretemp btbcm uvc snd_hda_codec videobuf2_vmalloc kvm_intel snd_virtuoso bluetooth videobuf2_memops snd_oxygen_lib videobuf2_v4l2 snd_hda_core snd_usbmidi_lib videodev snd_mpu401_uart kvm videobuf2_common [ 7743.490474] snd_hwdep snd_rawmidi mc snd_seq ecdh_generic input_leds led_class joydev snd_seq_device snd_pcm rfkill ecc r8169 pktcdvd irqbypass gpio_ich realtek iTCO_wdt intel_cstate snd_hrtimer mdio_devres snd_timer libphy intel_uncore i2c_i801 snd pcspkr psmouse i2c_smbus acpi_cpufreq mxm_wmi soundcore lpc_ich i7core_edac tiny_power_button button nfsd auth_rpcgss nfs_acl lockd grace dm_mod sunrpc fuse configfs loop dax zram zsmalloc ext4 crc32c_generic crc16 mbcache jbd2 amdgpu video amdxcp i2c_algo_bit mfd_core drm_ttm_helper ttm drm_exec gpu_sched sr_mod drm_suballoc_helper drm_buddy drm_display_helper cdrom sd_mod hid_microsoft usbhid drm_kms_helper ahci libahci pata_jmicron drm libata uhci_hcd xhci_pci ehci_pci ehci_hcd scsi_mod xhci_hcd usbcore drm_panel_orientation_quirks cec firewire_ohci crc32c_intel sha512_ssse3 rc_core sha256_ssse3 serio_raw firewire_core sha1_ssse3 usb_common bsg crc_itu_t scsi_common wmi msr [ 7743.659267] CR2: 0000000000000370 [ 7743.661287] ---[ end trace 0000000000000000 ]--- [ 7743.664605] RIP: 0010:mutex_lock+0x1e/0x2e [ 7743.667406] Code: 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 51 48 89 3c 24 2e 2e 2e 31 c0 31 c0 48 8b 3c 24 65 48 8b 14 25 40 c2 02 00 <f0> 48 0f b1 17 74 03 5a eb b9 58 c3 cc cc cc cc 90 90 90 90 90 90 [ 7743.684850] RSP: 0018:ffffc90004667e00 EFLAGS: 00010246 [ 7743.688767] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00000000810000d2 [ 7743.694592] RDX: ffff88805bf30e40 RSI: ffffffffa1bbd20d RDI: 0000000000000370 [ 7743.700415] RBP: 0000000000000370 R08: ffff8881144e2d70 R09: 00000000810000d2 [ 7743.706239] R10: 000000000000023e R11: 000000000000023e R12: ffff8881424039c0 [ 7743.712064] R13: dead000000000100 R14: ffff88826223a000 R15: ffff88826223a030 [ 7743.717897] FS: 0000000000000000(0000) GS:ffff888343d00000(0000) knlGS:0000000000000000 [ 7743.724684] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 7743.729129] CR2: 0000000000000370 CR3: 000000000221a000 CR4: 00000000000006f0 [ 7743.734961] note: kworker/4:0[27870] exited with irqs disabled

1 year, 2 months

1
0
0 0

[PATCH 6.8 000/715] 6.8.2-rc1 review

by Sasha Levin

This is the start of the stable review cycle for the 6.8.2 release. There are 715 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Tue Mar 26 10:34:31 PM UTC 2024. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.8.y and the diffstat can be found below. Thanks, Sasha ------------- Pseudo-Shortlog of commits: Abel Vesa (3): arm64: dts: qcom: x1e80100-qcp: Fix supplies for LDOs 3E and 2J arm64: dts: qcom: sm8550: Fix SPMI channels size arm64: dts: qcom: sm8650: Fix SPMI channels size Abhinav Kumar (1): drm/msm/dpu: fix the programming of INTF_CFG2_DATA_HCTL_EN Adam Butcher (1): spi: spi-imx: fix off-by-one in mx51 CPU mode burst length Adam Guerin (4): crypto: qat - remove unused macros in qat_comp_alg.c crypto: qat - removed unused macro in adf_cnv_dbgfs.c crypto: qat - avoid division by zero crypto: qat - remove double initialization of value Adam Skladowski (1): dt-bindings: msm: qcom, mdss: Include ommited fam-b compatible Ajay Singh (2): wifi: wilc1000: do not realloc workqueue everytime an interface is added wifi: wilc1000: fix multi-vif management when deleting a vif Alex Bee (1): drm/rockchip: inno_hdmi: Fix video timing Alexander Stein (2): media: tc358743: register v4l2 async device only after successful setup media: i2c: imx290: Fix IMX920 typo Alexander Sverdlin (1): spi: lpspi: Avoid potential use-after-free in probe() Alexandre Ghiti (1): riscv: Fix compilation error with FAST_GUP and rv32 Alexey I. Froloff (1): ACPI: resource: Do IRQ override on Lunnen Ground laptops Alexey Kodanev (1): RDMA/rtrs-clt: Check strnlen return len in sysfs mpath_policy_store() Alexis Lothoré (4): wifi: wilc1000: fix declarations ordering wifi: wilc1000: fix RCU usage in connect path wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces wifi: wilc1000: revert reset line logic flip Amir Goldstein (1): ovl: relax WARN_ON in ovl_verify_area() Anastasia Belova (1): cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value Andre Przywara (1): firmware: arm_scmi: Fix double free in SMC transport cleanup path Andrejs Cainikovs (1): arm64: dts: ti: k3-am62-main: disable usb lpm Andrew Davis (1): arm64: dts: ti: k3-j721e: Fix mux-reg-masks in hbmc_mux Andrey Grafin (2): libbpf: Apply map_set_def_max_entries() for inner_maps on creation selftest/bpf: Add map_in_maps with BPF_MAP_TYPE_PERF_EVENT_ARRAY values Andrey Skvortsov (2): Bluetooth: hci_h5: Add ability to allocate memory for private data Bluetooth: btrtl: fix out of bounds memory access Andrii Nakryiko (10): libbpf: Fix faccessat() usage on Android libbpf: fix __arg_ctx type enforcement for perf_event programs libbpf: Add missing LIBBPF_API annotation to libbpf_set_memlock_rlim API libbpf: Add bpf_token_create() API libbpf: Add btf__new_split() API that was declared but not implemented libbpf: Add missed btf_ext__raw_data() API bpf: make sure scalar args don't accept __arg_nonnull tag bpf: don't emit warnings intended for global subprogs for static subprogs libbpf: fix return value for PERF_EVENT __arg_ctx type fix up check bpf: don't infer PTR_TO_CTX for programs with unnamed context type Andrzej Pietrasiewicz (1): media: videobuf2: Add missing doc comment for waiting_in_dqbuf Andy Shevchenko (2): backlight: hx8357: Fix potential NULL pointer dereference serial: 8250_exar: Don't remove GPIO device on suspend AngeloGioacchino Del Regno (1): drm/mediatek: dsi: Fix DSI RGB666 formats and definitions Antoniu Miclaus (1): rtc: max31335: fix interrupt status reg Anup Patel (1): RISC-V: KVM: Forward SEED CSR access to user space Ard Biesheuvel (3): x86/sme: Fix memory encryption setting if enabled by default and not overridden x86/efistub: Clear decompressor BSS in native EFI entrypoint x86/efistub: Don't clear BSS twice in mixed mode Armin Wolf (2): ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() platform/x86/amd/pmf: Do not use readl() for policy buffer access Arnaldo Carvalho de Melo (1): perf bpf: Clean up the generated/copied vmlinux.h Arnaud Pouliquen (2): remoteproc: stm32: Fix incorrect type in assignment for va remoteproc: stm32: Fix incorrect type assignment returned by stm32_rproc_get_loaded_rsc_tablef Arnd Bergmann (12): fs/select: rework stack allocation hack for clang cpufreq: qcom-hw: add CONFIG_COMMON_CLK dependency wifi: brcmsmac: avoid function pointer casts crypto: qat - avoid memcpy() overflow warning media: pvrusb2: fix pvr2_stream_callback casts crypto: arm/sha - fix function cast warnings mtd: rawnand: lpc32xx_mlc: fix irq handler prototype media: dvb-frontends: avoid stack overflow warnings with clang media: mediatek: vcodec: avoid -Wcast-function-type-strict warning scsi: csiostor: Avoid function pointer casts scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn soc: fsl: dpio: fix kcalloc() argument order Artem Savkov (1): selftests/bpf: Fix potential premature unload in bpf_testmod Arthur Grillo (1): drm: Fix drm_fixp2int_round() making it add 0.5 Arınç ÜNAL (3): net: dsa: mt7530: prevent possible incorrect XTAL frequency selection net: dsa: mt7530: fix link-local frames that ingress vlan filtering ports net: dsa: mt7530: fix handling of all link-local frames Asad Kamal (1): drm/amd/pm: Fix esm reg mask use to get pcie speed Athaariq Ardhiansyah (1): ALSA: hda/realtek: fix ALC285 issues on HP Envy x360 laptops Audra Mitchell (1): workqueue.c: Increase workqueue name length Babu Moger (2): x86/resctrl: Remove hard-coded memory bandwidth limit x86/resctrl: Read supported bandwidth sources from CPUID Baochen Qiang (2): wifi: ath11k: fix a possible dead lock caused by ab->base_lock wifi: ath11k: initialize rx_mcs_80 and rx_mcs_160 before use Baokun Li (1): erofs: fix lockdep false positives on initializing erofs_pseudo_mnt Bart Van Assche (1): fs: Fix rw_hint validation Bartosz Golaszewski (1): Bluetooth: hci_qca: don't use IS_ERR_OR_NULL() with gpiod_get_optional() Baruch Siach (1): mtd: maps: physmap-core: fix flash size larger than 32-bit Basavaraj Natikar (2): HID: amd_sfh: Update HPD sensor structure elements HID: amd_sfh: Avoid disabling the interrupt Ben Wolsieffer (1): watchdog: stm32_iwdg: initialize default timeout Benjamin Berg (3): wifi: cfg80211: add RNR with reporting AP information wifi: mac80211: use deflink and fix typo in link ID check wifi: cfg80211: set correct param change count in ML element Benjamin Gaignard (1): media: usbtv: Remove useless locks in usbtv_video_free() Benjamin Lin (2): wifi: mt76: mt7996: fix incorrect interpretation of EHT MCS caps wifi: mt76: mt7996: fix HIF_TXD_V2_1 value Bert Karwatzki (1): iommu: Fix compilation without CONFIG_IOMMU_INTEL Bhavya Kapoor (4): arm64: dts: ti: k3-j7200-common-proc-board: Modify Pinmux for wkup_uart0 and mcu_uart0 arm64: dts: ti: k3-j7200-common-proc-board: Remove clock-frequency from mcu_uart0 arm64: dts: ti: k3-j721s2-common-proc-board: Remove Pinmux for CTS and RTS in wkup_uart0 arm64: dts: ti: k3-j784s4-evm: Remove Pinmux for CTS and RTS in wkup_uart0 Bitterblue Smith (3): wifi: rtw88: 8821cu: Fix firmware upload fail wifi: rtw88: 8821c: Fix beacon loss and disconnect wifi: rtw88: 8821c: Fix false alarm count Bjorn Andersson (2): pmdomain: qcom: rpmhpd: Drop SA8540P gfx.lvl arm64: dts: qcom: sa8540p: Drop gfx.lvl as power-domain for gpucc Breno Leitao (1): net: blackhole_dev: fix build warning for ethh set but not used Brian Masney (1): fbdev/simplefb: change loglevel when the power domains cannot be parsed Bryan O'Donoghue (1): clk: Fix clk_core_get NULL dereference Changbin Du (1): modules: wait do_free_init correctly Changhuang Liang (1): staging: media: starfive: Set 16 bpp for capture_raw device Chao Yu (15): f2fs: compress: fix to guarantee persisting compressed blocks by CP f2fs: compress: fix to cover normal cluster write with cp_rwsem f2fs: compress: fix to avoid inconsistence bewteen i_blocks and dnode f2fs: fix to remove unnecessary f2fs_bug_on() to avoid panic f2fs: zone: fix to wait completion of last bio in zone correctly f2fs: compress: fix to cover f2fs_disable_compressed_file() w/ i_sem f2fs: fix to avoid potential panic during recovery f2fs: fix to create selinux label during whiteout initialization f2fs: compress: fix to check zstd compress level correctly in mount option f2fs: compress: fix to check compress flag w/ .i_sem lock f2fs: fix to use correct segment type in f2fs_allocate_data_block() f2fs: ro: compress: fix to avoid caching unaligned extent f2fs: fix to truncate meta inode pages forcely f2fs: zone: fix to remove pow2 check condition for zoned block device f2fs: fix to avoid use-after-free issue in f2fs_filemap_fault Charles Keepax (1): ASoC: Intel: ssp-common: Add stub for sof_ssp_get_codec_name Charlie Jenkins (1): riscv: Only check online cpus for emulated accesses Chen Ni (2): sr9800: Add check for usbnet_get_endpoints drm/tegra: dsi: Add missing check for of_find_device_by_node Chen-Yu Tsai (4): arm64: dts: allwinner: h6: Add RX DMA channel for SPDIF pinctrl: mediatek: Drop bogus slew rate register range for MT8186 pinctrl: mediatek: Drop bogus slew rate register range for MT8192 clk: mediatek: mt8183: Correct parent of CLK_INFRA_SSPM_32K_SELF Chintan Vankar (1): arm64: dts: ti: k3-j784s4-main: Fix mux-reg-masks in serdes_ln_ctrl Christoph Hellwig (1): iomap: clear the per-folio dirty bits on all writeback failures Christophe JAILLET (17): mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove function drm/tegra: dsi: Fix some error handling paths in tegra_dsi_probe() drm/tegra: dsi: Fix missing pm_runtime_disable() in the error handling path of tegra_dsi_probe() drm/tegra: hdmi: Fix some error handling paths in tegra_hdmi_probe() drm/tegra: rgb: Fix some error handling paths in tegra_dc_rgb_probe() drm/tegra: rgb: Fix missing clk_put() in the error handling paths of tegra_dc_rgb_probe() drm/tegra: output: Fix missing i2c_put_adapter() in the error handling paths of tegra_output_probe() PCI/P2PDMA: Fix a sleeping issue in a RCU read section PCI: switchtec: Fix an error handling path in switchtec_pci_probe() clk: hisilicon: hi3519: Release the correct number of gates in hi3519_clk_unregister() clk: hisilicon: hi3559a: Fix an erroneous devm_kfree() clk: mediatek: mt8135: Fix an error handling path in clk_mt8135_apmixed_probe() clk: mediatek: mt7622-apmixedsys: Fix an error handling path in clk_mt8135_apmixed_probe() perf pmu: Fix a potential memory leak in perf_pmu__lookup() net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr() NFS: Fix an off by one in root_nfs_cat() thermal/drivers/mediatek/lvts_thermal: Fix a memory leak in an error handling path Christophe Leroy (1): powerpc: Force inlining of arch_vmap_p{u/m}d_supported() Chun-Yi Lee (1): aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts Chunguang Xu (1): nvme: fix reconnection fail due to reserved tag allocation Claudiu Beznea (3): arm64: dts: renesas: rzg3s-smarc-som: Guard Ethernet IRQ GPIO hogs pinctrl: renesas: rzg2l: Fix locking in rzg2l_dt_subnode_to_map() clk: renesas: r9a07g04[34]: Use SEL_SDHI1_STS status configuration for SD1 mux Colin Ian King (1): usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin Craig Tatlor (1): ARM: dts: qcom: msm8974: correct qfprom node size Cristian Ciocaltea (6): ASoC: amd: acp: Add missing error handling in sof-mach ASoC: SOF: amd: Fix memory leak in amd_sof_acp_probe() ASoC: SOF: core: Skip firmware test for custom loaders ASoC: SOF: amd: Compute file paths on firmware load ASoC: SOF: amd: Move signed_fw_image to struct acp_quirk_entry ASoC: SOF: amd: Skip IRAM/DRAM size modification for Steam Deck OLED Dafna Hirschfeld (1): drm/xe: Replace 'grouped target' in Makefile with pattern rule Damian Muszynski (2): crypto: qat - fix ring to service map for dcc in 4xxx crypto: qat - fix ring to service map for dcc in 420xx Dan Carpenter (6): io_uring/net: fix overflow check in io_recvmsg_mshot_prep() ASoC: SOF: Add some bounds checking to firmware data lib/stackdepot: off by one in depot_fetch_stack() bus: mhi: ep: check the correct variable in mhi_ep_register_controller() staging: greybus: fix get_channel_from_mode() failure path char: xilinx_hwicap: Fix NULL vs IS_ERR() bug Daniel Golle (3): clk: mediatek: mt7981-topckgen: flag SGM_REG_SEL as critical net: mediatek: mtk_eth_soc: clear MAC_MCR_FORCE_LINK only when MAC is up net: ethernet: mtk_eth_soc: fix PPE hanging issue Daniel Lezcano (1): powercap: dtpm_cpu: Fix error check against freq_qos_add_request() Daniel Thompson (3): backlight: da9052: Fully initialize backlight_properties during probe backlight: lm3639: Fully initialize backlight_properties during probe backlight: lp8788: Fully initialize backlight_properties during probe Daniil Dulov (2): media: go7007: add check of return value of go7007_read_addr() media: pvrusb2: remove redundant NULL check Dave Airlie (2): nouveau: reset the bo resource bus info after an eviction nouveau/gsp: don't check devinit disable on GSP. Dave Jiang (2): ACPI: HMAT: Remove register of memory node for generic target cxl: Fix the incorrect assignment of SSLBIS entry pointer initial location Dave Wysochanski (1): NFS: Fix nfs_netfs_issue_read() xarray locking for writeback interrupt David E. Box (2): platform/x86/intel/pmc/lnl: Remove SSRAM support platform/x86/intel/pmc/arl: Put GNA device in D3 David Gow (8): kunit: test: Log the correct filter string in executor_test lib/cmdline: Fix an invalid format specifier in an assertion msg lib: memcpy_kunit: Fix an invalid format specifier in an assertion msg time: test: Fix incorrect format specifier rtc: test: Fix invalid format specifier. net: test: Fix printf format specifier in skb_segment kunit test drm/xe/tests: Fix printf format specifiers in xe_migrate test drm: tests: Fix invalid printf format specifiers in KUnit tests David Heidelberg (1): arm64: dts: qcom: sdm845-oneplus-common: improve DAI node naming David Howells (4): cifs: Fix writeback data corruption afs: Revert "afs: Hide silly-rename files from userspace" afs: Don't cache preferred address afs: Fix occasional rmdir-then-VNOVNODE with generic/011 David Lechner (2): spi: consolidate setting message->spi spi: move split xfers for CS_WORD emulation David Regan (1): mtd: rawnand: brcmnand: exec_op helper functions return type fixes Deren Wu (3): wifi: mt76: mt7925: update PCIe DMA settings wifi: mt76: mt7921e: fix use-after-free in free_irq() wifi: mt76: mt7925e: fix use-after-free in free_irq() Devarsh Thakkar (2): arm64: dts: ti: Add common1 register space for AM65x SoC arm64: dts: ti: Add common1 register space for AM62x SoC Dmitry Baryshkov (11): soc: qcom: socinfo: rename PM2250 to PM4125 arm64: dts: qcom: rename PM2250 to PM4125 arm64: dts: qcom: msm8998: declare VLS CLAMP register for USB3 PHY arm64: dts: qcom: qcm2290: declare VLS CLAMP register for USB3 PHY arm64: dts: qcom: sm6115: declare VLS CLAMP register for USB3 PHY drm: ci: use clk_ignore_unused for apq8016 drm/msm/dpu: finalise global state object drm/msm/a6xx: specify UBWC config for sc7180 phy: qcom: qmp-usb: split USB-C PHY driver phy: qcom: qmp-usbc: add support for the Type-C handling phy: qcom: qmp-usbc: handle CLAMP register in a correct way Douglas Anderson (1): drm/panel: boe-tv101wum-nl6: make use of prepare_prev_first Duanqiang Wen (1): net: txgbe: fix clk_name exceed MAX_DEV_ID limits Duoming Zhou (3): wifi: brcm80211: handle pmk_op allocation failure nfp: flower: handle acti_netdevs allocation failure clk: zynq: Prevent null pointer dereference caused by kmalloc failure Dylan Hung (1): i3c: dw: Disable IBI IRQ depends on hot-join and SIR enabling Edward Adam Davis (1): media: pvrusb2: fix uaf in pvr2_context_set_notify Emmanuel Grumbach (2): wifi: iwlwifi: mvm: fix the TLC command after ADD_STA wifi: iwlwifi: mvm: don't set the MFP flag for the GTK Eric Dumazet (8): sock_diag: annotate data-races around sock_diag_handlers[family] inet_diag: annotate data-races around inet_diag_table[] ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down() net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv() tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check packet: annotate data-races around ignore_outgoing net: move dev->state into net_device_read_txrx group Ethan Zhao (3): PCI: Make pci_dev_is_disconnected() helper public for other drivers iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected iommu/vt-d: Improve ITE fault handling if target device isn't present Eugen Hristev (2): arm64: dts: mediatek: mt8192: fix vencoder clock name arm64: dts: mediatek: mt8186: fix VENC power domain clocks Ezra Buehler (1): mtd: spinand: esmt: Extend IDs to 5 bytes Fedor Pchelkin (1): drm/tegra: put drm_gem_object ref on error in tegra_fb_create Fei Shao (1): spi: spi-mt65xx: Fix NULL pointer access in interrupt handler Felix Maurer (1): hsr: Handle failures in module init Filipe Manana (1): btrfs: fix race when detecting delalloc ranges during fiemap Florian Fainelli (1): spi: Fix error code checking in spi_mem_exec_op() Frank Li (2): arm64: dts: imx8qm: Align edma3 power-domains resources indentation arm64: dts: imx8qm: Correct edma3 power-domains and interrupt numbers Frederic Weisbecker (2): rcu/exp: Fix RCU expedited parallel grace period kworker allocation failure recovery rcu/exp: Handle RCU expedited grace period kworker allocation failure Frieder Schrempf (7): arm64: dts: imx8mm-kontron: Disable pullups for I2C signals on OSM-S i.MX8MM arm64: dts: imx8mm-kontron: Disable pullups for I2C signals on SL/BL i.MX8MM arm64: dts: imx8mm-kontron: Disable pullups for onboard UART signals on BL OSM-S board arm64: dts: imx8mm-kontron: Disable pullups for onboard UART signals on BL board arm64: dts: imx8mm-kontron: Disable pull resistors for SD card signals on BL OSM-S board arm64: dts: imx8mm-kontron: Disable pull resistors for SD card signals on BL board arm64: dts: imx8mm-kontron: Fix interrupt for RTC on OSM-S i.MX8MM module Frédéric Danis (1): Bluetooth: Fix eir name length Gabor Juhos (3): clk: qcom: gcc-ipq5018: fix 'enable_reg' offset of 'gcc_gmac0_sys_clk' clk: qcom: gcc-ipq5018: fix 'halt_reg' offset of 'gcc_pcie1_pipe_clk' clk: qcom: gcc-ipq5018: fix register offset for GCC_UBI0_AXI_ARES reset Gabriel Krisman Bertazi (2): ovl: Always reject mounting over case-insensitive directories io_uring: Fix release of pinned pages when __io_uaddr_map fails Gavrilov Ilia (6): tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function ipmr: fix incorrect parameter validation in the ip_mroute_getsockopt() function l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function udp: fix incorrect parameter validation in the udp_lib_getsockopt() function net: kcm: fix incorrect parameter validation in the kcm_getsockopt) function net/x25: fix incorrect parameter validation in the x25_getsockopt() function Geert Uytterhoeven (11): ARM: dts: renesas: r8a73a4: Fix external clocks and clock rate arm64: dts: renesas: r8a779g0: Restore sort order arm64: dts: renesas: r8a779g0: Add missing SCIF_CLK2 ARM: dts: arm: realview: Fix development chip ROM compatible value arm64: dts: renesas: r8a779a0: Correct avb[01] reg sizes arm64: dts: renesas: r8a779g0: Correct avb[01] reg sizes clk: renesas: r8a779g0: Fix PCIe clock name pinctrl: renesas: r8a779g0: Add missing SCIF_CLK2 pin group/function clk: renesas: r8a779g0: Correct PFC/GPIO parent clocks clk: renesas: r8a779f0: Correct PFC/GPIO parent clock pinctrl: renesas: Allow the compiler to optimize away sh_pfc_pm Gen Xu (1): wifi: mt76: mt792x: fix ethtool warning Geoffrey D. Bennett (4): ALSA: scarlett2: Fix Scarlett 4th Gen 4i4 low-voltage detection ALSA: scarlett2: Fix Scarlett 4th Gen autogain status values ALSA: scarlett2: Fix Scarlett 4th Gen input gain range ALSA: scarlett2: Fix Scarlett 4th Gen input gain range again George Stark (1): leds: aw2013: Unlock mutex before destroying it Gergo Koteles (5): ALSA: hda/tas2781: use dev_dbg in system_resume ALSA: hda/tas2781: add lock to system_suspend ALSA: hda/tas2781: do not reset cur_* values in runtime_suspend ALSA: hda/tas2781: do not call pm_runtime_force_* in system_resume/suspend ALSA: hda/tas2781: restore power state after system_resume Hao Zhang (1): wifi: mt76: mt7925: fix mcu query command fail Harry Wentland (2): drm: Don't treat 0 as -1 in drm_fixp2int_ceil drm/vkms: Avoid reading beyond LUT array Hayes Wang (1): r8152: fix unknown device for choose_configuration Heiko Carstens (1): s390/cache: prevent rebuild of shared_cpu_list Heiko Stuebner (3): arm64: dts: rockchip: add missing interrupt-names for rk356x vdpu arm64: dts: rockchip: fix reset-names for rk356x i2s2 controller arm64: dts: rockchip: drop rockchip,trcm-sync-tx-only from rk3588 i2s Hongyu Jin (1): dm io: Support IO priority Howard Hsu (1): wifi: mt76: mt7996: fix HE beamformer phy cap for station vif Hsin-Te Yuan (1): arm64: dts: mt8195-cherry-tomato: change watchdog reset boot flow Hsin-Yi Wang (2): drm/panel-edp: use put_sync in unprepare drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip Hugo Villeneuve (1): serial: max310x: fix syntax error in IRQ error message Ian Rogers (5): perf pmu: Treat the msr pmu as software perf srcline: Add missed addr2line closes perf expr: Fix "has_event" function for metric style events perf stat: Avoid metric-only segv perf metric: Don't remove scale from counts Ido Schimmel (2): selftests: forwarding: Add missing multicast routing config entries selftests: forwarding: Fix ping failure due to short timeout Ignat Korchagin (1): net: veth: do not manipulate GRO when using XDP Igor Prusov (1): clk: meson: Add missing clocks to axg_clk_regmaps Ilan Peer (1): wifi: iwlwifi: mvm: Fix the listener MAC filter flags Ilpo Järvinen (1): PCI/DPC: Print all TLP Prefixes, not just the first Jaegeuk Kim (1): f2fs: check number of blocks in a current section Jai Luthra (1): arm64: dts: ti: k3-am62p: Fix memory ranges for DMSS James Clark (1): coresight: Fix issue where a source device's helpers aren't disabled Jan Höppner (1): s390/dasd: Use dev_*() for device log messages Jan Kara (2): quota: Fix rcu annotations of inode dquot pointers quota: Properly annotate i_dquot arrays with __rcu Janne Grunau (1): spi: Restore delays for non-GPIO chip select Jason Gunthorpe (1): iommu/arm-smmu-v3: Check that the RID domain is S1 in SVA Jayesh Choudhary (1): arm64: dts: ti: k3-am69-sk: remove assigned-clock-parents for unused VP Jeff LaBundy (1): Input: iqs7222 - add support for IQS7222D v1.1 and v1.2 Jens Axboe (5): io_uring: remove looping around handling traditional task_work io_uring: remove unconditional looping in local task_work handling io_uring/net: unify how recvmsg and sendmsg copy in the msghdr io_uring/net: move receive multishot out of the generic msghdr path io_uring: don't save/restore iowait state Jeremy Kerr (1): net: mctp: copy skb ext data when fragmenting Jernej Skrabec (4): media: cedrus: h265: Fix configuring bitstream size media: sun8i-di: Fix coefficient writes media: sun8i-di: Fix power on/off sequences media: sun8i-di: Fix chroma difference threshold Jerome Brunet (4): ASoC: meson: aiu: fix function pointer type mismatch ASoC: meson: t9015: fix function pointer type mismatch ASoC: meson: axg-tdm-interface: fix mclk setup without mclk-fs ASoC: meson: axg-tdm-interface: add frame rate constraint Ji Sheng Teoh (1): watchdog: starfive: Check pm_runtime_enabled() before decrementing usage counter Jianhua Lu (1): backlight: ktz8866: Correct the check for of_property_read_u32 Jie Wang (1): net: hns3: fix port duplex configure error in IMP reset Jijie Shao (1): net: hns3: fix wrong judgment condition issue Jinjie Ruan (1): wifi: mwifiex: debugfs: Drop unnecessary error check for debugfs_create_dir() Jiri Olsa (1): bpftool: Fix wrong free call in do_show_link Jiri Pirko (3): dpll: spec: use proper enum for pin capabilities attribute dpll: fix dpll_xa_ref_*_del() for multiple registrations devlink: fix port new reply cmd type Jiri Slaby (SUSE) (1): tty: vt: fix 20 vs 0x20 typo in EScsiignore Johan Carlsson (1): ALSA: usb-audio: Stop parsing channels bits when all channels are found. Johan Hovold (1): PCI/AER: Fix rootport attribute paths in ABI docs Johannes Berg (8): wifi: iwlwifi: mvm: report beacon protection failures wifi: iwlwifi: dbg-tlv: ensure NUL termination wifi: iwlwifi: acpi: fix WPFC reading wifi: iwlwifi: mvm: initialize rates in FW earlier wifi: iwlwifi: mvm: d3: fix IPN byte order wifi: iwlwifi: always have 'uats_enabled' wifi: iwlwifi: mvm: fix erroneous queue index mask wifi: iwlwifi: mvm: don't set replay counters to 0xff John Keeping (1): regulator: userspace-consumer: add module device table John Ogness (6): printk: nbcon: Relocate 32bit seq macros printk: ringbuffer: Do not skip non-finalized records with prb_next_seq() printk: Wait for all reserved records with pr_flush() printk: Add this_cpu_in_panic() printk: ringbuffer: Cleanup reader terminology printk: ringbuffer: Skip non-finalized records in panic Jon Hunter (1): memory: tegra: Correct DLA client names Jonah Palmer (1): vdpa/mlx5: Allow CVQ size changes Jonas Dreßler (3): Bluetooth: Remove HCI_POWER_OFF_TIMEOUT Bluetooth: mgmt: Remove leftover queuing of power_off work Bluetooth: Remove superfluous call to hci_conn_check_pending() Jonathan Bell (1): PCI: brcmstb: Fix broken brcm_pcie_mdio_write() polling Jorge Mora (2): NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 NFSv4.2: fix listxattr maximum XDR buffer size Josef Bacik (1): nfs: fix panic when nfs4_ff_layout_prepare_ds() fails Josh Poimboeuf (1): objtool: Fix UNWIND_HINT_{SAVE,RESTORE} across basic blocks José Roberto de Souza (1): drm/xe: Skip VMAs pin when requesting signal to the last XE_EXEC Judith Mendez (1): arm64: dts: ti: k3-am64-main: Fix ITAP/OTAP values for MMC Juergen Gross (2): xen/evtchn: avoid WARN() when unbinding an event channel xen/events: increment refcnt only if event channel is refcounted Julien Massot (2): media: cadence: csi2rx: use match fwnode for media link media: v4l2: cci: print leading 0 on error Jérôme Pouiller (1): wifi: wfx: fix memory leak when starting AP Jörg Wedekind (1): PCI: Mark 3ware-9650SE Root Port Extended Tags as broken Kai Huang (1): x86/asm: Remove the __iomem annotation of movdir64b()'s dst argument Kajol Jain (1): powerpc/hv-gpci: Fix the H_GET_PERF_COUNTER_INFO hcall return value checks Kamal Heib (1): net: ena: Remove ena_select_queue Kang Yang (1): wifi: ath12k: fix incorrect logic of calculating vdev_stats_id Kees Cook (2): pstore: inode: Only d_invalidate() is needed x86, relocs: Ignore relocations in .notes section Keisuke Nishimura (2): sched/fair: Take the scheduling domain into account in select_idle_smt() sched/fair: Take the scheduling domain into account in select_idle_core() Komal Bajaj (2): arm64: dts: qcom: qcm6490-idp: Correct the voltage setting for vph_pwr arm64: dts: qcom: qcs6490-rb3gen2: Correct the voltage setting for vph_pwr Konrad Dybcio (13): arm64: dts: qcom: sc8180x: Hook up VDD_CX as GCC parent domain arm64: dts: qcom: sc8180x: Fix up big CPU idle state entry latency arm64: dts: qcom: sc8180x: Add missing CPU off state arm64: dts: qcom: sc8180x: Fix eDP PHY power-domains arm64: dts: qcom: sc8180x: Don't hold MDP core clock at FMAX arm64: dts: qcom: sc8180x: Require LOW_SVS vote for MMCX if DISPCC is on arm64: dts: qcom: sc8180x: Add missing CPU<->MDP_CFG path arm64: dts: qcom: sc8180x: Shrink aoss_qmp register space size arm64: dts: qcom: sm8450: Add missing interconnects to serial arm64: dts: qcom: sdm845: Use the Low Power Island CX/MX for SLPI clk: qcom: reset: Commonize the de/assert functions clk: qcom: reset: Ensure write completion on reset de/assertion clk: qcom: dispcc-sdm845: Adjust internal GDSC wait times Konstantin Taranov (5): RDMA/mana_ib: Fix bug in creation of dma regions RDMA/mana_ib: Introduce mdev_to_gc helper function RDMA/mana_ib: Introduce mana_ib_get_netdev helper function RDMA/mana_ib: Introduce mana_ib_install_cq_cb helper function RDMA/mana_ib: Use virtual address in dma regions for MRs Krzysztof Kozlowski (5): arm64: dts: qcom: x1e80100: drop qcom,drv-count arm64: dts: qcom: sdm845-db845c: correct PCIe wake-gpios arm64: dts: qcom: sm8150: correct PCIe wake-gpios riscv: dts: starfive: jh7100: fix root clock names soundwire: stream: add missing const to Documentation Kuniyuki Iwashima (3): af_unix: Annotate data-race of gc_in_progress in wait_for_unix_gc(). rds: tcp: Fix use-after-free of net in reqsk_timer_handler(). tcp: Fix refcnt handling in __inet_hash_connect(). Kévin L'hôpital (1): net: phy: fix phy_get_internal_delay accessing an empty array Lad Prabhakar (3): arm64: dts: renesas: rzg2l: Add missing interrupts to IRQC nodes arm64: dts: renesas: r9a08g045: Add missing interrupts to IRQC node ASoC: sh: rz-ssi: Fix error message print Lang Yu (1): drm/amdgpu: fix mmhub client id out-of-bounds access Le Ma (1): drm/amdgpu: drop setting buffer funcs in sdma442 Leon Romanovsky (1): xfrm: Allow UDP encapsulation only in offload modes Li Nan (3): md: fix kmemleak of rdev->serial block: fix deadlock between bd_link_disk_holder and partition scan md: Don't clear MD_CLOSING when the raid is about to stop Li Zhijian (1): coccinelle: device_attr_show: Remove useless expression STR Linu Cherian (1): octeontx2-af: Use matching wake_up API variant in CGX command interface Liu Ying (1): arm64: dts: imx8mp-evk: Fix hdmi@3d node Lorenzo Bianconi (1): wifi: mt76: mt7996: fix fw loading timeout Lu Baolu (4): iommu/vt-d: Use rbtree to track iommu probed devices iommu/vt-d: Use device rbtree in iopf reporting path iommu: Add static iommu_ops->release_domain iommu/vt-d: Fix NULL domain on device release Luca Ceresoli (1): ASoC: rockchip: i2s-tdm: Fix inaccurate sampling rates Luca Weiss (4): arm64: dts: qcom: sc7280: Add static properties to cryptobam arm64: dts: qcom: qcm6490-fairphone-fp5: Add missing reserved-memory backlight: lm3630a: Initialize backlight_properties on init backlight: lm3630a: Don't set bl->props.brightness in get_brightness Lucas Stach (1): media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak Luiz Augusto von Dentz (8): Bluetooth: Remove BT_HS Bluetooth: hci_event: Fix not indicating new connection for BIG Sync Bluetooth: hci_core: Cancel request on command timeout Bluetooth: hci_sync: Fix overwriting request callback Bluetooth: hci_core: Fix possible buffer overflow Bluetooth: msft: Fix memory leak Bluetooth: btusb: Fix memory leak Bluetooth: af_bluetooth: Fix deadlock Luoyouming (1): RDMA/hns: Fix mis-modifying default congestion control algorithm Maciej Strozek (2): mfd: cs42l43: Fix wrong register defaults mfd: cs42l43: Fix wrong GPIO_FN_SEL and SPI_CLK_CONFIG1 defaults Mads Bligaard Nielsen (1): drm/bridge: adv7511: fix crash on irq during probe Manivannan Sadhasivam (1): arm64: dts: qcom: sm8650: Fix UFS PHY clocks Manorit Chawdhry (2): arm64: dts: ti: k3-j721s2: Fix power domain for VTM node arm64: dts: ti: k3-j784s4: Fix power domain for VTM node Manu Bretelle (1): selftests/bpf: Disable IPv6 for lwt_redirect test Mao Jinlong (1): coresight: etm4x: Set skip_power_up in etm4_init_arch_data function Marek Vasut (1): arm64: dts: imx8mp: Set SPI NOR to max 40 MHz on Data Modul i.MX8M Plus eDM SBC Marijn Suijten (1): drm/msm/dpu: Only enable DSC_MODE_MULTIPLEX if dsc_merge is enabled Mario Limonciello (2): iommu/amd: Mark interrupt as managed crypto: ccp - Avoid discarding errors in psp_send_platform_access_msg() Mark Rutland (1): perf print-events: make is_event_supported() more robust Markus Schneider-Pargmann (1): can: m_can: Start/Cancel polling timer together with interrupts Martin KaFai Lau (2): selftests/bpf: Fix the flaky tc_redirect_dtime test selftests/bpf: Wait for the netstamp_needed_key static key to be turned on Martin Kaiser (1): gpio: vf610: allow disabling the vf610 driver Martin Kaistra (1): wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work Martin Krastev (1): drm/vmwgfx: Fix vmw_du_get_cursor_mob fencing of newly-created MOBs Masahiro Yamada (1): kconfig: fix infinite loop when expanding a macro at the end of file Mathias Nyman (4): xhci: Add interrupt pending autoclear flag to each interrupter xhci: make isoc_bei_interval variable interrupter specific. xhci: remove unnecessary event_ring_deq parameter from xhci_handle_event() xhci: update event ring dequeue pointer position to controller correctly Matthew Brost (2): drm/xe: Fix ref counting leak on page fault drm/xe: Invalidate userptr VMA on page pin fault Matti Vaittinen (1): iio: gts-helper: Fix division loop Maxim Kudinov (1): ACPI: resource: Add MAIBENBEN X577 to irq1_edge_low_force_override Maxime Ripard (2): kunit: Setup DMA masks on the kunit device drm/tests: helpers: Include missing drm_drv header Mete Durlu (1): s390/vtime: fix average steal time calculation Michael Ellerman (3): powerpc/32: fix ADB_CUDA kconfig warning powerpc/embedded6xx: Fix no previous prototype for avr_uart_send() etc. powerpc/4xx: Fix warp_gpio_leds build failure Michael Roth (1): x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit type Michal Vokáč (2): ARM: dts: imx6dl-yapp4: Fix typo in the QCA switch register address ARM: dts: imx6dl-yapp4: Move the internal switch PHYs under the switch node Mikhail Khvainitski (1): HID: lenovo: Add middleclick_workaround sysfs knob for cptkbd Mikulas Patocka (3): dm: call the resume method on internal suspend dm-integrity: fix a memory leak when rechecking the data dm-integrity: align the outgoing bio in integrity_recheck Ming Lei (1): dm raid: fix false positive for requeue needed during reshape Ming Yen Hsieh (9): wifi: mt76: mt7925: fix connect to 80211b mode fail in 2Ghz band wifi: mt76: mt7925: fix wmm queue mapping wifi: mt76: mt7925: fix fw download fail wifi: mt76: mt7925: fix WoW failed in encrypted mode wifi: mt76: mt7925: fix the wrong header translation config wifi: mt76: mt7925: add support to set ifs time by mcu command wifi: mt76: mt7921: fix incorrect type conversion for CLC command wifi: mt76: mt792x: fix a potential loading failure of the 6Ghz channel config from ACPI wifi: mt76: fix the issue of missing txpwr settings from ch153 to ch177 Miri Korenblit (5): wifi: iwlwifi: change link id in time event to s8 wifi: iwlwifi: fix EWRD table validity check wifi: iwlwifi: read BIOS PNVM only for non-Intel SKU wifi: iwlwifi: support EHT for WH wifi: iwlwifi: properly check if link is active Miroslav Franc (1): s390/dasd: fix double module refcount decrement Muhammad Usama Anjum (1): io_uring/net: correct the type of variable Mustafa Ismail (1): RDMA/irdma: Remove duplicate assignment Nathan Chancellor (1): s390/vdso: drop '-fPIC' from LDFLAGS Navid Emamdoost (1): nbd: null check for nla_nest_start Neil Armstrong (1): dt-bindings: arm-smmu: fix SM8[45]50 GPU SMMU if condition Nicholas Piggin (1): powerpc/ps3: Fix lv1 hcall assembly for ELFv2 calling convention Nikita Kiryushin (1): net: phy: fix phy_read_poll_timeout argument type in genphy_loopback Nikita Zhandarovich (5): do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak media: em28xx: annotate unchecked call to media_device_register() drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode() drm/amd/display: fix NULL checks for adev->dm.dc in amdgpu_dm_fini() wireguard: receive: annotate data-race around receiving_counter.counter Nícolas F. R. A. Prado (6): cpufreq: mediatek-hw: Wait for CPU supplies before probing cpufreq: mediatek-hw: Don't error out if supply is not found arm64: dts: mt8183: Move CrosEC base detection node to kukui-based DTs arm64: dts: mediatek: mt8192-asurada: Remove CrosEC base detection node arm64: dts: mediatek: mt8186: Add missing clocks to ssusb power domains arm64: dts: mediatek: mt8186: Add missing xhci clock to usb controllers Oleksij Rempel (1): net: dsa: microchip: make sure drive strength configuration is not lost by soft reset Olga Kornievskaia (1): NFSv4.1/pnfs: fix NFS with TLS in pnfs Ondrej Jirman (1): leds: sgm3140: Add missing timer cleanup and flash gpio control Oscar Salvador (1): lib/stackdepot: fix first entry having a 0-handle Pablo Neira Ayuso (2): netfilter: nft_set_pipapo: release elements in clone only from destroy path netfilter: nf_tables: do not compare internal table flags on updates Paloma Arellano (2): drm/msm/dpu: allow certain formats for CDM for DP drm/msm/dpu: add division of drm_display_mode's hskew parameter Pauli Virtanen (1): Bluetooth: fix use-after-free in accessing skb after sending it Pavel Begunkov (1): io_uring: fix poll_remove stalled req completion Peng Fan (1): thermal/drivers/qoriq: Fix getting tmu range Perry Yuan (1): ACPI: CPPC: enable AMD CPPC V2 support for family 17h processors Peter Chiu (2): wifi: mt76: mt7996: check txs format before getting skb by pid wifi: mt76: mt7996: fix TWT issues Peter Griffin (2): mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref mfd: altera-sysmgr: Call of_node_put() only when of_parse_phandle() takes a ref Peter Hilber (3): timekeeping: Fix cross-timestamp interpolation on counter wrap timekeeping: Fix cross-timestamp interpolation corner case decision timekeeping: Fix cross-timestamp interpolation for non-x86 Peter Robinson (2): bus: tegra-aconnect: Update dependency to ARCH_TEGRA dmaengine: tegra210-adma: Update dependency to ARCH_TEGRA Petr Machata (1): selftests: forwarding: Add missing config entries Petr Mladek (1): printk: Disable passing console lock owner completely during panic() Petre Rodan (1): iio: pressure: mprls0025pa fix off-by-one enum Przemek Kitszel (1): ice: fix stats being updated by way too large values Puranjay Mohan (1): bpf: hardcode BPF_PROG_PACK_SIZE to 2MB * num_possible_nodes() Qiheng Lin (1): powerpc/pseries: Fix potential memleak in papr_get_attr() Quan Tian (1): netfilter: nf_tables: Fix a memory leak in nf_tables_updchain Quan Zhou (1): wifi: mt76: mt7925: add flow to avoid chip bt function fail Quanyang Wang (1): crypto: xilinx - call finalize with bh disabled Quentin Schulz (2): drm/rockchip: lvds: do not overwrite error code drm/rockchip: lvds: do not print scary message when probing defer Raag Jadav (1): pwm: dwc: use pm_sleep_ptr() macro Rafael J. Wysocki (1): ACPI: scan: Fix device check notification handling Rafał Miłecki (9): arm64: dts: mediatek: mt7986: fix reference to PWM in fan node arm64: dts: mediatek: mt7986: drop crypto's unneeded/invalid clock name arm64: dts: mediatek: mt7986: fix SPI bus width properties arm64: dts: mediatek: mt7986: fix SPI nodename arm64: dts: mediatek: mt7986: drop "#clock-cells" from PWM arm64: dts: mediatek: mt7986: add "#reset-cells" to infracfg arm64: dts: mediatek: mt7622: add missing "device_type" to memory nodes arm64: dts: marvell: reorder crypto interrupts on Armada SoCs arm64: dts: broadcom: bcmbca: bcm4908: drop invalid switch cells Rahul Rameshbabu (4): wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled wifi: b43: Stop correct queue in DMA worker when QoS is disabled wifi: b43: Disable QoS for bcm4331 Raj Kumar Bhagat (1): wifi: ath12k: fix fetching MCBC flag for QCN9274 Randy Dunlap (4): fs/hfsplus: use better @opf description drivers/ps3: select VIDEO to provide cmdline functions crypto: jitter - fix CRYPTO_JITTERENTROPY help text rtc: mt6397: select IRQ_DOMAIN instead of depending on it Ravi Gunasekaran (1): arm64: dts: ti: k3-am62p5-sk: Enable CPSW MDIO node Rob Clark (1): drm/msm/a7xx: Fix LLC typo Rob Herring (1): media: dt-bindings: techwell,tw9900: Fix port schema ref Roger Quadros (1): arm64: dts: ti: am65x: Fix dtbs_install for Rocktech OLDI overlay Romain Naour (2): arm64: dts: ti: k3-am69-sk: fix PMIC interrupt number arm64: dts: ti: k3-j721e-sk: fix PMIC interrupt number Sakari Ailus (3): media: ivsc: csi: Swap SINK and SOURCE pads mei: vsc: Call wake_up() in the threaded IRQ handler mei: vsc: Don't use sleeping condition in wait_event_timeout() Sam Protsenko (1): clk: samsung: exynos850: Propagate SPI IPCLK rate change Sam Ravnborg (4): sparc32: Use generic cmpdi2/ucmpdi2 variants mtd: maps: sun_uflash: Declare uflash_devinit static sparc32: Do not select GENERIC_ISA_DMA sparc32: Fix section mismatch in leon_pci_grpci Sami Tolvanen (1): riscv: Fix syscall wrapper for >word-size arguments Sandipan Das (2): perf vendor events amd: Fix Zen 4 cache latency events perf/x86/amd/core: Avoid register reset when CPU is dead Sasha Levin (1): Linux 6.8.2-rc1 Saurabh Sengar (1): x86/hyperv: Use per cpu initial stack for vtl context Sean Anderson (1): usb: phy: generic: Get the vbus supply Serge Semin (2): tty: mips_ejtag_fdc: Fix passing incompatible pointer type warning mips: cm: Convert __mips_cm_l2sync_phys_base() to weak function Shay Drory (1): devlink: Fix devlink parallel commands processing Sheng Yong (1): f2fs: compress: fix to check unreleased compressed cluster Shengjiu Wang (1): clk: imx: imx8mp: Fix SAI_MCLK_SEL definition Shifeng Li (1): RDMA/device: Fix a race between mad_client and cm_client init Shigeru Yoshida (1): hsr: Fix uninit-value access in hsr_get_node() Shiming Cheng (1): ipv6: fib6_rules: flush route cache when rule is changed Shin'ichiro Kawasaki (1): nvme: host: fix double-free of struct nvme_id_ns in ns_update_nuse() Shung-Hsi Yu (1): selftests/bpf: trace_helpers.c: do not use poisoned type Sibi Sankar (1): cpufreq: Fix per-policy boost behavior on SoCs using cpufreq_boost_set_sw() Srinivasan Shanmugam (5): drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()' drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10_set_output_transfer_func()' drm/amdgpu: Fix potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()' drm/amd/display: Add 'replay' NULL check in 'edp_set_replay_allow_active()' drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of atom_get_src_int() Sriram R (1): wifi: ath12k: Fix issues in channel list update StanleyYP Wang (1): wifi: mt76: mt7996: fix efuse reading issue Stefan Binding (1): ALSA: hda: cs35l41: Set Channel Index correctly when system is missing _DSD Stephen Boyd (2): gpiolib: Pass consumer device through to core in devm_fwnode_gpiod_get_index() arm64: ftrace: Don't forbid CALL_OPS+CC_OPTIMIZE_FOR_SIZE with Clang Steve Sistare (1): vdpa_sim: reset must not run Subbaraya Sundeep (5): octeontx2: Detect the mbox up or down message via register octeontx2-pf: Wait till detach_resources msg is complete octeontx2-pf: Use default max_active works instead of one octeontx2-pf: Send UP messages to VF only when VF is up. octeontx2-af: Use separate handlers for interrupts Sunil Goutham (1): octeontx2-af: Fix devlink params Suzuki K Poulose (1): virtio: uapi: Drop __packed attribute in linux/virtio_pci.h Takashi Iwai (1): ALSA: seq: fix function cast warnings Tejun Heo (9): workqueue: Move pwq->max_active to wq->max_active workqueue: Factor out pwq_is_empty() workqueue: Replace pwq_activate_inactive_work() with [__]pwq_activate_work() workqueue: Move nr_active handling into helpers workqueue: Make wq_adjust_max_active() round-robin pwqs while activating workqueue: RCU protect wq->dfl_pwq and implement accessors for it workqueue: Introduce struct wq_node_nr_active workqueue: Implement system-wide nr_active enforcement for unbound workqueues workqueue: Don't call cpumask_test_cpu() with -1 CPU in wq_update_node_max_active() Thinh Tran (1): net/bnx2x: Prevent access to a freed page in page_pool Thomas Richter (1): s390/pai: fix attr_event_free upper limit for pai device drivers Thomas Weißschuh (1): power: supply: mm8013: fix "not charging" detection Thomas Zimmermann (1): arch/powerpc: Remove <linux/fb.h> from backlight code Théo Lebrun (2): gpio: nomadik: fix offset bug in nmk_pmx_set() spi: spi-mem: add statistics support to ->exec_op() calls Tiezhu Yang (1): bpftool: Silence build warning about calloc() Tim Harvey (1): arm64: dts: imx8mm-venice-gw71xx: fix USB OTG VBUS Tim Pambor (1): net: phy: dp83822: Fix RGMII TX delay configuration Tobias Brunner (1): ipv4: raw: Fix sending packets from raw sockets via IPsec tunnels Toke Høiland-Jørgensen (5): wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete libbpf: Use OPTS_SET() macro in bpf_xdp_query() bpf: Fix DEVMAP_HASH overflow check on 32-bit arches bpf: Fix hashtab overflow check on 32-bit arches bpf: Fix stackmap overflow check on 32-bit arches Tomi Valkeinen (2): drm/tidss: Fix initial plane zpos values drm/tidss: Fix sync-lost issue with two displays Tony Luck (1): x86/resctrl: Implement new mba_MBps throttling heuristic Tudor Ambarus (1): tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT Unnathi Chalicheemala (1): soc: qcom: llcc: Check return value on Broadcast_OR reg read Uwe Kleine-König (3): pwm: atmel-hlcdc: Fix clock imbalance related to suspend support pwm: sti: Fix capture for st,pwm-num-chan < st,capture-num-chan ASoC: tlv320adc3xxx: Don't strip remove function when driver is builtin Vaishnav Achath (1): arm64: dts: ti: k3-am62p-mcu/wakeup: Disable MCU and wakeup R5FSS nodes Viktor Malik (2): tools/resolve_btfids: Refactor set sorting with types from btf_ids.h tools/resolve_btfids: Fix cross-compilation to non-host endianness Vinicius Costa Gomes (2): igc: Fix missing time sync events igb: Fix missing time sync events Viresh Kumar (1): OPP: debugfs: Fix warning around icc_get_name() Vladimir Zapolskiy (1): arm64: dts: qcom: sm6115: drop pipe clock selection Wang Jianjian (1): quota: Fix potential NULL pointer dereference Wen Gong (3): wifi: ath11k: add support to select 6 GHz regulatory type wifi: ath11k: store cur_regulatory_info for each radio wifi: ath11k: change to move WMI_VDEV_PARAM_SET_HEMU_MODE before WMI_PEER_ASSOC_CMDID Wenjie Qi (1): f2fs: fix NULL pointer dereference in f2fs_submit_page_write() William Kucharski (1): RDMA/srpt: Do not register event handler until srpt device is fully setup William Tu (2): devlink: Fix length of eswitch inline-mode vmxnet3: Fix missing reserved tailroom Xingyuan Mo (1): wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() Xiubo Li (1): ceph: stop copying to iter at EOF on sync reads Xiuhong Wang (2): f2fs: compress: relocate some judgments in f2fs_reserve_compress_blocks f2fs: compress: fix reserve_cblocks counting error when out of space Xuan Zhuo (1): virtio: packed: fix unmap leak for indirect desc table Yan Zhai (3): rcu: add a helper to report consolidated flavor QS net: report RCU QS on threaded NAPI repolling bpf: report RCU QS in cpumap kthread Yang Jihong (5): perf record: Fix possible incorrect free in record__switch_output() perf record: Check conflict between '--timestamp-filename' option and pipe mode before recording perf evsel: Fix duplicate initialization of data->id in evsel__parse_sample() perf thread_map: Free strlist on normal path in thread_map__new_by_tid_str() hwtracing: hisi_ptt: Move type check to the beginning of hisi_ptt_pmu_event_init() Yang Yingliang (1): NTB: fix possible name leak in ntb_register_device() Yewon Choi (1): rds: introduce acquire/release ordering in acquire/release_in_xmit() Yifan Zhang (1): drm/amdgpu: add MMHUB 3.3.1 support Yihang Li (1): scsi: hisi_sas: Fix a deadlock issue related to automatic dump Yonghong Song (1): bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly Yonglong Liu (1): net: hns3: fix kernel crash when 1588 is received on HIP08 devices Yu Kuai (3): md/raid1: factor out helpers to add rdev to conf md/raid1: record nonrot rdevs while adding/removing rdevs to conf md/raid1: fix choose next idle in read_balance() Zhang Shurong (1): drm/tegra: dpaux: Fix PM disable depth imbalance in tegra_dpaux_probe Zhipeng Lu (10): wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() SUNRPC: fix a memleak in gss_import_v2_context SUNRPC: fix some memleaks in gssx_dec_option_array drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node drm/lima: fix a memleak in lima_heap_alloc media: v4l2-tpg: fix some memleaks in tpg_alloc media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity media: edia: dvbdev: fix a use-after-free media: go7007: fix a memleak in go7007_load_encoder media: ttpci: fix two memleaks in budget_av_attach rong.yan (1): wifi: mt76: mt7925: fix SAP no beacon issue in 5Ghz and 6Ghz band .../testing/sysfs-bus-pci-devices-aer_stats | 6 +- .../bindings/display/msm/qcom,mdss.yaml | 1 + .../devicetree/bindings/iommu/arm,smmu.yaml | 13 +- .../bindings/media/i2c/techwell,tw9900.yaml | 2 +- Documentation/driver-api/soundwire/stream.rst | 4 +- Documentation/netlink/specs/devlink.yaml | 2 +- Documentation/netlink/specs/dpll.yaml | 1 + .../networking/net_cachelines/net_device.rst | 2 +- Makefile | 4 +- arch/arm/boot/dts/arm/arm-realview-pb1176.dts | 2 +- .../boot/dts/nxp/imx/imx6dl-yapp4-common.dtsi | 25 +- arch/arm/boot/dts/qcom/qcom-msm8974.dtsi | 2 +- arch/arm/boot/dts/renesas/r8a73a4-ape6evm.dts | 12 + arch/arm/boot/dts/renesas/r8a73a4.dtsi | 9 +- arch/arm/crypto/sha256_glue.c | 13 +- arch/arm/crypto/sha512-glue.c | 12 +- arch/arm64/Kconfig | 2 +- .../dts/allwinner/sun50i-h6-beelink-gs1.dts | 2 + .../boot/dts/allwinner/sun50i-h6-tanix.dtsi | 2 + arch/arm64/boot/dts/allwinner/sun50i-h6.dtsi | 7 +- .../boot/dts/broadcom/bcmbca/bcm4908.dtsi | 3 - .../dts/freescale/imx8mm-kontron-bl-osm-s.dts | 38 +- .../boot/dts/freescale/imx8mm-kontron-bl.dts | 38 +- .../dts/freescale/imx8mm-kontron-osm-s.dtsi | 6 +- .../boot/dts/freescale/imx8mm-kontron-sl.dtsi | 4 +- .../dts/freescale/imx8mm-venice-gw71xx.dtsi | 29 +- .../freescale/imx8mp-data-modul-edm-sbc.dts | 2 +- arch/arm64/boot/dts/freescale/imx8mp-evk.dts | 33 +- .../boot/dts/freescale/imx8qm-ss-dma.dtsi | 29 +- arch/arm64/boot/dts/marvell/armada-37xx.dtsi | 10 +- arch/arm64/boot/dts/marvell/armada-cp11x.dtsi | 10 +- .../dts/mediatek/mt7622-bananapi-bpi-r64.dts | 1 + arch/arm64/boot/dts/mediatek/mt7622-rfb1.dts | 1 + .../dts/mediatek/mt7986a-bananapi-bpi-r3.dts | 2 +- arch/arm64/boot/dts/mediatek/mt7986a-rfb.dts | 7 +- arch/arm64/boot/dts/mediatek/mt7986a.dtsi | 3 +- arch/arm64/boot/dts/mediatek/mt7986b-rfb.dts | 7 +- .../dts/mediatek/mt8183-kukui-kakadu.dtsi | 4 + .../dts/mediatek/mt8183-kukui-kodama.dtsi | 4 + .../boot/dts/mediatek/mt8183-kukui-krane.dtsi | 4 + .../arm64/boot/dts/mediatek/mt8183-kukui.dtsi | 4 - arch/arm64/boot/dts/mediatek/mt8186.dtsi | 18 +- .../boot/dts/mediatek/mt8192-asurada.dtsi | 4 - arch/arm64/boot/dts/mediatek/mt8192.dtsi | 2 +- .../dts/mediatek/mt8195-cherry-tomato-r1.dts | 4 + .../dts/mediatek/mt8195-cherry-tomato-r2.dts | 4 + .../dts/mediatek/mt8195-cherry-tomato-r3.dts | 4 + arch/arm64/boot/dts/qcom/msm8998.dtsi | 7 + .../dts/qcom/{pm2250.dtsi => pm4125.dtsi} | 8 +- arch/arm64/boot/dts/qcom/qcm2290.dtsi | 7 + .../boot/dts/qcom/qcm6490-fairphone-fp5.dts | 5 + arch/arm64/boot/dts/qcom/qcm6490-idp.dts | 4 +- arch/arm64/boot/dts/qcom/qcs6490-rb3gen2.dts | 4 +- arch/arm64/boot/dts/qcom/qrb2210-rb1.dts | 78 +- arch/arm64/boot/dts/qcom/qrb4210-rb2.dts | 4 - arch/arm64/boot/dts/qcom/sa8540p.dtsi | 3 + arch/arm64/boot/dts/qcom/sc7280.dtsi | 2 + arch/arm64/boot/dts/qcom/sc8180x.dtsi | 38 +- arch/arm64/boot/dts/qcom/sdm845-db845c.dts | 2 +- .../boot/dts/qcom/sdm845-oneplus-common.dtsi | 8 +- arch/arm64/boot/dts/qcom/sdm845.dtsi | 4 +- arch/arm64/boot/dts/qcom/sm6115.dtsi | 8 +- arch/arm64/boot/dts/qcom/sm8150.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm8450.dtsi | 12 + arch/arm64/boot/dts/qcom/sm8550.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm8650.dtsi | 10 +- arch/arm64/boot/dts/qcom/x1e80100-qcp.dts | 4 +- arch/arm64/boot/dts/qcom/x1e80100.dtsi | 1 - arch/arm64/boot/dts/renesas/r8a779a0.dtsi | 4 +- arch/arm64/boot/dts/renesas/r8a779g0.dtsi | 88 +- arch/arm64/boot/dts/renesas/r9a07g043u.dtsi | 12 +- arch/arm64/boot/dts/renesas/r9a07g044.dtsi | 22 +- arch/arm64/boot/dts/renesas/r9a07g054.dtsi | 22 +- arch/arm64/boot/dts/renesas/r9a08g045.dtsi | 8 +- .../boot/dts/renesas/rzg3s-smarc-som.dtsi | 4 + arch/arm64/boot/dts/rockchip/rk356x.dtsi | 3 +- arch/arm64/boot/dts/rockchip/rk3588s.dtsi | 2 - arch/arm64/boot/dts/ti/Makefile | 1 + arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 9 +- arch/arm64/boot/dts/ti/k3-am62p-mcu.dtsi | 2 + arch/arm64/boot/dts/ti/k3-am62p-wakeup.dtsi | 1 + arch/arm64/boot/dts/ti/k3-am62p.dtsi | 2 +- arch/arm64/boot/dts/ti/k3-am62p5-sk.dts | 4 + arch/arm64/boot/dts/ti/k3-am64-main.dtsi | 9 +- arch/arm64/boot/dts/ti/k3-am65-main.dtsi | 5 +- arch/arm64/boot/dts/ti/k3-am69-sk.dts | 10 +- .../dts/ti/k3-j7200-common-proc-board.dts | 18 +- .../boot/dts/ti/k3-j721e-mcu-wakeup.dtsi | 4 +- arch/arm64/boot/dts/ti/k3-j721e-sk.dts | 4 +- .../dts/ti/k3-j721s2-common-proc-board.dts | 2 - .../boot/dts/ti/k3-j721s2-mcu-wakeup.dtsi | 2 +- arch/arm64/boot/dts/ti/k3-j784s4-evm.dts | 2 - arch/arm64/boot/dts/ti/k3-j784s4-main.dtsi | 12 +- .../boot/dts/ti/k3-j784s4-mcu-wakeup.dtsi | 2 +- arch/mips/include/asm/mips-cm.h | 13 + arch/mips/kernel/mips-cm.c | 5 +- arch/powerpc/include/asm/backlight.h | 5 +- arch/powerpc/include/asm/ppc_asm.h | 6 +- arch/powerpc/include/asm/vmalloc.h | 4 +- arch/powerpc/perf/hv-gpci.c | 29 +- arch/powerpc/platforms/44x/warp.c | 1 + .../platforms/embedded6xx/linkstation.c | 3 - arch/powerpc/platforms/embedded6xx/mpc10x.h | 3 + arch/powerpc/platforms/powermac/Kconfig | 2 +- arch/powerpc/platforms/powermac/backlight.c | 26 - arch/powerpc/platforms/ps3/Kconfig | 1 + arch/powerpc/platforms/ps3/hvcall.S | 18 +- .../pseries/papr_platform_attributes.c | 8 +- arch/riscv/boot/dts/starfive/jh7100.dtsi | 4 + arch/riscv/include/asm/pgtable.h | 2 + arch/riscv/include/asm/syscall_wrapper.h | 53 +- arch/riscv/kernel/traps_misaligned.c | 2 +- arch/riscv/kvm/vcpu_insn.c | 13 + arch/s390/kernel/cache.c | 1 + arch/s390/kernel/perf_pai_crypto.c | 2 +- arch/s390/kernel/perf_pai_ext.c | 2 +- arch/s390/kernel/vdso32/Makefile | 2 +- arch/s390/kernel/vdso64/Makefile | 2 +- arch/s390/kernel/vtime.c | 4 +- arch/sparc/Kconfig | 6 +- arch/sparc/kernel/leon_pci_grpci1.c | 2 +- arch/sparc/kernel/leon_pci_grpci2.c | 2 +- arch/sparc/lib/Makefile | 4 +- arch/sparc/lib/cmpdi2.c | 28 - arch/sparc/lib/ucmpdi2.c | 20 - arch/x86/events/amd/core.c | 1 - arch/x86/hyperv/hv_vtl.c | 19 +- arch/x86/include/asm/io.h | 2 +- arch/x86/include/asm/page.h | 6 +- arch/x86/include/asm/special_insns.h | 9 +- arch/x86/kernel/acpi/cppc.c | 2 +- arch/x86/kernel/cpu/resctrl/core.c | 10 +- arch/x86/kernel/cpu/resctrl/internal.h | 8 +- arch/x86/kernel/cpu/resctrl/monitor.c | 48 +- arch/x86/kernel/cpu/resctrl/rdtgroup.c | 14 +- arch/x86/mm/mem_encrypt_identity.c | 10 +- arch/x86/tools/relocs.c | 8 + block/holder.c | 12 +- crypto/Kconfig | 5 +- drivers/acpi/numa/hmat.c | 8 +- drivers/acpi/processor_idle.c | 2 + drivers/acpi/resource.c | 21 + drivers/acpi/scan.c | 8 +- drivers/block/aoe/aoecmd.c | 12 +- drivers/block/aoe/aoenet.c | 1 + drivers/block/nbd.c | 6 + drivers/bluetooth/btmtk.c | 4 +- drivers/bluetooth/btusb.c | 10 +- drivers/bluetooth/hci_h5.c | 5 +- drivers/bluetooth/hci_qca.c | 6 +- drivers/bluetooth/hci_serdev.c | 9 +- drivers/bluetooth/hci_uart.h | 12 +- drivers/bus/Kconfig | 5 +- drivers/bus/mhi/ep/main.c | 2 +- drivers/char/xilinx_hwicap/xilinx_hwicap.c | 4 +- drivers/clk/clk.c | 3 + drivers/clk/hisilicon/clk-hi3519.c | 2 +- drivers/clk/hisilicon/clk-hi3559a.c | 1 - drivers/clk/imx/clk-imx8mp-audiomix.c | 11 +- drivers/clk/mediatek/clk-mt7622-apmixedsys.c | 1 - drivers/clk/mediatek/clk-mt7981-topckgen.c | 5 +- drivers/clk/mediatek/clk-mt8135-apmixedsys.c | 4 +- drivers/clk/mediatek/clk-mt8183.c | 2 +- drivers/clk/meson/axg.c | 2 + drivers/clk/qcom/dispcc-sdm845.c | 2 + drivers/clk/qcom/gcc-ipq5018.c | 6 +- drivers/clk/qcom/reset.c | 27 +- drivers/clk/renesas/r8a779f0-cpg-mssr.c | 2 +- drivers/clk/renesas/r8a779g0-cpg-mssr.c | 13 +- drivers/clk/renesas/r9a07g043-cpg.c | 2 +- drivers/clk/renesas/r9a07g044-cpg.c | 2 +- drivers/clk/samsung/clk-exynos850.c | 33 +- drivers/clk/zynq/clkc.c | 8 +- drivers/cpufreq/Kconfig.arm | 1 + drivers/cpufreq/brcmstb-avs-cpufreq.c | 2 + drivers/cpufreq/cpufreq.c | 18 +- drivers/cpufreq/freq_table.c | 2 +- drivers/cpufreq/mediatek-cpufreq-hw.c | 19 +- drivers/crypto/ccp/platform-access.c | 11 +- .../intel/qat/qat_420xx/adf_420xx_hw_data.c | 8 + .../intel/qat/qat_4xxx/adf_4xxx_hw_data.c | 8 + .../crypto/intel/qat/qat_common/adf_clock.c | 3 + .../intel/qat/qat_common/adf_cnv_dbgfs.c | 1 - .../intel/qat/qat_common/adf_gen4_hw_data.c | 3 + .../intel/qat/qat_common/adf_gen4_ras.c | 6 +- .../intel/qat/qat_common/qat_comp_algs.c | 9 - drivers/crypto/xilinx/zynqmp-aes-gcm.c | 3 + drivers/cxl/core/cdat.c | 30 +- drivers/dma/Kconfig | 14 +- drivers/dpll/dpll_core.c | 8 +- drivers/firmware/arm_scmi/smc.c | 7 + drivers/firmware/efi/libstub/x86-stub.c | 7 +- drivers/gpio/Kconfig | 3 +- drivers/gpio/gpiolib-devres.c | 2 +- drivers/gpio/gpiolib.c | 14 +- drivers/gpio/gpiolib.h | 8 + drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 6 +- drivers/gpu/drm/amd/amdgpu/atom.c | 2 +- drivers/gpu/drm/amd/amdgpu/gmc_v11_0.c | 1 + drivers/gpu/drm/amd/amdgpu/mmhub_v3_3.c | 8 +- drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c | 23 +- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 16 +- .../amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 2 +- .../amd/display/dc/hwss/dcn10/dcn10_hwseq.c | 7 +- .../link/protocols/link_edp_panel_control.c | 3 +- .../gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 4 +- .../drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 4 +- .../drm/amd/pm/swsmu/smu13/smu_v13_0_6_ppt.c | 4 +- drivers/gpu/drm/bridge/adv7511/adv7511_drv.c | 22 +- drivers/gpu/drm/ci/test.yml | 5 +- drivers/gpu/drm/lima/lima_gem.c | 23 +- drivers/gpu/drm/mediatek/mtk_drm_crtc.c | 12 +- drivers/gpu/drm/mediatek/mtk_dsi.c | 10 +- drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 5 +- drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 11 +- drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.h | 7 + .../drm/msm/disp/dpu1/dpu_encoder_phys_vid.c | 7 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_cdm.c | 2 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_intf.c | 15 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_intf.h | 1 + drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c | 8 + drivers/gpu/drm/nouveau/nouveau_bo.c | 2 + .../drm/nouveau/nvkm/subdev/devinit/r535.c | 1 - .../gpu/drm/panel/panel-boe-tv101wum-nl6.c | 2 + drivers/gpu/drm/panel/panel-edp.c | 3 +- drivers/gpu/drm/radeon/ni.c | 2 +- drivers/gpu/drm/rockchip/inno_hdmi.c | 4 +- drivers/gpu/drm/rockchip/rockchip_lvds.c | 3 +- drivers/gpu/drm/tegra/dpaux.c | 14 +- drivers/gpu/drm/tegra/dsi.c | 59 +- drivers/gpu/drm/tegra/fb.c | 1 + drivers/gpu/drm/tegra/hdmi.c | 20 +- drivers/gpu/drm/tegra/output.c | 16 +- drivers/gpu/drm/tegra/rgb.c | 18 +- drivers/gpu/drm/tests/drm_buddy_test.c | 14 +- drivers/gpu/drm/tests/drm_mm_test.c | 6 +- drivers/gpu/drm/tidss/tidss_crtc.c | 10 + drivers/gpu/drm/tidss/tidss_plane.c | 2 +- drivers/gpu/drm/vkms/vkms_composer.c | 14 +- drivers/gpu/drm/vmwgfx/vmwgfx_gmrid_manager.c | 5 +- drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 11 +- drivers/gpu/drm/xe/Makefile | 3 +- drivers/gpu/drm/xe/tests/xe_migrate.c | 8 +- drivers/gpu/drm/xe/xe_exec.c | 41 +- drivers/gpu/drm/xe/xe_gt_pagefault.c | 10 +- drivers/gpu/drm/xe/xe_trace.h | 2 +- drivers/gpu/drm/xe/xe_vm.c | 32 +- drivers/gpu/drm/xe/xe_vm_types.h | 7 +- drivers/hid/amd-sfh-hid/amd_sfh_pcie.c | 30 +- drivers/hid/amd-sfh-hid/amd_sfh_pcie.h | 6 +- drivers/hid/hid-lenovo.c | 57 +- drivers/hv/Kconfig | 1 + drivers/hwtracing/coresight/coresight-core.c | 30 +- .../hwtracing/coresight/coresight-etm-perf.c | 2 +- .../coresight/coresight-etm4x-core.c | 10 +- drivers/hwtracing/coresight/coresight-priv.h | 2 +- drivers/hwtracing/ptt/hisi_ptt.c | 6 +- drivers/i3c/master/dw-i3c-master.c | 4 +- drivers/iio/industrialio-gts-helper.c | 15 +- drivers/iio/pressure/mprls0025pa.c | 4 +- drivers/infiniband/core/device.c | 37 +- drivers/infiniband/hw/hns/hns_roce_device.h | 17 +- drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 16 +- drivers/infiniband/hw/irdma/verbs.c | 3 +- drivers/infiniband/hw/mana/cq.c | 29 +- drivers/infiniband/hw/mana/main.c | 82 +- drivers/infiniband/hw/mana/mana_ib.h | 27 +- drivers/infiniband/hw/mana/mr.c | 17 +- drivers/infiniband/hw/mana/qp.c | 94 +- drivers/infiniband/hw/mana/wq.c | 4 +- drivers/infiniband/ulp/rtrs/rtrs-clt-sysfs.c | 2 +- drivers/infiniband/ulp/srpt/ib_srpt.c | 3 +- drivers/input/misc/iqs7222.c | 112 ++ drivers/iommu/Kconfig | 2 +- drivers/iommu/amd/init.c | 3 + .../iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c | 8 +- drivers/iommu/intel/Makefile | 2 + drivers/iommu/intel/dmar.c | 26 +- drivers/iommu/intel/iommu.c | 122 +- drivers/iommu/intel/iommu.h | 10 + drivers/iommu/intel/pasid.c | 67 + drivers/iommu/intel/pasid.h | 1 + drivers/iommu/intel/svm.c | 17 +- drivers/iommu/iommu.c | 19 +- drivers/iommu/irq_remapping.c | 3 +- drivers/leds/flash/leds-sgm3140.c | 3 + drivers/leds/leds-aw2013.c | 1 + drivers/md/dm-bufio.c | 6 +- drivers/md/dm-integrity.c | 30 +- drivers/md/dm-io.c | 23 +- drivers/md/dm-kcopyd.c | 4 +- drivers/md/dm-log.c | 4 +- drivers/md/dm-raid.c | 4 +- drivers/md/dm-raid1.c | 6 +- drivers/md/dm-snap-persistent.c | 4 +- drivers/md/dm-verity-target.c | 2 +- drivers/md/dm-writecache.c | 8 +- drivers/md/dm.c | 26 +- drivers/md/md.c | 15 +- drivers/md/md.h | 1 + drivers/md/raid1.c | 134 +- drivers/md/raid1.h | 1 + drivers/media/common/v4l2-tpg/v4l2-tpg-core.c | 52 +- drivers/media/dvb-core/dvbdev.c | 5 + drivers/media/dvb-frontends/stv0367.c | 34 +- drivers/media/i2c/imx290.c | 16 +- drivers/media/i2c/tc358743.c | 7 +- drivers/media/pci/intel/ivsc/mei_csi.c | 4 +- drivers/media/pci/ttpci/budget-av.c | 8 +- drivers/media/platform/cadence/cdns-csi2rx.c | 2 +- .../media/platform/mediatek/mdp/mtk_mdp_vpu.c | 2 +- .../vcodec/common/mtk_vcodec_fw_vpu.c | 10 +- drivers/media/platform/mediatek/vpu/mtk_vpu.c | 2 +- drivers/media/platform/mediatek/vpu/mtk_vpu.h | 2 +- .../media/platform/sunxi/sun8i-di/sun8i-di.c | 69 +- drivers/media/usb/em28xx/em28xx-cards.c | 4 + drivers/media/usb/go7007/go7007-driver.c | 8 +- drivers/media/usb/go7007/go7007-usb.c | 4 +- drivers/media/usb/pvrusb2/pvrusb2-context.c | 10 +- drivers/media/usb/pvrusb2/pvrusb2-dvb.c | 6 +- drivers/media/usb/pvrusb2/pvrusb2-v4l2.c | 11 +- drivers/media/usb/usbtv/usbtv-video.c | 7 - drivers/media/v4l2-core/v4l2-cci.c | 4 +- drivers/media/v4l2-core/v4l2-mem2mem.c | 10 +- drivers/memory/tegra/tegra234.c | 16 +- drivers/mfd/altera-sysmgr.c | 4 +- drivers/mfd/cs42l43.c | 72 +- drivers/mfd/syscon.c | 4 +- drivers/misc/mei/vsc-tp.c | 17 +- drivers/mmc/host/wmt-sdmmc.c | 4 - drivers/mtd/maps/physmap-core.c | 2 +- drivers/mtd/maps/sun_uflash.c | 2 +- drivers/mtd/nand/raw/brcmnand/brcmnand.c | 12 +- drivers/mtd/nand/raw/lpc32xx_mlc.c | 5 +- drivers/mtd/nand/spi/esmt.c | 9 +- drivers/net/can/m_can/m_can.c | 23 +- drivers/net/dsa/microchip/ksz_common.c | 10 +- drivers/net/dsa/mt7530.c | 60 +- drivers/net/dsa/mt7530.h | 22 +- drivers/net/ethernet/amazon/ena/ena_netdev.c | 17 - .../net/ethernet/broadcom/bnx2x/bnx2x_cmn.h | 6 +- .../net/ethernet/hisilicon/hns3/hns3_dcbnl.c | 2 +- .../hisilicon/hns3/hns3pf/hclge_main.c | 5 +- .../hisilicon/hns3/hns3pf/hclge_ptp.c | 2 +- drivers/net/ethernet/intel/ice/ice_main.c | 24 +- drivers/net/ethernet/intel/igb/igb_main.c | 23 +- drivers/net/ethernet/intel/igc/igc_main.c | 12 +- .../net/ethernet/marvell/octeontx2/af/cgx.c | 2 +- .../net/ethernet/marvell/octeontx2/af/mbox.c | 43 +- .../net/ethernet/marvell/octeontx2/af/mbox.h | 6 + .../marvell/octeontx2/af/mcs_rvu_if.c | 17 +- .../net/ethernet/marvell/octeontx2/af/rvu.c | 31 +- .../net/ethernet/marvell/octeontx2/af/rvu.h | 2 + .../ethernet/marvell/octeontx2/af/rvu_cgx.c | 20 +- .../marvell/octeontx2/af/rvu_devlink.c | 20 +- .../marvell/octeontx2/nic/otx2_common.c | 2 +- .../marvell/octeontx2/nic/otx2_common.h | 2 +- .../ethernet/marvell/octeontx2/nic/otx2_pf.c | 119 +- .../ethernet/marvell/octeontx2/nic/otx2_vf.c | 71 +- drivers/net/ethernet/mediatek/mtk_eth_soc.c | 7 +- drivers/net/ethernet/mediatek/mtk_ppe.c | 18 +- .../ethernet/netronome/nfp/flower/lag_conf.c | 5 + .../net/ethernet/wangxun/txgbe/txgbe_phy.c | 2 +- drivers/net/phy/dp83822.c | 37 +- drivers/net/phy/phy_device.c | 6 +- drivers/net/usb/r8152.c | 2 +- drivers/net/usb/sr9800.c | 4 +- drivers/net/veth.c | 18 - drivers/net/vmxnet3/vmxnet3_xdp.c | 6 +- drivers/net/wireguard/receive.c | 6 +- drivers/net/wireless/ath/ath10k/wmi-tlv.c | 4 + drivers/net/wireless/ath/ath11k/core.h | 1 + drivers/net/wireless/ath/ath11k/mac.c | 17 +- drivers/net/wireless/ath/ath11k/reg.c | 249 +++- drivers/net/wireless/ath/ath11k/reg.h | 11 +- drivers/net/wireless/ath/ath11k/wmi.c | 147 +- drivers/net/wireless/ath/ath11k/wmi.h | 1 + drivers/net/wireless/ath/ath12k/core.h | 2 +- drivers/net/wireless/ath/ath12k/hal.c | 6 +- drivers/net/wireless/ath/ath12k/mac.c | 4 +- drivers/net/wireless/ath/ath12k/reg.c | 4 +- drivers/net/wireless/ath/ath9k/htc.h | 2 +- drivers/net/wireless/ath/ath9k/htc_drv_init.c | 4 + drivers/net/wireless/ath/ath9k/htc_drv_txrx.c | 4 - drivers/net/wireless/ath/ath9k/wmi.c | 10 +- drivers/net/wireless/broadcom/b43/b43.h | 16 + drivers/net/wireless/broadcom/b43/dma.c | 4 +- drivers/net/wireless/broadcom/b43/main.c | 16 +- drivers/net/wireless/broadcom/b43/pio.c | 6 +- .../broadcom/brcm80211/brcmfmac/cfg80211.c | 3 + .../broadcom/brcm80211/brcmsmac/phy/phy_cmn.c | 3 +- .../broadcom/brcm80211/brcmsmac/phy_shim.c | 5 +- .../broadcom/brcm80211/brcmsmac/phy_shim.h | 2 +- drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 12 +- drivers/net/wireless/intel/iwlwifi/fw/acpi.h | 2 +- drivers/net/wireless/intel/iwlwifi/fw/pnvm.c | 30 +- .../net/wireless/intel/iwlwifi/fw/runtime.h | 2 +- .../net/wireless/intel/iwlwifi/iwl-dbg-tlv.c | 6 + .../wireless/intel/iwlwifi/iwl-nvm-parse.c | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 12 +- .../net/wireless/intel/iwlwifi/mvm/mac80211.c | 25 +- .../net/wireless/intel/iwlwifi/mvm/mld-key.c | 18 +- .../net/wireless/intel/iwlwifi/mvm/mld-mac.c | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/mvm.h | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 26 +- .../wireless/intel/iwlwifi/mvm/time-event.c | 11 +- drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 12 +- drivers/net/wireless/marvell/libertas/cmd.c | 13 +- .../net/wireless/marvell/mwifiex/debugfs.c | 3 - .../wireless/mediatek/mt76/mt76_connac_mcu.c | 4 +- .../wireless/mediatek/mt76/mt76_connac_mcu.h | 4 + .../net/wireless/mediatek/mt76/mt7921/mcu.c | 4 +- .../net/wireless/mediatek/mt76/mt7921/pci.c | 1 + .../net/wireless/mediatek/mt76/mt7925/main.c | 26 +- .../net/wireless/mediatek/mt76/mt7925/mcu.c | 176 ++- .../net/wireless/mediatek/mt76/mt7925/mcu.h | 92 +- .../net/wireless/mediatek/mt76/mt7925/pci.c | 3 + .../wireless/mediatek/mt76/mt792x_acpi_sar.c | 26 +- .../net/wireless/mediatek/mt76/mt792x_core.c | 1 + .../net/wireless/mediatek/mt76/mt792x_dma.c | 15 +- .../net/wireless/mediatek/mt76/mt792x_regs.h | 8 + .../net/wireless/mediatek/mt76/mt7996/dma.c | 3 +- .../net/wireless/mediatek/mt76/mt7996/init.c | 7 +- .../net/wireless/mediatek/mt76/mt7996/mac.c | 76 +- .../net/wireless/mediatek/mt76/mt7996/mcu.c | 18 +- .../wireless/mediatek/mt76/mt7996/mt7996.h | 3 +- .../wireless/microchip/wilc1000/cfg80211.c | 12 +- drivers/net/wireless/microchip/wilc1000/hif.c | 40 +- .../net/wireless/microchip/wilc1000/netdev.c | 38 +- drivers/net/wireless/microchip/wilc1000/spi.c | 6 +- .../wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 1 + drivers/net/wireless/realtek/rtw88/main.c | 2 - drivers/net/wireless/realtek/rtw88/phy.c | 3 + drivers/net/wireless/realtek/rtw88/rtw8821c.c | 2 +- drivers/net/wireless/realtek/rtw88/usb.c | 40 + drivers/net/wireless/silabs/wfx/sta.c | 15 +- drivers/ntb/core.c | 8 +- drivers/nvme/host/core.c | 6 +- drivers/nvme/host/fabrics.h | 7 - drivers/nvme/host/sysfs.c | 7 +- drivers/opp/debugfs.c | 6 +- drivers/pci/controller/pcie-brcmstb.c | 2 +- drivers/pci/endpoint/functions/pci-epf-vntb.c | 6 +- drivers/pci/p2pdma.c | 2 +- drivers/pci/pci.h | 5 - drivers/pci/pcie/dpc.c | 2 +- drivers/pci/quirks.c | 1 + drivers/pci/switch/switchtec.c | 4 +- drivers/phy/qualcomm/Makefile | 2 +- drivers/phy/qualcomm/phy-qcom-qmp-usb.c | 266 ---- drivers/phy/qualcomm/phy-qcom-qmp-usbc.c | 1195 +++++++++++++++++ drivers/pinctrl/mediatek/pinctrl-mt8186.c | 1 - drivers/pinctrl/mediatek/pinctrl-mt8192.c | 1 - drivers/pinctrl/nomadik/pinctrl-nomadik.c | 6 +- drivers/pinctrl/renesas/core.c | 4 +- drivers/pinctrl/renesas/pfc-r8a779g0.c | 14 + drivers/pinctrl/renesas/pinctrl-rzg2l.c | 20 +- drivers/platform/x86/amd/pmf/tee-if.c | 4 +- drivers/platform/x86/intel/pmc/arl.c | 2 + drivers/platform/x86/intel/pmc/lnl.c | 40 +- drivers/pmdomain/qcom/rpmhpd.c | 1 - drivers/power/supply/mm8013.c | 13 +- drivers/powercap/dtpm_cpu.c | 2 +- drivers/pwm/pwm-atmel-hlcdc.c | 2 +- drivers/pwm/pwm-dwc.c | 2 +- drivers/pwm/pwm-sti.c | 11 +- drivers/regulator/userspace-consumer.c | 1 + drivers/remoteproc/stm32_rproc.c | 6 +- drivers/rtc/Kconfig | 3 +- drivers/rtc/lib_test.c | 2 +- drivers/rtc/rtc-max31335.c | 2 +- drivers/s390/block/dasd.c | 55 +- drivers/scsi/bfa/bfa.h | 9 +- drivers/scsi/bfa/bfa_core.c | 4 +- drivers/scsi/bfa/bfa_ioc.h | 8 +- drivers/scsi/bfa/bfad_bsg.c | 11 +- drivers/scsi/csiostor/csio_defs.h | 18 +- drivers/scsi/csiostor/csio_lnode.c | 8 +- drivers/scsi/csiostor/csio_lnode.h | 13 - drivers/scsi/hisi_sas/hisi_sas_main.c | 12 +- drivers/soc/fsl/dpio/dpio-service.c | 2 +- drivers/soc/qcom/llcc-qcom.c | 2 + drivers/soc/qcom/socinfo.c | 2 +- drivers/spi/spi-fsl-lpspi.c | 8 +- drivers/spi/spi-imx.c | 4 +- drivers/spi/spi-mem.c | 49 +- drivers/spi/spi-mt65xx.c | 22 +- drivers/spi/spi.c | 94 +- drivers/staging/greybus/light.c | 8 +- .../staging/media/imx/imx-media-csc-scaler.c | 1 + .../media/starfive/camss/stf-capture.c | 8 +- .../staging/media/sunxi/cedrus/cedrus_h265.c | 10 +- drivers/thermal/mediatek/lvts_thermal.c | 4 +- drivers/thermal/qoriq_thermal.c | 12 +- drivers/tty/mips_ejtag_fdc.c | 2 +- drivers/tty/serial/8250/8250_exar.c | 5 +- drivers/tty/serial/max310x.c | 2 +- drivers/tty/serial/samsung_tty.c | 5 +- drivers/tty/vt/vt.c | 2 +- drivers/usb/gadget/udc/net2272.c | 2 +- drivers/usb/host/xhci-mem.c | 2 +- drivers/usb/host/xhci-ring.c | 90 +- drivers/usb/host/xhci.c | 3 + drivers/usb/host/xhci.h | 3 +- drivers/usb/phy/phy-generic.c | 7 + drivers/vdpa/mlx5/net/mlx5_vnet.c | 13 +- drivers/vdpa/vdpa_sim/vdpa_sim.c | 3 +- drivers/video/backlight/da9052_bl.c | 1 + drivers/video/backlight/hx8357.c | 10 +- drivers/video/backlight/ktz8866.c | 6 +- drivers/video/backlight/lm3630a_bl.c | 15 +- drivers/video/backlight/lm3639_bl.c | 1 + drivers/video/backlight/lp8788_bl.c | 1 + drivers/video/fbdev/simplefb.c | 2 +- drivers/virtio/virtio_ring.c | 6 +- drivers/watchdog/starfive-wdt.c | 9 +- drivers/watchdog/stm32_iwdg.c | 3 + drivers/xen/events/events_base.c | 22 +- drivers/xen/evtchn.c | 6 + fs/afs/dir.c | 10 - fs/afs/rotate.c | 21 +- fs/afs/validation.c | 16 +- fs/btrfs/extent_io.c | 221 ++- fs/ceph/file.c | 23 +- fs/erofs/fscache.c | 15 +- fs/erofs/internal.h | 1 - fs/erofs/super.c | 30 +- fs/ext2/ext2.h | 2 +- fs/ext2/super.c | 2 +- fs/ext4/ext4.h | 2 +- fs/ext4/super.c | 2 +- fs/f2fs/checkpoint.c | 5 +- fs/f2fs/compress.c | 41 +- fs/f2fs/data.c | 36 +- fs/f2fs/dir.c | 5 +- fs/f2fs/f2fs.h | 72 +- fs/f2fs/file.c | 76 +- fs/f2fs/namei.c | 25 +- fs/f2fs/node.c | 20 +- fs/f2fs/recovery.c | 33 +- fs/f2fs/segment.c | 11 +- fs/f2fs/segment.h | 17 +- fs/f2fs/super.c | 17 +- fs/fcntl.c | 12 +- fs/fhandle.c | 2 +- fs/hfsplus/wrapper.c | 2 +- fs/iomap/buffered-io.c | 18 +- fs/jfs/jfs_incore.h | 2 +- fs/jfs/super.c | 2 +- fs/nfs/flexfilelayout/flexfilelayout.c | 2 +- fs/nfs/fscache.c | 9 +- fs/nfs/nfs42.h | 7 +- fs/nfs/nfs4proc.c | 16 +- fs/nfs/nfsroot.c | 4 +- fs/nfs/pnfs_nfs.c | 44 +- fs/ocfs2/inode.h | 2 +- fs/ocfs2/super.c | 2 +- fs/overlayfs/copy_up.c | 6 +- fs/overlayfs/params.c | 14 +- fs/pstore/inode.c | 10 +- fs/quota/dquot.c | 159 ++- fs/reiserfs/reiserfs.h | 2 +- fs/reiserfs/super.c | 2 +- fs/select.c | 2 +- fs/smb/client/file.c | 283 ++-- include/drm/drm_fixed.h | 5 +- include/drm/drm_kunit_helpers.h | 2 + include/dt-bindings/clock/r8a779g0-cpg-mssr.h | 1 + include/linux/dm-io.h | 3 +- include/linux/f2fs_fs.h | 1 + include/linux/filter.h | 21 +- include/linux/fs.h | 11 +- include/linux/iommu.h | 1 + include/linux/moduleloader.h | 8 + include/linux/netdevice.h | 2 +- include/linux/pci.h | 5 + include/linux/poll.h | 4 - include/linux/rcupdate.h | 31 + include/linux/shmem_fs.h | 2 +- include/linux/workqueue.h | 35 +- include/media/videobuf2-core.h | 13 +- include/net/bluetooth/hci.h | 2 - include/net/bluetooth/hci_core.h | 1 + include/net/bluetooth/hci_sync.h | 2 +- include/net/bluetooth/l2cap.h | 42 - include/soc/qcom/qcom-spmi-pmic.h | 2 +- include/uapi/linux/virtio_pci.h | 10 +- init/main.c | 5 +- io_uring/io_uring.c | 116 +- io_uring/net.c | 260 ++-- io_uring/poll.c | 4 +- kernel/bpf/btf.c | 17 +- kernel/bpf/core.c | 7 +- kernel/bpf/cpumap.c | 3 + kernel/bpf/devmap.c | 11 +- kernel/bpf/hashtab.c | 14 +- kernel/bpf/helpers.c | 4 +- kernel/bpf/stackmap.c | 9 +- kernel/module/main.c | 9 +- kernel/printk/internal.h | 1 + kernel/printk/nbcon.c | 41 +- kernel/printk/printk.c | 74 +- kernel/printk/printk_ringbuffer.c | 313 ++++- kernel/printk/printk_ringbuffer.h | 38 +- kernel/rcu/tree.c | 3 + kernel/rcu/tree_exp.h | 25 +- kernel/sched/fair.c | 16 +- kernel/time/time_test.c | 2 +- kernel/time/timekeeping.c | 24 +- kernel/workqueue.c | 755 +++++++++-- lib/cmdline_kunit.c | 2 +- lib/kunit/device.c | 4 + lib/kunit/executor_test.c | 2 +- lib/memcpy_kunit.c | 4 +- lib/stackdepot.c | 16 +- lib/test_blackhole_dev.c | 3 +- mm/shmem.c | 2 +- net/bluetooth/Kconfig | 8 - net/bluetooth/Makefile | 1 - net/bluetooth/a2mp.c | 1054 --------------- net/bluetooth/a2mp.h | 154 --- net/bluetooth/af_bluetooth.c | 10 +- net/bluetooth/amp.c | 590 -------- net/bluetooth/amp.h | 60 - net/bluetooth/eir.c | 29 +- net/bluetooth/hci_conn.c | 6 +- net/bluetooth/hci_core.c | 126 +- net/bluetooth/hci_event.c | 43 +- net/bluetooth/hci_request.c | 2 +- net/bluetooth/hci_sync.c | 41 +- net/bluetooth/l2cap_core.c | 1069 +-------------- net/bluetooth/l2cap_sock.c | 18 +- net/bluetooth/mgmt.c | 97 +- net/bluetooth/msft.c | 3 + net/core/dev.c | 8 +- net/core/gso_test.c | 2 +- net/core/skbuff.c | 8 + net/core/sock_diag.c | 10 +- net/devlink/netlink.c | 13 +- net/devlink/netlink_gen.c | 2 +- net/devlink/port.c | 2 +- net/hsr/hsr_framereg.c | 4 + net/hsr/hsr_main.c | 15 +- net/ipv4/inet_diag.c | 6 +- net/ipv4/inet_hashtables.c | 2 +- net/ipv4/inet_timewait_sock.c | 41 +- net/ipv4/ip_tunnel.c | 15 +- net/ipv4/ipmr.c | 4 +- net/ipv4/raw.c | 1 + net/ipv4/tcp.c | 4 +- net/ipv4/tcp_minisocks.c | 4 - net/ipv4/udp.c | 4 +- net/ipv6/fib6_rules.c | 6 + net/ipv6/mcast.c | 1 - net/kcm/kcmsock.c | 3 +- net/l2tp/l2tp_ppp.c | 4 +- net/mac80211/mlme.c | 4 +- net/mctp/route.c | 3 + net/netfilter/nf_tables_api.c | 29 +- net/netfilter/nft_set_pipapo.c | 5 +- net/packet/af_packet.c | 4 +- net/rds/send.c | 5 +- net/sched/sch_taprio.c | 3 +- net/sunrpc/addr.c | 4 +- net/sunrpc/auth_gss/gss_krb5_mech.c | 11 +- net/sunrpc/auth_gss/gss_rpc_xdr.c | 27 +- net/unix/garbage.c | 2 +- net/wireless/scan.c | 161 ++- net/wireless/tests/scan.c | 36 +- net/x25/af_x25.c | 4 +- net/xfrm/xfrm_device.c | 3 +- scripts/coccinelle/api/device_attr_show.cocci | 2 +- scripts/kconfig/lexer.l | 7 +- sound/core/seq/seq_midi.c | 8 +- sound/core/seq/seq_virmidi.c | 9 +- sound/pci/hda/cs35l41_hda_property.c | 16 +- sound/pci/hda/patch_realtek.c | 63 + sound/pci/hda/tas2781_hda_i2c.c | 35 +- sound/soc/amd/acp/acp-sof-mach.c | 14 +- sound/soc/codecs/tlv320adc3xxx.c | 4 +- sound/soc/intel/boards/sof_ssp_common.h | 8 + sound/soc/meson/aiu.c | 19 +- sound/soc/meson/aiu.h | 1 - sound/soc/meson/axg-tdm-interface.c | 29 +- sound/soc/meson/t9015.c | 20 +- sound/soc/rockchip/rockchip_i2s_tdm.c | 352 +---- sound/soc/sh/rz-ssi.c | 2 +- sound/soc/sof/amd/acp-loader.c | 34 +- sound/soc/sof/amd/acp.c | 47 +- sound/soc/sof/amd/acp.h | 7 +- sound/soc/sof/amd/vangogh.c | 9 +- sound/soc/sof/fw-file-profile.c | 18 +- sound/soc/sof/ipc3-loader.c | 2 + sound/usb/mixer_scarlett2.c | 88 +- sound/usb/stream.c | 5 +- tools/bpf/bpftool/link.c | 2 +- tools/bpf/bpftool/prog.c | 2 +- tools/bpf/resolve_btfids/main.c | 70 +- tools/include/linux/btf_ids.h | 9 + tools/lib/bpf/bpf.c | 17 + tools/lib/bpf/bpf.h | 26 +- tools/lib/bpf/btf.c | 11 +- tools/lib/bpf/libbpf.c | 25 +- tools/lib/bpf/libbpf.map | 6 +- tools/lib/bpf/libbpf_internal.h | 14 + tools/lib/bpf/linker.c | 2 +- tools/lib/bpf/netlink.c | 4 +- tools/objtool/check.c | 12 + tools/perf/Makefile.perf | 2 +- tools/perf/builtin-record.c | 7 +- .../pmu-events/arch/x86/amdzen4/cache.json | 56 + tools/perf/pmu-events/jevents.py | 4 + tools/perf/util/data.c | 2 - tools/perf/util/evsel.c | 1 - tools/perf/util/expr.c | 20 +- tools/perf/util/pmu.c | 19 +- tools/perf/util/print-events.c | 27 +- tools/perf/util/srcline.c | 2 + tools/perf/util/stat-display.c | 2 +- tools/perf/util/stat-shadow.c | 7 +- tools/perf/util/thread_map.c | 2 +- .../selftests/bpf/bpf_testmod/bpf_testmod.c | 9 + .../selftests/bpf/prog_tests/lwt_redirect.c | 1 + .../selftests/bpf/prog_tests/tc_redirect.c | 90 +- .../bpf/progs/test_global_func_ctx_args.c | 19 + .../selftests/bpf/progs/test_map_in_map.c | 26 + tools/testing/selftests/bpf/test_maps.c | 6 +- tools/testing/selftests/bpf/trace_helpers.c | 2 +- tools/testing/selftests/net/forwarding/config | 35 + .../net/forwarding/vxlan_bridge_1d_ipv6.sh | 4 +- .../net/forwarding/vxlan_bridge_1q_ipv6.sh | 4 +- 731 files changed, 8821 insertions(+), 7631 deletions(-) rename arch/arm64/boot/dts/qcom/{pm2250.dtsi => pm4125.dtsi} (91%) delete mode 100644 arch/sparc/lib/cmpdi2.c delete mode 100644 arch/sparc/lib/ucmpdi2.c create mode 100644 drivers/phy/qualcomm/phy-qcom-qmp-usbc.c delete mode 100644 net/bluetooth/a2mp.c delete mode 100644 net/bluetooth/a2mp.h delete mode 100644 net/bluetooth/amp.c delete mode 100644 net/bluetooth/amp.h -- 2.43.0

1 year, 2 months

14
739
0 0

[PATCH v3] scsi: sg: Avoid race in error handling & drop bogus warn

by Alexander Wetzel

commit 27f58c04a8f4 ("scsi: sg: Avoid sg device teardown race") introduced an incorrect WARN_ON_ONCE() and missed a sequence where sg_device_destroy() was used after scsi_device_put(). sg_device_destroy() is accessing the parent scsi_device request_queue which will already be set to NULL when the preceding call to scsi_device_put() removed the last reference to the parent scsi_device. Drop the incorrect WARN_ON_ONCE() - allowing more than one concurrent access to the sg device - and make sure sg_device_destroy() is not used after scsi_device_put() in the error handling. Link: https://lore.kernel.org/all/5375B275-D137-4D5F-BE25-6AF8ACAE41EF@linux.ibm.… Fixes: 27f58c04a8f4 ("scsi: sg: Avoid sg device teardown race") Cc: stable(a)vger.kernel.org Signed-off-by: Alexander Wetzel <Alexander(a)wetzel-home.de> --- Changes compared to V1: fixed commit message Changes compared to V2: Fix use-after free --- drivers/scsi/sg.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c index 386981c6976a..baf870a03ecf 100644 --- a/drivers/scsi/sg.c +++ b/drivers/scsi/sg.c @@ -285,6 +285,7 @@ sg_open(struct inode *inode, struct file *filp) int dev = iminor(inode); int flags = filp->f_flags; struct request_queue *q; + struct scsi_device *device; Sg_device *sdp; Sg_fd *sfp; int retval; @@ -301,11 +302,12 @@ sg_open(struct inode *inode, struct file *filp) /* This driver's module count bumped by fops_get in <linux/fs.h> */ /* Prevent the device driver from vanishing while we sleep */ - retval = scsi_device_get(sdp->device); + device = sdp->device; + retval = scsi_device_get(device); if (retval) goto sg_put; - retval = scsi_autopm_get_device(sdp->device); + retval = scsi_autopm_get_device(device); if (retval) goto sdp_put; @@ -313,7 +315,7 @@ sg_open(struct inode *inode, struct file *filp) * check if O_NONBLOCK. Permits SCSI commands to be issued * during error recovery. Tread carefully. */ if (!((flags & O_NONBLOCK) || - scsi_block_when_processing_errors(sdp->device))) { + scsi_block_when_processing_errors(device))) { retval = -ENXIO; /* we are in error recovery for this device */ goto error_out; @@ -344,7 +346,7 @@ sg_open(struct inode *inode, struct file *filp) if (sdp->open_cnt < 1) { /* no existing opens */ sdp->sgdebug = 0; - q = sdp->device->request_queue; + q = device->request_queue; sdp->sg_tablesize = queue_max_segments(q); } sfp = sg_add_sfp(sdp); @@ -370,10 +372,11 @@ sg_open(struct inode *inode, struct file *filp) error_mutex_locked: mutex_unlock(&sdp->open_rel_lock); error_out: - scsi_autopm_put_device(sdp->device); + scsi_autopm_put_device(device); sdp_put: - scsi_device_put(sdp->device); - goto sg_put; + kref_put(&sdp->d_ref, sg_device_destroy); + scsi_device_put(device); + return retval; } /* Release resources associated with a successful sg_open() @@ -2233,7 +2236,6 @@ sg_remove_sfp_usercontext(struct work_struct *work) "sg_remove_sfp: sfp=0x%p\n", sfp)); kfree(sfp); - WARN_ON_ONCE(kref_read(&sdp->d_ref) != 1); kref_put(&sdp->d_ref, sg_device_destroy); scsi_device_put(device); module_put(THIS_MODULE); -- 2.44.0

1 year, 2 months

5
6
0 0

[PATCH 01/12] drm/client: Fully protect modes[] with dev->mode_config.mutex

by Ville Syrjala

From: Ville Syrjälä <ville.syrjala(a)linux.intel.com> The modes[] array contains pointers to modes on the connectors' mode lists, which are protected by dev->mode_config.mutex. Thus we need to extend modes[] the same protection or by the time we use it the elements may already be pointing to freed/reused memory. Cc: stable(a)vger.kernel.org Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/10583 Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> --- drivers/gpu/drm/drm_client_modeset.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/drm_client_modeset.c b/drivers/gpu/drm/drm_client_modeset.c index 871e4e2129d6..0683a129b362 100644 --- a/drivers/gpu/drm/drm_client_modeset.c +++ b/drivers/gpu/drm/drm_client_modeset.c @@ -777,6 +777,7 @@ int drm_client_modeset_probe(struct drm_client_dev *client, unsigned int width, unsigned int total_modes_count = 0; struct drm_client_offset *offsets; unsigned int connector_count = 0; + /* points to modes protected by mode_config.mutex */ struct drm_display_mode **modes; struct drm_crtc **crtcs; int i, ret = 0; @@ -845,7 +846,6 @@ int drm_client_modeset_probe(struct drm_client_dev *client, unsigned int width, drm_client_pick_crtcs(client, connectors, connector_count, crtcs, modes, 0, width, height); } - mutex_unlock(&dev->mode_config.mutex); drm_client_modeset_release(client); @@ -875,6 +875,7 @@ int drm_client_modeset_probe(struct drm_client_dev *client, unsigned int width, modeset->y = offset->y; } } + mutex_unlock(&dev->mode_config.mutex); mutex_unlock(&client->modeset_mutex); out: -- 2.43.2

1 year, 2 months

3
4
0 0

Re: [PATCH] ext4: fix i_data_sem unlock order in ext4_ind_migrate()

by Mikhail Ukhin

On 04.04.2024 19:02, Ritesh Harjani (IBM) wrote: > It will be good to know what was the test which identified this though? > > -ritesh Unfortunately syzkaller was not able to generate a reproducer for this issue. - Ukhin Mikhail.

1 year, 2 months

1
0
0 0

[PATCH] scsi: core: Fix handling of SCMD_FAIL_IF_RECOVERING

by Bart Van Assche

There is code in the SCSI core that sets the SCMD_FAIL_IF_RECOVERING flag but there is no code that clears this flag. Instead of only clearing SCMD_INITIALIZED in scsi_end_request(), clear all flags. It is never necessary to preserve any command flags inside scsi_end_request(). Cc: stable(a)vger.kernel.org Fixes: 310bcaef6d7e ("scsi: core: Support failing requests while recovering") Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> --- drivers/scsi/scsi_lib.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c index ca48ba9a229a..2fc2b97777ca 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c @@ -633,10 +633,9 @@ static bool scsi_end_request(struct request *req, blk_status_t error, if (blk_queue_add_random(q)) add_disk_randomness(req->q->disk); - if (!blk_rq_is_passthrough(req)) { - WARN_ON_ONCE(!(cmd->flags & SCMD_INITIALIZED)); - cmd->flags &= ~SCMD_INITIALIZED; - } + WARN_ON_ONCE(!blk_rq_is_passthrough(req) && + !(cmd->flags & SCMD_INITIALIZED)); + cmd->flags = 0; /* * Calling rcu_barrier() is not necessary here because the

1 year, 2 months

1
1
0 0

[PATCH] ext4: fix i_data_sem unlock order in ext4_ind_migrate()

by Mikhail Ukhin

Fuzzing reports a possible deadlock in jbd2_log_wait_commit. The problem occurs in ext4_ind_migrate due to an incorrect order of unlocking of the journal and write semaphores - the order of unlocking must be the reverse of the order of locking. Found by Linux Verification Center (linuxtesting.org) with syzkaller. Signed-off-by: Artem Sadovnikov <ancowi69(a)gmail.com> --- fs/ext4/migrate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/ext4/migrate.c b/fs/ext4/migrate.c index d98ac2af8199..a5e1492bbaaa 100644 --- a/fs/ext4/migrate.c +++ b/fs/ext4/migrate.c @@ -663,8 +663,8 @@ int ext4_ind_migrate(struct inode *inode) if (unlikely(ret2 && !ret)) ret = ret2; errout: - ext4_journal_stop(handle); up_write(&EXT4_I(inode)->i_data_sem); + ext4_journal_stop(handle); out_unlock: ext4_writepages_up_write(inode->i_sb, alloc_ctx); return ret; -- 2.25.1

1 year, 2 months

5
4
0 0

[merged mm-hotfixes-stable] x86-mm-pat-fix-vm_pat-handling-in-cow-mappings.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: x86/mm/pat: fix VM_PAT handling in COW mappings has been removed from the -mm tree. Its filename was x86-mm-pat-fix-vm_pat-handling-in-cow-mappings.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: David Hildenbrand <david(a)redhat.com> Subject: x86/mm/pat: fix VM_PAT handling in COW mappings Date: Wed, 3 Apr 2024 23:21:30 +0200 PAT handling won't do the right thing in COW mappings: the first PTE (or, in fact, all PTEs) can be replaced during write faults to point at anon folios. Reliably recovering the correct PFN and cachemode using follow_phys() from PTEs will not work in COW mappings. Using follow_phys(), we might just get the address+protection of the anon folio (which is very wrong), or fail on swap/nonswap entries, failing follow_phys() and triggering a WARN_ON_ONCE() in untrack_pfn() and track_pfn_copy(), not properly calling free_pfn_range(). In free_pfn_range(), we either wouldn't call memtype_free() or would call it with the wrong range, possibly leaking memory. To fix that, let's update follow_phys() to refuse returning anon folios, and fallback to using the stored PFN inside vma->vm_pgoff for COW mappings if we run into that. We will now properly handle untrack_pfn() with COW mappings, where we don't need the cachemode. We'll have to fail fork()->track_pfn_copy() if the first page was replaced by an anon folio, though: we'd have to store the cachemode in the VMA to make this work, likely growing the VMA size. For now, lets keep it simple and let track_pfn_copy() just fail in that case: it would have failed in the past with swap/nonswap entries already, and it would have done the wrong thing with anon folios. Simple reproducer to trigger the WARN_ON_ONCE() in untrack_pfn(): <--- C reproducer ---> #include <stdio.h> #include <sys/mman.h> #include <unistd.h> #include <liburing.h> int main(void) { struct io_uring_params p = {}; int ring_fd; size_t size; char *map; ring_fd = io_uring_setup(1, &p); if (ring_fd < 0) { perror("io_uring_setup"); return 1; } size = p.sq_off.array + p.sq_entries * sizeof(unsigned); /* Map the submission queue ring MAP_PRIVATE */ map = mmap(0, size, PROT_READ | PROT_WRITE, MAP_PRIVATE, ring_fd, IORING_OFF_SQ_RING); if (map == MAP_FAILED) { perror("mmap"); return 1; } /* We have at least one page. Let's COW it. */ *map = 0; pause(); return 0; } <--- C reproducer ---> On a system with 16 GiB RAM and swap configured: # ./iouring & # memhog 16G # killall iouring [ 301.552930] ------------[ cut here ]------------ [ 301.553285] WARNING: CPU: 7 PID: 1402 at arch/x86/mm/pat/memtype.c:1060 untrack_pfn+0xf4/0x100 [ 301.553989] Modules linked in: binfmt_misc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_g [ 301.558232] CPU: 7 PID: 1402 Comm: iouring Not tainted 6.7.5-100.fc38.x86_64 #1 [ 301.558772] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebu4 [ 301.559569] RIP: 0010:untrack_pfn+0xf4/0x100 [ 301.559893] Code: 75 c4 eb cf 48 8b 43 10 8b a8 e8 00 00 00 3b 6b 28 74 b8 48 8b 7b 30 e8 ea 1a f7 000 [ 301.561189] RSP: 0018:ffffba2c0377fab8 EFLAGS: 00010282 [ 301.561590] RAX: 00000000ffffffea RBX: ffff9208c8ce9cc0 RCX: 000000010455e047 [ 301.562105] RDX: 07fffffff0eb1e0a RSI: 0000000000000000 RDI: ffff9208c391d200 [ 301.562628] RBP: 0000000000000000 R08: ffffba2c0377fab8 R09: 0000000000000000 [ 301.563145] R10: ffff9208d2292d50 R11: 0000000000000002 R12: 00007fea890e0000 [ 301.563669] R13: 0000000000000000 R14: ffffba2c0377fc08 R15: 0000000000000000 [ 301.564186] FS: 0000000000000000(0000) GS:ffff920c2fbc0000(0000) knlGS:0000000000000000 [ 301.564773] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 301.565197] CR2: 00007fea88ee8a20 CR3: 00000001033a8000 CR4: 0000000000750ef0 [ 301.565725] PKRU: 55555554 [ 301.565944] Call Trace: [ 301.566148] <TASK> [ 301.566325] ? untrack_pfn+0xf4/0x100 [ 301.566618] ? __warn+0x81/0x130 [ 301.566876] ? untrack_pfn+0xf4/0x100 [ 301.567163] ? report_bug+0x171/0x1a0 [ 301.567466] ? handle_bug+0x3c/0x80 [ 301.567743] ? exc_invalid_op+0x17/0x70 [ 301.568038] ? asm_exc_invalid_op+0x1a/0x20 [ 301.568363] ? untrack_pfn+0xf4/0x100 [ 301.568660] ? untrack_pfn+0x65/0x100 [ 301.568947] unmap_single_vma+0xa6/0xe0 [ 301.569247] unmap_vmas+0xb5/0x190 [ 301.569532] exit_mmap+0xec/0x340 [ 301.569801] __mmput+0x3e/0x130 [ 301.570051] do_exit+0x305/0xaf0 ... Link: https://lkml.kernel.org/r/20240403212131.929421-3-david@redhat.com Signed-off-by: David Hildenbrand <david(a)redhat.com> Reported-by: Wupeng Ma <mawupeng1(a)huawei.com> Closes: https://lkml.kernel.org/r/20240227122814.3781907-1-mawupeng1@huawei.com Fixes: b1a86e15dc03 ("x86, pat: remove the dependency on 'vm_pgoff' in track/untrack pfn vma routines") Fixes: 5899329b1910 ("x86: PAT: implement track/untrack of pfnmap regions for x86 - v3") Acked-by: Ingo Molnar <mingo(a)kernel.org> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Borislav Petkov <bp(a)alien8.de> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/x86/mm/pat/memtype.c | 49 +++++++++++++++++++++++++----------- mm/memory.c | 4 ++ 2 files changed, 39 insertions(+), 14 deletions(-) --- a/arch/x86/mm/pat/memtype.c~x86-mm-pat-fix-vm_pat-handling-in-cow-mappings +++ a/arch/x86/mm/pat/memtype.c @@ -947,6 +947,38 @@ static void free_pfn_range(u64 paddr, un memtype_free(paddr, paddr + size); } +static int get_pat_info(struct vm_area_struct *vma, resource_size_t *paddr, + pgprot_t *pgprot) +{ + unsigned long prot; + + VM_WARN_ON_ONCE(!(vma->vm_flags & VM_PAT)); + + /* + * We need the starting PFN and cachemode used for track_pfn_remap() + * that covered the whole VMA. For most mappings, we can obtain that + * information from the page tables. For COW mappings, we might now + * suddenly have anon folios mapped and follow_phys() will fail. + * + * Fallback to using vma->vm_pgoff, see remap_pfn_range_notrack(), to + * detect the PFN. If we need the cachemode as well, we're out of luck + * for now and have to fail fork(). + */ + if (!follow_phys(vma, vma->vm_start, 0, &prot, paddr)) { + if (pgprot) + *pgprot = __pgprot(prot); + return 0; + } + if (is_cow_mapping(vma->vm_flags)) { + if (pgprot) + return -EINVAL; + *paddr = (resource_size_t)vma->vm_pgoff << PAGE_SHIFT; + return 0; + } + WARN_ON_ONCE(1); + return -EINVAL; +} + /* * track_pfn_copy is called when vma that is covering the pfnmap gets * copied through copy_page_range(). @@ -957,20 +989,13 @@ static void free_pfn_range(u64 paddr, un int track_pfn_copy(struct vm_area_struct *vma) { resource_size_t paddr; - unsigned long prot; unsigned long vma_size = vma->vm_end - vma->vm_start; pgprot_t pgprot; if (vma->vm_flags & VM_PAT) { - /* - * reserve the whole chunk covered by vma. We need the - * starting address and protection from pte. - */ - if (follow_phys(vma, vma->vm_start, 0, &prot, &paddr)) { - WARN_ON_ONCE(1); + if (get_pat_info(vma, &paddr, &pgprot)) return -EINVAL; - } - pgprot = __pgprot(prot); + /* reserve the whole chunk covered by vma. */ return reserve_pfn_range(paddr, vma_size, &pgprot, 1); } @@ -1045,7 +1070,6 @@ void untrack_pfn(struct vm_area_struct * unsigned long size, bool mm_wr_locked) { resource_size_t paddr; - unsigned long prot; if (vma && !(vma->vm_flags & VM_PAT)) return; @@ -1053,11 +1077,8 @@ void untrack_pfn(struct vm_area_struct * /* free the chunk starting from pfn or the whole chunk */ paddr = (resource_size_t)pfn << PAGE_SHIFT; if (!paddr && !size) { - if (follow_phys(vma, vma->vm_start, 0, &prot, &paddr)) { - WARN_ON_ONCE(1); + if (get_pat_info(vma, &paddr, NULL)) return; - } - size = vma->vm_end - vma->vm_start; } free_pfn_range(paddr, size); --- a/mm/memory.c~x86-mm-pat-fix-vm_pat-handling-in-cow-mappings +++ a/mm/memory.c @@ -5973,6 +5973,10 @@ int follow_phys(struct vm_area_struct *v goto out; pte = ptep_get(ptep); + /* Never return PFNs of anon folios in COW mappings. */ + if (vm_normal_folio(vma, address, pte)) + goto unlock; + if ((flags & FOLL_WRITE) && !pte_write(pte)) goto unlock; _ Patches currently in -mm which might be from david(a)redhat.com are mm-madvise-make-madv_populate_readwrite-handle-vm_fault_retry-properly.patch mm-madvise-dont-perform-madvise-vma-walk-for-madv_populate_readwrite.patch mm-userfaultfd-dont-place-zeropages-when-zeropages-are-disallowed.patch s390-mm-re-enable-the-shared-zeropage-for-pv-and-skeys-kvm-guests.patch mm-convert-folio_estimated_sharers-to-folio_likely_mapped_shared.patch mm-convert-folio_estimated_sharers-to-folio_likely_mapped_shared-fix.patch selftests-memfd_secret-add-vmsplice-test.patch mm-merge-folio_is_secretmem-and-folio_fast_pin_allowed-into-gup_fast_folio_allowed.patch mm-optimize-config_per_vma_lock-member-placement-in-vm_area_struct.patch mm-remove-prot-parameter-from-move_pte.patch mm-gup-consistently-name-gup-fast-functions.patch mm-treewide-rename-config_have_fast_gup-to-config_have_gup_fast.patch mm-use-gup-fast-instead-fast-gup-in-remaining-comments.patch

1 year, 2 months

1
0
0 0

[merged mm-hotfixes-stable] selftests-mm-include-stringsh-for-ffsl.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: selftests/mm: include strings.h for ffsl has been removed from the -mm tree. Its filename was selftests-mm-include-stringsh-for-ffsl.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Edward Liaw <edliaw(a)google.com> Subject: selftests/mm: include strings.h for ffsl Date: Fri, 29 Mar 2024 18:58:10 +0000 Got a compilation error on Android for ffsl after 91b80cc5b39f ("selftests: mm: fix map_hugetlb failure on 64K page size systems") included vm_util.h. Link: https://lkml.kernel.org/r/20240329185814.16304-1-edliaw@google.com Fixes: af605d26a8f2 ("selftests/mm: merge util.h into vm_util.h") Signed-off-by: Edward Liaw <edliaw(a)google.com> Reviewed-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Cc: Axel Rasmussen <axelrasmussen(a)google.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: "Mike Rapoport (IBM)" <rppt(a)kernel.org> Cc: Peter Xu <peterx(a)redhat.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/vm_util.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/tools/testing/selftests/mm/vm_util.h~selftests-mm-include-stringsh-for-ffsl +++ a/tools/testing/selftests/mm/vm_util.h @@ -3,7 +3,7 @@ #include <stdbool.h> #include <sys/mman.h> #include <err.h> -#include <string.h> /* ffsl() */ +#include <strings.h> /* ffsl() */ #include <unistd.h> /* _SC_PAGESIZE */ #define BIT_ULL(nr) (1ULL << (nr)) _ Patches currently in -mm which might be from edliaw(a)google.com are

1 year, 2 months

1
0
0 0

[merged mm-hotfixes-stable] mm-secretmem-fix-gup-fast-succeeding-on-secretmem-folios.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/secretmem: fix GUP-fast succeeding on secretmem folios has been removed from the -mm tree. Its filename was mm-secretmem-fix-gup-fast-succeeding-on-secretmem-folios.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: David Hildenbrand <david(a)redhat.com> Subject: mm/secretmem: fix GUP-fast succeeding on secretmem folios Date: Tue, 26 Mar 2024 15:32:08 +0100 folio_is_secretmem() currently relies on secretmem folios being LRU folios, to save some cycles. However, folios might reside in a folio batch without the LRU flag set, or temporarily have their LRU flag cleared. Consequently, the LRU flag is unreliable for this purpose. In particular, this is the case when secretmem_fault() allocates a fresh page and calls filemap_add_folio()->folio_add_lru(). The folio might be added to the per-cpu folio batch and won't get the LRU flag set until the batch was drained using e.g., lru_add_drain(). Consequently, folio_is_secretmem() might not detect secretmem folios and GUP-fast can succeed in grabbing a secretmem folio, crashing the kernel when we would later try reading/writing to the folio, because the folio has been unmapped from the directmap. Fix it by removing that unreliable check. Link: https://lkml.kernel.org/r/20240326143210.291116-2-david@redhat.com Fixes: 1507f51255c9 ("mm: introduce memfd_secret system call to create "secret" memory areas") Signed-off-by: David Hildenbrand <david(a)redhat.com> Reported-by: xingwei lee <xrivendell7(a)gmail.com> Reported-by: yue sun <samsun1006219(a)gmail.com> Closes: https://lore.kernel.org/lkml/CABOYnLyevJeravW=QrH0JUPYEcDN160aZFb7kwndm-J2r… Debugged-by: Miklos Szeredi <miklos(a)szeredi.hu> Tested-by: Miklos Szeredi <mszeredi(a)redhat.com> Reviewed-by: Mike Rapoport (IBM) <rppt(a)kernel.org> Cc: Lorenzo Stoakes <lstoakes(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/secretmem.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/include/linux/secretmem.h~mm-secretmem-fix-gup-fast-succeeding-on-secretmem-folios +++ a/include/linux/secretmem.h @@ -13,10 +13,10 @@ static inline bool folio_is_secretmem(st /* * Using folio_mapping() is quite slow because of the actual call * instruction. - * We know that secretmem pages are not compound and LRU so we can + * We know that secretmem pages are not compound, so we can * save a couple of cycles here. */ - if (folio_test_large(folio) || !folio_test_lru(folio)) + if (folio_test_large(folio)) return false; mapping = (struct address_space *) _ Patches currently in -mm which might be from david(a)redhat.com are mm-madvise-make-madv_populate_readwrite-handle-vm_fault_retry-properly.patch mm-madvise-dont-perform-madvise-vma-walk-for-madv_populate_readwrite.patch mm-userfaultfd-dont-place-zeropages-when-zeropages-are-disallowed.patch s390-mm-re-enable-the-shared-zeropage-for-pv-and-skeys-kvm-guests.patch mm-convert-folio_estimated_sharers-to-folio_likely_mapped_shared.patch mm-convert-folio_estimated_sharers-to-folio_likely_mapped_shared-fix.patch selftests-memfd_secret-add-vmsplice-test.patch mm-merge-folio_is_secretmem-and-folio_fast_pin_allowed-into-gup_fast_folio_allowed.patch mm-optimize-config_per_vma_lock-member-placement-in-vm_area_struct.patch mm-remove-prot-parameter-from-move_pte.patch mm-gup-consistently-name-gup-fast-functions.patch mm-treewide-rename-config_have_fast_gup-to-config_have_gup_fast.patch mm-use-gup-fast-instead-fast-gup-in-remaining-comments.patch

1 year, 2 months

1
0
0 0

FAILED: patch "[PATCH] mptcp: don't account accept() of non-MPC client as fallback" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 7a1b3490f47e88ec4cbde65f1a77a0f4bc972282 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040524-stitch-resolute-ead5@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7a1b3490f47e88ec4cbde65f1a77a0f4bc972282 Mon Sep 17 00:00:00 2001 From: Davide Caratti <dcaratti(a)redhat.com> Date: Fri, 29 Mar 2024 13:08:52 +0100 Subject: [PATCH] mptcp: don't account accept() of non-MPC client as fallback to TCP Current MPTCP servers increment MPTcpExtMPCapableFallbackACK when they accept non-MPC connections. As reported by Christoph, this is "surprising" because the counter might become greater than MPTcpExtMPCapableSYNRX. MPTcpExtMPCapableFallbackACK counter's name suggests it should only be incremented when a connection was seen using MPTCP options, then a fallback to TCP has been done. Let's do that by incrementing it when the subflow context of an inbound MPC connection attempt is dropped. Also, update mptcp_connect.sh kselftest, to ensure that the above MIB does not increment in case a pure TCP client connects to a MPTCP server. Fixes: fc518953bc9c ("mptcp: add and use MIB counter infrastructure") Cc: stable(a)vger.kernel.org Reported-by: Christoph Paasch <cpaasch(a)apple.com> Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/449 Signed-off-by: Davide Caratti <dcaratti(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Reviewed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://lore.kernel.org/r/20240329-upstream-net-20240329-fallback-mib-v1-1-… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 3a1967bc7bad..7e74b812e366 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -3937,8 +3937,6 @@ static int mptcp_stream_accept(struct socket *sock, struct socket *newsock, mptcp_set_state(newsk, TCP_CLOSE); } } else { - MPTCP_INC_STATS(sock_net(ssk), - MPTCP_MIB_MPCAPABLEPASSIVEFALLBACK); tcpfallback: newsk->sk_kern_sock = kern; lock_sock(newsk); diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 1626dd20c68f..6042a47da61b 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -905,6 +905,8 @@ static struct sock *subflow_syn_recv_sock(const struct sock *sk, return child; fallback: + if (fallback) + SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_MPCAPABLEPASSIVEFALLBACK); mptcp_subflow_drop_ctx(child); return child; } diff --git a/tools/testing/selftests/net/mptcp/mptcp_connect.sh b/tools/testing/selftests/net/mptcp/mptcp_connect.sh index 4c4248554826..4131f3263a48 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_connect.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_connect.sh @@ -383,12 +383,14 @@ do_transfer() local stat_cookierx_last local stat_csum_err_s local stat_csum_err_c + local stat_tcpfb_last_l stat_synrx_last_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableSYNRX") stat_ackrx_last_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableACKRX") stat_cookietx_last=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtSyncookiesSent") stat_cookierx_last=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtSyncookiesRecv") stat_csum_err_s=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtDataCsumErr") stat_csum_err_c=$(mptcp_lib_get_counter "${connector_ns}" "MPTcpExtDataCsumErr") + stat_tcpfb_last_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableFallbackACK") timeout ${timeout_test} \ ip netns exec ${listener_ns} \ @@ -457,11 +459,13 @@ do_transfer() local stat_cookietx_now local stat_cookierx_now local stat_ooo_now + local stat_tcpfb_now_l stat_synrx_now_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableSYNRX") stat_ackrx_now_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableACKRX") stat_cookietx_now=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtSyncookiesSent") stat_cookierx_now=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtSyncookiesRecv") stat_ooo_now=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtTCPOFOQueue") + stat_tcpfb_now_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableFallbackACK") expect_synrx=$((stat_synrx_last_l)) expect_ackrx=$((stat_ackrx_last_l)) @@ -508,6 +512,11 @@ do_transfer() fi fi + if [ ${stat_ooo_now} -eq 0 ] && [ ${stat_tcpfb_last_l} -ne ${stat_tcpfb_now_l} ]; then + mptcp_lib_pr_fail "unexpected fallback to TCP" + rets=1 + fi + if [ $cookies -eq 2 ];then if [ $stat_cookietx_last -ge $stat_cookietx_now ] ;then extra+=" WARN: CookieSent: did not advance"

1 year, 2 months

2
1
0 0

FAILED: patch "[PATCH] mptcp: don't account accept() of non-MPC client as fallback" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 7a1b3490f47e88ec4cbde65f1a77a0f4bc972282 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040523-handling-conceded-2895@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7a1b3490f47e88ec4cbde65f1a77a0f4bc972282 Mon Sep 17 00:00:00 2001 From: Davide Caratti <dcaratti(a)redhat.com> Date: Fri, 29 Mar 2024 13:08:52 +0100 Subject: [PATCH] mptcp: don't account accept() of non-MPC client as fallback to TCP Current MPTCP servers increment MPTcpExtMPCapableFallbackACK when they accept non-MPC connections. As reported by Christoph, this is "surprising" because the counter might become greater than MPTcpExtMPCapableSYNRX. MPTcpExtMPCapableFallbackACK counter's name suggests it should only be incremented when a connection was seen using MPTCP options, then a fallback to TCP has been done. Let's do that by incrementing it when the subflow context of an inbound MPC connection attempt is dropped. Also, update mptcp_connect.sh kselftest, to ensure that the above MIB does not increment in case a pure TCP client connects to a MPTCP server. Fixes: fc518953bc9c ("mptcp: add and use MIB counter infrastructure") Cc: stable(a)vger.kernel.org Reported-by: Christoph Paasch <cpaasch(a)apple.com> Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/449 Signed-off-by: Davide Caratti <dcaratti(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Reviewed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://lore.kernel.org/r/20240329-upstream-net-20240329-fallback-mib-v1-1-… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 3a1967bc7bad..7e74b812e366 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -3937,8 +3937,6 @@ static int mptcp_stream_accept(struct socket *sock, struct socket *newsock, mptcp_set_state(newsk, TCP_CLOSE); } } else { - MPTCP_INC_STATS(sock_net(ssk), - MPTCP_MIB_MPCAPABLEPASSIVEFALLBACK); tcpfallback: newsk->sk_kern_sock = kern; lock_sock(newsk); diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 1626dd20c68f..6042a47da61b 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -905,6 +905,8 @@ static struct sock *subflow_syn_recv_sock(const struct sock *sk, return child; fallback: + if (fallback) + SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_MPCAPABLEPASSIVEFALLBACK); mptcp_subflow_drop_ctx(child); return child; } diff --git a/tools/testing/selftests/net/mptcp/mptcp_connect.sh b/tools/testing/selftests/net/mptcp/mptcp_connect.sh index 4c4248554826..4131f3263a48 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_connect.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_connect.sh @@ -383,12 +383,14 @@ do_transfer() local stat_cookierx_last local stat_csum_err_s local stat_csum_err_c + local stat_tcpfb_last_l stat_synrx_last_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableSYNRX") stat_ackrx_last_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableACKRX") stat_cookietx_last=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtSyncookiesSent") stat_cookierx_last=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtSyncookiesRecv") stat_csum_err_s=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtDataCsumErr") stat_csum_err_c=$(mptcp_lib_get_counter "${connector_ns}" "MPTcpExtDataCsumErr") + stat_tcpfb_last_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableFallbackACK") timeout ${timeout_test} \ ip netns exec ${listener_ns} \ @@ -457,11 +459,13 @@ do_transfer() local stat_cookietx_now local stat_cookierx_now local stat_ooo_now + local stat_tcpfb_now_l stat_synrx_now_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableSYNRX") stat_ackrx_now_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableACKRX") stat_cookietx_now=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtSyncookiesSent") stat_cookierx_now=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtSyncookiesRecv") stat_ooo_now=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtTCPOFOQueue") + stat_tcpfb_now_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableFallbackACK") expect_synrx=$((stat_synrx_last_l)) expect_ackrx=$((stat_ackrx_last_l)) @@ -508,6 +512,11 @@ do_transfer() fi fi + if [ ${stat_ooo_now} -eq 0 ] && [ ${stat_tcpfb_last_l} -ne ${stat_tcpfb_now_l} ]; then + mptcp_lib_pr_fail "unexpected fallback to TCP" + rets=1 + fi + if [ $cookies -eq 2 ];then if [ $stat_cookietx_last -ge $stat_cookietx_now ] ;then extra+=" WARN: CookieSent: did not advance"

1 year, 2 months

2
1
0 0

[PATCH] ASoC: qcom: Fix out of bounds access

by Mikhail Kobuk

Case values introduced in commit 5f78e1fb7a3e ("ASoC: qcom: Add driver support for audioreach solution") cause out of bounds access in arrays of sc7280 driver data (e.g. in case of RX_CODEC_DMA_RX_0 in sc7280_snd_hw_params()). Redefine LPASS_MAX_PORTS to consider the maximum possible port id for q6dsp as sc7280 driver utilizes some of those values. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 77d0ffef793d ("ASoC: qcom: Add macro for lpass DAI id's max limit") Cc: <stable(a)vger.kernel.org> Signed-off-by: Mikhail Kobuk <m.kobuk(a)ispras.ru> --- sound/soc/qcom/lpass.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sound/soc/qcom/lpass.h b/sound/soc/qcom/lpass.h index 27a2bf9a6613..10a507c95312 100644 --- a/sound/soc/qcom/lpass.h +++ b/sound/soc/qcom/lpass.h @@ -13,10 +13,11 @@ #include <linux/platform_device.h> #include <linux/regmap.h> #include <dt-bindings/sound/qcom,lpass.h> +#include <dt-bindings/sound/qcom,q6dsp-lpass-ports.h> #include "lpass-hdmi.h" #define LPASS_AHBIX_CLOCK_FREQUENCY 131072000 -#define LPASS_MAX_PORTS (LPASS_CDC_DMA_VA_TX8 + 1) +#define LPASS_MAX_PORTS (QUINARY_MI2S_TX + 1) #define LPASS_MAX_MI2S_PORTS (8) #define LPASS_MAX_DMA_CHANNELS (8) #define LPASS_MAX_HDMI_DMA_CHANNELS (4) -- 2.44.0

1 year, 2 months

1
0
0 0

[PATCH v2 1/2] phy: tegra: xusb: Add API to retrieve the port number of phy

by Wayne Chang

This patch introduces a new API, tegra_xusb_padctl_get_port_number, to the Tegra XUSB Pad Controller driver. This API is used to identify the USB port that is associated with a given PHY. The function takes a PHY pointer for either a USB2 PHY or USB3 PHY as input and returns the corresponding port number. If the PHY pointer is invalid, it returns -ENODEV. Cc: stable(a)vger.kernel.org Signed-off-by: Wayne Chang <waynec(a)nvidia.com> --- V1 -> V2:cc stable drivers/phy/tegra/xusb.c | 13 +++++++++++++ include/linux/phy/tegra/xusb.h | 1 + 2 files changed, 14 insertions(+) diff --git a/drivers/phy/tegra/xusb.c b/drivers/phy/tegra/xusb.c index 142ebe0247cc..983a6e6173bd 100644 --- a/drivers/phy/tegra/xusb.c +++ b/drivers/phy/tegra/xusb.c @@ -1531,6 +1531,19 @@ int tegra_xusb_padctl_get_usb3_companion(struct tegra_xusb_padctl *padctl, } EXPORT_SYMBOL_GPL(tegra_xusb_padctl_get_usb3_companion); +int tegra_xusb_padctl_get_port_number(struct phy *phy) +{ + struct tegra_xusb_lane *lane; + + if (!phy) + return -ENODEV; + + lane = phy_get_drvdata(phy); + + return lane->index; +} +EXPORT_SYMBOL_GPL(tegra_xusb_padctl_get_port_number); + MODULE_AUTHOR("Thierry Reding <treding(a)nvidia.com>"); MODULE_DESCRIPTION("Tegra XUSB Pad Controller driver"); MODULE_LICENSE("GPL v2"); diff --git a/include/linux/phy/tegra/xusb.h b/include/linux/phy/tegra/xusb.h index 70998e6dd6fd..6ca51e0080ec 100644 --- a/include/linux/phy/tegra/xusb.h +++ b/include/linux/phy/tegra/xusb.h @@ -26,6 +26,7 @@ void tegra_phy_xusb_utmi_pad_power_down(struct phy *phy); int tegra_phy_xusb_utmi_port_reset(struct phy *phy); int tegra_xusb_padctl_get_usb3_companion(struct tegra_xusb_padctl *padctl, unsigned int port); +int tegra_xusb_padctl_get_port_number(struct phy *phy); int tegra_xusb_padctl_enable_phy_sleepwalk(struct tegra_xusb_padctl *padctl, struct phy *phy, enum usb_device_speed speed); int tegra_xusb_padctl_disable_phy_sleepwalk(struct tegra_xusb_padctl *padctl, struct phy *phy); -- 2.25.1

1 year, 2 months

3
2
0 0

FAILED: patch "[PATCH] mptcp: don't account accept() of non-MPC client as fallback" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 7a1b3490f47e88ec4cbde65f1a77a0f4bc972282 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040522-tremor-freehand-618e@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7a1b3490f47e88ec4cbde65f1a77a0f4bc972282 Mon Sep 17 00:00:00 2001 From: Davide Caratti <dcaratti(a)redhat.com> Date: Fri, 29 Mar 2024 13:08:52 +0100 Subject: [PATCH] mptcp: don't account accept() of non-MPC client as fallback to TCP Current MPTCP servers increment MPTcpExtMPCapableFallbackACK when they accept non-MPC connections. As reported by Christoph, this is "surprising" because the counter might become greater than MPTcpExtMPCapableSYNRX. MPTcpExtMPCapableFallbackACK counter's name suggests it should only be incremented when a connection was seen using MPTCP options, then a fallback to TCP has been done. Let's do that by incrementing it when the subflow context of an inbound MPC connection attempt is dropped. Also, update mptcp_connect.sh kselftest, to ensure that the above MIB does not increment in case a pure TCP client connects to a MPTCP server. Fixes: fc518953bc9c ("mptcp: add and use MIB counter infrastructure") Cc: stable(a)vger.kernel.org Reported-by: Christoph Paasch <cpaasch(a)apple.com> Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/449 Signed-off-by: Davide Caratti <dcaratti(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Reviewed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://lore.kernel.org/r/20240329-upstream-net-20240329-fallback-mib-v1-1-… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 3a1967bc7bad..7e74b812e366 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -3937,8 +3937,6 @@ static int mptcp_stream_accept(struct socket *sock, struct socket *newsock, mptcp_set_state(newsk, TCP_CLOSE); } } else { - MPTCP_INC_STATS(sock_net(ssk), - MPTCP_MIB_MPCAPABLEPASSIVEFALLBACK); tcpfallback: newsk->sk_kern_sock = kern; lock_sock(newsk); diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 1626dd20c68f..6042a47da61b 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -905,6 +905,8 @@ static struct sock *subflow_syn_recv_sock(const struct sock *sk, return child; fallback: + if (fallback) + SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_MPCAPABLEPASSIVEFALLBACK); mptcp_subflow_drop_ctx(child); return child; } diff --git a/tools/testing/selftests/net/mptcp/mptcp_connect.sh b/tools/testing/selftests/net/mptcp/mptcp_connect.sh index 4c4248554826..4131f3263a48 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_connect.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_connect.sh @@ -383,12 +383,14 @@ do_transfer() local stat_cookierx_last local stat_csum_err_s local stat_csum_err_c + local stat_tcpfb_last_l stat_synrx_last_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableSYNRX") stat_ackrx_last_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableACKRX") stat_cookietx_last=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtSyncookiesSent") stat_cookierx_last=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtSyncookiesRecv") stat_csum_err_s=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtDataCsumErr") stat_csum_err_c=$(mptcp_lib_get_counter "${connector_ns}" "MPTcpExtDataCsumErr") + stat_tcpfb_last_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableFallbackACK") timeout ${timeout_test} \ ip netns exec ${listener_ns} \ @@ -457,11 +459,13 @@ do_transfer() local stat_cookietx_now local stat_cookierx_now local stat_ooo_now + local stat_tcpfb_now_l stat_synrx_now_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableSYNRX") stat_ackrx_now_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableACKRX") stat_cookietx_now=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtSyncookiesSent") stat_cookierx_now=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtSyncookiesRecv") stat_ooo_now=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtTCPOFOQueue") + stat_tcpfb_now_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableFallbackACK") expect_synrx=$((stat_synrx_last_l)) expect_ackrx=$((stat_ackrx_last_l)) @@ -508,6 +512,11 @@ do_transfer() fi fi + if [ ${stat_ooo_now} -eq 0 ] && [ ${stat_tcpfb_last_l} -ne ${stat_tcpfb_now_l} ]; then + mptcp_lib_pr_fail "unexpected fallback to TCP" + rets=1 + fi + if [ $cookies -eq 2 ];then if [ $stat_cookietx_last -ge $stat_cookietx_now ] ;then extra+=" WARN: CookieSent: did not advance"

1 year, 2 months

2
1
0 0

FAILED: patch "[PATCH] bpf: support deferring bpf_link dealloc to after RCU grace" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x 1a80dbcb2dbaf6e4c216e62e30fa7d3daa8001ce # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040527-propeller-immovably-a6d8@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1a80dbcb2dbaf6e4c216e62e30fa7d3daa8001ce Mon Sep 17 00:00:00 2001 From: Andrii Nakryiko <andrii(a)kernel.org> Date: Wed, 27 Mar 2024 22:24:26 -0700 Subject: [PATCH] bpf: support deferring bpf_link dealloc to after RCU grace period BPF link for some program types is passed as a "context" which can be used by those BPF programs to look up additional information. E.g., for multi-kprobes and multi-uprobes, link is used to fetch BPF cookie values. Because of this runtime dependency, when bpf_link refcnt drops to zero there could still be active BPF programs running accessing link data. This patch adds generic support to defer bpf_link dealloc callback to after RCU GP, if requested. This is done by exposing two different deallocation callbacks, one synchronous and one deferred. If deferred one is provided, bpf_link_free() will schedule dealloc_deferred() callback to happen after RCU GP. BPF is using two flavors of RCU: "classic" non-sleepable one and RCU tasks trace one. The latter is used when sleepable BPF programs are used. bpf_link_free() accommodates that by checking underlying BPF program's sleepable flag, and goes either through normal RCU GP only for non-sleepable, or through RCU tasks trace GP *and* then normal RCU GP (taking into account rcu_trace_implies_rcu_gp() optimization), if BPF program is sleepable. We use this for multi-kprobe and multi-uprobe links, which dereference link during program run. We also preventively switch raw_tp link to use deferred dealloc callback, as upcoming changes in bpf-next tree expose raw_tp link data (specifically, cookie value) to BPF program at runtime as well. Fixes: 0dcac2725406 ("bpf: Add multi kprobe link") Fixes: 89ae89f53d20 ("bpf: Add multi uprobe link") Reported-by: syzbot+981935d9485a560bfbcb(a)syzkaller.appspotmail.com Reported-by: syzbot+2cb5a6c573e98db598cc(a)syzkaller.appspotmail.com Reported-by: syzbot+62d8b26793e8a2bd0516(a)syzkaller.appspotmail.com Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Acked-by: Jiri Olsa <jolsa(a)kernel.org> Link: https://lore.kernel.org/r/20240328052426.3042617-2-andrii@kernel.org Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> diff --git a/include/linux/bpf.h b/include/linux/bpf.h index 4f20f62f9d63..890e152d553e 100644 --- a/include/linux/bpf.h +++ b/include/linux/bpf.h @@ -1574,12 +1574,26 @@ struct bpf_link { enum bpf_link_type type; const struct bpf_link_ops *ops; struct bpf_prog *prog; - struct work_struct work; + /* rcu is used before freeing, work can be used to schedule that + * RCU-based freeing before that, so they never overlap + */ + union { + struct rcu_head rcu; + struct work_struct work; + }; }; struct bpf_link_ops { void (*release)(struct bpf_link *link); + /* deallocate link resources callback, called without RCU grace period + * waiting + */ void (*dealloc)(struct bpf_link *link); + /* deallocate link resources callback, called after RCU grace period; + * if underlying BPF program is sleepable we go through tasks trace + * RCU GP and then "classic" RCU GP + */ + void (*dealloc_deferred)(struct bpf_link *link); int (*detach)(struct bpf_link *link); int (*update_prog)(struct bpf_link *link, struct bpf_prog *new_prog, struct bpf_prog *old_prog); diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c index ae2ff73bde7e..c287925471f6 100644 --- a/kernel/bpf/syscall.c +++ b/kernel/bpf/syscall.c @@ -3024,17 +3024,46 @@ void bpf_link_inc(struct bpf_link *link) atomic64_inc(&link->refcnt); } +static void bpf_link_defer_dealloc_rcu_gp(struct rcu_head *rcu) +{ + struct bpf_link *link = container_of(rcu, struct bpf_link, rcu); + + /* free bpf_link and its containing memory */ + link->ops->dealloc_deferred(link); +} + +static void bpf_link_defer_dealloc_mult_rcu_gp(struct rcu_head *rcu) +{ + if (rcu_trace_implies_rcu_gp()) + bpf_link_defer_dealloc_rcu_gp(rcu); + else + call_rcu(rcu, bpf_link_defer_dealloc_rcu_gp); +} + /* bpf_link_free is guaranteed to be called from process context */ static void bpf_link_free(struct bpf_link *link) { + bool sleepable = false; + bpf_link_free_id(link->id); if (link->prog) { + sleepable = link->prog->sleepable; /* detach BPF program, clean up used resources */ link->ops->release(link); bpf_prog_put(link->prog); } - /* free bpf_link and its containing memory */ - link->ops->dealloc(link); + if (link->ops->dealloc_deferred) { + /* schedule BPF link deallocation; if underlying BPF program + * is sleepable, we need to first wait for RCU tasks trace + * sync, then go through "classic" RCU grace period + */ + if (sleepable) + call_rcu_tasks_trace(&link->rcu, bpf_link_defer_dealloc_mult_rcu_gp); + else + call_rcu(&link->rcu, bpf_link_defer_dealloc_rcu_gp); + } + if (link->ops->dealloc) + link->ops->dealloc(link); } static void bpf_link_put_deferred(struct work_struct *work) @@ -3544,7 +3573,7 @@ static int bpf_raw_tp_link_fill_link_info(const struct bpf_link *link, static const struct bpf_link_ops bpf_raw_tp_link_lops = { .release = bpf_raw_tp_link_release, - .dealloc = bpf_raw_tp_link_dealloc, + .dealloc_deferred = bpf_raw_tp_link_dealloc, .show_fdinfo = bpf_raw_tp_link_show_fdinfo, .fill_link_info = bpf_raw_tp_link_fill_link_info, }; diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index 0b73fe5f7206..9dc605f08a23 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -2728,7 +2728,7 @@ static int bpf_kprobe_multi_link_fill_link_info(const struct bpf_link *link, static const struct bpf_link_ops bpf_kprobe_multi_link_lops = { .release = bpf_kprobe_multi_link_release, - .dealloc = bpf_kprobe_multi_link_dealloc, + .dealloc_deferred = bpf_kprobe_multi_link_dealloc, .fill_link_info = bpf_kprobe_multi_link_fill_link_info, }; @@ -3242,7 +3242,7 @@ static int bpf_uprobe_multi_link_fill_link_info(const struct bpf_link *link, static const struct bpf_link_ops bpf_uprobe_multi_link_lops = { .release = bpf_uprobe_multi_link_release, - .dealloc = bpf_uprobe_multi_link_dealloc, + .dealloc_deferred = bpf_uprobe_multi_link_dealloc, .fill_link_info = bpf_uprobe_multi_link_fill_link_info, };

1 year, 2 months

4
5
0 0

FAILED: patch "[PATCH] selftests: mptcp: join: fix dev in check_endpoint" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 40061817d95bce6dd5634a61a65cd5922e6ccc92 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040506-skinny-unsuited-f487@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 40061817d95bce6dd5634a61a65cd5922e6ccc92 Mon Sep 17 00:00:00 2001 From: Geliang Tang <tanggeliang(a)kylinos.cn> Date: Fri, 29 Mar 2024 13:08:53 +0100 Subject: [PATCH] selftests: mptcp: join: fix dev in check_endpoint There's a bug in pm_nl_check_endpoint(), 'dev' didn't be parsed correctly. If calling it in the 2nd test of endpoint_tests() too, it fails with an error like this: creation [FAIL] expected '10.0.2.2 id 2 subflow dev dev' \ found '10.0.2.2 id 2 subflow dev ns2eth2' The reason is '$2' should be set to 'dev', not '$1'. This patch fixes it. Fixes: 69c6ce7b6eca ("selftests: mptcp: add implicit endpoint test case") Cc: stable(a)vger.kernel.org Signed-off-by: Geliang Tang <tanggeliang(a)kylinos.cn> Reviewed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://lore.kernel.org/r/20240329-upstream-net-20240329-fallback-mib-v1-2-… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index 5e9211e89825..e4403236f655 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -729,7 +729,7 @@ pm_nl_check_endpoint() [ -n "$_flags" ]; flags="flags $_flags" shift elif [ $1 = "dev" ]; then - [ -n "$2" ]; dev="dev $1" + [ -n "$2" ]; dev="dev $2" shift elif [ $1 = "id" ]; then _id=$2 @@ -3610,6 +3610,8 @@ endpoint_tests() local tests_pid=$! wait_mpj $ns2 + pm_nl_check_endpoint "creation" \ + $ns2 10.0.2.2 id 2 flags subflow dev ns2eth2 chk_subflow_nr "before delete" 2 chk_mptcp_info subflows 1 subflows 1

1 year, 2 months

2
1
0 0

[PATCH 8/8] accel/ivpu: Fix deadlock in context_xa

by Jacek Lawrynowicz

ivpu_device->context_xa is locked both in kernel thread and IRQ context. It requires XA_FLAGS_LOCK_IRQ flag to be passed during initialization otherwise the lock could be acquired from a thread and interrupted by an IRQ that locks it for the second time causing the deadlock. This deadlock was reported by lockdep and observed in internal tests. Fixes: 35b137630f08 ("accel/ivpu: Introduce a new DRM driver for Intel VPU") Cc: <stable(a)vger.kernel.org> # v6.3+ Signed-off-by: Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> --- drivers/accel/ivpu/ivpu_drv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/accel/ivpu/ivpu_drv.c b/drivers/accel/ivpu/ivpu_drv.c index 77283daaedd1..51d3f1a55d02 100644 --- a/drivers/accel/ivpu/ivpu_drv.c +++ b/drivers/accel/ivpu/ivpu_drv.c @@ -517,7 +517,7 @@ static int ivpu_dev_init(struct ivpu_device *vdev) vdev->context_xa_limit.min = IVPU_USER_CONTEXT_MIN_SSID; vdev->context_xa_limit.max = IVPU_USER_CONTEXT_MAX_SSID; atomic64_set(&vdev->unique_id_counter, 0); - xa_init_flags(&vdev->context_xa, XA_FLAGS_ALLOC); + xa_init_flags(&vdev->context_xa, XA_FLAGS_ALLOC | XA_FLAGS_LOCK_IRQ); xa_init_flags(&vdev->submitted_jobs_xa, XA_FLAGS_ALLOC1); xa_init_flags(&vdev->db_xa, XA_FLAGS_ALLOC1); lockdep_set_class(&vdev->submitted_jobs_xa.xa_lock, &submitted_jobs_xa_lock_class_key); -- 2.43.2

1 year, 2 months

2
1
0 0

[PATCH 4/8] accel/ivpu: Put NPU back to D3hot after failed resume

by Jacek Lawrynowicz

Put NPU in D3hot after ivpu_resume() fails to power up the device. This will assure that D3->D0 power cycle will be performed before the next resume and also will minimize power usage in this corner case. Fixes: 28083ff18d3f ("accel/ivpu: Fix DevTLB errors on suspend/resume and recovery") Cc: <stable(a)vger.kernel.org> # v6.8+ Signed-off-by: Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> --- drivers/accel/ivpu/ivpu_pm.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/accel/ivpu/ivpu_pm.c b/drivers/accel/ivpu/ivpu_pm.c index 325b82f8d971..ba51781b5896 100644 --- a/drivers/accel/ivpu/ivpu_pm.c +++ b/drivers/accel/ivpu/ivpu_pm.c @@ -97,6 +97,7 @@ static int ivpu_resume(struct ivpu_device *vdev) ivpu_mmu_disable(vdev); err_power_down: ivpu_hw_power_down(vdev); + pci_set_power_state(to_pci_dev(vdev->drm.dev), PCI_D3hot); if (!ivpu_fw_is_cold_boot(vdev)) { ivpu_pm_prepare_cold_boot(vdev); -- 2.43.2

1 year, 2 months

2
1
0 0

[PATCH 3/8] accel/ivpu: Fix PCI D0 state entry in resume

by Jacek Lawrynowicz

From: "Wachowski, Karol" <karol.wachowski(a)intel.com> In case of failed power up we end up left in PCI D3hot state making it impossible to access NPU registers on retry. Enter D0 state on retry before proceeding with power up sequence. Fixes: 28083ff18d3f ("accel/ivpu: Fix DevTLB errors on suspend/resume and recovery") Cc: <stable(a)vger.kernel.org> # v6.8+ Signed-off-by: Wachowski, Karol <karol.wachowski(a)intel.com> Signed-off-by: Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> --- drivers/accel/ivpu/ivpu_pm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/accel/ivpu/ivpu_pm.c b/drivers/accel/ivpu/ivpu_pm.c index 9cbd7af6576b..325b82f8d971 100644 --- a/drivers/accel/ivpu/ivpu_pm.c +++ b/drivers/accel/ivpu/ivpu_pm.c @@ -71,10 +71,10 @@ static int ivpu_resume(struct ivpu_device *vdev) { int ret; - pci_set_power_state(to_pci_dev(vdev->drm.dev), PCI_D0); +retry: pci_restore_state(to_pci_dev(vdev->drm.dev)); + pci_set_power_state(to_pci_dev(vdev->drm.dev), PCI_D0); -retry: ret = ivpu_hw_power_up(vdev); if (ret) { ivpu_err(vdev, "Failed to power up HW: %d\n", ret); -- 2.43.2

1 year, 2 months

2
1
0 0

[PATCH 1/8] accel/ivpu: Check return code of ipc->lock init

by Jacek Lawrynowicz

From: "Wachowski, Karol" <karol.wachowski(a)intel.com> Return value of drmm_mutex_init(ipc->lock) was unchecked. Fixes: 5d7422cfb498 ("accel/ivpu: Add IPC driver and JSM messages") Cc: <stable(a)vger.kernel.org> # v6.3+ Signed-off-by: Wachowski, Karol <karol.wachowski(a)intel.com> Signed-off-by: Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> --- drivers/accel/ivpu/ivpu_ipc.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/accel/ivpu/ivpu_ipc.c b/drivers/accel/ivpu/ivpu_ipc.c index 04ac4b9840fb..56ff067f63e2 100644 --- a/drivers/accel/ivpu/ivpu_ipc.c +++ b/drivers/accel/ivpu/ivpu_ipc.c @@ -1,6 +1,6 @@ // SPDX-License-Identifier: GPL-2.0-only /* - * Copyright (C) 2020-2023 Intel Corporation + * Copyright (C) 2020-2024 Intel Corporation */ #include <linux/genalloc.h> @@ -501,7 +501,11 @@ int ivpu_ipc_init(struct ivpu_device *vdev) spin_lock_init(&ipc->cons_lock); INIT_LIST_HEAD(&ipc->cons_list); INIT_LIST_HEAD(&ipc->cb_msg_list); - drmm_mutex_init(&vdev->drm, &ipc->lock); + ret = drmm_mutex_init(&vdev->drm, &ipc->lock); + if (ret) { + ivpu_err(vdev, "Failed to initialize ipc->lock, ret %d\n", ret); + goto err_free_rx; + } ivpu_ipc_reset(vdev); return 0; -- 2.43.2

1 year, 2 months

2
1
0 0

[PATCH v2] drm/vmwgfx: Don't memcmp equivalent pointers

by Ian Forbes

These pointers are frequently the same and memcmp does not compare the pointers before comparing their contents so this was wasting cycles comparing 16 KiB of memory which will always be equal. Fixes: bb6780aa5a1d ("drm/vmwgfx: Diff cursors when using cmds") Signed-off-by: Ian Forbes <ian.forbes(a)broadcom.com> Cc: <stable(a)vger.kernel.org> # v6.2+ --- v2: Fix code and commit message formatting. -- drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c index cd4925346ed4..ef0af10c4968 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c @@ -216,7 +216,7 @@ static bool vmw_du_cursor_plane_has_changed(struct vmw_plane_state *old_vps, new_image = vmw_du_cursor_plane_acquire_image(new_vps); changed = false; - if (old_image && new_image) + if (old_image && new_image && old_image != new_image) changed = memcmp(old_image, new_image, size) != 0; return changed; -- 2.34.1

1 year, 2 months

1
0
0 0

FAILED: patch "[PATCH] mptcp: don't account accept() of non-MPC client as fallback" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x 7a1b3490f47e88ec4cbde65f1a77a0f4bc972282 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024040519-palpable-barrel-9103@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7a1b3490f47e88ec4cbde65f1a77a0f4bc972282 Mon Sep 17 00:00:00 2001 From: Davide Caratti <dcaratti(a)redhat.com> Date: Fri, 29 Mar 2024 13:08:52 +0100 Subject: [PATCH] mptcp: don't account accept() of non-MPC client as fallback to TCP Current MPTCP servers increment MPTcpExtMPCapableFallbackACK when they accept non-MPC connections. As reported by Christoph, this is "surprising" because the counter might become greater than MPTcpExtMPCapableSYNRX. MPTcpExtMPCapableFallbackACK counter's name suggests it should only be incremented when a connection was seen using MPTCP options, then a fallback to TCP has been done. Let's do that by incrementing it when the subflow context of an inbound MPC connection attempt is dropped. Also, update mptcp_connect.sh kselftest, to ensure that the above MIB does not increment in case a pure TCP client connects to a MPTCP server. Fixes: fc518953bc9c ("mptcp: add and use MIB counter infrastructure") Cc: stable(a)vger.kernel.org Reported-by: Christoph Paasch <cpaasch(a)apple.com> Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/449 Signed-off-by: Davide Caratti <dcaratti(a)redhat.com> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Reviewed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://lore.kernel.org/r/20240329-upstream-net-20240329-fallback-mib-v1-1-… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 3a1967bc7bad..7e74b812e366 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -3937,8 +3937,6 @@ static int mptcp_stream_accept(struct socket *sock, struct socket *newsock, mptcp_set_state(newsk, TCP_CLOSE); } } else { - MPTCP_INC_STATS(sock_net(ssk), - MPTCP_MIB_MPCAPABLEPASSIVEFALLBACK); tcpfallback: newsk->sk_kern_sock = kern; lock_sock(newsk); diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 1626dd20c68f..6042a47da61b 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -905,6 +905,8 @@ static struct sock *subflow_syn_recv_sock(const struct sock *sk, return child; fallback: + if (fallback) + SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_MPCAPABLEPASSIVEFALLBACK); mptcp_subflow_drop_ctx(child); return child; } diff --git a/tools/testing/selftests/net/mptcp/mptcp_connect.sh b/tools/testing/selftests/net/mptcp/mptcp_connect.sh index 4c4248554826..4131f3263a48 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_connect.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_connect.sh @@ -383,12 +383,14 @@ do_transfer() local stat_cookierx_last local stat_csum_err_s local stat_csum_err_c + local stat_tcpfb_last_l stat_synrx_last_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableSYNRX") stat_ackrx_last_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableACKRX") stat_cookietx_last=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtSyncookiesSent") stat_cookierx_last=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtSyncookiesRecv") stat_csum_err_s=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtDataCsumErr") stat_csum_err_c=$(mptcp_lib_get_counter "${connector_ns}" "MPTcpExtDataCsumErr") + stat_tcpfb_last_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableFallbackACK") timeout ${timeout_test} \ ip netns exec ${listener_ns} \ @@ -457,11 +459,13 @@ do_transfer() local stat_cookietx_now local stat_cookierx_now local stat_ooo_now + local stat_tcpfb_now_l stat_synrx_now_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableSYNRX") stat_ackrx_now_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableACKRX") stat_cookietx_now=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtSyncookiesSent") stat_cookierx_now=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtSyncookiesRecv") stat_ooo_now=$(mptcp_lib_get_counter "${listener_ns}" "TcpExtTCPOFOQueue") + stat_tcpfb_now_l=$(mptcp_lib_get_counter "${listener_ns}" "MPTcpExtMPCapableFallbackACK") expect_synrx=$((stat_synrx_last_l)) expect_ackrx=$((stat_ackrx_last_l)) @@ -508,6 +512,11 @@ do_transfer() fi fi + if [ ${stat_ooo_now} -eq 0 ] && [ ${stat_tcpfb_last_l} -ne ${stat_tcpfb_now_l} ]; then + mptcp_lib_pr_fail "unexpected fallback to TCP" + rets=1 + fi + if [ $cookies -eq 2 ];then if [ $stat_cookietx_last -ge $stat_cookietx_now ] ;then extra+=" WARN: CookieSent: did not advance"

1 year, 2 months

2
4
0 0

[PATCH] perf/x86/intel/ds: Fix non 0 retire latency on Raptorlake

by kan.liang＠linux.intel.com

From: Kan Liang <kan.liang(a)linux.intel.com> A non-0 retire latency can be observed on a Raptorlake which doesn't support the retire latency feature. By design, the retire latency shares the PERF_SAMPLE_WEIGHT_STRUCT sample type with other types of latency. That could avoid adding too many different sample types to support all kinds of latency. For the machine which doesn't support some kind of latency, 0 should be returned. Perf doesn’t clear/init all the fields of a sample data for the sake of performance. It expects the later perf_{prepare,output}_sample() to update the uninitialized field. However, the current implementation doesn't touch the field of the retire latency if the feature is not supported. The memory garbage is dumped into the perf data. Clear the retire latency if the feature is not supported. Fixes: c87a31093c70 ("perf/x86: Support Retire Latency") Reported-by: "Bayduraev, Alexey V" <alexey.v.bayduraev(a)intel.com> Tested-by: "Bayduraev, Alexey V" <alexey.v.bayduraev(a)intel.com> Signed-off-by: Kan Liang <kan.liang(a)linux.intel.com> Cc: stable(a)vger.kernel.org --- arch/x86/events/intel/ds.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/arch/x86/events/intel/ds.c b/arch/x86/events/intel/ds.c index f95cca6b632a..838f3e23bce9 100644 --- a/arch/x86/events/intel/ds.c +++ b/arch/x86/events/intel/ds.c @@ -1989,8 +1989,12 @@ static void setup_pebs_adaptive_sample_data(struct perf_event *event, set_linear_ip(regs, basic->ip); regs->flags = PERF_EFLAGS_EXACT; - if ((sample_type & PERF_SAMPLE_WEIGHT_STRUCT) && (x86_pmu.flags & PMU_FL_RETIRE_LATENCY)) - data->weight.var3_w = format_size >> PEBS_RETIRE_LATENCY_OFFSET & PEBS_LATENCY_MASK; + if (sample_type & PERF_SAMPLE_WEIGHT_STRUCT) { + if (x86_pmu.flags & PMU_FL_RETIRE_LATENCY) + data->weight.var3_w = format_size >> PEBS_RETIRE_LATENCY_OFFSET & PEBS_LATENCY_MASK; + else + data->weight.var3_w = 0; + } /* * The record for MEMINFO is in front of GP -- 2.35.1

1 year, 2 months

1
0
0 0

FAILED: patch "[PATCH] x86/bugs: Fix the SRSO mitigation on Zen3/4" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 4535e1a4174c4111d92c5a9a21e542d232e0fcaa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024033032-confess-monument-a6db@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4535e1a4174c4111d92c5a9a21e542d232e0fcaa Mon Sep 17 00:00:00 2001 From: "Borislav Petkov (AMD)" <bp(a)alien8.de> Date: Thu, 28 Mar 2024 13:59:05 +0100 Subject: [PATCH] x86/bugs: Fix the SRSO mitigation on Zen3/4 The original version of the mitigation would patch in the calls to the untraining routines directly. That is, the alternative() in UNTRAIN_RET will patch in the CALL to srso_alias_untrain_ret() directly. However, even if commit e7c25c441e9e ("x86/cpu: Cleanup the untrain mess") meant well in trying to clean up the situation, due to micro- architectural reasons, the untraining routine srso_alias_untrain_ret() must be the target of a CALL instruction and not of a JMP instruction as it is done now. Reshuffle the alternative macros to accomplish that. Fixes: e7c25c441e9e ("x86/cpu: Cleanup the untrain mess") Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Reviewed-by: Ingo Molnar <mingo(a)kernel.org> Cc: stable(a)kernel.org Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/arch/x86/include/asm/asm-prototypes.h b/arch/x86/include/asm/asm-prototypes.h index 076bf8dee702..25466c4d2134 100644 --- a/arch/x86/include/asm/asm-prototypes.h +++ b/arch/x86/include/asm/asm-prototypes.h @@ -14,6 +14,7 @@ #include <asm/asm.h> #include <asm/fred.h> #include <asm/gsseg.h> +#include <asm/nospec-branch.h> #ifndef CONFIG_X86_CMPXCHG64 extern void cmpxchg8b_emu(void); diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h index fc3a8a3c7ffe..170c89ed22fc 100644 --- a/arch/x86/include/asm/nospec-branch.h +++ b/arch/x86/include/asm/nospec-branch.h @@ -262,11 +262,20 @@ .Lskip_rsb_\@: .endm +/* + * The CALL to srso_alias_untrain_ret() must be patched in directly at + * the spot where untraining must be done, ie., srso_alias_untrain_ret() + * must be the target of a CALL instruction instead of indirectly + * jumping to a wrapper which then calls it. Therefore, this macro is + * called outside of __UNTRAIN_RET below, for the time being, before the + * kernel can support nested alternatives with arbitrary nesting. + */ +.macro CALL_UNTRAIN_RET #if defined(CONFIG_MITIGATION_UNRET_ENTRY) || defined(CONFIG_MITIGATION_SRSO) -#define CALL_UNTRAIN_RET "call entry_untrain_ret" -#else -#define CALL_UNTRAIN_RET "" + ALTERNATIVE_2 "", "call entry_untrain_ret", X86_FEATURE_UNRET, \ + "call srso_alias_untrain_ret", X86_FEATURE_SRSO_ALIAS #endif +.endm /* * Mitigate RETBleed for AMD/Hygon Zen uarch. Requires KERNEL CR3 because the @@ -282,8 +291,8 @@ .macro __UNTRAIN_RET ibpb_feature, call_depth_insns #if defined(CONFIG_MITIGATION_RETHUNK) || defined(CONFIG_MITIGATION_IBPB_ENTRY) VALIDATE_UNRET_END - ALTERNATIVE_3 "", \ - CALL_UNTRAIN_RET, X86_FEATURE_UNRET, \ + CALL_UNTRAIN_RET + ALTERNATIVE_2 "", \ "call entry_ibpb", \ibpb_feature, \ __stringify(\call_depth_insns), X86_FEATURE_CALL_DEPTH #endif @@ -342,6 +351,8 @@ extern void retbleed_return_thunk(void); static inline void retbleed_return_thunk(void) {} #endif +extern void srso_alias_untrain_ret(void); + #ifdef CONFIG_MITIGATION_SRSO extern void srso_return_thunk(void); extern void srso_alias_return_thunk(void); diff --git a/arch/x86/lib/retpoline.S b/arch/x86/lib/retpoline.S index 721b528da9ac..02cde194a99e 100644 --- a/arch/x86/lib/retpoline.S +++ b/arch/x86/lib/retpoline.S @@ -163,6 +163,7 @@ SYM_CODE_START_NOALIGN(srso_alias_untrain_ret) lfence jmp srso_alias_return_thunk SYM_FUNC_END(srso_alias_untrain_ret) +__EXPORT_THUNK(srso_alias_untrain_ret) .popsection .pushsection .text..__x86.rethunk_safe @@ -224,10 +225,12 @@ SYM_CODE_START(srso_return_thunk) SYM_CODE_END(srso_return_thunk) #define JMP_SRSO_UNTRAIN_RET "jmp srso_untrain_ret" -#define JMP_SRSO_ALIAS_UNTRAIN_RET "jmp srso_alias_untrain_ret" #else /* !CONFIG_MITIGATION_SRSO */ +/* Dummy for the alternative in CALL_UNTRAIN_RET. */ +SYM_CODE_START(srso_alias_untrain_ret) + RET +SYM_FUNC_END(srso_alias_untrain_ret) #define JMP_SRSO_UNTRAIN_RET "ud2" -#define JMP_SRSO_ALIAS_UNTRAIN_RET "ud2" #endif /* CONFIG_MITIGATION_SRSO */ #ifdef CONFIG_MITIGATION_UNRET_ENTRY @@ -319,9 +322,7 @@ SYM_FUNC_END(retbleed_untrain_ret) #if defined(CONFIG_MITIGATION_UNRET_ENTRY) || defined(CONFIG_MITIGATION_SRSO) SYM_FUNC_START(entry_untrain_ret) - ALTERNATIVE_2 JMP_RETBLEED_UNTRAIN_RET, \ - JMP_SRSO_UNTRAIN_RET, X86_FEATURE_SRSO, \ - JMP_SRSO_ALIAS_UNTRAIN_RET, X86_FEATURE_SRSO_ALIAS + ALTERNATIVE JMP_RETBLEED_UNTRAIN_RET, JMP_SRSO_UNTRAIN_RET, X86_FEATURE_SRSO SYM_FUNC_END(entry_untrain_ret) __EXPORT_THUNK(entry_untrain_ret)

1 year, 2 months

2
2
0 0