- Linux-stable-mirror - lists.linaro.org

FAILED: patch "[PATCH] riscv: fix overlap of allocated page and PTR_ERR" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 994af1825a2aa286f4903ff64a1c7378b52defe6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061853-upbeat-skyline-91e2@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 994af1825a2a ("riscv: fix overlap of allocated page and PTR_ERR") 07aabe8fb6d1 ("riscv: mm: init: try best to use IS_ENABLED(CONFIG_64BIT) instead of #ifdef") 063df71a574b ("Merge tag 'riscv-for-linus-5.15-mw0' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 994af1825a2aa286f4903ff64a1c7378b52defe6 Mon Sep 17 00:00:00 2001 From: Nam Cao <namcao(a)linutronix.de> Date: Thu, 25 Apr 2024 13:52:01 +0200 Subject: [PATCH] riscv: fix overlap of allocated page and PTR_ERR MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On riscv32, it is possible for the last page in virtual address space (0xfffff000) to be allocated. This page overlaps with PTR_ERR, so that shouldn't happen. There is already some code to ensure memblock won't allocate the last page. However, buddy allocator is left unchecked. Fix this by reserving physical memory that would be mapped at virtual addresses greater than 0xfffff000. Reported-by: Björn Töpel <bjorn(a)kernel.org> Closes: https://lore.kernel.org/linux-riscv/878r1ibpdn.fsf@all.your.base.are.belong… Fixes: 76d2a0493a17 ("RISC-V: Init and Halt Code") Signed-off-by: Nam Cao <namcao(a)linutronix.de> Cc: <stable(a)vger.kernel.org> Tested-by: Björn Töpel <bjorn(a)rivosinc.com> Reviewed-by: Björn Töpel <bjorn(a)rivosinc.com> Reviewed-by: Mike Rapoport (IBM) <rppt(a)kernel.org> Link: https://lore.kernel.org/r/20240425115201.3044202-1-namcao@linutronix.de Signed-off-by: Palmer Dabbelt <palmer(a)rivosinc.com> diff --git a/arch/riscv/mm/init.c b/arch/riscv/mm/init.c index e3218d65f21d..e3405e4b99af 100644 --- a/arch/riscv/mm/init.c +++ b/arch/riscv/mm/init.c @@ -250,18 +250,19 @@ static void __init setup_bootmem(void) kernel_map.va_pa_offset = PAGE_OFFSET - phys_ram_base; /* - * memblock allocator is not aware of the fact that last 4K bytes of - * the addressable memory can not be mapped because of IS_ERR_VALUE - * macro. Make sure that last 4k bytes are not usable by memblock - * if end of dram is equal to maximum addressable memory. For 64-bit - * kernel, this problem can't happen here as the end of the virtual - * address space is occupied by the kernel mapping then this check must - * be done as soon as the kernel mapping base address is determined. + * Reserve physical address space that would be mapped to virtual + * addresses greater than (void *)(-PAGE_SIZE) because: + * - This memory would overlap with ERR_PTR + * - This memory belongs to high memory, which is not supported + * + * This is not applicable to 64-bit kernel, because virtual addresses + * after (void *)(-PAGE_SIZE) are not linearly mapped: they are + * occupied by kernel mapping. Also it is unrealistic for high memory + * to exist on 64-bit platforms. */ if (!IS_ENABLED(CONFIG_64BIT)) { - max_mapped_addr = __pa(~(ulong)0); - if (max_mapped_addr == (phys_ram_end - 1)) - memblock_set_current_limit(max_mapped_addr - 4096); + max_mapped_addr = __va_to_pa_nodebug(-PAGE_SIZE); + memblock_reserve(max_mapped_addr, (phys_addr_t)-max_mapped_addr); } min_low_pfn = PFN_UP(phys_ram_base);

1 year, 2 months

1
0
0 0

FAILED: patch "[PATCH] riscv: fix overlap of allocated page and PTR_ERR" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 994af1825a2aa286f4903ff64a1c7378b52defe6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061849-unifier-skipping-b900@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 994af1825a2a ("riscv: fix overlap of allocated page and PTR_ERR") 07aabe8fb6d1 ("riscv: mm: init: try best to use IS_ENABLED(CONFIG_64BIT) instead of #ifdef") 063df71a574b ("Merge tag 'riscv-for-linus-5.15-mw0' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 994af1825a2aa286f4903ff64a1c7378b52defe6 Mon Sep 17 00:00:00 2001 From: Nam Cao <namcao(a)linutronix.de> Date: Thu, 25 Apr 2024 13:52:01 +0200 Subject: [PATCH] riscv: fix overlap of allocated page and PTR_ERR MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On riscv32, it is possible for the last page in virtual address space (0xfffff000) to be allocated. This page overlaps with PTR_ERR, so that shouldn't happen. There is already some code to ensure memblock won't allocate the last page. However, buddy allocator is left unchecked. Fix this by reserving physical memory that would be mapped at virtual addresses greater than 0xfffff000. Reported-by: Björn Töpel <bjorn(a)kernel.org> Closes: https://lore.kernel.org/linux-riscv/878r1ibpdn.fsf@all.your.base.are.belong… Fixes: 76d2a0493a17 ("RISC-V: Init and Halt Code") Signed-off-by: Nam Cao <namcao(a)linutronix.de> Cc: <stable(a)vger.kernel.org> Tested-by: Björn Töpel <bjorn(a)rivosinc.com> Reviewed-by: Björn Töpel <bjorn(a)rivosinc.com> Reviewed-by: Mike Rapoport (IBM) <rppt(a)kernel.org> Link: https://lore.kernel.org/r/20240425115201.3044202-1-namcao@linutronix.de Signed-off-by: Palmer Dabbelt <palmer(a)rivosinc.com> diff --git a/arch/riscv/mm/init.c b/arch/riscv/mm/init.c index e3218d65f21d..e3405e4b99af 100644 --- a/arch/riscv/mm/init.c +++ b/arch/riscv/mm/init.c @@ -250,18 +250,19 @@ static void __init setup_bootmem(void) kernel_map.va_pa_offset = PAGE_OFFSET - phys_ram_base; /* - * memblock allocator is not aware of the fact that last 4K bytes of - * the addressable memory can not be mapped because of IS_ERR_VALUE - * macro. Make sure that last 4k bytes are not usable by memblock - * if end of dram is equal to maximum addressable memory. For 64-bit - * kernel, this problem can't happen here as the end of the virtual - * address space is occupied by the kernel mapping then this check must - * be done as soon as the kernel mapping base address is determined. + * Reserve physical address space that would be mapped to virtual + * addresses greater than (void *)(-PAGE_SIZE) because: + * - This memory would overlap with ERR_PTR + * - This memory belongs to high memory, which is not supported + * + * This is not applicable to 64-bit kernel, because virtual addresses + * after (void *)(-PAGE_SIZE) are not linearly mapped: they are + * occupied by kernel mapping. Also it is unrealistic for high memory + * to exist on 64-bit platforms. */ if (!IS_ENABLED(CONFIG_64BIT)) { - max_mapped_addr = __pa(~(ulong)0); - if (max_mapped_addr == (phys_ram_end - 1)) - memblock_set_current_limit(max_mapped_addr - 4096); + max_mapped_addr = __va_to_pa_nodebug(-PAGE_SIZE); + memblock_reserve(max_mapped_addr, (phys_addr_t)-max_mapped_addr); } min_low_pfn = PFN_UP(phys_ram_base);

1 year, 2 months

1
0
0 0

FAILED: patch "[PATCH] riscv: fix overlap of allocated page and PTR_ERR" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 994af1825a2aa286f4903ff64a1c7378b52defe6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061848-varied-expansive-2006@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 994af1825a2a ("riscv: fix overlap of allocated page and PTR_ERR") 07aabe8fb6d1 ("riscv: mm: init: try best to use IS_ENABLED(CONFIG_64BIT) instead of #ifdef") 063df71a574b ("Merge tag 'riscv-for-linus-5.15-mw0' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 994af1825a2aa286f4903ff64a1c7378b52defe6 Mon Sep 17 00:00:00 2001 From: Nam Cao <namcao(a)linutronix.de> Date: Thu, 25 Apr 2024 13:52:01 +0200 Subject: [PATCH] riscv: fix overlap of allocated page and PTR_ERR MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On riscv32, it is possible for the last page in virtual address space (0xfffff000) to be allocated. This page overlaps with PTR_ERR, so that shouldn't happen. There is already some code to ensure memblock won't allocate the last page. However, buddy allocator is left unchecked. Fix this by reserving physical memory that would be mapped at virtual addresses greater than 0xfffff000. Reported-by: Björn Töpel <bjorn(a)kernel.org> Closes: https://lore.kernel.org/linux-riscv/878r1ibpdn.fsf@all.your.base.are.belong… Fixes: 76d2a0493a17 ("RISC-V: Init and Halt Code") Signed-off-by: Nam Cao <namcao(a)linutronix.de> Cc: <stable(a)vger.kernel.org> Tested-by: Björn Töpel <bjorn(a)rivosinc.com> Reviewed-by: Björn Töpel <bjorn(a)rivosinc.com> Reviewed-by: Mike Rapoport (IBM) <rppt(a)kernel.org> Link: https://lore.kernel.org/r/20240425115201.3044202-1-namcao@linutronix.de Signed-off-by: Palmer Dabbelt <palmer(a)rivosinc.com> diff --git a/arch/riscv/mm/init.c b/arch/riscv/mm/init.c index e3218d65f21d..e3405e4b99af 100644 --- a/arch/riscv/mm/init.c +++ b/arch/riscv/mm/init.c @@ -250,18 +250,19 @@ static void __init setup_bootmem(void) kernel_map.va_pa_offset = PAGE_OFFSET - phys_ram_base; /* - * memblock allocator is not aware of the fact that last 4K bytes of - * the addressable memory can not be mapped because of IS_ERR_VALUE - * macro. Make sure that last 4k bytes are not usable by memblock - * if end of dram is equal to maximum addressable memory. For 64-bit - * kernel, this problem can't happen here as the end of the virtual - * address space is occupied by the kernel mapping then this check must - * be done as soon as the kernel mapping base address is determined. + * Reserve physical address space that would be mapped to virtual + * addresses greater than (void *)(-PAGE_SIZE) because: + * - This memory would overlap with ERR_PTR + * - This memory belongs to high memory, which is not supported + * + * This is not applicable to 64-bit kernel, because virtual addresses + * after (void *)(-PAGE_SIZE) are not linearly mapped: they are + * occupied by kernel mapping. Also it is unrealistic for high memory + * to exist on 64-bit platforms. */ if (!IS_ENABLED(CONFIG_64BIT)) { - max_mapped_addr = __pa(~(ulong)0); - if (max_mapped_addr == (phys_ram_end - 1)) - memblock_set_current_limit(max_mapped_addr - 4096); + max_mapped_addr = __va_to_pa_nodebug(-PAGE_SIZE); + memblock_reserve(max_mapped_addr, (phys_addr_t)-max_mapped_addr); } min_low_pfn = PFN_UP(phys_ram_base);

1 year, 2 months

1
0
0 0

FAILED: patch "[PATCH] riscv: fix overlap of allocated page and PTR_ERR" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 994af1825a2aa286f4903ff64a1c7378b52defe6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061847-patchwork-trimmer-9b67@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 994af1825a2a ("riscv: fix overlap of allocated page and PTR_ERR") 07aabe8fb6d1 ("riscv: mm: init: try best to use IS_ENABLED(CONFIG_64BIT) instead of #ifdef") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 994af1825a2aa286f4903ff64a1c7378b52defe6 Mon Sep 17 00:00:00 2001 From: Nam Cao <namcao(a)linutronix.de> Date: Thu, 25 Apr 2024 13:52:01 +0200 Subject: [PATCH] riscv: fix overlap of allocated page and PTR_ERR MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On riscv32, it is possible for the last page in virtual address space (0xfffff000) to be allocated. This page overlaps with PTR_ERR, so that shouldn't happen. There is already some code to ensure memblock won't allocate the last page. However, buddy allocator is left unchecked. Fix this by reserving physical memory that would be mapped at virtual addresses greater than 0xfffff000. Reported-by: Björn Töpel <bjorn(a)kernel.org> Closes: https://lore.kernel.org/linux-riscv/878r1ibpdn.fsf@all.your.base.are.belong… Fixes: 76d2a0493a17 ("RISC-V: Init and Halt Code") Signed-off-by: Nam Cao <namcao(a)linutronix.de> Cc: <stable(a)vger.kernel.org> Tested-by: Björn Töpel <bjorn(a)rivosinc.com> Reviewed-by: Björn Töpel <bjorn(a)rivosinc.com> Reviewed-by: Mike Rapoport (IBM) <rppt(a)kernel.org> Link: https://lore.kernel.org/r/20240425115201.3044202-1-namcao@linutronix.de Signed-off-by: Palmer Dabbelt <palmer(a)rivosinc.com> diff --git a/arch/riscv/mm/init.c b/arch/riscv/mm/init.c index e3218d65f21d..e3405e4b99af 100644 --- a/arch/riscv/mm/init.c +++ b/arch/riscv/mm/init.c @@ -250,18 +250,19 @@ static void __init setup_bootmem(void) kernel_map.va_pa_offset = PAGE_OFFSET - phys_ram_base; /* - * memblock allocator is not aware of the fact that last 4K bytes of - * the addressable memory can not be mapped because of IS_ERR_VALUE - * macro. Make sure that last 4k bytes are not usable by memblock - * if end of dram is equal to maximum addressable memory. For 64-bit - * kernel, this problem can't happen here as the end of the virtual - * address space is occupied by the kernel mapping then this check must - * be done as soon as the kernel mapping base address is determined. + * Reserve physical address space that would be mapped to virtual + * addresses greater than (void *)(-PAGE_SIZE) because: + * - This memory would overlap with ERR_PTR + * - This memory belongs to high memory, which is not supported + * + * This is not applicable to 64-bit kernel, because virtual addresses + * after (void *)(-PAGE_SIZE) are not linearly mapped: they are + * occupied by kernel mapping. Also it is unrealistic for high memory + * to exist on 64-bit platforms. */ if (!IS_ENABLED(CONFIG_64BIT)) { - max_mapped_addr = __pa(~(ulong)0); - if (max_mapped_addr == (phys_ram_end - 1)) - memblock_set_current_limit(max_mapped_addr - 4096); + max_mapped_addr = __va_to_pa_nodebug(-PAGE_SIZE); + memblock_reserve(max_mapped_addr, (phys_addr_t)-max_mapped_addr); } min_low_pfn = PFN_UP(phys_ram_base);

1 year, 2 months

1
0
0 0

FAILED: patch "[PATCH] perf script: Show also errors for --insn-trace option" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x d4a98b45fbe6d06f4b79ed90d0bb05ced8674c23 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061830-barmaid-tassel-308b@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: d4a98b45fbe6 ("perf script: Show also errors for --insn-trace option") 6750ba4b6442 ("perf: script: add raw|disasm arguments to --insn-trace option") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d4a98b45fbe6d06f4b79ed90d0bb05ced8674c23 Mon Sep 17 00:00:00 2001 From: Adrian Hunter <adrian.hunter(a)intel.com> Date: Fri, 15 Mar 2024 09:13:33 +0200 Subject: [PATCH] perf script: Show also errors for --insn-trace option The trace could be misleading if trace errors are not taken into account, so display them also by adding the itrace "e" option. Note --call-trace and --call-ret-trace already add the itrace "e" option. Fixes: b585ebdb5912cf14 ("perf script: Add --insn-trace for instruction decoding") Reviewed-by: Andi Kleen <ak(a)linux.intel.com> Signed-off-by: Adrian Hunter <adrian.hunter(a)intel.com> Cc: Andi Kleen <ak(a)linux.intel.com> Cc: Ian Rogers <irogers(a)google.com> Cc: Jiri Olsa <jolsa(a)kernel.org> Cc: Namhyung Kim <namhyung(a)kernel.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240315071334.3478-1-adrian.hunter@intel.com Signed-off-by: Arnaldo Carvalho de Melo <acme(a)redhat.com> diff --git a/tools/perf/builtin-script.c b/tools/perf/builtin-script.c index 37088cc0ff1b..2e7148d667bd 100644 --- a/tools/perf/builtin-script.c +++ b/tools/perf/builtin-script.c @@ -3806,7 +3806,7 @@ static int parse_insn_trace(const struct option *opt __maybe_unused, if (ret < 0) return ret; - itrace_parse_synth_opts(opt, "i0ns", 0); + itrace_parse_synth_opts(opt, "i0nse", 0); symbol_conf.nanosecs = true; return 0; }

1 year, 2 months

1
0
0 0

FAILED: patch "[PATCH] irqchip/gic-v3-its: Fix potential race condition in" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x b97e8a2f7130a4b30d1502003095833d16c028b3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061815-spooky-sly-029b@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: b97e8a2f7130 ("irqchip/gic-v3-its: Fix potential race condition in its_vlpi_prop_update()") 11635fa26dc7 ("irqchip/gic-v3-its: Make vlpi_lock a spinlock") 046b5054f566 ("irqchip/gic-v3-its: Lock VLPI map array before translating it") c1d4d5cd203c ("irqchip/gic-v3-its: Add its_vlpi_map helpers") 425c09be0f09 ("irqchip/gic-v3-its: Allow LPI invalidation via the DirectLPI interface") 2f4f064b3131 ("irqchip/gic-v3-its: Factor out wait_for_syncr primitive") 8424312516e5 ("irqchip/gic-v3-its: Use the exact ITSList for VMOVP") e1a2e2010ba9 ("irqchip/gic-v3-its: Keep track of property table's PA and VA") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b97e8a2f7130a4b30d1502003095833d16c028b3 Mon Sep 17 00:00:00 2001 From: Hagar Hemdan <hagarhem(a)amazon.com> Date: Fri, 31 May 2024 16:21:44 +0000 Subject: [PATCH] irqchip/gic-v3-its: Fix potential race condition in its_vlpi_prop_update() its_vlpi_prop_update() calls lpi_write_config() which obtains the mapping information for a VLPI without lock held. So it could race with its_vlpi_unmap(). Since all calls from its_irq_set_vcpu_affinity() require the same lock to be held, hoist the locking there instead of sprinkling the locking all over the place. This bug was discovered using Coverity Static Analysis Security Testing (SAST) by Synopsys, Inc. [ tglx: Use guard() instead of goto ] Fixes: 015ec0386ab6 ("irqchip/gic-v3-its: Add VLPI configuration handling") Suggested-by: Marc Zyngier <maz(a)kernel.org> Signed-off-by: Hagar Hemdan <hagarhem(a)amazon.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Reviewed-by: Marc Zyngier <maz(a)kernel.org> Link: https://lore.kernel.org/r/20240531162144.28650-1-hagarhem@amazon.com diff --git a/drivers/irqchip/irq-gic-v3-its.c b/drivers/irqchip/irq-gic-v3-its.c index 40ebf1726393..3c755d5dad6e 100644 --- a/drivers/irqchip/irq-gic-v3-its.c +++ b/drivers/irqchip/irq-gic-v3-its.c @@ -1846,28 +1846,22 @@ static int its_vlpi_map(struct irq_data *d, struct its_cmd_info *info) { struct its_device *its_dev = irq_data_get_irq_chip_data(d); u32 event = its_get_event_id(d); - int ret = 0; if (!info->map) return -EINVAL; - raw_spin_lock(&its_dev->event_map.vlpi_lock); - if (!its_dev->event_map.vm) { struct its_vlpi_map *maps; maps = kcalloc(its_dev->event_map.nr_lpis, sizeof(*maps), GFP_ATOMIC); - if (!maps) { - ret = -ENOMEM; - goto out; - } + if (!maps) + return -ENOMEM; its_dev->event_map.vm = info->map->vm; its_dev->event_map.vlpi_maps = maps; } else if (its_dev->event_map.vm != info->map->vm) { - ret = -EINVAL; - goto out; + return -EINVAL; } /* Get our private copy of the mapping information */ @@ -1899,46 +1893,32 @@ static int its_vlpi_map(struct irq_data *d, struct its_cmd_info *info) its_dev->event_map.nr_vlpis++; } -out: - raw_spin_unlock(&its_dev->event_map.vlpi_lock); - return ret; + return 0; } static int its_vlpi_get(struct irq_data *d, struct its_cmd_info *info) { struct its_device *its_dev = irq_data_get_irq_chip_data(d); struct its_vlpi_map *map; - int ret = 0; - - raw_spin_lock(&its_dev->event_map.vlpi_lock); map = get_vlpi_map(d); - if (!its_dev->event_map.vm || !map) { - ret = -EINVAL; - goto out; - } + if (!its_dev->event_map.vm || !map) + return -EINVAL; /* Copy our mapping information to the incoming request */ *info->map = *map; -out: - raw_spin_unlock(&its_dev->event_map.vlpi_lock); - return ret; + return 0; } static int its_vlpi_unmap(struct irq_data *d) { struct its_device *its_dev = irq_data_get_irq_chip_data(d); u32 event = its_get_event_id(d); - int ret = 0; - raw_spin_lock(&its_dev->event_map.vlpi_lock); - - if (!its_dev->event_map.vm || !irqd_is_forwarded_to_vcpu(d)) { - ret = -EINVAL; - goto out; - } + if (!its_dev->event_map.vm || !irqd_is_forwarded_to_vcpu(d)) + return -EINVAL; /* Drop the virtual mapping */ its_send_discard(its_dev, event); @@ -1962,9 +1942,7 @@ static int its_vlpi_unmap(struct irq_data *d) kfree(its_dev->event_map.vlpi_maps); } -out: - raw_spin_unlock(&its_dev->event_map.vlpi_lock); - return ret; + return 0; } static int its_vlpi_prop_update(struct irq_data *d, struct its_cmd_info *info) @@ -1992,6 +1970,8 @@ static int its_irq_set_vcpu_affinity(struct irq_data *d, void *vcpu_info) if (!is_v4(its_dev->its)) return -EINVAL; + guard(raw_spinlock_irq)(&its_dev->event_map.vlpi_lock); + /* Unmap request? */ if (!info) return its_vlpi_unmap(d);

1 year, 2 months

1
0
0 0

FAILED: patch "[PATCH] irqchip/gic-v3-its: Fix potential race condition in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x b97e8a2f7130a4b30d1502003095833d16c028b3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061814-opacity-connected-5c75@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: b97e8a2f7130 ("irqchip/gic-v3-its: Fix potential race condition in its_vlpi_prop_update()") 11635fa26dc7 ("irqchip/gic-v3-its: Make vlpi_lock a spinlock") 046b5054f566 ("irqchip/gic-v3-its: Lock VLPI map array before translating it") c1d4d5cd203c ("irqchip/gic-v3-its: Add its_vlpi_map helpers") 425c09be0f09 ("irqchip/gic-v3-its: Allow LPI invalidation via the DirectLPI interface") 2f4f064b3131 ("irqchip/gic-v3-its: Factor out wait_for_syncr primitive") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b97e8a2f7130a4b30d1502003095833d16c028b3 Mon Sep 17 00:00:00 2001 From: Hagar Hemdan <hagarhem(a)amazon.com> Date: Fri, 31 May 2024 16:21:44 +0000 Subject: [PATCH] irqchip/gic-v3-its: Fix potential race condition in its_vlpi_prop_update() its_vlpi_prop_update() calls lpi_write_config() which obtains the mapping information for a VLPI without lock held. So it could race with its_vlpi_unmap(). Since all calls from its_irq_set_vcpu_affinity() require the same lock to be held, hoist the locking there instead of sprinkling the locking all over the place. This bug was discovered using Coverity Static Analysis Security Testing (SAST) by Synopsys, Inc. [ tglx: Use guard() instead of goto ] Fixes: 015ec0386ab6 ("irqchip/gic-v3-its: Add VLPI configuration handling") Suggested-by: Marc Zyngier <maz(a)kernel.org> Signed-off-by: Hagar Hemdan <hagarhem(a)amazon.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Reviewed-by: Marc Zyngier <maz(a)kernel.org> Link: https://lore.kernel.org/r/20240531162144.28650-1-hagarhem@amazon.com diff --git a/drivers/irqchip/irq-gic-v3-its.c b/drivers/irqchip/irq-gic-v3-its.c index 40ebf1726393..3c755d5dad6e 100644 --- a/drivers/irqchip/irq-gic-v3-its.c +++ b/drivers/irqchip/irq-gic-v3-its.c @@ -1846,28 +1846,22 @@ static int its_vlpi_map(struct irq_data *d, struct its_cmd_info *info) { struct its_device *its_dev = irq_data_get_irq_chip_data(d); u32 event = its_get_event_id(d); - int ret = 0; if (!info->map) return -EINVAL; - raw_spin_lock(&its_dev->event_map.vlpi_lock); - if (!its_dev->event_map.vm) { struct its_vlpi_map *maps; maps = kcalloc(its_dev->event_map.nr_lpis, sizeof(*maps), GFP_ATOMIC); - if (!maps) { - ret = -ENOMEM; - goto out; - } + if (!maps) + return -ENOMEM; its_dev->event_map.vm = info->map->vm; its_dev->event_map.vlpi_maps = maps; } else if (its_dev->event_map.vm != info->map->vm) { - ret = -EINVAL; - goto out; + return -EINVAL; } /* Get our private copy of the mapping information */ @@ -1899,46 +1893,32 @@ static int its_vlpi_map(struct irq_data *d, struct its_cmd_info *info) its_dev->event_map.nr_vlpis++; } -out: - raw_spin_unlock(&its_dev->event_map.vlpi_lock); - return ret; + return 0; } static int its_vlpi_get(struct irq_data *d, struct its_cmd_info *info) { struct its_device *its_dev = irq_data_get_irq_chip_data(d); struct its_vlpi_map *map; - int ret = 0; - - raw_spin_lock(&its_dev->event_map.vlpi_lock); map = get_vlpi_map(d); - if (!its_dev->event_map.vm || !map) { - ret = -EINVAL; - goto out; - } + if (!its_dev->event_map.vm || !map) + return -EINVAL; /* Copy our mapping information to the incoming request */ *info->map = *map; -out: - raw_spin_unlock(&its_dev->event_map.vlpi_lock); - return ret; + return 0; } static int its_vlpi_unmap(struct irq_data *d) { struct its_device *its_dev = irq_data_get_irq_chip_data(d); u32 event = its_get_event_id(d); - int ret = 0; - raw_spin_lock(&its_dev->event_map.vlpi_lock); - - if (!its_dev->event_map.vm || !irqd_is_forwarded_to_vcpu(d)) { - ret = -EINVAL; - goto out; - } + if (!its_dev->event_map.vm || !irqd_is_forwarded_to_vcpu(d)) + return -EINVAL; /* Drop the virtual mapping */ its_send_discard(its_dev, event); @@ -1962,9 +1942,7 @@ static int its_vlpi_unmap(struct irq_data *d) kfree(its_dev->event_map.vlpi_maps); } -out: - raw_spin_unlock(&its_dev->event_map.vlpi_lock); - return ret; + return 0; } static int its_vlpi_prop_update(struct irq_data *d, struct its_cmd_info *info) @@ -1992,6 +1970,8 @@ static int its_irq_set_vcpu_affinity(struct irq_data *d, void *vcpu_info) if (!is_v4(its_dev->its)) return -EINVAL; + guard(raw_spinlock_irq)(&its_dev->event_map.vlpi_lock); + /* Unmap request? */ if (!info) return its_vlpi_unmap(d);

1 year, 2 months

1
0
0 0

[PATCH AUTOSEL 4.19 1/9] scsi: qedf: Set qed_slowpath_params to zero before use

by Sasha Levin

From: Saurav Kashyap <skashyap(a)marvell.com> [ Upstream commit 6c3bb589debd763dc4b94803ddf3c13b4fcca776 ] Zero qed_slowpath_params before use. Signed-off-by: Saurav Kashyap <skashyap(a)marvell.com> Signed-off-by: Nilesh Javali <njavali(a)marvell.com> Link: https://lore.kernel.org/r/20240515091101.18754-4-skashyap@marvell.com Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/scsi/qedf/qedf_main.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/scsi/qedf/qedf_main.c b/drivers/scsi/qedf/qedf_main.c index 01e27285b26ba..33fb0e1926831 100644 --- a/drivers/scsi/qedf/qedf_main.c +++ b/drivers/scsi/qedf/qedf_main.c @@ -3101,6 +3101,7 @@ static int __qedf_probe(struct pci_dev *pdev, int mode) } /* Start the Slowpath-process */ + memset(&slowpath_params, 0, sizeof(struct qed_slowpath_params)); slowpath_params.int_mode = QED_INT_MODE_MSIX; slowpath_params.drv_major = QEDF_DRIVER_MAJOR_VER; slowpath_params.drv_minor = QEDF_DRIVER_MINOR_VER; -- 2.43.0

1 year, 2 months

1
8
0 0

[PATCH AUTOSEL 5.4 1/9] scsi: qedf: Set qed_slowpath_params to zero before use

by Sasha Levin

From: Saurav Kashyap <skashyap(a)marvell.com> [ Upstream commit 6c3bb589debd763dc4b94803ddf3c13b4fcca776 ] Zero qed_slowpath_params before use. Signed-off-by: Saurav Kashyap <skashyap(a)marvell.com> Signed-off-by: Nilesh Javali <njavali(a)marvell.com> Link: https://lore.kernel.org/r/20240515091101.18754-4-skashyap@marvell.com Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/scsi/qedf/qedf_main.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/scsi/qedf/qedf_main.c b/drivers/scsi/qedf/qedf_main.c index 858058f228191..e0601b5520b78 100644 --- a/drivers/scsi/qedf/qedf_main.c +++ b/drivers/scsi/qedf/qedf_main.c @@ -3299,6 +3299,7 @@ static int __qedf_probe(struct pci_dev *pdev, int mode) } /* Start the Slowpath-process */ + memset(&slowpath_params, 0, sizeof(struct qed_slowpath_params)); slowpath_params.int_mode = QED_INT_MODE_MSIX; slowpath_params.drv_major = QEDF_DRIVER_MAJOR_VER; slowpath_params.drv_minor = QEDF_DRIVER_MINOR_VER; -- 2.43.0

1 year, 2 months

1
8
0 0

[PATCH AUTOSEL 5.10 01/13] scsi: qedf: Set qed_slowpath_params to zero before use

by Sasha Levin

From: Saurav Kashyap <skashyap(a)marvell.com> [ Upstream commit 6c3bb589debd763dc4b94803ddf3c13b4fcca776 ] Zero qed_slowpath_params before use. Signed-off-by: Saurav Kashyap <skashyap(a)marvell.com> Signed-off-by: Nilesh Javali <njavali(a)marvell.com> Link: https://lore.kernel.org/r/20240515091101.18754-4-skashyap@marvell.com Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/scsi/qedf/qedf_main.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/scsi/qedf/qedf_main.c b/drivers/scsi/qedf/qedf_main.c index 6923862be3fbc..2536da96130ea 100644 --- a/drivers/scsi/qedf/qedf_main.c +++ b/drivers/scsi/qedf/qedf_main.c @@ -3453,6 +3453,7 @@ static int __qedf_probe(struct pci_dev *pdev, int mode) } /* Start the Slowpath-process */ + memset(&slowpath_params, 0, sizeof(struct qed_slowpath_params)); slowpath_params.int_mode = QED_INT_MODE_MSIX; slowpath_params.drv_major = QEDF_DRIVER_MAJOR_VER; slowpath_params.drv_minor = QEDF_DRIVER_MINOR_VER; -- 2.43.0

1 year, 2 months

1
12
0 0

[PATCH AUTOSEL 5.15 01/21] scsi: core: alua: I/O errors for ALUA state transitions

by Sasha Levin

From: Martin Wilck <martin.wilck(a)suse.com> [ Upstream commit 10157b1fc1a762293381e9145041253420dfc6ad ] When a host is configured with a few LUNs and I/O is running, injecting FC faults repeatedly leads to path recovery problems. The LUNs have 4 paths each and 3 of them come back active after say an FC fault which makes 2 of the paths go down, instead of all 4. This happens after several iterations of continuous FC faults. Reason here is that we're returning an I/O error whenever we're encountering sense code 06/04/0a (LOGICAL UNIT NOT ACCESSIBLE, ASYMMETRIC ACCESS STATE TRANSITION) instead of retrying. [mwilck: The original patch was developed by Rajashekhar M A and Hannes Reinecke. I moved the code to alua_check_sense() as suggested by Mike Christie [1]. Evan Milne had raised the question whether pg->state should be set to transitioning in the UA case [2]. I believe that doing this is correct. SCSI_ACCESS_STATE_TRANSITIONING by itself doesn't cause I/O errors. Our handler schedules an RTPG, which will only result in an I/O error condition if the transitioning timeout expires.] [1] https://lore.kernel.org/all/0bc96e82-fdda-4187-148d-5b34f81d4942@oracle.com/ [2] https://lore.kernel.org/all/CAGtn9r=kicnTDE2o7Gt5Y=yoidHYD7tG8XdMHEBJTBraVE… Co-developed-by: Rajashekhar M A <rajs(a)netapp.com> Co-developed-by: Hannes Reinecke <hare(a)suse.de> Signed-off-by: Hannes Reinecke <hare(a)suse.de> Signed-off-by: Martin Wilck <martin.wilck(a)suse.com> Link: https://lore.kernel.org/r/20240514140344.19538-1-mwilck@suse.com Reviewed-by: Damien Le Moal <dlemoal(a)kernel.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: Mike Christie <michael.christie(a)oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/scsi/device_handler/scsi_dh_alua.c | 31 +++++++++++++++------- 1 file changed, 22 insertions(+), 9 deletions(-) diff --git a/drivers/scsi/device_handler/scsi_dh_alua.c b/drivers/scsi/device_handler/scsi_dh_alua.c index a9c4a5e2ccb90..60792f257c235 100644 --- a/drivers/scsi/device_handler/scsi_dh_alua.c +++ b/drivers/scsi/device_handler/scsi_dh_alua.c @@ -406,28 +406,40 @@ static char print_alua_state(unsigned char state) } } -static enum scsi_disposition alua_check_sense(struct scsi_device *sdev, - struct scsi_sense_hdr *sense_hdr) +static void alua_handle_state_transition(struct scsi_device *sdev) { struct alua_dh_data *h = sdev->handler_data; struct alua_port_group *pg; + rcu_read_lock(); + pg = rcu_dereference(h->pg); + if (pg) + pg->state = SCSI_ACCESS_STATE_TRANSITIONING; + rcu_read_unlock(); + alua_check(sdev, false); +} + +static enum scsi_disposition alua_check_sense(struct scsi_device *sdev, + struct scsi_sense_hdr *sense_hdr) +{ switch (sense_hdr->sense_key) { case NOT_READY: if (sense_hdr->asc == 0x04 && sense_hdr->ascq == 0x0a) { /* * LUN Not Accessible - ALUA state transition */ - rcu_read_lock(); - pg = rcu_dereference(h->pg); - if (pg) - pg->state = SCSI_ACCESS_STATE_TRANSITIONING; - rcu_read_unlock(); - alua_check(sdev, false); + alua_handle_state_transition(sdev); return NEEDS_RETRY; } break; case UNIT_ATTENTION: + if (sense_hdr->asc == 0x04 && sense_hdr->ascq == 0x0a) { + /* + * LUN Not Accessible - ALUA state transition + */ + alua_handle_state_transition(sdev); + return NEEDS_RETRY; + } if (sense_hdr->asc == 0x29 && sense_hdr->ascq == 0x00) { /* * Power On, Reset, or Bus Device Reset. @@ -494,7 +506,8 @@ static int alua_tur(struct scsi_device *sdev) retval = scsi_test_unit_ready(sdev, ALUA_FAILOVER_TIMEOUT * HZ, ALUA_FAILOVER_RETRIES, &sense_hdr); - if (sense_hdr.sense_key == NOT_READY && + if ((sense_hdr.sense_key == NOT_READY || + sense_hdr.sense_key == UNIT_ATTENTION) && sense_hdr.asc == 0x04 && sense_hdr.ascq == 0x0a) return SCSI_DH_RETRY; else if (retval) -- 2.43.0

1 year, 2 months

1
20
0 0

[PATCH AUTOSEL 6.9 01/44] scsi: core: alua: I/O errors for ALUA state transitions

by Sasha Levin

From: Martin Wilck <martin.wilck(a)suse.com> [ Upstream commit 10157b1fc1a762293381e9145041253420dfc6ad ] When a host is configured with a few LUNs and I/O is running, injecting FC faults repeatedly leads to path recovery problems. The LUNs have 4 paths each and 3 of them come back active after say an FC fault which makes 2 of the paths go down, instead of all 4. This happens after several iterations of continuous FC faults. Reason here is that we're returning an I/O error whenever we're encountering sense code 06/04/0a (LOGICAL UNIT NOT ACCESSIBLE, ASYMMETRIC ACCESS STATE TRANSITION) instead of retrying. [mwilck: The original patch was developed by Rajashekhar M A and Hannes Reinecke. I moved the code to alua_check_sense() as suggested by Mike Christie [1]. Evan Milne had raised the question whether pg->state should be set to transitioning in the UA case [2]. I believe that doing this is correct. SCSI_ACCESS_STATE_TRANSITIONING by itself doesn't cause I/O errors. Our handler schedules an RTPG, which will only result in an I/O error condition if the transitioning timeout expires.] [1] https://lore.kernel.org/all/0bc96e82-fdda-4187-148d-5b34f81d4942@oracle.com/ [2] https://lore.kernel.org/all/CAGtn9r=kicnTDE2o7Gt5Y=yoidHYD7tG8XdMHEBJTBraVE… Co-developed-by: Rajashekhar M A <rajs(a)netapp.com> Co-developed-by: Hannes Reinecke <hare(a)suse.de> Signed-off-by: Hannes Reinecke <hare(a)suse.de> Signed-off-by: Martin Wilck <martin.wilck(a)suse.com> Link: https://lore.kernel.org/r/20240514140344.19538-1-mwilck@suse.com Reviewed-by: Damien Le Moal <dlemoal(a)kernel.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: Mike Christie <michael.christie(a)oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/scsi/device_handler/scsi_dh_alua.c | 31 +++++++++++++++------- 1 file changed, 22 insertions(+), 9 deletions(-) diff --git a/drivers/scsi/device_handler/scsi_dh_alua.c b/drivers/scsi/device_handler/scsi_dh_alua.c index a226dc1b65d71..4eb0837298d4d 100644 --- a/drivers/scsi/device_handler/scsi_dh_alua.c +++ b/drivers/scsi/device_handler/scsi_dh_alua.c @@ -414,28 +414,40 @@ static char print_alua_state(unsigned char state) } } -static enum scsi_disposition alua_check_sense(struct scsi_device *sdev, - struct scsi_sense_hdr *sense_hdr) +static void alua_handle_state_transition(struct scsi_device *sdev) { struct alua_dh_data *h = sdev->handler_data; struct alua_port_group *pg; + rcu_read_lock(); + pg = rcu_dereference(h->pg); + if (pg) + pg->state = SCSI_ACCESS_STATE_TRANSITIONING; + rcu_read_unlock(); + alua_check(sdev, false); +} + +static enum scsi_disposition alua_check_sense(struct scsi_device *sdev, + struct scsi_sense_hdr *sense_hdr) +{ switch (sense_hdr->sense_key) { case NOT_READY: if (sense_hdr->asc == 0x04 && sense_hdr->ascq == 0x0a) { /* * LUN Not Accessible - ALUA state transition */ - rcu_read_lock(); - pg = rcu_dereference(h->pg); - if (pg) - pg->state = SCSI_ACCESS_STATE_TRANSITIONING; - rcu_read_unlock(); - alua_check(sdev, false); + alua_handle_state_transition(sdev); return NEEDS_RETRY; } break; case UNIT_ATTENTION: + if (sense_hdr->asc == 0x04 && sense_hdr->ascq == 0x0a) { + /* + * LUN Not Accessible - ALUA state transition + */ + alua_handle_state_transition(sdev); + return NEEDS_RETRY; + } if (sense_hdr->asc == 0x29 && sense_hdr->ascq == 0x00) { /* * Power On, Reset, or Bus Device Reset. @@ -502,7 +514,8 @@ static int alua_tur(struct scsi_device *sdev) retval = scsi_test_unit_ready(sdev, ALUA_FAILOVER_TIMEOUT * HZ, ALUA_FAILOVER_RETRIES, &sense_hdr); - if (sense_hdr.sense_key == NOT_READY && + if ((sense_hdr.sense_key == NOT_READY || + sense_hdr.sense_key == UNIT_ATTENTION) && sense_hdr.asc == 0x04 && sense_hdr.ascq == 0x0a) return SCSI_DH_RETRY; else if (retval) -- 2.43.0

1 year, 2 months

2
44
0 0

[PATCH AUTOSEL 6.6 01/35] scsi: core: alua: I/O errors for ALUA state transitions

by Sasha Levin

From: Martin Wilck <martin.wilck(a)suse.com> [ Upstream commit 10157b1fc1a762293381e9145041253420dfc6ad ] When a host is configured with a few LUNs and I/O is running, injecting FC faults repeatedly leads to path recovery problems. The LUNs have 4 paths each and 3 of them come back active after say an FC fault which makes 2 of the paths go down, instead of all 4. This happens after several iterations of continuous FC faults. Reason here is that we're returning an I/O error whenever we're encountering sense code 06/04/0a (LOGICAL UNIT NOT ACCESSIBLE, ASYMMETRIC ACCESS STATE TRANSITION) instead of retrying. [mwilck: The original patch was developed by Rajashekhar M A and Hannes Reinecke. I moved the code to alua_check_sense() as suggested by Mike Christie [1]. Evan Milne had raised the question whether pg->state should be set to transitioning in the UA case [2]. I believe that doing this is correct. SCSI_ACCESS_STATE_TRANSITIONING by itself doesn't cause I/O errors. Our handler schedules an RTPG, which will only result in an I/O error condition if the transitioning timeout expires.] [1] https://lore.kernel.org/all/0bc96e82-fdda-4187-148d-5b34f81d4942@oracle.com/ [2] https://lore.kernel.org/all/CAGtn9r=kicnTDE2o7Gt5Y=yoidHYD7tG8XdMHEBJTBraVE… Co-developed-by: Rajashekhar M A <rajs(a)netapp.com> Co-developed-by: Hannes Reinecke <hare(a)suse.de> Signed-off-by: Hannes Reinecke <hare(a)suse.de> Signed-off-by: Martin Wilck <martin.wilck(a)suse.com> Link: https://lore.kernel.org/r/20240514140344.19538-1-mwilck@suse.com Reviewed-by: Damien Le Moal <dlemoal(a)kernel.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: Mike Christie <michael.christie(a)oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/scsi/device_handler/scsi_dh_alua.c | 31 +++++++++++++++------- 1 file changed, 22 insertions(+), 9 deletions(-) diff --git a/drivers/scsi/device_handler/scsi_dh_alua.c b/drivers/scsi/device_handler/scsi_dh_alua.c index a226dc1b65d71..4eb0837298d4d 100644 --- a/drivers/scsi/device_handler/scsi_dh_alua.c +++ b/drivers/scsi/device_handler/scsi_dh_alua.c @@ -414,28 +414,40 @@ static char print_alua_state(unsigned char state) } } -static enum scsi_disposition alua_check_sense(struct scsi_device *sdev, - struct scsi_sense_hdr *sense_hdr) +static void alua_handle_state_transition(struct scsi_device *sdev) { struct alua_dh_data *h = sdev->handler_data; struct alua_port_group *pg; + rcu_read_lock(); + pg = rcu_dereference(h->pg); + if (pg) + pg->state = SCSI_ACCESS_STATE_TRANSITIONING; + rcu_read_unlock(); + alua_check(sdev, false); +} + +static enum scsi_disposition alua_check_sense(struct scsi_device *sdev, + struct scsi_sense_hdr *sense_hdr) +{ switch (sense_hdr->sense_key) { case NOT_READY: if (sense_hdr->asc == 0x04 && sense_hdr->ascq == 0x0a) { /* * LUN Not Accessible - ALUA state transition */ - rcu_read_lock(); - pg = rcu_dereference(h->pg); - if (pg) - pg->state = SCSI_ACCESS_STATE_TRANSITIONING; - rcu_read_unlock(); - alua_check(sdev, false); + alua_handle_state_transition(sdev); return NEEDS_RETRY; } break; case UNIT_ATTENTION: + if (sense_hdr->asc == 0x04 && sense_hdr->ascq == 0x0a) { + /* + * LUN Not Accessible - ALUA state transition + */ + alua_handle_state_transition(sdev); + return NEEDS_RETRY; + } if (sense_hdr->asc == 0x29 && sense_hdr->ascq == 0x00) { /* * Power On, Reset, or Bus Device Reset. @@ -502,7 +514,8 @@ static int alua_tur(struct scsi_device *sdev) retval = scsi_test_unit_ready(sdev, ALUA_FAILOVER_TIMEOUT * HZ, ALUA_FAILOVER_RETRIES, &sense_hdr); - if (sense_hdr.sense_key == NOT_READY && + if ((sense_hdr.sense_key == NOT_READY || + sense_hdr.sense_key == UNIT_ATTENTION) && sense_hdr.asc == 0x04 && sense_hdr.ascq == 0x0a) return SCSI_DH_RETRY; else if (retval) -- 2.43.0

1 year, 2 months

1
34
0 0

[PATCH v4] media: venus: fix use after free in vdec_close

by Dikshita Agarwal

There appears to be a possible use after free with vdec_close(). The firmware will add buffer release work to the work queue through HFI callbacks as a normal part of decoding. Randomly closing the decoder device from userspace during normal decoding can incur a read after free for inst. Fix it by cancelling the work in vdec_close. Cc: stable(a)vger.kernel.org Fixes: af2c3834c8ca ("[media] media: venus: adding core part and helper functions") Signed-off-by: Dikshita Agarwal <quic_dikshita(a)quicinc.com> --- Changes since v3: - Fixed style issue with fixes tag Changes since v2: - Fixed email id Changes since v1: - Added fixes and stable tags drivers/media/platform/qcom/venus/vdec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/media/platform/qcom/venus/vdec.c b/drivers/media/platform/qcom/venus/vdec.c index 29130a9..56f8a25 100644 --- a/drivers/media/platform/qcom/venus/vdec.c +++ b/drivers/media/platform/qcom/venus/vdec.c @@ -1747,6 +1747,7 @@ static int vdec_close(struct file *file) vdec_pm_get(inst); + cancel_work_sync(&inst->delayed_process_work); v4l2_m2m_ctx_release(inst->m2m_ctx); v4l2_m2m_release(inst->m2m_dev); vdec_ctrl_deinit(inst); -- 2.7.4

1 year, 2 months

2
1
0 0

FAILED: patch "[PATCH] mptcp: pm: update add_addr counters after connect" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 40eec1795cc27b076d49236649a29507c7ed8c2d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061753-platinum-rented-6220@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 40eec1795cc2 ("mptcp: pm: update add_addr counters after connect") 6a09788c1a66 ("mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID") e571fb09c893 ("selftests: mptcp: add speed env var") 4aadde088a58 ("selftests: mptcp: add fullmesh env var") 080b7f5733fd ("selftests: mptcp: add fastclose env var") 662aa22d7dcd ("selftests: mptcp: set all env vars as local ones") 9e9d176df8e9 ("selftests: mptcp: add pm_nl_set_endpoint helper") 1534f87ee0dc ("selftests: mptcp: drop sflags parameter") 595ef566a2ef ("selftests: mptcp: drop addr_nr_ns1/2 parameters") 0c93af1f8907 ("selftests: mptcp: drop test_linkfail parameter") be7e9786c915 ("selftests: mptcp: set FAILING_LINKS in run_tests") 4369c198e599 ("selftests: mptcp: test userspace pm out of transfer") ae947bb2c253 ("selftests: mptcp: join: skip Fastclose tests if not supported") d4c81bbb8600 ("selftests: mptcp: join: support local endpoint being tracked or not") 4a0b866a3f7d ("selftests: mptcp: join: skip test if iptables/tc cmds fail") 0c4cd3f86a40 ("selftests: mptcp: join: use 'iptables-legacy' if available") 6c160b636c91 ("selftests: mptcp: update userspace pm subflow tests") 48d73f609dcc ("selftests: mptcp: update userspace pm addr tests") 8697a258ae24 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 40eec1795cc27b076d49236649a29507c7ed8c2d Mon Sep 17 00:00:00 2001 From: YonglongLi <liyonglong(a)chinatelecom.cn> Date: Fri, 7 Jun 2024 17:01:50 +0200 Subject: [PATCH] mptcp: pm: update add_addr counters after connect The creation of new subflows can fail for different reasons. If no subflow have been created using the received ADD_ADDR, the related counters should not be updated, otherwise they will never be decremented for events related to this ID later on. For the moment, the number of accepted ADD_ADDR is only decremented upon the reception of a related RM_ADDR, and only if the remote address ID is currently being used by at least one subflow. In other words, if no subflow can be created with the received address, the counter will not be decremented. In this case, it is then important not to increment pm.add_addr_accepted counter, and not to modify pm.accept_addr bit. Note that this patch does not modify the behaviour in case of failures later on, e.g. if the MP Join is dropped or rejected. The "remove invalid addresses" MP Join subtest has been modified to validate this case. The broadcast IP address is added before the "valid" address that will be used to successfully create a subflow, and the limit is decreased by one: without this patch, it was not possible to create the last subflow, because: - the broadcast address would have been accepted even if it was not usable: the creation of a subflow to this address results in an error, - the limit of 2 accepted ADD_ADDR would have then been reached. Fixes: 01cacb00b35c ("mptcp: add netlink-based PM") Cc: stable(a)vger.kernel.org Co-developed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: YonglongLi <liyonglong(a)chinatelecom.cn> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://lore.kernel.org/r/20240607-upstream-net-20240607-misc-fixes-v1-3-1a… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 766a8409fa67..ea9e5817b9e9 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -677,6 +677,7 @@ static void mptcp_pm_nl_add_addr_received(struct mptcp_sock *msk) unsigned int add_addr_accept_max; struct mptcp_addr_info remote; unsigned int subflows_max; + bool sf_created = false; int i, nr; add_addr_accept_max = mptcp_pm_get_add_addr_accept_max(msk); @@ -704,15 +705,18 @@ static void mptcp_pm_nl_add_addr_received(struct mptcp_sock *msk) if (nr == 0) return; - msk->pm.add_addr_accepted++; - if (msk->pm.add_addr_accepted >= add_addr_accept_max || - msk->pm.subflows >= subflows_max) - WRITE_ONCE(msk->pm.accept_addr, false); - spin_unlock_bh(&msk->pm.lock); for (i = 0; i < nr; i++) - __mptcp_subflow_connect(sk, &addrs[i], &remote); + if (__mptcp_subflow_connect(sk, &addrs[i], &remote) == 0) + sf_created = true; spin_lock_bh(&msk->pm.lock); + + if (sf_created) { + msk->pm.add_addr_accepted++; + if (msk->pm.add_addr_accepted >= add_addr_accept_max || + msk->pm.subflows >= subflows_max) + WRITE_ONCE(msk->pm.accept_addr, false); + } } void mptcp_pm_nl_addr_send_ack(struct mptcp_sock *msk) diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index aea314d140c9..108aeeb84ef1 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -2249,10 +2249,10 @@ remove_tests() if reset "remove invalid addresses"; then pm_nl_set_limits $ns1 3 3 pm_nl_add_endpoint $ns1 10.0.12.1 flags signal - pm_nl_add_endpoint $ns1 10.0.3.1 flags signal # broadcast IP: no packet for this address will be received on ns1 pm_nl_add_endpoint $ns1 224.0.0.1 flags signal - pm_nl_set_limits $ns2 3 3 + pm_nl_add_endpoint $ns1 10.0.3.1 flags signal + pm_nl_set_limits $ns2 2 2 addr_nr_ns1=-3 speed=10 \ run_tests $ns1 $ns2 10.0.1.1 chk_join_nr 1 1 1

1 year, 2 months

2
1
0 0

FAILED: patch "[PATCH] mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 6a09788c1a66e3d8b04b3b3e7618cc817bb60ae9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061738-bright-knelt-4f2a@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 6a09788c1a66 ("mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID") 3ad14f54bd74 ("mptcp: more accurate MPC endpoint tracking") c157bbe776b7 ("mptcp: allow the in kernel PM to set MPC subflow priority") 843b5e75efff ("mptcp: fix local endpoint accounting") 4638de5aefe5 ("mptcp: handle local addrs announced by userspace PMs") 0530020a7c8f ("mptcp: track and update contiguous data status") 0348c690ed37 ("mptcp: add the fallback check") 1761fed25678 ("mptcp: don't send RST for single subflow") c682bf536cf4 ("mptcp: add pm_nl_pernet helpers") ae7bd9ccecc3 ("selftests: mptcp: join: option to execute specific tests") e59300ce3ff8 ("selftests: mptcp: join: reset failing links") 3afd0280e7d3 ("selftests: mptcp: join: define tests groups once") 3c082695e78b ("selftests: mptcp: drop msg argument of chk_csum_nr") 69c6ce7b6eca ("selftests: mptcp: add implicit endpoint test case") 4cf86ae84c71 ("mptcp: strict local address ID selection") d045b9eb95a9 ("mptcp: introduce implicit endpoints") 6fa0174a7c86 ("mptcp: more careful RM_ADDR generation") f98c2bca7b2b ("selftests: mptcp: Rename wait function") 826d7bdca833 ("selftests: mptcp: join: allow running -cCi") ea56dcb43c20 ("mptcp: use MPTCP_SUBFLOW_NODATA") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6a09788c1a66e3d8b04b3b3e7618cc817bb60ae9 Mon Sep 17 00:00:00 2001 From: YonglongLi <liyonglong(a)chinatelecom.cn> Date: Fri, 7 Jun 2024 17:01:49 +0200 Subject: [PATCH] mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID The RmAddr MIB counter is supposed to be incremented once when a valid RM_ADDR has been received. Before this patch, it could have been incremented as many times as the number of subflows connected to the linked address ID, so it could have been 0, 1 or more than 1. The "RmSubflow" is incremented after a local operation. In this case, it is normal to tied it with the number of subflows that have been actually removed. The "remove invalid addresses" MP Join subtest has been modified to validate this case. A broadcast IP address is now used instead: the client will not be able to create a subflow to this address. The consequence is that when receiving the RM_ADDR with the ID attached to this broadcast IP address, no subflow linked to this ID will be found. Fixes: 7a7e52e38a40 ("mptcp: add RM_ADDR related mibs") Cc: stable(a)vger.kernel.org Co-developed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: YonglongLi <liyonglong(a)chinatelecom.cn> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://lore.kernel.org/r/20240607-upstream-net-20240607-misc-fixes-v1-2-1a… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 7f53e022e27e..766a8409fa67 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -814,10 +814,13 @@ static void mptcp_pm_nl_rm_addr_or_subflow(struct mptcp_sock *msk, spin_lock_bh(&msk->pm.lock); removed = true; - __MPTCP_INC_STATS(sock_net(sk), rm_type); + if (rm_type == MPTCP_MIB_RMSUBFLOW) + __MPTCP_INC_STATS(sock_net(sk), rm_type); } if (rm_type == MPTCP_MIB_RMSUBFLOW) __set_bit(rm_id ? rm_id : msk->mpc_endpoint_id, msk->pm.id_avail_bitmap); + else if (rm_type == MPTCP_MIB_RMADDR) + __MPTCP_INC_STATS(sock_net(sk), rm_type); if (!removed) continue; diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index 2b66c5fa71eb..aea314d140c9 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -2250,7 +2250,8 @@ remove_tests() pm_nl_set_limits $ns1 3 3 pm_nl_add_endpoint $ns1 10.0.12.1 flags signal pm_nl_add_endpoint $ns1 10.0.3.1 flags signal - pm_nl_add_endpoint $ns1 10.0.14.1 flags signal + # broadcast IP: no packet for this address will be received on ns1 + pm_nl_add_endpoint $ns1 224.0.0.1 flags signal pm_nl_set_limits $ns2 3 3 addr_nr_ns1=-3 speed=10 \ run_tests $ns1 $ns2 10.0.1.1

1 year, 2 months

2
1
0 0

[PATCH v5 1/1] usb: dwc3: core: Workaround for CSR read timeout

by joswang

From: Jos Wang <joswang(a)lenovo.com> This is a workaround for STAR 4846132, which only affects DWC_usb31 version2.00a operating in host mode. There is a problem in DWC_usb31 version 2.00a operating in host mode that would cause a CSR read timeout When CSR read coincides with RAM Clock Gating Entry. By disable Clock Gating, sacrificing power consumption for normal operation. Cc: stable(a)vger.kernel.org Signed-off-by: Jos Wang <joswang(a)lenovo.com> --- v4 -> v5: no change v3 -> v4: modify commit message, add Cc: stable(a)vger.kernel.org v2 -> v3: - code refactor - modify comment, add STAR number, workaround applied in host mode - modify commit message, add STAR number, workaround applied in host mode - modify Author Jos Wang v1 -> v2: no change drivers/usb/dwc3/core.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c index 3a8fbc2d6b99..61f858f64e5a 100644 --- a/drivers/usb/dwc3/core.c +++ b/drivers/usb/dwc3/core.c @@ -960,12 +960,16 @@ static bool dwc3_core_is_valid(struct dwc3 *dwc) static void dwc3_core_setup_global_control(struct dwc3 *dwc) { + unsigned int power_opt; + unsigned int hw_mode; u32 reg; reg = dwc3_readl(dwc->regs, DWC3_GCTL); reg &= ~DWC3_GCTL_SCALEDOWN_MASK; + hw_mode = DWC3_GHWPARAMS0_MODE(dwc->hwparams.hwparams0); + power_opt = DWC3_GHWPARAMS1_EN_PWROPT(dwc->hwparams.hwparams1); - switch (DWC3_GHWPARAMS1_EN_PWROPT(dwc->hwparams.hwparams1)) { + switch (power_opt) { case DWC3_GHWPARAMS1_EN_PWROPT_CLK: /** * WORKAROUND: DWC3 revisions between 2.10a and 2.50a have an @@ -998,6 +1002,20 @@ static void dwc3_core_setup_global_control(struct dwc3 *dwc) break; } + /* + * This is a workaround for STAR#4846132, which only affects + * DWC_usb31 version2.00a operating in host mode. + * + * There is a problem in DWC_usb31 version 2.00a operating + * in host mode that would cause a CSR read timeout When CSR + * read coincides with RAM Clock Gating Entry. By disable + * Clock Gating, sacrificing power consumption for normal + * operation. + */ + if (power_opt != DWC3_GHWPARAMS1_EN_PWROPT_NO && + hw_mode != DWC3_GHWPARAMS0_MODE_GADGET && DWC3_VER_IS(DWC31, 200A)) + reg |= DWC3_GCTL_DSBLCLKGTNG; + /* check if current dwc3 is on simulation board */ if (dwc->hwparams.hwparams6 & DWC3_GHWPARAMS6_EN_FPGA) { dev_info(dwc->dev, "Running with FPGA optimizations\n"); -- 2.17.1

1 year, 2 months

1
0
0 0

[PATCH] net: usb: ax88179_178a: improve link status logs

by Jose Ignacio Tornos Martinez

Avoid spurious link status logs that may ultimately be wrong; for example, if the link is set to down with the cable plugged, then the cable is unplugged and afer this the link is set to up, the last new log that is appearing is incorrectly telling that the link is up. In order to aovid errors, show link status logs after link_reset processing, and in order to avoid spurious as much as possible, only show the link loss when some link status change is detected. cc: stable(a)vger.kernel.org Fixes: e2ca90c276e1 ("ax88179_178a: ASIX AX88179_178A USB 3.0/2.0 to gigabit ethernet adapter driver") Signed-off-by: Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> --- drivers/net/usb/ax88179_178a.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/net/usb/ax88179_178a.c b/drivers/net/usb/ax88179_178a.c index c2fb736f78b2..60357796be99 100644 --- a/drivers/net/usb/ax88179_178a.c +++ b/drivers/net/usb/ax88179_178a.c @@ -326,7 +326,8 @@ static void ax88179_status(struct usbnet *dev, struct urb *urb) if (netif_carrier_ok(dev->net) != link) { usbnet_link_change(dev, link, 1); - netdev_info(dev->net, "ax88179 - Link status is: %d\n", link); + if (!link) + netdev_info(dev->net, "ax88179 - Link status is: %d\n", link); } } @@ -1542,6 +1543,7 @@ static int ax88179_link_reset(struct usbnet *dev) GMII_PHY_PHYSR, 2, &tmp16); if (!(tmp16 & GMII_PHY_PHYSR_LINK)) { + netdev_info(dev->net, "ax88179 - Link status is: 0\n"); return 0; } else if (GMII_PHY_PHYSR_GIGA == (tmp16 & GMII_PHY_PHYSR_SMASK)) { mode |= AX_MEDIUM_GIGAMODE | AX_MEDIUM_EN_125MHZ; @@ -1579,6 +1581,8 @@ static int ax88179_link_reset(struct usbnet *dev) netif_carrier_on(dev->net); + netdev_info(dev->net, "ax88179 - Link status is: 1\n"); + return 0; } -- 2.45.1

1 year, 2 months

2
3
0 0

FAILED: patch "[PATCH] mptcp: pm: update add_addr counters after connect" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 40eec1795cc27b076d49236649a29507c7ed8c2d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061752-crowbar-granddad-34da@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 40eec1795cc2 ("mptcp: pm: update add_addr counters after connect") 6a09788c1a66 ("mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID") e571fb09c893 ("selftests: mptcp: add speed env var") 4aadde088a58 ("selftests: mptcp: add fullmesh env var") 080b7f5733fd ("selftests: mptcp: add fastclose env var") 662aa22d7dcd ("selftests: mptcp: set all env vars as local ones") 9e9d176df8e9 ("selftests: mptcp: add pm_nl_set_endpoint helper") 1534f87ee0dc ("selftests: mptcp: drop sflags parameter") 595ef566a2ef ("selftests: mptcp: drop addr_nr_ns1/2 parameters") 0c93af1f8907 ("selftests: mptcp: drop test_linkfail parameter") be7e9786c915 ("selftests: mptcp: set FAILING_LINKS in run_tests") 4369c198e599 ("selftests: mptcp: test userspace pm out of transfer") ae947bb2c253 ("selftests: mptcp: join: skip Fastclose tests if not supported") d4c81bbb8600 ("selftests: mptcp: join: support local endpoint being tracked or not") 4a0b866a3f7d ("selftests: mptcp: join: skip test if iptables/tc cmds fail") 0c4cd3f86a40 ("selftests: mptcp: join: use 'iptables-legacy' if available") 6c160b636c91 ("selftests: mptcp: update userspace pm subflow tests") 48d73f609dcc ("selftests: mptcp: update userspace pm addr tests") 8697a258ae24 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 40eec1795cc27b076d49236649a29507c7ed8c2d Mon Sep 17 00:00:00 2001 From: YonglongLi <liyonglong(a)chinatelecom.cn> Date: Fri, 7 Jun 2024 17:01:50 +0200 Subject: [PATCH] mptcp: pm: update add_addr counters after connect The creation of new subflows can fail for different reasons. If no subflow have been created using the received ADD_ADDR, the related counters should not be updated, otherwise they will never be decremented for events related to this ID later on. For the moment, the number of accepted ADD_ADDR is only decremented upon the reception of a related RM_ADDR, and only if the remote address ID is currently being used by at least one subflow. In other words, if no subflow can be created with the received address, the counter will not be decremented. In this case, it is then important not to increment pm.add_addr_accepted counter, and not to modify pm.accept_addr bit. Note that this patch does not modify the behaviour in case of failures later on, e.g. if the MP Join is dropped or rejected. The "remove invalid addresses" MP Join subtest has been modified to validate this case. The broadcast IP address is added before the "valid" address that will be used to successfully create a subflow, and the limit is decreased by one: without this patch, it was not possible to create the last subflow, because: - the broadcast address would have been accepted even if it was not usable: the creation of a subflow to this address results in an error, - the limit of 2 accepted ADD_ADDR would have then been reached. Fixes: 01cacb00b35c ("mptcp: add netlink-based PM") Cc: stable(a)vger.kernel.org Co-developed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: YonglongLi <liyonglong(a)chinatelecom.cn> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://lore.kernel.org/r/20240607-upstream-net-20240607-misc-fixes-v1-3-1a… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 766a8409fa67..ea9e5817b9e9 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -677,6 +677,7 @@ static void mptcp_pm_nl_add_addr_received(struct mptcp_sock *msk) unsigned int add_addr_accept_max; struct mptcp_addr_info remote; unsigned int subflows_max; + bool sf_created = false; int i, nr; add_addr_accept_max = mptcp_pm_get_add_addr_accept_max(msk); @@ -704,15 +705,18 @@ static void mptcp_pm_nl_add_addr_received(struct mptcp_sock *msk) if (nr == 0) return; - msk->pm.add_addr_accepted++; - if (msk->pm.add_addr_accepted >= add_addr_accept_max || - msk->pm.subflows >= subflows_max) - WRITE_ONCE(msk->pm.accept_addr, false); - spin_unlock_bh(&msk->pm.lock); for (i = 0; i < nr; i++) - __mptcp_subflow_connect(sk, &addrs[i], &remote); + if (__mptcp_subflow_connect(sk, &addrs[i], &remote) == 0) + sf_created = true; spin_lock_bh(&msk->pm.lock); + + if (sf_created) { + msk->pm.add_addr_accepted++; + if (msk->pm.add_addr_accepted >= add_addr_accept_max || + msk->pm.subflows >= subflows_max) + WRITE_ONCE(msk->pm.accept_addr, false); + } } void mptcp_pm_nl_addr_send_ack(struct mptcp_sock *msk) diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index aea314d140c9..108aeeb84ef1 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -2249,10 +2249,10 @@ remove_tests() if reset "remove invalid addresses"; then pm_nl_set_limits $ns1 3 3 pm_nl_add_endpoint $ns1 10.0.12.1 flags signal - pm_nl_add_endpoint $ns1 10.0.3.1 flags signal # broadcast IP: no packet for this address will be received on ns1 pm_nl_add_endpoint $ns1 224.0.0.1 flags signal - pm_nl_set_limits $ns2 3 3 + pm_nl_add_endpoint $ns1 10.0.3.1 flags signal + pm_nl_set_limits $ns2 2 2 addr_nr_ns1=-3 speed=10 \ run_tests $ns1 $ns2 10.0.1.1 chk_join_nr 1 1 1

1 year, 2 months

2
1
0 0

FAILED: patch "[PATCH] mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 6a09788c1a66e3d8b04b3b3e7618cc817bb60ae9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061737-stove-fence-8c34@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 6a09788c1a66 ("mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID") 3ad14f54bd74 ("mptcp: more accurate MPC endpoint tracking") c157bbe776b7 ("mptcp: allow the in kernel PM to set MPC subflow priority") 843b5e75efff ("mptcp: fix local endpoint accounting") 4638de5aefe5 ("mptcp: handle local addrs announced by userspace PMs") 0530020a7c8f ("mptcp: track and update contiguous data status") 0348c690ed37 ("mptcp: add the fallback check") 1761fed25678 ("mptcp: don't send RST for single subflow") c682bf536cf4 ("mptcp: add pm_nl_pernet helpers") ae7bd9ccecc3 ("selftests: mptcp: join: option to execute specific tests") e59300ce3ff8 ("selftests: mptcp: join: reset failing links") 3afd0280e7d3 ("selftests: mptcp: join: define tests groups once") 3c082695e78b ("selftests: mptcp: drop msg argument of chk_csum_nr") 69c6ce7b6eca ("selftests: mptcp: add implicit endpoint test case") 4cf86ae84c71 ("mptcp: strict local address ID selection") d045b9eb95a9 ("mptcp: introduce implicit endpoints") 6fa0174a7c86 ("mptcp: more careful RM_ADDR generation") f98c2bca7b2b ("selftests: mptcp: Rename wait function") 826d7bdca833 ("selftests: mptcp: join: allow running -cCi") ea56dcb43c20 ("mptcp: use MPTCP_SUBFLOW_NODATA") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6a09788c1a66e3d8b04b3b3e7618cc817bb60ae9 Mon Sep 17 00:00:00 2001 From: YonglongLi <liyonglong(a)chinatelecom.cn> Date: Fri, 7 Jun 2024 17:01:49 +0200 Subject: [PATCH] mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID The RmAddr MIB counter is supposed to be incremented once when a valid RM_ADDR has been received. Before this patch, it could have been incremented as many times as the number of subflows connected to the linked address ID, so it could have been 0, 1 or more than 1. The "RmSubflow" is incremented after a local operation. In this case, it is normal to tied it with the number of subflows that have been actually removed. The "remove invalid addresses" MP Join subtest has been modified to validate this case. A broadcast IP address is now used instead: the client will not be able to create a subflow to this address. The consequence is that when receiving the RM_ADDR with the ID attached to this broadcast IP address, no subflow linked to this ID will be found. Fixes: 7a7e52e38a40 ("mptcp: add RM_ADDR related mibs") Cc: stable(a)vger.kernel.org Co-developed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: YonglongLi <liyonglong(a)chinatelecom.cn> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://lore.kernel.org/r/20240607-upstream-net-20240607-misc-fixes-v1-2-1a… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 7f53e022e27e..766a8409fa67 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -814,10 +814,13 @@ static void mptcp_pm_nl_rm_addr_or_subflow(struct mptcp_sock *msk, spin_lock_bh(&msk->pm.lock); removed = true; - __MPTCP_INC_STATS(sock_net(sk), rm_type); + if (rm_type == MPTCP_MIB_RMSUBFLOW) + __MPTCP_INC_STATS(sock_net(sk), rm_type); } if (rm_type == MPTCP_MIB_RMSUBFLOW) __set_bit(rm_id ? rm_id : msk->mpc_endpoint_id, msk->pm.id_avail_bitmap); + else if (rm_type == MPTCP_MIB_RMADDR) + __MPTCP_INC_STATS(sock_net(sk), rm_type); if (!removed) continue; diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index 2b66c5fa71eb..aea314d140c9 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -2250,7 +2250,8 @@ remove_tests() pm_nl_set_limits $ns1 3 3 pm_nl_add_endpoint $ns1 10.0.12.1 flags signal pm_nl_add_endpoint $ns1 10.0.3.1 flags signal - pm_nl_add_endpoint $ns1 10.0.14.1 flags signal + # broadcast IP: no packet for this address will be received on ns1 + pm_nl_add_endpoint $ns1 224.0.0.1 flags signal pm_nl_set_limits $ns2 3 3 addr_nr_ns1=-3 speed=10 \ run_tests $ns1 $ns2 10.0.1.1

1 year, 2 months

2
1
0 0

FAILED: patch "[PATCH] mptcp: pm: update add_addr counters after connect" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 40eec1795cc27b076d49236649a29507c7ed8c2d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061751-duplicate-backlash-e65c@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 40eec1795cc2 ("mptcp: pm: update add_addr counters after connect") 6a09788c1a66 ("mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID") e571fb09c893 ("selftests: mptcp: add speed env var") 4aadde088a58 ("selftests: mptcp: add fullmesh env var") 080b7f5733fd ("selftests: mptcp: add fastclose env var") 662aa22d7dcd ("selftests: mptcp: set all env vars as local ones") 9e9d176df8e9 ("selftests: mptcp: add pm_nl_set_endpoint helper") 1534f87ee0dc ("selftests: mptcp: drop sflags parameter") 595ef566a2ef ("selftests: mptcp: drop addr_nr_ns1/2 parameters") 0c93af1f8907 ("selftests: mptcp: drop test_linkfail parameter") be7e9786c915 ("selftests: mptcp: set FAILING_LINKS in run_tests") 4369c198e599 ("selftests: mptcp: test userspace pm out of transfer") ae947bb2c253 ("selftests: mptcp: join: skip Fastclose tests if not supported") d4c81bbb8600 ("selftests: mptcp: join: support local endpoint being tracked or not") 4a0b866a3f7d ("selftests: mptcp: join: skip test if iptables/tc cmds fail") 0c4cd3f86a40 ("selftests: mptcp: join: use 'iptables-legacy' if available") 6c160b636c91 ("selftests: mptcp: update userspace pm subflow tests") 48d73f609dcc ("selftests: mptcp: update userspace pm addr tests") 8697a258ae24 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 40eec1795cc27b076d49236649a29507c7ed8c2d Mon Sep 17 00:00:00 2001 From: YonglongLi <liyonglong(a)chinatelecom.cn> Date: Fri, 7 Jun 2024 17:01:50 +0200 Subject: [PATCH] mptcp: pm: update add_addr counters after connect The creation of new subflows can fail for different reasons. If no subflow have been created using the received ADD_ADDR, the related counters should not be updated, otherwise they will never be decremented for events related to this ID later on. For the moment, the number of accepted ADD_ADDR is only decremented upon the reception of a related RM_ADDR, and only if the remote address ID is currently being used by at least one subflow. In other words, if no subflow can be created with the received address, the counter will not be decremented. In this case, it is then important not to increment pm.add_addr_accepted counter, and not to modify pm.accept_addr bit. Note that this patch does not modify the behaviour in case of failures later on, e.g. if the MP Join is dropped or rejected. The "remove invalid addresses" MP Join subtest has been modified to validate this case. The broadcast IP address is added before the "valid" address that will be used to successfully create a subflow, and the limit is decreased by one: without this patch, it was not possible to create the last subflow, because: - the broadcast address would have been accepted even if it was not usable: the creation of a subflow to this address results in an error, - the limit of 2 accepted ADD_ADDR would have then been reached. Fixes: 01cacb00b35c ("mptcp: add netlink-based PM") Cc: stable(a)vger.kernel.org Co-developed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: YonglongLi <liyonglong(a)chinatelecom.cn> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://lore.kernel.org/r/20240607-upstream-net-20240607-misc-fixes-v1-3-1a… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 766a8409fa67..ea9e5817b9e9 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -677,6 +677,7 @@ static void mptcp_pm_nl_add_addr_received(struct mptcp_sock *msk) unsigned int add_addr_accept_max; struct mptcp_addr_info remote; unsigned int subflows_max; + bool sf_created = false; int i, nr; add_addr_accept_max = mptcp_pm_get_add_addr_accept_max(msk); @@ -704,15 +705,18 @@ static void mptcp_pm_nl_add_addr_received(struct mptcp_sock *msk) if (nr == 0) return; - msk->pm.add_addr_accepted++; - if (msk->pm.add_addr_accepted >= add_addr_accept_max || - msk->pm.subflows >= subflows_max) - WRITE_ONCE(msk->pm.accept_addr, false); - spin_unlock_bh(&msk->pm.lock); for (i = 0; i < nr; i++) - __mptcp_subflow_connect(sk, &addrs[i], &remote); + if (__mptcp_subflow_connect(sk, &addrs[i], &remote) == 0) + sf_created = true; spin_lock_bh(&msk->pm.lock); + + if (sf_created) { + msk->pm.add_addr_accepted++; + if (msk->pm.add_addr_accepted >= add_addr_accept_max || + msk->pm.subflows >= subflows_max) + WRITE_ONCE(msk->pm.accept_addr, false); + } } void mptcp_pm_nl_addr_send_ack(struct mptcp_sock *msk) diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index aea314d140c9..108aeeb84ef1 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -2249,10 +2249,10 @@ remove_tests() if reset "remove invalid addresses"; then pm_nl_set_limits $ns1 3 3 pm_nl_add_endpoint $ns1 10.0.12.1 flags signal - pm_nl_add_endpoint $ns1 10.0.3.1 flags signal # broadcast IP: no packet for this address will be received on ns1 pm_nl_add_endpoint $ns1 224.0.0.1 flags signal - pm_nl_set_limits $ns2 3 3 + pm_nl_add_endpoint $ns1 10.0.3.1 flags signal + pm_nl_set_limits $ns2 2 2 addr_nr_ns1=-3 speed=10 \ run_tests $ns1 $ns2 10.0.1.1 chk_join_nr 1 1 1

1 year, 2 months

2
1
0 0

[PATCH v3] media: venus: fix use after free bug in venus_remove due to race condition

by Dikshita Agarwal

From: Zheng Wang <zyytlz.wz(a)163.com> in venus_probe, core->work is bound with venus_sys_error_handler, which is used to handle error. The code use core->sys_err_done to make sync work. The core->work is started in venus_event_notify. If we call venus_remove, there might be an unfished work. The possible sequence is as follows: CPU0 CPU1 |venus_sys_error_handler venus_remove | hfi_destroy | venus_hfi_destroy | kfree(hdev); | |hfi_reinit |venus_hfi_queues_reinit |//use hdev Fix it by canceling the work in venus_remove. Cc: stable(a)vger.kernel.org Fixes: af2c3834c8ca ("[media] media: venus: adding core part and helper functions") Signed-off-by: Zheng Wang <zyytlz.wz(a)163.com> Signed-off-by: Dikshita Agarwal <quic_dikshita(a)quicinc.com> --- Changes since v2: - used cancel_delayed_work_sync instead of cancel_delayed_work drivers/media/platform/qcom/venus/core.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/media/platform/qcom/venus/core.c b/drivers/media/platform/qcom/venus/core.c index a712dd4..c139270 100644 --- a/drivers/media/platform/qcom/venus/core.c +++ b/drivers/media/platform/qcom/venus/core.c @@ -424,6 +424,7 @@ static void venus_remove(struct platform_device *pdev) struct device *dev = core->dev; int ret; + cancel_delayed_work_sync(&core->work); ret = pm_runtime_get_sync(dev); WARN_ON(ret < 0); -- 2.7.4

1 year, 2 months

1
0
0 0

[PATCH AUTOSEL 5.10 1/7] drm/amd/display: Exit idle optimizations before HDCP execution

by Sasha Levin

From: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> [ Upstream commit f30a3bea92bdab398531129d187629fb1d28f598 ] [WHY] PSP can access DCN registers during command submission and we need to ensure that DCN is not in PG before doing so. [HOW] Add a callback to DM to lock and notify DC for idle optimization exit. It can't be DC directly because of a potential race condition with the link protection thread and the rest of DM operation. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Reviewed-by: Charlene Liu <charlene.liu(a)amd.com> Acked-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c | 10 ++++++++++ drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h | 8 ++++++++ 2 files changed, 18 insertions(+) diff --git a/drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c b/drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c index fa8aeec304ef4..c39cb4b6767cf 100644 --- a/drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c +++ b/drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c @@ -86,6 +86,14 @@ static uint8_t is_cp_desired_hdcp2(struct mod_hdcp *hdcp) !hdcp->connection.is_hdcp2_revoked; } +static void exit_idle_optimizations(struct mod_hdcp *hdcp) +{ + struct mod_hdcp_dm *dm = &hdcp->config.dm; + + if (dm->funcs.exit_idle_optimizations) + dm->funcs.exit_idle_optimizations(dm->handle); +} + static enum mod_hdcp_status execution(struct mod_hdcp *hdcp, struct mod_hdcp_event_context *event_ctx, union mod_hdcp_transition_input *input) @@ -448,6 +456,8 @@ enum mod_hdcp_status mod_hdcp_process_event(struct mod_hdcp *hdcp, memset(&event_ctx, 0, sizeof(struct mod_hdcp_event_context)); event_ctx.event = event; + exit_idle_optimizations(hdcp); + /* execute and transition */ exec_status = execution(hdcp, &event_ctx, &hdcp->auth.trans_input); trans_status = transition( diff --git a/drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h b/drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h index eed560eecbab4..fb195276fb704 100644 --- a/drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h +++ b/drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h @@ -143,6 +143,13 @@ struct mod_hdcp_ddc { } funcs; }; +struct mod_hdcp_dm { + void *handle; + struct { + void (*exit_idle_optimizations)(void *handle); + } funcs; +}; + struct mod_hdcp_psp { void *handle; void *funcs; @@ -252,6 +259,7 @@ struct mod_hdcp_display_query { struct mod_hdcp_config { struct mod_hdcp_psp psp; struct mod_hdcp_ddc ddc; + struct mod_hdcp_dm dm; uint8_t index; }; -- 2.43.0

1 year, 2 months

2
7
0 0

[PATCH AUTOSEL 5.10 1/8] nvme-multipath: find NUMA path only for online numa-node

by Sasha Levin

From: Nilay Shroff <nilay(a)linux.ibm.com> [ Upstream commit d3a043733f25d743f3aa617c7f82dbcb5ee2211a ] In current native multipath design when a shared namespace is created, we loop through each possible numa-node, calculate the NUMA distance of that node from each nvme controller and then cache the optimal IO path for future reference while sending IO. The issue with this design is that we may refer to the NUMA distance table for an offline node which may not be populated at the time and so we may inadvertently end up finding and caching a non-optimal path for IO. Then latter when the corresponding numa-node becomes online and hence the NUMA distance table entry for that node is created, ideally we should re-calculate the multipath node distance for the newly added node however that doesn't happen unless we rescan/reset the controller. So essentially, we may keep using non-optimal IO path for a node which is made online after namespace is created. This patch helps fix this issue ensuring that when a shared namespace is created, we calculate the multipath node distance for each online numa-node instead of each possible numa-node. Then latter when a node becomes online and we receive any IO on that newly added node, we would calculate the multipath node distance for newly added node but this time NUMA distance table would have been already populated for newly added node. Hence we would be able to correctly calculate the multipath node distance and choose the optimal path for the IO. Signed-off-by: Nilay Shroff <nilay(a)linux.ibm.com> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Signed-off-by: Keith Busch <kbusch(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/nvme/host/multipath.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/nvme/host/multipath.c b/drivers/nvme/host/multipath.c index 379d6818a0635..a4e8e7f331235 100644 --- a/drivers/nvme/host/multipath.c +++ b/drivers/nvme/host/multipath.c @@ -419,7 +419,7 @@ static void nvme_mpath_set_live(struct nvme_ns *ns) int node, srcu_idx; srcu_idx = srcu_read_lock(&head->srcu); - for_each_node(node) + for_each_online_node(node) __nvme_find_path(head, node); srcu_read_unlock(&head->srcu, srcu_idx); } -- 2.43.0

1 year, 2 months

3
9
0 0

[PATCH v2] cifs: drop the incorrect assertion in cifs_swap_rw()

by Barry Song

From: Barry Song <v-songbaohua(a)oppo.com> Since commit 2282679fb20b ("mm: submit multipage write for SWP_FS_OPS swap-space"), we can plug multiple pages then unplug them all together. That means iov_iter_count(iter) could be way bigger than PAGE_SIZE, it actually equals the size of iov_iter_npages(iter, INT_MAX). Note this issue has nothing to do with large folios as we don't support THP_SWPOUT to non-block devices. Fixes: 2282679fb20b ("mm: submit multipage write for SWP_FS_OPS swap-space") Reported-by: Christoph Hellwig <hch(a)lst.de> Closes: https://lore.kernel.org/linux-mm/20240614100329.1203579-1-hch@lst.de/ Cc: NeilBrown <neilb(a)suse.de> Cc: Anna Schumaker <anna(a)kernel.org> Cc: Steve French <sfrench(a)samba.org> Cc: Trond Myklebust <trondmy(a)kernel.org> Cc: Chuanhua Han <hanchuanhua(a)oppo.com> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Chris Li <chrisl(a)kernel.org> Cc: "Huang, Ying" <ying.huang(a)intel.com> Cc: Jeff Layton <jlayton(a)kernel.org> Cc: Paulo Alcantara <pc(a)manguebit.com> Cc: Ronnie Sahlberg <ronniesahlberg(a)gmail.com> Cc: Shyam Prasad N <sprasad(a)microsoft.com> Cc: Tom Talpey <tom(a)talpey.com> Cc: Bharath SM <bharathsm(a)microsoft.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Barry Song <v-songbaohua(a)oppo.com> --- -v2: * drop the assertion instead of fixing the assertion. per the comments of Willy, Christoph in nfs thread. fs/smb/client/file.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/fs/smb/client/file.c b/fs/smb/client/file.c index 9d5c2440abfc..1e269e0bc75b 100644 --- a/fs/smb/client/file.c +++ b/fs/smb/client/file.c @@ -3200,8 +3200,6 @@ static int cifs_swap_rw(struct kiocb *iocb, struct iov_iter *iter) { ssize_t ret; - WARN_ON_ONCE(iov_iter_count(iter) != PAGE_SIZE); - if (iov_iter_rw(iter) == READ) ret = netfs_unbuffered_read_iter_locked(iocb, iter); else -- 2.34.1

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] mm/huge_memory: don't unpoison huge_zero_folio" failed to apply to 6.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.9.y git checkout FETCH_HEAD git cherry-pick -x fe6f86f4b40855a130a19aa589f9ba7f650423f4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061356-victory-clothes-c151@gregkh' --subject-prefix 'PATCH 6.9.y' HEAD^.. Possible dependencies: fe6f86f4b408 ("mm/huge_memory: don't unpoison huge_zero_folio") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fe6f86f4b40855a130a19aa589f9ba7f650423f4 Mon Sep 17 00:00:00 2001 From: Miaohe Lin <linmiaohe(a)huawei.com> Date: Thu, 16 May 2024 20:26:08 +0800 Subject: [PATCH] mm/huge_memory: don't unpoison huge_zero_folio When I did memory failure tests recently, below panic occurs: kernel BUG at include/linux/mm.h:1135! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 9 PID: 137 Comm: kswapd1 Not tainted 6.9.0-rc4-00491-gd5ce28f156fe-dirty #14 RIP: 0010:shrink_huge_zero_page_scan+0x168/0x1a0 RSP: 0018:ffff9933c6c57bd0 EFLAGS: 00000246 RAX: 000000000000003e RBX: 0000000000000000 RCX: ffff88f61fc5c9c8 RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff88f61fc5c9c0 RBP: ffffcd7c446b0000 R08: ffffffff9a9405f0 R09: 0000000000005492 R10: 00000000000030ea R11: ffffffff9a9405f0 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88e703c4ac00 FS: 0000000000000000(0000) GS:ffff88f61fc40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055f4da6e9878 CR3: 0000000c71048000 CR4: 00000000000006f0 Call Trace: <TASK> do_shrink_slab+0x14f/0x6a0 shrink_slab+0xca/0x8c0 shrink_node+0x2d0/0x7d0 balance_pgdat+0x33a/0x720 kswapd+0x1f3/0x410 kthread+0xd5/0x100 ret_from_fork+0x2f/0x50 ret_from_fork_asm+0x1a/0x30 </TASK> Modules linked in: mce_inject hwpoison_inject ---[ end trace 0000000000000000 ]--- RIP: 0010:shrink_huge_zero_page_scan+0x168/0x1a0 RSP: 0018:ffff9933c6c57bd0 EFLAGS: 00000246 RAX: 000000000000003e RBX: 0000000000000000 RCX: ffff88f61fc5c9c8 RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff88f61fc5c9c0 RBP: ffffcd7c446b0000 R08: ffffffff9a9405f0 R09: 0000000000005492 R10: 00000000000030ea R11: ffffffff9a9405f0 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88e703c4ac00 FS: 0000000000000000(0000) GS:ffff88f61fc40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055f4da6e9878 CR3: 0000000c71048000 CR4: 00000000000006f0 The root cause is that HWPoison flag will be set for huge_zero_folio without increasing the folio refcnt. But then unpoison_memory() will decrease the folio refcnt unexpectedly as it appears like a successfully hwpoisoned folio leading to VM_BUG_ON_PAGE(page_ref_count(page) == 0) when releasing huge_zero_folio. Skip unpoisoning huge_zero_folio in unpoison_memory() to fix this issue. We're not prepared to unpoison huge_zero_folio yet. Link: https://lkml.kernel.org/r/20240516122608.22610-1-linmiaohe@huawei.com Fixes: 478d134e9506 ("mm/huge_memory: do not overkill when splitting huge_zero_page") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Acked-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Yang Shi <shy828301(a)gmail.com> Reviewed-by: Oscar Salvador <osalvador(a)suse.de> Reviewed-by: Anshuman Khandual <anshuman.khandual(a)arm.com> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Xu Yu <xuyu(a)linux.alibaba.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/memory-failure.c b/mm/memory-failure.c index 16ada4fb02b7..a9fe9eda593f 100644 --- a/mm/memory-failure.c +++ b/mm/memory-failure.c @@ -2546,6 +2546,13 @@ int unpoison_memory(unsigned long pfn) goto unlock_mutex; } + if (is_huge_zero_folio(folio)) { + unpoison_pr_info("Unpoison: huge zero page is not supported %#lx\n", + pfn, &unpoison_rs); + ret = -EOPNOTSUPP; + goto unlock_mutex; + } + if (!PageHWPoison(p)) { unpoison_pr_info("Unpoison: Page was already unpoisoned %#lx\n", pfn, &unpoison_rs);

1 year, 3 months

2
1
0 0

[PATCH net] selftests: mptcp: userspace_pm: fixed subtest names

by Matthieu Baerts (NGI0)

It is important to have fixed (sub)test names in TAP, because these names are used to identify them. If they are not fixed, tracking cannot be done. Some subtests from the userspace_pm selftest were using random numbers in their names: the client and server address IDs from $RANDOM, and the client port number randomly picked by the kernel when creating the connection. These values have been replaced by 'client' and 'server' words: that's even more helpful than showing random numbers. Note that the addresses IDs are incremented and decremented in the test: +1 or -1 are then displayed in these cases. Not to loose info that can be useful for debugging in case of issues, these random numbers are now displayed at the beginning of the test. Fixes: f589234e1af0 ("selftests: mptcp: userspace_pm: format subtests results in TAP") Cc: stable(a)vger.kernel.org Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> --- tools/testing/selftests/net/mptcp/userspace_pm.sh | 46 ++++++++++++++--------- 1 file changed, 28 insertions(+), 18 deletions(-) diff --git a/tools/testing/selftests/net/mptcp/userspace_pm.sh b/tools/testing/selftests/net/mptcp/userspace_pm.sh index 9e2981f2d7f5..9cb05978269d 100755 --- a/tools/testing/selftests/net/mptcp/userspace_pm.sh +++ b/tools/testing/selftests/net/mptcp/userspace_pm.sh @@ -160,10 +160,12 @@ make_connection() local is_v6=$1 local app_port=$app4_port local connect_addr="10.0.1.1" + local client_addr="10.0.1.2" local listen_addr="0.0.0.0" if [ "$is_v6" = "v6" ] then connect_addr="dead:beef:1::1" + client_addr="dead:beef:1::2" listen_addr="::" app_port=$app6_port else @@ -206,6 +208,7 @@ make_connection() [ "$server_serverside" = 1 ] then test_pass + print_title "Connection info: ${client_addr}:${client_port} -> ${connect_addr}:${app_port}" else test_fail "Expected tokens (c:${client_token} - s:${server_token}) and server (c:${client_serverside} - s:${server_serverside})" mptcp_lib_result_print_all_tap @@ -297,7 +300,7 @@ test_announce() ip netns exec "$ns2"\ ./pm_nl_ctl ann 10.0.2.2 token "$client4_token" id $client_addr_id dev\ ns2eth1 - print_test "ADD_ADDR id:${client_addr_id} 10.0.2.2 (ns2) => ns1, reuse port" + print_test "ADD_ADDR id:client 10.0.2.2 (ns2) => ns1, reuse port" sleep 0.5 verify_announce_event $server_evts $ANNOUNCED $server4_token "10.0.2.2" $client_addr_id \ "$client4_port" @@ -306,7 +309,7 @@ test_announce() :>"$server_evts" ip netns exec "$ns2" ./pm_nl_ctl ann\ dead:beef:2::2 token "$client6_token" id $client_addr_id dev ns2eth1 - print_test "ADD_ADDR6 id:${client_addr_id} dead:beef:2::2 (ns2) => ns1, reuse port" + print_test "ADD_ADDR6 id:client dead:beef:2::2 (ns2) => ns1, reuse port" sleep 0.5 verify_announce_event "$server_evts" "$ANNOUNCED" "$server6_token" "dead:beef:2::2"\ "$client_addr_id" "$client6_port" "v6" @@ -316,7 +319,7 @@ test_announce() client_addr_id=$((client_addr_id+1)) ip netns exec "$ns2" ./pm_nl_ctl ann 10.0.2.2 token "$client4_token" id\ $client_addr_id dev ns2eth1 port $new4_port - print_test "ADD_ADDR id:${client_addr_id} 10.0.2.2 (ns2) => ns1, new port" + print_test "ADD_ADDR id:client+1 10.0.2.2 (ns2) => ns1, new port" sleep 0.5 verify_announce_event "$server_evts" "$ANNOUNCED" "$server4_token" "10.0.2.2"\ "$client_addr_id" "$new4_port" @@ -327,7 +330,7 @@ test_announce() # ADD_ADDR from the server to client machine reusing the subflow port ip netns exec "$ns1" ./pm_nl_ctl ann 10.0.2.1 token "$server4_token" id\ $server_addr_id dev ns1eth2 - print_test "ADD_ADDR id:${server_addr_id} 10.0.2.1 (ns1) => ns2, reuse port" + print_test "ADD_ADDR id:server 10.0.2.1 (ns1) => ns2, reuse port" sleep 0.5 verify_announce_event "$client_evts" "$ANNOUNCED" "$client4_token" "10.0.2.1"\ "$server_addr_id" "$app4_port" @@ -336,7 +339,7 @@ test_announce() :>"$client_evts" ip netns exec "$ns1" ./pm_nl_ctl ann dead:beef:2::1 token "$server6_token" id\ $server_addr_id dev ns1eth2 - print_test "ADD_ADDR6 id:${server_addr_id} dead:beef:2::1 (ns1) => ns2, reuse port" + print_test "ADD_ADDR6 id:server dead:beef:2::1 (ns1) => ns2, reuse port" sleep 0.5 verify_announce_event "$client_evts" "$ANNOUNCED" "$client6_token" "dead:beef:2::1"\ "$server_addr_id" "$app6_port" "v6" @@ -346,7 +349,7 @@ test_announce() server_addr_id=$((server_addr_id+1)) ip netns exec "$ns1" ./pm_nl_ctl ann 10.0.2.1 token "$server4_token" id\ $server_addr_id dev ns1eth2 port $new4_port - print_test "ADD_ADDR id:${server_addr_id} 10.0.2.1 (ns1) => ns2, new port" + print_test "ADD_ADDR id:server+1 10.0.2.1 (ns1) => ns2, new port" sleep 0.5 verify_announce_event "$client_evts" "$ANNOUNCED" "$client4_token" "10.0.2.1"\ "$server_addr_id" "$new4_port" @@ -380,7 +383,7 @@ test_remove() local invalid_token=$(( client4_token - 1 )) ip netns exec "$ns2" ./pm_nl_ctl rem token $invalid_token id\ $client_addr_id > /dev/null 2>&1 - print_test "RM_ADDR id:${client_addr_id} ns2 => ns1, invalid token" + print_test "RM_ADDR id:client ns2 => ns1, invalid token" local type type=$(mptcp_lib_evts_get_info type "$server_evts") if [ "$type" = "" ] @@ -394,7 +397,7 @@ test_remove() local invalid_id=$(( client_addr_id + 1 )) ip netns exec "$ns2" ./pm_nl_ctl rem token "$client4_token" id\ $invalid_id > /dev/null 2>&1 - print_test "RM_ADDR id:${invalid_id} ns2 => ns1, invalid id" + print_test "RM_ADDR id:client+1 ns2 => ns1, invalid id" type=$(mptcp_lib_evts_get_info type "$server_evts") if [ "$type" = "" ] then @@ -407,7 +410,7 @@ test_remove() :>"$server_evts" ip netns exec "$ns2" ./pm_nl_ctl rem token "$client4_token" id\ $client_addr_id - print_test "RM_ADDR id:${client_addr_id} ns2 => ns1" + print_test "RM_ADDR id:client ns2 => ns1" sleep 0.5 verify_remove_event "$server_evts" "$REMOVED" "$server4_token" "$client_addr_id" @@ -416,7 +419,7 @@ test_remove() client_addr_id=$(( client_addr_id - 1 )) ip netns exec "$ns2" ./pm_nl_ctl rem token "$client4_token" id\ $client_addr_id - print_test "RM_ADDR id:${client_addr_id} ns2 => ns1" + print_test "RM_ADDR id:client-1 ns2 => ns1" sleep 0.5 verify_remove_event "$server_evts" "$REMOVED" "$server4_token" "$client_addr_id" @@ -424,7 +427,7 @@ test_remove() :>"$server_evts" ip netns exec "$ns2" ./pm_nl_ctl rem token "$client6_token" id\ $client_addr_id - print_test "RM_ADDR6 id:${client_addr_id} ns2 => ns1" + print_test "RM_ADDR6 id:client-1 ns2 => ns1" sleep 0.5 verify_remove_event "$server_evts" "$REMOVED" "$server6_token" "$client_addr_id" @@ -434,7 +437,7 @@ test_remove() # RM_ADDR from the server to client machine ip netns exec "$ns1" ./pm_nl_ctl rem token "$server4_token" id\ $server_addr_id - print_test "RM_ADDR id:${server_addr_id} ns1 => ns2" + print_test "RM_ADDR id:server ns1 => ns2" sleep 0.5 verify_remove_event "$client_evts" "$REMOVED" "$client4_token" "$server_addr_id" @@ -443,7 +446,7 @@ test_remove() server_addr_id=$(( server_addr_id - 1 )) ip netns exec "$ns1" ./pm_nl_ctl rem token "$server4_token" id\ $server_addr_id - print_test "RM_ADDR id:${server_addr_id} ns1 => ns2" + print_test "RM_ADDR id:server-1 ns1 => ns2" sleep 0.5 verify_remove_event "$client_evts" "$REMOVED" "$client4_token" "$server_addr_id" @@ -451,7 +454,7 @@ test_remove() :>"$client_evts" ip netns exec "$ns1" ./pm_nl_ctl rem token "$server6_token" id\ $server_addr_id - print_test "RM_ADDR6 id:${server_addr_id} ns1 => ns2" + print_test "RM_ADDR6 id:server-1 ns1 => ns2" sleep 0.5 verify_remove_event "$client_evts" "$REMOVED" "$client6_token" "$server_addr_id" } @@ -479,8 +482,14 @@ verify_subflow_events() local locid local remid local info + local e_dport_txt - info="${e_saddr} (${e_from}) => ${e_daddr}:${e_dport} (${e_to})" + # only display the fixed ports + if [ "${e_dport}" -ge "${app4_port}" ] && [ "${e_dport}" -le "${app6_port}" ]; then + e_dport_txt=":${e_dport}" + fi + + info="${e_saddr} (${e_from}) => ${e_daddr}${e_dport_txt} (${e_to})" if [ "$e_type" = "$SUB_ESTABLISHED" ] then @@ -766,7 +775,7 @@ test_subflows_v4_v6_mix() :>"$client_evts" ip netns exec "$ns1" ./pm_nl_ctl ann 10.0.2.1 token "$server6_token" id\ $server_addr_id dev ns1eth2 - print_test "ADD_ADDR4 id:${server_addr_id} 10.0.2.1 (ns1) => ns2, reuse port" + print_test "ADD_ADDR4 id:server 10.0.2.1 (ns1) => ns2, reuse port" sleep 0.5 verify_announce_event "$client_evts" "$ANNOUNCED" "$client6_token" "10.0.2.1"\ "$server_addr_id" "$app6_port" @@ -861,7 +870,7 @@ test_listener() local listener_pid=$! sleep 0.5 - print_test "CREATE_LISTENER 10.0.2.2:$client4_port" + print_test "CREATE_LISTENER 10.0.2.2 (client port)" verify_listener_events $client_evts $LISTENER_CREATED $AF_INET 10.0.2.2 $client4_port # ADD_ADDR from client to server machine reusing the subflow port @@ -878,13 +887,14 @@ test_listener() mptcp_lib_kill_wait $listener_pid sleep 0.5 - print_test "CLOSE_LISTENER 10.0.2.2:$client4_port" + print_test "CLOSE_LISTENER 10.0.2.2 (client port)" verify_listener_events $client_evts $LISTENER_CLOSED $AF_INET 10.0.2.2 $client4_port } print_title "Make connections" make_connection make_connection "v6" +print_title "Will be using address IDs ${client_addr_id} (client) and ${server_addr_id} (server)" test_announce test_remove --- base-commit: 89aa3619d141d6cfb6040a561aebb6d99d3e2285 change-id: 20240614-upstream-net-20240614-selftests-mptcp-uspace-pm-fixed-test-names-368e312afd0b Best regards, -- Matthieu Baerts (NGI0) <matttbe(a)kernel.org>

1 year, 3 months

3
2
0 0

[PATCH net] tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack()

by Eric Dumazet

Some applications were reporting ETIMEDOUT errors on apparently good looking flows, according to packet dumps. We were able to root cause the issue to an accidental setting of tp->retrans_stamp in the following scenario: - client sends TFO SYN with data. - server has TFO disabled, ACKs only SYN but not payload. - client receives SYNACK covering only SYN. - tcp_ack() eats SYN and sets tp->retrans_stamp to 0. - tcp_rcv_fastopen_synack() calls tcp_xmit_retransmit_queue() to retransmit TFO payload w/o SYN, sets tp->retrans_stamp to "now", but we are not in any loss recovery state. - TFO payload is ACKed. - we are not in any loss recovery state, and don't see any dupacks, so we don't get to any code path that clears tp->retrans_stamp. - tp->retrans_stamp stays non-zero for the lifetime of the connection. - after first RTO, tcp_clamp_rto_to_user_timeout() clamps second RTO to 1 jiffy due to bogus tp->retrans_stamp. - on clamped RTO with non-zero icsk_retransmits, retransmits_timed_out() sets start_ts from tp->retrans_stamp from TFO payload retransmit hours/days ago, and computes bogus long elapsed time for loss recovery, and suffers ETIMEDOUT early. Fixes: a7abf3cd76e1 ("tcp: consider using standard rtx logic in tcp_rcv_fastopen_synack()") CC: stable(a)vger.kernel.org Co-developed-by: Neal Cardwell <ncardwell(a)google.com> Signed-off-by: Neal Cardwell <ncardwell(a)google.com> Co-developed-by: Yuchung Cheng <ycheng(a)google.com> Signed-off-by: Yuchung Cheng <ycheng(a)google.com> Signed-off-by: Eric Dumazet <edumazet(a)google.com> --- net/ipv4/tcp_input.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index 9c04a9c8be9dfaa0ec2437b3748284e57588b216..01d208e0eef31fd87c7faaf5a3d10b8f52e99ee0 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -6296,6 +6296,7 @@ static bool tcp_rcv_fastopen_synack(struct sock *sk, struct sk_buff *synack, skb_rbtree_walk_from(data) tcp_mark_skb_lost(sk, data); tcp_xmit_retransmit_queue(sk); + tp->retrans_stamp = 0; NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPFASTOPENACTIVEFAIL); return true; -- 2.45.2.627.g7a2c4fd464-goog

1 year, 3 months

2
1
0 0

[PATCH 4.19.y] hv_utils: drain the timesync packets on onchannelcallback

by Dexuan Cui

From: Vineeth Pillai <viremana(a)linux.microsoft.com> commit b46b4a8a57c377b72a98c7930a9f6969d2d4784e There could be instances where a system stall prevents the timesync packets to be consumed. And this might lead to more than one packet pending in the ring buffer. Current code empties one packet per callback and it might be a stale one. So drain all the packets from ring buffer on each callback. Signed-off-by: Vineeth Pillai <viremana(a)linux.microsoft.com> Reviewed-by: Michael Kelley <mikelley(a)microsoft.com> Link: https://lore.kernel.org/r/20200821152849.99517-1-viremana@linux.microsoft.c… Signed-off-by: Wei Liu <wei.liu(a)kernel.org> The upstream commit uses HV_HYP_PAGE_SIZE, which is not defined in 4.19.y. Fixed this manually for 4.19.y by using PAGE_SIZE instead. If there are multiple messages in the host-to-guest ringbuffer of the TimeSync device, 4.19.y only handles 1 message, and later the host puts new messages into the ringbuffer without signaling the guest because the ringbuffer is not empty, causing a "hung" ringbuffer. Backported the mainline fix for this issue. Signed-off-by: Dexuan Cui <decui(a)microsoft.com> --- drivers/hv/hv_util.c | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/drivers/hv/hv_util.c b/drivers/hv/hv_util.c index 2003314dcfbe..4a131efe54ef 100644 --- a/drivers/hv/hv_util.c +++ b/drivers/hv/hv_util.c @@ -294,10 +294,23 @@ static void timesync_onchannelcallback(void *context) struct ictimesync_ref_data *refdata; u8 *time_txf_buf = util_timesynch.recv_buffer; - vmbus_recvpacket(channel, time_txf_buf, - PAGE_SIZE, &recvlen, &requestid); + /* + * Drain the ring buffer and use the last packet to update + * host_ts + */ + while (1) { + int ret = vmbus_recvpacket(channel, time_txf_buf, + PAGE_SIZE, &recvlen, + &requestid); + if (ret) { + pr_warn_once("TimeSync IC pkt recv failed (Err: %d)\n", + ret); + break; + } + + if (!recvlen) + break; - if (recvlen > 0) { icmsghdrp = (struct icmsg_hdr *)&time_txf_buf[ sizeof(struct vmbuspipe_hdr)]; -- 2.25.1

1 year, 3 months

1
0
0 0

[PATCH] nfs: fix the incorrect assertion in nfs_swap_rw()

by Barry Song

From: Barry Song <v-songbaohua(a)oppo.com> Since commit 2282679fb20b ("mm: submit multipage write for SWP_FS_OPS swap-space"), we can plug multiple pages then unplug them all together. That means iov_iter_count(iter) could be way bigger than PAGE_SIZE, it actually equals the size of iov_iter_npages(iter, INT_MAX). Note this issue has nothing to do with large folios as we don't support THP_SWPOUT to non-block devices. Fixes: 2282679fb20b ("mm: submit multipage write for SWP_FS_OPS swap-space") Reported-by: Christoph Hellwig <hch(a)lst.de> Closes: https://lore.kernel.org/linux-mm/20240617053201.GA16852@lst.de/ Cc: NeilBrown <neilb(a)suse.de> Cc: Anna Schumaker <anna(a)kernel.org> Cc: Steve French <sfrench(a)samba.org> Cc: Trond Myklebust <trondmy(a)kernel.org> Cc: Chuanhua Han <hanchuanhua(a)oppo.com> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Chris Li <chrisl(a)kernel.org> Cc: "Huang, Ying" <ying.huang(a)intel.com> Cc: Jeff Layton <jlayton(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Barry Song <v-songbaohua(a)oppo.com> --- fs/nfs/direct.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/nfs/direct.c b/fs/nfs/direct.c index bb2f583eb28b..a1bfa86f467a 100644 --- a/fs/nfs/direct.c +++ b/fs/nfs/direct.c @@ -141,7 +141,7 @@ int nfs_swap_rw(struct kiocb *iocb, struct iov_iter *iter) { ssize_t ret; - VM_BUG_ON(iov_iter_count(iter) != PAGE_SIZE); + VM_WARN_ON(iov_iter_count(iter) != iov_iter_npages(iter, INT_MAX) * PAGE_SIZE); if (iov_iter_rw(iter) == READ) ret = nfs_file_direct_read(iocb, iter, true); -- 2.34.1

1 year, 3 months

2
2
0 0

[PATCH] cifs: fix the incorrect assertion in cifs_swap_rw()

by Barry Song

From: Barry Song <v-songbaohua(a)oppo.com> Since commit 2282679fb20b ("mm: submit multipage write for SWP_FS_OPS swap-space"), we can plug multiple pages then unplug them all together. That means iov_iter_count(iter) could be way bigger than PAGE_SIZE, it actually equals the size of iov_iter_npages(iter, INT_MAX). Note this issue has nothing to do with large folios as we don't support THP_SWPOUT to non-block devices. Fixes: 2282679fb20b ("mm: submit multipage write for SWP_FS_OPS swap-space") Reported-by: Christoph Hellwig <hch(a)lst.de> Closes: https://lore.kernel.org/linux-mm/20240614100329.1203579-1-hch@lst.de/ Cc: NeilBrown <neilb(a)suse.de> Cc: Anna Schumaker <anna(a)kernel.org> Cc: Steve French <sfrench(a)samba.org> Cc: Trond Myklebust <trondmy(a)kernel.org> Cc: Chuanhua Han <hanchuanhua(a)oppo.com> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Chris Li <chrisl(a)kernel.org> Cc: "Huang, Ying" <ying.huang(a)intel.com> Cc: Jeff Layton <jlayton(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Barry Song <v-songbaohua(a)oppo.com> --- fs/smb/client/file.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/smb/client/file.c b/fs/smb/client/file.c index 9d5c2440abfc..2f11f138c57d 100644 --- a/fs/smb/client/file.c +++ b/fs/smb/client/file.c @@ -3200,7 +3200,7 @@ static int cifs_swap_rw(struct kiocb *iocb, struct iov_iter *iter) { ssize_t ret; - WARN_ON_ONCE(iov_iter_count(iter) != PAGE_SIZE); + WARN_ON_ONCE(iov_iter_count(iter) != iov_iter_npages(iter, INT_MAX) * PAGE_SIZE); if (iov_iter_rw(iter) == READ) ret = netfs_unbuffered_read_iter_locked(iocb, iter); -- 2.34.1

1 year, 3 months

1
0
0 0

+ selftests-mm-fix-test_prctl_fork_exec-return-failure.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: selftests/mm:fix test_prctl_fork_exec return failure has been added to the -mm mm-hotfixes-unstable branch. Its filename is selftests-mm-fix-test_prctl_fork_exec-return-failure.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: aigourensheng <shechenglong001(a)gmail.com> Subject: selftests/mm:fix test_prctl_fork_exec return failure Date: Mon, 17 Jun 2024 01:29:34 -0400 After calling fork() in test_prctl_fork_exec(), the global variable ksm_full_scans_fd is initialized to 0 in the child process upon entering the main function of ./ksm_functional_tests. In the function call chain test_child_ksm() -> __mmap_and_merge_range -> ksm_merge-> ksm_get_full_scans, start_scans = ksm_get_full_scans() will return an error. Therefore, the value of ksm_full_scans_fd needs to be initialized before calling test_child_ksm in the child process. Link: https://lkml.kernel.org/r/20240617052934.5834-1-shechenglong001@gmail.com Signed-off-by: aigourensheng <shechenglong001(a)gmail.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/ksm_functional_tests.c | 38 ++++++------ 1 file changed, 22 insertions(+), 16 deletions(-) --- a/tools/testing/selftests/mm/ksm_functional_tests.c~selftests-mm-fix-test_prctl_fork_exec-return-failure +++ a/tools/testing/selftests/mm/ksm_functional_tests.c @@ -656,12 +656,33 @@ unmap: munmap(map, size); } +static void init_global_file_handles(void) +{ + mem_fd = open("/proc/self/mem", O_RDWR); + if (mem_fd < 0) + ksft_exit_fail_msg("opening /proc/self/mem failed\n"); + ksm_fd = open("/sys/kernel/mm/ksm/run", O_RDWR); + if (ksm_fd < 0) + ksft_exit_skip("open(\"/sys/kernel/mm/ksm/run\") failed\n"); + ksm_full_scans_fd = open("/sys/kernel/mm/ksm/full_scans", O_RDONLY); + if (ksm_full_scans_fd < 0) + ksft_exit_skip("open(\"/sys/kernel/mm/ksm/full_scans\") failed\n"); + pagemap_fd = open("/proc/self/pagemap", O_RDONLY); + if (pagemap_fd < 0) + ksft_exit_skip("open(\"/proc/self/pagemap\") failed\n"); + proc_self_ksm_stat_fd = open("/proc/self/ksm_stat", O_RDONLY); + proc_self_ksm_merging_pages_fd = open("/proc/self/ksm_merging_pages", + O_RDONLY); + ksm_use_zero_pages_fd = open("/sys/kernel/mm/ksm/use_zero_pages", O_RDWR); +} + int main(int argc, char **argv) { unsigned int tests = 8; int err; if (argc > 1 && !strcmp(argv[1], FORK_EXEC_CHILD_PRG_NAME)) { + init_global_file_handles(); exit(test_child_ksm()); } @@ -674,22 +695,7 @@ int main(int argc, char **argv) pagesize = getpagesize(); - mem_fd = open("/proc/self/mem", O_RDWR); - if (mem_fd < 0) - ksft_exit_fail_msg("opening /proc/self/mem failed\n"); - ksm_fd = open("/sys/kernel/mm/ksm/run", O_RDWR); - if (ksm_fd < 0) - ksft_exit_skip("open(\"/sys/kernel/mm/ksm/run\") failed\n"); - ksm_full_scans_fd = open("/sys/kernel/mm/ksm/full_scans", O_RDONLY); - if (ksm_full_scans_fd < 0) - ksft_exit_skip("open(\"/sys/kernel/mm/ksm/full_scans\") failed\n"); - pagemap_fd = open("/proc/self/pagemap", O_RDONLY); - if (pagemap_fd < 0) - ksft_exit_skip("open(\"/proc/self/pagemap\") failed\n"); - proc_self_ksm_stat_fd = open("/proc/self/ksm_stat", O_RDONLY); - proc_self_ksm_merging_pages_fd = open("/proc/self/ksm_merging_pages", - O_RDONLY); - ksm_use_zero_pages_fd = open("/sys/kernel/mm/ksm/use_zero_pages", O_RDWR); + init_global_file_handles(); test_unmerge(); test_unmerge_zero_pages(); _ Patches currently in -mm which might be from shechenglong001(a)gmail.com are selftests-mm-fix-test_prctl_fork_exec-return-failure.patch

1 year, 3 months

1
0
0 0

[PATCH net v2] net: do not leave a dangling sk pointer, when socket creation fails

by Ignat Korchagin

A KASAN enabled kernel will log something like below (decoded and stripped): [ 78.328507][ T299] ================================================================== [ 78.329018][ T299] BUG: KASAN: slab-use-after-free in __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29) [ 78.329366][ T299] Read of size 8 at addr ffff888007110dd8 by task traceroute/299 [ 78.329366][ T299] [ 78.329366][ T299] CPU: 2 PID: 299 Comm: traceroute Tainted: G E 6.10.0-rc2+ #2 [ 78.329366][ T299] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 [ 78.329366][ T299] Call Trace: [ 78.329366][ T299] <TASK> [ 78.329366][ T299] dump_stack_lvl (lib/dump_stack.c:117 (discriminator 1)) [ 78.329366][ T299] print_report (mm/kasan/report.c:378 mm/kasan/report.c:488) [ 78.329366][ T299] ? __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29) [ 78.329366][ T299] kasan_report (mm/kasan/report.c:603) [ 78.329366][ T299] ? __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29) [ 78.329366][ T299] kasan_check_range (mm/kasan/generic.c:183 mm/kasan/generic.c:189) [ 78.329366][ T299] __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29) [ 78.329366][ T299] bpf_get_socket_ptr_cookie (./arch/x86/include/asm/preempt.h:94 ./include/linux/sock_diag.h:42 net/core/filter.c:5094 net/core/filter.c:5092) [ 78.329366][ T299] bpf_prog_875642cf11f1d139___sock_release+0x6e/0x8e [ 78.329366][ T299] bpf_trampoline_6442506592+0x47/0xaf [ 78.329366][ T299] __sock_release (net/socket.c:652) [ 78.329366][ T299] __sock_create (net/socket.c:1601) ... [ 78.329366][ T299] Allocated by task 299 on cpu 2 at 78.328492s: [ 78.329366][ T299] kasan_save_stack (mm/kasan/common.c:48) [ 78.329366][ T299] kasan_save_track (mm/kasan/common.c:68) [ 78.329366][ T299] __kasan_slab_alloc (mm/kasan/common.c:312 mm/kasan/common.c:338) [ 78.329366][ T299] kmem_cache_alloc_noprof (mm/slub.c:3941 mm/slub.c:4000 mm/slub.c:4007) [ 78.329366][ T299] sk_prot_alloc (net/core/sock.c:2075) [ 78.329366][ T299] sk_alloc (net/core/sock.c:2134) [ 78.329366][ T299] inet_create (net/ipv4/af_inet.c:327 net/ipv4/af_inet.c:252) [ 78.329366][ T299] __sock_create (net/socket.c:1572) [ 78.329366][ T299] __sys_socket (net/socket.c:1660 net/socket.c:1644 net/socket.c:1706) [ 78.329366][ T299] __x64_sys_socket (net/socket.c:1718) [ 78.329366][ T299] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) [ 78.329366][ T299] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) [ 78.329366][ T299] [ 78.329366][ T299] Freed by task 299 on cpu 2 at 78.328502s: [ 78.329366][ T299] kasan_save_stack (mm/kasan/common.c:48) [ 78.329366][ T299] kasan_save_track (mm/kasan/common.c:68) [ 78.329366][ T299] kasan_save_free_info (mm/kasan/generic.c:582) [ 78.329366][ T299] poison_slab_object (mm/kasan/common.c:242) [ 78.329366][ T299] __kasan_slab_free (mm/kasan/common.c:256) [ 78.329366][ T299] kmem_cache_free (mm/slub.c:4437 mm/slub.c:4511) [ 78.329366][ T299] __sk_destruct (net/core/sock.c:2117 net/core/sock.c:2208) [ 78.329366][ T299] inet_create (net/ipv4/af_inet.c:397 net/ipv4/af_inet.c:252) [ 78.329366][ T299] __sock_create (net/socket.c:1572) [ 78.329366][ T299] __sys_socket (net/socket.c:1660 net/socket.c:1644 net/socket.c:1706) [ 78.329366][ T299] __x64_sys_socket (net/socket.c:1718) [ 78.329366][ T299] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) [ 78.329366][ T299] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) Fix this by clearing the struct socket reference in sk_common_release() to cover all protocol families create functions. Fixes: c5dbb89fc2ac ("bpf: Expose bpf_get_socket_cookie to tracing programs") Suggested-by: Kuniyuki Iwashima <kuniyu(a)amazon.com> Signed-off-by: Ignat Korchagin <ignat(a)cloudflare.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/netdev/20240613194047.36478-1-kuniyu@amazon.com/T/ --- Changes in v2: * moved the NULL-ing of the socket reference to sk_common_release() (as suggested by Kuniyuki Iwashima) * trimmed down the KASAN report in the commit message to show only relevant info net/core/sock.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/net/core/sock.c b/net/core/sock.c index 8629f9aecf91..575af557c46b 100644 --- a/net/core/sock.c +++ b/net/core/sock.c @@ -3742,6 +3742,17 @@ void sk_common_release(struct sock *sk) sk->sk_prot->unhash(sk); + /* + * struct net_proto_family create functions like inet_create() or + * inet6_create() have an error path, which call this function. This sk + * may have already been associated with a struct socket, so ensure to + * clear this reference not to leave a dangling pointer in the + * struct socket instance. + */ + + if (sk->sk_socket) + sk->sk_socket->sk = NULL; + /* * In this point socket cannot receive new packets, but it is possible * that some packets are in flight because some CPU runs receiver and -- 2.39.2

1 year, 3 months

2
2
0 0

+ ocfs2-fix-dio-failure-due-to-insufficient-transaction-credits.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: ocfs2: fix DIO failure due to insufficient transaction credits has been added to the -mm mm-hotfixes-unstable branch. Its filename is ocfs2-fix-dio-failure-due-to-insufficient-transaction-credits.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Jan Kara <jack(a)suse.cz> Subject: ocfs2: fix DIO failure due to insufficient transaction credits Date: Fri, 14 Jun 2024 16:52:43 +0200 The code in ocfs2_dio_end_io_write() estimates number of necessary transaction credits using ocfs2_calc_extend_credits(). This however does not take into account that the IO could be arbitrarily large and can contain arbitrary number of extents. Extent tree manipulations do often extend the current transaction but not in all of the cases. For example if we have only single block extents in the tree, ocfs2_mark_extent_written() will end up calling ocfs2_replace_extent_rec() all the time and we will never extend the current transaction and eventually exhaust all the transaction credits if the IO contains many single block extents. Once that happens a WARN_ON(jbd2_handle_buffer_credits(handle) <= 0) is triggered in jbd2_journal_dirty_metadata() and subsequently OCFS2 aborts in response to this error. This was actually triggered by one of our customers on a heavily fragmented OCFS2 filesystem. To fix the issue make sure the transaction always has enough credits for one extent insert before each call of ocfs2_mark_extent_written(). Link: https://lkml.kernel.org/r/20240617095543.6971-1-jack@suse.cz Link: https://lkml.kernel.org/r/20240614145243.8837-1-jack@suse.cz Fixes: c15471f79506 ("ocfs2: fix sparse file & data ordering issue in direct io") Signed-off-by: Jan Kara <jack(a)suse.cz> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Reviewed-by: Heming Zhao <heming.zhao(a)suse.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Gang He <ghe(a)suse.com> Cc: Jun Piao <piaojun(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/aops.c | 5 +++++ fs/ocfs2/journal.c | 17 +++++++++++++++++ fs/ocfs2/journal.h | 2 ++ fs/ocfs2/ocfs2_trace.h | 2 ++ 4 files changed, 26 insertions(+) --- a/fs/ocfs2/aops.c~ocfs2-fix-dio-failure-due-to-insufficient-transaction-credits +++ a/fs/ocfs2/aops.c @@ -2366,6 +2366,11 @@ static int ocfs2_dio_end_io_write(struct } list_for_each_entry(ue, &dwc->dw_zero_list, ue_node) { + ret = ocfs2_assure_trans_credits(handle, credits); + if (ret < 0) { + mlog_errno(ret); + break; + } ret = ocfs2_mark_extent_written(inode, &et, handle, ue->ue_cpos, 1, ue->ue_phys, --- a/fs/ocfs2/journal.c~ocfs2-fix-dio-failure-due-to-insufficient-transaction-credits +++ a/fs/ocfs2/journal.c @@ -446,6 +446,23 @@ bail: } /* + * Make sure handle has at least 'nblocks' credits available. If it does not + * have that many credits available, we will try to extend the handle to have + * enough credits. If that fails, we will restart transaction to have enough + * credits. Similar notes regarding data consistency and locking implications + * as for ocfs2_extend_trans() apply here. + */ +int ocfs2_assure_trans_credits(handle_t *handle, int nblocks) +{ + int old_nblks = jbd2_handle_buffer_credits(handle); + + trace_ocfs2_assure_trans_credits(old_nblks); + if (old_nblks >= nblocks) + return 0; + return ocfs2_extend_trans(handle, nblocks - old_nblks); +} + +/* * If we have fewer than thresh credits, extend by OCFS2_MAX_TRANS_DATA. * If that fails, restart the transaction & regain write access for the * buffer head which is used for metadata modifications. --- a/fs/ocfs2/journal.h~ocfs2-fix-dio-failure-due-to-insufficient-transaction-credits +++ a/fs/ocfs2/journal.h @@ -243,6 +243,8 @@ handle_t *ocfs2_start_trans(struct int ocfs2_commit_trans(struct ocfs2_super *osb, handle_t *handle); int ocfs2_extend_trans(handle_t *handle, int nblocks); +int ocfs2_assure_trans_credits(handle_t *handle, + int nblocks); int ocfs2_allocate_extend_trans(handle_t *handle, int thresh); --- a/fs/ocfs2/ocfs2_trace.h~ocfs2-fix-dio-failure-due-to-insufficient-transaction-credits +++ a/fs/ocfs2/ocfs2_trace.h @@ -2577,6 +2577,8 @@ DEFINE_OCFS2_ULL_UINT_EVENT(ocfs2_commit DEFINE_OCFS2_INT_INT_EVENT(ocfs2_extend_trans); +DEFINE_OCFS2_INT_EVENT(ocfs2_assure_trans_credits); + DEFINE_OCFS2_INT_EVENT(ocfs2_extend_trans_restart); DEFINE_OCFS2_INT_INT_EVENT(ocfs2_allocate_extend_trans); _ Patches currently in -mm which might be from jack(a)suse.cz are ocfs2-fix-dio-failure-due-to-insufficient-transaction-credits.patch

1 year, 3 months

1
0
0 0

[PATCH] iio: trigger: Fix condition for own trigger

by João Paulo Gonçalves

From: João Paulo Gonçalves <joao.goncalves(a)toradex.com> The condition for checking if triggers belong to the same IIO device to set attached_own_device is currently inverted, causing iio_trigger_using_own() to return an incorrect value. Fix it by testing for the correct return value of iio_validate_own_trigger(). Cc: stable(a)vger.kernel.org Fixes: 517985ebc531 ("iio: trigger: Add simple trigger_validation helper") Signed-off-by: João Paulo Gonçalves <joao.goncalves(a)toradex.com> --- drivers/iio/industrialio-trigger.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/iio/industrialio-trigger.c b/drivers/iio/industrialio-trigger.c index 16de57846bd9..2e84776f4fbd 100644 --- a/drivers/iio/industrialio-trigger.c +++ b/drivers/iio/industrialio-trigger.c @@ -315,7 +315,7 @@ int iio_trigger_attach_poll_func(struct iio_trigger *trig, * this is the case if the IIO device and the trigger device share the * same parent device. */ - if (iio_validate_own_trigger(pf->indio_dev, trig)) + if (!iio_validate_own_trigger(pf->indio_dev, trig)) trig->attached_own_device = true; return ret; -- 2.34.1

1 year, 3 months

4
4
0 0

patch "iio: chemical: bme680: Fix sensor data read operation" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: chemical: bme680: Fix sensor data read operation to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From 4241665e6ea063a9c1d734de790121a71db763fc Mon Sep 17 00:00:00 2001 From: Vasileios Amoiridis <vassilisamir(a)gmail.com> Date: Thu, 6 Jun 2024 23:22:56 +0200 Subject: iio: chemical: bme680: Fix sensor data read operation A read operation is happening as follows: a) Set sensor to forced mode b) Sensor measures values and update data registers and sleeps again c) Read data registers In the current implementation the read operation happens immediately after the sensor is set to forced mode so the sensor does not have the time to update properly the registers. This leads to the following 2 problems: 1) The first ever value which is read by the register is always wrong 2) Every read operation, puts the register into forced mode and reads the data that were calculated in the previous conversion. This behaviour was tested in 2 ways: 1) The internal meas_status_0 register was read before and after every read operation in order to verify that the data were ready even before the register was set to forced mode and also to check that after the forced mode was set the new data were not yet ready. 2) Physically changing the temperature and measuring the temperature This commit adds the waiting time in between the set of the forced mode and the read of the data. The function is taken from the Bosch BME68x Sensor API [1]. [1]: https://github.com/boschsensortec/BME68x_SensorAPI/blob/v4.4.8/bme68x.c#L490 Fixes: 1b3bd8592780 ("iio: chemical: Add support for Bosch BME680 sensor") Signed-off-by: Vasileios Amoiridis <vassilisamir(a)gmail.com> Link: https://lore.kernel.org/r/20240606212313.207550-5-vassilisamir@gmail.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/chemical/bme680.h | 2 ++ drivers/iio/chemical/bme680_core.c | 46 ++++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+) diff --git a/drivers/iio/chemical/bme680.h b/drivers/iio/chemical/bme680.h index 4edc5d21cb9f..f959252a4fe6 100644 --- a/drivers/iio/chemical/bme680.h +++ b/drivers/iio/chemical/bme680.h @@ -54,7 +54,9 @@ #define BME680_NB_CONV_MASK GENMASK(3, 0) #define BME680_REG_MEAS_STAT_0 0x1D +#define BME680_NEW_DATA_BIT BIT(7) #define BME680_GAS_MEAS_BIT BIT(6) +#define BME680_MEAS_BIT BIT(5) /* Calibration Parameters */ #define BME680_T2_LSB_REG 0x8A diff --git a/drivers/iio/chemical/bme680_core.c b/drivers/iio/chemical/bme680_core.c index 5db48f6d646c..500f56834b01 100644 --- a/drivers/iio/chemical/bme680_core.c +++ b/drivers/iio/chemical/bme680_core.c @@ -10,6 +10,7 @@ */ #include <linux/acpi.h> #include <linux/bitfield.h> +#include <linux/delay.h> #include <linux/device.h> #include <linux/module.h> #include <linux/log2.h> @@ -532,6 +533,43 @@ static u8 bme680_oversampling_to_reg(u8 val) return ilog2(val) + 1; } +/* + * Taken from Bosch BME680 API: + * https://github.com/boschsensortec/BME68x_SensorAPI/blob/v4.4.8/bme68x.c#L490 + */ +static int bme680_wait_for_eoc(struct bme680_data *data) +{ + struct device *dev = regmap_get_device(data->regmap); + unsigned int check; + int ret; + /* + * (Sum of oversampling ratios * time per oversampling) + + * TPH measurement + gas measurement + wait transition from forced mode + * + heater duration + */ + int wait_eoc_us = ((data->oversampling_temp + data->oversampling_press + + data->oversampling_humid) * 1936) + (477 * 4) + + (477 * 5) + 1000 + (data->heater_dur * 1000); + + usleep_range(wait_eoc_us, wait_eoc_us + 100); + + ret = regmap_read(data->regmap, BME680_REG_MEAS_STAT_0, &check); + if (ret) { + dev_err(dev, "failed to read measurement status register.\n"); + return ret; + } + if (check & BME680_MEAS_BIT) { + dev_err(dev, "Device measurement cycle incomplete.\n"); + return -EBUSY; + } + if (!(check & BME680_NEW_DATA_BIT)) { + dev_err(dev, "No new data available from the device.\n"); + return -ENODATA; + } + + return 0; +} + static int bme680_chip_config(struct bme680_data *data) { struct device *dev = regmap_get_device(data->regmap); @@ -622,6 +660,10 @@ static int bme680_read_temp(struct bme680_data *data, int *val) if (ret < 0) return ret; + ret = bme680_wait_for_eoc(data); + if (ret) + return ret; + ret = regmap_bulk_read(data->regmap, BME680_REG_TEMP_MSB, &tmp, 3); if (ret < 0) { @@ -738,6 +780,10 @@ static int bme680_read_gas(struct bme680_data *data, if (ret < 0) return ret; + ret = bme680_wait_for_eoc(data); + if (ret) + return ret; + ret = regmap_read(data->regmap, BME680_REG_MEAS_STAT_0, &check); if (check & BME680_GAS_MEAS_BIT) { dev_err(dev, "gas measurement incomplete\n"); -- 2.45.2

1 year, 3 months

1
0
0 0

patch "iio: chemical: bme680: Fix overflows in compensate() functions" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: chemical: bme680: Fix overflows in compensate() functions to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From fdd478c3ae98c3f13628e110dce9b6cfb0d9b3c8 Mon Sep 17 00:00:00 2001 From: Vasileios Amoiridis <vassilisamir(a)gmail.com> Date: Thu, 6 Jun 2024 23:22:55 +0200 Subject: iio: chemical: bme680: Fix overflows in compensate() functions There are cases in the compensate functions of the driver that there could be overflows of variables due to bit shifting ops. These implications were initially discussed here [1] and they were mentioned in log message of Commit 1b3bd8592780 ("iio: chemical: Add support for Bosch BME680 sensor"). [1]: https://lore.kernel.org/linux-iio/20180728114028.3c1bbe81@archlinux/ Fixes: 1b3bd8592780 ("iio: chemical: Add support for Bosch BME680 sensor") Signed-off-by: Vasileios Amoiridis <vassilisamir(a)gmail.com> Link: https://lore.kernel.org/r/20240606212313.207550-4-vassilisamir@gmail.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/chemical/bme680_core.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/drivers/iio/chemical/bme680_core.c b/drivers/iio/chemical/bme680_core.c index 812829841733..5db48f6d646c 100644 --- a/drivers/iio/chemical/bme680_core.c +++ b/drivers/iio/chemical/bme680_core.c @@ -342,10 +342,10 @@ static s16 bme680_compensate_temp(struct bme680_data *data, if (!calib->par_t2) bme680_read_calib(data, calib); - var1 = (adc_temp >> 3) - (calib->par_t1 << 1); + var1 = (adc_temp >> 3) - ((s32)calib->par_t1 << 1); var2 = (var1 * calib->par_t2) >> 11; var3 = ((var1 >> 1) * (var1 >> 1)) >> 12; - var3 = (var3 * (calib->par_t3 << 4)) >> 14; + var3 = (var3 * ((s32)calib->par_t3 << 4)) >> 14; data->t_fine = var2 + var3; calc_temp = (data->t_fine * 5 + 128) >> 8; @@ -368,9 +368,9 @@ static u32 bme680_compensate_press(struct bme680_data *data, var1 = (data->t_fine >> 1) - 64000; var2 = ((((var1 >> 2) * (var1 >> 2)) >> 11) * calib->par_p6) >> 2; var2 = var2 + (var1 * calib->par_p5 << 1); - var2 = (var2 >> 2) + (calib->par_p4 << 16); + var2 = (var2 >> 2) + ((s32)calib->par_p4 << 16); var1 = (((((var1 >> 2) * (var1 >> 2)) >> 13) * - (calib->par_p3 << 5)) >> 3) + + ((s32)calib->par_p3 << 5)) >> 3) + ((calib->par_p2 * var1) >> 1); var1 = var1 >> 18; var1 = ((32768 + var1) * calib->par_p1) >> 15; @@ -388,7 +388,7 @@ static u32 bme680_compensate_press(struct bme680_data *data, var3 = ((press_comp >> 8) * (press_comp >> 8) * (press_comp >> 8) * calib->par_p10) >> 17; - press_comp += (var1 + var2 + var3 + (calib->par_p7 << 7)) >> 4; + press_comp += (var1 + var2 + var3 + ((s32)calib->par_p7 << 7)) >> 4; return press_comp; } @@ -414,7 +414,7 @@ static u32 bme680_compensate_humid(struct bme680_data *data, (((temp_scaled * ((temp_scaled * calib->par_h5) / 100)) >> 6) / 100) + (1 << 14))) >> 10; var3 = var1 * var2; - var4 = calib->par_h6 << 7; + var4 = (s32)calib->par_h6 << 7; var4 = (var4 + ((temp_scaled * calib->par_h7) / 100)) >> 4; var5 = ((var3 >> 14) * (var3 >> 14)) >> 10; var6 = (var4 * var5) >> 1; -- 2.45.2

1 year, 3 months

1
0
0 0

patch "iio: chemical: bme680: Fix calibration data variable" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: chemical: bme680: Fix calibration data variable to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From b47c0fee73a810c4503c4a94ea34858a1d865bba Mon Sep 17 00:00:00 2001 From: Vasileios Amoiridis <vassilisamir(a)gmail.com> Date: Thu, 6 Jun 2024 23:22:54 +0200 Subject: iio: chemical: bme680: Fix calibration data variable According to the BME68x Sensor API [1], the h6 calibration data variable should be an unsigned integer of size 8. [1]: https://github.com/boschsensortec/BME68x_SensorAPI/blob/v4.4.8/bme68x_defs.… Fixes: 1b3bd8592780 ("iio: chemical: Add support for Bosch BME680 sensor") Signed-off-by: Vasileios Amoiridis <vassilisamir(a)gmail.com> Link: https://lore.kernel.org/r/20240606212313.207550-3-vassilisamir@gmail.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/chemical/bme680_core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/iio/chemical/bme680_core.c b/drivers/iio/chemical/bme680_core.c index 2c40c13fe97a..812829841733 100644 --- a/drivers/iio/chemical/bme680_core.c +++ b/drivers/iio/chemical/bme680_core.c @@ -38,7 +38,7 @@ struct bme680_calib { s8 par_h3; s8 par_h4; s8 par_h5; - s8 par_h6; + u8 par_h6; s8 par_h7; s8 par_gh1; s16 par_gh2; -- 2.45.2

1 year, 3 months

1
0
0 0

patch "iio: chemical: bme680: Fix pressure value output" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: chemical: bme680: Fix pressure value output to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From ae1f7b93b52095be6776d0f34957b4f35dda44d9 Mon Sep 17 00:00:00 2001 From: Vasileios Amoiridis <vassilisamir(a)gmail.com> Date: Thu, 6 Jun 2024 23:22:53 +0200 Subject: iio: chemical: bme680: Fix pressure value output The IIO standard units are measured in kPa while the driver is using hPa. Apart from checking the userspace value itself, it is mentioned also in the Bosch API [1] that the pressure value is in Pascal. [1]: https://github.com/boschsensortec/BME68x_SensorAPI/blob/v4.4.8/bme68x_defs.… Fixes: 1b3bd8592780 ("iio: chemical: Add support for Bosch BME680 sensor") Signed-off-by: Vasileios Amoiridis <vassilisamir(a)gmail.com> Link: https://lore.kernel.org/r/20240606212313.207550-2-vassilisamir@gmail.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/chemical/bme680_core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/iio/chemical/bme680_core.c b/drivers/iio/chemical/bme680_core.c index ef5e0e46fd34..2c40c13fe97a 100644 --- a/drivers/iio/chemical/bme680_core.c +++ b/drivers/iio/chemical/bme680_core.c @@ -678,7 +678,7 @@ static int bme680_read_press(struct bme680_data *data, } *val = bme680_compensate_press(data, adc_press); - *val2 = 100; + *val2 = 1000; return IIO_VAL_FRACTIONAL; } -- 2.45.2

1 year, 3 months

1
0
0 0

patch "iio: humidity: hdc3020: fix hysteresis representation" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: humidity: hdc3020: fix hysteresis representation to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From 9547d6a4c65e975e40e203900322342ef7379c52 Mon Sep 17 00:00:00 2001 From: Dimitri Fedrau <dima.fedrau(a)gmail.com> Date: Wed, 5 Jun 2024 21:21:35 +0200 Subject: iio: humidity: hdc3020: fix hysteresis representation According to the ABI docs hysteresis values are represented as offsets to threshold values. Current implementation represents hysteresis values as absolute values which is wrong. Nevertheless the device stores them as absolute values and the datasheet refers to them as clear thresholds. Fix the reading and writing of hysteresis values by including thresholds into calculations. Hysteresis values that result in threshold clear values that are out of limits will be truncated. To check that the threshold clear values are correct, registers are read out using i2ctransfer and the corresponding temperature and relative humidity thresholds are calculated using the formulas in the datasheet. Fixes: 3ad0e7e5f0cb ("iio: humidity: hdc3020: add threshold events support") Signed-off-by: Dimitri Fedrau <dima.fedrau(a)gmail.com> Reviewed-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Link: https://lore.kernel.org/r/20240605192136.38146-1-dima.fedrau@gmail.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/humidity/hdc3020.c | 323 +++++++++++++++++++++++++-------- 1 file changed, 248 insertions(+), 75 deletions(-) diff --git a/drivers/iio/humidity/hdc3020.c b/drivers/iio/humidity/hdc3020.c index cdc4789213ba..a82dcc3da421 100644 --- a/drivers/iio/humidity/hdc3020.c +++ b/drivers/iio/humidity/hdc3020.c @@ -19,6 +19,7 @@ #include <linux/i2c.h> #include <linux/init.h> #include <linux/interrupt.h> +#include <linux/math64.h> #include <linux/module.h> #include <linux/mutex.h> #include <linux/pm.h> @@ -66,8 +67,10 @@ #define HDC3020_CRC8_POLYNOMIAL 0x31 -#define HDC3020_MIN_TEMP -40 -#define HDC3020_MAX_TEMP 125 +#define HDC3020_MIN_TEMP_MICRO -39872968 +#define HDC3020_MAX_TEMP_MICRO 124875639 +#define HDC3020_MAX_TEMP_HYST_MICRO 164748607 +#define HDC3020_MAX_HUM_MICRO 99220264 struct hdc3020_data { struct i2c_client *client; @@ -368,6 +371,105 @@ static int hdc3020_write_raw(struct iio_dev *indio_dev, return -EINVAL; } +static int hdc3020_thresh_get_temp(u16 thresh) +{ + int temp; + + /* + * Get the temperature threshold from 9 LSBs, shift them to get + * the truncated temperature threshold representation and + * calculate the threshold according to the formula in the + * datasheet. Result is degree celsius scaled by 65535. + */ + temp = FIELD_GET(HDC3020_THRESH_TEMP_MASK, thresh) << + HDC3020_THRESH_TEMP_TRUNC_SHIFT; + + return -2949075 + (175 * temp); +} + +static int hdc3020_thresh_get_hum(u16 thresh) +{ + int hum; + + /* + * Get the humidity threshold from 7 MSBs, shift them to get the + * truncated humidity threshold representation and calculate the + * threshold according to the formula in the datasheet. Result is + * percent scaled by 65535. + */ + hum = FIELD_GET(HDC3020_THRESH_HUM_MASK, thresh) << + HDC3020_THRESH_HUM_TRUNC_SHIFT; + + return hum * 100; +} + +static u16 hdc3020_thresh_set_temp(int s_temp, u16 curr_thresh) +{ + u64 temp; + u16 thresh; + + /* + * Calculate temperature threshold, shift it down to get the + * truncated threshold representation in the 9LSBs while keeping + * the current humidity threshold in the 7 MSBs. + */ + temp = (u64)(s_temp + 45000000) * 65535ULL; + temp = div_u64(temp, 1000000 * 175) >> HDC3020_THRESH_TEMP_TRUNC_SHIFT; + thresh = FIELD_PREP(HDC3020_THRESH_TEMP_MASK, temp); + thresh |= (FIELD_GET(HDC3020_THRESH_HUM_MASK, curr_thresh) << + HDC3020_THRESH_HUM_TRUNC_SHIFT); + + return thresh; +} + +static u16 hdc3020_thresh_set_hum(int s_hum, u16 curr_thresh) +{ + u64 hum; + u16 thresh; + + /* + * Calculate humidity threshold, shift it down and up to get the + * truncated threshold representation in the 7MSBs while keeping + * the current temperature threshold in the 9 LSBs. + */ + hum = (u64)(s_hum) * 65535ULL; + hum = div_u64(hum, 1000000 * 100) >> HDC3020_THRESH_HUM_TRUNC_SHIFT; + thresh = FIELD_PREP(HDC3020_THRESH_HUM_MASK, hum); + thresh |= FIELD_GET(HDC3020_THRESH_TEMP_MASK, curr_thresh); + + return thresh; +} + +static +int hdc3020_thresh_clr(s64 s_thresh, s64 s_hyst, enum iio_event_direction dir) +{ + s64 s_clr; + + /* + * Include directions when calculation the clear value, + * since hysteresis is unsigned by definition and the + * clear value is an absolute value which is signed. + */ + if (dir == IIO_EV_DIR_RISING) + s_clr = s_thresh - s_hyst; + else + s_clr = s_thresh + s_hyst; + + /* Divide by 65535 to get units of micro */ + return div_s64(s_clr, 65535); +} + +static int _hdc3020_write_thresh(struct hdc3020_data *data, u16 reg, u16 val) +{ + u8 buf[5]; + + put_unaligned_be16(reg, buf); + put_unaligned_be16(val, buf + 2); + buf[4] = crc8(hdc3020_crc8_table, buf + 2, 2, CRC8_INIT_VALUE); + + return hdc3020_write_bytes(data, buf, 5); +} + static int hdc3020_write_thresh(struct iio_dev *indio_dev, const struct iio_chan_spec *chan, enum iio_event_type type, @@ -376,67 +478,126 @@ static int hdc3020_write_thresh(struct iio_dev *indio_dev, int val, int val2) { struct hdc3020_data *data = iio_priv(indio_dev); - u8 buf[5]; - u64 tmp; - u16 reg; - int ret; + u16 reg, reg_val, reg_thresh_rd, reg_clr_rd, reg_thresh_wr, reg_clr_wr; + s64 s_thresh, s_hyst, s_clr; + int s_val, thresh, clr, ret; - /* Supported temperature range is from –40 to 125 degree celsius */ - if (val < HDC3020_MIN_TEMP || val > HDC3020_MAX_TEMP) - return -EINVAL; - - /* Select threshold register */ - if (info == IIO_EV_INFO_VALUE) { - if (dir == IIO_EV_DIR_RISING) - reg = HDC3020_S_T_RH_THRESH_HIGH; - else - reg = HDC3020_S_T_RH_THRESH_LOW; + /* Select threshold registers */ + if (dir == IIO_EV_DIR_RISING) { + reg_thresh_rd = HDC3020_R_T_RH_THRESH_HIGH; + reg_thresh_wr = HDC3020_S_T_RH_THRESH_HIGH; + reg_clr_rd = HDC3020_R_T_RH_THRESH_HIGH_CLR; + reg_clr_wr = HDC3020_S_T_RH_THRESH_HIGH_CLR; } else { - if (dir == IIO_EV_DIR_RISING) - reg = HDC3020_S_T_RH_THRESH_HIGH_CLR; - else - reg = HDC3020_S_T_RH_THRESH_LOW_CLR; + reg_thresh_rd = HDC3020_R_T_RH_THRESH_LOW; + reg_thresh_wr = HDC3020_S_T_RH_THRESH_LOW; + reg_clr_rd = HDC3020_R_T_RH_THRESH_LOW_CLR; + reg_clr_wr = HDC3020_S_T_RH_THRESH_LOW_CLR; } guard(mutex)(&data->lock); - ret = hdc3020_read_be16(data, reg); + ret = hdc3020_read_be16(data, reg_thresh_rd); if (ret < 0) return ret; + thresh = ret; + ret = hdc3020_read_be16(data, reg_clr_rd); + if (ret < 0) + return ret; + + clr = ret; + /* Scale value to include decimal part into calculations */ + s_val = (val < 0) ? (val * 1000000 - val2) : (val * 1000000 + val2); switch (chan->type) { case IIO_TEMP: - /* - * Calculate temperature threshold, shift it down to get the - * truncated threshold representation in the 9LSBs while keeping - * the current humidity threshold in the 7 MSBs. - */ - tmp = ((u64)(((val + 45) * MICRO) + val2)) * 65535ULL; - tmp = div_u64(tmp, MICRO * 175); - val = tmp >> HDC3020_THRESH_TEMP_TRUNC_SHIFT; - val = FIELD_PREP(HDC3020_THRESH_TEMP_MASK, val); - val |= (FIELD_GET(HDC3020_THRESH_HUM_MASK, ret) << - HDC3020_THRESH_HUM_TRUNC_SHIFT); + switch (info) { + case IIO_EV_INFO_VALUE: + s_val = max(s_val, HDC3020_MIN_TEMP_MICRO); + s_val = min(s_val, HDC3020_MAX_TEMP_MICRO); + reg = reg_thresh_wr; + reg_val = hdc3020_thresh_set_temp(s_val, thresh); + ret = _hdc3020_write_thresh(data, reg, reg_val); + if (ret < 0) + return ret; + + /* Calculate old hysteresis */ + s_thresh = (s64)hdc3020_thresh_get_temp(thresh) * 1000000; + s_clr = (s64)hdc3020_thresh_get_temp(clr) * 1000000; + s_hyst = div_s64(abs(s_thresh - s_clr), 65535); + /* Set new threshold */ + thresh = reg_val; + /* Set old hysteresis */ + s_val = s_hyst; + fallthrough; + case IIO_EV_INFO_HYSTERESIS: + /* + * Function hdc3020_thresh_get_temp returns temperature + * in degree celsius scaled by 65535. Scale by 1000000 + * to be able to subtract scaled hysteresis value. + */ + s_thresh = (s64)hdc3020_thresh_get_temp(thresh) * 1000000; + /* + * Units of s_val are in micro degree celsius, scale by + * 65535 to get same units as s_thresh. + */ + s_val = min(abs(s_val), HDC3020_MAX_TEMP_HYST_MICRO); + s_hyst = (s64)s_val * 65535; + s_clr = hdc3020_thresh_clr(s_thresh, s_hyst, dir); + s_clr = max(s_clr, HDC3020_MIN_TEMP_MICRO); + s_clr = min(s_clr, HDC3020_MAX_TEMP_MICRO); + reg = reg_clr_wr; + reg_val = hdc3020_thresh_set_temp(s_clr, clr); + break; + default: + return -EOPNOTSUPP; + } break; case IIO_HUMIDITYRELATIVE: - /* - * Calculate humidity threshold, shift it down and up to get the - * truncated threshold representation in the 7MSBs while keeping - * the current temperature threshold in the 9 LSBs. - */ - tmp = ((u64)((val * MICRO) + val2)) * 65535ULL; - tmp = div_u64(tmp, MICRO * 100); - val = tmp >> HDC3020_THRESH_HUM_TRUNC_SHIFT; - val = FIELD_PREP(HDC3020_THRESH_HUM_MASK, val); - val |= FIELD_GET(HDC3020_THRESH_TEMP_MASK, ret); + s_val = (s_val < 0) ? 0 : min(s_val, HDC3020_MAX_HUM_MICRO); + switch (info) { + case IIO_EV_INFO_VALUE: + reg = reg_thresh_wr; + reg_val = hdc3020_thresh_set_hum(s_val, thresh); + ret = _hdc3020_write_thresh(data, reg, reg_val); + if (ret < 0) + return ret; + + /* Calculate old hysteresis */ + s_thresh = (s64)hdc3020_thresh_get_hum(thresh) * 1000000; + s_clr = (s64)hdc3020_thresh_get_hum(clr) * 1000000; + s_hyst = div_s64(abs(s_thresh - s_clr), 65535); + /* Set new threshold */ + thresh = reg_val; + /* Try to set old hysteresis */ + s_val = min(abs(s_hyst), HDC3020_MAX_HUM_MICRO); + fallthrough; + case IIO_EV_INFO_HYSTERESIS: + /* + * Function hdc3020_thresh_get_hum returns relative + * humidity in percent scaled by 65535. Scale by 1000000 + * to be able to subtract scaled hysteresis value. + */ + s_thresh = (s64)hdc3020_thresh_get_hum(thresh) * 1000000; + /* + * Units of s_val are in micro percent, scale by 65535 + * to get same units as s_thresh. + */ + s_hyst = (s64)s_val * 65535; + s_clr = hdc3020_thresh_clr(s_thresh, s_hyst, dir); + s_clr = max(s_clr, 0); + s_clr = min(s_clr, HDC3020_MAX_HUM_MICRO); + reg = reg_clr_wr; + reg_val = hdc3020_thresh_set_hum(s_clr, clr); + break; + default: + return -EOPNOTSUPP; + } break; default: return -EOPNOTSUPP; } - put_unaligned_be16(reg, buf); - put_unaligned_be16(val, buf + 2); - buf[4] = crc8(hdc3020_crc8_table, buf + 2, 2, CRC8_INIT_VALUE); - return hdc3020_write_bytes(data, buf, 5); + return _hdc3020_write_thresh(data, reg, reg_val); } static int hdc3020_read_thresh(struct iio_dev *indio_dev, @@ -447,48 +608,60 @@ static int hdc3020_read_thresh(struct iio_dev *indio_dev, int *val, int *val2) { struct hdc3020_data *data = iio_priv(indio_dev); - u16 reg; - int ret; + u16 reg_thresh, reg_clr; + int thresh, clr, ret; - /* Select threshold register */ - if (info == IIO_EV_INFO_VALUE) { - if (dir == IIO_EV_DIR_RISING) - reg = HDC3020_R_T_RH_THRESH_HIGH; - else - reg = HDC3020_R_T_RH_THRESH_LOW; + /* Select threshold registers */ + if (dir == IIO_EV_DIR_RISING) { + reg_thresh = HDC3020_R_T_RH_THRESH_HIGH; + reg_clr = HDC3020_R_T_RH_THRESH_HIGH_CLR; } else { - if (dir == IIO_EV_DIR_RISING) - reg = HDC3020_R_T_RH_THRESH_HIGH_CLR; - else - reg = HDC3020_R_T_RH_THRESH_LOW_CLR; + reg_thresh = HDC3020_R_T_RH_THRESH_LOW; + reg_clr = HDC3020_R_T_RH_THRESH_LOW_CLR; } guard(mutex)(&data->lock); - ret = hdc3020_read_be16(data, reg); + ret = hdc3020_read_be16(data, reg_thresh); if (ret < 0) return ret; switch (chan->type) { case IIO_TEMP: - /* - * Get the temperature threshold from 9 LSBs, shift them to get - * the truncated temperature threshold representation and - * calculate the threshold according to the formula in the - * datasheet. - */ - *val = FIELD_GET(HDC3020_THRESH_TEMP_MASK, ret); - *val = *val << HDC3020_THRESH_TEMP_TRUNC_SHIFT; - *val = -2949075 + (175 * (*val)); + thresh = hdc3020_thresh_get_temp(ret); + switch (info) { + case IIO_EV_INFO_VALUE: + *val = thresh; + break; + case IIO_EV_INFO_HYSTERESIS: + ret = hdc3020_read_be16(data, reg_clr); + if (ret < 0) + return ret; + + clr = hdc3020_thresh_get_temp(ret); + *val = abs(thresh - clr); + break; + default: + return -EOPNOTSUPP; + } *val2 = 65535; return IIO_VAL_FRACTIONAL; case IIO_HUMIDITYRELATIVE: - /* - * Get the humidity threshold from 7 MSBs, shift them to get the - * truncated humidity threshold representation and calculate the - * threshold according to the formula in the datasheet. - */ - *val = FIELD_GET(HDC3020_THRESH_HUM_MASK, ret); - *val = (*val << HDC3020_THRESH_HUM_TRUNC_SHIFT) * 100; + thresh = hdc3020_thresh_get_hum(ret); + switch (info) { + case IIO_EV_INFO_VALUE: + *val = thresh; + break; + case IIO_EV_INFO_HYSTERESIS: + ret = hdc3020_read_be16(data, reg_clr); + if (ret < 0) + return ret; + + clr = hdc3020_thresh_get_hum(ret); + *val = abs(thresh - clr); + break; + default: + return -EOPNOTSUPP; + } *val2 = 65535; return IIO_VAL_FRACTIONAL; default: -- 2.45.2

1 year, 3 months

1
0
0 0

patch "iio: adc: ad7266: Fix variable checking bug" added to char-misc-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: ad7266: Fix variable checking bug to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From a2b86132955268b2a1703082fbc2d4832fc001b8 Mon Sep 17 00:00:00 2001 From: Fernando Yang <hagisf(a)usp.br> Date: Mon, 3 Jun 2024 15:07:54 -0300 Subject: iio: adc: ad7266: Fix variable checking bug The ret variable was not checked after iio_device_release_direct_mode(), which could possibly cause errors Fixes: c70df20e3159 ("iio: adc: ad7266: claim direct mode during sensor read") Signed-off-by: Fernando Yang <hagisf(a)usp.br> Link: https://lore.kernel.org/r/20240603180757.8560-1-hagisf@usp.br Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/ad7266.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/iio/adc/ad7266.c b/drivers/iio/adc/ad7266.c index 353a97f9c086..13ea8a1073d2 100644 --- a/drivers/iio/adc/ad7266.c +++ b/drivers/iio/adc/ad7266.c @@ -157,6 +157,8 @@ static int ad7266_read_raw(struct iio_dev *indio_dev, ret = ad7266_read_single(st, val, chan->address); iio_device_release_direct_mode(indio_dev); + if (ret < 0) + return ret; *val = (*val >> 2) & 0xfff; if (chan->scan_type.sign == 's') *val = sign_extend32(*val, -- 2.45.2

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] iio: imu: inv_icm42600: stabilized timestamp in interrupt" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x d7bd473632d07f8a54655c270c0940cc3671c548 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061751-splinter-gap-68a1@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: d7bd473632d0 ("iio: imu: inv_icm42600: stabilized timestamp in interrupt") bf8367b00c33 ("iio: invensense: fix timestamp glitches when switching frequency") a1432b5b4f4c ("iio: imu: inv_icm42600: add support of ICM-42686-P") b58b13f156c0 ("iio: invensense: remove redundant initialization of variable period") 111e1abd0045 ("iio: imu: inv_mpu6050: use the common inv_sensors timestamp module") 0ecc363ccea7 ("iio: make invensense timestamp module generic") d99ff463ecf6 ("iio: move inv_icm42600 timestamp module in common") 6e9f2d8375cb ("iio: imu: inv_icm42600: make timestamp module chip independent") 269b9d8fafbe ("Merge tag 'iio-for-6.5a' of https://git.kernel.org/pub/scm/linux/kernel/git/jic23/iio into char-misc-next") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d7bd473632d07f8a54655c270c0940cc3671c548 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> Date: Wed, 29 May 2024 15:47:17 +0000 Subject: [PATCH] iio: imu: inv_icm42600: stabilized timestamp in interrupt Use IRQF_ONESHOT flag to ensure the timestamp is not updated in the hard handler during the thread handler. And compute and use the effective watermark value that correspond to this first timestamp. This way we can ensure the timestamp is always corresponding to the value used by the timestamping mechanism. Otherwise, it is possible that between FIFO count read and FIFO processing the timestamp is overwritten in the hard handler. Fixes: ec74ae9fd37c ("iio: imu: inv_icm42600: add accurate timestamping") Cc: stable(a)vger.kernel.org Signed-off-by: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> Link: https://lore.kernel.org/r/20240529154717.651863-1-inv.git-commit@tdk.com Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.c index 63b85ec88c13..a8cf74c84c3c 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.c +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.c @@ -222,10 +222,15 @@ int inv_icm42600_buffer_update_watermark(struct inv_icm42600_state *st) latency_accel = period_accel * wm_accel; /* 0 value for watermark means that the sensor is turned off */ + if (wm_gyro == 0 && wm_accel == 0) + return 0; + if (latency_gyro == 0) { watermark = wm_accel; + st->fifo.watermark.eff_accel = wm_accel; } else if (latency_accel == 0) { watermark = wm_gyro; + st->fifo.watermark.eff_gyro = wm_gyro; } else { /* compute the smallest latency that is a multiple of both */ if (latency_gyro <= latency_accel) @@ -241,6 +246,13 @@ int inv_icm42600_buffer_update_watermark(struct inv_icm42600_state *st) watermark = latency / period; if (watermark < 1) watermark = 1; + /* update effective watermark */ + st->fifo.watermark.eff_gyro = latency / period_gyro; + if (st->fifo.watermark.eff_gyro < 1) + st->fifo.watermark.eff_gyro = 1; + st->fifo.watermark.eff_accel = latency / period_accel; + if (st->fifo.watermark.eff_accel < 1) + st->fifo.watermark.eff_accel = 1; } /* compute watermark value in bytes */ @@ -514,7 +526,7 @@ int inv_icm42600_buffer_fifo_parse(struct inv_icm42600_state *st) /* handle gyroscope timestamp and FIFO data parsing */ if (st->fifo.nb.gyro > 0) { ts = &gyro_st->ts; - inv_sensors_timestamp_interrupt(ts, st->fifo.nb.gyro, + inv_sensors_timestamp_interrupt(ts, st->fifo.watermark.eff_gyro, st->timestamp.gyro); ret = inv_icm42600_gyro_parse_fifo(st->indio_gyro); if (ret) @@ -524,7 +536,7 @@ int inv_icm42600_buffer_fifo_parse(struct inv_icm42600_state *st) /* handle accelerometer timestamp and FIFO data parsing */ if (st->fifo.nb.accel > 0) { ts = &accel_st->ts; - inv_sensors_timestamp_interrupt(ts, st->fifo.nb.accel, + inv_sensors_timestamp_interrupt(ts, st->fifo.watermark.eff_accel, st->timestamp.accel); ret = inv_icm42600_accel_parse_fifo(st->indio_accel); if (ret) @@ -577,6 +589,9 @@ int inv_icm42600_buffer_init(struct inv_icm42600_state *st) unsigned int val; int ret; + st->fifo.watermark.eff_gyro = 1; + st->fifo.watermark.eff_accel = 1; + /* * Default FIFO configuration (bits 7 to 5) * - use invalid value diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.h b/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.h index 8b85ee333bf8..f6c85daf42b0 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.h +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.h @@ -32,6 +32,8 @@ struct inv_icm42600_fifo { struct { unsigned int gyro; unsigned int accel; + unsigned int eff_gyro; + unsigned int eff_accel; } watermark; size_t count; struct { diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c index 96116a68ab29..62fdae530334 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c @@ -537,6 +537,7 @@ static int inv_icm42600_irq_init(struct inv_icm42600_state *st, int irq, if (ret) return ret; + irq_type |= IRQF_ONESHOT; return devm_request_threaded_irq(dev, irq, inv_icm42600_irq_timestamp, inv_icm42600_irq_handler, irq_type, "inv_icm42600", st);

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] iio: imu: inv_icm42600: stabilized timestamp in interrupt" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x d7bd473632d07f8a54655c270c0940cc3671c548 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061750-such-authentic-441b@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: d7bd473632d0 ("iio: imu: inv_icm42600: stabilized timestamp in interrupt") bf8367b00c33 ("iio: invensense: fix timestamp glitches when switching frequency") a1432b5b4f4c ("iio: imu: inv_icm42600: add support of ICM-42686-P") b58b13f156c0 ("iio: invensense: remove redundant initialization of variable period") 111e1abd0045 ("iio: imu: inv_mpu6050: use the common inv_sensors timestamp module") 0ecc363ccea7 ("iio: make invensense timestamp module generic") d99ff463ecf6 ("iio: move inv_icm42600 timestamp module in common") 6e9f2d8375cb ("iio: imu: inv_icm42600: make timestamp module chip independent") 269b9d8fafbe ("Merge tag 'iio-for-6.5a' of https://git.kernel.org/pub/scm/linux/kernel/git/jic23/iio into char-misc-next") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d7bd473632d07f8a54655c270c0940cc3671c548 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> Date: Wed, 29 May 2024 15:47:17 +0000 Subject: [PATCH] iio: imu: inv_icm42600: stabilized timestamp in interrupt Use IRQF_ONESHOT flag to ensure the timestamp is not updated in the hard handler during the thread handler. And compute and use the effective watermark value that correspond to this first timestamp. This way we can ensure the timestamp is always corresponding to the value used by the timestamping mechanism. Otherwise, it is possible that between FIFO count read and FIFO processing the timestamp is overwritten in the hard handler. Fixes: ec74ae9fd37c ("iio: imu: inv_icm42600: add accurate timestamping") Cc: stable(a)vger.kernel.org Signed-off-by: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> Link: https://lore.kernel.org/r/20240529154717.651863-1-inv.git-commit@tdk.com Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.c index 63b85ec88c13..a8cf74c84c3c 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.c +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.c @@ -222,10 +222,15 @@ int inv_icm42600_buffer_update_watermark(struct inv_icm42600_state *st) latency_accel = period_accel * wm_accel; /* 0 value for watermark means that the sensor is turned off */ + if (wm_gyro == 0 && wm_accel == 0) + return 0; + if (latency_gyro == 0) { watermark = wm_accel; + st->fifo.watermark.eff_accel = wm_accel; } else if (latency_accel == 0) { watermark = wm_gyro; + st->fifo.watermark.eff_gyro = wm_gyro; } else { /* compute the smallest latency that is a multiple of both */ if (latency_gyro <= latency_accel) @@ -241,6 +246,13 @@ int inv_icm42600_buffer_update_watermark(struct inv_icm42600_state *st) watermark = latency / period; if (watermark < 1) watermark = 1; + /* update effective watermark */ + st->fifo.watermark.eff_gyro = latency / period_gyro; + if (st->fifo.watermark.eff_gyro < 1) + st->fifo.watermark.eff_gyro = 1; + st->fifo.watermark.eff_accel = latency / period_accel; + if (st->fifo.watermark.eff_accel < 1) + st->fifo.watermark.eff_accel = 1; } /* compute watermark value in bytes */ @@ -514,7 +526,7 @@ int inv_icm42600_buffer_fifo_parse(struct inv_icm42600_state *st) /* handle gyroscope timestamp and FIFO data parsing */ if (st->fifo.nb.gyro > 0) { ts = &gyro_st->ts; - inv_sensors_timestamp_interrupt(ts, st->fifo.nb.gyro, + inv_sensors_timestamp_interrupt(ts, st->fifo.watermark.eff_gyro, st->timestamp.gyro); ret = inv_icm42600_gyro_parse_fifo(st->indio_gyro); if (ret) @@ -524,7 +536,7 @@ int inv_icm42600_buffer_fifo_parse(struct inv_icm42600_state *st) /* handle accelerometer timestamp and FIFO data parsing */ if (st->fifo.nb.accel > 0) { ts = &accel_st->ts; - inv_sensors_timestamp_interrupt(ts, st->fifo.nb.accel, + inv_sensors_timestamp_interrupt(ts, st->fifo.watermark.eff_accel, st->timestamp.accel); ret = inv_icm42600_accel_parse_fifo(st->indio_accel); if (ret) @@ -577,6 +589,9 @@ int inv_icm42600_buffer_init(struct inv_icm42600_state *st) unsigned int val; int ret; + st->fifo.watermark.eff_gyro = 1; + st->fifo.watermark.eff_accel = 1; + /* * Default FIFO configuration (bits 7 to 5) * - use invalid value diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.h b/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.h index 8b85ee333bf8..f6c85daf42b0 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.h +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.h @@ -32,6 +32,8 @@ struct inv_icm42600_fifo { struct { unsigned int gyro; unsigned int accel; + unsigned int eff_gyro; + unsigned int eff_accel; } watermark; size_t count; struct { diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c index 96116a68ab29..62fdae530334 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c @@ -537,6 +537,7 @@ static int inv_icm42600_irq_init(struct inv_icm42600_state *st, int irq, if (ret) return ret; + irq_type |= IRQF_ONESHOT; return devm_request_threaded_irq(dev, irq, inv_icm42600_irq_timestamp, inv_icm42600_irq_handler, irq_type, "inv_icm42600", st);

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] iio: imu: inv_icm42600: stabilized timestamp in interrupt" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x d7bd473632d07f8a54655c270c0940cc3671c548 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061748-baking-region-b188@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: d7bd473632d0 ("iio: imu: inv_icm42600: stabilized timestamp in interrupt") bf8367b00c33 ("iio: invensense: fix timestamp glitches when switching frequency") a1432b5b4f4c ("iio: imu: inv_icm42600: add support of ICM-42686-P") b58b13f156c0 ("iio: invensense: remove redundant initialization of variable period") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d7bd473632d07f8a54655c270c0940cc3671c548 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> Date: Wed, 29 May 2024 15:47:17 +0000 Subject: [PATCH] iio: imu: inv_icm42600: stabilized timestamp in interrupt Use IRQF_ONESHOT flag to ensure the timestamp is not updated in the hard handler during the thread handler. And compute and use the effective watermark value that correspond to this first timestamp. This way we can ensure the timestamp is always corresponding to the value used by the timestamping mechanism. Otherwise, it is possible that between FIFO count read and FIFO processing the timestamp is overwritten in the hard handler. Fixes: ec74ae9fd37c ("iio: imu: inv_icm42600: add accurate timestamping") Cc: stable(a)vger.kernel.org Signed-off-by: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> Link: https://lore.kernel.org/r/20240529154717.651863-1-inv.git-commit@tdk.com Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.c index 63b85ec88c13..a8cf74c84c3c 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.c +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.c @@ -222,10 +222,15 @@ int inv_icm42600_buffer_update_watermark(struct inv_icm42600_state *st) latency_accel = period_accel * wm_accel; /* 0 value for watermark means that the sensor is turned off */ + if (wm_gyro == 0 && wm_accel == 0) + return 0; + if (latency_gyro == 0) { watermark = wm_accel; + st->fifo.watermark.eff_accel = wm_accel; } else if (latency_accel == 0) { watermark = wm_gyro; + st->fifo.watermark.eff_gyro = wm_gyro; } else { /* compute the smallest latency that is a multiple of both */ if (latency_gyro <= latency_accel) @@ -241,6 +246,13 @@ int inv_icm42600_buffer_update_watermark(struct inv_icm42600_state *st) watermark = latency / period; if (watermark < 1) watermark = 1; + /* update effective watermark */ + st->fifo.watermark.eff_gyro = latency / period_gyro; + if (st->fifo.watermark.eff_gyro < 1) + st->fifo.watermark.eff_gyro = 1; + st->fifo.watermark.eff_accel = latency / period_accel; + if (st->fifo.watermark.eff_accel < 1) + st->fifo.watermark.eff_accel = 1; } /* compute watermark value in bytes */ @@ -514,7 +526,7 @@ int inv_icm42600_buffer_fifo_parse(struct inv_icm42600_state *st) /* handle gyroscope timestamp and FIFO data parsing */ if (st->fifo.nb.gyro > 0) { ts = &gyro_st->ts; - inv_sensors_timestamp_interrupt(ts, st->fifo.nb.gyro, + inv_sensors_timestamp_interrupt(ts, st->fifo.watermark.eff_gyro, st->timestamp.gyro); ret = inv_icm42600_gyro_parse_fifo(st->indio_gyro); if (ret) @@ -524,7 +536,7 @@ int inv_icm42600_buffer_fifo_parse(struct inv_icm42600_state *st) /* handle accelerometer timestamp and FIFO data parsing */ if (st->fifo.nb.accel > 0) { ts = &accel_st->ts; - inv_sensors_timestamp_interrupt(ts, st->fifo.nb.accel, + inv_sensors_timestamp_interrupt(ts, st->fifo.watermark.eff_accel, st->timestamp.accel); ret = inv_icm42600_accel_parse_fifo(st->indio_accel); if (ret) @@ -577,6 +589,9 @@ int inv_icm42600_buffer_init(struct inv_icm42600_state *st) unsigned int val; int ret; + st->fifo.watermark.eff_gyro = 1; + st->fifo.watermark.eff_accel = 1; + /* * Default FIFO configuration (bits 7 to 5) * - use invalid value diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.h b/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.h index 8b85ee333bf8..f6c85daf42b0 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.h +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.h @@ -32,6 +32,8 @@ struct inv_icm42600_fifo { struct { unsigned int gyro; unsigned int accel; + unsigned int eff_gyro; + unsigned int eff_accel; } watermark; size_t count; struct { diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c index 96116a68ab29..62fdae530334 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c @@ -537,6 +537,7 @@ static int inv_icm42600_irq_init(struct inv_icm42600_state *st, int irq, if (ret) return ret; + irq_type |= IRQF_ONESHOT; return devm_request_threaded_irq(dev, irq, inv_icm42600_irq_timestamp, inv_icm42600_irq_handler, irq_type, "inv_icm42600", st);

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] iio: imu: inv_icm42600: stabilized timestamp in interrupt" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x d7bd473632d07f8a54655c270c0940cc3671c548 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061749-wrongness-reshape-ad36@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: d7bd473632d0 ("iio: imu: inv_icm42600: stabilized timestamp in interrupt") bf8367b00c33 ("iio: invensense: fix timestamp glitches when switching frequency") a1432b5b4f4c ("iio: imu: inv_icm42600: add support of ICM-42686-P") b58b13f156c0 ("iio: invensense: remove redundant initialization of variable period") 111e1abd0045 ("iio: imu: inv_mpu6050: use the common inv_sensors timestamp module") 0ecc363ccea7 ("iio: make invensense timestamp module generic") d99ff463ecf6 ("iio: move inv_icm42600 timestamp module in common") 6e9f2d8375cb ("iio: imu: inv_icm42600: make timestamp module chip independent") 269b9d8fafbe ("Merge tag 'iio-for-6.5a' of https://git.kernel.org/pub/scm/linux/kernel/git/jic23/iio into char-misc-next") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d7bd473632d07f8a54655c270c0940cc3671c548 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> Date: Wed, 29 May 2024 15:47:17 +0000 Subject: [PATCH] iio: imu: inv_icm42600: stabilized timestamp in interrupt Use IRQF_ONESHOT flag to ensure the timestamp is not updated in the hard handler during the thread handler. And compute and use the effective watermark value that correspond to this first timestamp. This way we can ensure the timestamp is always corresponding to the value used by the timestamping mechanism. Otherwise, it is possible that between FIFO count read and FIFO processing the timestamp is overwritten in the hard handler. Fixes: ec74ae9fd37c ("iio: imu: inv_icm42600: add accurate timestamping") Cc: stable(a)vger.kernel.org Signed-off-by: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> Link: https://lore.kernel.org/r/20240529154717.651863-1-inv.git-commit@tdk.com Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.c index 63b85ec88c13..a8cf74c84c3c 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.c +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.c @@ -222,10 +222,15 @@ int inv_icm42600_buffer_update_watermark(struct inv_icm42600_state *st) latency_accel = period_accel * wm_accel; /* 0 value for watermark means that the sensor is turned off */ + if (wm_gyro == 0 && wm_accel == 0) + return 0; + if (latency_gyro == 0) { watermark = wm_accel; + st->fifo.watermark.eff_accel = wm_accel; } else if (latency_accel == 0) { watermark = wm_gyro; + st->fifo.watermark.eff_gyro = wm_gyro; } else { /* compute the smallest latency that is a multiple of both */ if (latency_gyro <= latency_accel) @@ -241,6 +246,13 @@ int inv_icm42600_buffer_update_watermark(struct inv_icm42600_state *st) watermark = latency / period; if (watermark < 1) watermark = 1; + /* update effective watermark */ + st->fifo.watermark.eff_gyro = latency / period_gyro; + if (st->fifo.watermark.eff_gyro < 1) + st->fifo.watermark.eff_gyro = 1; + st->fifo.watermark.eff_accel = latency / period_accel; + if (st->fifo.watermark.eff_accel < 1) + st->fifo.watermark.eff_accel = 1; } /* compute watermark value in bytes */ @@ -514,7 +526,7 @@ int inv_icm42600_buffer_fifo_parse(struct inv_icm42600_state *st) /* handle gyroscope timestamp and FIFO data parsing */ if (st->fifo.nb.gyro > 0) { ts = &gyro_st->ts; - inv_sensors_timestamp_interrupt(ts, st->fifo.nb.gyro, + inv_sensors_timestamp_interrupt(ts, st->fifo.watermark.eff_gyro, st->timestamp.gyro); ret = inv_icm42600_gyro_parse_fifo(st->indio_gyro); if (ret) @@ -524,7 +536,7 @@ int inv_icm42600_buffer_fifo_parse(struct inv_icm42600_state *st) /* handle accelerometer timestamp and FIFO data parsing */ if (st->fifo.nb.accel > 0) { ts = &accel_st->ts; - inv_sensors_timestamp_interrupt(ts, st->fifo.nb.accel, + inv_sensors_timestamp_interrupt(ts, st->fifo.watermark.eff_accel, st->timestamp.accel); ret = inv_icm42600_accel_parse_fifo(st->indio_accel); if (ret) @@ -577,6 +589,9 @@ int inv_icm42600_buffer_init(struct inv_icm42600_state *st) unsigned int val; int ret; + st->fifo.watermark.eff_gyro = 1; + st->fifo.watermark.eff_accel = 1; + /* * Default FIFO configuration (bits 7 to 5) * - use invalid value diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.h b/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.h index 8b85ee333bf8..f6c85daf42b0 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.h +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.h @@ -32,6 +32,8 @@ struct inv_icm42600_fifo { struct { unsigned int gyro; unsigned int accel; + unsigned int eff_gyro; + unsigned int eff_accel; } watermark; size_t count; struct { diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c index 96116a68ab29..62fdae530334 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c @@ -537,6 +537,7 @@ static int inv_icm42600_irq_init(struct inv_icm42600_state *st, int irq, if (ret) return ret; + irq_type |= IRQF_ONESHOT; return devm_request_threaded_irq(dev, irq, inv_icm42600_irq_timestamp, inv_icm42600_irq_handler, irq_type, "inv_icm42600", st);

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] iio: imu: inv_icm42600: stabilized timestamp in interrupt" failed to apply to 6.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.9.y git checkout FETCH_HEAD git cherry-pick -x d7bd473632d07f8a54655c270c0940cc3671c548 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061748-flashbulb-manliness-72d7@gregkh' --subject-prefix 'PATCH 6.9.y' HEAD^.. Possible dependencies: d7bd473632d0 ("iio: imu: inv_icm42600: stabilized timestamp in interrupt") bf8367b00c33 ("iio: invensense: fix timestamp glitches when switching frequency") a1432b5b4f4c ("iio: imu: inv_icm42600: add support of ICM-42686-P") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d7bd473632d07f8a54655c270c0940cc3671c548 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> Date: Wed, 29 May 2024 15:47:17 +0000 Subject: [PATCH] iio: imu: inv_icm42600: stabilized timestamp in interrupt Use IRQF_ONESHOT flag to ensure the timestamp is not updated in the hard handler during the thread handler. And compute and use the effective watermark value that correspond to this first timestamp. This way we can ensure the timestamp is always corresponding to the value used by the timestamping mechanism. Otherwise, it is possible that between FIFO count read and FIFO processing the timestamp is overwritten in the hard handler. Fixes: ec74ae9fd37c ("iio: imu: inv_icm42600: add accurate timestamping") Cc: stable(a)vger.kernel.org Signed-off-by: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> Link: https://lore.kernel.org/r/20240529154717.651863-1-inv.git-commit@tdk.com Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.c index 63b85ec88c13..a8cf74c84c3c 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.c +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.c @@ -222,10 +222,15 @@ int inv_icm42600_buffer_update_watermark(struct inv_icm42600_state *st) latency_accel = period_accel * wm_accel; /* 0 value for watermark means that the sensor is turned off */ + if (wm_gyro == 0 && wm_accel == 0) + return 0; + if (latency_gyro == 0) { watermark = wm_accel; + st->fifo.watermark.eff_accel = wm_accel; } else if (latency_accel == 0) { watermark = wm_gyro; + st->fifo.watermark.eff_gyro = wm_gyro; } else { /* compute the smallest latency that is a multiple of both */ if (latency_gyro <= latency_accel) @@ -241,6 +246,13 @@ int inv_icm42600_buffer_update_watermark(struct inv_icm42600_state *st) watermark = latency / period; if (watermark < 1) watermark = 1; + /* update effective watermark */ + st->fifo.watermark.eff_gyro = latency / period_gyro; + if (st->fifo.watermark.eff_gyro < 1) + st->fifo.watermark.eff_gyro = 1; + st->fifo.watermark.eff_accel = latency / period_accel; + if (st->fifo.watermark.eff_accel < 1) + st->fifo.watermark.eff_accel = 1; } /* compute watermark value in bytes */ @@ -514,7 +526,7 @@ int inv_icm42600_buffer_fifo_parse(struct inv_icm42600_state *st) /* handle gyroscope timestamp and FIFO data parsing */ if (st->fifo.nb.gyro > 0) { ts = &gyro_st->ts; - inv_sensors_timestamp_interrupt(ts, st->fifo.nb.gyro, + inv_sensors_timestamp_interrupt(ts, st->fifo.watermark.eff_gyro, st->timestamp.gyro); ret = inv_icm42600_gyro_parse_fifo(st->indio_gyro); if (ret) @@ -524,7 +536,7 @@ int inv_icm42600_buffer_fifo_parse(struct inv_icm42600_state *st) /* handle accelerometer timestamp and FIFO data parsing */ if (st->fifo.nb.accel > 0) { ts = &accel_st->ts; - inv_sensors_timestamp_interrupt(ts, st->fifo.nb.accel, + inv_sensors_timestamp_interrupt(ts, st->fifo.watermark.eff_accel, st->timestamp.accel); ret = inv_icm42600_accel_parse_fifo(st->indio_accel); if (ret) @@ -577,6 +589,9 @@ int inv_icm42600_buffer_init(struct inv_icm42600_state *st) unsigned int val; int ret; + st->fifo.watermark.eff_gyro = 1; + st->fifo.watermark.eff_accel = 1; + /* * Default FIFO configuration (bits 7 to 5) * - use invalid value diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.h b/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.h index 8b85ee333bf8..f6c85daf42b0 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.h +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.h @@ -32,6 +32,8 @@ struct inv_icm42600_fifo { struct { unsigned int gyro; unsigned int accel; + unsigned int eff_gyro; + unsigned int eff_accel; } watermark; size_t count; struct { diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c index 96116a68ab29..62fdae530334 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c @@ -537,6 +537,7 @@ static int inv_icm42600_irq_init(struct inv_icm42600_state *st, int irq, if (ret) return ret; + irq_type |= IRQF_ONESHOT; return devm_request_threaded_irq(dev, irq, inv_icm42600_irq_timestamp, inv_icm42600_irq_handler, irq_type, "inv_icm42600", st);

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] iio: imu: inv_mpu6050: stabilized timestamping in interrupt" failed to apply to 6.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.9.y git checkout FETCH_HEAD git cherry-pick -x 8844ed0a6e063acf7173b231021b2d301e31ded9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061729-roundness-hurled-7533@gregkh' --subject-prefix 'PATCH 6.9.y' HEAD^.. Possible dependencies: 8844ed0a6e06 ("iio: imu: inv_mpu6050: stabilized timestamping in interrupt") bf8367b00c33 ("iio: invensense: fix timestamp glitches when switching frequency") a1432b5b4f4c ("iio: imu: inv_icm42600: add support of ICM-42686-P") 5537f653d9be ("iio: imu: inv_mpu6050: add new interrupt handler for WoM events") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8844ed0a6e063acf7173b231021b2d301e31ded9 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> Date: Mon, 27 May 2024 15:01:17 +0000 Subject: [PATCH] iio: imu: inv_mpu6050: stabilized timestamping in interrupt Use IRQ ONESHOT flag to ensure the timestamp is not updated in the hard handler during the thread handler. And use a fixed value of 1 sample that correspond to this first timestamp. This way we can ensure the timestamp is always corresponding to the value used by the timestamping mechanism. Otherwise, it is possible that between FIFO count read and FIFO processing the timestamp is overwritten in the hard handler. Fixes: 111e1abd0045 ("iio: imu: inv_mpu6050: use the common inv_sensors timestamp module") Cc: stable(a)vger.kernel.org Signed-off-by: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> Link: https://lore.kernel.org/r/20240527150117.608792-1-inv.git-commit@tdk.com Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c b/drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c index 0dc0f22a5582..3d3b27f28c9d 100644 --- a/drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c +++ b/drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c @@ -100,8 +100,8 @@ irqreturn_t inv_mpu6050_read_fifo(int irq, void *p) goto end_session; /* Each FIFO data contains all sensors, so same number for FIFO and sensor data */ fifo_period = NSEC_PER_SEC / INV_MPU6050_DIVIDER_TO_FIFO_RATE(st->chip_config.divider); - inv_sensors_timestamp_interrupt(&st->timestamp, nb, pf->timestamp); - inv_sensors_timestamp_apply_odr(&st->timestamp, fifo_period, nb, 0); + inv_sensors_timestamp_interrupt(&st->timestamp, 1, pf->timestamp); + inv_sensors_timestamp_apply_odr(&st->timestamp, fifo_period, 1, 0); /* clear internal data buffer for avoiding kernel data leak */ memset(data, 0, sizeof(data)); diff --git a/drivers/iio/imu/inv_mpu6050/inv_mpu_trigger.c b/drivers/iio/imu/inv_mpu6050/inv_mpu_trigger.c index 1b603567ccc8..84273660ca2e 100644 --- a/drivers/iio/imu/inv_mpu6050/inv_mpu_trigger.c +++ b/drivers/iio/imu/inv_mpu6050/inv_mpu_trigger.c @@ -300,6 +300,7 @@ int inv_mpu6050_probe_trigger(struct iio_dev *indio_dev, int irq_type) if (!st->trig) return -ENOMEM; + irq_type |= IRQF_ONESHOT; ret = devm_request_threaded_irq(&indio_dev->dev, st->irq, &inv_mpu6050_interrupt_timestamp, &inv_mpu6050_interrupt_handle,

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] iio: imu: inv_mpu6050: stabilized timestamping in interrupt" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 8844ed0a6e063acf7173b231021b2d301e31ded9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061730-float-nephew-920b@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 8844ed0a6e06 ("iio: imu: inv_mpu6050: stabilized timestamping in interrupt") bf8367b00c33 ("iio: invensense: fix timestamp glitches when switching frequency") a1432b5b4f4c ("iio: imu: inv_icm42600: add support of ICM-42686-P") 5537f653d9be ("iio: imu: inv_mpu6050: add new interrupt handler for WoM events") b58b13f156c0 ("iio: invensense: remove redundant initialization of variable period") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8844ed0a6e063acf7173b231021b2d301e31ded9 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> Date: Mon, 27 May 2024 15:01:17 +0000 Subject: [PATCH] iio: imu: inv_mpu6050: stabilized timestamping in interrupt Use IRQ ONESHOT flag to ensure the timestamp is not updated in the hard handler during the thread handler. And use a fixed value of 1 sample that correspond to this first timestamp. This way we can ensure the timestamp is always corresponding to the value used by the timestamping mechanism. Otherwise, it is possible that between FIFO count read and FIFO processing the timestamp is overwritten in the hard handler. Fixes: 111e1abd0045 ("iio: imu: inv_mpu6050: use the common inv_sensors timestamp module") Cc: stable(a)vger.kernel.org Signed-off-by: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> Link: https://lore.kernel.org/r/20240527150117.608792-1-inv.git-commit@tdk.com Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c b/drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c index 0dc0f22a5582..3d3b27f28c9d 100644 --- a/drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c +++ b/drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c @@ -100,8 +100,8 @@ irqreturn_t inv_mpu6050_read_fifo(int irq, void *p) goto end_session; /* Each FIFO data contains all sensors, so same number for FIFO and sensor data */ fifo_period = NSEC_PER_SEC / INV_MPU6050_DIVIDER_TO_FIFO_RATE(st->chip_config.divider); - inv_sensors_timestamp_interrupt(&st->timestamp, nb, pf->timestamp); - inv_sensors_timestamp_apply_odr(&st->timestamp, fifo_period, nb, 0); + inv_sensors_timestamp_interrupt(&st->timestamp, 1, pf->timestamp); + inv_sensors_timestamp_apply_odr(&st->timestamp, fifo_period, 1, 0); /* clear internal data buffer for avoiding kernel data leak */ memset(data, 0, sizeof(data)); diff --git a/drivers/iio/imu/inv_mpu6050/inv_mpu_trigger.c b/drivers/iio/imu/inv_mpu6050/inv_mpu_trigger.c index 1b603567ccc8..84273660ca2e 100644 --- a/drivers/iio/imu/inv_mpu6050/inv_mpu_trigger.c +++ b/drivers/iio/imu/inv_mpu6050/inv_mpu_trigger.c @@ -300,6 +300,7 @@ int inv_mpu6050_probe_trigger(struct iio_dev *indio_dev, int irq_type) if (!st->trig) return -ENOMEM; + irq_type |= IRQF_ONESHOT; ret = devm_request_threaded_irq(&indio_dev->dev, st->irq, &inv_mpu6050_interrupt_timestamp, &inv_mpu6050_interrupt_handle,

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] tick/nohz_full: Don't abuse smp_call_function_single() in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 07c54cc5988f19c9642fd463c2dbdac7fc52f777 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061709-nearly-woozy-adfe@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 07c54cc5988f ("tick/nohz_full: Don't abuse smp_call_function_single() in tick_setup_device()") f87cbcb345d0 ("timekeeping: Use READ/WRITE_ONCE() for tick_do_timer_cpu") a478ffb2ae23 ("tick: Move individual bit features to debuggable mask accesses") 3ce74f1a8566 ("tick: Move got_idle_tick away from common flags") 3ad6eb0683a1 ("tick: Start centralizing tick related CPU hotplug operations") 3650f49bfb95 ("tick/sched: Rename tick_nohz_stop_sched_tick() to tick_nohz_full_stop_tick()") 27dc08096ce4 ("tick: Use IS_ENABLED() whenever possible") 37263ba0c44b ("tick/nohz: Remove duplicate between lowres and highres handlers") ffb7e01c4e65 ("tick/nohz: Remove duplicate between tick_nohz_switch_to_nohz() and tick_setup_sched_timer()") 4c532939aa2e ("tick/sched: Split out jiffies update helper function") 73129cf4b69c ("timers: Optimization for timer_base_try_to_set_idle()") e2e1d724e948 ("timers: Move marking timer bases idle into tick_nohz_stop_tick()") 39ed699fb660 ("timers: Split out get next timer interrupt") bebed6649e85 ("timers: Restructure get_next_timer_interrupt()") f365d0550615 ("tick/sched: Add function description for tick_nohz_next_event()") da65f29dada7 ("timers: Fix nextevt calculation when no timers are pending") bb8caad5083f ("timers: Rework idle logic") 7a39a5080ef0 ("timers: Use already existing function for forwarding timer base") b5e6f59888c7 ("timers: Move store of next event into __next_timer_interrupt()") b573c73101d8 ("tracing/timers: Add tracepoint for tracking timer base is_idle flag") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 07c54cc5988f19c9642fd463c2dbdac7fc52f777 Mon Sep 17 00:00:00 2001 From: Oleg Nesterov <oleg(a)redhat.com> Date: Tue, 28 May 2024 14:20:19 +0200 Subject: [PATCH] tick/nohz_full: Don't abuse smp_call_function_single() in tick_setup_device() After the recent commit 5097cbcb38e6 ("sched/isolation: Prevent boot crash when the boot CPU is nohz_full") the kernel no longer crashes, but there is another problem. In this case tick_setup_device() calls tick_take_do_timer_from_boot() to update tick_do_timer_cpu and this triggers the WARN_ON_ONCE(irqs_disabled) in smp_call_function_single(). Kill tick_take_do_timer_from_boot() and just use WRITE_ONCE(), the new comment explains why this is safe (thanks Thomas!). Fixes: 08ae95f4fd3b ("nohz_full: Allow the boot CPU to be nohz_full") Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240528122019.GA28794@redhat.com Link: https://lore.kernel.org/all/20240522151742.GA10400@redhat.com diff --git a/kernel/time/tick-common.c b/kernel/time/tick-common.c index d88b13076b79..a47bcf71defc 100644 --- a/kernel/time/tick-common.c +++ b/kernel/time/tick-common.c @@ -178,26 +178,6 @@ void tick_setup_periodic(struct clock_event_device *dev, int broadcast) } } -#ifdef CONFIG_NO_HZ_FULL -static void giveup_do_timer(void *info) -{ - int cpu = *(unsigned int *)info; - - WARN_ON(tick_do_timer_cpu != smp_processor_id()); - - tick_do_timer_cpu = cpu; -} - -static void tick_take_do_timer_from_boot(void) -{ - int cpu = smp_processor_id(); - int from = tick_do_timer_boot_cpu; - - if (from >= 0 && from != cpu) - smp_call_function_single(from, giveup_do_timer, &cpu, 1); -} -#endif - /* * Setup the tick device */ @@ -221,19 +201,25 @@ static void tick_setup_device(struct tick_device *td, tick_next_period = ktime_get(); #ifdef CONFIG_NO_HZ_FULL /* - * The boot CPU may be nohz_full, in which case set - * tick_do_timer_boot_cpu so the first housekeeping - * secondary that comes up will take do_timer from - * us. + * The boot CPU may be nohz_full, in which case the + * first housekeeping secondary will take do_timer() + * from it. */ if (tick_nohz_full_cpu(cpu)) tick_do_timer_boot_cpu = cpu; - } else if (tick_do_timer_boot_cpu != -1 && - !tick_nohz_full_cpu(cpu)) { - tick_take_do_timer_from_boot(); + } else if (tick_do_timer_boot_cpu != -1 && !tick_nohz_full_cpu(cpu)) { tick_do_timer_boot_cpu = -1; - WARN_ON(READ_ONCE(tick_do_timer_cpu) != cpu); + /* + * The boot CPU will stay in periodic (NOHZ disabled) + * mode until clocksource_done_booting() called after + * smp_init() selects a high resolution clocksource and + * timekeeping_notify() kicks the NOHZ stuff alive. + * + * So this WRITE_ONCE can only race with the READ_ONCE + * check in tick_periodic() but this race is harmless. + */ + WRITE_ONCE(tick_do_timer_cpu, cpu); #endif }

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] tick/nohz_full: Don't abuse smp_call_function_single() in" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 07c54cc5988f19c9642fd463c2dbdac7fc52f777 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061708-stratus-crewless-b283@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 07c54cc5988f ("tick/nohz_full: Don't abuse smp_call_function_single() in tick_setup_device()") f87cbcb345d0 ("timekeeping: Use READ/WRITE_ONCE() for tick_do_timer_cpu") a478ffb2ae23 ("tick: Move individual bit features to debuggable mask accesses") 3ce74f1a8566 ("tick: Move got_idle_tick away from common flags") 3ad6eb0683a1 ("tick: Start centralizing tick related CPU hotplug operations") 3650f49bfb95 ("tick/sched: Rename tick_nohz_stop_sched_tick() to tick_nohz_full_stop_tick()") 27dc08096ce4 ("tick: Use IS_ENABLED() whenever possible") 37263ba0c44b ("tick/nohz: Remove duplicate between lowres and highres handlers") ffb7e01c4e65 ("tick/nohz: Remove duplicate between tick_nohz_switch_to_nohz() and tick_setup_sched_timer()") 4c532939aa2e ("tick/sched: Split out jiffies update helper function") 73129cf4b69c ("timers: Optimization for timer_base_try_to_set_idle()") e2e1d724e948 ("timers: Move marking timer bases idle into tick_nohz_stop_tick()") 39ed699fb660 ("timers: Split out get next timer interrupt") bebed6649e85 ("timers: Restructure get_next_timer_interrupt()") f365d0550615 ("tick/sched: Add function description for tick_nohz_next_event()") da65f29dada7 ("timers: Fix nextevt calculation when no timers are pending") bb8caad5083f ("timers: Rework idle logic") 7a39a5080ef0 ("timers: Use already existing function for forwarding timer base") b5e6f59888c7 ("timers: Move store of next event into __next_timer_interrupt()") b573c73101d8 ("tracing/timers: Add tracepoint for tracking timer base is_idle flag") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 07c54cc5988f19c9642fd463c2dbdac7fc52f777 Mon Sep 17 00:00:00 2001 From: Oleg Nesterov <oleg(a)redhat.com> Date: Tue, 28 May 2024 14:20:19 +0200 Subject: [PATCH] tick/nohz_full: Don't abuse smp_call_function_single() in tick_setup_device() After the recent commit 5097cbcb38e6 ("sched/isolation: Prevent boot crash when the boot CPU is nohz_full") the kernel no longer crashes, but there is another problem. In this case tick_setup_device() calls tick_take_do_timer_from_boot() to update tick_do_timer_cpu and this triggers the WARN_ON_ONCE(irqs_disabled) in smp_call_function_single(). Kill tick_take_do_timer_from_boot() and just use WRITE_ONCE(), the new comment explains why this is safe (thanks Thomas!). Fixes: 08ae95f4fd3b ("nohz_full: Allow the boot CPU to be nohz_full") Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240528122019.GA28794@redhat.com Link: https://lore.kernel.org/all/20240522151742.GA10400@redhat.com diff --git a/kernel/time/tick-common.c b/kernel/time/tick-common.c index d88b13076b79..a47bcf71defc 100644 --- a/kernel/time/tick-common.c +++ b/kernel/time/tick-common.c @@ -178,26 +178,6 @@ void tick_setup_periodic(struct clock_event_device *dev, int broadcast) } } -#ifdef CONFIG_NO_HZ_FULL -static void giveup_do_timer(void *info) -{ - int cpu = *(unsigned int *)info; - - WARN_ON(tick_do_timer_cpu != smp_processor_id()); - - tick_do_timer_cpu = cpu; -} - -static void tick_take_do_timer_from_boot(void) -{ - int cpu = smp_processor_id(); - int from = tick_do_timer_boot_cpu; - - if (from >= 0 && from != cpu) - smp_call_function_single(from, giveup_do_timer, &cpu, 1); -} -#endif - /* * Setup the tick device */ @@ -221,19 +201,25 @@ static void tick_setup_device(struct tick_device *td, tick_next_period = ktime_get(); #ifdef CONFIG_NO_HZ_FULL /* - * The boot CPU may be nohz_full, in which case set - * tick_do_timer_boot_cpu so the first housekeeping - * secondary that comes up will take do_timer from - * us. + * The boot CPU may be nohz_full, in which case the + * first housekeeping secondary will take do_timer() + * from it. */ if (tick_nohz_full_cpu(cpu)) tick_do_timer_boot_cpu = cpu; - } else if (tick_do_timer_boot_cpu != -1 && - !tick_nohz_full_cpu(cpu)) { - tick_take_do_timer_from_boot(); + } else if (tick_do_timer_boot_cpu != -1 && !tick_nohz_full_cpu(cpu)) { tick_do_timer_boot_cpu = -1; - WARN_ON(READ_ONCE(tick_do_timer_cpu) != cpu); + /* + * The boot CPU will stay in periodic (NOHZ disabled) + * mode until clocksource_done_booting() called after + * smp_init() selects a high resolution clocksource and + * timekeeping_notify() kicks the NOHZ stuff alive. + * + * So this WRITE_ONCE can only race with the READ_ONCE + * check in tick_periodic() but this race is harmless. + */ + WRITE_ONCE(tick_do_timer_cpu, cpu); #endif }

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] tick/nohz_full: Don't abuse smp_call_function_single() in" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 07c54cc5988f19c9642fd463c2dbdac7fc52f777 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061706-smoky-ruse-31b9@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 07c54cc5988f ("tick/nohz_full: Don't abuse smp_call_function_single() in tick_setup_device()") f87cbcb345d0 ("timekeeping: Use READ/WRITE_ONCE() for tick_do_timer_cpu") a478ffb2ae23 ("tick: Move individual bit features to debuggable mask accesses") 3ce74f1a8566 ("tick: Move got_idle_tick away from common flags") 3ad6eb0683a1 ("tick: Start centralizing tick related CPU hotplug operations") 3650f49bfb95 ("tick/sched: Rename tick_nohz_stop_sched_tick() to tick_nohz_full_stop_tick()") 27dc08096ce4 ("tick: Use IS_ENABLED() whenever possible") 37263ba0c44b ("tick/nohz: Remove duplicate between lowres and highres handlers") ffb7e01c4e65 ("tick/nohz: Remove duplicate between tick_nohz_switch_to_nohz() and tick_setup_sched_timer()") 4c532939aa2e ("tick/sched: Split out jiffies update helper function") 73129cf4b69c ("timers: Optimization for timer_base_try_to_set_idle()") e2e1d724e948 ("timers: Move marking timer bases idle into tick_nohz_stop_tick()") 39ed699fb660 ("timers: Split out get next timer interrupt") bebed6649e85 ("timers: Restructure get_next_timer_interrupt()") f365d0550615 ("tick/sched: Add function description for tick_nohz_next_event()") da65f29dada7 ("timers: Fix nextevt calculation when no timers are pending") bb8caad5083f ("timers: Rework idle logic") 7a39a5080ef0 ("timers: Use already existing function for forwarding timer base") b5e6f59888c7 ("timers: Move store of next event into __next_timer_interrupt()") b573c73101d8 ("tracing/timers: Add tracepoint for tracking timer base is_idle flag") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 07c54cc5988f19c9642fd463c2dbdac7fc52f777 Mon Sep 17 00:00:00 2001 From: Oleg Nesterov <oleg(a)redhat.com> Date: Tue, 28 May 2024 14:20:19 +0200 Subject: [PATCH] tick/nohz_full: Don't abuse smp_call_function_single() in tick_setup_device() After the recent commit 5097cbcb38e6 ("sched/isolation: Prevent boot crash when the boot CPU is nohz_full") the kernel no longer crashes, but there is another problem. In this case tick_setup_device() calls tick_take_do_timer_from_boot() to update tick_do_timer_cpu and this triggers the WARN_ON_ONCE(irqs_disabled) in smp_call_function_single(). Kill tick_take_do_timer_from_boot() and just use WRITE_ONCE(), the new comment explains why this is safe (thanks Thomas!). Fixes: 08ae95f4fd3b ("nohz_full: Allow the boot CPU to be nohz_full") Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240528122019.GA28794@redhat.com Link: https://lore.kernel.org/all/20240522151742.GA10400@redhat.com diff --git a/kernel/time/tick-common.c b/kernel/time/tick-common.c index d88b13076b79..a47bcf71defc 100644 --- a/kernel/time/tick-common.c +++ b/kernel/time/tick-common.c @@ -178,26 +178,6 @@ void tick_setup_periodic(struct clock_event_device *dev, int broadcast) } } -#ifdef CONFIG_NO_HZ_FULL -static void giveup_do_timer(void *info) -{ - int cpu = *(unsigned int *)info; - - WARN_ON(tick_do_timer_cpu != smp_processor_id()); - - tick_do_timer_cpu = cpu; -} - -static void tick_take_do_timer_from_boot(void) -{ - int cpu = smp_processor_id(); - int from = tick_do_timer_boot_cpu; - - if (from >= 0 && from != cpu) - smp_call_function_single(from, giveup_do_timer, &cpu, 1); -} -#endif - /* * Setup the tick device */ @@ -221,19 +201,25 @@ static void tick_setup_device(struct tick_device *td, tick_next_period = ktime_get(); #ifdef CONFIG_NO_HZ_FULL /* - * The boot CPU may be nohz_full, in which case set - * tick_do_timer_boot_cpu so the first housekeeping - * secondary that comes up will take do_timer from - * us. + * The boot CPU may be nohz_full, in which case the + * first housekeeping secondary will take do_timer() + * from it. */ if (tick_nohz_full_cpu(cpu)) tick_do_timer_boot_cpu = cpu; - } else if (tick_do_timer_boot_cpu != -1 && - !tick_nohz_full_cpu(cpu)) { - tick_take_do_timer_from_boot(); + } else if (tick_do_timer_boot_cpu != -1 && !tick_nohz_full_cpu(cpu)) { tick_do_timer_boot_cpu = -1; - WARN_ON(READ_ONCE(tick_do_timer_cpu) != cpu); + /* + * The boot CPU will stay in periodic (NOHZ disabled) + * mode until clocksource_done_booting() called after + * smp_init() selects a high resolution clocksource and + * timekeeping_notify() kicks the NOHZ stuff alive. + * + * So this WRITE_ONCE can only race with the READ_ONCE + * check in tick_periodic() but this race is harmless. + */ + WRITE_ONCE(tick_do_timer_cpu, cpu); #endif }

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] tick/nohz_full: Don't abuse smp_call_function_single() in" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 07c54cc5988f19c9642fd463c2dbdac7fc52f777 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061707-panhandle-awhile-b406@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 07c54cc5988f ("tick/nohz_full: Don't abuse smp_call_function_single() in tick_setup_device()") f87cbcb345d0 ("timekeeping: Use READ/WRITE_ONCE() for tick_do_timer_cpu") a478ffb2ae23 ("tick: Move individual bit features to debuggable mask accesses") 3ce74f1a8566 ("tick: Move got_idle_tick away from common flags") 3ad6eb0683a1 ("tick: Start centralizing tick related CPU hotplug operations") 3650f49bfb95 ("tick/sched: Rename tick_nohz_stop_sched_tick() to tick_nohz_full_stop_tick()") 27dc08096ce4 ("tick: Use IS_ENABLED() whenever possible") 37263ba0c44b ("tick/nohz: Remove duplicate between lowres and highres handlers") ffb7e01c4e65 ("tick/nohz: Remove duplicate between tick_nohz_switch_to_nohz() and tick_setup_sched_timer()") 4c532939aa2e ("tick/sched: Split out jiffies update helper function") 73129cf4b69c ("timers: Optimization for timer_base_try_to_set_idle()") e2e1d724e948 ("timers: Move marking timer bases idle into tick_nohz_stop_tick()") 39ed699fb660 ("timers: Split out get next timer interrupt") bebed6649e85 ("timers: Restructure get_next_timer_interrupt()") f365d0550615 ("tick/sched: Add function description for tick_nohz_next_event()") da65f29dada7 ("timers: Fix nextevt calculation when no timers are pending") bb8caad5083f ("timers: Rework idle logic") 7a39a5080ef0 ("timers: Use already existing function for forwarding timer base") b5e6f59888c7 ("timers: Move store of next event into __next_timer_interrupt()") b573c73101d8 ("tracing/timers: Add tracepoint for tracking timer base is_idle flag") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 07c54cc5988f19c9642fd463c2dbdac7fc52f777 Mon Sep 17 00:00:00 2001 From: Oleg Nesterov <oleg(a)redhat.com> Date: Tue, 28 May 2024 14:20:19 +0200 Subject: [PATCH] tick/nohz_full: Don't abuse smp_call_function_single() in tick_setup_device() After the recent commit 5097cbcb38e6 ("sched/isolation: Prevent boot crash when the boot CPU is nohz_full") the kernel no longer crashes, but there is another problem. In this case tick_setup_device() calls tick_take_do_timer_from_boot() to update tick_do_timer_cpu and this triggers the WARN_ON_ONCE(irqs_disabled) in smp_call_function_single(). Kill tick_take_do_timer_from_boot() and just use WRITE_ONCE(), the new comment explains why this is safe (thanks Thomas!). Fixes: 08ae95f4fd3b ("nohz_full: Allow the boot CPU to be nohz_full") Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240528122019.GA28794@redhat.com Link: https://lore.kernel.org/all/20240522151742.GA10400@redhat.com diff --git a/kernel/time/tick-common.c b/kernel/time/tick-common.c index d88b13076b79..a47bcf71defc 100644 --- a/kernel/time/tick-common.c +++ b/kernel/time/tick-common.c @@ -178,26 +178,6 @@ void tick_setup_periodic(struct clock_event_device *dev, int broadcast) } } -#ifdef CONFIG_NO_HZ_FULL -static void giveup_do_timer(void *info) -{ - int cpu = *(unsigned int *)info; - - WARN_ON(tick_do_timer_cpu != smp_processor_id()); - - tick_do_timer_cpu = cpu; -} - -static void tick_take_do_timer_from_boot(void) -{ - int cpu = smp_processor_id(); - int from = tick_do_timer_boot_cpu; - - if (from >= 0 && from != cpu) - smp_call_function_single(from, giveup_do_timer, &cpu, 1); -} -#endif - /* * Setup the tick device */ @@ -221,19 +201,25 @@ static void tick_setup_device(struct tick_device *td, tick_next_period = ktime_get(); #ifdef CONFIG_NO_HZ_FULL /* - * The boot CPU may be nohz_full, in which case set - * tick_do_timer_boot_cpu so the first housekeeping - * secondary that comes up will take do_timer from - * us. + * The boot CPU may be nohz_full, in which case the + * first housekeeping secondary will take do_timer() + * from it. */ if (tick_nohz_full_cpu(cpu)) tick_do_timer_boot_cpu = cpu; - } else if (tick_do_timer_boot_cpu != -1 && - !tick_nohz_full_cpu(cpu)) { - tick_take_do_timer_from_boot(); + } else if (tick_do_timer_boot_cpu != -1 && !tick_nohz_full_cpu(cpu)) { tick_do_timer_boot_cpu = -1; - WARN_ON(READ_ONCE(tick_do_timer_cpu) != cpu); + /* + * The boot CPU will stay in periodic (NOHZ disabled) + * mode until clocksource_done_booting() called after + * smp_init() selects a high resolution clocksource and + * timekeeping_notify() kicks the NOHZ stuff alive. + * + * So this WRITE_ONCE can only race with the READ_ONCE + * check in tick_periodic() but this race is harmless. + */ + WRITE_ONCE(tick_do_timer_cpu, cpu); #endif }

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] ksmbd: fix missing use of get_write in in smb2_set_ea()" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 2bfc4214c69c62da13a9da8e3c3db5539da2ccd3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061749-decrease-oversold-6961@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 2bfc4214c69c ("ksmbd: fix missing use of get_write in in smb2_set_ea()") 864fb5d37163 ("ksmbd: fix possible deadlock in smb2_open") 2b57a4322b1b ("ksmbd: check if a mount point is crossed during path lookup") 40b268d384a2 ("ksmbd: add mnt_want_write to ksmbd vfs functions") 6fe55c2799bc ("ksmbd: call putname after using the last component") df14afeed2e6 ("ksmbd: fix uninitialized pointer read in smb2_create_link()") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") 74d7970febf7 ("ksmbd: fix racy issue from using ->d_parent and ->d_name") 211db0ac9e3d ("ksmbd: remove internal.h include") 4d7ca4090184 ("fs: port vfs{g,u}id helpers to mnt_idmap") c14329d39f2d ("fs: port fs{g,u}id helpers to mnt_idmap") e67fe63341b8 ("fs: port i_{g,u}id_into_vfs{g,u}id() to mnt_idmap") 0dbe12f2e49c ("fs: port i_{g,u}id_{needs_}update() to mnt_idmap") 9452e93e6dae ("fs: port privilege checking helpers to mnt_idmap") f2d40141d5d9 ("fs: port inode_init_owner() to mnt_idmap") 4609e1f18e19 ("fs: port ->permission() to pass mnt_idmap") 13e83a4923be ("fs: port ->set_acl() to pass mnt_idmap") 77435322777d ("fs: port ->get_acl() to pass mnt_idmap") 011e2b717b1b ("fs: port ->tmpfile() to pass mnt_idmap") 5ebb29bee8d5 ("fs: port ->mknod() to pass mnt_idmap") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2bfc4214c69c62da13a9da8e3c3db5539da2ccd3 Mon Sep 17 00:00:00 2001 From: Namjae Jeon <linkinjeon(a)kernel.org> Date: Tue, 11 Jun 2024 23:27:27 +0900 Subject: [PATCH] ksmbd: fix missing use of get_write in in smb2_set_ea() Fix an issue where get_write is not used in smb2_set_ea(). Fixes: 6fc0a265e1b9 ("ksmbd: fix potential circular locking issue in smb2_set_ea()") Cc: stable(a)vger.kernel.org Reported-by: Wang Zhaolong <wangzhaolong1(a)huawei.com> Signed-off-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c index f79d06d2d655..e7e07891781b 100644 --- a/fs/smb/server/smb2pdu.c +++ b/fs/smb/server/smb2pdu.c @@ -2367,7 +2367,8 @@ static int smb2_set_ea(struct smb2_ea_info *eabuf, unsigned int buf_len, if (rc > 0) { rc = ksmbd_vfs_remove_xattr(idmap, path, - attr_name); + attr_name, + get_write); if (rc < 0) { ksmbd_debug(SMB, @@ -2382,7 +2383,7 @@ static int smb2_set_ea(struct smb2_ea_info *eabuf, unsigned int buf_len, } else { rc = ksmbd_vfs_setxattr(idmap, path, attr_name, value, le16_to_cpu(eabuf->EaValueLength), - 0, true); + 0, get_write); if (rc < 0) { ksmbd_debug(SMB, "ksmbd_vfs_setxattr is failed(%d)\n", @@ -2474,7 +2475,7 @@ static int smb2_remove_smb_xattrs(const struct path *path) !strncmp(&name[XATTR_USER_PREFIX_LEN], STREAM_PREFIX, STREAM_PREFIX_LEN)) { err = ksmbd_vfs_remove_xattr(idmap, path, - name); + name, true); if (err) ksmbd_debug(SMB, "remove xattr failed : %s\n", name); diff --git a/fs/smb/server/vfs.c b/fs/smb/server/vfs.c index 51b1b0bed616..9e859ba010cf 100644 --- a/fs/smb/server/vfs.c +++ b/fs/smb/server/vfs.c @@ -1058,16 +1058,21 @@ int ksmbd_vfs_fqar_lseek(struct ksmbd_file *fp, loff_t start, loff_t length, } int ksmbd_vfs_remove_xattr(struct mnt_idmap *idmap, - const struct path *path, char *attr_name) + const struct path *path, char *attr_name, + bool get_write) { int err; - err = mnt_want_write(path->mnt); - if (err) - return err; + if (get_write == true) { + err = mnt_want_write(path->mnt); + if (err) + return err; + } err = vfs_removexattr(idmap, path->dentry, attr_name); - mnt_drop_write(path->mnt); + + if (get_write == true) + mnt_drop_write(path->mnt); return err; } @@ -1380,7 +1385,7 @@ int ksmbd_vfs_remove_sd_xattrs(struct mnt_idmap *idmap, const struct path *path) ksmbd_debug(SMB, "%s, len %zd\n", name, strlen(name)); if (!strncmp(name, XATTR_NAME_SD, XATTR_NAME_SD_LEN)) { - err = ksmbd_vfs_remove_xattr(idmap, path, name); + err = ksmbd_vfs_remove_xattr(idmap, path, name, true); if (err) ksmbd_debug(SMB, "remove xattr failed : %s\n", name); } diff --git a/fs/smb/server/vfs.h b/fs/smb/server/vfs.h index cfe1c8092f23..cb76f4b5bafe 100644 --- a/fs/smb/server/vfs.h +++ b/fs/smb/server/vfs.h @@ -114,7 +114,8 @@ int ksmbd_vfs_setxattr(struct mnt_idmap *idmap, int ksmbd_vfs_xattr_stream_name(char *stream_name, char **xattr_stream_name, size_t *xattr_stream_name_size, int s_type); int ksmbd_vfs_remove_xattr(struct mnt_idmap *idmap, - const struct path *path, char *attr_name); + const struct path *path, char *attr_name, + bool get_write); int ksmbd_vfs_kern_path_locked(struct ksmbd_work *work, char *name, unsigned int flags, struct path *parent_path, struct path *path, bool caseless); diff --git a/fs/smb/server/vfs_cache.c b/fs/smb/server/vfs_cache.c index 6cb599cd287e..8b2e37c8716e 100644 --- a/fs/smb/server/vfs_cache.c +++ b/fs/smb/server/vfs_cache.c @@ -254,7 +254,8 @@ static void __ksmbd_inode_close(struct ksmbd_file *fp) ci->m_flags &= ~S_DEL_ON_CLS_STREAM; err = ksmbd_vfs_remove_xattr(file_mnt_idmap(filp), &filp->f_path, - fp->stream.name); + fp->stream.name, + true); if (err) pr_err("remove xattr failed : %s\n", fp->stream.name);

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] ksmbd: fix missing use of get_write in in smb2_set_ea()" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 2bfc4214c69c62da13a9da8e3c3db5539da2ccd3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061748-silica-lively-43ca@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 2bfc4214c69c ("ksmbd: fix missing use of get_write in in smb2_set_ea()") 864fb5d37163 ("ksmbd: fix possible deadlock in smb2_open") 2b57a4322b1b ("ksmbd: check if a mount point is crossed during path lookup") 40b268d384a2 ("ksmbd: add mnt_want_write to ksmbd vfs functions") 6fe55c2799bc ("ksmbd: call putname after using the last component") df14afeed2e6 ("ksmbd: fix uninitialized pointer read in smb2_create_link()") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") 74d7970febf7 ("ksmbd: fix racy issue from using ->d_parent and ->d_name") 211db0ac9e3d ("ksmbd: remove internal.h include") 4d7ca4090184 ("fs: port vfs{g,u}id helpers to mnt_idmap") c14329d39f2d ("fs: port fs{g,u}id helpers to mnt_idmap") e67fe63341b8 ("fs: port i_{g,u}id_into_vfs{g,u}id() to mnt_idmap") 0dbe12f2e49c ("fs: port i_{g,u}id_{needs_}update() to mnt_idmap") 9452e93e6dae ("fs: port privilege checking helpers to mnt_idmap") f2d40141d5d9 ("fs: port inode_init_owner() to mnt_idmap") 4609e1f18e19 ("fs: port ->permission() to pass mnt_idmap") 13e83a4923be ("fs: port ->set_acl() to pass mnt_idmap") 77435322777d ("fs: port ->get_acl() to pass mnt_idmap") 011e2b717b1b ("fs: port ->tmpfile() to pass mnt_idmap") 5ebb29bee8d5 ("fs: port ->mknod() to pass mnt_idmap") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2bfc4214c69c62da13a9da8e3c3db5539da2ccd3 Mon Sep 17 00:00:00 2001 From: Namjae Jeon <linkinjeon(a)kernel.org> Date: Tue, 11 Jun 2024 23:27:27 +0900 Subject: [PATCH] ksmbd: fix missing use of get_write in in smb2_set_ea() Fix an issue where get_write is not used in smb2_set_ea(). Fixes: 6fc0a265e1b9 ("ksmbd: fix potential circular locking issue in smb2_set_ea()") Cc: stable(a)vger.kernel.org Reported-by: Wang Zhaolong <wangzhaolong1(a)huawei.com> Signed-off-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c index f79d06d2d655..e7e07891781b 100644 --- a/fs/smb/server/smb2pdu.c +++ b/fs/smb/server/smb2pdu.c @@ -2367,7 +2367,8 @@ static int smb2_set_ea(struct smb2_ea_info *eabuf, unsigned int buf_len, if (rc > 0) { rc = ksmbd_vfs_remove_xattr(idmap, path, - attr_name); + attr_name, + get_write); if (rc < 0) { ksmbd_debug(SMB, @@ -2382,7 +2383,7 @@ static int smb2_set_ea(struct smb2_ea_info *eabuf, unsigned int buf_len, } else { rc = ksmbd_vfs_setxattr(idmap, path, attr_name, value, le16_to_cpu(eabuf->EaValueLength), - 0, true); + 0, get_write); if (rc < 0) { ksmbd_debug(SMB, "ksmbd_vfs_setxattr is failed(%d)\n", @@ -2474,7 +2475,7 @@ static int smb2_remove_smb_xattrs(const struct path *path) !strncmp(&name[XATTR_USER_PREFIX_LEN], STREAM_PREFIX, STREAM_PREFIX_LEN)) { err = ksmbd_vfs_remove_xattr(idmap, path, - name); + name, true); if (err) ksmbd_debug(SMB, "remove xattr failed : %s\n", name); diff --git a/fs/smb/server/vfs.c b/fs/smb/server/vfs.c index 51b1b0bed616..9e859ba010cf 100644 --- a/fs/smb/server/vfs.c +++ b/fs/smb/server/vfs.c @@ -1058,16 +1058,21 @@ int ksmbd_vfs_fqar_lseek(struct ksmbd_file *fp, loff_t start, loff_t length, } int ksmbd_vfs_remove_xattr(struct mnt_idmap *idmap, - const struct path *path, char *attr_name) + const struct path *path, char *attr_name, + bool get_write) { int err; - err = mnt_want_write(path->mnt); - if (err) - return err; + if (get_write == true) { + err = mnt_want_write(path->mnt); + if (err) + return err; + } err = vfs_removexattr(idmap, path->dentry, attr_name); - mnt_drop_write(path->mnt); + + if (get_write == true) + mnt_drop_write(path->mnt); return err; } @@ -1380,7 +1385,7 @@ int ksmbd_vfs_remove_sd_xattrs(struct mnt_idmap *idmap, const struct path *path) ksmbd_debug(SMB, "%s, len %zd\n", name, strlen(name)); if (!strncmp(name, XATTR_NAME_SD, XATTR_NAME_SD_LEN)) { - err = ksmbd_vfs_remove_xattr(idmap, path, name); + err = ksmbd_vfs_remove_xattr(idmap, path, name, true); if (err) ksmbd_debug(SMB, "remove xattr failed : %s\n", name); } diff --git a/fs/smb/server/vfs.h b/fs/smb/server/vfs.h index cfe1c8092f23..cb76f4b5bafe 100644 --- a/fs/smb/server/vfs.h +++ b/fs/smb/server/vfs.h @@ -114,7 +114,8 @@ int ksmbd_vfs_setxattr(struct mnt_idmap *idmap, int ksmbd_vfs_xattr_stream_name(char *stream_name, char **xattr_stream_name, size_t *xattr_stream_name_size, int s_type); int ksmbd_vfs_remove_xattr(struct mnt_idmap *idmap, - const struct path *path, char *attr_name); + const struct path *path, char *attr_name, + bool get_write); int ksmbd_vfs_kern_path_locked(struct ksmbd_work *work, char *name, unsigned int flags, struct path *parent_path, struct path *path, bool caseless); diff --git a/fs/smb/server/vfs_cache.c b/fs/smb/server/vfs_cache.c index 6cb599cd287e..8b2e37c8716e 100644 --- a/fs/smb/server/vfs_cache.c +++ b/fs/smb/server/vfs_cache.c @@ -254,7 +254,8 @@ static void __ksmbd_inode_close(struct ksmbd_file *fp) ci->m_flags &= ~S_DEL_ON_CLS_STREAM; err = ksmbd_vfs_remove_xattr(file_mnt_idmap(filp), &filp->f_path, - fp->stream.name); + fp->stream.name, + true); if (err) pr_err("remove xattr failed : %s\n", fp->stream.name);

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] ksmbd: move leading slash check to smb2_get_name()" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 1cdeca6a7264021e20157de0baf7880ff0ced822 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061732-skating-deceit-aae9@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 1cdeca6a7264 ("ksmbd: move leading slash check to smb2_get_name()") c6cd2e8d2d9a ("ksmbd: fix potencial out-of-bounds when buffer offset is invalid") a80a486d72e2 ("ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16()") 6fc0a265e1b9 ("ksmbd: fix potential circular locking issue in smb2_set_ea()") d10c77873ba1 ("ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16()") 2e450920d58b ("ksmbd: move oplock handling after unlock parent dir") 864fb5d37163 ("ksmbd: fix possible deadlock in smb2_open") 5a7ee91d1154 ("ksmbd: fix race condition with fp") e2b76ab8b5c9 ("ksmbd: add support for read compound") e202a1e8634b ("ksmbd: no response from compound read") 2b57a4322b1b ("ksmbd: check if a mount point is crossed during path lookup") 7b7d709ef7cf ("ksmbd: add missing compound request handing in some commands") 81a94b27847f ("ksmbd: use kvzalloc instead of kvmalloc") 40b268d384a2 ("ksmbd: add mnt_want_write to ksmbd vfs functions") 6fe55c2799bc ("ksmbd: call putname after using the last component") df14afeed2e6 ("ksmbd: fix uninitialized pointer read in smb2_create_link()") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") 02f76c401d17 ("ksmbd: fix global-out-of-bounds in smb2_find_context_vals") 30210947a343 ("ksmbd: fix racy issue under cocurrent smb2 tree disconnect") abcc506a9a71 ("ksmbd: fix racy issue from smb2 close and logoff with multichannel") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1cdeca6a7264021e20157de0baf7880ff0ced822 Mon Sep 17 00:00:00 2001 From: Namjae Jeon <linkinjeon(a)kernel.org> Date: Mon, 10 Jun 2024 23:06:19 +0900 Subject: [PATCH] ksmbd: move leading slash check to smb2_get_name() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If the directory name in the root of the share starts with character like 镜(0x955c) or Ṝ(0x1e5c), it (and anything inside) cannot be accessed. The leading slash check must be checked after converting unicode to nls string. Cc: stable(a)vger.kernel.org Signed-off-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c index b6c5a8ea3887..f79d06d2d655 100644 --- a/fs/smb/server/smb2pdu.c +++ b/fs/smb/server/smb2pdu.c @@ -630,6 +630,12 @@ smb2_get_name(const char *src, const int maxlen, struct nls_table *local_nls) return name; } + if (*name == '\\') { + pr_err("not allow directory name included leading slash\n"); + kfree(name); + return ERR_PTR(-EINVAL); + } + ksmbd_conv_path_to_unix(name); ksmbd_strip_last_slash(name); return name; @@ -2842,20 +2848,11 @@ int smb2_open(struct ksmbd_work *work) } if (req->NameLength) { - if ((req->CreateOptions & FILE_DIRECTORY_FILE_LE) && - *(char *)req->Buffer == '\\') { - pr_err("not allow directory name included leading slash\n"); - rc = -EINVAL; - goto err_out2; - } - name = smb2_get_name((char *)req + le16_to_cpu(req->NameOffset), le16_to_cpu(req->NameLength), work->conn->local_nls); if (IS_ERR(name)) { rc = PTR_ERR(name); - if (rc != -ENOMEM) - rc = -ENOENT; name = NULL; goto err_out2; }

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] ksmbd: move leading slash check to smb2_get_name()" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 1cdeca6a7264021e20157de0baf7880ff0ced822 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061731-gap-obscurity-6d58@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 1cdeca6a7264 ("ksmbd: move leading slash check to smb2_get_name()") c6cd2e8d2d9a ("ksmbd: fix potencial out-of-bounds when buffer offset is invalid") a80a486d72e2 ("ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16()") 6fc0a265e1b9 ("ksmbd: fix potential circular locking issue in smb2_set_ea()") d10c77873ba1 ("ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16()") 2e450920d58b ("ksmbd: move oplock handling after unlock parent dir") 864fb5d37163 ("ksmbd: fix possible deadlock in smb2_open") 5a7ee91d1154 ("ksmbd: fix race condition with fp") e2b76ab8b5c9 ("ksmbd: add support for read compound") e202a1e8634b ("ksmbd: no response from compound read") 2b57a4322b1b ("ksmbd: check if a mount point is crossed during path lookup") 7b7d709ef7cf ("ksmbd: add missing compound request handing in some commands") 81a94b27847f ("ksmbd: use kvzalloc instead of kvmalloc") 40b268d384a2 ("ksmbd: add mnt_want_write to ksmbd vfs functions") 6fe55c2799bc ("ksmbd: call putname after using the last component") df14afeed2e6 ("ksmbd: fix uninitialized pointer read in smb2_create_link()") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") 02f76c401d17 ("ksmbd: fix global-out-of-bounds in smb2_find_context_vals") 30210947a343 ("ksmbd: fix racy issue under cocurrent smb2 tree disconnect") abcc506a9a71 ("ksmbd: fix racy issue from smb2 close and logoff with multichannel") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1cdeca6a7264021e20157de0baf7880ff0ced822 Mon Sep 17 00:00:00 2001 From: Namjae Jeon <linkinjeon(a)kernel.org> Date: Mon, 10 Jun 2024 23:06:19 +0900 Subject: [PATCH] ksmbd: move leading slash check to smb2_get_name() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If the directory name in the root of the share starts with character like 镜(0x955c) or Ṝ(0x1e5c), it (and anything inside) cannot be accessed. The leading slash check must be checked after converting unicode to nls string. Cc: stable(a)vger.kernel.org Signed-off-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c index b6c5a8ea3887..f79d06d2d655 100644 --- a/fs/smb/server/smb2pdu.c +++ b/fs/smb/server/smb2pdu.c @@ -630,6 +630,12 @@ smb2_get_name(const char *src, const int maxlen, struct nls_table *local_nls) return name; } + if (*name == '\\') { + pr_err("not allow directory name included leading slash\n"); + kfree(name); + return ERR_PTR(-EINVAL); + } + ksmbd_conv_path_to_unix(name); ksmbd_strip_last_slash(name); return name; @@ -2842,20 +2848,11 @@ int smb2_open(struct ksmbd_work *work) } if (req->NameLength) { - if ((req->CreateOptions & FILE_DIRECTORY_FILE_LE) && - *(char *)req->Buffer == '\\') { - pr_err("not allow directory name included leading slash\n"); - rc = -EINVAL; - goto err_out2; - } - name = smb2_get_name((char *)req + le16_to_cpu(req->NameOffset), le16_to_cpu(req->NameLength), work->conn->local_nls); if (IS_ERR(name)) { rc = PTR_ERR(name); - if (rc != -ENOMEM) - rc = -ENOENT; name = NULL; goto err_out2; }

1 year, 3 months

1
0
0 0

[PATCH v5.10] powerpc/uaccess: Fix build errors seen with GCC 13/14

by Michael Ellerman

commit 2d43cc701b96f910f50915ac4c2a0cae5deb734c upstream. Building ppc64le_defconfig with GCC 14 fails with assembler errors: CC fs/readdir.o /tmp/ccdQn0mD.s: Assembler messages: /tmp/ccdQn0mD.s:212: Error: operand out of domain (18 is not a multiple of 4) /tmp/ccdQn0mD.s:226: Error: operand out of domain (18 is not a multiple of 4) ... [6 lines] /tmp/ccdQn0mD.s:1699: Error: operand out of domain (18 is not a multiple of 4) A snippet of the asm shows: # ../fs/readdir.c:210: unsafe_copy_dirent_name(dirent->d_name, name, namlen, efault_end); ld 9,0(29) # MEM[(u64 *)name_38(D) + _88 * 1], MEM[(u64 *)name_38(D) + _88 * 1] # 210 "../fs/readdir.c" 1 1: std 9,18(8) # put_user # *__pus_addr_52, MEM[(u64 *)name_38(D) + _88 * 1] The 'std' instruction requires a 4-byte aligned displacement because it is a DS-form instruction, and as the assembler says, 18 is not a multiple of 4. A similar error is seen with GCC 13 and CONFIG_UBSAN_SIGNED_WRAP=y. The fix is to change the constraint on the memory operand to put_user(), from "m" which is a general memory reference to "YZ". The "Z" constraint is documented in the GCC manual PowerPC machine constraints, and specifies a "memory operand accessed with indexed or indirect addressing". "Y" is not documented in the manual but specifies a "memory operand for a DS-form instruction". Using both allows the compiler to generate a DS-form "std" or X-form "stdx" as appropriate. Unfortunately clang doesn't support the "Y" constraint so that has to be behind an ifdef. Although the build error is only seen with GCC 13/14, that appears to just be luck. The constraint has been incorrect since it was first added. Fixes: c20beffeec3c ("powerpc/uaccess: Use flexible addressing with __put_user()/__get_user()") Suggested-by: Kewen Lin <linkw(a)gcc.gnu.org> [mpe: Drop CONFIG_PPC_KERNEL_PREFIXED ifdef for backport] Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Link: https://msgid.link/20240529123029.146953-1-mpe@ellerman.id.au --- arch/powerpc/include/asm/uaccess.h | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/include/asm/uaccess.h b/arch/powerpc/include/asm/uaccess.h index 6b808bcdecd5..6df110c1254e 100644 --- a/arch/powerpc/include/asm/uaccess.h +++ b/arch/powerpc/include/asm/uaccess.h @@ -186,9 +186,20 @@ do { \ : \ : label) +#ifdef CONFIG_CC_IS_CLANG +#define DS_FORM_CONSTRAINT "Z<>" +#else +#define DS_FORM_CONSTRAINT "YZ<>" +#endif + #ifdef __powerpc64__ -#define __put_user_asm2_goto(x, ptr, label) \ - __put_user_asm_goto(x, ptr, label, "std") +#define __put_user_asm2_goto(x, addr, label) \ + asm goto ("1: std%U1%X1 %0,%1 # put_user\n" \ + EX_TABLE(1b, %l2) \ + : \ + : "r" (x), DS_FORM_CONSTRAINT (*addr) \ + : \ + : label) #else /* __powerpc64__ */ #define __put_user_asm2_goto(x, addr, label) \ asm_volatile_goto( \ -- 2.45.1

1 year, 3 months

3
2
0 0

Xinput Controllers No Longer Working

by Edward Wawrzynski

Good Morning, I was reaching out to report that there's been a regression in the latest stable 6.9.4 kernel. I'm using Fedora 40 and 6.9.4 just got pushed to the repos recently. Upon updating, my wired USB Xinput controllers no longer get detected. I've tried two 8BitDo controllers, the one being the 8BitDo Pro 2 Bluetooth (with a USB cable) and the other being the 8BitDo Pro 2 Wired Controller for Xbox. Neither of them are being detected on Kernel 6.9.4, despite previously working throughout the lifetime of Fedora 40's 6.8.x kernel versions, the latest being 6.8.11. I've also tried the vanilla kernel, as well as the latest vanilla mainline kernel from Fedora's COPR: 6.10.0-0.rc4.337.vanilla.fc40.x86_64. To reproduce, simply load Kernel 6.9.4+ and plug a USB controller in with XInput (either an Xbox controller or something else that emulates one). It won't be detected. I plugged in a PS5 controller and it worked, but when I plugged in an Xbox Series S controller, it didn't work. The 8BitDo Pro 2 Bluetooth controller has four different settings (Switch, Android, DirectInput, Xinput), and it was detected and worked on every setting except for the Xinput setting. Reverting to version 6.8.11 fixes the issues immediately. -- Respectfully, Edward Wawrzynski

1 year, 3 months

2
1
0 0

[PATCH 2/3] udf: Avoid using corrupted block bitmap buffer

by Jan Kara

When the filesystem block bitmap is corrupted, we detect the corruption while loading the bitmap and fail the allocation with error. However the next allocation from the same bitmap will notice the bitmap buffer is already loaded and tries to allocate from the bitmap with mixed results (depending on the exact nature of the bitmap corruption). Fix the problem by using BH_verified bit to indicate whether the bitmap is valid or not. Reported-by: syzbot+5f682cd029581f9edfd1(a)syzkaller.appspotmail.com CC: stable(a)vger.kernel.org Fixes: 1e0d4adf17e7 ("udf: Check consistency of Space Bitmap Descriptor") Signed-off-by: Jan Kara <jack(a)suse.cz> --- fs/udf/balloc.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/fs/udf/balloc.c b/fs/udf/balloc.c index ab3ffc355949..558ad046972a 100644 --- a/fs/udf/balloc.c +++ b/fs/udf/balloc.c @@ -64,8 +64,12 @@ static int read_block_bitmap(struct super_block *sb, } for (i = 0; i < count; i++) - if (udf_test_bit(i + off, bh->b_data)) + if (udf_test_bit(i + off, bh->b_data)) { + bitmap->s_block_bitmap[bitmap_nr] = + ERR_PTR(-EFSCORRUPTED); + brelse(bh); return -EFSCORRUPTED; + } return 0; } @@ -81,8 +85,15 @@ static int __load_block_bitmap(struct super_block *sb, block_group, nr_groups); } - if (bitmap->s_block_bitmap[block_group]) + if (bitmap->s_block_bitmap[block_group]) { + /* + * The bitmap failed verification in the past. No point in + * trying again. + */ + if (IS_ERR(bitmap->s_block_bitmap[block_group])) + return PTR_ERR(bitmap->s_block_bitmap[block_group]); return block_group; + } retval = read_block_bitmap(sb, bitmap, block_group, block_group); if (retval < 0) -- 2.35.3

1 year, 3 months

1
0
0 0

[PATCH AUTOSEL 6.1 01/29] scsi: core: alua: I/O errors for ALUA state transitions

by Sasha Levin

From: Martin Wilck <martin.wilck(a)suse.com> [ Upstream commit 10157b1fc1a762293381e9145041253420dfc6ad ] When a host is configured with a few LUNs and I/O is running, injecting FC faults repeatedly leads to path recovery problems. The LUNs have 4 paths each and 3 of them come back active after say an FC fault which makes 2 of the paths go down, instead of all 4. This happens after several iterations of continuous FC faults. Reason here is that we're returning an I/O error whenever we're encountering sense code 06/04/0a (LOGICAL UNIT NOT ACCESSIBLE, ASYMMETRIC ACCESS STATE TRANSITION) instead of retrying. [mwilck: The original patch was developed by Rajashekhar M A and Hannes Reinecke. I moved the code to alua_check_sense() as suggested by Mike Christie [1]. Evan Milne had raised the question whether pg->state should be set to transitioning in the UA case [2]. I believe that doing this is correct. SCSI_ACCESS_STATE_TRANSITIONING by itself doesn't cause I/O errors. Our handler schedules an RTPG, which will only result in an I/O error condition if the transitioning timeout expires.] [1] https://lore.kernel.org/all/0bc96e82-fdda-4187-148d-5b34f81d4942@oracle.com/ [2] https://lore.kernel.org/all/CAGtn9r=kicnTDE2o7Gt5Y=yoidHYD7tG8XdMHEBJTBraVE… Co-developed-by: Rajashekhar M A <rajs(a)netapp.com> Co-developed-by: Hannes Reinecke <hare(a)suse.de> Signed-off-by: Hannes Reinecke <hare(a)suse.de> Signed-off-by: Martin Wilck <martin.wilck(a)suse.com> Link: https://lore.kernel.org/r/20240514140344.19538-1-mwilck@suse.com Reviewed-by: Damien Le Moal <dlemoal(a)kernel.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: Mike Christie <michael.christie(a)oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/scsi/device_handler/scsi_dh_alua.c | 31 +++++++++++++++------- 1 file changed, 22 insertions(+), 9 deletions(-) diff --git a/drivers/scsi/device_handler/scsi_dh_alua.c b/drivers/scsi/device_handler/scsi_dh_alua.c index 0781f991e7845..f5fc8631883d5 100644 --- a/drivers/scsi/device_handler/scsi_dh_alua.c +++ b/drivers/scsi/device_handler/scsi_dh_alua.c @@ -406,28 +406,40 @@ static char print_alua_state(unsigned char state) } } -static enum scsi_disposition alua_check_sense(struct scsi_device *sdev, - struct scsi_sense_hdr *sense_hdr) +static void alua_handle_state_transition(struct scsi_device *sdev) { struct alua_dh_data *h = sdev->handler_data; struct alua_port_group *pg; + rcu_read_lock(); + pg = rcu_dereference(h->pg); + if (pg) + pg->state = SCSI_ACCESS_STATE_TRANSITIONING; + rcu_read_unlock(); + alua_check(sdev, false); +} + +static enum scsi_disposition alua_check_sense(struct scsi_device *sdev, + struct scsi_sense_hdr *sense_hdr) +{ switch (sense_hdr->sense_key) { case NOT_READY: if (sense_hdr->asc == 0x04 && sense_hdr->ascq == 0x0a) { /* * LUN Not Accessible - ALUA state transition */ - rcu_read_lock(); - pg = rcu_dereference(h->pg); - if (pg) - pg->state = SCSI_ACCESS_STATE_TRANSITIONING; - rcu_read_unlock(); - alua_check(sdev, false); + alua_handle_state_transition(sdev); return NEEDS_RETRY; } break; case UNIT_ATTENTION: + if (sense_hdr->asc == 0x04 && sense_hdr->ascq == 0x0a) { + /* + * LUN Not Accessible - ALUA state transition + */ + alua_handle_state_transition(sdev); + return NEEDS_RETRY; + } if (sense_hdr->asc == 0x29 && sense_hdr->ascq == 0x00) { /* * Power On, Reset, or Bus Device Reset. @@ -494,7 +506,8 @@ static int alua_tur(struct scsi_device *sdev) retval = scsi_test_unit_ready(sdev, ALUA_FAILOVER_TIMEOUT * HZ, ALUA_FAILOVER_RETRIES, &sense_hdr); - if (sense_hdr.sense_key == NOT_READY && + if ((sense_hdr.sense_key == NOT_READY || + sense_hdr.sense_key == UNIT_ATTENTION) && sense_hdr.asc == 0x04 && sense_hdr.ascq == 0x0a) return SCSI_DH_RETRY; else if (retval) -- 2.43.0

1 year, 3 months

2
29
0 0

[PATCH] remoteproc: imx_rproc: Fix refcount mistake in imx_rproc_addr_init

by Aleksandr Mishin

In imx_rproc_addr_init() strcmp() is performed over the node after the of_node_put() is performed over it. Fix this error by moving of_node_put() calls. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 5e4c1243071d ("remoteproc: imx_rproc: support remote cores booted before Linux Kernel") Cc: stable(a)vger.kernel.org Signed-off-by: Aleksandr Mishin <amishin(a)t-argos.ru> --- drivers/remoteproc/imx_rproc.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/remoteproc/imx_rproc.c b/drivers/remoteproc/imx_rproc.c index 39eacd90af14..144c8e9a642e 100644 --- a/drivers/remoteproc/imx_rproc.c +++ b/drivers/remoteproc/imx_rproc.c @@ -734,25 +734,29 @@ static int imx_rproc_addr_init(struct imx_rproc *priv, continue; } err = of_address_to_resource(node, 0, &res); - of_node_put(node); if (err) { dev_err(dev, "unable to resolve memory region\n"); + of_node_put(node); return err; } - if (b >= IMX_RPROC_MEM_MAX) + if (b >= IMX_RPROC_MEM_MAX) { + of_node_put(node); break; + } /* Not use resource version, because we might share region */ priv->mem[b].cpu_addr = devm_ioremap_wc(&pdev->dev, res.start, resource_size(&res)); if (!priv->mem[b].cpu_addr) { dev_err(dev, "failed to remap %pr\n", &res); + of_node_put(node); return -ENOMEM; } priv->mem[b].sys_addr = res.start; priv->mem[b].size = resource_size(&res); if (!strcmp(node->name, "rsc-table")) priv->rsc_table = priv->mem[b].cpu_addr; + of_node_put(node); b++; } -- 2.30.2

1 year, 3 months

2
1
0 0

[PATCH] usb: typec: ucsi: glink: fix child node release in probe function

by Javier Carrasco

The device_for_each_child_node() macro requires explicit calls to fwnode_handle_put() in all early exits of the loop if the child node is not required outside. Otherwise, the child node's refcount is not decremented and the resource is not released. The current implementation of pmic_glink_ucsi_probe() makes use of the device_for_each_child_node(), but does not release the child node on early returns. Add the missing calls to fwnode_handle_put(). Cc: stable(a)vger.kernel.org Fixes: c6165ed2f425 ("usb: ucsi: glink: use the connector orientation GPIO to provide switch events") Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> --- This case would be a great opportunity for the recently introduced device_for_each_child_node_scoped(), but given that it has not been released yet, the traditional approach has been used to account for stable kernels (bug introduced with v6.7). A second patch to clean this up with that macro is ready to be sent once this fix is applied, so this kind of problem does not arise if more early returns are added. This issue has been found while analyzing the code and not tested with hardware, only compiled and checked with static analysis tools. Any tests with real hardware are always welcome. --- drivers/usb/typec/ucsi/ucsi_glink.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/usb/typec/ucsi/ucsi_glink.c b/drivers/usb/typec/ucsi/ucsi_glink.c index f7546bb488c3..41375e0f9280 100644 --- a/drivers/usb/typec/ucsi/ucsi_glink.c +++ b/drivers/usb/typec/ucsi/ucsi_glink.c @@ -372,6 +372,7 @@ static int pmic_glink_ucsi_probe(struct auxiliary_device *adev, ret = fwnode_property_read_u32(fwnode, "reg", &port); if (ret < 0) { dev_err(dev, "missing reg property of %pOFn\n", fwnode); + fwnode_handle_put(fwnode); return ret; } @@ -386,9 +387,11 @@ static int pmic_glink_ucsi_probe(struct auxiliary_device *adev, if (!desc) continue; - if (IS_ERR(desc)) + if (IS_ERR(desc)) { + fwnode_handle_put(fwnode); return dev_err_probe(dev, PTR_ERR(desc), "unable to acquire orientation gpio\n"); + } ucsi->port_orientation[port] = desc; } --- base-commit: 83a7eefedc9b56fe7bfeff13b6c7356688ffa670 change-id: 20240613-ucsi-glink-release-node-9fc09d81e138 Best regards, -- Javier Carrasco <javier.carrasco.cruz(a)gmail.com>

1 year, 3 months

3
2
0 0

Re: [PATCH] bpf: fix order of args in call to bpf_map_kvcalloc

by Péter Ujfalusi

Hi, On 17/05/2024 06:10, patchwork-bot+netdevbpf(a)kernel.org wrote: > Hello: > > This patch was applied to bpf/bpf-next.git (master) Can you send this patch for the current 6.10 cycle as a fix as well? HEAD: 2ef5971ff345 Merge tag 'vfs-6.10-rc4.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs head -n 6 Makefile # SPDX-License-Identifier: GPL-2.0 VERSION = 6 PATCHLEVEL = 10 SUBLEVEL = 0 EXTRAVERSION = -rc3 NAME = Baby Opossum Posse gcc --version gcc (GCC) 14.1.1 20240522 kernel/bpf/bpf_local_storage.c: In function ‘bpf_local_storage_map_alloc’: kernel/bpf/bpf_local_storage.c:785:60: error: ‘kvmalloc_array_node_noprof’ sizes specified with ‘sizeof’ in the earlier argument and not in the later argument [-Werror=calloc-transposed-args] 785 | smap->buckets = bpf_map_kvcalloc(&smap->map, sizeof(*smap->buckets), Thank you, Péter > by Andrii Nakryiko <andrii(a)kernel.org>: > > On Thu, 16 May 2024 12:54:11 +0530 you wrote: >> The original function call passed size of smap->bucket before the number of >> buckets which raises the error 'calloc-transposed-args' on compilation. >> >> Signed-off-by: Mohammad Shehar Yaar Tausif <sheharyaar48(a)gmail.com> >> --- >> kernel/bpf/bpf_local_storage.c | 4 ++-- >> 1 file changed, 2 insertions(+), 2 deletions(-) > > Here is the summary with links: > - bpf: fix order of args in call to bpf_map_kvcalloc > https://git.kernel.org/bpf/bpf-next/c/71ed6c266348 > > You are awesome, thank you! --------------------------------------------------------------------- Intel Finland Oy Registered Address: PL 281, 00181 Helsinki Business Identity Code: 0357606 - 4 Domiciled in Helsinki This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). Any review or distribution by others is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies.

1 year, 3 months

2
1
0 0

[PATCH 03/23] irqdomain: Fixed unbalanced fwnode get and put

by Herve Codina

fwnode_handle_get(fwnode) is called when a domain is created with fwnode passed as a function parameter. fwnode_handle_put(domain->fwnode) is called when the domain is destroyed but during the creation a path exists that does not set domain->fwnode. If this path is taken, the fwnode get will never be put. To avoid the unbalanced get and put, set domain->fwnode unconditionally. Fixes: d59f6617eef0 ("genirq: Allow fwnode to carry name information only") Cc: stable(a)vger.kernel.org Signed-off-by: Herve Codina <herve.codina(a)bootlin.com> --- kernel/irq/irqdomain.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/kernel/irq/irqdomain.c b/kernel/irq/irqdomain.c index 012ada09b419..31277488ed42 100644 --- a/kernel/irq/irqdomain.c +++ b/kernel/irq/irqdomain.c @@ -156,7 +156,6 @@ static struct irq_domain *__irq_domain_create(struct fwnode_handle *fwnode, switch (fwid->type) { case IRQCHIP_FWNODE_NAMED: case IRQCHIP_FWNODE_NAMED_ID: - domain->fwnode = fwnode; domain->name = kstrdup(fwid->name, GFP_KERNEL); if (!domain->name) { kfree(domain); @@ -165,7 +164,6 @@ static struct irq_domain *__irq_domain_create(struct fwnode_handle *fwnode, domain->flags |= IRQ_DOMAIN_NAME_ALLOCATED; break; default: - domain->fwnode = fwnode; domain->name = fwid->name; break; } @@ -185,7 +183,6 @@ static struct irq_domain *__irq_domain_create(struct fwnode_handle *fwnode, } domain->name = strreplace(name, '/', ':'); - domain->fwnode = fwnode; domain->flags |= IRQ_DOMAIN_NAME_ALLOCATED; } @@ -201,8 +198,8 @@ static struct irq_domain *__irq_domain_create(struct fwnode_handle *fwnode, domain->flags |= IRQ_DOMAIN_NAME_ALLOCATED; } - fwnode_handle_get(fwnode); - fwnode_dev_initialized(fwnode, true); + domain->fwnode = fwnode_handle_get(fwnode); + fwnode_dev_initialized(domain->fwnode, true); /* Fill structure */ INIT_RADIX_TREE(&domain->revmap_tree, GFP_KERNEL); -- 2.45.0

1 year, 3 months

2
1
0 0

[PATCH 0/2] LoongArch: Fix S3 sleep on U-Boot + QEMU virt machine

by Jiaxun Yang

Hi all, This series fixed S3 sleep on U-Boot + QEMU virt machine. The first patch is a further DMW window setting fix, the second fixed support of ACPI standard S3 sleep procdure. Please review. Thanks Signed-off-by: Jiaxun Yang <jiaxun.yang(a)flygoat.com> --- Jiaxun Yang (2): LoongArch: Initialise unused Direct Map Windows LoongArch: Fix ACPI standard register based S3 support arch/loongarch/include/asm/loongarch.h | 4 ++++ arch/loongarch/include/asm/stackframe.h | 11 +++++++++++ arch/loongarch/kernel/head.S | 12 ++---------- arch/loongarch/power/platform.c | 24 ++++++++++++++++++------ arch/loongarch/power/suspend_asm.S | 8 ++------ drivers/firmware/efi/libstub/loongarch.c | 2 ++ 6 files changed, 39 insertions(+), 22 deletions(-) --- base-commit: 6906a84c482f098d31486df8dc98cead21cce2d0 change-id: 20240613-loongarch64-sleep-035ffcdff9eb Best regards, -- Jiaxun Yang <jiaxun.yang(a)flygoat.com>

1 year, 3 months

2
10
0 0

[PATCH AUTOSEL 4.19 1/9] scsi: qedf: Set qed_slowpath_params to zero before use

by Sasha Levin

From: Saurav Kashyap <skashyap(a)marvell.com> [ Upstream commit 6c3bb589debd763dc4b94803ddf3c13b4fcca776 ] Zero qed_slowpath_params before use. Signed-off-by: Saurav Kashyap <skashyap(a)marvell.com> Signed-off-by: Nilesh Javali <njavali(a)marvell.com> Link: https://lore.kernel.org/r/20240515091101.18754-4-skashyap@marvell.com Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/scsi/qedf/qedf_main.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/scsi/qedf/qedf_main.c b/drivers/scsi/qedf/qedf_main.c index 01e27285b26ba..33fb0e1926831 100644 --- a/drivers/scsi/qedf/qedf_main.c +++ b/drivers/scsi/qedf/qedf_main.c @@ -3101,6 +3101,7 @@ static int __qedf_probe(struct pci_dev *pdev, int mode) } /* Start the Slowpath-process */ + memset(&slowpath_params, 0, sizeof(struct qed_slowpath_params)); slowpath_params.int_mode = QED_INT_MODE_MSIX; slowpath_params.drv_major = QEDF_DRIVER_MAJOR_VER; slowpath_params.drv_minor = QEDF_DRIVER_MINOR_VER; -- 2.43.0

1 year, 3 months

1
8
0 0

[PATCH AUTOSEL 5.4 1/9] scsi: qedf: Set qed_slowpath_params to zero before use

by Sasha Levin

From: Saurav Kashyap <skashyap(a)marvell.com> [ Upstream commit 6c3bb589debd763dc4b94803ddf3c13b4fcca776 ] Zero qed_slowpath_params before use. Signed-off-by: Saurav Kashyap <skashyap(a)marvell.com> Signed-off-by: Nilesh Javali <njavali(a)marvell.com> Link: https://lore.kernel.org/r/20240515091101.18754-4-skashyap@marvell.com Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/scsi/qedf/qedf_main.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/scsi/qedf/qedf_main.c b/drivers/scsi/qedf/qedf_main.c index 858058f228191..e0601b5520b78 100644 --- a/drivers/scsi/qedf/qedf_main.c +++ b/drivers/scsi/qedf/qedf_main.c @@ -3299,6 +3299,7 @@ static int __qedf_probe(struct pci_dev *pdev, int mode) } /* Start the Slowpath-process */ + memset(&slowpath_params, 0, sizeof(struct qed_slowpath_params)); slowpath_params.int_mode = QED_INT_MODE_MSIX; slowpath_params.drv_major = QEDF_DRIVER_MAJOR_VER; slowpath_params.drv_minor = QEDF_DRIVER_MINOR_VER; -- 2.43.0

1 year, 3 months

1
8
0 0

[PATCH AUTOSEL 5.10 01/13] scsi: qedf: Set qed_slowpath_params to zero before use

by Sasha Levin

From: Saurav Kashyap <skashyap(a)marvell.com> [ Upstream commit 6c3bb589debd763dc4b94803ddf3c13b4fcca776 ] Zero qed_slowpath_params before use. Signed-off-by: Saurav Kashyap <skashyap(a)marvell.com> Signed-off-by: Nilesh Javali <njavali(a)marvell.com> Link: https://lore.kernel.org/r/20240515091101.18754-4-skashyap@marvell.com Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/scsi/qedf/qedf_main.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/scsi/qedf/qedf_main.c b/drivers/scsi/qedf/qedf_main.c index 6923862be3fbc..2536da96130ea 100644 --- a/drivers/scsi/qedf/qedf_main.c +++ b/drivers/scsi/qedf/qedf_main.c @@ -3453,6 +3453,7 @@ static int __qedf_probe(struct pci_dev *pdev, int mode) } /* Start the Slowpath-process */ + memset(&slowpath_params, 0, sizeof(struct qed_slowpath_params)); slowpath_params.int_mode = QED_INT_MODE_MSIX; slowpath_params.drv_major = QEDF_DRIVER_MAJOR_VER; slowpath_params.drv_minor = QEDF_DRIVER_MINOR_VER; -- 2.43.0

1 year, 3 months

1
12
0 0

[PATCH AUTOSEL 5.15 01/21] scsi: core: alua: I/O errors for ALUA state transitions

by Sasha Levin

From: Martin Wilck <martin.wilck(a)suse.com> [ Upstream commit 10157b1fc1a762293381e9145041253420dfc6ad ] When a host is configured with a few LUNs and I/O is running, injecting FC faults repeatedly leads to path recovery problems. The LUNs have 4 paths each and 3 of them come back active after say an FC fault which makes 2 of the paths go down, instead of all 4. This happens after several iterations of continuous FC faults. Reason here is that we're returning an I/O error whenever we're encountering sense code 06/04/0a (LOGICAL UNIT NOT ACCESSIBLE, ASYMMETRIC ACCESS STATE TRANSITION) instead of retrying. [mwilck: The original patch was developed by Rajashekhar M A and Hannes Reinecke. I moved the code to alua_check_sense() as suggested by Mike Christie [1]. Evan Milne had raised the question whether pg->state should be set to transitioning in the UA case [2]. I believe that doing this is correct. SCSI_ACCESS_STATE_TRANSITIONING by itself doesn't cause I/O errors. Our handler schedules an RTPG, which will only result in an I/O error condition if the transitioning timeout expires.] [1] https://lore.kernel.org/all/0bc96e82-fdda-4187-148d-5b34f81d4942@oracle.com/ [2] https://lore.kernel.org/all/CAGtn9r=kicnTDE2o7Gt5Y=yoidHYD7tG8XdMHEBJTBraVE… Co-developed-by: Rajashekhar M A <rajs(a)netapp.com> Co-developed-by: Hannes Reinecke <hare(a)suse.de> Signed-off-by: Hannes Reinecke <hare(a)suse.de> Signed-off-by: Martin Wilck <martin.wilck(a)suse.com> Link: https://lore.kernel.org/r/20240514140344.19538-1-mwilck@suse.com Reviewed-by: Damien Le Moal <dlemoal(a)kernel.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: Mike Christie <michael.christie(a)oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/scsi/device_handler/scsi_dh_alua.c | 31 +++++++++++++++------- 1 file changed, 22 insertions(+), 9 deletions(-) diff --git a/drivers/scsi/device_handler/scsi_dh_alua.c b/drivers/scsi/device_handler/scsi_dh_alua.c index a9c4a5e2ccb90..60792f257c235 100644 --- a/drivers/scsi/device_handler/scsi_dh_alua.c +++ b/drivers/scsi/device_handler/scsi_dh_alua.c @@ -406,28 +406,40 @@ static char print_alua_state(unsigned char state) } } -static enum scsi_disposition alua_check_sense(struct scsi_device *sdev, - struct scsi_sense_hdr *sense_hdr) +static void alua_handle_state_transition(struct scsi_device *sdev) { struct alua_dh_data *h = sdev->handler_data; struct alua_port_group *pg; + rcu_read_lock(); + pg = rcu_dereference(h->pg); + if (pg) + pg->state = SCSI_ACCESS_STATE_TRANSITIONING; + rcu_read_unlock(); + alua_check(sdev, false); +} + +static enum scsi_disposition alua_check_sense(struct scsi_device *sdev, + struct scsi_sense_hdr *sense_hdr) +{ switch (sense_hdr->sense_key) { case NOT_READY: if (sense_hdr->asc == 0x04 && sense_hdr->ascq == 0x0a) { /* * LUN Not Accessible - ALUA state transition */ - rcu_read_lock(); - pg = rcu_dereference(h->pg); - if (pg) - pg->state = SCSI_ACCESS_STATE_TRANSITIONING; - rcu_read_unlock(); - alua_check(sdev, false); + alua_handle_state_transition(sdev); return NEEDS_RETRY; } break; case UNIT_ATTENTION: + if (sense_hdr->asc == 0x04 && sense_hdr->ascq == 0x0a) { + /* + * LUN Not Accessible - ALUA state transition + */ + alua_handle_state_transition(sdev); + return NEEDS_RETRY; + } if (sense_hdr->asc == 0x29 && sense_hdr->ascq == 0x00) { /* * Power On, Reset, or Bus Device Reset. @@ -494,7 +506,8 @@ static int alua_tur(struct scsi_device *sdev) retval = scsi_test_unit_ready(sdev, ALUA_FAILOVER_TIMEOUT * HZ, ALUA_FAILOVER_RETRIES, &sense_hdr); - if (sense_hdr.sense_key == NOT_READY && + if ((sense_hdr.sense_key == NOT_READY || + sense_hdr.sense_key == UNIT_ATTENTION) && sense_hdr.asc == 0x04 && sense_hdr.ascq == 0x0a) return SCSI_DH_RETRY; else if (retval) -- 2.43.0

1 year, 3 months

1
20
0 0

[PATCH AUTOSEL 6.6 01/35] scsi: core: alua: I/O errors for ALUA state transitions

by Sasha Levin

From: Martin Wilck <martin.wilck(a)suse.com> [ Upstream commit 10157b1fc1a762293381e9145041253420dfc6ad ] When a host is configured with a few LUNs and I/O is running, injecting FC faults repeatedly leads to path recovery problems. The LUNs have 4 paths each and 3 of them come back active after say an FC fault which makes 2 of the paths go down, instead of all 4. This happens after several iterations of continuous FC faults. Reason here is that we're returning an I/O error whenever we're encountering sense code 06/04/0a (LOGICAL UNIT NOT ACCESSIBLE, ASYMMETRIC ACCESS STATE TRANSITION) instead of retrying. [mwilck: The original patch was developed by Rajashekhar M A and Hannes Reinecke. I moved the code to alua_check_sense() as suggested by Mike Christie [1]. Evan Milne had raised the question whether pg->state should be set to transitioning in the UA case [2]. I believe that doing this is correct. SCSI_ACCESS_STATE_TRANSITIONING by itself doesn't cause I/O errors. Our handler schedules an RTPG, which will only result in an I/O error condition if the transitioning timeout expires.] [1] https://lore.kernel.org/all/0bc96e82-fdda-4187-148d-5b34f81d4942@oracle.com/ [2] https://lore.kernel.org/all/CAGtn9r=kicnTDE2o7Gt5Y=yoidHYD7tG8XdMHEBJTBraVE… Co-developed-by: Rajashekhar M A <rajs(a)netapp.com> Co-developed-by: Hannes Reinecke <hare(a)suse.de> Signed-off-by: Hannes Reinecke <hare(a)suse.de> Signed-off-by: Martin Wilck <martin.wilck(a)suse.com> Link: https://lore.kernel.org/r/20240514140344.19538-1-mwilck@suse.com Reviewed-by: Damien Le Moal <dlemoal(a)kernel.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: Mike Christie <michael.christie(a)oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/scsi/device_handler/scsi_dh_alua.c | 31 +++++++++++++++------- 1 file changed, 22 insertions(+), 9 deletions(-) diff --git a/drivers/scsi/device_handler/scsi_dh_alua.c b/drivers/scsi/device_handler/scsi_dh_alua.c index a226dc1b65d71..4eb0837298d4d 100644 --- a/drivers/scsi/device_handler/scsi_dh_alua.c +++ b/drivers/scsi/device_handler/scsi_dh_alua.c @@ -414,28 +414,40 @@ static char print_alua_state(unsigned char state) } } -static enum scsi_disposition alua_check_sense(struct scsi_device *sdev, - struct scsi_sense_hdr *sense_hdr) +static void alua_handle_state_transition(struct scsi_device *sdev) { struct alua_dh_data *h = sdev->handler_data; struct alua_port_group *pg; + rcu_read_lock(); + pg = rcu_dereference(h->pg); + if (pg) + pg->state = SCSI_ACCESS_STATE_TRANSITIONING; + rcu_read_unlock(); + alua_check(sdev, false); +} + +static enum scsi_disposition alua_check_sense(struct scsi_device *sdev, + struct scsi_sense_hdr *sense_hdr) +{ switch (sense_hdr->sense_key) { case NOT_READY: if (sense_hdr->asc == 0x04 && sense_hdr->ascq == 0x0a) { /* * LUN Not Accessible - ALUA state transition */ - rcu_read_lock(); - pg = rcu_dereference(h->pg); - if (pg) - pg->state = SCSI_ACCESS_STATE_TRANSITIONING; - rcu_read_unlock(); - alua_check(sdev, false); + alua_handle_state_transition(sdev); return NEEDS_RETRY; } break; case UNIT_ATTENTION: + if (sense_hdr->asc == 0x04 && sense_hdr->ascq == 0x0a) { + /* + * LUN Not Accessible - ALUA state transition + */ + alua_handle_state_transition(sdev); + return NEEDS_RETRY; + } if (sense_hdr->asc == 0x29 && sense_hdr->ascq == 0x00) { /* * Power On, Reset, or Bus Device Reset. @@ -502,7 +514,8 @@ static int alua_tur(struct scsi_device *sdev) retval = scsi_test_unit_ready(sdev, ALUA_FAILOVER_TIMEOUT * HZ, ALUA_FAILOVER_RETRIES, &sense_hdr); - if (sense_hdr.sense_key == NOT_READY && + if ((sense_hdr.sense_key == NOT_READY || + sense_hdr.sense_key == UNIT_ATTENTION) && sense_hdr.asc == 0x04 && sense_hdr.ascq == 0x0a) return SCSI_DH_RETRY; else if (retval) -- 2.43.0

1 year, 3 months

2
35
0 0

[PATCH AUTOSEL 6.9 01/44] scsi: core: alua: I/O errors for ALUA state transitions

by Sasha Levin

From: Martin Wilck <martin.wilck(a)suse.com> [ Upstream commit 10157b1fc1a762293381e9145041253420dfc6ad ] When a host is configured with a few LUNs and I/O is running, injecting FC faults repeatedly leads to path recovery problems. The LUNs have 4 paths each and 3 of them come back active after say an FC fault which makes 2 of the paths go down, instead of all 4. This happens after several iterations of continuous FC faults. Reason here is that we're returning an I/O error whenever we're encountering sense code 06/04/0a (LOGICAL UNIT NOT ACCESSIBLE, ASYMMETRIC ACCESS STATE TRANSITION) instead of retrying. [mwilck: The original patch was developed by Rajashekhar M A and Hannes Reinecke. I moved the code to alua_check_sense() as suggested by Mike Christie [1]. Evan Milne had raised the question whether pg->state should be set to transitioning in the UA case [2]. I believe that doing this is correct. SCSI_ACCESS_STATE_TRANSITIONING by itself doesn't cause I/O errors. Our handler schedules an RTPG, which will only result in an I/O error condition if the transitioning timeout expires.] [1] https://lore.kernel.org/all/0bc96e82-fdda-4187-148d-5b34f81d4942@oracle.com/ [2] https://lore.kernel.org/all/CAGtn9r=kicnTDE2o7Gt5Y=yoidHYD7tG8XdMHEBJTBraVE… Co-developed-by: Rajashekhar M A <rajs(a)netapp.com> Co-developed-by: Hannes Reinecke <hare(a)suse.de> Signed-off-by: Hannes Reinecke <hare(a)suse.de> Signed-off-by: Martin Wilck <martin.wilck(a)suse.com> Link: https://lore.kernel.org/r/20240514140344.19538-1-mwilck@suse.com Reviewed-by: Damien Le Moal <dlemoal(a)kernel.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: Mike Christie <michael.christie(a)oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/scsi/device_handler/scsi_dh_alua.c | 31 +++++++++++++++------- 1 file changed, 22 insertions(+), 9 deletions(-) diff --git a/drivers/scsi/device_handler/scsi_dh_alua.c b/drivers/scsi/device_handler/scsi_dh_alua.c index a226dc1b65d71..4eb0837298d4d 100644 --- a/drivers/scsi/device_handler/scsi_dh_alua.c +++ b/drivers/scsi/device_handler/scsi_dh_alua.c @@ -414,28 +414,40 @@ static char print_alua_state(unsigned char state) } } -static enum scsi_disposition alua_check_sense(struct scsi_device *sdev, - struct scsi_sense_hdr *sense_hdr) +static void alua_handle_state_transition(struct scsi_device *sdev) { struct alua_dh_data *h = sdev->handler_data; struct alua_port_group *pg; + rcu_read_lock(); + pg = rcu_dereference(h->pg); + if (pg) + pg->state = SCSI_ACCESS_STATE_TRANSITIONING; + rcu_read_unlock(); + alua_check(sdev, false); +} + +static enum scsi_disposition alua_check_sense(struct scsi_device *sdev, + struct scsi_sense_hdr *sense_hdr) +{ switch (sense_hdr->sense_key) { case NOT_READY: if (sense_hdr->asc == 0x04 && sense_hdr->ascq == 0x0a) { /* * LUN Not Accessible - ALUA state transition */ - rcu_read_lock(); - pg = rcu_dereference(h->pg); - if (pg) - pg->state = SCSI_ACCESS_STATE_TRANSITIONING; - rcu_read_unlock(); - alua_check(sdev, false); + alua_handle_state_transition(sdev); return NEEDS_RETRY; } break; case UNIT_ATTENTION: + if (sense_hdr->asc == 0x04 && sense_hdr->ascq == 0x0a) { + /* + * LUN Not Accessible - ALUA state transition + */ + alua_handle_state_transition(sdev); + return NEEDS_RETRY; + } if (sense_hdr->asc == 0x29 && sense_hdr->ascq == 0x00) { /* * Power On, Reset, or Bus Device Reset. @@ -502,7 +514,8 @@ static int alua_tur(struct scsi_device *sdev) retval = scsi_test_unit_ready(sdev, ALUA_FAILOVER_TIMEOUT * HZ, ALUA_FAILOVER_RETRIES, &sense_hdr); - if (sense_hdr.sense_key == NOT_READY && + if ((sense_hdr.sense_key == NOT_READY || + sense_hdr.sense_key == UNIT_ATTENTION) && sense_hdr.asc == 0x04 && sense_hdr.ascq == 0x0a) return SCSI_DH_RETRY; else if (retval) -- 2.43.0

1 year, 3 months

2
44
0 0

[PATCH v2 1/2] docs: stable-kernel-rules: provide example of specifing target series

by Shung-Hsi Yu

Provide a concrete example of how to specify what stable series should be targeted for change inclusion. Looking around on the stable mailing list this seems like a common practice already, so let mention that in the documentation as well (but worded so it is not interpreted as the only way to do so). Reviewed-by: Paul Barker <paul.barker.ct(a)bp.renesas.com> Signed-off-by: Shung-Hsi Yu <shung-hsi.yu(a)suse.com> --- Change from v1: - "asks that the patch to be included in..." is edit to "asks that the patch is included in..." for better wording (Paul) --- Documentation/process/stable-kernel-rules.rst | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/Documentation/process/stable-kernel-rules.rst b/Documentation/process/stable-kernel-rules.rst index edf90bbe30f4..d22aa2280f6e 100644 --- a/Documentation/process/stable-kernel-rules.rst +++ b/Documentation/process/stable-kernel-rules.rst @@ -57,10 +57,13 @@ options for cases where a mainlined patch needs adjustments to apply in older series (for example due to API changes). When using option 2 or 3 you can ask for your change to be included in specific -stable series. When doing so, ensure the fix or an equivalent is applicable, -submitted, or already present in all newer stable trees still supported. This is -meant to prevent regressions that users might later encounter on updating, if -e.g. a fix merged for 5.19-rc1 would be backported to 5.10.y, but not to 5.15.y. +stable series, one way to do so is by specifying the target series in the +subject prefix (e.g. '[PATCH stable 5.15 5.10]' asks that the patch is +included in both 5.10.y and 5.15.y). When doing so, ensure the fix or an +equivalent is applicable, submitted, or already present in all newer stable +trees still supported. This is meant to prevent regressions that users might +later encounter on updating, if e.g. a fix merged for 5.19-rc1 would be +backported to 5.10.y, but not to 5.15.y. .. _option_1: -- 2.45.2

1 year, 3 months

3
3
0 0

[PATCH v2] fbdev: vesafb: Detect VGA compatibility from screen info's VESA attributes

by Thomas Zimmermann

Test the vesa_attributes field in struct screen_info for compatibility with VGA hardware. Vesafb currently tests bit 1 in screen_info's capabilities field, It sets the framebuffer address size and is unrelated to VGA. Section 4.4 of the Vesa VBE 2.0 specifications defines that bit 5 in the mode's attributes field signals VGA compatibility. The mode is compatible with VGA hardware if the bit is clear. In that case, the driver can access VGA state of the VBE's underlying hardware. The vesafb driver uses this feature to program the color LUT in palette modes. Without, colors might be incorrect. The problem got introduced in commit 89ec4c238e7a ("[PATCH] vesafb: Fix incorrect logo colors in x86_64"). It incorrectly stores the mode attributes in the screen_info's capabilities field and updates vesafb accordingly. Later, commit 5e8ddcbe8692 ("Video mode probing support for the new x86 setup code") fixed the screen_info, but did not update vesafb. Color output still tends to work, because bit 1 in capabilities is usually 0. Besides fixing the bug in vesafb, this commit introduces a helper that reads the correct bit from screen_info. v2: - clarify comment on non-VGA modes (Helge) Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Fixes: 5e8ddcbe8692 ("Video mode probing support for the new x86 setup code") Reviewed-by: Javier Martinez Canillas <javierm(a)redhat.com> Cc: <stable(a)vger.kernel.org> # v2.6.23+ --- drivers/video/fbdev/vesafb.c | 2 +- include/linux/screen_info.h | 10 ++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/drivers/video/fbdev/vesafb.c b/drivers/video/fbdev/vesafb.c index 8ab64ae4cad3e..5a161750a3aee 100644 --- a/drivers/video/fbdev/vesafb.c +++ b/drivers/video/fbdev/vesafb.c @@ -271,7 +271,7 @@ static int vesafb_probe(struct platform_device *dev) if (si->orig_video_isVGA != VIDEO_TYPE_VLFB) return -ENODEV; - vga_compat = (si->capabilities & 2) ? 0 : 1; + vga_compat = !__screen_info_vbe_mode_nonvga(si); vesafb_fix.smem_start = si->lfb_base; vesafb_defined.bits_per_pixel = si->lfb_depth; if (15 == vesafb_defined.bits_per_pixel) diff --git a/include/linux/screen_info.h b/include/linux/screen_info.h index 75303c126285a..d21f8e4e9f4a4 100644 --- a/include/linux/screen_info.h +++ b/include/linux/screen_info.h @@ -49,6 +49,16 @@ static inline u64 __screen_info_lfb_size(const struct screen_info *si, unsigned return lfb_size; } +static inline bool __screen_info_vbe_mode_nonvga(const struct screen_info *si) +{ + /* + * VESA modes typically run on VGA hardware. Set bit 5 signal that this + * is not the case. Drivers can then not make use of VGA resources. See + * Sec 4.4 of the VBE 2.0 spec. + */ + return si->vesa_attributes & BIT(5); +} + static inline unsigned int __screen_info_video_type(unsigned int type) { switch (type) { -- 2.45.2

1 year, 3 months

2
3
0 0

[PATCH stable 4.19] xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING

by Shung-Hsi Yu

[ Upstream commit 237f3cf13b20db183d3706d997eedc3c49eacd44 ] From: Eric Dumazet <edumazet(a)google.com> syzbot reported an illegal copy in xsk_setsockopt() [1] Make sure to validate setsockopt() @optlen parameter. [1] BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline] BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline] BUG: KASAN: slab-out-of-bounds in xsk_setsockopt+0x909/0xa40 net/xdp/xsk.c:1420 Read of size 4 at addr ffff888028c6cde3 by task syz-executor.0/7549 CPU: 0 PID: 7549 Comm: syz-executor.0 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 copy_from_sockptr_offset include/linux/sockptr.h:49 [inline] copy_from_sockptr include/linux/sockptr.h:55 [inline] xsk_setsockopt+0x909/0xa40 net/xdp/xsk.c:1420 do_sock_setsockopt+0x3af/0x720 net/socket.c:2311 __sys_setsockopt+0x1ae/0x250 net/socket.c:2334 __do_sys_setsockopt net/socket.c:2343 [inline] __se_sys_setsockopt net/socket.c:2340 [inline] __x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340 do_syscall_64+0xfb/0x240 entry_SYSCALL_64_after_hwframe+0x6d/0x75 RIP: 0033:0x7fb40587de69 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fb40665a0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 00007fb4059abf80 RCX: 00007fb40587de69 RDX: 0000000000000005 RSI: 000000000000011b RDI: 0000000000000006 RBP: 00007fb4058ca47a R08: 0000000000000002 R09: 0000000000000000 R10: 0000000020001980 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000000b R14: 00007fb4059abf80 R15: 00007fff57ee4d08 </TASK> Allocated by task 7549: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:370 [inline] __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:387 kasan_kmalloc include/linux/kasan.h:211 [inline] __do_kmalloc_node mm/slub.c:3966 [inline] __kmalloc+0x233/0x4a0 mm/slub.c:3979 kmalloc include/linux/slab.h:632 [inline] __cgroup_bpf_run_filter_setsockopt+0xd2f/0x1040 kernel/bpf/cgroup.c:1869 do_sock_setsockopt+0x6b4/0x720 net/socket.c:2293 __sys_setsockopt+0x1ae/0x250 net/socket.c:2334 __do_sys_setsockopt net/socket.c:2343 [inline] __se_sys_setsockopt net/socket.c:2340 [inline] __x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340 do_syscall_64+0xfb/0x240 entry_SYSCALL_64_after_hwframe+0x6d/0x75 The buggy address belongs to the object at ffff888028c6cde0 which belongs to the cache kmalloc-8 of size 8 The buggy address is located 1 bytes to the right of allocated 2-byte region [ffff888028c6cde0, ffff888028c6cde2) The buggy address belongs to the physical page: page:ffffea0000a31b00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888028c6c9c0 pfn:0x28c6c anon flags: 0xfff00000000800(slab|node=0|zone=1|lastcpupid=0x7ff) page_type: 0xffffffff() raw: 00fff00000000800 ffff888014c41280 0000000000000000 dead000000000001 raw: ffff888028c6c9c0 0000000080800057 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 6648, tgid 6644 (syz-executor.0), ts 133906047828, free_ts 133859922223 set_page_owner include/linux/page_owner.h:31 [inline] post_alloc_hook+0x1ea/0x210 mm/page_alloc.c:1533 prep_new_page mm/page_alloc.c:1540 [inline] get_page_from_freelist+0x33ea/0x3580 mm/page_alloc.c:3311 __alloc_pages+0x256/0x680 mm/page_alloc.c:4569 __alloc_pages_node include/linux/gfp.h:238 [inline] alloc_pages_node include/linux/gfp.h:261 [inline] alloc_slab_page+0x5f/0x160 mm/slub.c:2175 allocate_slab mm/slub.c:2338 [inline] new_slab+0x84/0x2f0 mm/slub.c:2391 ___slab_alloc+0xc73/0x1260 mm/slub.c:3525 __slab_alloc mm/slub.c:3610 [inline] __slab_alloc_node mm/slub.c:3663 [inline] slab_alloc_node mm/slub.c:3835 [inline] __do_kmalloc_node mm/slub.c:3965 [inline] __kmalloc_node+0x2db/0x4e0 mm/slub.c:3973 kmalloc_node include/linux/slab.h:648 [inline] __vmalloc_area_node mm/vmalloc.c:3197 [inline] __vmalloc_node_range+0x5f9/0x14a0 mm/vmalloc.c:3392 __vmalloc_node mm/vmalloc.c:3457 [inline] vzalloc+0x79/0x90 mm/vmalloc.c:3530 bpf_check+0x260/0x19010 kernel/bpf/verifier.c:21162 bpf_prog_load+0x1667/0x20f0 kernel/bpf/syscall.c:2895 __sys_bpf+0x4ee/0x810 kernel/bpf/syscall.c:5631 __do_sys_bpf kernel/bpf/syscall.c:5738 [inline] __se_sys_bpf kernel/bpf/syscall.c:5736 [inline] __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5736 do_syscall_64+0xfb/0x240 entry_SYSCALL_64_after_hwframe+0x6d/0x75 page last free pid 6650 tgid 6647 stack trace: reset_page_owner include/linux/page_owner.h:24 [inline] free_pages_prepare mm/page_alloc.c:1140 [inline] free_unref_page_prepare+0x95d/0xa80 mm/page_alloc.c:2346 free_unref_page_list+0x5a3/0x850 mm/page_alloc.c:2532 release_pages+0x2117/0x2400 mm/swap.c:1042 tlb_batch_pages_flush mm/mmu_gather.c:98 [inline] tlb_flush_mmu_free mm/mmu_gather.c:293 [inline] tlb_flush_mmu+0x34d/0x4e0 mm/mmu_gather.c:300 tlb_finish_mmu+0xd4/0x200 mm/mmu_gather.c:392 exit_mmap+0x4b6/0xd40 mm/mmap.c:3300 __mmput+0x115/0x3c0 kernel/fork.c:1345 exit_mm+0x220/0x310 kernel/exit.c:569 do_exit+0x99e/0x27e0 kernel/exit.c:865 do_group_exit+0x207/0x2c0 kernel/exit.c:1027 get_signal+0x176e/0x1850 kernel/signal.c:2907 arch_do_signal_or_restart+0x96/0x860 arch/x86/kernel/signal.c:310 exit_to_user_mode_loop kernel/entry/common.c:105 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:201 [inline] syscall_exit_to_user_mode+0xc9/0x360 kernel/entry/common.c:212 do_syscall_64+0x10a/0x240 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x6d/0x75 Memory state around the buggy address: ffff888028c6cc80: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc ffff888028c6cd00: fa fc fc fc fa fc fc fc 00 fc fc fc 06 fc fc fc >ffff888028c6cd80: fa fc fc fc fa fc fc fc fa fc fc fc 02 fc fc fc ^ ffff888028c6ce00: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc ffff888028c6ce80: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc Fixes: 423f38329d26 ("xsk: add umem fill queue support and mmap") Reported-by: syzbot <syzkaller(a)googlegroups.com> Signed-off-by: Eric Dumazet <edumazet(a)google.com> Cc: "Björn Töpel" <bjorn(a)kernel.org> Cc: Magnus Karlsson <magnus.karlsson(a)intel.com> Cc: Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> Cc: Jonathan Lemon <jonathan.lemon(a)gmail.com> Acked-by: Daniel Borkmann <daniel(a)iogearbox.net> Link: https://lore.kernel.org/r/20240404202738.3634547-1-edumazet@google.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> [shung-hsi.yu: two additional changes not present in the original 1. Check optlen in the XDP_UMEM_REG case as well. It was added in commit c05cd36458147 ("xsk: add support to allow unaligned chunk placement") but seems like too big of a change for stable 2. copy_from_sockptr() in the context was replace copy_from_usr() because commit a7b75c5a8c414 ("net: pass a sockptr_t into ->setsockopt") was not present] Signed-off-by: Shung-Hsi Yu <shung-hsi.yu(a)suse.com> --- Resend because the last submission was done prior to 5.4 receiving the fix, hence was dropped from Greg's tree[1]. 1: https://lore.kernel.org/stable/2024061329-pregnancy-rumbling-74b2@gregkh/ --- net/xdp/xsk.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/net/xdp/xsk.c b/net/xdp/xsk.c index 6bb0649c028c..d5a9c43930de 100644 --- a/net/xdp/xsk.c +++ b/net/xdp/xsk.c @@ -515,6 +515,8 @@ static int xsk_setsockopt(struct socket *sock, int level, int optname, struct xdp_umem_reg mr; struct xdp_umem *umem; + if (optlen < sizeof(mr)) + return -EINVAL; if (copy_from_user(&mr, optval, sizeof(mr))) return -EFAULT; @@ -542,6 +544,8 @@ static int xsk_setsockopt(struct socket *sock, int level, int optname, struct xsk_queue **q; int entries; + if (optlen < sizeof(entries)) + return -EINVAL; if (copy_from_user(&entries, optval, sizeof(entries))) return -EFAULT; -- 2.45.1

1 year, 3 months

2
1
0 0

[PATCH v2] Input: try trimming too long modalias strings

by Jason Andryuk

From: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> commit 0774d19038c496f0c3602fb505c43e1b2d8eed85 upstream. If an input device declares too many capability bits then modalias string for such device may become too long and not fit into uevent buffer, resulting in failure of sending said uevent. This, in turn, may prevent userspace from recognizing existence of such devices. This is typically not a concern for real hardware devices as they have limited number of keys, but happen with synthetic devices such as ones created by xen-kbdfront driver, which creates devices as being capable of delivering all possible keys, since it doesn't know what keys the backend may produce. To deal with such devices input core will attempt to trim key data, in the hope that the rest of modalias string will fit in the given buffer. When trimming key data it will indicate that it is not complete by placing "+," sign, resulting in conversions like this: old: k71,72,73,74,78,7A,7B,7C,7D,8E,9E,A4,AD,E0,E1,E4,F8,174, new: k71,72,73,74,78,7A,7B,7C,+, This should allow existing udev rules continue to work with existing devices, and will also allow writing more complex rules that would recognize trimmed modalias and check input device characteristics by other means (for example by parsing KEY= data in uevent or parsing input device sysfs attributes). Note that the driver core may try adding more uevent environment variables once input core is done adding its own, so when forming modalias we can not use the entire available buffer, so we reduce it by somewhat an arbitrary amount (96 bytes). Reported-by: Jason Andryuk <jandryuk(a)gmail.com> Reviewed-by: Peter Hutterer <peter.hutterer(a)who-t.net> Tested-by: Jason Andryuk <jandryuk(a)gmail.com> Link: https://lore.kernel.org/r/ZjAWMQCJdrxZkvkB@google.com Cc: stable(a)vger.kernel.org Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> [ Apply to linux-5.15.y ] Signed-off-by: Jason Andryuk <jason.andryuk(a)amd.com> --- Built with 5.15 and 4.19. Tested on 5.15. Drop const from struct input_dev *id Declare i outside loop: drivers/input/input.c: In function ‘input_print_modalias_parts’: drivers/input/input.c:1393:25: error: ‘for’ loop initial declarations are only allowed in C99 or C11 mode 1393 | for (int i = size - 1 - remainder - 3; i >= 0; i--) { | ^~~ --- drivers/input/input.c | 105 ++++++++++++++++++++++++++++++++++++------ 1 file changed, 90 insertions(+), 15 deletions(-) diff --git a/drivers/input/input.c b/drivers/input/input.c index 5ca3f11d2d75..171f71bd4c2a 100644 --- a/drivers/input/input.c +++ b/drivers/input/input.c @@ -1360,19 +1360,19 @@ static int input_print_modalias_bits(char *buf, int size, char name, unsigned long *bm, unsigned int min_bit, unsigned int max_bit) { - int len = 0, i; + int bit = min_bit; + int len = 0; len += snprintf(buf, max(size, 0), "%c", name); - for (i = min_bit; i < max_bit; i++) - if (bm[BIT_WORD(i)] & BIT_MASK(i)) - len += snprintf(buf + len, max(size - len, 0), "%X,", i); + for_each_set_bit_from(bit, bm, max_bit) + len += snprintf(buf + len, max(size - len, 0), "%X,", bit); return len; } -static int input_print_modalias(char *buf, int size, struct input_dev *id, - int add_cr) +static int input_print_modalias_parts(char *buf, int size, int full_len, + struct input_dev *id) { - int len; + int len, klen, remainder, space; len = snprintf(buf, max(size, 0), "input:b%04Xv%04Xp%04Xe%04X-", @@ -1381,8 +1381,49 @@ static int input_print_modalias(char *buf, int size, struct input_dev *id, len += input_print_modalias_bits(buf + len, size - len, 'e', id->evbit, 0, EV_MAX); - len += input_print_modalias_bits(buf + len, size - len, + + /* + * Calculate the remaining space in the buffer making sure we + * have place for the terminating 0. + */ + space = max(size - (len + 1), 0); + + klen = input_print_modalias_bits(buf + len, size - len, 'k', id->keybit, KEY_MIN_INTERESTING, KEY_MAX); + len += klen; + + /* + * If we have more data than we can fit in the buffer, check + * if we can trim key data to fit in the rest. We will indicate + * that key data is incomplete by adding "+" sign at the end, like + * this: * "k1,2,3,45,+,". + * + * Note that we shortest key info (if present) is "k+," so we + * can only try to trim if key data is longer than that. + */ + if (full_len && size < full_len + 1 && klen > 3) { + remainder = full_len - len; + /* + * We can only trim if we have space for the remainder + * and also for at least "k+," which is 3 more characters. + */ + if (remainder <= space - 3) { + int i; + /* + * We are guaranteed to have 'k' in the buffer, so + * we need at least 3 additional bytes for storing + * "+," in addition to the remainder. + */ + for (i = size - 1 - remainder - 3; i >= 0; i--) { + if (buf[i] == 'k' || buf[i] == ',') { + strcpy(buf + i + 1, "+,"); + len = i + 3; /* Not counting '\0' */ + break; + } + } + } + } + len += input_print_modalias_bits(buf + len, size - len, 'r', id->relbit, 0, REL_MAX); len += input_print_modalias_bits(buf + len, size - len, @@ -1398,12 +1439,25 @@ static int input_print_modalias(char *buf, int size, struct input_dev *id, len += input_print_modalias_bits(buf + len, size - len, 'w', id->swbit, 0, SW_MAX); - if (add_cr) - len += snprintf(buf + len, max(size - len, 0), "\n"); - return len; } +static int input_print_modalias(char *buf, int size, struct input_dev *id) +{ + int full_len; + + /* + * Printing is done in 2 passes: first one figures out total length + * needed for the modalias string, second one will try to trim key + * data in case when buffer is too small for the entire modalias. + * If the buffer is too small regardless, it will fill as much as it + * can (without trimming key data) into the buffer and leave it to + * the caller to figure out what to do with the result. + */ + full_len = input_print_modalias_parts(NULL, 0, 0, id); + return input_print_modalias_parts(buf, size, full_len, id); +} + static ssize_t input_dev_show_modalias(struct device *dev, struct device_attribute *attr, char *buf) @@ -1411,7 +1465,9 @@ static ssize_t input_dev_show_modalias(struct device *dev, struct input_dev *id = to_input_dev(dev); ssize_t len; - len = input_print_modalias(buf, PAGE_SIZE, id, 1); + len = input_print_modalias(buf, PAGE_SIZE, id); + if (len < PAGE_SIZE - 2) + len += snprintf(buf + len, PAGE_SIZE - len, "\n"); return min_t(int, len, PAGE_SIZE); } @@ -1623,6 +1679,23 @@ static int input_add_uevent_bm_var(struct kobj_uevent_env *env, return 0; } +/* + * This is a pretty gross hack. When building uevent data the driver core + * may try adding more environment variables to kobj_uevent_env without + * telling us, so we have no idea how much of the buffer we can use to + * avoid overflows/-ENOMEM elsewhere. To work around this let's artificially + * reduce amount of memory we will use for the modalias environment variable. + * + * The potential additions are: + * + * SEQNUM=18446744073709551615 - (%llu - 28 bytes) + * HOME=/ (6 bytes) + * PATH=/sbin:/bin:/usr/sbin:/usr/bin (34 bytes) + * + * 68 bytes total. Allow extra buffer - 96 bytes + */ +#define UEVENT_ENV_EXTRA_LEN 96 + static int input_add_uevent_modalias_var(struct kobj_uevent_env *env, struct input_dev *dev) { @@ -1632,9 +1705,11 @@ static int input_add_uevent_modalias_var(struct kobj_uevent_env *env, return -ENOMEM; len = input_print_modalias(&env->buf[env->buflen - 1], - sizeof(env->buf) - env->buflen, - dev, 0); - if (len >= (sizeof(env->buf) - env->buflen)) + (int)sizeof(env->buf) - env->buflen - + UEVENT_ENV_EXTRA_LEN, + dev); + if (len >= ((int)sizeof(env->buf) - env->buflen - + UEVENT_ENV_EXTRA_LEN)) return -ENOMEM; env->buflen += len; -- 2.40.1

1 year, 3 months

2
1
0 0

FAILED: patch "[PATCH] gve: Clear napi->skb before dev_kfree_skb_any()" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 6f4d93b78ade0a4c2cafd587f7b429ce95abb02e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061759-decoy-condiment-7d57@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 6f4d93b78ade ("gve: Clear napi->skb before dev_kfree_skb_any()") 1344e751e910 ("gve: Add RX context.") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6f4d93b78ade0a4c2cafd587f7b429ce95abb02e Mon Sep 17 00:00:00 2001 From: Ziwei Xiao <ziweixiao(a)google.com> Date: Wed, 12 Jun 2024 00:16:54 +0000 Subject: [PATCH] gve: Clear napi->skb before dev_kfree_skb_any() gve_rx_free_skb incorrectly leaves napi->skb referencing an skb after it is freed with dev_kfree_skb_any(). This can result in a subsequent call to napi_get_frags returning a dangling pointer. Fix this by clearing napi->skb before the skb is freed. Fixes: 9b8dd5e5ea48 ("gve: DQO: Add RX path") Cc: stable(a)vger.kernel.org Reported-by: Shailend Chand <shailend(a)google.com> Signed-off-by: Ziwei Xiao <ziweixiao(a)google.com> Reviewed-by: Harshitha Ramamurthy <hramamurthy(a)google.com> Reviewed-by: Shailend Chand <shailend(a)google.com> Reviewed-by: Praveen Kaligineedi <pkaligineedi(a)google.com> Link: https://lore.kernel.org/r/20240612001654.923887-1-ziweixiao@google.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/drivers/net/ethernet/google/gve/gve_rx_dqo.c b/drivers/net/ethernet/google/gve/gve_rx_dqo.c index c1c912de59c7..1154c1d8f66f 100644 --- a/drivers/net/ethernet/google/gve/gve_rx_dqo.c +++ b/drivers/net/ethernet/google/gve/gve_rx_dqo.c @@ -647,11 +647,13 @@ static void gve_rx_skb_hash(struct sk_buff *skb, skb_set_hash(skb, le32_to_cpu(compl_desc->hash), hash_type); } -static void gve_rx_free_skb(struct gve_rx_ring *rx) +static void gve_rx_free_skb(struct napi_struct *napi, struct gve_rx_ring *rx) { if (!rx->ctx.skb_head) return; + if (rx->ctx.skb_head == napi->skb) + napi->skb = NULL; dev_kfree_skb_any(rx->ctx.skb_head); rx->ctx.skb_head = NULL; rx->ctx.skb_tail = NULL; @@ -950,7 +952,7 @@ int gve_rx_poll_dqo(struct gve_notify_block *block, int budget) err = gve_rx_dqo(napi, rx, compl_desc, complq->head, rx->q_num); if (err < 0) { - gve_rx_free_skb(rx); + gve_rx_free_skb(napi, rx); u64_stats_update_begin(&rx->statss); if (err == -ENOMEM) rx->rx_skb_alloc_fail++; @@ -993,7 +995,7 @@ int gve_rx_poll_dqo(struct gve_notify_block *block, int budget) /* gve_rx_complete_skb() will consume skb if successful */ if (gve_rx_complete_skb(rx, napi, compl_desc, feat) != 0) { - gve_rx_free_skb(rx); + gve_rx_free_skb(napi, rx); u64_stats_update_begin(&rx->statss); rx->rx_desc_err_dropped_pkt++; u64_stats_update_end(&rx->statss);

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] scsi: mpt3sas: Avoid test/set_bit() operating in" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 4254dfeda82f20844299dca6c38cbffcfd499f41 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061730-impale-expletive-e0db@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 4254dfeda82f ("scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory") ffedeae1fa54 ("scsi: mpt3sas: Gracefully handle online firmware update") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4254dfeda82f20844299dca6c38cbffcfd499f41 Mon Sep 17 00:00:00 2001 From: Breno Leitao <leitao(a)debian.org> Date: Wed, 5 Jun 2024 01:55:29 -0700 Subject: [PATCH] scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory There is a potential out-of-bounds access when using test_bit() on a single word. The test_bit() and set_bit() functions operate on long values, and when testing or setting a single word, they can exceed the word boundary. KASAN detects this issue and produces a dump: BUG: KASAN: slab-out-of-bounds in _scsih_add_device.constprop.0 (./arch/x86/include/asm/bitops.h:60 ./include/asm-generic/bitops/instrumented-atomic.h:29 drivers/scsi/mpt3sas/mpt3sas_scsih.c:7331) mpt3sas Write of size 8 at addr ffff8881d26e3c60 by task kworker/u1536:2/2965 For full log, please look at [1]. Make the allocation at least the size of sizeof(unsigned long) so that set_bit() and test_bit() have sufficient room for read/write operations without overwriting unallocated memory. [1] Link: https://lore.kernel.org/all/ZkNcALr3W3KGYYJG@gmail.com/ Fixes: c696f7b83ede ("scsi: mpt3sas: Implement device_remove_in_progress check in IOCTL path") Cc: stable(a)vger.kernel.org Suggested-by: Keith Busch <kbusch(a)kernel.org> Signed-off-by: Breno Leitao <leitao(a)debian.org> Link: https://lore.kernel.org/r/20240605085530.499432-1-leitao@debian.org Reviewed-by: Keith Busch <kbusch(a)kernel.org> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> diff --git a/drivers/scsi/mpt3sas/mpt3sas_base.c b/drivers/scsi/mpt3sas/mpt3sas_base.c index 258647fc6bdd..1092497563b2 100644 --- a/drivers/scsi/mpt3sas/mpt3sas_base.c +++ b/drivers/scsi/mpt3sas/mpt3sas_base.c @@ -8512,6 +8512,12 @@ mpt3sas_base_attach(struct MPT3SAS_ADAPTER *ioc) ioc->pd_handles_sz = (ioc->facts.MaxDevHandle / 8); if (ioc->facts.MaxDevHandle % 8) ioc->pd_handles_sz++; + /* + * pd_handles_sz should have, at least, the minimal room for + * set_bit()/test_bit(), otherwise out-of-memory touch may occur. + */ + ioc->pd_handles_sz = ALIGN(ioc->pd_handles_sz, sizeof(unsigned long)); + ioc->pd_handles = kzalloc(ioc->pd_handles_sz, GFP_KERNEL); if (!ioc->pd_handles) { @@ -8529,6 +8535,13 @@ mpt3sas_base_attach(struct MPT3SAS_ADAPTER *ioc) ioc->pend_os_device_add_sz = (ioc->facts.MaxDevHandle / 8); if (ioc->facts.MaxDevHandle % 8) ioc->pend_os_device_add_sz++; + + /* + * pend_os_device_add_sz should have, at least, the minimal room for + * set_bit()/test_bit(), otherwise out-of-memory may occur. + */ + ioc->pend_os_device_add_sz = ALIGN(ioc->pend_os_device_add_sz, + sizeof(unsigned long)); ioc->pend_os_device_add = kzalloc(ioc->pend_os_device_add_sz, GFP_KERNEL); if (!ioc->pend_os_device_add) { @@ -8820,6 +8833,12 @@ _base_check_ioc_facts_changes(struct MPT3SAS_ADAPTER *ioc) if (ioc->facts.MaxDevHandle % 8) pd_handles_sz++; + /* + * pd_handles should have, at least, the minimal room for + * set_bit()/test_bit(), otherwise out-of-memory touch may + * occur. + */ + pd_handles_sz = ALIGN(pd_handles_sz, sizeof(unsigned long)); pd_handles = krealloc(ioc->pd_handles, pd_handles_sz, GFP_KERNEL); if (!pd_handles) {

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] xhci: Set correct transferred length for cancelled bulk" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x f0260589b439e2637ad54a2b25f00a516ef28a57 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061736-pretender-account-356c@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: f0260589b439 ("xhci: Set correct transferred length for cancelled bulk transfers") f8f80be501aa ("xhci: Use soft retry to recover faster from transaction errors") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f0260589b439e2637ad54a2b25f00a516ef28a57 Mon Sep 17 00:00:00 2001 From: Mathias Nyman <mathias.nyman(a)linux.intel.com> Date: Tue, 11 Jun 2024 15:06:07 +0300 Subject: [PATCH] xhci: Set correct transferred length for cancelled bulk transfers The transferred length is set incorrectly for cancelled bulk transfer TDs in case the bulk transfer ring stops on the last transfer block with a 'Stop - Length Invalid' completion code. length essentially ends up being set to the requested length: urb->actual_length = urb->transfer_buffer_length Length for 'Stop - Length Invalid' cases should be the sum of all TRB transfer block lengths up to the one the ring stopped on, _excluding_ the one stopped on. Fix this by always summing up TRB lengths for 'Stop - Length Invalid' bulk cases. This issue was discovered by Alan Stern while debugging https://bugzilla.kernel.org/show_bug.cgi?id=218890, but does not solve that bug. Issue is older than 4.10 kernel but fix won't apply to those due to major reworks in that area. Tested-by: Pierre Tomon <pierretom+12(a)ik.me> Cc: stable(a)vger.kernel.org # v4.10+ Cc: Alan Stern <stern(a)rowland.harvard.edu> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Link: https://lore.kernel.org/r/20240611120610.3264502-2-mathias.nyman@linux.inte… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c index 9e90d2952760..1db61bb2b9b5 100644 --- a/drivers/usb/host/xhci-ring.c +++ b/drivers/usb/host/xhci-ring.c @@ -2524,9 +2524,8 @@ static int process_bulk_intr_td(struct xhci_hcd *xhci, struct xhci_virt_ep *ep, goto finish_td; case COMP_STOPPED_LENGTH_INVALID: /* stopped on ep trb with invalid length, exclude it */ - ep_trb_len = 0; - remaining = 0; - break; + td->urb->actual_length = sum_trb_lengths(xhci, ep_ring, ep_trb); + goto finish_td; case COMP_USB_TRANSACTION_ERROR: if (xhci->quirks & XHCI_NO_SOFT_RETRY || (ep->err_count++ > MAX_SOFT_RETRY) ||

1 year, 3 months

1
0
0 0

[PATCH v2] ocfs2: Fix DIO failure due to insufficient transaction credits

by Jan Kara

The code in ocfs2_dio_end_io_write() estimates number of necessary transaction credits using ocfs2_calc_extend_credits(). This however does not take into account that the IO could be arbitrarily large and can contain arbitrary number of extents. Extent tree manipulations do often extend the current transaction but not in all of the cases. For example if we have only single block extents in the tree, ocfs2_mark_extent_written() will end up calling ocfs2_replace_extent_rec() all the time and we will never extend the current transaction and eventually exhaust all the transaction credits if the IO contains many single block extents. Once that happens a WARN_ON(jbd2_handle_buffer_credits(handle) <= 0) is triggered in jbd2_journal_dirty_metadata() and subsequently OCFS2 aborts in response to this error. This was actually triggered by one of our customers on a heavily fragmented OCFS2 filesystem. To fix the issue make sure the transaction always has enough credits for one extent insert before each call of ocfs2_mark_extent_written(). CC: stable(a)vger.kernel.org Fixes: c15471f79506 ("ocfs2: fix sparse file & data ordering issue in direct io") Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Reviewed-by: Heming Zhao <heming.zhao(a)suse.com> Signed-off-by: Jan Kara <jack(a)suse.cz> --- fs/ocfs2/aops.c | 5 +++++ fs/ocfs2/journal.c | 17 +++++++++++++++++ fs/ocfs2/journal.h | 2 ++ fs/ocfs2/ocfs2_trace.h | 2 ++ 4 files changed, 26 insertions(+) Changes since v1: * Added Reviewed-by tags, Fixes tag, CC stable * Updated changelog to describe better the observed issues diff --git a/fs/ocfs2/aops.c b/fs/ocfs2/aops.c index b82185075de7..469143110f31 100644 --- a/fs/ocfs2/aops.c +++ b/fs/ocfs2/aops.c @@ -2368,6 +2368,11 @@ static int ocfs2_dio_end_io_write(struct inode *inode, } list_for_each_entry(ue, &dwc->dw_zero_list, ue_node) { + ret = ocfs2_assure_trans_credits(handle, credits); + if (ret < 0) { + mlog_errno(ret); + break; + } ret = ocfs2_mark_extent_written(inode, &et, handle, ue->ue_cpos, 1, ue->ue_phys, diff --git a/fs/ocfs2/journal.c b/fs/ocfs2/journal.c index 604fea3a26ff..4866d7d3ac57 100644 --- a/fs/ocfs2/journal.c +++ b/fs/ocfs2/journal.c @@ -445,6 +445,23 @@ int ocfs2_extend_trans(handle_t *handle, int nblocks) return status; } +/* + * Make sure handle has at least 'nblocks' credits available. If it does not + * have that many credits available, we will try to extend the handle to have + * enough credits. If that fails, we will restart transaction to have enough + * credits. Similar notes regarding data consistency and locking implications + * as for ocfs2_extend_trans() apply here. + */ +int ocfs2_assure_trans_credits(handle_t *handle, int nblocks) +{ + int old_nblks = jbd2_handle_buffer_credits(handle); + + trace_ocfs2_assure_trans_credits(old_nblks); + if (old_nblks >= nblocks) + return 0; + return ocfs2_extend_trans(handle, nblocks - old_nblks); +} + /* * If we have fewer than thresh credits, extend by OCFS2_MAX_TRANS_DATA. * If that fails, restart the transaction & regain write access for the diff --git a/fs/ocfs2/journal.h b/fs/ocfs2/journal.h index 41c9fe7e62f9..e3c3a35dc5e0 100644 --- a/fs/ocfs2/journal.h +++ b/fs/ocfs2/journal.h @@ -243,6 +243,8 @@ handle_t *ocfs2_start_trans(struct ocfs2_super *osb, int ocfs2_commit_trans(struct ocfs2_super *osb, handle_t *handle); int ocfs2_extend_trans(handle_t *handle, int nblocks); +int ocfs2_assure_trans_credits(handle_t *handle, + int nblocks); int ocfs2_allocate_extend_trans(handle_t *handle, int thresh); diff --git a/fs/ocfs2/ocfs2_trace.h b/fs/ocfs2/ocfs2_trace.h index 9898c11bdfa1..d194d202413d 100644 --- a/fs/ocfs2/ocfs2_trace.h +++ b/fs/ocfs2/ocfs2_trace.h @@ -2577,6 +2577,8 @@ DEFINE_OCFS2_ULL_UINT_EVENT(ocfs2_commit_cache_end); DEFINE_OCFS2_INT_INT_EVENT(ocfs2_extend_trans); +DEFINE_OCFS2_INT_EVENT(ocfs2_assure_trans_credits); + DEFINE_OCFS2_INT_EVENT(ocfs2_extend_trans_restart); DEFINE_OCFS2_INT_INT_EVENT(ocfs2_allocate_extend_trans); -- 2.35.3

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] usb: typec: ucsi: Ack also failed Get Error commands" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 8bdf8a42bca4f47646fd105a387ab6926948c7f1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061724-straw-unwomanly-e822@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 8bdf8a42bca4 ("usb: typec: ucsi: Ack also failed Get Error commands") bdc62f2bae8f ("usb: typec: ucsi: Simplified registration and I/O API") ad74b8649bea ("usb: typec: ucsi: Preliminary support for alternate modes") 81534d5fa973 ("usb: typec: ucsi: Remove debug.h file") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8bdf8a42bca4f47646fd105a387ab6926948c7f1 Mon Sep 17 00:00:00 2001 From: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Date: Fri, 31 May 2024 13:46:52 +0300 Subject: [PATCH] usb: typec: ucsi: Ack also failed Get Error commands It is possible that also the GET_ERROR command fails. If that happens, the command completion still needs to be acknowledged. Otherwise the interface will be stuck until it's reset. Reported-by: Ammy Yi <ammy.yi(a)intel.com> Fixes: bdc62f2bae8f ("usb: typec: ucsi: Simplified registration and I/O API") Cc: stable(a)vger.kernel.org Signed-off-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Link: https://lore.kernel.org/r/20240531104653.1303519-1-heikki.krogerus@linux.in… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/ucsi/ucsi.c b/drivers/usb/typec/ucsi/ucsi.c index cb52e7b0a2c5..2cc7aedd490f 100644 --- a/drivers/usb/typec/ucsi/ucsi.c +++ b/drivers/usb/typec/ucsi/ucsi.c @@ -153,8 +153,13 @@ static int ucsi_exec_command(struct ucsi *ucsi, u64 cmd) } if (cci & UCSI_CCI_ERROR) { - if (cmd == UCSI_GET_ERROR_STATUS) + if (cmd == UCSI_GET_ERROR_STATUS) { + ret = ucsi_acknowledge(ucsi, false); + if (ret) + return ret; + return -EIO; + } return ucsi_read_error(ucsi); }

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] usb: typec: ucsi: Ack also failed Get Error commands" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 8bdf8a42bca4f47646fd105a387ab6926948c7f1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061723-earplugs-grumbling-2745@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 8bdf8a42bca4 ("usb: typec: ucsi: Ack also failed Get Error commands") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8bdf8a42bca4f47646fd105a387ab6926948c7f1 Mon Sep 17 00:00:00 2001 From: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Date: Fri, 31 May 2024 13:46:52 +0300 Subject: [PATCH] usb: typec: ucsi: Ack also failed Get Error commands It is possible that also the GET_ERROR command fails. If that happens, the command completion still needs to be acknowledged. Otherwise the interface will be stuck until it's reset. Reported-by: Ammy Yi <ammy.yi(a)intel.com> Fixes: bdc62f2bae8f ("usb: typec: ucsi: Simplified registration and I/O API") Cc: stable(a)vger.kernel.org Signed-off-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Link: https://lore.kernel.org/r/20240531104653.1303519-1-heikki.krogerus@linux.in… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/ucsi/ucsi.c b/drivers/usb/typec/ucsi/ucsi.c index cb52e7b0a2c5..2cc7aedd490f 100644 --- a/drivers/usb/typec/ucsi/ucsi.c +++ b/drivers/usb/typec/ucsi/ucsi.c @@ -153,8 +153,13 @@ static int ucsi_exec_command(struct ucsi *ucsi, u64 cmd) } if (cci & UCSI_CCI_ERROR) { - if (cmd == UCSI_GET_ERROR_STATUS) + if (cmd == UCSI_GET_ERROR_STATUS) { + ret = ucsi_acknowledge(ucsi, false); + if (ret) + return ret; + return -EIO; + } return ucsi_read_error(ucsi); }

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] usb: typec: ucsi: Ack also failed Get Error commands" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 8bdf8a42bca4f47646fd105a387ab6926948c7f1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061723-sulfate-tuesday-7a6e@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 8bdf8a42bca4 ("usb: typec: ucsi: Ack also failed Get Error commands") bdc62f2bae8f ("usb: typec: ucsi: Simplified registration and I/O API") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8bdf8a42bca4f47646fd105a387ab6926948c7f1 Mon Sep 17 00:00:00 2001 From: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Date: Fri, 31 May 2024 13:46:52 +0300 Subject: [PATCH] usb: typec: ucsi: Ack also failed Get Error commands It is possible that also the GET_ERROR command fails. If that happens, the command completion still needs to be acknowledged. Otherwise the interface will be stuck until it's reset. Reported-by: Ammy Yi <ammy.yi(a)intel.com> Fixes: bdc62f2bae8f ("usb: typec: ucsi: Simplified registration and I/O API") Cc: stable(a)vger.kernel.org Signed-off-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Link: https://lore.kernel.org/r/20240531104653.1303519-1-heikki.krogerus@linux.in… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/ucsi/ucsi.c b/drivers/usb/typec/ucsi/ucsi.c index cb52e7b0a2c5..2cc7aedd490f 100644 --- a/drivers/usb/typec/ucsi/ucsi.c +++ b/drivers/usb/typec/ucsi/ucsi.c @@ -153,8 +153,13 @@ static int ucsi_exec_command(struct ucsi *ucsi, u64 cmd) } if (cci & UCSI_CCI_ERROR) { - if (cmd == UCSI_GET_ERROR_STATUS) + if (cmd == UCSI_GET_ERROR_STATUS) { + ret = ucsi_acknowledge(ucsi, false); + if (ret) + return ret; + return -EIO; + } return ucsi_read_error(ucsi); }

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] usb: typec: ucsi: Ack also failed Get Error commands" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 8bdf8a42bca4f47646fd105a387ab6926948c7f1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061722-surround-richness-1add@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 8bdf8a42bca4 ("usb: typec: ucsi: Ack also failed Get Error commands") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8bdf8a42bca4f47646fd105a387ab6926948c7f1 Mon Sep 17 00:00:00 2001 From: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Date: Fri, 31 May 2024 13:46:52 +0300 Subject: [PATCH] usb: typec: ucsi: Ack also failed Get Error commands It is possible that also the GET_ERROR command fails. If that happens, the command completion still needs to be acknowledged. Otherwise the interface will be stuck until it's reset. Reported-by: Ammy Yi <ammy.yi(a)intel.com> Fixes: bdc62f2bae8f ("usb: typec: ucsi: Simplified registration and I/O API") Cc: stable(a)vger.kernel.org Signed-off-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Link: https://lore.kernel.org/r/20240531104653.1303519-1-heikki.krogerus@linux.in… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/ucsi/ucsi.c b/drivers/usb/typec/ucsi/ucsi.c index cb52e7b0a2c5..2cc7aedd490f 100644 --- a/drivers/usb/typec/ucsi/ucsi.c +++ b/drivers/usb/typec/ucsi/ucsi.c @@ -153,8 +153,13 @@ static int ucsi_exec_command(struct ucsi *ucsi, u64 cmd) } if (cci & UCSI_CCI_ERROR) { - if (cmd == UCSI_GET_ERROR_STATUS) + if (cmd == UCSI_GET_ERROR_STATUS) { + ret = ucsi_acknowledge(ucsi, false); + if (ret) + return ret; + return -EIO; + } return ucsi_read_error(ucsi); }

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] usb: typec: ucsi: Ack also failed Get Error commands" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 8bdf8a42bca4f47646fd105a387ab6926948c7f1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061721-tacking-freckled-03d5@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 8bdf8a42bca4 ("usb: typec: ucsi: Ack also failed Get Error commands") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8bdf8a42bca4f47646fd105a387ab6926948c7f1 Mon Sep 17 00:00:00 2001 From: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Date: Fri, 31 May 2024 13:46:52 +0300 Subject: [PATCH] usb: typec: ucsi: Ack also failed Get Error commands It is possible that also the GET_ERROR command fails. If that happens, the command completion still needs to be acknowledged. Otherwise the interface will be stuck until it's reset. Reported-by: Ammy Yi <ammy.yi(a)intel.com> Fixes: bdc62f2bae8f ("usb: typec: ucsi: Simplified registration and I/O API") Cc: stable(a)vger.kernel.org Signed-off-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Link: https://lore.kernel.org/r/20240531104653.1303519-1-heikki.krogerus@linux.in… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/ucsi/ucsi.c b/drivers/usb/typec/ucsi/ucsi.c index cb52e7b0a2c5..2cc7aedd490f 100644 --- a/drivers/usb/typec/ucsi/ucsi.c +++ b/drivers/usb/typec/ucsi/ucsi.c @@ -153,8 +153,13 @@ static int ucsi_exec_command(struct ucsi *ucsi, u64 cmd) } if (cci & UCSI_CCI_ERROR) { - if (cmd == UCSI_GET_ERROR_STATUS) + if (cmd == UCSI_GET_ERROR_STATUS) { + ret = ucsi_acknowledge(ucsi, false); + if (ret) + return ret; + return -EIO; + } return ucsi_read_error(ucsi); }

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] usb: typec: ucsi: Ack also failed Get Error commands" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 8bdf8a42bca4f47646fd105a387ab6926948c7f1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061721-lankiness-both-b5bd@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 8bdf8a42bca4 ("usb: typec: ucsi: Ack also failed Get Error commands") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8bdf8a42bca4f47646fd105a387ab6926948c7f1 Mon Sep 17 00:00:00 2001 From: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Date: Fri, 31 May 2024 13:46:52 +0300 Subject: [PATCH] usb: typec: ucsi: Ack also failed Get Error commands It is possible that also the GET_ERROR command fails. If that happens, the command completion still needs to be acknowledged. Otherwise the interface will be stuck until it's reset. Reported-by: Ammy Yi <ammy.yi(a)intel.com> Fixes: bdc62f2bae8f ("usb: typec: ucsi: Simplified registration and I/O API") Cc: stable(a)vger.kernel.org Signed-off-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Link: https://lore.kernel.org/r/20240531104653.1303519-1-heikki.krogerus@linux.in… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/ucsi/ucsi.c b/drivers/usb/typec/ucsi/ucsi.c index cb52e7b0a2c5..2cc7aedd490f 100644 --- a/drivers/usb/typec/ucsi/ucsi.c +++ b/drivers/usb/typec/ucsi/ucsi.c @@ -153,8 +153,13 @@ static int ucsi_exec_command(struct ucsi *ucsi, u64 cmd) } if (cci & UCSI_CCI_ERROR) { - if (cmd == UCSI_GET_ERROR_STATUS) + if (cmd == UCSI_GET_ERROR_STATUS) { + ret = ucsi_acknowledge(ucsi, false); + if (ret) + return ret; + return -EIO; + } return ucsi_read_error(ucsi); }

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] usb: typec: ucsi: Ack also failed Get Error commands" failed to apply to 6.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.9.y git checkout FETCH_HEAD git cherry-pick -x 8bdf8a42bca4f47646fd105a387ab6926948c7f1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061720-mahogany-unscathed-d9b3@gregkh' --subject-prefix 'PATCH 6.9.y' HEAD^.. Possible dependencies: 8bdf8a42bca4 ("usb: typec: ucsi: Ack also failed Get Error commands") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8bdf8a42bca4f47646fd105a387ab6926948c7f1 Mon Sep 17 00:00:00 2001 From: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Date: Fri, 31 May 2024 13:46:52 +0300 Subject: [PATCH] usb: typec: ucsi: Ack also failed Get Error commands It is possible that also the GET_ERROR command fails. If that happens, the command completion still needs to be acknowledged. Otherwise the interface will be stuck until it's reset. Reported-by: Ammy Yi <ammy.yi(a)intel.com> Fixes: bdc62f2bae8f ("usb: typec: ucsi: Simplified registration and I/O API") Cc: stable(a)vger.kernel.org Signed-off-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Link: https://lore.kernel.org/r/20240531104653.1303519-1-heikki.krogerus@linux.in… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/ucsi/ucsi.c b/drivers/usb/typec/ucsi/ucsi.c index cb52e7b0a2c5..2cc7aedd490f 100644 --- a/drivers/usb/typec/ucsi/ucsi.c +++ b/drivers/usb/typec/ucsi/ucsi.c @@ -153,8 +153,13 @@ static int ucsi_exec_command(struct ucsi *ucsi, u64 cmd) } if (cci & UCSI_CCI_ERROR) { - if (cmd == UCSI_GET_ERROR_STATUS) + if (cmd == UCSI_GET_ERROR_STATUS) { + ret = ucsi_acknowledge(ucsi, false); + if (ret) + return ret; + return -EIO; + } return ucsi_read_error(ucsi); }

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] serial: 8250_pxa: Configure tx_loadsz to match FIFO IRQ level" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 5208e7ced520a813b4f4774451fbac4e517e78b2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061758-junkyard-thimble-efb0@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 5208e7ced520 ("serial: 8250_pxa: Configure tx_loadsz to match FIFO IRQ level") cc6628f07e0d ("serial: 8250_pxa: Switch to use uart_read_port_properties()") e914072cacb6 ("serial: 8250_pxa: Switch to use platform_get_irq()") 8c6b6ffac367 ("serial: 8250_pxa: avoid autodetecting the port type") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5208e7ced520a813b4f4774451fbac4e517e78b2 Mon Sep 17 00:00:00 2001 From: Doug Brown <doug(a)schmorgal.com> Date: Sun, 19 May 2024 12:19:30 -0700 Subject: [PATCH] serial: 8250_pxa: Configure tx_loadsz to match FIFO IRQ level The FIFO is 64 bytes, but the FCR is configured to fire the TX interrupt when the FIFO is half empty (bit 3 = 0). Thus, we should only write 32 bytes when a TX interrupt occurs. This fixes a problem observed on the PXA168 that dropped a bunch of TX bytes during large transmissions. Fixes: ab28f51c77cd ("serial: rewrite pxa2xx-uart to use 8250_core") Signed-off-by: Doug Brown <doug(a)schmorgal.com> Link: https://lore.kernel.org/r/20240519191929.122202-1-doug@schmorgal.com Cc: stable <stable(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/8250/8250_pxa.c b/drivers/tty/serial/8250/8250_pxa.c index f1a51b00b1b9..ba96fa913e7f 100644 --- a/drivers/tty/serial/8250/8250_pxa.c +++ b/drivers/tty/serial/8250/8250_pxa.c @@ -125,6 +125,7 @@ static int serial_pxa_probe(struct platform_device *pdev) uart.port.iotype = UPIO_MEM32; uart.port.regshift = 2; uart.port.fifosize = 64; + uart.tx_loadsz = 32; uart.dl_write = serial_pxa_dl_write; ret = serial8250_register_8250_port(&uart);

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] serial: 8250_pxa: Configure tx_loadsz to match FIFO IRQ level" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 5208e7ced520a813b4f4774451fbac4e517e78b2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061757-herbal-passenger-4878@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 5208e7ced520 ("serial: 8250_pxa: Configure tx_loadsz to match FIFO IRQ level") cc6628f07e0d ("serial: 8250_pxa: Switch to use uart_read_port_properties()") e914072cacb6 ("serial: 8250_pxa: Switch to use platform_get_irq()") 8c6b6ffac367 ("serial: 8250_pxa: avoid autodetecting the port type") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5208e7ced520a813b4f4774451fbac4e517e78b2 Mon Sep 17 00:00:00 2001 From: Doug Brown <doug(a)schmorgal.com> Date: Sun, 19 May 2024 12:19:30 -0700 Subject: [PATCH] serial: 8250_pxa: Configure tx_loadsz to match FIFO IRQ level The FIFO is 64 bytes, but the FCR is configured to fire the TX interrupt when the FIFO is half empty (bit 3 = 0). Thus, we should only write 32 bytes when a TX interrupt occurs. This fixes a problem observed on the PXA168 that dropped a bunch of TX bytes during large transmissions. Fixes: ab28f51c77cd ("serial: rewrite pxa2xx-uart to use 8250_core") Signed-off-by: Doug Brown <doug(a)schmorgal.com> Link: https://lore.kernel.org/r/20240519191929.122202-1-doug@schmorgal.com Cc: stable <stable(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/8250/8250_pxa.c b/drivers/tty/serial/8250/8250_pxa.c index f1a51b00b1b9..ba96fa913e7f 100644 --- a/drivers/tty/serial/8250/8250_pxa.c +++ b/drivers/tty/serial/8250/8250_pxa.c @@ -125,6 +125,7 @@ static int serial_pxa_probe(struct platform_device *pdev) uart.port.iotype = UPIO_MEM32; uart.port.regshift = 2; uart.port.fifosize = 64; + uart.tx_loadsz = 32; uart.dl_write = serial_pxa_dl_write; ret = serial8250_register_8250_port(&uart);

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] usb: typec: tcpm: Ignore received Hard Reset in TOGGLING" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x fc8fb9eea94d8f476e15f3a4a7addeb16b3b99d6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061758-simplify-keg-8ee4@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: fc8fb9eea94d ("usb: typec: tcpm: Ignore received Hard Reset in TOGGLING state") a6fe37f428c1 ("usb: typec: tcpm: Skip hard reset when in error recovery") 0908c5aca31e ("usb: typec: tcpm: AMS and Collision Avoidance") f321a02caebd ("usb: typec: tcpm: Implement enabling Auto Discharge disconnect support") a30a00e37ceb ("usb: typec: tcpm: frs sourcing vbus callback") 8dc4bd073663 ("usb: typec: tcpm: Add support for Sink Fast Role SWAP(FRS)") 3ed8e1c2ac99 ("usb: typec: tcpm: Migrate workqueue to RT priority for processing events") aefc66afe42b ("usb: typec: pd: Fix formatting in pd.h header") 6bbe2a90a0bb ("usb: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart") 95b4d51c96a8 ("usb: typec: tcpm: Refactor tcpm_handle_vdm_request") 8afe9a3548f9 ("usb: typec: tcpm: Refactor tcpm_handle_vdm_request payload handling") 03eafcfb60c0 ("usb: typec: tcpm: Add tcpm_queue_vdm_unlocked() helper") 5f2b8d87bca5 ("usb: typec: tcpm: Move mod_delayed_work(&port->vdm_state_machine) call into tcpm_queue_vdm()") 6e1c2241f4ce ("usb: typec: tcpm: Stay in BIST mode till hardreset or unattached") b2dcfefc43f7 ("usb: typec: tcpm: Support bist test data mode for compliance") 901789745a05 ("usb: typec: tcpm: Ignore CC and vbus changes in PORT_RESET change") 6ecc632d4b35 ("usb: typec: tcpm: set correct data role for non-DRD") 8face9aa57c8 ("usb: typec: Add parameter for the VDO to typec_altmode_enter()") a079973f462a ("usb: typec: tcpm: Remove tcpc_config configuration mechanism") 00ec21e58dc6 ("usb: typec: tcpm: Start using struct typec_operations") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fc8fb9eea94d8f476e15f3a4a7addeb16b3b99d6 Mon Sep 17 00:00:00 2001 From: Kyle Tso <kyletso(a)google.com> Date: Mon, 20 May 2024 23:48:58 +0800 Subject: [PATCH] usb: typec: tcpm: Ignore received Hard Reset in TOGGLING state Similar to what fixed in Commit a6fe37f428c1 ("usb: typec: tcpm: Skip hard reset when in error recovery"), the handling of the received Hard Reset has to be skipped during TOGGLING state. [ 4086.021288] VBUS off [ 4086.021295] pending state change SNK_READY -> SNK_UNATTACHED @ 650 ms [rev2 NONE_AMS] [ 4086.022113] VBUS VSAFE0V [ 4086.022117] state change SNK_READY -> SNK_UNATTACHED [rev2 NONE_AMS] [ 4086.022447] VBUS off [ 4086.022450] state change SNK_UNATTACHED -> SNK_UNATTACHED [rev2 NONE_AMS] [ 4086.023060] VBUS VSAFE0V [ 4086.023064] state change SNK_UNATTACHED -> SNK_UNATTACHED [rev2 NONE_AMS] [ 4086.023070] disable BIST MODE TESTDATA [ 4086.023766] disable vbus discharge ret:0 [ 4086.023911] Setting usb_comm capable false [ 4086.028874] Setting voltage/current limit 0 mV 0 mA [ 4086.028888] polarity 0 [ 4086.030305] Requesting mux state 0, usb-role 0, orientation 0 [ 4086.033539] Start toggling [ 4086.038496] state change SNK_UNATTACHED -> TOGGLING [rev2 NONE_AMS] // This Hard Reset is unexpected [ 4086.038499] Received hard reset [ 4086.038501] state change TOGGLING -> HARD_RESET_START [rev2 HARD_RESET] Fixes: f0690a25a140 ("staging: typec: USB Type-C Port Manager (tcpm)") Cc: stable(a)vger.kernel.org Signed-off-by: Kyle Tso <kyletso(a)google.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20240520154858.1072347-1-kyletso@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index be4127ef84e9..5d4da962acc8 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -6174,6 +6174,7 @@ static void _tcpm_pd_hard_reset(struct tcpm_port *port) port->tcpc->set_bist_data(port->tcpc, false); switch (port->state) { + case TOGGLING: case ERROR_RECOVERY: case PORT_RESET: case PORT_RESET_WAIT_OFF:

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] usb: typec: tcpm: Ignore received Hard Reset in TOGGLING" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x fc8fb9eea94d8f476e15f3a4a7addeb16b3b99d6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061757-fading-defender-6d0a@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: fc8fb9eea94d ("usb: typec: tcpm: Ignore received Hard Reset in TOGGLING state") a6fe37f428c1 ("usb: typec: tcpm: Skip hard reset when in error recovery") 0908c5aca31e ("usb: typec: tcpm: AMS and Collision Avoidance") f321a02caebd ("usb: typec: tcpm: Implement enabling Auto Discharge disconnect support") a30a00e37ceb ("usb: typec: tcpm: frs sourcing vbus callback") 8dc4bd073663 ("usb: typec: tcpm: Add support for Sink Fast Role SWAP(FRS)") 3ed8e1c2ac99 ("usb: typec: tcpm: Migrate workqueue to RT priority for processing events") aefc66afe42b ("usb: typec: pd: Fix formatting in pd.h header") 6bbe2a90a0bb ("usb: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart") 95b4d51c96a8 ("usb: typec: tcpm: Refactor tcpm_handle_vdm_request") 8afe9a3548f9 ("usb: typec: tcpm: Refactor tcpm_handle_vdm_request payload handling") 03eafcfb60c0 ("usb: typec: tcpm: Add tcpm_queue_vdm_unlocked() helper") 5f2b8d87bca5 ("usb: typec: tcpm: Move mod_delayed_work(&port->vdm_state_machine) call into tcpm_queue_vdm()") 6e1c2241f4ce ("usb: typec: tcpm: Stay in BIST mode till hardreset or unattached") b2dcfefc43f7 ("usb: typec: tcpm: Support bist test data mode for compliance") 901789745a05 ("usb: typec: tcpm: Ignore CC and vbus changes in PORT_RESET change") 6ecc632d4b35 ("usb: typec: tcpm: set correct data role for non-DRD") 8face9aa57c8 ("usb: typec: Add parameter for the VDO to typec_altmode_enter()") a079973f462a ("usb: typec: tcpm: Remove tcpc_config configuration mechanism") 00ec21e58dc6 ("usb: typec: tcpm: Start using struct typec_operations") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fc8fb9eea94d8f476e15f3a4a7addeb16b3b99d6 Mon Sep 17 00:00:00 2001 From: Kyle Tso <kyletso(a)google.com> Date: Mon, 20 May 2024 23:48:58 +0800 Subject: [PATCH] usb: typec: tcpm: Ignore received Hard Reset in TOGGLING state Similar to what fixed in Commit a6fe37f428c1 ("usb: typec: tcpm: Skip hard reset when in error recovery"), the handling of the received Hard Reset has to be skipped during TOGGLING state. [ 4086.021288] VBUS off [ 4086.021295] pending state change SNK_READY -> SNK_UNATTACHED @ 650 ms [rev2 NONE_AMS] [ 4086.022113] VBUS VSAFE0V [ 4086.022117] state change SNK_READY -> SNK_UNATTACHED [rev2 NONE_AMS] [ 4086.022447] VBUS off [ 4086.022450] state change SNK_UNATTACHED -> SNK_UNATTACHED [rev2 NONE_AMS] [ 4086.023060] VBUS VSAFE0V [ 4086.023064] state change SNK_UNATTACHED -> SNK_UNATTACHED [rev2 NONE_AMS] [ 4086.023070] disable BIST MODE TESTDATA [ 4086.023766] disable vbus discharge ret:0 [ 4086.023911] Setting usb_comm capable false [ 4086.028874] Setting voltage/current limit 0 mV 0 mA [ 4086.028888] polarity 0 [ 4086.030305] Requesting mux state 0, usb-role 0, orientation 0 [ 4086.033539] Start toggling [ 4086.038496] state change SNK_UNATTACHED -> TOGGLING [rev2 NONE_AMS] // This Hard Reset is unexpected [ 4086.038499] Received hard reset [ 4086.038501] state change TOGGLING -> HARD_RESET_START [rev2 HARD_RESET] Fixes: f0690a25a140 ("staging: typec: USB Type-C Port Manager (tcpm)") Cc: stable(a)vger.kernel.org Signed-off-by: Kyle Tso <kyletso(a)google.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20240520154858.1072347-1-kyletso@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index be4127ef84e9..5d4da962acc8 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -6174,6 +6174,7 @@ static void _tcpm_pd_hard_reset(struct tcpm_port *port) port->tcpc->set_bist_data(port->tcpc, false); switch (port->state) { + case TOGGLING: case ERROR_RECOVERY: case PORT_RESET: case PORT_RESET_WAIT_OFF:

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] usb: typec: tcpm: Ignore received Hard Reset in TOGGLING" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x fc8fb9eea94d8f476e15f3a4a7addeb16b3b99d6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061756-glance-estate-894f@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: fc8fb9eea94d ("usb: typec: tcpm: Ignore received Hard Reset in TOGGLING state") a6fe37f428c1 ("usb: typec: tcpm: Skip hard reset when in error recovery") 0908c5aca31e ("usb: typec: tcpm: AMS and Collision Avoidance") f321a02caebd ("usb: typec: tcpm: Implement enabling Auto Discharge disconnect support") a30a00e37ceb ("usb: typec: tcpm: frs sourcing vbus callback") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fc8fb9eea94d8f476e15f3a4a7addeb16b3b99d6 Mon Sep 17 00:00:00 2001 From: Kyle Tso <kyletso(a)google.com> Date: Mon, 20 May 2024 23:48:58 +0800 Subject: [PATCH] usb: typec: tcpm: Ignore received Hard Reset in TOGGLING state Similar to what fixed in Commit a6fe37f428c1 ("usb: typec: tcpm: Skip hard reset when in error recovery"), the handling of the received Hard Reset has to be skipped during TOGGLING state. [ 4086.021288] VBUS off [ 4086.021295] pending state change SNK_READY -> SNK_UNATTACHED @ 650 ms [rev2 NONE_AMS] [ 4086.022113] VBUS VSAFE0V [ 4086.022117] state change SNK_READY -> SNK_UNATTACHED [rev2 NONE_AMS] [ 4086.022447] VBUS off [ 4086.022450] state change SNK_UNATTACHED -> SNK_UNATTACHED [rev2 NONE_AMS] [ 4086.023060] VBUS VSAFE0V [ 4086.023064] state change SNK_UNATTACHED -> SNK_UNATTACHED [rev2 NONE_AMS] [ 4086.023070] disable BIST MODE TESTDATA [ 4086.023766] disable vbus discharge ret:0 [ 4086.023911] Setting usb_comm capable false [ 4086.028874] Setting voltage/current limit 0 mV 0 mA [ 4086.028888] polarity 0 [ 4086.030305] Requesting mux state 0, usb-role 0, orientation 0 [ 4086.033539] Start toggling [ 4086.038496] state change SNK_UNATTACHED -> TOGGLING [rev2 NONE_AMS] // This Hard Reset is unexpected [ 4086.038499] Received hard reset [ 4086.038501] state change TOGGLING -> HARD_RESET_START [rev2 HARD_RESET] Fixes: f0690a25a140 ("staging: typec: USB Type-C Port Manager (tcpm)") Cc: stable(a)vger.kernel.org Signed-off-by: Kyle Tso <kyletso(a)google.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20240520154858.1072347-1-kyletso@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index be4127ef84e9..5d4da962acc8 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -6174,6 +6174,7 @@ static void _tcpm_pd_hard_reset(struct tcpm_port *port) port->tcpc->set_bist_data(port->tcpc, false); switch (port->state) { + case TOGGLING: case ERROR_RECOVERY: case PORT_RESET: case PORT_RESET_WAIT_OFF:

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] io_uring: check for non-NULL file pointer in" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 5fc16fa5f13b3c06fdb959ef262050bd810416a2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061319-avenue-nutlike-03f6@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 5fc16fa5f13b ("io_uring: check for non-NULL file pointer in io_file_can_poll()") 95041b93e90a ("io_uring: add io_file_can_poll() helper") 521223d7c229 ("io_uring/cancel: don't default to setting req->work.cancel_seq") 4bcb982cce74 ("io_uring: expand main struct io_kiocb flags to 64-bits") 595e52284d24 ("io_uring/poll: don't enable lazy wake for POLLEXCLUSIVE") 4de520f1fcef ("Merge tag 'io_uring-futex-2023-10-30' of git://git.kernel.dk/linux") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5fc16fa5f13b3c06fdb959ef262050bd810416a2 Mon Sep 17 00:00:00 2001 From: Jens Axboe <axboe(a)kernel.dk> Date: Sat, 1 Jun 2024 12:25:35 -0600 Subject: [PATCH] io_uring: check for non-NULL file pointer in io_file_can_poll() In earlier kernels, it was possible to trigger a NULL pointer dereference off the forced async preparation path, if no file had been assigned. The trace leading to that looks as follows: BUG: kernel NULL pointer dereference, address: 00000000000000b0 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP CPU: 67 PID: 1633 Comm: buf-ring-invali Not tainted 6.8.0-rc3+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS unknown 2/2/2022 RIP: 0010:io_buffer_select+0xc3/0x210 Code: 00 00 48 39 d1 0f 82 ae 00 00 00 48 81 4b 48 00 00 01 00 48 89 73 70 0f b7 50 0c 66 89 53 42 85 ed 0f 85 d2 00 00 00 48 8b 13 <48> 8b 92 b0 00 00 00 48 83 7a 40 00 0f 84 21 01 00 00 4c 8b 20 5b RSP: 0018:ffffb7bec38c7d88 EFLAGS: 00010246 RAX: ffff97af2be61000 RBX: ffff97af234f1700 RCX: 0000000000000040 RDX: 0000000000000000 RSI: ffff97aecfb04820 RDI: ffff97af234f1700 RBP: 0000000000000000 R08: 0000000000200030 R09: 0000000000000020 R10: ffffb7bec38c7dc8 R11: 000000000000c000 R12: ffffb7bec38c7db8 R13: ffff97aecfb05800 R14: ffff97aecfb05800 R15: ffff97af2be5e000 FS: 00007f852f74b740(0000) GS:ffff97b1eeec0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000b0 CR3: 000000016deab005 CR4: 0000000000370ef0 Call Trace: <TASK> ? __die+0x1f/0x60 ? page_fault_oops+0x14d/0x420 ? do_user_addr_fault+0x61/0x6a0 ? exc_page_fault+0x6c/0x150 ? asm_exc_page_fault+0x22/0x30 ? io_buffer_select+0xc3/0x210 __io_import_iovec+0xb5/0x120 io_readv_prep_async+0x36/0x70 io_queue_sqe_fallback+0x20/0x260 io_submit_sqes+0x314/0x630 __do_sys_io_uring_enter+0x339/0xbc0 ? __do_sys_io_uring_register+0x11b/0xc50 ? vm_mmap_pgoff+0xce/0x160 do_syscall_64+0x5f/0x180 entry_SYSCALL_64_after_hwframe+0x46/0x4e RIP: 0033:0x55e0a110a67e Code: ba cc 00 00 00 45 31 c0 44 0f b6 92 d0 00 00 00 31 d2 41 b9 08 00 00 00 41 83 e2 01 41 c1 e2 04 41 09 c2 b8 aa 01 00 00 0f 05 <c3> 90 89 30 eb a9 0f 1f 40 00 48 8b 42 20 8b 00 a8 06 75 af 85 f6 because the request is marked forced ASYNC and has a bad file fd, and hence takes the forced async prep path. Current kernels with the request async prep cleaned up can no longer hit this issue, but for ease of backporting, let's add this safety check in here too as it really doesn't hurt. For both cases, this will inevitably end with a CQE posted with -EBADF. Cc: stable(a)vger.kernel.org Fixes: a76c0b31eef5 ("io_uring: commit non-pollable provided mapped buffers upfront") Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/io_uring/io_uring.h b/io_uring/io_uring.h index 624ca9076a50..726e6367af4d 100644 --- a/io_uring/io_uring.h +++ b/io_uring/io_uring.h @@ -433,7 +433,7 @@ static inline bool io_file_can_poll(struct io_kiocb *req) { if (req->flags & REQ_F_CAN_POLL) return true; - if (file_can_poll(req->file)) { + if (req->file && file_can_poll(req->file)) { req->flags |= REQ_F_CAN_POLL; return true; }

1 year, 3 months

3
2
0 0

[PATCH] drm/i915/mso: using joiner is not possible with eDP MSO

by Jani Nikula

It's not possible to use the joiner at the same time with eDP MSO. When a panel needs MSO, it's not optional, so MSO trumps joiner. v3: Only change intel_dp_has_joiner(), leave debugfs alone (Ville) Cc: stable(a)vger.kernel.org Cc: Ville Syrjala <ville.syrjala(a)linux.intel.com> Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/1668 Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> --- Just the minimal fix for starters to move things along. --- drivers/gpu/drm/i915/display/intel_dp.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/gpu/drm/i915/display/intel_dp.c b/drivers/gpu/drm/i915/display/intel_dp.c index 9a9bb0f5b7fe..ab33c9de393a 100644 --- a/drivers/gpu/drm/i915/display/intel_dp.c +++ b/drivers/gpu/drm/i915/display/intel_dp.c @@ -465,6 +465,10 @@ bool intel_dp_has_joiner(struct intel_dp *intel_dp) struct intel_encoder *encoder = &intel_dig_port->base; struct drm_i915_private *dev_priv = to_i915(encoder->base.dev); + /* eDP MSO is not compatible with joiner */ + if (intel_dp->mso_link_count) + return false; + return DISPLAY_VER(dev_priv) >= 12 || (DISPLAY_VER(dev_priv) == 11 && encoder->port != PORT_A); -- 2.39.2

1 year, 3 months

2
2
0 0

[PATCH 5.15 000/402] 5.15.161-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.161 release. There are 402 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 15 Jun 2024 11:31:50 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.161-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.161-rc1 Neil Armstrong <neil.armstrong(a)linaro.org> scsi: ufs: ufs-qcom: Clear qunipro_g4_sel for HW major version > 5 Anna Schumaker <Anna.Schumaker(a)Netapp.com> NFS: Fix READ_PLUS when server doesn't support OP_READ_PLUS Sergey Shtylyov <s.shtylyov(a)omp.ru> nfs: fix undefined behavior in nfs_block_bits() Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> EDAC/igen6: Convert PCIBIOS_* return codes to errnos Frank Li <Frank.Li(a)nxp.com> i3c: master: svc: fix invalidate IBI type and miss call client IBI handler Harald Freudenberger <freude(a)linux.ibm.com> s390/cpacf: Make use of invalid opcode produce a link error Harald Freudenberger <freude(a)linux.ibm.com> s390/cpacf: Split and rework cpacf query functions Harald Freudenberger <freude(a)linux.ibm.com> s390/ap: Fix crash in AP internal function modify_bitmap() Baokun Li <libaokun1(a)huawei.com> ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() Baokun Li <libaokun1(a)huawei.com> ext4: set type of ac_groups_linear_remaining to __u32 to avoid overflow Mike Gilbert <floppym(a)gentoo.org> sparc: move struct termio to asm/termios.h Eric Dumazet <edumazet(a)google.com> net: fix __dst_negative_advice() race Daniel Thompson <daniel.thompson(a)linaro.org> kdb: Use format-specifiers rather than memset() for padding in kdb_read() Daniel Thompson <daniel.thompson(a)linaro.org> kdb: Merge identical case statements in kdb_read() Daniel Thompson <daniel.thompson(a)linaro.org> kdb: Fix console handling when editing and tab-completing commands Daniel Thompson <daniel.thompson(a)linaro.org> kdb: Use format-strings rather than '\0' injection in kdb_read() Daniel Thompson <daniel.thompson(a)linaro.org> kdb: Fix buffer overflow during tab-complete Judith Mendez <jm(a)ti.com> watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a safety margin Sam Ravnborg <sam(a)ravnborg.org> sparc64: Fix number of online CPUs Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Meteor Lake-S CPU support Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> net/9p: fix uninit-value in p9_client_rpc() xu xin <xu.xin16(a)zte.com.cn> net/ipv6: Fix route deleting failure when metric equals 0 Herbert Xu <herbert(a)gondor.apana.org.au> crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak Vitaly Chikunov <vt(a)altlinux.org> crypto: ecrdsa - Fix module auto-load on add_key Stefan Berger <stefanb(a)linux.ibm.com> crypto: ecdsa - Fix module auto-load on add-key Marc Zyngier <maz(a)kernel.org> KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode Marc Zyngier <maz(a)kernel.org> KVM: arm64: Fix AArch32 register narrowing on userspace write Li Ma <li.ma(a)amd.com> drm/amdgpu/atomfirmware: add intergrated info v2.3 table Cai Xinchen <caixinchen1(a)huawei.com> fbdev: savage: Handle err return when savagefb_check_var failed Hans de Goede <hdegoede(a)redhat.com> mmc: sdhci-acpi: Disable write protect detection on Toshiba WT10-A Hans de Goede <hdegoede(a)redhat.com> mmc: sdhci-acpi: Fix Lenovo Yoga Tablet 2 Pro 1380 sdcard slot not working Hans de Goede <hdegoede(a)redhat.com> mmc: sdhci-acpi: Sort DMI quirks alphabetically Hans de Goede <hdegoede(a)redhat.com> mmc: core: Add mmc_gpiod_set_cd_config() function Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: v4l2-core: hold videodev_lock until dev reg, finishes Nathan Chancellor <nathan(a)kernel.org> media: mxl5xx: Move xpt structures off stack Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: mc: mark the media devnode as registered from the, start Yang Xiwen <forbidden405(a)outlook.com> arm64: dts: hi3798cv200: fix the size of GICR Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtlwifi: rtl8192de: Fix endianness issue in RX path Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtlwifi: rtl8192de: Fix low speed with WPA3-SAE Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU Yu Kuai <yukuai3(a)huawei.com> md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: qcs404: fix bluetooth device address Krzysztof Kozlowski <krzk(a)kernel.org> arm64: tegra: Correct Tegra132 I2C alias Christoffer Sandberg <cs(a)tuxedo.de> ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx Maulik Shah <quic_mkshah(a)quicinc.com> soc: qcom: rpmh-rsc: Enhance check for VRM in-flight request Konrad Dybcio <konrad.dybcio(a)linaro.org> thermal/drivers/qcom/lmh: Check for SCM availability at probe Sergey Shtylyov <s.shtylyov(a)omp.ru> ata: pata_legacy: make legacy_exit() work again Bob Zhou <bob.zhou(a)amd.com> drm/amdgpu: add error handle to avoid out-of-bounds Zheyu Ma <zheyuma97(a)gmail.com> media: lgdt3306a: Add a check against null-pointer-def Chao Yu <chao(a)kernel.org> f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() NeilBrown <neilb(a)suse.de> sunrpc: exclude from freezer when waiting for requests: Florian Fainelli <florian.fainelli(a)broadcom.com> scripts/gdb: fix SB_* constants parsing Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: tag_sja1105: always prefer source port information from INCL_SRCPT Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: sja1105: always enable the INCL_SRCPT option Daniel Borkmann <daniel(a)iogearbox.net> vxlan: Fix regression when dropping packets due to invalid src addresses Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: fix full TCP keep-alive support Armin Wolf <W_Armin(a)gmx.de> Revert "drm/amdgpu: init iommu after amdkfd device init" Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix use-after-free of timer for log writer thread Marc Dionne <marc.dionne(a)auristor.com> afs: Don't cross .backup mountpoint from backup volume Ming Lei <ming.lei(a)redhat.com> io_uring: fail NOP if non-zero op flags is passed in Jorge Ramirez-Ortiz <jorge(a)foundries.io> mmc: core: Do not force a retune before RPMB switch Shradha Gupta <shradhagupta(a)linux.microsoft.com> drm: Check polling initialized before enabling in drm_helper_probe_single_connector_modes Shradha Gupta <shradhagupta(a)linux.microsoft.com> drm: Check output polling initialized before disabling Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Fix loop termination condition in gss_free_in_token_pages() Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: cec: core: add adap_nb_transmit_canceled() callback David Arinzon <darinzon(a)amazon.com> net: ena: Fix DMA syncing in XDP path when SWIOTLB is on Dongli Zhang <dongli.zhang(a)oracle.com> genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline Gerd Hoffmann <kraxel(a)redhat.com> KVM: x86: Don't advertise guest.MAXPHYADDR as host.MAXPHYADDR in CPUID Takashi Iwai <tiwai(a)suse.de> ALSA: timer: Set lower bound of start tick time Guenter Roeck <linux(a)roeck-us.net> hwmon: (shtc1) Fix property misspelling Yue Haibing <yuehaibing(a)huawei.com> ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound Shay Agroskin <shayagr(a)amazon.com> net: ena: Fix redundant device NUMA node override David Arinzon <darinzon(a)amazon.com> net: ena: Reduce lines with longer column width boundary David Arinzon <darinzon(a)amazon.com> net: ena: Add dynamic recycling mechanism for rx buffers Hyeonggon Yoo <42.hyeyoo(a)gmail.com> net: ena: Do not waste napi skb cache Arthur Kiyanovski <akiyano(a)amazon.com> net: ena: Extract recurring driver reset code into a function Arthur Kiyanovski <akiyano(a)amazon.com> net: ena: Add capabilities field with support for ENI stats capability Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> spi: stm32: Don't warn about spurious interrupts Masahiro Yamada <masahiroy(a)kernel.org> kconfig: fix comparison to constant symbols, 'm', 'n' Florian Westphal <fw(a)strlen.de> netfilter: tproxy: bail out if IP has been disabled on the device Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_payload: skbuff vlan metadata mangle support Florian Westphal <fw(a)strlen.de> netfilter: nft_payload: rebuild vlan header on h_proto access Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_payload: rebuild vlan header when needed Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_payload: move struct nft_payload_set definition where it belongs Xiaolei Wang <xiaolei.wang(a)windriver.com> net:fec: Add fec_enet_deinit() Jakub Sitnicki <jakub(a)cloudflare.com> bpf: Allow delete from sockmap/sockhash only if update is allowed Parthiban Veerasooran <Parthiban.Veerasooran(a)microchip.com> net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM Roded Zats <rzats(a)paloaltonetworks.com> enic: Validate length of nl attributes in enic_set_vf_port Friedrich Vock <friedrich.vock(a)gmx.de> bpf: Fix potential integer overflow in resolve_btfids Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> dma-buf/sw-sync: don't enable IRQ from sync_print_obj() Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion Rahul Rameshbabu <rrameshbabu(a)nvidia.com> net/mlx5e: Fix IPsec tunnel mode offload feature check Mathieu Othacehe <othacehe(a)gnu.org> net: phy: micrel: set soft_reset callback to genphy_soft_reset for KSZ8061 Sagi Grimberg <sagi(a)grimberg.me> nvmet: fix ns enable/disable possible hang Fedor Pchelkin <pchelkin(a)ispras.ru> dma-mapping: benchmark: handle NUMA_NO_NODE correctly Fedor Pchelkin <pchelkin(a)ispras.ru> dma-mapping: benchmark: fix node id validation Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> spi: Don't mark message DMA mapped when no transfer in it is Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_payload: restore vlan q-in-q match support Eric Dumazet <edumazet(a)google.com> netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() Larysa Zaremba <larysa.zaremba(a)intel.com> ice: Interpret .set_channels() input differently Ryosuke Yasuoka <ryasuoka(a)redhat.com> nfc: nci: Fix handling of zero-length payload packets in nci_rx_work() Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> nfc: nci: Fix kcov check in nci_rx_work() Dae R. Jeong <threeearcat(a)gmail.com> tls: fix missing memory barrier in tls_init Wei Fang <wei.fang(a)nxp.com> net: fec: avoid lock evasion when reading pps_enable Matthew Bystrin <dev.mbstr(a)gmail.com> riscv: stacktrace: fixed walk_stackframe() Guo Ren <guoren(a)linux.alibaba.com> riscv: stacktrace: Make walk_stackframe cross pt_regs frame Jiri Pirko <jiri(a)nvidia.com> virtio: delete vq in vp_find_vqs_msix() when request_irq() fails Jiangfeng Xiao <xiaojiangfeng(a)huawei.com> arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY Aaron Conole <aconole(a)redhat.com> openvswitch: Set the skbuff pkt_type for proper pmtud support. Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). Hangbin Liu <liuhangbin(a)gmail.com> ipv6: sr: fix memleak in seg6_hmac_init_algo Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Update unix_sk(sk)->oob_skb under sk_receive_queue lock. Dan Aloni <dan.aloni(a)vastdata.com> rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL Dan Aloni <dan.aloni(a)vastdata.com> sunrpc: fix NFSACL RPC retry on soft mount Benjamin Coddington <bcodding(a)redhat.com> NFSv4: Fixup smatch warning for ambiguous return Shenghao Ding <shenghao-ding(a)ti.com> ASoC: tas2552: Add TX path for capturing AUDIO-OUT data Ryosuke Yasuoka <ryasuoka(a)redhat.com> nfc: nci: Fix uninit-value in nci_rx_work Andrea Mayer <andrea.mayer(a)uniroma2.it> ipv6: sr: fix missing sk_buff release in seg6_input_core Florian Fainelli <florian.fainelli(a)broadcom.com> net: Always descend into dsa/ folder with CONFIG_NET_DSA enabled Masahiro Yamada <masahiroy(a)kernel.org> x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when UNWINDER_FRAME_POINTER=y Matti Vaittinen <mazziesaccount(a)gmail.com> regulator: bd71828: Don't overwrite runtime voltages Hsin-Te Yuan <yuanhsinte(a)chromium.org> ASoC: mediatek: mt8192: fix register configuration for tdm Zhu Yanjun <yanjun.zhu(a)linux.dev> null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: cec: core: avoid confusing "transmit timed out" message Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: cec: core: avoid recursive cec_claim_log_addrs Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: cec-adap.c: drop activate_cnt, use state info instead Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: cec: use call_op and check for !unregistered Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: cec: correctly pass on reply results Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: cec: abort if the current transmit was canceled Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: cec: call enable_adap on s_log_addrs Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: cec: cec-api: add locking in cec_release() Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: cec: cec-adap: always cancel work in cec_transmit_msg_fh Tiwei Bie <tiwei.btw(a)antgroup.com> um: Fix the -Wmissing-prototypes warning for __switch_mm Shrikanth Hegde <sshegde(a)linux.ibm.com> powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp Dongliang Mu <mudongliangabcd(a)gmail.com> media: flexcop-usb: fix sanity check of bNumEndpoints Johan Hovold <johan(a)kernel.org> media: flexcop-usb: clean up endpoint sanity checks Marek Szyprowski <m.szyprowski(a)samsung.com> Input: cyapa - add missing input core locking to suspend/resume functions Azeem Shaikh <azeemshaikh38(a)gmail.com> scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() Dan Carpenter <dan.carpenter(a)linaro.org> media: stk1160: fix bounds checking in stk1160_copy_video() Michael Walle <mwalle(a)kernel.org> drm/bridge: tc358775: fix support for jeida-18 and jeida-24 Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Use variable length array instead of fixed size Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Use 64 bit variable to avoid 32 bit overflow Johannes Berg <johannes.berg(a)intel.com> um: vector: fix bpfflash parameter evaluation Roberto Sassu <roberto.sassu(a)huawei.com> um: Add winch to winch_handlers before registering winch IRQ Duoming Zhou <duoming(a)zju.edu.cn> um: Fix return value in ubd_init() Marijn Suijten <marijn.suijten(a)somainline.org> drm/msm/dpu: Always flush the slave INTF on the CTL Marijn Suijten <marijn.suijten(a)somainline.org> drm/msm/dsi: Print dual-DSI-adjusted pclk instead of original mode pclk Fenglin Wu <quic_fenglinw(a)quicinc.com> Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation Judith Mendez <jm(a)ti.com> mmc: sdhci_am654: Fix ITAPDLY for HS400 timing Judith Mendez <jm(a)ti.com> mmc: sdhci_am654: Add ITAPDLYSEL in sdhci_j721e_4bit_set_clock Judith Mendez <jm(a)ti.com> mmc: sdhci_am654: Add OTAP/ITAP delay enable Vignesh Raghavendra <vigneshr(a)ti.com> mmc: sdhci_am654: Drop lookup for deprecated ti,otap-del-sel Judith Mendez <jm(a)ti.com> mmc: sdhci_am654: Write ITAPDLY for DDR52 timing Judith Mendez <jm(a)ti.com> mmc: sdhci_am654: Add tuning algorithm for delay chain Karel Balej <balejk(a)matfyz.cz> Input: ioc3kbd - add device table Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> Input: ioc3kbd - convert to platform remove callback returning void Arnd Bergmann <arnd(a)arndb.de> Input: ims-pcu - fix printf string overflow Sven Schnelle <svens(a)linux.ibm.com> s390/boot: Remove alt_stfle_fac_list from decompressor Alexander Egorenkov <egorenar(a)linux.ibm.com> s390/ipl: Fix incorrect initialization of nvme dump block Alexander Egorenkov <egorenar(a)linux.ibm.com> s390/ipl: Fix incorrect initialization of len fields in nvme reipl block Heiko Carstens <hca(a)linux.ibm.com> s390/vdso: Use standard stack frame layout Jens Remus <jremus(a)linux.ibm.com> s390/vdso: Generate unwind information for C modules Sumanth Korikkar <sumanthk(a)linux.ibm.com> s390/vdso64: filter out munaligned-symbols flag for vdso Sumanth Korikkar <sumanthk(a)linux.ibm.com> s390/vdso: filter out mno-pic-data-is-text-relative cflag Ian Rogers <irogers(a)google.com> perf stat: Don't display metric header for non-leader uncore events Samasth Norway Ananda <samasth.norway.ananda(a)oracle.com> perf daemon: Fix file leak in daemon_session__control Ian Rogers <irogers(a)google.com> libsubcmd: Fix parse-options memory leak Wolfram Sang <wsa+renesas(a)sang-engineering.com> serial: sh-sci: protect invalidating RXDMA on shutdown Chao Yu <chao(a)kernel.org> f2fs: compress: don't allow unaligned truncation on released compress inode Chao Yu <chao(a)kernel.org> f2fs: fix to release node block count in error path of f2fs_new_node_page() Chao Yu <chao(a)kernel.org> f2fs: compress: fix to cover {reserve,release}_compress_blocks() w/ cp_rwsem lock Ian Rogers <irogers(a)google.com> perf report: Avoid SEGV in report__setup_sample_type() Ian Rogers <irogers(a)google.com> perf ui browser: Avoid SEGV on title Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> PCI/EDR: Align EDR_PORT_LOCATE_DSM with PCI Firmware r3.3 Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> PCI/EDR: Align EDR_PORT_DPC_ENABLE_DSM with PCI Firmware r3.3 Randy Dunlap <rdunlap(a)infradead.org> extcon: max8997: select IRQ_DOMAIN instead of depending on it Ian Rogers <irogers(a)google.com> perf ui browser: Don't save pointer to stack memory Ian Rogers <irogers(a)google.com> perf ui: Update use of pthread mutex yaowenbin <yaowenbin1(a)huawei.com> perf top: Fix TUI exit screen refresh race condition He Zhe <zhe.he(a)windriver.com> perf bench internals inject-build-id: Fix trap divide when collecting just one DSO Huai-Yuan Liu <qq810974084(a)gmail.com> ppdev: Add an error check in register_device Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ppdev: Remove usage of the deprecated ida_simple_xx() API Dan Carpenter <dan.carpenter(a)linaro.org> stm class: Fix a double free in stm_register_device() Chris Wulff <Chris.Wulff(a)biamp.com> usb: gadget: u_audio: Clear uac pointer when freed. Matti Vaittinen <mazziesaccount(a)gmail.com> watchdog: bd9576: Drop "always-running" property Dmitry Torokhov <dmitry.torokhov(a)gmail.com> watchdog: bd9576_wdt: switch to using devm_fwnode_gpiod_get() Rafał Miłecki <rafal(a)milecki.pl> dt-bindings: pinctrl: mediatek: mt7622: fix array properties Miklos Szeredi <mszeredi(a)redhat.com> ovl: remove upper umask handling from ovl_create_upper() Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix unassigned instruction op (discovered by MemorySanitizer) Michal Simek <michal.simek(a)amd.com> microblaze: Remove early printk call from cpuinfo-static.c Michal Simek <michal.simek(a)amd.com> microblaze: Remove gcc flag for non existing early_printk.c file Marco Pagani <marpagan(a)redhat.com> fpga: region: add owner module and take its refcount Russ Weight <russell.h.weight(a)intel.com> fpga: region: Use standard dev_release for class driver Suzuki K Poulose <suzuki.poulose(a)arm.com> coresight: etm4x: Fix access to resource selector registers Suzuki K Poulose <suzuki.poulose(a)arm.com> coresight: etm4x: Safe access for TRCQCLTR James Clark <james.clark(a)arm.com> coresight: etm4x: Cleanup TRCIDR0 register accesses James Clark <james.clark(a)arm.com> coresight: no-op refactor to make INSTP0 check more idiomatic Suzuki K Poulose <suzuki.poulose(a)arm.com> coresight: etm4x: Do not save/restore Data trace control registers Suzuki K Poulose <suzuki.poulose(a)arm.com> coresight: etm4x: Do not hardcode IOMEM access for register restore Thomas Haemmerle <thomas.haemmerle(a)leica-geosystems.com> iio: pressure: dps310: support negative temperature values Ian Rogers <irogers(a)google.com> perf docs: Document bpf event modifier Anshuman Khandual <anshuman.khandual(a)arm.com> coresight: etm4x: Fix unbalanced pm_runtime_enable() Chao Yu <chao(a)kernel.org> f2fs: fix to check pinfile flag in f2fs_move_file_range() Chao Yu <chao(a)kernel.org> f2fs: fix to relocate check condition in f2fs_fallocate() Jinyoung CHOI <j-young.choi(a)samsung.com> f2fs: fix typos in comments Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: do not allow partial truncation on pinned file Chao Yu <chao(a)kernel.org> f2fs: compress: fix to relocate check condition in f2fs_ioc_{,de}compress_file() Yangtao Li <frank.li(a)vivo.com> f2fs: convert to use sbi directly Chao Yu <chao(a)kernel.org> f2fs: compress: fix to relocate check condition in f2fs_{release,reserve}_compress_blocks() Geert Uytterhoeven <geert+renesas(a)glider.be> dt-bindings: PCI: rcar-pci-host: Add missing IOMMU properties Wolfram Sang <wsa+renesas(a)sang-engineering.com> dt-bindings: PCI: rcar-pci-host: Add optional regulators Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: add proper sched.h include for sched_set_fifo() Vidya Sagar <vidyas(a)nvidia.com> PCI: tegra194: Fix probe path for Endpoint mode Arnd Bergmann <arnd(a)arndb.de> greybus: arche-ctrl: move device table to its right location Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: max3100: Fix bitwise types Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: max3100: Update uart_driver_registered on driver removal Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: max3100: Lock port->lock when calling uart_handle_cts_change() Arnd Bergmann <arnd(a)arndb.de> firmware: dmi-id: add a release callback function Chen Ni <nichen(a)iscas.ac.cn> dmaengine: idma64: Add check for dma_set_max_seg_size Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> soundwire: cadence: fix invalid PDI offset Namhyung Kim <namhyung(a)kernel.org> perf annotate: Get rid of duplicate --group option item Chao Yu <chao(a)kernel.org> f2fs: fix to wait on page writeback in __clone_blkaddrs() Fabio M. De Francesco <fmdefrancesco(a)gmail.com> f2fs: Delete f2fs_copy_page() and replace with memcpy_page() Rui Miguel Silva <rmfrfs(a)gmail.com> greybus: lights: check return of get_channel_from_mode Arnaldo Carvalho de Melo <acme(a)redhat.com> perf probe: Add missing libgen.h header needed for using basename() Ian Rogers <irogers(a)google.com> perf record: Delete session after stopping sideband thread Cheng Yu <serein.chengyu(a)huawei.com> sched/core: Fix incorrect initialization of the 'burst' parameter in cpu_max_write() Vitalii Bursov <vitaly(a)bursov.com> sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level Eric Dumazet <edumazet(a)google.com> af_packet: do not call packet_read_pending() from tpacket_destruct_skb() Eric Dumazet <edumazet(a)google.com> netrom: fix possible dead-lock in nr_rt_ioctl() Chris Lew <quic_clew(a)quicinc.com> net: qrtr: ns: Fix module refcnt Nikolay Aleksandrov <razor(a)blackwall.org> selftests: net: bridge: increase IGMP/MLD exclude timeout membership interval Leon Romanovsky <leon(a)kernel.org> RDMA/IPoIB: Fix format truncation compilation errors Edward Liaw <edliaw(a)google.com> selftests/kcmp: remove unused open mode Gautam Menghani <gautammenghani201(a)gmail.com> selftests/kcmp: Make the test output consistent and clear Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Fix gss_free_in_token_pages() Dan Carpenter <dan.carpenter(a)linaro.org> ext4: fix potential unnitialized variable Kemeng Shi <shikemeng(a)huaweicloud.com> ext4: remove unused parameter from ext4_mb_new_blocks_simple() Kemeng Shi <shikemeng(a)huaweicloud.com> ext4: try all groups in ext4_mb_new_blocks_simple Kemeng Shi <shikemeng(a)huaweicloud.com> ext4: fix unit mismatch in ext4_mb_new_blocks_simple Kemeng Shi <shikemeng(a)huaweicloud.com> ext4: simplify calculation of blkoff in ext4_mb_new_blocks_simple Aleksandr Aprelkov <aaprelkov(a)usergate.com> sunrpc: removed redundant procp check David Hildenbrand <david(a)redhat.com> drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map() Christoph Hellwig <hch(a)lst.de> virt: acrn: stop using follow_pfn Len Baker <len.baker(a)gmx.com> virt: acrn: Prefer array_size and struct_size over open coded arithmetic Jan Kara <jack(a)suse.cz> ext4: avoid excessive credit estimate in ext4_tmpfile() Adrian Hunter <adrian.hunter(a)intel.com> x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map Marc Gonzalez <mgonzalez(a)freebox.fr> clk: qcom: mmcc-msm8998: fix venus clock issue Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Modify the print level of CQE error Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Use complete parentheses in macros Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix GMV table pagesize Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix deadlock on SRQ async events. Zhengchao Shao <shaozhengchao(a)huawei.com> RDMA/hns: Fix return value in hns_roce_map_mr_sg Or Har-Toov <ohartoov(a)nvidia.com> RDMA/mlx5: Adding remote atomic access flag to updatable flags Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/mipi-dsi: use correct return type for the DSC functions Marek Vasut <marex(a)denx.de> drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector Nícolas F. R. A. Prado <nfraprado(a)collabora.com> drm/bridge: tc358775: Don't log an error when DSI host can't be found Nícolas F. R. A. Prado <nfraprado(a)collabora.com> drm/bridge: lt9611: Don't log an error when DSI host can't be found Nícolas F. R. A. Prado <nfraprado(a)collabora.com> drm/bridge: lt8912b: Don't log an error when DSI host can't be found Steven Rostedt <rostedt(a)goodmis.org> ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value Aleksandr Mishin <amishin(a)t-argos.ru> drm: vc4: Fix possible null pointer dereference Huai-Yuan Liu <qq810974084(a)gmail.com> drm/arm/malidp: fix a possible null pointer dereference Zhipeng Lu <alexious(a)zju.edu.cn> media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries Randy Dunlap <rdunlap(a)infradead.org> fbdev: sh7760fb: allow modular build Fabio Estevam <festevam(a)denx.de> media: dt-bindings: ovti,ov2680: Fix the power supply names Sakari Ailus <sakari.ailus(a)linux.intel.com> media: ipu3-cio2: Request IRQ earlier Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> media: ipu3-cio2: Use temporary storage for struct device pointer Aleksandr Mishin <amishin(a)t-argos.ru> drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference Ricardo Ribalda <ribalda(a)chromium.org> media: radio-shark2: Avoid led_names truncations Aleksandr Burakov <a.burakov(a)rosalinux.ru> media: ngene: Add dvb_ca_en50221_init return value check Arnd Bergmann <arnd(a)arndb.de> fbdev: sisfb: hide unused variables Arnd Bergmann <arnd(a)arndb.de> powerpc/fsl-soc: hide unused const variable Justin Green <greenjustin(a)chromium.org> drm/mediatek: Add 0 size check to mtk_drm_gem_obj Christian Hewitt <christianshewitt(a)gmail.com> drm/meson: vclk: fix calculation of 59.94 fractional rates Aleksandr Mishin <amishin(a)t-argos.ru> ASoC: kirkwood: Fix potential NULL dereference Arnd Bergmann <arnd(a)arndb.de> fbdev: shmobile: fix snprintf truncation Maxim Korotkov <korotkov.maxim.s(a)gmail.com> mtd: rawnand: hynix: fixed typo Aapo Vienamo <aapo.vienamo(a)linux.intel.com> mtd: core: Report error if first mtd_otp_size() call fails in mtd_otp_nvmem_add() Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: Disable route checks for Skylake boards Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Fix potential index out of bounds in color transformation function Geert Uytterhoeven <geert+renesas(a)glider.be> dev_printk: Add and use dev_no_printk() Geert Uytterhoeven <geert+renesas(a)glider.be> printk: Let no_printk() use _printk() Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: SO_KEEPALIVE: fix getsockopt support Ilya Leoshkevich <iii(a)linux.ibm.com> s390/bpf: Emit a barrier for BPF_FETCH instructions Akiva Goldberger <agoldberger(a)nvidia.com> net/mlx5: Discard command completions in internal error Hangbin Liu <liuhangbin(a)gmail.com> ipv6: sr: fix invalid unregister error path Hangbin Liu <liuhangbin(a)gmail.com> ipv6: sr: fix incorrect unregister order Hangbin Liu <liuhangbin(a)gmail.com> ipv6: sr: add missing seg6_local_exit Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: fix overwriting ct original tuple for ICMPv6 Eric Dumazet <edumazet(a)google.com> net: usb: smsc95xx: stop lying about skb->truesize Breno Leitao <leitao(a)debian.org> af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg Linus Walleij <linus.walleij(a)linaro.org> net: ethernet: cortina: Locking fixes Jakub Kicinski <kuba(a)kernel.org> eth: sungem: remove .ndo_poll_controller to avoid deadlocks gaoxingwang <gaoxingwang1(a)huawei.com> net: ipv6: fix wrong start position when receive hop-by-hop fragment Finn Thain <fthain(a)linux-m68k.org> m68k: mac: Fix reboot hang on Mac IIci Michael Schmitz <schmitzmic(a)gmail.com> m68k: Fix spinlock race in kernel thread creation Eric Dumazet <edumazet(a)google.com> net: usb: sr9700: stop lying about skb->truesize Eric Dumazet <edumazet(a)google.com> usb: aqc111: stop lying about skb->truesize Dan Carpenter <dan.carpenter(a)linaro.org> wifi: mwl8k: initialize cmd->addr[] properly Himanshu Madhani <himanshu.madhani(a)oracle.com> scsi: qla2xxx: Fix debugfs output for fw_resource_count Bui Quang Minh <minhquangbui99(a)gmail.com> scsi: qedf: Ensure the copied buf is NUL terminated Bui Quang Minh <minhquangbui99(a)gmail.com> scsi: bfa: Ensure the copied buf is NUL terminated Chen Ni <nichen(a)iscas.ac.cn> HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors John Hubbard <jhubbard(a)nvidia.com> selftests/resctrl: fix clang build failure: use LOCAL_HDRS John Hubbard <jhubbard(a)nvidia.com> selftests/binderfs: use the Makefile's rules, not Make's implicit rules Guenter Roeck <linux(a)roeck-us.net> Revert "sh: Handle calling csum_partial with misaligned data" Geert Uytterhoeven <geert+renesas(a)glider.be> sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe() Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> wifi: ar5523: enable proper endpoint verification Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> wifi: carl9170: add a proper sanity check for endpoints Finn Thain <fthain(a)linux-m68k.org> macintosh/via-macii: Fix "BUG: sleeping function called from invalid context" Eric Dumazet <edumazet(a)google.com> net: give more chances to rcu in netdev_wait_allrefs_any() Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: sti: Simplify probe function using devm functions Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: sti: Prepare removing pwm_chip from driver data Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: sti: Convert to platform remove callback returning void Eric Dumazet <edumazet(a)google.com> tcp: avoid premature drops in tcp_add_backlog() Matthias Schiffer <matthias.schiffer(a)ew.tq-group.com> net: dsa: mv88e6xxx: Avoid EEPROM timeout without EEPROM on 88E6250-family switches Matthias Schiffer <matthias.schiffer(a)ew.tq-group.com> net: dsa: mv88e6xxx: Add support for model-specific pre- and post-reset handlers Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> wifi: ath10k: populate board data for WCN3990 Su Hui <suhui(a)nfschina.com> wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() Aleksandr Mishin <amishin(a)t-argos.ru> thermal/drivers/tsens: Fix null pointer dereference Ard Biesheuvel <ardb(a)kernel.org> x86/purgatory: Switch to the position-independent small code model Yuri Karpov <YKarpov(a)ispras.ru> scsi: hpsa: Fix allocation size for Scsi_Host private data Xingui Yang <yangxingui(a)huawei.com> scsi: libsas: Fix the failure of adding phy with zero-address to port Aleksandr Mishin <amishin(a)t-argos.ru> cppc_cpufreq: Fix possible null pointer dereference Gabriel Krisman Bertazi <krisman(a)suse.de> udp: Avoid call to compute_score on multiple sites Lorenz Bauer <lmb(a)isovalent.com> net: remove duplicate reuseport_lookup functions Lorenz Bauer <lmb(a)isovalent.com> net: export inet_lookup_reuseport and inet6_lookup_reuseport Viresh Kumar <viresh.kumar(a)linaro.org> cpufreq: exit() callback is optional Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: Rearrange locking in cpufreq_remove_dev() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: Split cpufreq_offline() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: Reorganize checks in cpufreq_offline() Geliang Tang <tanggeliang(a)kylinos.cn> selftests/bpf: Fix umount cgroup2 error in test_sockmap Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Fix "ignore unlock failures after withdraw" Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Don't forget to complete delayed withdraw Arnd Bergmann <arnd(a)arndb.de> ACPI: disable -Wstringop-truncation Zenghui Yu <yuzenghui(a)huawei.com> irqchip/loongson-pch-msi: Fix off-by-one on allocation error path Zenghui Yu <yuzenghui(a)huawei.com> irqchip/alpine-msi: Fix off-by-one in allocation error path Andrew Halaney <ahalaney(a)redhat.com> scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL Andrew Halaney <ahalaney(a)redhat.com> scsi: ufs: core: Perform read back after disabling interrupts Andrew Halaney <ahalaney(a)redhat.com> scsi: ufs: cdns-pltfrm: Perform read back after writing HCLKDIV Andrew Halaney <ahalaney(a)redhat.com> scsi: ufs: qcom: Perform read back after writing CGC enable Andrew Halaney <ahalaney(a)redhat.com> scsi: ufs: qcom: Perform read back after writing unipro mode Abel Vesa <abel.vesa(a)linaro.org> scsi: ufs: ufs-qcom: Clear qunipro_g4_sel for HW version major 5 Manivannan Sadhasivam <mani(a)kernel.org> scsi: ufs: ufs-qcom: Fix the Qcom register name for offset 0xD0 Andrew Halaney <ahalaney(a)redhat.com> scsi: ufs: qcom: Perform read back after writing REG_UFS_SYS1CLK_1US Andrew Halaney <ahalaney(a)redhat.com> scsi: ufs: qcom: Perform read back after writing reset bit Anton Protopopov <aspsk(a)isovalent.com> bpf: Pack struct bpf_fib_lookup Arnd Bergmann <arnd(a)arndb.de> qed: avoid truncating work queue length Shrikanth Hegde <sshegde(a)linux.ibm.com> sched/fair: Add EAS checks before updating root_domain::overutilized Guixiong Wei <weiguixiong(a)bytedance.com> x86/boot: Ignore relocations in .notes sections in walk_relocs() too Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath10k: poll service ready message before failing Yu Kuai <yukuai3(a)huawei.com> md: fix resync softlockup when bitmap size is less than array size Zhu Yanjun <yanjun.zhu(a)linux.dev> null_blk: Fix missing mutex_destroy() at module removal Chun-Kuang Hu <chunkuang.hu(a)kernel.org> soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE Ilya Denisyev <dev(a)elkcl.ru> jffs2: prevent xattr node from overflowing the eraseblock Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/cio: fix tracepoint subchannel type field Eric Biggers <ebiggers(a)google.com> crypto: x86/sha512-avx2 - add missing vzeroupper Eric Biggers <ebiggers(a)google.com> crypto: x86/sha256-avx2 - add missing vzeroupper Eric Biggers <ebiggers(a)google.com> crypto: x86/nh-avx2 - add missing vzeroupper Arnd Bergmann <arnd(a)arndb.de> crypto: ccp - drop platform ifdef checks Al Viro <viro(a)zeniv.linux.org.uk> parisc: add missing export of __cmpxchg_u8() Arnd Bergmann <arnd(a)arndb.de> nilfs2: fix out-of-range warning Brian Kubisiak <brian(a)kubisiak.com> ecryptfs: Fix buffer size for tag 66 packet Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> firmware: raspberrypi: Use correct device for DMA mappings Guenter Roeck <linux(a)roeck-us.net> mm/slub, kunit: Use inverted data to corrupt kmem cache Aleksandr Mishin <amishin(a)t-argos.ru> crypto: bcm - Fix pointer arithmetic Eric Sandeen <sandeen(a)redhat.com> openpromfs: finish conversion to the new mount API Linus Torvalds <torvalds(a)linux-foundation.org> epoll: be better about file lifetimes Nilay Shroff <nilay(a)linux.ibm.com> nvme: find numa distance only if controller has valid numa id Linus Torvalds <torvalds(a)linux-foundation.org> x86/mm: Remove broken vsyscall emulation code from the page fault code Lancelot SIX <lancelot.six(a)amd.com> drm/amdkfd: Flush the process wq before creating a kfd_process Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: da7219-aad: fix usage of device_get_named_child_node() Zqiang <qiang.zhang1211(a)gmail.com> softirq: Fix suspicious RCU usage in __do_softirq() Jack Yu <jack.yu(a)realtek.com> ASoC: rt715-sdca: volume step modification Jack Yu <jack.yu(a)realtek.com> ASoC: rt715: add vendor clear control register Krzysztof Kozlowski <krzk(a)kernel.org> regulator: vqmmc-ipq4019: fix module autoloading Derek Fang <derek.fang(a)realtek.com> ASoC: dt-bindings: rt5645: add cbj sleeve gpio property Derek Fang <derek.fang(a)realtek.com> ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating Matti Vaittinen <mazziesaccount(a)gmail.com> regulator: irq_helpers: duplicate IRQ name Clément Léger <cleger(a)rivosinc.com> selftests: sud_test: return correct emulated syscall value on RISC-V Joshua Ashton <joshua(a)froggi.es> drm/amd/display: Set color_mgmt_changed to true on unsuspend Daniele Palmas <dnlplm(a)gmail.com> net: usb: qmi_wwan: add Telit FN920C04 compositions Rob Herring <robh(a)kernel.org> dt-bindings: rockchip: grf: Add missing type to 'pcie-phy' node Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class Takashi Iwai <tiwai(a)suse.de> ALSA: Fix deadlocks with kctl removals at disconnection Takashi Iwai <tiwai(a)suse.de> ALSA: core: Fix NULL module pointer assignment at card init Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Break dir enumeration if directory contents error Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix case when index is reused during tree transformation Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Taking DOS names into account during link counting Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Remove max link count info display during driver init Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix potential hang in nilfs_detach_log_writer() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix unexpected freezing of nilfs_segctor_sync() Thorsten Blum <thorsten.blum(a)toblux.com> net: smc91x: Fix m68k kernel compilation for ColdFire CPU Shuah Khan <skhan(a)linuxfoundation.org> tools/latency-collector: Fix -Wformat-security compile warns Petr Pavlu <petr.pavlu(a)suse.com> ring-buffer: Fix a race between readers and resize checks Ken Milmore <ken.milmore(a)gmail.com> r8169: Fix possible ring buffer corruption on fragmented Tx packets. Heiner Kallweit <hkallweit1(a)gmail.com> Revert "r8169: don't try to disable interrupts if NAPI is, scheduled already" Doug Berger <opendmb(a)gmail.com> serial: 8250_bcm7271: use default_mux_rate if possible Dan Carpenter <dan.carpenter(a)linaro.org> speakup: Fix sizeof() vs ARRAY_SIZE() bug Daniel Starke <daniel.starke(a)siemens.com> tty: n_gsm: fix missing receive state reset after mode switch Daniel Starke <daniel.starke(a)siemens.com> tty: n_gsm: fix possible out-of-bounds in gsm0_receive() Daniel J Blueman <daniel(a)quora.org> x86/tsc: Trust initial offset in architectural TSC-adjust MSRs ------------- Diffstat: .../devicetree/bindings/media/i2c/ovti,ov2680.yaml | 18 +- .../devicetree/bindings/pci/rcar-pci-host.yaml | 14 + .../bindings/pinctrl/mediatek,mt7622-pinctrl.yaml | 92 +++--- .../devicetree/bindings/soc/rockchip/grf.yaml | 1 + Documentation/devicetree/bindings/sound/rt5645.txt | 6 + Documentation/driver-api/fpga/fpga-region.rst | 19 +- .../device_drivers/ethernet/amazon/ena.rst | 32 ++ Makefile | 4 +- arch/arm64/boot/dts/hisilicon/hi3798cv200.dtsi | 2 +- arch/arm64/boot/dts/nvidia/tegra132-norrin.dts | 4 +- arch/arm64/boot/dts/nvidia/tegra132.dtsi | 2 +- arch/arm64/boot/dts/qcom/qcs404-evb.dtsi | 2 +- arch/arm64/include/asm/asm-bug.h | 1 + arch/arm64/kvm/guest.c | 3 +- arch/m68k/kernel/entry.S | 4 +- arch/m68k/mac/misc.c | 36 +-- arch/microblaze/kernel/Makefile | 1 - arch/microblaze/kernel/cpu/cpuinfo-static.c | 2 +- arch/parisc/kernel/parisc_ksyms.c | 1 + arch/powerpc/include/asm/hvcall.h | 2 +- arch/powerpc/platforms/pseries/lpar.c | 6 +- arch/powerpc/platforms/pseries/lparcfg.c | 6 +- arch/powerpc/sysdev/fsl_msi.c | 2 + arch/riscv/kernel/entry.S | 3 +- arch/riscv/kernel/stacktrace.c | 29 +- arch/s390/boot/startup.c | 1 - arch/s390/include/asm/cpacf.h | 109 +++++-- arch/s390/kernel/ipl.c | 10 +- arch/s390/kernel/setup.c | 2 +- arch/s390/kernel/vdso32/Makefile | 5 +- arch/s390/kernel/vdso64/Makefile | 6 +- arch/s390/net/bpf_jit_comp.c | 8 +- arch/sh/kernel/kprobes.c | 7 +- arch/sh/lib/checksum.S | 67 ++--- arch/sparc/include/asm/smp_64.h | 2 - arch/sparc/include/uapi/asm/termbits.h | 10 - arch/sparc/include/uapi/asm/termios.h | 9 + arch/sparc/kernel/prom_64.c | 4 +- arch/sparc/kernel/setup_64.c | 1 - arch/sparc/kernel/smp_64.c | 14 - arch/um/drivers/line.c | 14 +- arch/um/drivers/ubd_kern.c | 4 +- arch/um/drivers/vector_kern.c | 2 +- arch/um/include/asm/mmu.h | 2 - arch/um/include/shared/skas/mm_id.h | 2 + arch/x86/Kconfig.debug | 5 +- arch/x86/crypto/nh-avx2-x86_64.S | 1 + arch/x86/crypto/sha256-avx2-asm.S | 1 + arch/x86/crypto/sha512-avx2-asm.S | 1 + arch/x86/entry/vsyscall/vsyscall_64.c | 28 +- arch/x86/include/asm/processor.h | 1 - arch/x86/kernel/apic/vector.c | 9 +- arch/x86/kernel/tsc_sync.c | 6 +- arch/x86/kvm/cpuid.c | 21 +- arch/x86/lib/x86-opcode-map.txt | 2 +- arch/x86/mm/fault.c | 33 +-- arch/x86/purgatory/Makefile | 3 +- arch/x86/tools/relocs.c | 9 + crypto/ecdsa.c | 3 + crypto/ecrdsa.c | 1 + drivers/accessibility/speakup/main.c | 2 +- drivers/acpi/acpica/Makefile | 1 + drivers/acpi/resource.c | 12 + drivers/ata/pata_legacy.c | 8 +- drivers/block/null_blk/main.c | 3 + drivers/char/ppdev.c | 21 +- drivers/clk/qcom/mmcc-msm8998.c | 8 + drivers/cpufreq/cppc_cpufreq.c | 14 +- drivers/cpufreq/cpufreq.c | 85 +++--- drivers/crypto/bcm/spu2.c | 2 +- drivers/crypto/ccp/sp-platform.c | 14 +- drivers/crypto/qat/qat_common/adf_aer.c | 19 +- drivers/dma-buf/sync_debug.c | 4 +- drivers/dma/idma64.c | 4 +- drivers/edac/igen6_edac.c | 4 +- drivers/extcon/Kconfig | 3 +- drivers/firmware/dmi-id.c | 7 +- drivers/firmware/raspberrypi.c | 7 +- drivers/fpga/dfl-fme-region.c | 17 +- drivers/fpga/dfl.c | 12 +- drivers/fpga/fpga-region.c | 129 ++++---- drivers/fpga/of-fpga-region.c | 10 +- drivers/gpu/drm/amd/amdgpu/amdgpu_atomfirmware.c | 15 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 8 +- drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 3 + drivers/gpu/drm/amd/amdkfd/kfd_process.c | 8 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 1 + .../gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c | 5 + drivers/gpu/drm/amd/include/atomfirmware.h | 43 +++ drivers/gpu/drm/arm/malidp_mw.c | 5 +- .../gpu/drm/bridge/cadence/cdns-mhdp8546-core.c | 3 + drivers/gpu/drm/bridge/lontium-lt8912b.c | 6 +- drivers/gpu/drm/bridge/lontium-lt9611.c | 6 +- drivers/gpu/drm/bridge/tc358775.c | 27 +- drivers/gpu/drm/drm_mipi_dsi.c | 6 +- drivers/gpu/drm/drm_modeset_helper.c | 19 +- drivers/gpu/drm/drm_probe_helper.c | 15 +- drivers/gpu/drm/mediatek/mtk_drm_gem.c | 3 + drivers/gpu/drm/meson/meson_vclk.c | 6 +- .../gpu/drm/msm/disp/dpu1/dpu_encoder_phys_cmd.c | 3 - drivers/gpu/drm/msm/dsi/dsi_host.c | 10 +- drivers/gpu/drm/panel/panel-simple.c | 3 + drivers/gpu/drm/vc4/vc4_hdmi.c | 2 + drivers/hid/intel-ish-hid/ipc/pci-ish.c | 5 + drivers/hwmon/shtc1.c | 2 +- drivers/hwtracing/coresight/coresight-etm4x-core.c | 65 ++-- drivers/hwtracing/coresight/coresight-etm4x.h | 44 +-- drivers/hwtracing/intel_th/pci.c | 5 + drivers/hwtracing/stm/core.c | 11 +- drivers/i3c/master/svc-i3c-master.c | 16 +- drivers/iio/pressure/dps310.c | 11 +- drivers/infiniband/hw/hns/hns_roce_hem.h | 12 +- drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 7 +- drivers/infiniband/hw/hns/hns_roce_main.c | 1 + drivers/infiniband/hw/hns/hns_roce_mr.c | 15 +- drivers/infiniband/hw/hns/hns_roce_srq.c | 6 +- drivers/infiniband/hw/mlx5/mr.c | 3 +- drivers/infiniband/ulp/ipoib/ipoib_vlan.c | 8 +- drivers/input/misc/ims-pcu.c | 4 +- drivers/input/misc/pm8xxx-vibrator.c | 7 +- drivers/input/mouse/cyapa.c | 12 +- drivers/input/serio/ioc3kbd.c | 13 +- drivers/irqchip/irq-alpine-msi.c | 2 +- drivers/irqchip/irq-loongson-pch-msi.c | 2 +- drivers/macintosh/via-macii.c | 11 +- drivers/md/md-bitmap.c | 6 +- drivers/md/raid5.c | 15 +- drivers/media/cec/core/cec-adap.c | 265 +++++++++++------ drivers/media/cec/core/cec-api.c | 29 +- drivers/media/cec/core/cec-core.c | 4 +- drivers/media/cec/core/cec-pin-priv.h | 11 + drivers/media/cec/core/cec-pin.c | 23 +- drivers/media/cec/core/cec-priv.h | 10 + drivers/media/dvb-frontends/lgdt3306a.c | 5 + drivers/media/dvb-frontends/mxl5xx.c | 22 +- drivers/media/mc/mc-devnode.c | 5 +- drivers/media/pci/intel/ipu3/ipu3-cio2-main.c | 146 +++++---- drivers/media/pci/ngene/ngene-core.c | 4 +- drivers/media/radio/radio-shark2.c | 2 +- drivers/media/usb/b2c2/flexcop-usb.c | 12 +- drivers/media/usb/stk1160/stk1160-video.c | 20 +- drivers/media/v4l2-core/v4l2-dev.c | 3 + drivers/mmc/core/host.c | 3 +- drivers/mmc/core/slot-gpio.c | 20 ++ drivers/mmc/host/sdhci-acpi.c | 48 ++- drivers/mmc/host/sdhci_am654.c | 205 +++++++++---- drivers/mtd/mtdcore.c | 6 +- drivers/mtd/nand/raw/nand_hynix.c | 2 +- drivers/net/Makefile | 4 +- drivers/net/dsa/mv88e6xxx/chip.c | 50 +++- drivers/net/dsa/mv88e6xxx/chip.h | 6 + drivers/net/dsa/mv88e6xxx/global1.c | 89 ++++++ drivers/net/dsa/mv88e6xxx/global1.h | 2 + drivers/net/dsa/sja1105/sja1105_main.c | 9 +- drivers/net/ethernet/amazon/ena/ena_admin_defs.h | 16 +- drivers/net/ethernet/amazon/ena/ena_com.c | 330 ++++++++------------- drivers/net/ethernet/amazon/ena/ena_com.h | 13 + drivers/net/ethernet/amazon/ena/ena_eth_com.c | 49 ++- drivers/net/ethernet/amazon/ena/ena_eth_com.h | 15 +- drivers/net/ethernet/amazon/ena/ena_netdev.c | 205 +++++++------ drivers/net/ethernet/amazon/ena/ena_netdev.h | 13 + drivers/net/ethernet/cisco/enic/enic_main.c | 12 + drivers/net/ethernet/cortina/gemini.c | 12 +- drivers/net/ethernet/freescale/fec_main.c | 10 + drivers/net/ethernet/freescale/fec_ptp.c | 14 +- drivers/net/ethernet/intel/ice/ice_ethtool.c | 19 +- drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 3 + .../mellanox/mlx5/core/en_accel/ipsec_rxtx.h | 17 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_main.c | 9 +- drivers/net/ethernet/realtek/r8169_main.c | 9 +- drivers/net/ethernet/smsc/smc91x.h | 4 +- drivers/net/ethernet/sun/sungem.c | 14 - drivers/net/ipvlan/ipvlan_core.c | 4 +- drivers/net/phy/micrel.c | 1 + drivers/net/usb/aqc111.c | 8 +- drivers/net/usb/qmi_wwan.c | 3 + drivers/net/usb/smsc95xx.c | 26 +- drivers/net/usb/sr9700.c | 10 +- drivers/net/vxlan/vxlan_core.c | 4 - drivers/net/wireless/ath/ar5523/ar5523.c | 14 + drivers/net/wireless/ath/ath10k/core.c | 3 + drivers/net/wireless/ath/ath10k/debugfs_sta.c | 2 +- drivers/net/wireless/ath/ath10k/hw.h | 1 + drivers/net/wireless/ath/ath10k/targaddrs.h | 3 + drivers/net/wireless/ath/ath10k/wmi.c | 26 +- drivers/net/wireless/ath/carl9170/usb.c | 32 ++ drivers/net/wireless/marvell/mwl8k.c | 2 +- .../net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 26 +- .../net/wireless/realtek/rtlwifi/rtl8192de/trx.c | 21 +- .../net/wireless/realtek/rtlwifi/rtl8192de/trx.h | 79 ++--- drivers/nvme/host/multipath.c | 3 +- drivers/nvme/target/configfs.c | 8 + drivers/pci/controller/dwc/pcie-tegra194.c | 3 + drivers/pci/pcie/edr.c | 28 +- drivers/pwm/pwm-sti.c | 48 +-- drivers/regulator/bd71828-regulator.c | 58 +--- drivers/regulator/irq_helpers.c | 3 + drivers/regulator/vqmmc-ipq4019-regulator.c | 1 + drivers/s390/cio/trace.h | 2 +- drivers/s390/crypto/ap_bus.c | 2 +- drivers/scsi/bfa/bfad_debugfs.c | 4 +- drivers/scsi/hpsa.c | 2 +- drivers/scsi/libsas/sas_expander.c | 3 +- drivers/scsi/qedf/qedf_debugfs.c | 2 +- drivers/scsi/qla2xxx/qla_dfs.c | 2 +- drivers/scsi/qla2xxx/qla_init.c | 8 +- drivers/scsi/qla2xxx/qla_mr.c | 20 +- drivers/scsi/ufs/cdns-pltfrm.c | 2 +- drivers/scsi/ufs/ufs-qcom.c | 13 +- drivers/scsi/ufs/ufs-qcom.h | 21 +- drivers/scsi/ufs/ufshcd.c | 4 +- drivers/soc/mediatek/mtk-cmdq-helper.c | 5 +- drivers/soc/qcom/cmd-db.c | 32 +- drivers/soc/qcom/rpmh-rsc.c | 3 +- drivers/soundwire/cadence_master.c | 2 +- drivers/spi/spi-stm32.c | 2 +- drivers/spi/spi.c | 4 + drivers/staging/greybus/arche-apb-ctrl.c | 1 + drivers/staging/greybus/arche-platform.c | 9 +- drivers/staging/greybus/light.c | 8 +- drivers/staging/media/atomisp/pci/sh_css.c | 1 + drivers/thermal/qcom/lmh.c | 3 + drivers/thermal/qcom/tsens.c | 2 +- drivers/tty/n_gsm.c | 140 ++++++--- drivers/tty/serial/8250/8250_bcm7271.c | 99 ++++--- drivers/tty/serial/max3100.c | 22 +- drivers/tty/serial/sc16is7xx.c | 2 +- drivers/tty/serial/sh-sci.c | 5 + drivers/usb/gadget/function/u_audio.c | 2 + drivers/video/fbdev/Kconfig | 4 +- drivers/video/fbdev/savage/savagefb_driver.c | 5 +- drivers/video/fbdev/sh_mobile_lcdcfb.c | 2 +- drivers/video/fbdev/sis/init301.c | 3 +- drivers/virt/acrn/acrn_drv.h | 10 +- drivers/virt/acrn/mm.c | 70 +++-- drivers/virtio/virtio_pci_common.c | 4 +- drivers/watchdog/bd9576_wdt.c | 59 ++-- drivers/watchdog/rti_wdt.c | 34 +-- fs/afs/mntpt.c | 5 + fs/ecryptfs/keystore.c | 4 +- fs/eventpoll.c | 38 ++- fs/ext4/mballoc.c | 134 ++++----- fs/ext4/mballoc.h | 2 +- fs/ext4/namei.c | 2 +- fs/ext4/xattr.c | 4 +- fs/f2fs/checkpoint.c | 4 +- fs/f2fs/compress.c | 2 +- fs/f2fs/data.c | 8 +- fs/f2fs/extent_cache.c | 4 +- fs/f2fs/f2fs.h | 10 - fs/f2fs/file.c | 85 +++--- fs/f2fs/inode.c | 6 + fs/f2fs/namei.c | 2 +- fs/f2fs/node.c | 2 +- fs/f2fs/segment.c | 2 +- fs/gfs2/glock.c | 4 +- fs/gfs2/glops.c | 3 + fs/gfs2/util.c | 1 - fs/jffs2/xattr.c | 3 + fs/nfs/callback.c | 2 +- fs/nfs/internal.h | 4 +- fs/nfs/nfs4proc.c | 2 +- fs/nfs/nfs4state.c | 12 +- fs/nfsd/nfs4proc.c | 3 +- fs/nilfs2/ioctl.c | 2 +- fs/nilfs2/segment.c | 63 +++- fs/ntfs3/dir.c | 1 + fs/ntfs3/fslog.c | 3 +- fs/ntfs3/index.c | 6 + fs/ntfs3/inode.c | 7 +- fs/ntfs3/ntfs.h | 2 +- fs/ntfs3/record.c | 11 +- fs/ntfs3/super.c | 2 - fs/openpromfs/inode.c | 8 +- fs/overlayfs/dir.c | 3 - include/drm/drm_mipi_dsi.h | 6 +- include/linux/dev_printk.h | 25 +- include/linux/fpga/fpga-region.h | 43 ++- include/linux/mmc/slot-gpio.h | 1 + include/linux/printk.h | 2 +- include/media/cec.h | 15 +- include/net/dst_ops.h | 2 +- include/net/inet6_hashtables.h | 16 + include/net/inet_hashtables.h | 18 +- include/net/netfilter/nf_tables_core.h | 10 - include/net/sock.h | 13 +- include/soc/qcom/cmd-db.h | 10 +- include/trace/events/asoc.h | 2 + include/uapi/linux/bpf.h | 2 +- io_uring/io_uring.c | 2 + kernel/bpf/verifier.c | 10 +- kernel/cgroup/cpuset.c | 2 +- kernel/debug/kdb/kdb_io.c | 99 ++++--- kernel/dma/map_benchmark.c | 6 +- kernel/irq/cpuhotplug.c | 16 +- kernel/sched/core.c | 2 +- kernel/sched/fair.c | 53 ++-- kernel/sched/topology.c | 2 +- kernel/softirq.c | 12 +- kernel/trace/ring_buffer.c | 9 + lib/slub_kunit.c | 2 +- net/9p/client.c | 2 + net/core/dev.c | 3 +- net/dsa/tag_sja1105.c | 34 ++- net/ipv4/inet_hashtables.c | 29 +- net/ipv4/netfilter/nf_tproxy_ipv4.c | 2 + net/ipv4/route.c | 22 +- net/ipv4/tcp_dctcp.c | 13 +- net/ipv4/tcp_ipv4.c | 13 +- net/ipv4/udp.c | 55 ++-- net/ipv6/inet6_hashtables.c | 27 +- net/ipv6/reassembly.c | 2 +- net/ipv6/route.c | 34 ++- net/ipv6/seg6.c | 5 +- net/ipv6/seg6_hmac.c | 42 ++- net/ipv6/seg6_iptunnel.c | 11 +- net/ipv6/udp.c | 61 ++-- net/mptcp/protocol.h | 3 + net/mptcp/sockopt.c | 117 +++++++- net/netfilter/nfnetlink_queue.c | 2 + net/netfilter/nft_payload.c | 111 +++++-- net/netrom/nr_route.c | 19 +- net/nfc/nci/core.c | 17 +- net/openvswitch/actions.c | 6 + net/openvswitch/flow.c | 3 +- net/packet/af_packet.c | 3 +- net/qrtr/ns.c | 27 ++ net/sunrpc/auth_gss/svcauth_gss.c | 12 +- net/sunrpc/clnt.c | 1 + net/sunrpc/svc.c | 2 - net/sunrpc/svc_xprt.c | 4 +- net/sunrpc/xprtrdma/verbs.c | 6 +- net/tls/tls_main.c | 10 +- net/unix/af_unix.c | 30 +- net/wireless/trace.h | 4 +- net/xfrm/xfrm_policy.c | 11 +- scripts/gdb/linux/constants.py.in | 12 +- scripts/kconfig/symbol.c | 6 +- sound/core/init.c | 11 +- sound/core/timer.c | 10 + sound/soc/codecs/da7219-aad.c | 6 +- sound/soc/codecs/rt5645.c | 25 ++ sound/soc/codecs/rt715-sdca.c | 8 +- sound/soc/codecs/rt715-sdw.c | 1 + sound/soc/codecs/tas2552.c | 15 +- sound/soc/intel/boards/bxt_da7219_max98357a.c | 1 + sound/soc/intel/boards/bxt_rt298.c | 1 + sound/soc/intel/boards/glk_rt5682_max98357a.c | 2 + sound/soc/intel/boards/kbl_da7219_max98357a.c | 1 + sound/soc/intel/boards/kbl_da7219_max98927.c | 4 + sound/soc/intel/boards/kbl_rt5660.c | 1 + sound/soc/intel/boards/kbl_rt5663_max98927.c | 2 + .../soc/intel/boards/kbl_rt5663_rt5514_max98927.c | 1 + sound/soc/intel/boards/skl_hda_dsp_generic.c | 2 + sound/soc/intel/boards/skl_nau88l25_max98357a.c | 1 + sound/soc/intel/boards/skl_rt286.c | 1 + sound/soc/kirkwood/kirkwood-dma.c | 3 + sound/soc/mediatek/mt8192/mt8192-dai-tdm.c | 4 +- tools/arch/x86/lib/x86-opcode-map.txt | 2 +- tools/bpf/resolve_btfids/main.c | 2 +- tools/include/uapi/linux/bpf.h | 2 +- tools/lib/subcmd/parse-options.c | 8 +- tools/perf/Documentation/perf-list.txt | 1 + tools/perf/bench/inject-buildid.c | 2 +- tools/perf/builtin-annotate.c | 2 - tools/perf/builtin-daemon.c | 4 +- tools/perf/builtin-record.c | 4 +- tools/perf/builtin-report.c | 2 +- tools/perf/ui/browser.c | 26 +- tools/perf/ui/browser.h | 2 +- tools/perf/ui/browsers/annotate.c | 2 +- tools/perf/ui/setup.c | 5 +- tools/perf/ui/tui/helpline.c | 5 +- tools/perf/ui/tui/progress.c | 8 +- tools/perf/ui/tui/setup.c | 12 +- tools/perf/ui/tui/util.c | 18 +- tools/perf/ui/ui.h | 4 +- .../perf/util/intel-pt-decoder/intel-pt-decoder.c | 2 + tools/perf/util/intel-pt.c | 2 + tools/perf/util/probe-event.c | 1 + tools/perf/util/stat-display.c | 3 + tools/testing/selftests/bpf/test_sockmap.c | 2 +- .../selftests/filesystems/binderfs/Makefile | 2 - tools/testing/selftests/kcmp/kcmp_test.c | 8 +- .../selftests/net/forwarding/bridge_igmp.sh | 6 +- .../testing/selftests/net/forwarding/bridge_mld.sh | 6 +- tools/testing/selftests/resctrl/Makefile | 4 +- .../selftests/syscall_user_dispatch/sud_test.c | 14 + tools/tracing/latency/latency-collector.c | 8 +- 390 files changed, 3763 insertions(+), 2470 deletions(-)

1 year, 3 months

10
415
0 0

[PATCH v7] driver core: platform: set numa_node before platform_device_add()

by guojinhui.liam

From: Jinhui Guo <guojinhui.liam(a)bytedance.com> Setting the devices' numa_node needs to be done in platform_device_register_full(), because that's where the platform device object is allocated. Fixes: 4a60406d3592 ("driver core: platform: expose numa_node to users in sysfs") Cc: stable(a)vger.kernel.org Reported-by: kernel test robot <lkp(a)intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202309122309.mbxAnAIe-lkp@intel.com/ Signed-off-by: Jinhui Guo <guojinhui.liam(a)bytedance.com> --- V6 -> V7 1. Fix bug directly by adding numa_node to struct platform_device_info (suggested by Rafael J. Wysocki). 2. Remove reviewer name. V5 -> V6: 1. Update subject to correct function name platform_device_add(). 2. Provide a more clear and accurate description of the changes made in commit (suggested by Rafael J. Wysocki). 3. Add reviewer name. V4 -> V5: Add Cc: stable line and changes from the previous submited patches. V3 -> V4: Refactor code to be an ACPI function call (suggested by Greg Kroah-Hartman). V2 -> V3: Fix Signed-off name. V1 -> V2: Fix compile error without enabling CONFIG_ACPI. --- drivers/acpi/acpi_platform.c | 5 ++--- drivers/base/platform.c | 4 ++++ include/linux/platform_device.h | 26 ++++++++++++++++++++++++++ 3 files changed, 32 insertions(+), 3 deletions(-) diff --git a/drivers/acpi/acpi_platform.c b/drivers/acpi/acpi_platform.c index 48d15dd785f6..1ae7449f70dc 100644 --- a/drivers/acpi/acpi_platform.c +++ b/drivers/acpi/acpi_platform.c @@ -168,6 +168,7 @@ struct platform_device *acpi_create_platform_device(struct acpi_device *adev, pdevinfo.num_res = count; pdevinfo.fwnode = acpi_fwnode_handle(adev); pdevinfo.properties = properties; + platform_devinfo_set_node(&pdevinfo, acpi_get_node(adev->handle)); if (acpi_dma_supported(adev)) pdevinfo.dma_mask = DMA_BIT_MASK(32); @@ -178,11 +179,9 @@ struct platform_device *acpi_create_platform_device(struct acpi_device *adev, if (IS_ERR(pdev)) dev_err(&adev->dev, "platform device creation failed: %ld\n", PTR_ERR(pdev)); - else { - set_dev_node(&pdev->dev, acpi_get_node(adev->handle)); + else dev_dbg(&adev->dev, "created platform device %s\n", dev_name(&pdev->dev)); - } kfree(resources); diff --git a/drivers/base/platform.c b/drivers/base/platform.c index 76bfcba25003..c733bfb26149 100644 --- a/drivers/base/platform.c +++ b/drivers/base/platform.c @@ -808,6 +808,7 @@ struct platform_device *platform_device_register_full( { int ret; struct platform_device *pdev; + int numa_node = platform_devinfo_get_node(pdevinfo); pdev = platform_device_alloc(pdevinfo->name, pdevinfo->id); if (!pdev) @@ -841,6 +842,9 @@ struct platform_device *platform_device_register_full( goto err; } + if (numa_node >= 0) + set_dev_node(&pdev->dev, numa_node); + ret = platform_device_add(pdev); if (ret) { err: diff --git a/include/linux/platform_device.h b/include/linux/platform_device.h index 7a41c72c1959..78e11b79f1af 100644 --- a/include/linux/platform_device.h +++ b/include/linux/platform_device.h @@ -132,10 +132,36 @@ struct platform_device_info { u64 dma_mask; const struct property_entry *properties; + +#ifdef CONFIG_NUMA + int numa_node; /* NUMA node this platform device is close to plus 1 */ +#endif }; extern struct platform_device *platform_device_register_full( const struct platform_device_info *pdevinfo); +#ifdef CONFIG_NUMA +static inline int platform_devinfo_get_node(const struct platform_device_info *pdevinfo) +{ + return pdevinfo ? pdevinfo->numa_node - 1 : NUMA_NO_NODE; +} + +static inline void platform_devinfo_set_node(struct platform_device_info *pdevinfo, + int node) +{ + pdevinfo->numa_node = node + 1; +} +#else +static inline int platform_devinfo_get_node(const struct platform_device_info *pdevinfo) +{ + return NUMA_NO_NODE; +} + +static inline void platform_devinfo_set_node(struct platform_device_info *pdevinfo, + int node) +{} +#endif + /** * platform_device_register_resndata - add a platform-level device with * resources and platform-specific data -- 2.20.1

1 year, 3 months

2
1
0 0

[PATCH bpf v2 1/2] compiler_types.h: Define __retain for __attribute__((__retain__))

by Tony Ambardar

Some code includes the __used macro to prevent functions and data from being optimized out. This macro implements __attribute__((__used__)), which operates at the compiler and IR-level, and so still allows a linker to remove objects intended to be kept. Compilers supporting __attribute__((__retain__)) can address this gap by setting the flag SHF_GNU_RETAIN on the section of a function/variable, indicating to the linker the object should be retained. This attribute is available since gcc 11, clang 13, and binutils 2.36. Provide a __retain macro implementing __attribute__((__retain__)), whose first user will be the '__bpf_kfunc' tag. Link: https://lore.kernel.org/bpf/ZlmGoT9KiYLZd91S@krava/T/ Cc: stable(a)vger.kernel.org # v6.6+ Signed-off-by: Tony Ambardar <Tony.Ambardar(a)gmail.com> --- include/linux/compiler_types.h | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/include/linux/compiler_types.h b/include/linux/compiler_types.h index 93600de3800b..f14c275950b5 100644 --- a/include/linux/compiler_types.h +++ b/include/linux/compiler_types.h @@ -143,6 +143,29 @@ static inline void __chk_io_ptr(const volatile void __iomem *ptr) { } # define __preserve_most #endif +/* + * Annotating a function/variable with __retain tells the compiler to place + * the object in its own section and set the flag SHF_GNU_RETAIN. This flag + * instructs the linker to retain the object during garbage-cleanup or LTO + * phases. + * + * Note that the __used macro is also used to prevent functions or data + * being optimized out, but operates at the compiler/IR-level and may still + * allow unintended removal of objects during linking. + * + * Optional: only supported since gcc >= 11, clang >= 13 + * + * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-re… + * clang: https://clang.llvm.org/docs/AttributeReference.html#retain + */ +#if __has_attribute(__retain__) && \ + (defined(CONFIG_LD_DEAD_CODE_DATA_ELIMINATION) || \ + defined(CONFIG_LTO_CLANG)) +# define __retain __attribute__((__retain__)) +#else +# define __retain +#endif + /* Compiler specific macros. */ #ifdef __clang__ #include <linux/compiler-clang.h> -- 2.34.1

1 year, 3 months

2
5
0 0

[PATCH 0/2] media: uvcvideo: Followup hwtimestamp patches

by Ricardo Ribalda

The series https://patchwork.linuxtv.org/project/linux-media/list/?series=12485 was all merged but one patch that Laurent found a bug in the index used. When I tried the fixed patch I found an integer overflow in the timestamp calculations. This bug can be triggered with slow framerates. Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> --- Ricardo Ribalda (2): media: uvcvideo: Fix hw timestamp handling for slow FPS media: uvcvideo: Fix integer overflow calculating timestamp drivers/media/usb/uvc/uvc_video.c | 33 ++++++++++++++++++++++++++++----- drivers/media/usb/uvc/uvcvideo.h | 1 + 2 files changed, 29 insertions(+), 5 deletions(-) --- base-commit: ef1e48f725d30cb18d3f2d40c48f50f483080cf7 change-id: 20240610-hwtimestamp-followup-2489c5668b21 Best regards, -- Ricardo Ribalda <ribalda(a)chromium.org>

1 year, 3 months

2
2
0 0

Re: Kernel 5.15.150 black screen with AMD Raven/Picasso GPU

by Armin Wolf

Am 23.05.24 um 15:13 schrieb Barry Kauler: > On Wed, May 22, 2024 at 12:58 AM Armin Wolf <W_Armin(a)gmx.de> wrote: >> Am 20.05.24 um 18:22 schrieb Alex Deucher: >> >>> On Sat, May 18, 2024 at 8:17 PM Armin Wolf <W_Armin(a)gmx.de> wrote: >>>> Am 17.05.24 um 03:30 schrieb Barry Kauler: >>>> >>>>> Armin, Yifan, Prike, >>>>> I will top-post, so you don't have to scroll down. >>>>> After identifying the commit that causes black screen with my gpu, I >>>>> posted the result to you guys, on May 9. >>>>> It is now May 17 and no reply. >>>>> OK, I have now created a patch that reverts Yifan's commit, compiled >>>>> 5.15.158, and my gpu now works. >>>>> Note, the radeon module is not loaded, so it is not a factor. >>>>> I'm not a kernel developer. I have identified the culprit and it is up >>>>> to you guys to fix it, Yifan especially, as you are the person who has >>>>> created the regression. >>>>> I will attach my patch. >>>>> Regards, >>>>> Barry Kauler >>>> Hi, >>>> >>>> sorry for not responding to your findings. I normally do not work with GPU drivers, >>>> so i hoped one of the amdgpu developers would handle this. >>>> >>>> I CCeddri-devel(a)lists.freedesktop.org and amd-gfx(a)lists.freedesktop.org so that other >>>> amdgpu developers hear from this issue. >>>> >>>> Thanks you for you persistence in finding the offending commit. >>> Likely this patch should not have been ported to 5.15 in the first >>> place. The IOMMU requirements have been dropped from the driver for >>> the last few kernel versions so it is no longer relevant on newer >>> kernels. >>> >>> Alex >> Barry, can you verify that the latest upstream kernel works on you device? >> If yes, then the commit itself is ok and just the backporting itself was wrong. >> >> Thanks, >> Armin Wolf > Armin, > The unmodified 6.8.1 kernel works ok. > I presume that patch was applied long before 6.8.1 got released and > only got backported to 5.15.x recently. > > Regards, > Barry > Great to hear, that means we only have to revert commit 56b522f46681 ("drm/amdgpu: init iommu after amdkfd device init") from the 5.15.y series. I CCed the stable mailing list so that they can revert the offending commit. Thanks, Armin Wolf >>>> Armin Wolf >>>> >>>>> On Thu, May 9, 2024 at 4:08 PM Barry Kauler <bkauler(a)gmail.com> wrote: >>>>>> On Fri, May 3, 2024 at 9:03 PM Armin Wolf <W_Armin(a)gmx.de> wrote: >>>>>>>> ... >>>>>>>> # lspci | grep VGA >>>>>>>> 05:00.0 VGA compatible controller: Advanced Micro Devices, Inc. >>>>>>>> [AMD/ATI] Picasso/Raven 2 [Radeon Vega Series / Radeon Vega Mobile >>>>>>>> Series] (rev c2) >>>>>>>> 05:00.7 Non-VGA unclassified device: Advanced Micro Devices, Inc. >>>>>>>> [AMD] Raven/Raven2/Renoir Non-Sensor Fusion Hub KMDF driver >>>>>>>> >>>>>>>> # lspci -n -k >>>>>>>> ... >>>>>>>> 05:00.0 0300: 1002:15d8 (rev c2) >>>>>>>> Subsystem: 1025:1456 >>>>>>>> Kernel driver in use: amdgpu >>>>>>>> Kernel modules: amdgpu >>>>>>>> ... >>>>>>> thanks for informing us of this regression. Since there are four commits affecting >>>>>>> amdgpu in 5.15.150, i suggest that you use "git bisect" to find the faulty commits, >>>>>>> see https://docs.kernel.org/admin-guide/bug-bisect.html for details. >>>>>>> >>>>>>> I think you can speed up the bisecting process by limiting yourself to the AMD DRM >>>>>>> driver directory with "git bisect start -- drivers/gpu/drm/amd", take a look at the >>>>>>> man page of "git bisect" for details. >>>>>>> >>>>>>> Thanks, >>>>>>> Armin Wolf >>>>>> Armin, >>>>>> Thanks for the advice. I am unfamiliar with git on the commandline. >>>>>> Previously only used SmartGit gui. >>>>>> EasyOS requires aufs patch, and for a few days tried to figure out how >>>>>> to use that with git bisect, then gave up. Changed to testing with my >>>>>> "QV" distro, which is more conventional, doesn't need any kernel >>>>>> patches. Managed to get it down to one commit. Here are the steps I >>>>>> followed: >>>>>> >>>>>> # git clone git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git >>>>>> # cd linux-stable >>>>>> # git tag -l | grep '5\.15\.150' >>>>>> v5.15.150 >>>>>> # git checkout -b my5.15.150 v5.15.150 >>>>>> Updating files: 100% (65776/65776), done. >>>>>> Switched to a new branch 'my5.15.150' >>>>>> >>>>>> Copied in my .config then... >>>>>> >>>>>> # make menuconfig >>>>>> # git bisect start -- drivers/gpu/drm/amd >>>>>> # git bisect bad >>>>>> # git bisect good v5.15.149 >>>>>> Bisecting: 1 revision left to test after this (roughly 1 step) >>>>>> [b9a61ee2bb2704e42516e3da962f99dfa98f3b20] drm/amdgpu: reset gpu for >>>>>> s3 suspend abort case >>>>>> # make >>>>>> # rm -rf /boot2 >>>>>> # mkdir -p /boot2/lib/modules >>>>>> # make INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=/boot2 modules_install >>>>>> # cp arch/x86/boot/bzImage /boot2/vmlinuz >>>>>> # sync >>>>>> ...QV on Acer laptop, with amdgpu, works! >>>>>> # git bisect good >>>>>> Bisecting: 0 revisions left to test after this (roughly 0 steps) >>>>>> [56b522f4668167096a50c39446d6263c96219f5f] drm/amdgpu: init iommu >>>>>> after amdkfd device init >>>>>> # make >>>>>> # mkdir -p /boot2/lib/modules >>>>>> # make INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=/boot2 modules_install >>>>>> # cp arch/x86/boot/bzImage /boot2/vmlinuz >>>>>> # sync >>>>>> ...QV on Acer laptop, black screen! >>>>>> >>>>>> # git bisect bad >>>>>> 56b522f4668167096a50c39446d6263c96219f5f is the first bad commit >>>>>> commit 56b522f4668167096a50c39446d6263c96219f5f >>>>>> Author: Yifan Zhang <yifan1.zhang(a)amd.com> >>>>>> Date: Tue Sep 28 15:42:35 2021 +0800 >>>>>> >>>>>> drm/amdgpu: init iommu after amdkfd device init >>>>>> >>>>>> [ Upstream commit 286826d7d976e7646b09149d9bc2899d74ff962b ] >>>>>> >>>>>> This patch is to fix clinfo failure in Raven/Picasso: >>>>>> >>>>>> Number of platforms: 1 >>>>>> Platform Profile: FULL_PROFILE >>>>>> Platform Version: OpenCL 2.2 AMD-APP (3364.0) >>>>>> Platform Name: AMD Accelerated Parallel Processing >>>>>> Platform Vendor: Advanced Micro Devices, Inc. >>>>>> Platform Extensions: cl_khr_icd cl_amd_event_callback >>>>>> >>>>>> Platform Name: AMD Accelerated Parallel Processing Number of devices: 0 >>>>>> >>>>>> Signed-off-by: Yifan Zhang <yifan1.zhang(a)amd.com> >>>>>> Reviewed-by: James Zhu <James.Zhu(a)amd.com> >>>>>> Tested-by: James Zhu <James.Zhu(a)amd.com> >>>>>> Acked-by: Felix Kuehling <Felix.Kuehling(a)amd.com> >>>>>> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> >>>>>> Signed-off-by: Sasha Levin <sashal(a)kernel.org> >>>>>> >>>>>> drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 8 ++++---- >>>>>> 1 file changed, 4 insertions(+), 4 deletions(-) >>>>>> >>>>>> Anything else I should do, to identify what in this commit is the >>>>>> likely culprit? >>>>>> Regards, >>>>>> Barry Kauler

1 year, 3 months

2
2
0 0

[PATCH 6.9 000/157] 6.9.5-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.9.5 release. There are 157 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 15 Jun 2024 11:31:50 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.9.5-rc1.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.9.5-rc1 Enzo Matsumiya <ematsumiya(a)suse.de> smb: client: fix deadlock in smb2_find_smb_tcon() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix potential kernel bug due to lack of writeback flag waiting Puranjay Mohan <puranjay(a)kernel.org> powerpc/bpf: enforce full ordering for ATOMIC operations with BPF_FETCH Hari Bathini <hbathini(a)linux.ibm.com> powerpc/64/bpf: fix tail calls for PCREL addressing Andrii Nakryiko <andrii(a)kernel.org> bpf: fix multi-uprobe PID filtering logic Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Fix incorrect UMP type for system messages Qu Wenruo <wqu(a)suse.com> btrfs: re-introduce 'norecovery' mount option Filipe Manana <fdmanana(a)suse.com> btrfs: fix leak of qgroup extent records after transaction abort Omar Sandoval <osandov(a)fb.com> btrfs: fix crash on racing fsync and size-extending write into prealloc Qu Wenruo <wqu(a)suse.com> btrfs: protect folio::private when attaching extent buffer folios Boris Burkov <boris(a)bur.io> btrfs: qgroup: fix qgroup id collision across mounts David Sterba <dsterba(a)suse.com> btrfs: qgroup: update rescan message levels and error codes Steven Rostedt (Google) <rostedt(a)goodmis.org> tracefs: Clear EVENT_INODE flag in tracefs_drop_inode() Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Keep the directories from having the same inode number as files Hao Ge <gehao(a)kylinos.cn> eventfs: Fix a possible null pointer dereference in eventfs_find_events() Anna Schumaker <Anna.Schumaker(a)Netapp.com> NFS: Fix READ_PLUS when server doesn't support OP_READ_PLUS Sergey Shtylyov <s.shtylyov(a)omp.ru> nfs: fix undefined behavior in nfs_block_bits() Steve French <stfrench(a)microsoft.com> cifs: fix creating sockets when using sfu mount options Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> EDAC/igen6: Convert PCIBIOS_* return codes to errnos Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> EDAC/amd64: Convert PCIBIOS_* return codes to errnos Takashi Iwai <tiwai(a)suse.de> ALSA: ump: Don't accept an invalid UMP protocol number Takashi Iwai <tiwai(a)suse.de> ALSA: ump: Don't clear bank selection after sending a program change Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension Nam Cao <namcao(a)linutronix.de> riscv: enable HAVE_ARCH_HUGE_VMAP for XIP kernel Javier Carrasco <javier.carrasco.cruz(a)gmail.com> hwmon: (ltc2992) Fix memory leak in ltc2992_parse_dt() dicken.ding <dicken.ding(a)mediatek.com> genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after() Frank Li <Frank.Li(a)nxp.com> i3c: master: svc: fix invalidate IBI type and miss call client IBI handler Harald Freudenberger <freude(a)linux.ibm.com> s390/cpacf: Make use of invalid opcode produce a link error Harald Freudenberger <freude(a)linux.ibm.com> s390/cpacf: Split and rework cpacf query functions Harald Freudenberger <freude(a)linux.ibm.com> s390/ap: Fix crash in AP internal function modify_bitmap() Helge Deller <deller(a)kernel.org> parisc: Define sigset_t in parisc uapi header Helge Deller <deller(a)gmx.de> parisc: Define HAVE_ARCH_HUGETLB_UNMAPPED_AREA Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: samsung: exynos4412-origen: fix keypad no-autorepeat Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: samsung: smdk4412: fix keypad no-autorepeat Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: samsung: smdkv310: fix keypad no-autorepeat Shengyu Qu <wiagn233(a)outlook.com> riscv: dts: starfive: Remove PMIC interrupt info for Visionfive 2 board Baokun Li <libaokun1(a)huawei.com> ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() Baokun Li <libaokun1(a)huawei.com> ext4: set type of ac_groups_linear_remaining to __u32 to avoid overflow Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> ext4: Fixes len calculation in mpage_journal_page_buffers Mike Gilbert <floppym(a)gentoo.org> sparc: move struct termio to asm/termios.h Hui Wang <hui.wang(a)canonical.com> e1000e: move force SMBUS near the end of enable_ulp function Arnaldo Carvalho de Melo <acme(a)redhat.com> Revert "perf record: Reduce memory for recording PERF_RECORD_LOST_SAMPLES event" Magnus Karlsson <magnus.karlsson(a)intel.com> Revert "xsk: Document ability to redirect to any socket bound to the same umem" Magnus Karlsson <magnus.karlsson(a)intel.com> Revert "xsk: Support redirect to any socket bound to the same umem" Daniel Thompson <daniel.thompson(a)linaro.org> kdb: Use format-specifiers rather than memset() for padding in kdb_read() Daniel Thompson <daniel.thompson(a)linaro.org> kdb: Merge identical case statements in kdb_read() Daniel Thompson <daniel.thompson(a)linaro.org> kdb: Fix console handling when editing and tab-completing commands Daniel Thompson <daniel.thompson(a)linaro.org> kdb: Use format-strings rather than '\0' injection in kdb_read() Daniel Thompson <daniel.thompson(a)linaro.org> kdb: Fix buffer overflow during tab-complete Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> wifi: ath10k: fix QCOM_RPROC_COMMON dependency Sunil V L <sunilvl(a)ventanamicro.com> irqchip/riscv-intc: Prevent memory leak when riscv_intc_init_common() fails Tony Battersby <tonyb(a)cybernetics.com> bonding: fix oops during rmmod Judith Mendez <jm(a)ti.com> watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a safety margin Dev Jain <dev.jain(a)arm.com> selftests/mm: compaction_test: fix bogus test success on Aarch64 Michael Ellerman <mpe(a)ellerman.id.au> selftests/mm: fix build warnings on ppc64 Dev Jain <dev.jain(a)arm.com> selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages Hailong.Liu <hailong.liu(a)oppo.com> mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL Miaohe Lin <linmiaohe(a)huawei.com> mm/memory-failure: fix handling of dissolved but not taken off from buddy pages Yuanyuan Zhong <yzhong(a)purestorage.com> mm: /proc/pid/smaps_rollup: avoid skipping vma after getting mmap_lock again Frank van der Linden <fvdl(a)google.com> mm/hugetlb: pass correct order_per_bit to cma_declare_contiguous_nid Frank van der Linden <fvdl(a)google.com> mm/cma: drop incorrect alignment check in cma_init_reserved_mem Oscar Salvador <osalvador(a)suse.de> mm/hugetlb: do not call vma_add_reservation upon ENOMEM Sam Ravnborg <sam(a)ravnborg.org> sparc64: Fix number of online CPUs John Kacur <jkacur(a)redhat.com> rtla/timerlat: Fix histogram report when a cpu count is 0 Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Meteor Lake-S CPU support Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> cpufreq: amd-pstate: Fix the inconsistency in max frequency units Jan Beulich <jbeulich(a)suse.com> tpm_tis: Do *not* flush uninitialized work Alexander Potapenko <glider(a)google.com> kmsan: do not wipe out origin when doing partial unpoisoning Chengming Zhou <chengming.zhou(a)linux.dev> mm/ksm: fix ksm_zero_pages accounting Chengming Zhou <chengming.zhou(a)linux.dev> mm/ksm: fix ksm_pages_scanned accounting Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: net: lib: avoid error removing empty netns name Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: net: lib: support errexit with busywait Dmitry Safonov <0x7f454c46(a)gmail.com> net/tcp: Don't consider TCP_CLOSE in TCP_AO_ESTABLISHED Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> net/9p: fix uninit-value in p9_client_rpc() xu xin <xu.xin16(a)zte.com.cn> net/ipv6: Fix route deleting failure when metric equals 0 Martin K. Petersen <martin.petersen(a)oracle.com> scsi: core: Handle devices which return an unusually large VPD page count Johan Hovold <johan+linaro(a)kernel.org> HID: i2c-hid: elan: fix reset suspend current leakage Hamish Martin <hamish.martin(a)alliedtelesis.co.nz> i2c: acpi: Unbind mux adapters before delete Dan Williams <dan.j.williams(a)intel.com> ACPI: APEI: EINJ: Fix einj_dev release leak Xu Yang <xu.yang_2(a)nxp.com> iomap: fault in smaller chunks for non-large folio mappings Xu Yang <xu.yang_2(a)nxp.com> filemap: add helper mapping_max_folio_size() Jens Axboe <axboe(a)kernel.dk> io_uring: check for non-NULL file pointer in io_file_can_poll() Jens Axboe <axboe(a)kernel.dk> io_uring/napi: fix timeout calculation Ryan Roberts <ryan.roberts(a)arm.com> mm: fix race between __split_huge_pmd_locked() and GUP-fast Nathan Chancellor <nathan(a)kernel.org> kbuild: Remove support for Clang's ThinLTO caching Herbert Xu <herbert(a)gondor.apana.org.au> crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak Vitaly Chikunov <vt(a)altlinux.org> crypto: ecrdsa - Fix module auto-load on add_key Stefan Berger <stefanb(a)linux.ibm.com> crypto: ecdsa - Fix module auto-load on add-key Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: apss-ipq-pll: use stromer ops for IPQ5018 to fix boot failure Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: clk-alpha-pll: fix rate setting for Stromer PLLs Nathan Chancellor <nathan(a)kernel.org> clk: bcm: rpi: Assign ->num before accessing ->hws Nathan Chancellor <nathan(a)kernel.org> clk: bcm: dvp: Assign ->num before accessing ->hws Jiaxun Yang <jiaxun.yang(a)flygoat.com> LoongArch: Fix entry point in kernel image header Jiaxun Yang <jiaxun.yang(a)flygoat.com> LoongArch: Override higher address bits in JUMP_VIRT_ADDR Jiaxun Yang <jiaxun.yang(a)flygoat.com> LoongArch: Fix built-in DTB detection Jiaxun Yang <jiaxun.yang(a)flygoat.com> LoongArch: Add all CPUs enabled by fdt to NUMA node 0 Marc Zyngier <maz(a)kernel.org> KVM: arm64: AArch32: Fix spurious trapping of conditional instructions Marc Zyngier <maz(a)kernel.org> KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode Marc Zyngier <maz(a)kernel.org> KVM: arm64: Fix AArch32 register narrowing on userspace write Sean Christopherson <seanjc(a)google.com> KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked Alex Deucher <alexander.deucher(a)amd.com> Revert "drm/amdkfd: fix gfx_target_version for certain 11.0.3 devices" Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Fix shutdown (again) on some SMU v13.0.4/11 platforms Dominique Martinet <asmadeus(a)codewreck.org> 9p: add missing locking around taking dentry fid list Li Ma <li.ma(a)amd.com> drm/amdgpu/atomfirmware: add intergrated info v2.3 table Gabor Juhos <j4g8y7(a)gmail.com> firmware: qcom_scm: disable clocks if qcom_scm_bw_enable() fails Cai Xinchen <caixinchen1(a)huawei.com> fbdev: savage: Handle err return when savagefb_check_var failed Thomas Zimmermann <tzimmermann(a)suse.de> drm/fbdev-generic: Do not set physical framebuffer address Hans de Goede <hdegoede(a)redhat.com> mmc: sdhci-acpi: Add quirk to enable pull-up on the card-detect GPIO on Asus T100TA Hans de Goede <hdegoede(a)redhat.com> mmc: sdhci-acpi: Disable write protect detection on Toshiba WT10-A Hans de Goede <hdegoede(a)redhat.com> mmc: sdhci-acpi: Fix Lenovo Yoga Tablet 2 Pro 1380 sdcard slot not working Hans de Goede <hdegoede(a)redhat.com> mmc: sdhci-acpi: Sort DMI quirks alphabetically Adrian Hunter <adrian.hunter(a)intel.com> mmc: sdhci: Add support for "Tuning Error" interrupts Hans de Goede <hdegoede(a)redhat.com> mmc: core: Add mmc_gpiod_set_cd_config() function Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> mmc: davinci: Don't strip remove function when driver is builtin Alexander Stein <alexander.stein(a)ew.tq-group.com> media: v4l: async: Fix notifier list entry init Sakari Ailus <sakari.ailus(a)linux.intel.com> media: v4l: async: Don't set notifier's V4L2 device if registering fails Sakari Ailus <sakari.ailus(a)linux.intel.com> media: v4l: async: Properly re-initialise notifier entry in unregister Sakari Ailus <sakari.ailus(a)linux.intel.com> media: ov2740: Fix LINK_FREQ and PIXEL_RATE control value reporting Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: v4l2-core: hold videodev_lock until dev reg, finishes Nathan Chancellor <nathan(a)kernel.org> media: mxl5xx: Move xpt structures off stack Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: mc: mark the media devnode as registered from the, start Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: mc: Fix graph walk in media_pipeline_start Martin Tůma <martin.tuma(a)digiteqautomotive.com> media: mgb4: Fix double debugfs remove Max Krummenacher <max.krummenacher(a)toradex.com> arm64: dts: ti: verdin-am62: Set memory size to 2gb Yang Xiwen <forbidden405(a)outlook.com> arm64: dts: hi3798cv200: fix the size of GICR Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc8280xp: add missing PCIe minimum OPP Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtlwifi: rtl8192de: Fix endianness issue in RX path Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtlwifi: rtl8192de: Fix low speed with WPA3-SAE Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtlwifi: rtl8192de: Fix 5 GHz TX power Martin Kaistra <martin.kaistra(a)linutronix.de> wifi: rtl8xxxu: enable MFP support with security flag of RX descriptor Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: pci: correct TX resource checking for PCI DMA channel of firmware command Yu Kuai <yukuai3(a)huawei.com> md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: qcs404: fix bluetooth device address Krzysztof Kozlowski <krzk(a)kernel.org> arm64: tegra: Correct Tegra132 I2C alias Christoffer Sandberg <cs(a)tuxedo.de> ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx Maulik Shah <quic_mkshah(a)quicinc.com> soc: qcom: rpmh-rsc: Enhance check for VRM in-flight request Konrad Dybcio <konrad.dybcio(a)linaro.org> thermal/drivers/qcom/lmh: Check for SCM availability at probe Karthikeyan Ramasubramanian <kramasub(a)chromium.org> platform/chrome: cros_ec: Handle events during suspend after resume completion Tyler Hicks (Microsoft) <code(a)tyhicks.com> proc: Move fdinfo PTRACE_MODE_READ check into the inode .permission operation Eric Biggers <ebiggers(a)google.com> fsverity: use register_sysctl_init() to avoid kmemleak warning Sergey Shtylyov <s.shtylyov(a)omp.ru> ata: pata_legacy: make legacy_exit() work again Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: correct aSIFSTime for 6GHz band Dan Carpenter <dan.carpenter(a)linaro.org> btrfs: qgroup: fix initialization of auto inherit array Jia Jie Ho <jiajie.ho(a)starfivetech.com> crypto: starfive - Do not free stack buffer Matthew Mirvish <matthew(a)mm12.xyz> bcache: fix variable length array abuse in btree_iter Matthew Auld <matthew.auld(a)intel.com> drm/xe/bb: assert width in xe_bb_create_job() Bob Zhou <bob.zhou(a)amd.com> drm/amdgpu: add error handle to avoid out-of-bounds Zheyu Ma <zheyuma97(a)gmail.com> media: lgdt3306a: Add a check against null-pointer-def Chao Yu <chao(a)kernel.org> f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() Daniel Borkmann <daniel(a)iogearbox.net> vxlan: Fix regression when dropping packets due to invalid src addresses Thomas Gleixner <tglx(a)linutronix.de> x86/topology/amd: Evaluate SMT in CPUID leaf 0x8000001e only on family 0x17 and greater Gao Xiang <xiang(a)kernel.org> erofs: avoid allocating DEFLATE streams before mounting Marc Dionne <marc.dionne(a)auristor.com> afs: Don't cross .backup mountpoint from backup volume Ashutosh Dixit <ashutosh.dixit(a)intel.com> drm/i915/hwmon: Get rid of devm Lang Yu <Lang.Yu(a)amd.com> drm/amdkfd: handle duplicate BOs in reserve_bo_and_cond_vms ------------- Diffstat: Documentation/mm/arch_pgtable_helpers.rst | 6 +- Documentation/networking/af_xdp.rst | 31 +++--- Makefile | 9 +- arch/arm/boot/dts/samsung/exynos4210-smdkv310.dts | 2 +- arch/arm/boot/dts/samsung/exynos4412-origen.dts | 2 +- arch/arm/boot/dts/samsung/exynos4412-smdk4412.dts | 2 +- arch/arm64/boot/dts/hisilicon/hi3798cv200.dtsi | 2 +- arch/arm64/boot/dts/nvidia/tegra132-norrin.dts | 4 +- arch/arm64/boot/dts/nvidia/tegra132.dtsi | 2 +- arch/arm64/boot/dts/qcom/qcs404-evb.dtsi | 2 +- arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 5 + arch/arm64/boot/dts/ti/k3-am62-verdin.dtsi | 2 +- arch/arm64/kvm/guest.c | 3 +- arch/arm64/kvm/hyp/aarch32.c | 18 +++- arch/loongarch/include/asm/numa.h | 1 + arch/loongarch/include/asm/stackframe.h | 2 +- arch/loongarch/kernel/head.S | 2 +- arch/loongarch/kernel/setup.c | 2 +- arch/loongarch/kernel/smp.c | 5 +- arch/loongarch/kernel/vmlinux.lds.S | 10 +- arch/parisc/include/asm/page.h | 1 + arch/parisc/include/asm/signal.h | 12 --- arch/parisc/include/uapi/asm/signal.h | 10 ++ arch/powerpc/mm/book3s64/pgtable.c | 1 + arch/powerpc/net/bpf_jit_comp32.c | 12 +++ arch/powerpc/net/bpf_jit_comp64.c | 42 +++++--- arch/riscv/Kconfig | 2 +- .../dts/starfive/jh7110-starfive-visionfive-2.dtsi | 1 - arch/s390/include/asm/cpacf.h | 109 +++++++++++++++++---- arch/s390/include/asm/pgtable.h | 4 +- arch/sparc/include/asm/smp_64.h | 2 - arch/sparc/include/uapi/asm/termbits.h | 10 -- arch/sparc/include/uapi/asm/termios.h | 9 ++ arch/sparc/kernel/prom_64.c | 4 +- arch/sparc/kernel/setup_64.c | 1 - arch/sparc/kernel/smp_64.c | 14 --- arch/sparc/mm/tlb.c | 1 + arch/x86/kernel/cpu/topology_amd.c | 4 +- arch/x86/kvm/svm/svm.c | 27 +++-- arch/x86/mm/pgtable.c | 2 + crypto/ecdsa.c | 3 + crypto/ecrdsa.c | 1 + drivers/acpi/apei/einj-core.c | 2 +- drivers/acpi/resource.c | 12 +++ drivers/ata/pata_legacy.c | 8 +- drivers/char/tpm/tpm_tis_core.c | 3 +- drivers/clk/bcm/clk-bcm2711-dvp.c | 3 +- drivers/clk/bcm/clk-raspberrypi.c | 2 +- drivers/clk/qcom/apss-ipq-pll.c | 30 +++++- drivers/clk/qcom/clk-alpha-pll.c | 2 + drivers/cpufreq/amd-pstate.c | 2 +- drivers/crypto/intel/qat/qat_common/adf_aer.c | 19 +--- drivers/crypto/starfive/jh7110-rsa.c | 1 - drivers/edac/amd64_edac.c | 8 +- drivers/edac/igen6_edac.c | 4 +- drivers/firmware/efi/libstub/loongarch.c | 2 +- drivers/firmware/qcom/qcom_scm.c | 18 ++-- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_atomfirmware.c | 15 +++ drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 3 + drivers/gpu/drm/amd/amdkfd/kfd_device.c | 11 +-- drivers/gpu/drm/amd/include/atomfirmware.h | 43 ++++++++ .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c | 20 ++-- drivers/gpu/drm/drm_fbdev_generic.c | 1 - drivers/gpu/drm/i915/i915_hwmon.c | 46 ++++++--- drivers/gpu/drm/xe/xe_bb.c | 3 +- drivers/hid/i2c-hid/i2c-hid-of-elan.c | 59 ++++++++--- drivers/hwmon/ltc2992.c | 4 +- drivers/hwtracing/intel_th/pci.c | 5 + drivers/i2c/i2c-core-acpi.c | 19 +++- drivers/i3c/master/svc-i3c-master.c | 16 ++- drivers/irqchip/irq-riscv-intc.c | 9 +- drivers/md/bcache/bset.c | 44 ++++----- drivers/md/bcache/bset.h | 28 ++++-- drivers/md/bcache/btree.c | 40 ++++---- drivers/md/bcache/super.c | 5 +- drivers/md/bcache/sysfs.c | 2 +- drivers/md/bcache/writeback.c | 10 +- drivers/md/raid5.c | 15 +-- drivers/media/dvb-frontends/lgdt3306a.c | 5 + drivers/media/dvb-frontends/mxl5xx.c | 22 ++--- drivers/media/i2c/ov2740.c | 11 ++- drivers/media/mc/mc-devnode.c | 5 +- drivers/media/mc/mc-entity.c | 6 ++ drivers/media/pci/mgb4/mgb4_core.c | 7 +- drivers/media/v4l2-core/v4l2-async.c | 12 +-- drivers/media/v4l2-core/v4l2-dev.c | 3 + drivers/mmc/core/slot-gpio.c | 20 ++++ drivers/mmc/host/davinci_mmc.c | 4 +- drivers/mmc/host/sdhci-acpi.c | 61 ++++++++++-- drivers/mmc/host/sdhci.c | 10 +- drivers/mmc/host/sdhci.h | 3 +- drivers/net/bonding/bond_main.c | 13 +-- drivers/net/ethernet/intel/e1000e/ich8lan.c | 22 +++++ drivers/net/ethernet/intel/e1000e/netdev.c | 18 ---- drivers/net/vxlan/vxlan_core.c | 8 +- drivers/net/wireless/ath/ath10k/Kconfig | 1 + drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu.h | 9 ++ .../net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 32 +++--- .../net/wireless/realtek/rtlwifi/rtl8192de/phy.c | 4 +- .../net/wireless/realtek/rtlwifi/rtl8192de/trx.c | 21 ++-- .../net/wireless/realtek/rtlwifi/rtl8192de/trx.h | 79 ++++----------- drivers/net/wireless/realtek/rtw89/mac80211.c | 2 +- drivers/net/wireless/realtek/rtw89/pci.c | 3 +- drivers/platform/chrome/cros_ec.c | 16 +-- drivers/s390/crypto/ap_bus.c | 2 +- drivers/scsi/scsi.c | 7 ++ drivers/soc/qcom/cmd-db.c | 32 +++++- drivers/soc/qcom/rpmh-rsc.c | 3 +- drivers/thermal/qcom/lmh.c | 3 + drivers/video/fbdev/savage/savagefb_driver.c | 5 +- drivers/watchdog/rti_wdt.c | 34 +++---- fs/9p/vfs_dentry.c | 9 +- fs/afs/mntpt.c | 5 + fs/btrfs/disk-io.c | 10 +- fs/btrfs/extent_io.c | 60 ++++++------ fs/btrfs/qgroup.c | 34 +++++-- fs/btrfs/super.c | 8 ++ fs/btrfs/tree-log.c | 17 ++-- fs/erofs/decompressor_deflate.c | 55 ++++++----- fs/ext4/inode.c | 2 +- fs/ext4/mballoc.h | 2 +- fs/ext4/xattr.c | 4 +- fs/f2fs/inode.c | 6 ++ fs/iomap/buffered-io.c | 2 +- fs/nfs/internal.h | 4 +- fs/nfs/nfs4proc.c | 2 +- fs/nilfs2/dir.c | 2 +- fs/nilfs2/segment.c | 3 + fs/proc/base.c | 2 +- fs/proc/fd.c | 42 ++++---- fs/proc/task_mmu.c | 9 +- fs/smb/client/cifspdu.h | 2 +- fs/smb/client/inode.c | 4 + fs/smb/client/smb2ops.c | 3 + fs/smb/client/smb2transport.c | 2 +- fs/tracefs/event_inode.c | 13 ++- fs/tracefs/inode.c | 33 ++++--- fs/verity/init.c | 7 +- include/linux/ksm.h | 17 +++- include/linux/mm_types.h | 2 +- include/linux/mmc/slot-gpio.h | 1 + include/linux/pagemap.h | 34 ++++--- include/net/tcp_ao.h | 7 +- include/soc/qcom/cmd-db.h | 10 +- io_uring/io_uring.h | 2 +- io_uring/napi.c | 22 +++-- kernel/debug/kdb/kdb_io.c | 99 +++++++++++-------- kernel/irq/irqdesc.c | 5 +- kernel/trace/bpf_trace.c | 8 +- mm/cma.c | 4 - mm/huge_memory.c | 49 ++++----- mm/hugetlb.c | 22 ++++- mm/kmsan/core.c | 15 ++- mm/ksm.c | 17 ++-- mm/memory-failure.c | 4 +- mm/pgtable-generic.c | 2 + mm/vmalloc.c | 5 +- net/9p/client.c | 2 + net/ipv4/tcp_ao.c | 13 ++- net/ipv6/route.c | 5 +- net/xdp/xsk.c | 5 +- sound/core/seq/seq_ump_convert.c | 2 + sound/core/ump.c | 7 ++ sound/core/ump_convert.c | 1 - sound/soc/sof/ipc4-topology.c | 8 ++ tools/perf/builtin-record.c | 6 +- .../selftests/bpf/prog_tests/uprobe_multi_test.c | 2 +- tools/testing/selftests/mm/compaction_test.c | 22 +++-- tools/testing/selftests/mm/gup_test.c | 1 + tools/testing/selftests/mm/uffd-common.h | 1 + tools/testing/selftests/net/lib.sh | 17 ++-- tools/tracing/rtla/src/timerlat_hist.c | 60 ++++++++---- 173 files changed, 1392 insertions(+), 811 deletions(-)

1 year, 3 months

11
167
0 0

[PATCH 6.6 000/137] 6.6.34-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.34 release. There are 137 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 15 Jun 2024 11:31:50 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.34-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.34-rc1 Paolo Abeni <pabeni(a)redhat.com> selftests: net: more strict check in net_helper Enzo Matsumiya <ematsumiya(a)suse.de> smb: client: fix deadlock in smb2_find_smb_tcon() Puranjay Mohan <puranjay(a)kernel.org> powerpc/bpf: enforce full ordering for ATOMIC operations with BPF_FETCH Hari Bathini <hbathini(a)linux.ibm.com> powerpc/64/bpf: fix tail calls for PCREL addressing Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Fix incorrect UMP type for system messages Filipe Manana <fdmanana(a)suse.com> btrfs: fix leak of qgroup extent records after transaction abort Omar Sandoval <osandov(a)fb.com> btrfs: fix crash on racing fsync and size-extending write into prealloc Steven Rostedt (Google) <rostedt(a)goodmis.org> tracefs: Clear EVENT_INODE flag in tracefs_drop_inode() Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Keep the directories from having the same inode number as files Hao Ge <gehao(a)kylinos.cn> eventfs: Fix a possible null pointer dereference in eventfs_find_events() Anna Schumaker <Anna.Schumaker(a)Netapp.com> NFS: Fix READ_PLUS when server doesn't support OP_READ_PLUS Sergey Shtylyov <s.shtylyov(a)omp.ru> nfs: fix undefined behavior in nfs_block_bits() Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> EDAC/igen6: Convert PCIBIOS_* return codes to errnos Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> EDAC/amd64: Convert PCIBIOS_* return codes to errnos Takashi Iwai <tiwai(a)suse.de> ALSA: ump: Don't accept an invalid UMP protocol number Takashi Iwai <tiwai(a)suse.de> ALSA: ump: Don't clear bank selection after sending a program change Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension dicken.ding <dicken.ding(a)mediatek.com> genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after() Frank Li <Frank.Li(a)nxp.com> i3c: master: svc: fix invalidate IBI type and miss call client IBI handler Harald Freudenberger <freude(a)linux.ibm.com> s390/cpacf: Make use of invalid opcode produce a link error Harald Freudenberger <freude(a)linux.ibm.com> s390/cpacf: Split and rework cpacf query functions Harald Freudenberger <freude(a)linux.ibm.com> s390/ap: Fix crash in AP internal function modify_bitmap() Helge Deller <deller(a)kernel.org> parisc: Define sigset_t in parisc uapi header Helge Deller <deller(a)gmx.de> parisc: Define HAVE_ARCH_HUGETLB_UNMAPPED_AREA Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: samsung: exynos4412-origen: fix keypad no-autorepeat Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: samsung: smdk4412: fix keypad no-autorepeat Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: samsung: smdkv310: fix keypad no-autorepeat Shengyu Qu <wiagn233(a)outlook.com> riscv: dts: starfive: Remove PMIC interrupt info for Visionfive 2 board Baokun Li <libaokun1(a)huawei.com> ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() Baokun Li <libaokun1(a)huawei.com> ext4: set type of ac_groups_linear_remaining to __u32 to avoid overflow Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> ext4: Fixes len calculation in mpage_journal_page_buffers Lang Yu <Lang.Yu(a)amd.com> drm/amdkfd: handle duplicate BOs in reserve_bo_and_cond_vms Mike Gilbert <floppym(a)gentoo.org> sparc: move struct termio to asm/termios.h Hui Wang <hui.wang(a)canonical.com> e1000e: move force SMBUS near the end of enable_ulp function Eric Dumazet <edumazet(a)google.com> net: fix __dst_negative_advice() race Daniel Thompson <daniel.thompson(a)linaro.org> kdb: Use format-specifiers rather than memset() for padding in kdb_read() Daniel Thompson <daniel.thompson(a)linaro.org> kdb: Merge identical case statements in kdb_read() Daniel Thompson <daniel.thompson(a)linaro.org> kdb: Fix console handling when editing and tab-completing commands Daniel Thompson <daniel.thompson(a)linaro.org> kdb: Use format-strings rather than '\0' injection in kdb_read() Daniel Thompson <daniel.thompson(a)linaro.org> kdb: Fix buffer overflow during tab-complete Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> wifi: ath10k: fix QCOM_RPROC_COMMON dependency Tony Battersby <tonyb(a)cybernetics.com> bonding: fix oops during rmmod Judith Mendez <jm(a)ti.com> watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a safety margin Michael Ellerman <mpe(a)ellerman.id.au> selftests/mm: fix build warnings on ppc64 Dev Jain <dev.jain(a)arm.com> selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages Hailong.Liu <hailong.liu(a)oppo.com> mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL Yuanyuan Zhong <yzhong(a)purestorage.com> mm: /proc/pid/smaps_rollup: avoid skipping vma after getting mmap_lock again Frank van der Linden <fvdl(a)google.com> mm/hugetlb: pass correct order_per_bit to cma_declare_contiguous_nid Frank van der Linden <fvdl(a)google.com> mm/cma: drop incorrect alignment check in cma_init_reserved_mem Sam Ravnborg <sam(a)ravnborg.org> sparc64: Fix number of online CPUs John Kacur <jkacur(a)redhat.com> rtla/timerlat: Fix histogram report when a cpu count is 0 Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Meteor Lake-S CPU support Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> cpufreq: amd-pstate: Fix the inconsistency in max frequency units Jan Beulich <jbeulich(a)suse.com> tpm_tis: Do *not* flush uninitialized work Alexander Potapenko <glider(a)google.com> kmsan: do not wipe out origin when doing partial unpoisoning Chengming Zhou <chengming.zhou(a)linux.dev> mm/ksm: fix ksm_zero_pages accounting Chengming Zhou <chengming.zhou(a)linux.dev> mm/ksm: fix ksm_pages_scanned accounting Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> net/9p: fix uninit-value in p9_client_rpc() xu xin <xu.xin16(a)zte.com.cn> net/ipv6: Fix route deleting failure when metric equals 0 Martin K. Petersen <martin.petersen(a)oracle.com> scsi: core: Handle devices which return an unusually large VPD page count Johan Hovold <johan+linaro(a)kernel.org> HID: i2c-hid: elan: fix reset suspend current leakage Hamish Martin <hamish.martin(a)alliedtelesis.co.nz> i2c: acpi: Unbind mux adapters before delete Xu Yang <xu.yang_2(a)nxp.com> iomap: fault in smaller chunks for non-large folio mappings Xu Yang <xu.yang_2(a)nxp.com> filemap: add helper mapping_max_folio_size() Ryan Roberts <ryan.roberts(a)arm.com> mm: fix race between __split_huge_pmd_locked() and GUP-fast Nathan Chancellor <nathan(a)kernel.org> kbuild: Remove support for Clang's ThinLTO caching Herbert Xu <herbert(a)gondor.apana.org.au> crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak Vitaly Chikunov <vt(a)altlinux.org> crypto: ecrdsa - Fix module auto-load on add_key Stefan Berger <stefanb(a)linux.ibm.com> crypto: ecdsa - Fix module auto-load on add-key Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: clk-alpha-pll: fix rate setting for Stromer PLLs Nathan Chancellor <nathan(a)kernel.org> clk: bcm: rpi: Assign ->num before accessing ->hws Nathan Chancellor <nathan(a)kernel.org> clk: bcm: dvp: Assign ->num before accessing ->hws Jiaxun Yang <jiaxun.yang(a)flygoat.com> LoongArch: Override higher address bits in JUMP_VIRT_ADDR Jiaxun Yang <jiaxun.yang(a)flygoat.com> LoongArch: Add all CPUs enabled by fdt to NUMA node 0 Marc Zyngier <maz(a)kernel.org> KVM: arm64: AArch32: Fix spurious trapping of conditional instructions Marc Zyngier <maz(a)kernel.org> KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode Marc Zyngier <maz(a)kernel.org> KVM: arm64: Fix AArch32 register narrowing on userspace write Sean Christopherson <seanjc(a)google.com> KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked Alex Deucher <alexander.deucher(a)amd.com> Revert "drm/amdkfd: fix gfx_target_version for certain 11.0.3 devices" Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Fix shutdown (again) on some SMU v13.0.4/11 platforms Dominique Martinet <asmadeus(a)codewreck.org> 9p: add missing locking around taking dentry fid list Li Ma <li.ma(a)amd.com> drm/amdgpu/atomfirmware: add intergrated info v2.3 table Cai Xinchen <caixinchen1(a)huawei.com> fbdev: savage: Handle err return when savagefb_check_var failed Thomas Zimmermann <tzimmermann(a)suse.de> drm/fbdev-generic: Do not set physical framebuffer address Hans de Goede <hdegoede(a)redhat.com> mmc: sdhci-acpi: Add quirk to enable pull-up on the card-detect GPIO on Asus T100TA Hans de Goede <hdegoede(a)redhat.com> mmc: sdhci-acpi: Disable write protect detection on Toshiba WT10-A Hans de Goede <hdegoede(a)redhat.com> mmc: sdhci-acpi: Fix Lenovo Yoga Tablet 2 Pro 1380 sdcard slot not working Hans de Goede <hdegoede(a)redhat.com> mmc: sdhci-acpi: Sort DMI quirks alphabetically Adrian Hunter <adrian.hunter(a)intel.com> mmc: sdhci: Add support for "Tuning Error" interrupts Hans de Goede <hdegoede(a)redhat.com> mmc: core: Add mmc_gpiod_set_cd_config() function Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> mmc: davinci: Don't strip remove function when driver is builtin Alexander Stein <alexander.stein(a)ew.tq-group.com> media: v4l: async: Fix notifier list entry init Sakari Ailus <sakari.ailus(a)linux.intel.com> media: v4l: async: Don't set notifier's V4L2 device if registering fails Sakari Ailus <sakari.ailus(a)linux.intel.com> media: v4l: async: Properly re-initialise notifier entry in unregister Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: v4l2-core: hold videodev_lock until dev reg, finishes Nathan Chancellor <nathan(a)kernel.org> media: mxl5xx: Move xpt structures off stack Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: mc: mark the media devnode as registered from the, start Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: mc: Fix graph walk in media_pipeline_start Max Krummenacher <max.krummenacher(a)toradex.com> arm64: dts: ti: verdin-am62: Set memory size to 2gb Yang Xiwen <forbidden405(a)outlook.com> arm64: dts: hi3798cv200: fix the size of GICR Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc8280xp: add missing PCIe minimum OPP Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtlwifi: rtl8192de: Fix endianness issue in RX path Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtlwifi: rtl8192de: Fix low speed with WPA3-SAE Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtlwifi: rtl8192de: Fix 5 GHz TX power Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: pci: correct TX resource checking for PCI DMA channel of firmware command Yu Kuai <yukuai3(a)huawei.com> md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: qcs404: fix bluetooth device address Krzysztof Kozlowski <krzk(a)kernel.org> arm64: tegra: Correct Tegra132 I2C alias Christoffer Sandberg <cs(a)tuxedo.de> ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx Maulik Shah <quic_mkshah(a)quicinc.com> soc: qcom: rpmh-rsc: Enhance check for VRM in-flight request Konrad Dybcio <konrad.dybcio(a)linaro.org> thermal/drivers/qcom/lmh: Check for SCM availability at probe Karthikeyan Ramasubramanian <kramasub(a)chromium.org> platform/chrome: cros_ec: Handle events during suspend after resume completion Tyler Hicks (Microsoft) <code(a)tyhicks.com> proc: Move fdinfo PTRACE_MODE_READ check into the inode .permission operation Eric Biggers <ebiggers(a)google.com> fsverity: use register_sysctl_init() to avoid kmemleak warning Sergey Shtylyov <s.shtylyov(a)omp.ru> ata: pata_legacy: make legacy_exit() work again Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: correct aSIFSTime for 6GHz band Matthew Mirvish <matthew(a)mm12.xyz> bcache: fix variable length array abuse in btree_iter Bob Zhou <bob.zhou(a)amd.com> drm/amdgpu: add error handle to avoid out-of-bounds Zheyu Ma <zheyuma97(a)gmail.com> media: lgdt3306a: Add a check against null-pointer-def Chao Yu <chao(a)kernel.org> f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() Maxime Ripard <mripard(a)kernel.org> drm/sun4i: hdmi: Move mode_set into enable Maxime Ripard <mripard(a)kernel.org> drm/sun4i: hdmi: Convert encoder to atomic Po-Hsu Lin <po-hsu.lin(a)canonical.com> selftests: net: List helper scripts in TEST_FILES Makefile variable Po-Hsu Lin <po-hsu.lin(a)canonical.com> selftests: net: included needed helper in the install targets Po-Hsu Lin <po-hsu.lin(a)canonical.com> selftests/net: synchronize udpgro tests' tx and rx connection Daniel Borkmann <daniel(a)iogearbox.net> vxlan: Fix regression when dropping packets due to invalid src addresses Shakeel Butt <shakeelb(a)google.com> mm: ratelimit stat flush from workingset shrinker Gao Xiang <xiang(a)kernel.org> erofs: avoid allocating DEFLATE streams before mounting Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: fix full TCP keep-alive support Paolo Abeni <pabeni(a)redhat.com> mptcp: cleanup SOL_TCP handling Paolo Abeni <pabeni(a)redhat.com> mptcp: avoid some duplicate code in socket option handling Haorong Lu <ancientmodern4(a)gmail.com> riscv: signal: handle syscall restart before get_signal Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> net: sfp-bus: fix SFP mode detect from bitrate Marc Dionne <marc.dionne(a)auristor.com> afs: Don't cross .backup mountpoint from backup volume Jorge Ramirez-Ortiz <jorge(a)foundries.io> mmc: core: Do not force a retune before RPMB switch Ashutosh Dixit <ashutosh.dixit(a)intel.com> drm/i915/hwmon: Get rid of devm ------------- Diffstat: Documentation/mm/arch_pgtable_helpers.rst | 6 +- Makefile | 9 +- arch/arm/boot/dts/samsung/exynos4210-smdkv310.dts | 2 +- arch/arm/boot/dts/samsung/exynos4412-origen.dts | 2 +- arch/arm/boot/dts/samsung/exynos4412-smdk4412.dts | 2 +- arch/arm64/boot/dts/hisilicon/hi3798cv200.dtsi | 2 +- arch/arm64/boot/dts/nvidia/tegra132-norrin.dts | 4 +- arch/arm64/boot/dts/nvidia/tegra132.dtsi | 2 +- arch/arm64/boot/dts/qcom/qcs404-evb.dtsi | 2 +- arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 5 + arch/arm64/boot/dts/ti/k3-am62-verdin.dtsi | 2 +- arch/arm64/kvm/guest.c | 3 +- arch/arm64/kvm/hyp/aarch32.c | 18 ++- arch/loongarch/include/asm/numa.h | 1 + arch/loongarch/include/asm/stackframe.h | 2 +- arch/loongarch/kernel/smp.c | 5 +- arch/parisc/include/asm/page.h | 1 + arch/parisc/include/asm/signal.h | 12 -- arch/parisc/include/uapi/asm/signal.h | 10 ++ arch/powerpc/mm/book3s64/pgtable.c | 1 + arch/powerpc/net/bpf_jit_comp32.c | 12 ++ arch/powerpc/net/bpf_jit_comp64.c | 42 ++++--- .../dts/starfive/jh7110-starfive-visionfive-2.dtsi | 1 - arch/riscv/kernel/signal.c | 95 ++++++++-------- arch/s390/include/asm/cpacf.h | 109 ++++++++++++++---- arch/s390/include/asm/pgtable.h | 4 +- arch/sparc/include/asm/smp_64.h | 2 - arch/sparc/include/uapi/asm/termbits.h | 10 -- arch/sparc/include/uapi/asm/termios.h | 9 ++ arch/sparc/kernel/prom_64.c | 4 +- arch/sparc/kernel/setup_64.c | 1 - arch/sparc/kernel/smp_64.c | 14 --- arch/sparc/mm/tlb.c | 1 + arch/x86/kvm/svm/svm.c | 27 +++-- arch/x86/mm/pgtable.c | 2 + crypto/ecdsa.c | 3 + crypto/ecrdsa.c | 1 + drivers/acpi/resource.c | 12 ++ drivers/ata/pata_legacy.c | 8 +- drivers/char/tpm/tpm_tis_core.c | 3 +- drivers/clk/bcm/clk-bcm2711-dvp.c | 3 +- drivers/clk/bcm/clk-raspberrypi.c | 2 +- drivers/clk/qcom/clk-alpha-pll.c | 2 + drivers/cpufreq/amd-pstate.c | 2 +- drivers/crypto/intel/qat/qat_common/adf_aer.c | 19 +--- drivers/edac/amd64_edac.c | 8 +- drivers/edac/igen6_edac.c | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_atomfirmware.c | 15 +++ drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 3 + drivers/gpu/drm/amd/amdkfd/kfd_device.c | 11 +- drivers/gpu/drm/amd/include/atomfirmware.h | 43 +++++++ .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c | 20 ++-- drivers/gpu/drm/drm_fbdev_generic.c | 1 - drivers/gpu/drm/i915/i915_hwmon.c | 46 +++++--- drivers/gpu/drm/sun4i/sun4i_hdmi_enc.c | 47 ++++---- drivers/hid/i2c-hid/i2c-hid-of-elan.c | 59 ++++++++-- drivers/hwtracing/intel_th/pci.c | 5 + drivers/i2c/i2c-core-acpi.c | 19 +++- drivers/i3c/master/svc-i3c-master.c | 16 ++- drivers/md/bcache/bset.c | 44 ++++---- drivers/md/bcache/bset.h | 28 +++-- drivers/md/bcache/btree.c | 40 +++---- drivers/md/bcache/super.c | 5 +- drivers/md/bcache/sysfs.c | 2 +- drivers/md/bcache/writeback.c | 10 +- drivers/md/raid5.c | 15 +-- drivers/media/dvb-frontends/lgdt3306a.c | 5 + drivers/media/dvb-frontends/mxl5xx.c | 22 ++-- drivers/media/mc/mc-devnode.c | 5 +- drivers/media/mc/mc-entity.c | 6 + drivers/media/v4l2-core/v4l2-async.c | 12 +- drivers/media/v4l2-core/v4l2-dev.c | 3 + drivers/mmc/core/host.c | 3 +- drivers/mmc/core/slot-gpio.c | 20 ++++ drivers/mmc/host/davinci_mmc.c | 4 +- drivers/mmc/host/sdhci-acpi.c | 61 +++++++++- drivers/mmc/host/sdhci.c | 10 +- drivers/mmc/host/sdhci.h | 3 +- drivers/net/bonding/bond_main.c | 13 ++- drivers/net/ethernet/intel/e1000e/ich8lan.c | 22 ++++ drivers/net/ethernet/intel/e1000e/netdev.c | 18 --- drivers/net/phy/sfp-bus.c | 8 +- drivers/net/vxlan/vxlan_core.c | 4 - drivers/net/wireless/ath/ath10k/Kconfig | 1 + .../net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 25 ++--- .../net/wireless/realtek/rtlwifi/rtl8192de/phy.c | 4 +- .../net/wireless/realtek/rtlwifi/rtl8192de/trx.c | 21 ++-- .../net/wireless/realtek/rtlwifi/rtl8192de/trx.h | 79 ++++--------- drivers/net/wireless/realtek/rtw89/mac80211.c | 2 +- drivers/net/wireless/realtek/rtw89/pci.c | 3 +- drivers/platform/chrome/cros_ec.c | 16 +-- drivers/s390/crypto/ap_bus.c | 2 +- drivers/scsi/scsi.c | 7 ++ drivers/soc/qcom/cmd-db.c | 32 +++++- drivers/soc/qcom/rpmh-rsc.c | 3 +- drivers/thermal/qcom/lmh.c | 3 + drivers/video/fbdev/savage/savagefb_driver.c | 5 +- drivers/watchdog/rti_wdt.c | 34 +++--- fs/9p/vfs_dentry.c | 9 +- fs/afs/mntpt.c | 5 + fs/btrfs/disk-io.c | 10 +- fs/btrfs/tree-log.c | 17 ++- fs/erofs/decompressor_deflate.c | 55 ++++----- fs/ext4/inode.c | 2 +- fs/ext4/mballoc.h | 2 +- fs/ext4/xattr.c | 4 +- fs/f2fs/inode.c | 6 + fs/iomap/buffered-io.c | 2 +- fs/nfs/internal.h | 4 +- fs/nfs/nfs4proc.c | 2 +- fs/proc/base.c | 2 +- fs/proc/fd.c | 42 ++++--- fs/proc/task_mmu.c | 9 +- fs/smb/client/smb2transport.c | 2 +- fs/tracefs/event_inode.c | 13 ++- fs/tracefs/inode.c | 33 +++--- fs/verity/init.c | 7 +- include/linux/ksm.h | 17 ++- include/linux/mm_types.h | 2 +- include/linux/mmc/slot-gpio.h | 1 + include/linux/pagemap.h | 34 +++--- include/net/dst_ops.h | 2 +- include/net/sock.h | 13 +-- include/soc/qcom/cmd-db.h | 10 +- kernel/debug/kdb/kdb_io.c | 99 ++++++++++------- kernel/irq/irqdesc.c | 5 +- mm/cma.c | 4 - mm/huge_memory.c | 49 ++++---- mm/hugetlb.c | 6 +- mm/kmsan/core.c | 15 ++- mm/ksm.c | 17 ++- mm/pgtable-generic.c | 2 + mm/vmalloc.c | 5 +- mm/workingset.c | 2 +- net/9p/client.c | 2 + net/ipv4/route.c | 22 ++-- net/ipv6/route.c | 34 +++--- net/mptcp/protocol.h | 3 + net/mptcp/sockopt.c | 123 ++++++++++++++------- net/xfrm/xfrm_policy.c | 11 +- sound/core/seq/seq_ump_convert.c | 2 + sound/core/ump.c | 7 ++ sound/core/ump_convert.c | 1 - sound/soc/sof/ipc4-topology.c | 8 ++ tools/testing/selftests/mm/compaction_test.c | 2 + tools/testing/selftests/mm/gup_test.c | 1 + tools/testing/selftests/mm/uffd-common.h | 1 + tools/testing/selftests/net/Makefile | 4 +- tools/testing/selftests/net/net_helper.sh | 25 +++++ tools/testing/selftests/net/udpgro.sh | 13 +-- tools/testing/selftests/net/udpgro_bench.sh | 5 +- tools/testing/selftests/net/udpgro_frglist.sh | 5 +- tools/tracing/rtla/src/timerlat_hist.c | 60 +++++++--- 154 files changed, 1372 insertions(+), 845 deletions(-)

1 year, 3 months

12
151
0 0

FAILED: patch "[PATCH] x86/cpu: Provide default cache line size if not enumerated" failed to apply to 6.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.9.y git checkout FETCH_HEAD git cherry-pick -x 2a38e4ca302280fdcce370ba2bee79bac16c4587 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024060638-unenvied-immovably-70e4@gregkh' --subject-prefix 'PATCH 6.9.y' HEAD^.. Possible dependencies: 2a38e4ca3022 ("x86/cpu: Provide default cache line size if not enumerated") 95bfb35269b2 ("x86/cpu: Get rid of an unnecessary local variable in get_cpu_address_sizes()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2a38e4ca302280fdcce370ba2bee79bac16c4587 Mon Sep 17 00:00:00 2001 From: Dave Hansen <dave.hansen(a)linux.intel.com> Date: Fri, 17 May 2024 13:05:34 -0700 Subject: [PATCH] x86/cpu: Provide default cache line size if not enumerated MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit tl;dr: CPUs with CPUID.80000008H but without CPUID.01H:EDX[CLFSH] will end up reporting cache_line_size()==0 and bad things happen. Fill in a default on those to avoid the problem. Long Story: The kernel dies a horrible death if c->x86_cache_alignment (aka. cache_line_size() is 0. Normally, this value is populated from c->x86_clflush_size. Right now the code is set up to get c->x86_clflush_size from two places. First, modern CPUs get it from CPUID. Old CPUs that don't have leaf 0x80000008 (or CPUID at all) just get some sane defaults from the kernel in get_cpu_address_sizes(). The vast majority of CPUs that have leaf 0x80000008 also get ->x86_clflush_size from CPUID. But there are oddballs. Intel Quark CPUs[1] and others[2] have leaf 0x80000008 but don't set CPUID.01H:EDX[CLFSH], so they skip over filling in ->x86_clflush_size: cpuid(0x00000001, &tfms, &misc, &junk, &cap0); if (cap0 & (1<<19)) c->x86_clflush_size = ((misc >> 8) & 0xff) * 8; So they: land in get_cpu_address_sizes() and see that CPUID has level 0x80000008 and jump into the side of the if() that does not fill in c->x86_clflush_size. That assigns a 0 to c->x86_cache_alignment, and hilarity ensues in code like: buffer = kzalloc(ALIGN(sizeof(*buffer), cache_line_size()), GFP_KERNEL); To fix this, always provide a sane value for ->x86_clflush_size. Big thanks to Andy Shevchenko for finding and reporting this and also providing a first pass at a fix. But his fix was only partial and only worked on the Quark CPUs. It would not, for instance, have worked on the QEMU config. 1. https://raw.githubusercontent.com/InstLatx64/InstLatx64/master/GenuineIntel… 2. You can also get this behavior if you use "-cpu 486,+clzero" in QEMU. [ dhansen: remove 'vp_bits_from_cpuid' reference in changelog because bpetkov brutally murdered it recently. ] Fixes: fbf6449f84bf ("x86/sev-es: Set x86_virt_bits to the correct value straight away, instead of a two-phase approach") Reported-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Tested-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Tested-by: Jörn Heusipp <osmanx(a)heusipp.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/20240516173928.3960193-1-andriy.shevchenko@linu… Link: https://lore.kernel.org/lkml/5e31cad3-ad4d-493e-ab07-724cfbfaba44@heusipp.d… Link: https://lore.kernel.org/all/20240517200534.8EC5F33E%40davehans-spike.ostc.i… diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 2b170da84f97..e31293c9609f 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -1075,6 +1075,10 @@ void get_cpu_address_sizes(struct cpuinfo_x86 *c) c->x86_virt_bits = (eax >> 8) & 0xff; c->x86_phys_bits = eax & 0xff; + + /* Provide a sane default if not enumerated: */ + if (!c->x86_clflush_size) + c->x86_clflush_size = 32; } c->x86_cache_bits = c->x86_phys_bits;

1 year, 3 months

2
1
0 0

[PATCH 5.4 000/202] 5.4.278-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.278 release. There are 202 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 15 Jun 2024 11:31:50 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.278-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.278-rc1 Sergey Shtylyov <s.shtylyov(a)omp.ru> nfs: fix undefined behavior in nfs_block_bits() Harald Freudenberger <freude(a)linux.ibm.com> s390/ap: Fix crash in AP internal function modify_bitmap() Baokun Li <libaokun1(a)huawei.com> ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() Mike Gilbert <floppym(a)gentoo.org> sparc: move struct termio to asm/termios.h Eric Dumazet <edumazet(a)google.com> xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING Eric Dumazet <edumazet(a)google.com> net: fix __dst_negative_advice() race Daniel Thompson <daniel.thompson(a)linaro.org> kdb: Use format-specifiers rather than memset() for padding in kdb_read() Daniel Thompson <daniel.thompson(a)linaro.org> kdb: Merge identical case statements in kdb_read() Daniel Thompson <daniel.thompson(a)linaro.org> kdb: Fix console handling when editing and tab-completing commands Daniel Thompson <daniel.thompson(a)linaro.org> kdb: Use format-strings rather than '\0' injection in kdb_read() Daniel Thompson <daniel.thompson(a)linaro.org> kdb: Fix buffer overflow during tab-complete Sam Ravnborg <sam(a)ravnborg.org> sparc64: Fix number of online CPUs Alexander Shishkin <alexander.shishkin(a)linux.intel.com> intel_th: pci: Add Meteor Lake-S CPU support Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> net/9p: fix uninit-value in p9_client_rpc() xu xin <xu.xin16(a)zte.com.cn> net/ipv6: Fix route deleting failure when metric equals 0 Herbert Xu <herbert(a)gondor.apana.org.au> crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak Vitaly Chikunov <vt(a)altlinux.org> crypto: ecrdsa - Fix module auto-load on add_key Marc Zyngier <maz(a)kernel.org> KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode Cai Xinchen <caixinchen1(a)huawei.com> fbdev: savage: Handle err return when savagefb_check_var failed Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: v4l2-core: hold videodev_lock until dev reg, finishes Nathan Chancellor <nathan(a)kernel.org> media: mxl5xx: Move xpt structures off stack Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: mc: mark the media devnode as registered from the, start Yang Xiwen <forbidden405(a)outlook.com> arm64: dts: hi3798cv200: fix the size of GICR Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU Yu Kuai <yukuai3(a)huawei.com> md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING Krzysztof Kozlowski <krzk(a)kernel.org> arm64: tegra: Correct Tegra132 I2C alias Christoffer Sandberg <cs(a)tuxedo.de> ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx Sergey Shtylyov <s.shtylyov(a)omp.ru> ata: pata_legacy: make legacy_exit() work again Bob Zhou <bob.zhou(a)amd.com> drm/amdgpu: add error handle to avoid out-of-bounds Zheyu Ma <zheyuma97(a)gmail.com> media: lgdt3306a: Add a check against null-pointer-def Chao Yu <chao(a)kernel.org> f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() Linus Torvalds <torvalds(a)linux-foundation.org> x86/mm: Remove broken vsyscall emulation code from the page fault code Daniel Borkmann <daniel(a)iogearbox.net> vxlan: Fix regression when dropping packets due to invalid src addresses Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix use-after-free of timer for log writer thread Marc Dionne <marc.dionne(a)auristor.com> afs: Don't cross .backup mountpoint from backup volume Ming Lei <ming.lei(a)redhat.com> io_uring: fail NOP if non-zero op flags is passed in Jorge Ramirez-Ortiz <jorge(a)foundries.io> mmc: core: Do not force a retune before RPMB switch Carlos Llamas <cmllamas(a)google.com> binder: fix max_thread type inconsistency Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Fix loop termination condition in gss_free_in_token_pages() Dongli Zhang <dongli.zhang(a)oracle.com> genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline Takashi Iwai <tiwai(a)suse.de> ALSA: timer: Set lower bound of start tick time Yue Haibing <yuehaibing(a)huawei.com> ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> spi: stm32: Don't warn about spurious interrupts Masahiro Yamada <masahiroy(a)kernel.org> kconfig: fix comparison to constant symbols, 'm', 'n' Florian Westphal <fw(a)strlen.de> netfilter: tproxy: bail out if IP has been disabled on the device Xiaolei Wang <xiaolei.wang(a)windriver.com> net:fec: Add fec_enet_deinit() Parthiban Veerasooran <Parthiban.Veerasooran(a)microchip.com> net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM Andre Edich <andre.edich(a)microchip.com> smsc95xx: use usbnet->driver_priv Andre Edich <andre.edich(a)microchip.com> smsc95xx: remove redundant function arguments Roded Zats <rzats(a)paloaltonetworks.com> enic: Validate length of nl attributes in enic_set_vf_port Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> dma-buf/sw-sync: don't enable IRQ from sync_print_obj() Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion Sagi Grimberg <sagi(a)grimberg.me> nvmet: fix ns enable/disable possible hang Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> spi: Don't mark message DMA mapped when no transfer in it is Eric Dumazet <edumazet(a)google.com> netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() Ryosuke Yasuoka <ryasuoka(a)redhat.com> nfc: nci: Fix handling of zero-length payload packets in nci_rx_work() Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> nfc: nci: Fix kcov check in nci_rx_work() Wei Fang <wei.fang(a)nxp.com> net: fec: avoid lock evasion when reading pps_enable Jiri Pirko <jiri(a)nvidia.com> virtio: delete vq in vp_find_vqs_msix() when request_irq() fails Jiangfeng Xiao <xiaojiangfeng(a)huawei.com> arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY Aaron Conole <aconole(a)redhat.com> openvswitch: Set the skbuff pkt_type for proper pmtud support. Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). Sagi Grimberg <sagi(a)grimberg.me> params: lift param_set_uint_minmax to common code Hangbin Liu <liuhangbin(a)gmail.com> ipv6: sr: fix memleak in seg6_hmac_init_algo Dan Aloni <dan.aloni(a)vastdata.com> sunrpc: fix NFSACL RPC retry on soft mount Ryosuke Yasuoka <ryasuoka(a)redhat.com> nfc: nci: Fix uninit-value in nci_rx_work Masahiro Yamada <masahiroy(a)kernel.org> x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when UNWINDER_FRAME_POINTER=y Zhu Yanjun <yanjun.zhu(a)linux.dev> null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: cec: cec-api: add locking in cec_release() Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: cec: cec-adap: always cancel work in cec_transmit_msg_fh Tiwei Bie <tiwei.btw(a)antgroup.com> um: Fix the -Wmissing-prototypes warning for __switch_mm Shrikanth Hegde <sshegde(a)linux.ibm.com> powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp Azeem Shaikh <azeemshaikh38(a)gmail.com> scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() Dan Carpenter <dan.carpenter(a)linaro.org> media: stk1160: fix bounds checking in stk1160_copy_video() Roberto Sassu <roberto.sassu(a)huawei.com> um: Add winch to winch_handlers before registering winch IRQ Duoming Zhou <duoming(a)zju.edu.cn> um: Fix return value in ubd_init() Marijn Suijten <marijn.suijten(a)somainline.org> drm/msm/dpu: Always flush the slave INTF on the CTL Fenglin Wu <quic_fenglinw(a)quicinc.com> Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation Arnd Bergmann <arnd(a)arndb.de> Input: ims-pcu - fix printf string overflow Ian Rogers <irogers(a)google.com> perf stat: Don't display metric header for non-leader uncore events Ian Rogers <irogers(a)google.com> libsubcmd: Fix parse-options memory leak Wolfram Sang <wsa+renesas(a)sang-engineering.com> serial: sh-sci: protect invalidating RXDMA on shutdown Chao Yu <chao(a)kernel.org> f2fs: fix to release node block count in error path of f2fs_new_node_page() Ian Rogers <irogers(a)google.com> perf ui browser: Avoid SEGV on title Randy Dunlap <rdunlap(a)infradead.org> extcon: max8997: select IRQ_DOMAIN instead of depending on it Ian Rogers <irogers(a)google.com> perf ui browser: Don't save pointer to stack memory Ian Rogers <irogers(a)google.com> perf ui: Update use of pthread mutex yaowenbin <yaowenbin1(a)huawei.com> perf top: Fix TUI exit screen refresh race condition Huai-Yuan Liu <qq810974084(a)gmail.com> ppdev: Add an error check in register_device Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ppdev: Remove usage of the deprecated ida_simple_xx() API Dan Carpenter <dan.carpenter(a)linaro.org> stm class: Fix a double free in stm_register_device() Chris Wulff <Chris.Wulff(a)biamp.com> usb: gadget: u_audio: Clear uac pointer when freed. Miklos Szeredi <mszeredi(a)redhat.com> ovl: remove upper umask handling from ovl_create_upper() Michal Simek <michal.simek(a)amd.com> microblaze: Remove early printk call from cpuinfo-static.c Michal Simek <michal.simek(a)amd.com> microblaze: Remove gcc flag for non existing early_printk.c file Thomas Haemmerle <thomas.haemmerle(a)leica-geosystems.com> iio: pressure: dps310: support negative temperature values Arnd Bergmann <arnd(a)arndb.de> greybus: arche-ctrl: move device table to its right location Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: max3100: Fix bitwise types Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: max3100: Update uart_driver_registered on driver removal Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> serial: max3100: Lock port->lock when calling uart_handle_cts_change() Arnd Bergmann <arnd(a)arndb.de> firmware: dmi-id: add a release callback function Chen Ni <nichen(a)iscas.ac.cn> dmaengine: idma64: Add check for dma_set_max_seg_size Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> soundwire: cadence: fix invalid PDI offset Bard Liao <yung-chuan.liao(a)linux.intel.com> soundwire: cadence_master: improve PDI allocation Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> soundwire: intel: don't filter out PDI0/1 Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> soundwire: cadence/intel: simplify PDI/port mapping Namhyung Kim <namhyung(a)kernel.org> perf annotate: Get rid of duplicate --group option item Martin Liška <mliska(a)suse.cz> perf annotate: Add --demangle and --demangle-kernel Rui Miguel Silva <rmfrfs(a)gmail.com> greybus: lights: check return of get_channel_from_mode Arnaldo Carvalho de Melo <acme(a)redhat.com> perf probe: Add missing libgen.h header needed for using basename() Vitalii Bursov <vitaly(a)bursov.com> sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level Valentin Schneider <valentin.schneider(a)arm.com> sched/topology: Don't set SD_BALANCE_WAKE on cpuset domain relax Eric Dumazet <edumazet(a)google.com> af_packet: do not call packet_read_pending() from tpacket_destruct_skb() Eric Dumazet <edumazet(a)google.com> netrom: fix possible dead-lock in nr_rt_ioctl() Leon Romanovsky <leonro(a)nvidia.com> RDMA/IPoIB: Fix format truncation compilation errors Edward Liaw <edliaw(a)google.com> selftests/kcmp: remove unused open mode Gautam Menghani <gautammenghani201(a)gmail.com> selftests/kcmp: Make the test output consistent and clear Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Fix gss_free_in_token_pages() Aleksandr Aprelkov <aaprelkov(a)usergate.com> sunrpc: removed redundant procp check Jan Kara <jack(a)suse.cz> ext4: avoid excessive credit estimate in ext4_tmpfile() Adrian Hunter <adrian.hunter(a)intel.com> x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Use complete parentheses in macros Marek Vasut <marex(a)denx.de> drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector Steven Rostedt <rostedt(a)goodmis.org> ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value Huai-Yuan Liu <qq810974084(a)gmail.com> drm/arm/malidp: fix a possible null pointer dereference Randy Dunlap <rdunlap(a)infradead.org> fbdev: sh7760fb: allow modular build YueHaibing <yuehaibing(a)huawei.com> platform/x86: wmi: Make two functions static Ricardo Ribalda <ribalda(a)chromium.org> media: radio-shark2: Avoid led_names truncations Aleksandr Burakov <a.burakov(a)rosalinux.ru> media: ngene: Add dvb_ca_en50221_init return value check Arnd Bergmann <arnd(a)arndb.de> fbdev: sisfb: hide unused variables Arnd Bergmann <arnd(a)arndb.de> powerpc/fsl-soc: hide unused const variable Justin Green <greenjustin(a)chromium.org> drm/mediatek: Add 0 size check to mtk_drm_gem_obj Arnd Bergmann <arnd(a)arndb.de> fbdev: shmobile: fix snprintf truncation Maxim Korotkov <korotkov.maxim.s(a)gmail.com> mtd: rawnand: hynix: fixed typo Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Fix potential index out of bounds in color transformation function Hangbin Liu <liuhangbin(a)gmail.com> ipv6: sr: fix invalid unregister error path Hangbin Liu <liuhangbin(a)gmail.com> ipv6: sr: fix incorrect unregister order Hangbin Liu <liuhangbin(a)gmail.com> ipv6: sr: add missing seg6_local_exit Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: fix overwriting ct original tuple for ICMPv6 Eric Dumazet <edumazet(a)google.com> net: usb: smsc95xx: stop lying about skb->truesize Breno Leitao <leitao(a)debian.org> af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg Linus Walleij <linus.walleij(a)linaro.org> net: ethernet: cortina: Locking fixes Finn Thain <fthain(a)linux-m68k.org> m68k: mac: Fix reboot hang on Mac IIci Michael Schmitz <schmitzmic(a)gmail.com> m68k: Fix spinlock race in kernel thread creation Eric Dumazet <edumazet(a)google.com> net: usb: sr9700: stop lying about skb->truesize Eric Dumazet <edumazet(a)google.com> usb: aqc111: stop lying about skb->truesize Dan Carpenter <dan.carpenter(a)linaro.org> wifi: mwl8k: initialize cmd->addr[] properly Bui Quang Minh <minhquangbui99(a)gmail.com> scsi: qedf: Ensure the copied buf is NUL terminated Bui Quang Minh <minhquangbui99(a)gmail.com> scsi: bfa: Ensure the copied buf is NUL terminated Chen Ni <nichen(a)iscas.ac.cn> HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors Guenter Roeck <linux(a)roeck-us.net> Revert "sh: Handle calling csum_partial with misaligned data" Geert Uytterhoeven <geert+renesas(a)glider.be> sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe() Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> wifi: ar5523: enable proper endpoint verification Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> wifi: carl9170: add a proper sanity check for endpoints Finn Thain <fthain(a)linux-m68k.org> macintosh/via-macii: Fix "BUG: sleeping function called from invalid context" Eric Dumazet <edumazet(a)google.com> tcp: avoid premature drops in tcp_add_backlog() Lu Wei <luwei32(a)huawei.com> tcp: fix a signed-integer-overflow bug in tcp_add_backlog() Eric Dumazet <edumazet(a)google.com> tcp: minor optimization in tcp_add_backlog() Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> wifi: ath10k: populate board data for WCN3990 Su Hui <suhui(a)nfschina.com> wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() Ard Biesheuvel <ardb(a)kernel.org> x86/purgatory: Switch to the position-independent small code model Yuri Karpov <YKarpov(a)ispras.ru> scsi: hpsa: Fix allocation size for Scsi_Host private data Xingui Yang <yangxingui(a)huawei.com> scsi: libsas: Fix the failure of adding phy with zero-address to port Viresh Kumar <viresh.kumar(a)linaro.org> cpufreq: exit() callback is optional Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: Rearrange locking in cpufreq_remove_dev() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: Split cpufreq_offline() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: Reorganize checks in cpufreq_offline() Arnd Bergmann <arnd(a)arndb.de> ACPI: disable -Wstringop-truncation Zenghui Yu <yuzenghui(a)huawei.com> irqchip/alpine-msi: Fix off-by-one in allocation error path Andrew Halaney <ahalaney(a)redhat.com> scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL Andrew Halaney <ahalaney(a)redhat.com> scsi: ufs: core: Perform read back after disabling interrupts Andrew Halaney <ahalaney(a)redhat.com> scsi: ufs: cdns-pltfrm: Perform read back after writing HCLKDIV Andrew Halaney <ahalaney(a)redhat.com> scsi: ufs: qcom: Perform read back after writing reset bit Arnd Bergmann <arnd(a)arndb.de> qed: avoid truncating work queue length Guixiong Wei <weiguixiong(a)bytedance.com> x86/boot: Ignore relocations in .notes sections in walk_relocs() too Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath10k: poll service ready message before failing Yu Kuai <yukuai3(a)huawei.com> md: fix resync softlockup when bitmap size is less than array size Zhu Yanjun <yanjun.zhu(a)linux.dev> null_blk: Fix missing mutex_destroy() at module removal Ilya Denisyev <dev(a)elkcl.ru> jffs2: prevent xattr node from overflowing the eraseblock Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/cio: fix tracepoint subchannel type field Arnd Bergmann <arnd(a)arndb.de> crypto: ccp - drop platform ifdef checks Al Viro <viro(a)zeniv.linux.org.uk> parisc: add missing export of __cmpxchg_u8() Arnd Bergmann <arnd(a)arndb.de> nilfs2: fix out-of-range warning Brian Kubisiak <brian(a)kubisiak.com> ecryptfs: Fix buffer size for tag 66 packet Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> firmware: raspberrypi: Use correct device for DMA mappings Aleksandr Mishin <amishin(a)t-argos.ru> crypto: bcm - Fix pointer arithmetic Eric Sandeen <sandeen(a)redhat.com> openpromfs: finish conversion to the new mount API Nilay Shroff <nilay(a)linux.ibm.com> nvme: find numa distance only if controller has valid numa id Lancelot SIX <lancelot.six(a)amd.com> drm/amdkfd: Flush the process wq before creating a kfd_process Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: da7219-aad: fix usage of device_get_named_child_node() Derek Fang <derek.fang(a)realtek.com> ASoC: dt-bindings: rt5645: add cbj sleeve gpio property Derek Fang <derek.fang(a)realtek.com> ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating Joshua Ashton <joshua(a)froggi.es> drm/amd/display: Set color_mgmt_changed to true on unsuspend Daniele Palmas <dnlplm(a)gmail.com> net: usb: qmi_wwan: add Telit FN920C04 compositions Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix potential hang in nilfs_detach_log_writer() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix unexpected freezing of nilfs_segctor_sync() Thorsten Blum <thorsten.blum(a)toblux.com> net: smc91x: Fix m68k kernel compilation for ColdFire CPU Petr Pavlu <petr.pavlu(a)suse.com> ring-buffer: Fix a race between readers and resize checks Dan Carpenter <dan.carpenter(a)linaro.org> speakup: Fix sizeof() vs ARRAY_SIZE() bug Daniel Starke <daniel.starke(a)siemens.com> tty: n_gsm: fix possible out-of-bounds in gsm0_receive() Daniel J Blueman <daniel(a)quora.org> x86/tsc: Trust initial offset in architectural TSC-adjust MSRs ------------- Diffstat: Documentation/devicetree/bindings/sound/rt5645.txt | 6 + Makefile | 4 +- arch/arm64/boot/dts/hisilicon/hi3798cv200.dtsi | 2 +- arch/arm64/boot/dts/nvidia/tegra132-norrin.dts | 4 +- arch/arm64/boot/dts/nvidia/tegra132.dtsi | 2 +- arch/arm64/include/asm/asm-bug.h | 1 + arch/arm64/kvm/guest.c | 1 + arch/m68k/kernel/entry.S | 4 +- arch/m68k/mac/misc.c | 36 ++--- arch/microblaze/kernel/Makefile | 1 - arch/microblaze/kernel/cpu/cpuinfo-static.c | 2 +- arch/parisc/kernel/parisc_ksyms.c | 1 + arch/powerpc/include/asm/hvcall.h | 2 +- arch/powerpc/platforms/pseries/lpar.c | 6 +- arch/powerpc/platforms/pseries/lparcfg.c | 6 +- arch/powerpc/sysdev/fsl_msi.c | 2 + arch/sh/kernel/kprobes.c | 7 +- arch/sh/lib/checksum.S | 67 +++------ arch/sparc/include/asm/smp_64.h | 2 - arch/sparc/include/uapi/asm/termbits.h | 10 -- arch/sparc/include/uapi/asm/termios.h | 9 ++ arch/sparc/kernel/prom_64.c | 4 +- arch/sparc/kernel/setup_64.c | 1 - arch/sparc/kernel/smp_64.c | 14 -- arch/um/drivers/line.c | 14 +- arch/um/drivers/ubd_kern.c | 4 +- arch/um/include/asm/mmu.h | 2 - arch/um/include/shared/skas/mm_id.h | 2 + arch/x86/Kconfig.debug | 5 +- arch/x86/entry/vsyscall/vsyscall_64.c | 28 +--- arch/x86/include/asm/processor.h | 1 - arch/x86/kernel/apic/vector.c | 9 +- arch/x86/kernel/tsc_sync.c | 6 +- arch/x86/lib/x86-opcode-map.txt | 2 +- arch/x86/mm/fault.c | 27 +--- arch/x86/purgatory/Makefile | 3 +- arch/x86/tools/relocs.c | 9 ++ crypto/ecrdsa.c | 1 + drivers/acpi/acpica/Makefile | 1 + drivers/acpi/resource.c | 12 ++ drivers/android/binder.c | 4 +- drivers/ata/pata_legacy.c | 8 +- drivers/block/null_blk_main.c | 3 + drivers/char/ppdev.c | 21 ++- drivers/cpufreq/cpufreq.c | 85 ++++++----- drivers/crypto/bcm/spu2.c | 2 +- drivers/crypto/ccp/sp-platform.c | 14 +- drivers/crypto/qat/qat_common/adf_aer.c | 19 +-- drivers/dma-buf/sync_debug.c | 4 +- drivers/dma/idma64.c | 4 +- drivers/extcon/Kconfig | 3 +- drivers/firmware/dmi-id.c | 7 +- drivers/firmware/raspberrypi.c | 7 +- drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 3 + drivers/gpu/drm/amd/amdkfd/kfd_process.c | 8 ++ drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 1 + .../gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c | 5 + drivers/gpu/drm/arm/malidp_mw.c | 5 +- drivers/gpu/drm/mediatek/mtk_drm_gem.c | 3 + .../gpu/drm/msm/disp/dpu1/dpu_encoder_phys_cmd.c | 3 - drivers/gpu/drm/panel/panel-simple.c | 3 + drivers/hid/intel-ish-hid/ipc/pci-ish.c | 5 + drivers/hwtracing/intel_th/pci.c | 5 + drivers/hwtracing/stm/core.c | 11 +- drivers/iio/pressure/dps310.c | 11 +- drivers/infiniband/hw/hns/hns_roce_hem.h | 12 +- drivers/infiniband/ulp/ipoib/ipoib_vlan.c | 8 +- drivers/input/misc/ims-pcu.c | 4 +- drivers/input/misc/pm8xxx-vibrator.c | 7 +- drivers/irqchip/irq-alpine-msi.c | 2 +- drivers/macintosh/via-macii.c | 11 +- drivers/md/md-bitmap.c | 6 +- drivers/md/raid5.c | 15 +- drivers/media/cec/cec-adap.c | 3 +- drivers/media/cec/cec-api.c | 3 + drivers/media/dvb-frontends/lgdt3306a.c | 5 + drivers/media/dvb-frontends/mxl5xx.c | 22 +-- drivers/media/mc/mc-devnode.c | 5 +- drivers/media/pci/ngene/ngene-core.c | 4 +- drivers/media/radio/radio-shark2.c | 2 +- drivers/media/usb/stk1160/stk1160-video.c | 20 ++- drivers/media/v4l2-core/v4l2-dev.c | 3 + drivers/mmc/core/host.c | 3 +- drivers/mtd/nand/raw/nand_hynix.c | 2 +- drivers/net/ethernet/cisco/enic/enic_main.c | 12 ++ drivers/net/ethernet/cortina/gemini.c | 12 +- drivers/net/ethernet/freescale/fec_main.c | 10 ++ drivers/net/ethernet/freescale/fec_ptp.c | 14 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_main.c | 9 +- drivers/net/ethernet/smsc/smc91x.h | 4 +- drivers/net/ipvlan/ipvlan_core.c | 4 +- drivers/net/usb/aqc111.c | 8 +- drivers/net/usb/qmi_wwan.c | 3 + drivers/net/usb/smsc95xx.c | 120 ++++++++-------- drivers/net/usb/sr9700.c | 10 +- drivers/net/vxlan.c | 4 - drivers/net/wireless/ath/ar5523/ar5523.c | 14 ++ drivers/net/wireless/ath/ath10k/core.c | 3 + drivers/net/wireless/ath/ath10k/debugfs_sta.c | 2 +- drivers/net/wireless/ath/ath10k/hw.h | 1 + drivers/net/wireless/ath/ath10k/targaddrs.h | 3 + drivers/net/wireless/ath/ath10k/wmi.c | 26 +++- drivers/net/wireless/ath/carl9170/usb.c | 32 +++++ drivers/net/wireless/marvell/mwl8k.c | 2 +- .../net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 26 ++-- drivers/nvme/host/multipath.c | 3 +- drivers/nvme/target/configfs.c | 8 ++ drivers/platform/x86/xiaomi-wmi.c | 4 +- drivers/s390/cio/trace.h | 2 +- drivers/s390/crypto/ap_bus.c | 2 +- drivers/scsi/bfa/bfad_debugfs.c | 4 +- drivers/scsi/hpsa.c | 2 +- drivers/scsi/libsas/sas_expander.c | 3 +- drivers/scsi/qedf/qedf_debugfs.c | 2 +- drivers/scsi/qla2xxx/qla_init.c | 8 +- drivers/scsi/qla2xxx/qla_mr.c | 20 +-- drivers/scsi/ufs/cdns-pltfrm.c | 2 +- drivers/scsi/ufs/ufs-qcom.h | 12 +- drivers/scsi/ufs/ufshcd.c | 4 +- drivers/soundwire/cadence_master.c | 156 +++++---------------- drivers/soundwire/cadence_master.h | 34 +---- drivers/soundwire/intel.c | 134 ++++-------------- drivers/spi/spi-stm32.c | 2 +- drivers/spi/spi.c | 4 + drivers/staging/greybus/arche-apb-ctrl.c | 1 + drivers/staging/greybus/arche-platform.c | 9 +- drivers/staging/greybus/light.c | 8 +- drivers/staging/speakup/main.c | 2 +- drivers/tty/n_gsm.c | 8 +- drivers/tty/serial/max3100.c | 22 ++- drivers/tty/serial/sh-sci.c | 5 + drivers/usb/gadget/function/u_audio.c | 2 + drivers/video/fbdev/Kconfig | 4 +- drivers/video/fbdev/savage/savagefb_driver.c | 5 +- drivers/video/fbdev/sh_mobile_lcdcfb.c | 2 +- drivers/video/fbdev/sis/init301.c | 3 +- drivers/virtio/virtio_pci_common.c | 4 +- fs/afs/mntpt.c | 5 + fs/ecryptfs/keystore.c | 4 +- fs/ext4/namei.c | 2 +- fs/ext4/xattr.c | 4 +- fs/f2fs/inode.c | 6 + fs/f2fs/node.c | 2 +- fs/io_uring.c | 2 + fs/jffs2/xattr.c | 3 + fs/nfs/internal.h | 4 +- fs/nilfs2/ioctl.c | 2 +- fs/nilfs2/segment.c | 63 +++++++-- fs/openpromfs/inode.c | 8 +- fs/overlayfs/dir.c | 3 - include/linux/moduleparam.h | 2 + include/net/dst_ops.h | 2 +- include/net/sock.h | 13 +- include/trace/events/asoc.h | 2 + kernel/cgroup/cpuset.c | 2 +- kernel/debug/kdb/kdb_io.c | 99 +++++++------ kernel/irq/cpuhotplug.c | 16 +-- kernel/params.c | 18 +++ kernel/sched/topology.c | 9 +- kernel/trace/ring_buffer.c | 9 ++ net/9p/client.c | 2 + net/ipv4/netfilter/nf_tproxy_ipv4.c | 2 + net/ipv4/route.c | 22 ++- net/ipv4/tcp_dctcp.c | 13 +- net/ipv4/tcp_ipv4.c | 14 +- net/ipv6/route.c | 34 +++-- net/ipv6/seg6.c | 5 +- net/ipv6/seg6_hmac.c | 42 ++++-- net/netfilter/nfnetlink_queue.c | 2 + net/netrom/nr_route.c | 19 +-- net/nfc/nci/core.c | 17 ++- net/openvswitch/actions.c | 6 + net/openvswitch/flow.c | 3 +- net/packet/af_packet.c | 3 +- net/sunrpc/auth_gss/svcauth_gss.c | 12 +- net/sunrpc/clnt.c | 1 + net/sunrpc/svc.c | 2 - net/sunrpc/xprtsock.c | 18 --- net/unix/af_unix.c | 2 +- net/wireless/trace.h | 4 +- net/xdp/xsk.c | 2 + net/xfrm/xfrm_policy.c | 11 +- scripts/kconfig/symbol.c | 6 +- sound/core/timer.c | 10 ++ sound/soc/codecs/da7219-aad.c | 6 +- sound/soc/codecs/rt5645.c | 25 ++++ tools/arch/x86/lib/x86-opcode-map.txt | 2 +- tools/lib/subcmd/parse-options.c | 8 +- tools/perf/Documentation/perf-annotate.txt | 7 + tools/perf/builtin-annotate.c | 6 +- tools/perf/ui/browser.c | 26 ++-- tools/perf/ui/browser.h | 2 +- tools/perf/ui/browsers/annotate.c | 2 +- tools/perf/ui/setup.c | 5 +- tools/perf/ui/tui/helpline.c | 5 +- tools/perf/ui/tui/progress.c | 8 +- tools/perf/ui/tui/setup.c | 12 +- tools/perf/ui/tui/util.c | 18 +-- tools/perf/ui/ui.h | 4 +- tools/perf/util/probe-event.c | 1 + tools/perf/util/stat-display.c | 3 + tools/testing/selftests/kcmp/kcmp_test.c | 8 +- 203 files changed, 1153 insertions(+), 1030 deletions(-)

1 year, 3 months

7
210
0 0

Linux 6.9.5

by Greg Kroah-Hartman

I'm announcing the release of the 6.9.5 kernel. All users of the 6.9 kernel series must upgrade. The updated 6.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.9.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/mm/arch_pgtable_helpers.rst | 6 Documentation/networking/af_xdp.rst | 33 +-- Makefile | 7 arch/arm/boot/dts/samsung/exynos4210-smdkv310.dts | 2 arch/arm/boot/dts/samsung/exynos4412-origen.dts | 2 arch/arm/boot/dts/samsung/exynos4412-smdk4412.dts | 2 arch/arm64/boot/dts/hisilicon/hi3798cv200.dtsi | 2 arch/arm64/boot/dts/nvidia/tegra132-norrin.dts | 4 arch/arm64/boot/dts/nvidia/tegra132.dtsi | 2 arch/arm64/boot/dts/qcom/qcs404-evb.dtsi | 2 arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 5 arch/arm64/boot/dts/ti/k3-am62-verdin.dtsi | 2 arch/arm64/kvm/guest.c | 3 arch/arm64/kvm/hyp/aarch32.c | 18 + arch/loongarch/include/asm/numa.h | 1 arch/loongarch/include/asm/stackframe.h | 2 arch/loongarch/kernel/head.S | 2 arch/loongarch/kernel/setup.c | 2 arch/loongarch/kernel/smp.c | 5 arch/loongarch/kernel/vmlinux.lds.S | 10 arch/parisc/include/asm/page.h | 1 arch/parisc/include/asm/signal.h | 12 - arch/parisc/include/uapi/asm/signal.h | 10 arch/powerpc/mm/book3s64/pgtable.c | 1 arch/powerpc/net/bpf_jit_comp32.c | 12 + arch/powerpc/net/bpf_jit_comp64.c | 42 ++- arch/riscv/Kconfig | 2 arch/riscv/boot/dts/starfive/jh7110-starfive-visionfive-2.dtsi | 1 arch/s390/include/asm/cpacf.h | 109 ++++++++-- arch/s390/include/asm/pgtable.h | 4 arch/sparc/include/asm/smp_64.h | 2 arch/sparc/include/uapi/asm/termbits.h | 10 arch/sparc/include/uapi/asm/termios.h | 9 arch/sparc/kernel/prom_64.c | 4 arch/sparc/kernel/setup_64.c | 1 arch/sparc/kernel/smp_64.c | 14 - arch/sparc/mm/tlb.c | 1 arch/x86/kernel/cpu/topology_amd.c | 4 arch/x86/kvm/svm/svm.c | 27 +- arch/x86/mm/pgtable.c | 2 crypto/ecdsa.c | 3 crypto/ecrdsa.c | 1 drivers/acpi/apei/einj-core.c | 2 drivers/acpi/resource.c | 12 + drivers/ata/pata_legacy.c | 8 drivers/char/tpm/tpm_tis_core.c | 3 drivers/clk/bcm/clk-bcm2711-dvp.c | 3 drivers/clk/bcm/clk-raspberrypi.c | 2 drivers/clk/qcom/apss-ipq-pll.c | 30 ++ drivers/clk/qcom/clk-alpha-pll.c | 2 drivers/cpufreq/amd-pstate.c | 2 drivers/crypto/intel/qat/qat_common/adf_aer.c | 19 - drivers/crypto/starfive/jh7110-rsa.c | 1 drivers/edac/amd64_edac.c | 8 drivers/edac/igen6_edac.c | 4 drivers/firmware/efi/libstub/loongarch.c | 2 drivers/firmware/qcom/qcom_scm.c | 18 + drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_atomfirmware.c | 15 + drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 3 drivers/gpu/drm/amd/amdkfd/kfd_device.c | 11 - drivers/gpu/drm/amd/include/atomfirmware.h | 43 +++ drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c | 20 + drivers/gpu/drm/drm_fbdev_generic.c | 1 drivers/gpu/drm/i915/i915_hwmon.c | 46 ++-- drivers/gpu/drm/xe/xe_bb.c | 3 drivers/hid/i2c-hid/i2c-hid-of-elan.c | 59 ++++- drivers/hwmon/ltc2992.c | 4 drivers/hwtracing/intel_th/pci.c | 5 drivers/i2c/i2c-core-acpi.c | 19 + drivers/i3c/master/svc-i3c-master.c | 16 + drivers/irqchip/irq-riscv-intc.c | 9 drivers/md/bcache/bset.c | 44 ++-- drivers/md/bcache/bset.h | 28 +- drivers/md/bcache/btree.c | 40 +-- drivers/md/bcache/super.c | 5 drivers/md/bcache/sysfs.c | 2 drivers/md/bcache/writeback.c | 10 drivers/md/raid5.c | 15 - drivers/media/dvb-frontends/lgdt3306a.c | 5 drivers/media/dvb-frontends/mxl5xx.c | 22 +- drivers/media/i2c/ov2740.c | 11 - drivers/media/mc/mc-devnode.c | 5 drivers/media/mc/mc-entity.c | 6 drivers/media/pci/mgb4/mgb4_core.c | 7 drivers/media/v4l2-core/v4l2-async.c | 12 - drivers/media/v4l2-core/v4l2-dev.c | 3 drivers/mmc/core/slot-gpio.c | 20 + drivers/mmc/host/davinci_mmc.c | 4 drivers/mmc/host/sdhci-acpi.c | 61 +++++ drivers/mmc/host/sdhci.c | 10 drivers/mmc/host/sdhci.h | 3 drivers/net/bonding/bond_main.c | 13 - drivers/net/vxlan/vxlan_core.c | 8 drivers/net/wireless/ath/ath10k/Kconfig | 1 drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu.h | 9 drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 32 +- drivers/net/wireless/realtek/rtlwifi/rtl8192de/phy.c | 4 drivers/net/wireless/realtek/rtlwifi/rtl8192de/trx.c | 21 - drivers/net/wireless/realtek/rtlwifi/rtl8192de/trx.h | 79 +------ drivers/net/wireless/realtek/rtw89/mac80211.c | 2 drivers/net/wireless/realtek/rtw89/pci.c | 3 drivers/platform/chrome/cros_ec.c | 16 - drivers/s390/crypto/ap_bus.c | 2 drivers/scsi/scsi.c | 7 drivers/soc/qcom/cmd-db.c | 32 ++ drivers/soc/qcom/rpmh-rsc.c | 3 drivers/thermal/qcom/lmh.c | 3 drivers/video/fbdev/savage/savagefb_driver.c | 5 drivers/watchdog/rti_wdt.c | 34 +-- fs/9p/vfs_dentry.c | 9 fs/afs/mntpt.c | 5 fs/btrfs/disk-io.c | 10 fs/btrfs/extent_io.c | 60 ++--- fs/btrfs/qgroup.c | 34 ++- fs/btrfs/super.c | 8 fs/btrfs/tree-log.c | 17 + fs/erofs/decompressor_deflate.c | 55 ++--- fs/ext4/inode.c | 2 fs/ext4/mballoc.h | 2 fs/ext4/xattr.c | 4 fs/f2fs/inode.c | 6 fs/iomap/buffered-io.c | 2 fs/nfs/internal.h | 4 fs/nfs/nfs4proc.c | 2 fs/nilfs2/dir.c | 2 fs/nilfs2/segment.c | 3 fs/proc/base.c | 2 fs/proc/fd.c | 42 +-- fs/proc/task_mmu.c | 9 fs/smb/client/cifspdu.h | 2 fs/smb/client/inode.c | 4 fs/smb/client/smb2ops.c | 3 fs/smb/client/smb2transport.c | 2 fs/tracefs/event_inode.c | 13 - fs/tracefs/inode.c | 33 +-- fs/verity/init.c | 7 include/linux/ksm.h | 17 + include/linux/mm_types.h | 2 include/linux/mmc/slot-gpio.h | 1 include/linux/pagemap.h | 34 +-- include/net/tcp_ao.h | 7 include/soc/qcom/cmd-db.h | 10 io_uring/io_uring.h | 2 io_uring/napi.c | 24 +- kernel/debug/kdb/kdb_io.c | 99 +++++---- kernel/irq/irqdesc.c | 5 kernel/trace/bpf_trace.c | 8 mm/cma.c | 4 mm/huge_memory.c | 49 ++-- mm/hugetlb.c | 22 +- mm/kmsan/core.c | 15 + mm/ksm.c | 17 - mm/memory-failure.c | 4 mm/pgtable-generic.c | 2 mm/vmalloc.c | 5 net/9p/client.c | 2 net/ipv4/tcp_ao.c | 13 - net/ipv6/route.c | 5 net/xdp/xsk.c | 5 sound/core/seq/seq_ump_convert.c | 2 sound/core/ump.c | 7 sound/core/ump_convert.c | 1 sound/soc/sof/ipc4-topology.c | 8 tools/perf/builtin-record.c | 6 tools/testing/selftests/bpf/prog_tests/uprobe_multi_test.c | 2 tools/testing/selftests/mm/compaction_test.c | 22 +- tools/testing/selftests/mm/gup_test.c | 1 tools/testing/selftests/mm/uffd-common.h | 1 tools/testing/selftests/net/lib.sh | 17 - tools/tracing/rtla/src/timerlat_hist.c | 60 +++-- 171 files changed, 1371 insertions(+), 794 deletions(-) Adrian Hunter (1): mmc: sdhci: Add support for "Tuning Error" interrupts Alex Deucher (1): Revert "drm/amdkfd: fix gfx_target_version for certain 11.0.3 devices" Alexander Potapenko (1): kmsan: do not wipe out origin when doing partial unpoisoning Alexander Shishkin (1): intel_th: pci: Add Meteor Lake-S CPU support Alexander Stein (1): media: v4l: async: Fix notifier list entry init Andrii Nakryiko (1): bpf: fix multi-uprobe PID filtering logic Anna Schumaker (1): NFS: Fix READ_PLUS when server doesn't support OP_READ_PLUS Arnaldo Carvalho de Melo (1): Revert "perf record: Reduce memory for recording PERF_RECORD_LOST_SAMPLES event" Ashutosh Dixit (1): drm/i915/hwmon: Get rid of devm Baokun Li (2): ext4: set type of ac_groups_linear_remaining to __u32 to avoid overflow ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() Bitterblue Smith (4): wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU wifi: rtlwifi: rtl8192de: Fix 5 GHz TX power wifi: rtlwifi: rtl8192de: Fix low speed with WPA3-SAE wifi: rtlwifi: rtl8192de: Fix endianness issue in RX path Bob Zhou (1): drm/amdgpu: add error handle to avoid out-of-bounds Boris Burkov (1): btrfs: qgroup: fix qgroup id collision across mounts Cai Xinchen (1): fbdev: savage: Handle err return when savagefb_check_var failed Chao Yu (1): f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() Chengming Zhou (2): mm/ksm: fix ksm_pages_scanned accounting mm/ksm: fix ksm_zero_pages accounting Christoffer Sandberg (1): ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx Dan Carpenter (1): btrfs: qgroup: fix initialization of auto inherit array Dan Williams (1): ACPI: APEI: EINJ: Fix einj_dev release leak Daniel Borkmann (1): vxlan: Fix regression when dropping packets due to invalid src addresses Daniel Thompson (5): kdb: Fix buffer overflow during tab-complete kdb: Use format-strings rather than '\0' injection in kdb_read() kdb: Fix console handling when editing and tab-completing commands kdb: Merge identical case statements in kdb_read() kdb: Use format-specifiers rather than memset() for padding in kdb_read() David Sterba (1): btrfs: qgroup: update rescan message levels and error codes Dev Jain (2): selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages selftests/mm: compaction_test: fix bogus test success on Aarch64 Dhananjay Ugwekar (1): cpufreq: amd-pstate: Fix the inconsistency in max frequency units Dmitry Baryshkov (1): wifi: ath10k: fix QCOM_RPROC_COMMON dependency Dmitry Safonov (1): net/tcp: Don't consider TCP_CLOSE in TCP_AO_ESTABLISHED Dominique Martinet (1): 9p: add missing locking around taking dentry fid list Enzo Matsumiya (1): smb: client: fix deadlock in smb2_find_smb_tcon() Eric Biggers (1): fsverity: use register_sysctl_init() to avoid kmemleak warning Filipe Manana (1): btrfs: fix leak of qgroup extent records after transaction abort Frank Li (1): i3c: master: svc: fix invalidate IBI type and miss call client IBI handler Frank van der Linden (2): mm/cma: drop incorrect alignment check in cma_init_reserved_mem mm/hugetlb: pass correct order_per_bit to cma_declare_contiguous_nid Gabor Juhos (3): firmware: qcom_scm: disable clocks if qcom_scm_bw_enable() fails clk: qcom: clk-alpha-pll: fix rate setting for Stromer PLLs clk: qcom: apss-ipq-pll: use stromer ops for IPQ5018 to fix boot failure Gao Xiang (1): erofs: avoid allocating DEFLATE streams before mounting Greg Kroah-Hartman (1): Linux 6.9.5 Hailong.Liu (1): mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL Hamish Martin (1): i2c: acpi: Unbind mux adapters before delete Hans Verkuil (2): media: mc: mark the media devnode as registered from the, start media: v4l2-core: hold videodev_lock until dev reg, finishes Hans de Goede (5): mmc: core: Add mmc_gpiod_set_cd_config() function mmc: sdhci-acpi: Sort DMI quirks alphabetically mmc: sdhci-acpi: Fix Lenovo Yoga Tablet 2 Pro 1380 sdcard slot not working mmc: sdhci-acpi: Disable write protect detection on Toshiba WT10-A mmc: sdhci-acpi: Add quirk to enable pull-up on the card-detect GPIO on Asus T100TA Hao Ge (1): eventfs: Fix a possible null pointer dereference in eventfs_find_events() Harald Freudenberger (3): s390/ap: Fix crash in AP internal function modify_bitmap() s390/cpacf: Split and rework cpacf query functions s390/cpacf: Make use of invalid opcode produce a link error Hari Bathini (1): powerpc/64/bpf: fix tail calls for PCREL addressing Helge Deller (2): parisc: Define HAVE_ARCH_HUGETLB_UNMAPPED_AREA parisc: Define sigset_t in parisc uapi header Herbert Xu (1): crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak Ilpo Järvinen (2): EDAC/amd64: Convert PCIBIOS_* return codes to errnos EDAC/igen6: Convert PCIBIOS_* return codes to errnos Jan Beulich (1): tpm_tis: Do *not* flush uninitialized work Javier Carrasco (1): hwmon: (ltc2992) Fix memory leak in ltc2992_parse_dt() Jens Axboe (2): io_uring/napi: fix timeout calculation io_uring: check for non-NULL file pointer in io_file_can_poll() Jia Jie Ho (1): crypto: starfive - Do not free stack buffer Jiaxun Yang (4): LoongArch: Add all CPUs enabled by fdt to NUMA node 0 LoongArch: Fix built-in DTB detection LoongArch: Override higher address bits in JUMP_VIRT_ADDR LoongArch: Fix entry point in kernel image header Johan Hovold (3): arm64: dts: qcom: qcs404: fix bluetooth device address arm64: dts: qcom: sc8280xp: add missing PCIe minimum OPP HID: i2c-hid: elan: fix reset suspend current leakage John Kacur (1): rtla/timerlat: Fix histogram report when a cpu count is 0 Judith Mendez (1): watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a safety margin Karthikeyan Ramasubramanian (1): platform/chrome: cros_ec: Handle events during suspend after resume completion Konrad Dybcio (1): thermal/drivers/qcom/lmh: Check for SCM availability at probe Krzysztof Kozlowski (4): arm64: tegra: Correct Tegra132 I2C alias ARM: dts: samsung: smdkv310: fix keypad no-autorepeat ARM: dts: samsung: smdk4412: fix keypad no-autorepeat ARM: dts: samsung: exynos4412-origen: fix keypad no-autorepeat Lang Yu (1): drm/amdkfd: handle duplicate BOs in reserve_bo_and_cond_vms Li Ma (1): drm/amdgpu/atomfirmware: add intergrated info v2.3 table Magnus Karlsson (2): Revert "xsk: Support redirect to any socket bound to the same umem" Revert "xsk: Document ability to redirect to any socket bound to the same umem" Marc Dionne (1): afs: Don't cross .backup mountpoint from backup volume Marc Zyngier (3): KVM: arm64: Fix AArch32 register narrowing on userspace write KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode KVM: arm64: AArch32: Fix spurious trapping of conditional instructions Mario Limonciello (1): drm/amd: Fix shutdown (again) on some SMU v13.0.4/11 platforms Martin K. Petersen (1): scsi: core: Handle devices which return an unusually large VPD page count Martin Kaistra (1): wifi: rtl8xxxu: enable MFP support with security flag of RX descriptor Martin Tůma (1): media: mgb4: Fix double debugfs remove Matthew Auld (1): drm/xe/bb: assert width in xe_bb_create_job() Matthew Mirvish (1): bcache: fix variable length array abuse in btree_iter Matthieu Baerts (NGI0) (2): selftests: net: lib: support errexit with busywait selftests: net: lib: avoid error removing empty netns name Maulik Shah (1): soc: qcom: rpmh-rsc: Enhance check for VRM in-flight request Max Krummenacher (1): arm64: dts: ti: verdin-am62: Set memory size to 2gb Miaohe Lin (1): mm/memory-failure: fix handling of dissolved but not taken off from buddy pages Michael Ellerman (1): selftests/mm: fix build warnings on ppc64 Mike Gilbert (1): sparc: move struct termio to asm/termios.h Nam Cao (1): riscv: enable HAVE_ARCH_HUGE_VMAP for XIP kernel Nathan Chancellor (4): media: mxl5xx: Move xpt structures off stack clk: bcm: dvp: Assign ->num before accessing ->hws clk: bcm: rpi: Assign ->num before accessing ->hws kbuild: Remove support for Clang's ThinLTO caching Nikita Zhandarovich (1): net/9p: fix uninit-value in p9_client_rpc() Omar Sandoval (1): btrfs: fix crash on racing fsync and size-extending write into prealloc Oscar Salvador (1): mm/hugetlb: do not call vma_add_reservation upon ENOMEM Peter Ujfalusi (1): ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension Ping-Ke Shih (2): wifi: rtw89: correct aSIFSTime for 6GHz band wifi: rtw89: pci: correct TX resource checking for PCI DMA channel of firmware command Puranjay Mohan (1): powerpc/bpf: enforce full ordering for ATOMIC operations with BPF_FETCH Qu Wenruo (2): btrfs: protect folio::private when attaching extent buffer folios btrfs: re-introduce 'norecovery' mount option Ritesh Harjani (IBM) (1): ext4: Fixes len calculation in mpage_journal_page_buffers Ryan Roberts (1): mm: fix race between __split_huge_pmd_locked() and GUP-fast Ryusuke Konishi (2): nilfs2: fix potential kernel bug due to lack of writeback flag waiting nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors Sakari Ailus (3): media: ov2740: Fix LINK_FREQ and PIXEL_RATE control value reporting media: v4l: async: Properly re-initialise notifier entry in unregister media: v4l: async: Don't set notifier's V4L2 device if registering fails Sam Ravnborg (1): sparc64: Fix number of online CPUs Sean Christopherson (1): KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked Sergey Shtylyov (2): ata: pata_legacy: make legacy_exit() work again nfs: fix undefined behavior in nfs_block_bits() Shengyu Qu (1): riscv: dts: starfive: Remove PMIC interrupt info for Visionfive 2 board Stefan Berger (1): crypto: ecdsa - Fix module auto-load on add-key Steve French (1): cifs: fix creating sockets when using sfu mount options Steven Rostedt (Google) (2): eventfs: Keep the directories from having the same inode number as files tracefs: Clear EVENT_INODE flag in tracefs_drop_inode() Sunil V L (1): irqchip/riscv-intc: Prevent memory leak when riscv_intc_init_common() fails Takashi Iwai (3): ALSA: ump: Don't clear bank selection after sending a program change ALSA: ump: Don't accept an invalid UMP protocol number ALSA: seq: Fix incorrect UMP type for system messages Thomas Gleixner (1): x86/topology/amd: Evaluate SMT in CPUID leaf 0x8000001e only on family 0x17 and greater Thomas Zimmermann (1): drm/fbdev-generic: Do not set physical framebuffer address Tomi Valkeinen (1): media: mc: Fix graph walk in media_pipeline_start Tony Battersby (1): bonding: fix oops during rmmod Tyler Hicks (Microsoft) (1): proc: Move fdinfo PTRACE_MODE_READ check into the inode .permission operation Uwe Kleine-König (1): mmc: davinci: Don't strip remove function when driver is builtin Vitaly Chikunov (1): crypto: ecrdsa - Fix module auto-load on add_key Xu Yang (2): filemap: add helper mapping_max_folio_size() iomap: fault in smaller chunks for non-large folio mappings Yang Xiwen (1): arm64: dts: hi3798cv200: fix the size of GICR Yu Kuai (1): md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING Yuanyuan Zhong (1): mm: /proc/pid/smaps_rollup: avoid skipping vma after getting mmap_lock again Zheyu Ma (1): media: lgdt3306a: Add a check against null-pointer-def dicken.ding (1): genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after() xu xin (1): net/ipv6: Fix route deleting failure when metric equals 0

1 year, 3 months

1
1
0 0

Linux 6.6.34

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.34 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/mm/arch_pgtable_helpers.rst | 6 Makefile | 7 arch/arm/boot/dts/samsung/exynos4210-smdkv310.dts | 2 arch/arm/boot/dts/samsung/exynos4412-origen.dts | 2 arch/arm/boot/dts/samsung/exynos4412-smdk4412.dts | 2 arch/arm64/boot/dts/hisilicon/hi3798cv200.dtsi | 2 arch/arm64/boot/dts/nvidia/tegra132-norrin.dts | 4 arch/arm64/boot/dts/nvidia/tegra132.dtsi | 2 arch/arm64/boot/dts/qcom/qcs404-evb.dtsi | 2 arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 5 arch/arm64/boot/dts/ti/k3-am62-verdin.dtsi | 2 arch/arm64/kvm/guest.c | 3 arch/arm64/kvm/hyp/aarch32.c | 18 + arch/loongarch/include/asm/numa.h | 1 arch/loongarch/include/asm/stackframe.h | 2 arch/loongarch/kernel/smp.c | 5 arch/parisc/include/asm/page.h | 1 arch/parisc/include/asm/signal.h | 12 arch/parisc/include/uapi/asm/signal.h | 10 arch/powerpc/mm/book3s64/pgtable.c | 1 arch/powerpc/net/bpf_jit_comp32.c | 12 arch/powerpc/net/bpf_jit_comp64.c | 12 arch/riscv/boot/dts/starfive/jh7110-starfive-visionfive-2.dtsi | 1 arch/riscv/kernel/signal.c | 85 +++---- arch/s390/include/asm/cpacf.h | 109 +++++++-- arch/s390/include/asm/pgtable.h | 4 arch/sparc/include/asm/smp_64.h | 2 arch/sparc/include/uapi/asm/termbits.h | 10 arch/sparc/include/uapi/asm/termios.h | 9 arch/sparc/kernel/prom_64.c | 4 arch/sparc/kernel/setup_64.c | 1 arch/sparc/kernel/smp_64.c | 14 - arch/sparc/mm/tlb.c | 1 arch/x86/kvm/svm/svm.c | 27 +- arch/x86/mm/pgtable.c | 2 crypto/ecdsa.c | 3 crypto/ecrdsa.c | 1 drivers/acpi/resource.c | 12 drivers/ata/pata_legacy.c | 8 drivers/char/tpm/tpm_tis_core.c | 3 drivers/clk/bcm/clk-bcm2711-dvp.c | 3 drivers/clk/bcm/clk-raspberrypi.c | 2 drivers/clk/qcom/clk-alpha-pll.c | 2 drivers/cpufreq/amd-pstate.c | 2 drivers/crypto/intel/qat/qat_common/adf_aer.c | 19 - drivers/edac/amd64_edac.c | 8 drivers/edac/igen6_edac.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_atomfirmware.c | 15 + drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 3 drivers/gpu/drm/amd/amdkfd/kfd_device.c | 11 drivers/gpu/drm/amd/include/atomfirmware.h | 43 +++ drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c | 20 - drivers/gpu/drm/drm_fbdev_generic.c | 1 drivers/gpu/drm/i915/i915_hwmon.c | 46 ++- drivers/gpu/drm/sun4i/sun4i_hdmi_enc.c | 47 +-- drivers/hid/i2c-hid/i2c-hid-of-elan.c | 59 +++- drivers/hwtracing/intel_th/pci.c | 5 drivers/i2c/i2c-core-acpi.c | 19 + drivers/i3c/master/svc-i3c-master.c | 16 + drivers/md/bcache/bset.c | 44 +-- drivers/md/bcache/bset.h | 28 +- drivers/md/bcache/btree.c | 40 +-- drivers/md/bcache/super.c | 5 drivers/md/bcache/sysfs.c | 2 drivers/md/bcache/writeback.c | 10 drivers/md/raid5.c | 15 - drivers/media/dvb-frontends/lgdt3306a.c | 5 drivers/media/dvb-frontends/mxl5xx.c | 22 - drivers/media/mc/mc-devnode.c | 5 drivers/media/mc/mc-entity.c | 6 drivers/media/v4l2-core/v4l2-async.c | 12 drivers/media/v4l2-core/v4l2-dev.c | 3 drivers/mmc/core/host.c | 3 drivers/mmc/core/slot-gpio.c | 20 + drivers/mmc/host/davinci_mmc.c | 4 drivers/mmc/host/sdhci-acpi.c | 61 ++++- drivers/mmc/host/sdhci.c | 10 drivers/mmc/host/sdhci.h | 3 drivers/net/bonding/bond_main.c | 13 - drivers/net/phy/sfp-bus.c | 8 drivers/net/vxlan/vxlan_core.c | 4 drivers/net/wireless/ath/ath10k/Kconfig | 1 drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 25 -- drivers/net/wireless/realtek/rtlwifi/rtl8192de/phy.c | 4 drivers/net/wireless/realtek/rtlwifi/rtl8192de/trx.c | 21 - drivers/net/wireless/realtek/rtlwifi/rtl8192de/trx.h | 79 +----- drivers/net/wireless/realtek/rtw89/mac80211.c | 2 drivers/net/wireless/realtek/rtw89/pci.c | 3 drivers/platform/chrome/cros_ec.c | 16 - drivers/s390/crypto/ap_bus.c | 2 drivers/scsi/scsi.c | 7 drivers/soc/qcom/cmd-db.c | 32 ++ drivers/soc/qcom/rpmh-rsc.c | 3 drivers/thermal/qcom/lmh.c | 3 drivers/video/fbdev/savage/savagefb_driver.c | 5 drivers/watchdog/rti_wdt.c | 34 +- fs/9p/vfs_dentry.c | 9 fs/afs/mntpt.c | 5 fs/btrfs/disk-io.c | 10 fs/btrfs/tree-log.c | 17 - fs/erofs/decompressor_deflate.c | 55 ++-- fs/ext4/inode.c | 2 fs/ext4/mballoc.h | 2 fs/ext4/xattr.c | 4 fs/f2fs/inode.c | 6 fs/iomap/buffered-io.c | 2 fs/nfs/internal.h | 4 fs/nfs/nfs4proc.c | 2 fs/proc/base.c | 2 fs/proc/fd.c | 42 +-- fs/proc/task_mmu.c | 9 fs/smb/client/smb2transport.c | 2 fs/tracefs/event_inode.c | 13 - fs/tracefs/inode.c | 33 +- fs/verity/init.c | 7 include/linux/ksm.h | 17 + include/linux/mm_types.h | 2 include/linux/mmc/slot-gpio.h | 1 include/linux/pagemap.h | 34 +- include/linux/smp.h | 2 include/net/dst_ops.h | 2 include/net/sock.h | 13 - include/soc/qcom/cmd-db.h | 10 init/main.c | 1 kernel/debug/kdb/kdb_io.c | 99 ++++---- kernel/irq/irqdesc.c | 5 mm/cma.c | 4 mm/huge_memory.c | 49 ++-- mm/hugetlb.c | 6 mm/kmsan/core.c | 15 - mm/ksm.c | 17 - mm/pgtable-generic.c | 2 mm/vmalloc.c | 5 mm/workingset.c | 2 net/9p/client.c | 2 net/ipv4/route.c | 22 - net/ipv6/route.c | 34 +- net/mptcp/protocol.h | 3 net/mptcp/sockopt.c | 121 ++++++---- net/xfrm/xfrm_policy.c | 11 sound/core/seq/seq_ump_convert.c | 2 sound/core/ump.c | 7 sound/core/ump_convert.c | 1 sound/soc/sof/ipc4-topology.c | 8 tools/testing/selftests/mm/compaction_test.c | 2 tools/testing/selftests/mm/gup_test.c | 1 tools/testing/selftests/mm/uffd-common.h | 1 tools/testing/selftests/net/Makefile | 4 tools/testing/selftests/net/net_helper.sh | 25 ++ tools/testing/selftests/net/udpgro.sh | 13 - tools/testing/selftests/net/udpgro_bench.sh | 5 tools/testing/selftests/net/udpgro_frglist.sh | 5 tools/tracing/rtla/src/timerlat_hist.c | 60 +++- 154 files changed, 1329 insertions(+), 807 deletions(-) Adrian Hunter (1): mmc: sdhci: Add support for "Tuning Error" interrupts Alex Deucher (1): Revert "drm/amdkfd: fix gfx_target_version for certain 11.0.3 devices" Alexander Potapenko (1): kmsan: do not wipe out origin when doing partial unpoisoning Alexander Shishkin (1): intel_th: pci: Add Meteor Lake-S CPU support Alexander Stein (1): media: v4l: async: Fix notifier list entry init Anna Schumaker (1): NFS: Fix READ_PLUS when server doesn't support OP_READ_PLUS Ashutosh Dixit (1): drm/i915/hwmon: Get rid of devm Baokun Li (2): ext4: set type of ac_groups_linear_remaining to __u32 to avoid overflow ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() Bitterblue Smith (4): wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU wifi: rtlwifi: rtl8192de: Fix 5 GHz TX power wifi: rtlwifi: rtl8192de: Fix low speed with WPA3-SAE wifi: rtlwifi: rtl8192de: Fix endianness issue in RX path Bob Zhou (1): drm/amdgpu: add error handle to avoid out-of-bounds Cai Xinchen (1): fbdev: savage: Handle err return when savagefb_check_var failed Chao Yu (1): f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() Chengming Zhou (2): mm/ksm: fix ksm_pages_scanned accounting mm/ksm: fix ksm_zero_pages accounting Christoffer Sandberg (1): ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx Daniel Borkmann (1): vxlan: Fix regression when dropping packets due to invalid src addresses Daniel Thompson (5): kdb: Fix buffer overflow during tab-complete kdb: Use format-strings rather than '\0' injection in kdb_read() kdb: Fix console handling when editing and tab-completing commands kdb: Merge identical case statements in kdb_read() kdb: Use format-specifiers rather than memset() for padding in kdb_read() Dev Jain (1): selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages Dhananjay Ugwekar (1): cpufreq: amd-pstate: Fix the inconsistency in max frequency units Dmitry Baryshkov (1): wifi: ath10k: fix QCOM_RPROC_COMMON dependency Dominique Martinet (1): 9p: add missing locking around taking dentry fid list Enzo Matsumiya (1): smb: client: fix deadlock in smb2_find_smb_tcon() Eric Biggers (1): fsverity: use register_sysctl_init() to avoid kmemleak warning Eric Dumazet (1): net: fix __dst_negative_advice() race Filipe Manana (1): btrfs: fix leak of qgroup extent records after transaction abort Frank Li (1): i3c: master: svc: fix invalidate IBI type and miss call client IBI handler Frank van der Linden (2): mm/cma: drop incorrect alignment check in cma_init_reserved_mem mm/hugetlb: pass correct order_per_bit to cma_declare_contiguous_nid Gabor Juhos (1): clk: qcom: clk-alpha-pll: fix rate setting for Stromer PLLs Gao Xiang (1): erofs: avoid allocating DEFLATE streams before mounting Greg Kroah-Hartman (1): Linux 6.6.34 Hailong.Liu (1): mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL Hamish Martin (1): i2c: acpi: Unbind mux adapters before delete Hans Verkuil (2): media: mc: mark the media devnode as registered from the, start media: v4l2-core: hold videodev_lock until dev reg, finishes Hans de Goede (5): mmc: core: Add mmc_gpiod_set_cd_config() function mmc: sdhci-acpi: Sort DMI quirks alphabetically mmc: sdhci-acpi: Fix Lenovo Yoga Tablet 2 Pro 1380 sdcard slot not working mmc: sdhci-acpi: Disable write protect detection on Toshiba WT10-A mmc: sdhci-acpi: Add quirk to enable pull-up on the card-detect GPIO on Asus T100TA Hao Ge (1): eventfs: Fix a possible null pointer dereference in eventfs_find_events() Haorong Lu (1): riscv: signal: handle syscall restart before get_signal Harald Freudenberger (3): s390/ap: Fix crash in AP internal function modify_bitmap() s390/cpacf: Split and rework cpacf query functions s390/cpacf: Make use of invalid opcode produce a link error Helge Deller (2): parisc: Define HAVE_ARCH_HUGETLB_UNMAPPED_AREA parisc: Define sigset_t in parisc uapi header Herbert Xu (1): crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak Ilpo Järvinen (2): EDAC/amd64: Convert PCIBIOS_* return codes to errnos EDAC/igen6: Convert PCIBIOS_* return codes to errnos Ingo Molnar (1): smp: Provide 'setup_max_cpus' definition on UP too Jan Beulich (1): tpm_tis: Do *not* flush uninitialized work Jiaxun Yang (2): LoongArch: Add all CPUs enabled by fdt to NUMA node 0 LoongArch: Override higher address bits in JUMP_VIRT_ADDR Johan Hovold (3): arm64: dts: qcom: qcs404: fix bluetooth device address arm64: dts: qcom: sc8280xp: add missing PCIe minimum OPP HID: i2c-hid: elan: fix reset suspend current leakage John Kacur (1): rtla/timerlat: Fix histogram report when a cpu count is 0 Jorge Ramirez-Ortiz (1): mmc: core: Do not force a retune before RPMB switch Judith Mendez (1): watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a safety margin Karthikeyan Ramasubramanian (1): platform/chrome: cros_ec: Handle events during suspend after resume completion Konrad Dybcio (1): thermal/drivers/qcom/lmh: Check for SCM availability at probe Krzysztof Kozlowski (4): arm64: tegra: Correct Tegra132 I2C alias ARM: dts: samsung: smdkv310: fix keypad no-autorepeat ARM: dts: samsung: smdk4412: fix keypad no-autorepeat ARM: dts: samsung: exynos4412-origen: fix keypad no-autorepeat Lang Yu (1): drm/amdkfd: handle duplicate BOs in reserve_bo_and_cond_vms Li Ma (1): drm/amdgpu/atomfirmware: add intergrated info v2.3 table Marc Dionne (1): afs: Don't cross .backup mountpoint from backup volume Marc Zyngier (3): KVM: arm64: Fix AArch32 register narrowing on userspace write KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode KVM: arm64: AArch32: Fix spurious trapping of conditional instructions Mario Limonciello (1): drm/amd: Fix shutdown (again) on some SMU v13.0.4/11 platforms Martin K. Petersen (1): scsi: core: Handle devices which return an unusually large VPD page count Matthew Mirvish (1): bcache: fix variable length array abuse in btree_iter Matthieu Baerts (NGI0) (1): mptcp: fix full TCP keep-alive support Maulik Shah (1): soc: qcom: rpmh-rsc: Enhance check for VRM in-flight request Max Krummenacher (1): arm64: dts: ti: verdin-am62: Set memory size to 2gb Maxime Ripard (2): drm/sun4i: hdmi: Convert encoder to atomic drm/sun4i: hdmi: Move mode_set into enable Michael Ellerman (1): selftests/mm: fix build warnings on ppc64 Mike Gilbert (1): sparc: move struct termio to asm/termios.h Nathan Chancellor (4): media: mxl5xx: Move xpt structures off stack clk: bcm: dvp: Assign ->num before accessing ->hws clk: bcm: rpi: Assign ->num before accessing ->hws kbuild: Remove support for Clang's ThinLTO caching Nikita Zhandarovich (1): net/9p: fix uninit-value in p9_client_rpc() Omar Sandoval (1): btrfs: fix crash on racing fsync and size-extending write into prealloc Paolo Abeni (3): mptcp: avoid some duplicate code in socket option handling mptcp: cleanup SOL_TCP handling selftests: net: more strict check in net_helper Peter Ujfalusi (1): ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension Ping-Ke Shih (2): wifi: rtw89: correct aSIFSTime for 6GHz band wifi: rtw89: pci: correct TX resource checking for PCI DMA channel of firmware command Po-Hsu Lin (3): selftests/net: synchronize udpgro tests' tx and rx connection selftests: net: included needed helper in the install targets selftests: net: List helper scripts in TEST_FILES Makefile variable Puranjay Mohan (1): powerpc/bpf: enforce full ordering for ATOMIC operations with BPF_FETCH Ritesh Harjani (IBM) (1): ext4: Fixes len calculation in mpage_journal_page_buffers Russell King (Oracle) (1): net: sfp-bus: fix SFP mode detect from bitrate Ryan Roberts (1): mm: fix race between __split_huge_pmd_locked() and GUP-fast Sakari Ailus (2): media: v4l: async: Properly re-initialise notifier entry in unregister media: v4l: async: Don't set notifier's V4L2 device if registering fails Sam Ravnborg (1): sparc64: Fix number of online CPUs Sean Christopherson (1): KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked Sergey Shtylyov (2): ata: pata_legacy: make legacy_exit() work again nfs: fix undefined behavior in nfs_block_bits() Shakeel Butt (1): mm: ratelimit stat flush from workingset shrinker Shengyu Qu (1): riscv: dts: starfive: Remove PMIC interrupt info for Visionfive 2 board Stefan Berger (1): crypto: ecdsa - Fix module auto-load on add-key Steven Rostedt (Google) (2): eventfs: Keep the directories from having the same inode number as files tracefs: Clear EVENT_INODE flag in tracefs_drop_inode() Takashi Iwai (3): ALSA: ump: Don't clear bank selection after sending a program change ALSA: ump: Don't accept an invalid UMP protocol number ALSA: seq: Fix incorrect UMP type for system messages Thomas Zimmermann (1): drm/fbdev-generic: Do not set physical framebuffer address Tomi Valkeinen (1): media: mc: Fix graph walk in media_pipeline_start Tony Battersby (1): bonding: fix oops during rmmod Tyler Hicks (Microsoft) (1): proc: Move fdinfo PTRACE_MODE_READ check into the inode .permission operation Uwe Kleine-König (1): mmc: davinci: Don't strip remove function when driver is builtin Vitaly Chikunov (1): crypto: ecrdsa - Fix module auto-load on add_key Xu Yang (2): filemap: add helper mapping_max_folio_size() iomap: fault in smaller chunks for non-large folio mappings Yang Xiwen (1): arm64: dts: hi3798cv200: fix the size of GICR Yu Kuai (1): md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING Yuanyuan Zhong (1): mm: /proc/pid/smaps_rollup: avoid skipping vma after getting mmap_lock again Zheyu Ma (1): media: lgdt3306a: Add a check against null-pointer-def dicken.ding (1): genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after() xu xin (1): net/ipv6: Fix route deleting failure when metric equals 0

1 year, 3 months

1
1
0 0

Linux 6.1.94

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.94 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/mm/arch_pgtable_helpers.rst | 6 Makefile | 2 arch/arm64/boot/dts/hisilicon/hi3798cv200.dtsi | 2 arch/arm64/boot/dts/nvidia/tegra132-norrin.dts | 4 arch/arm64/boot/dts/nvidia/tegra132.dtsi | 2 arch/arm64/boot/dts/qcom/qcs404-evb.dtsi | 2 arch/arm64/kvm/guest.c | 3 arch/arm64/kvm/hyp/aarch32.c | 18 ++ arch/parisc/include/asm/page.h | 1 arch/parisc/include/asm/signal.h | 12 - arch/parisc/include/uapi/asm/signal.h | 10 + arch/powerpc/mm/book3s64/pgtable.c | 1 arch/powerpc/net/bpf_jit_comp32.c | 12 + arch/powerpc/net/bpf_jit_comp64.c | 12 + arch/riscv/kernel/signal.c | 85 +++++----- arch/s390/include/asm/cpacf.h | 109 +++++++++++-- arch/s390/include/asm/pgtable.h | 4 arch/sparc/include/asm/smp_64.h | 2 arch/sparc/include/uapi/asm/termbits.h | 10 - arch/sparc/include/uapi/asm/termios.h | 9 + arch/sparc/kernel/prom_64.c | 4 arch/sparc/kernel/setup_64.c | 1 arch/sparc/kernel/smp_64.c | 14 - arch/sparc/mm/tlb.c | 1 arch/x86/mm/pgtable.c | 2 crypto/ecdsa.c | 3 crypto/ecrdsa.c | 1 drivers/acpi/resource.c | 12 + drivers/ata/pata_legacy.c | 8 - drivers/bluetooth/btrtl.c | 18 ++ drivers/cpufreq/amd-pstate.c | 2 drivers/crypto/qat/qat_common/adf_aer.c | 19 -- drivers/edac/igen6_edac.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_atomfirmware.c | 15 + drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 3 drivers/gpu/drm/amd/include/atomfirmware.h | 43 +++++ drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c | 20 +- drivers/gpu/drm/drm_modeset_helper.c | 19 ++ drivers/gpu/drm/drm_probe_helper.c | 15 + drivers/gpu/drm/i915/display/intel_audio.c | 116 +------------- drivers/hwtracing/intel_th/pci.c | 5 drivers/i3c/master/svc-i3c-master.c | 16 +- drivers/md/bcache/bset.c | 44 ++--- drivers/md/bcache/bset.h | 28 ++- drivers/md/bcache/btree.c | 40 ++--- drivers/md/bcache/super.c | 5 drivers/md/bcache/sysfs.c | 2 drivers/md/bcache/writeback.c | 10 - drivers/md/raid5.c | 15 - drivers/media/dvb-frontends/lgdt3306a.c | 5 drivers/media/dvb-frontends/mxl5xx.c | 22 +- drivers/media/mc/mc-devnode.c | 5 drivers/media/mc/mc-entity.c | 6 drivers/media/v4l2-core/v4l2-dev.c | 3 drivers/mmc/core/host.c | 3 drivers/mmc/core/slot-gpio.c | 20 ++ drivers/mmc/host/sdhci-acpi.c | 61 ++++++- drivers/mmc/host/sdhci.c | 10 + drivers/mmc/host/sdhci.h | 3 drivers/net/vxlan/vxlan_core.c | 4 drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 25 +-- drivers/net/wireless/realtek/rtlwifi/rtl8192de/phy.c | 4 drivers/net/wireless/realtek/rtlwifi/rtl8192de/trx.c | 21 +- drivers/net/wireless/realtek/rtlwifi/rtl8192de/trx.h | 79 ++-------- drivers/net/wireless/realtek/rtw89/mac80211.c | 2 drivers/net/wireless/realtek/rtw89/pci.c | 3 drivers/s390/crypto/ap_bus.c | 2 drivers/scsi/scsi.c | 7 drivers/soc/qcom/cmd-db.c | 32 +++- drivers/soc/qcom/rpmh-rsc.c | 3 drivers/thermal/qcom/lmh.c | 3 drivers/video/fbdev/savage/savagefb_driver.c | 5 drivers/watchdog/rti_wdt.c | 34 +--- fs/9p/vfs_dentry.c | 9 - fs/afs/mntpt.c | 5 fs/btrfs/tree-log.c | 17 +- fs/ext4/mballoc.h | 2 fs/ext4/xattr.c | 4 fs/f2fs/inode.c | 6 fs/nfs/internal.h | 4 fs/nfs/nfs4proc.c | 2 fs/nilfs2/segment.c | 25 ++- fs/smb/client/smb2transport.c | 2 include/linux/mmc/slot-gpio.h | 1 include/linux/smp.h | 2 include/net/dst_ops.h | 2 include/net/sock.h | 13 - include/soc/qcom/cmd-db.h | 10 + init/main.c | 1 kernel/debug/kdb/kdb_io.c | 99 +++++++----- lib/maple_tree.c | 55 +++--- mm/cma.c | 4 mm/huge_memory.c | 49 +++--- mm/hugetlb.c | 6 mm/kmsan/core.c | 15 + mm/pgtable-generic.c | 2 net/9p/client.c | 2 net/ipv4/route.c | 22 +- net/ipv6/route.c | 34 ++-- net/mptcp/protocol.h | 3 net/mptcp/sockopt.c | 142 +++++++++++++----- net/xfrm/xfrm_policy.c | 11 - scripts/gdb/linux/constants.py.in | 12 - 103 files changed, 1025 insertions(+), 689 deletions(-) Adrian Hunter (1): mmc: sdhci: Add support for "Tuning Error" interrupts Alexander Potapenko (1): kmsan: do not wipe out origin when doing partial unpoisoning Alexander Shishkin (1): intel_th: pci: Add Meteor Lake-S CPU support Anna Schumaker (1): NFS: Fix READ_PLUS when server doesn't support OP_READ_PLUS Baokun Li (2): ext4: set type of ac_groups_linear_remaining to __u32 to avoid overflow ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() Bitterblue Smith (4): wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU wifi: rtlwifi: rtl8192de: Fix 5 GHz TX power wifi: rtlwifi: rtl8192de: Fix low speed with WPA3-SAE wifi: rtlwifi: rtl8192de: Fix endianness issue in RX path Bob Zhou (1): drm/amdgpu: add error handle to avoid out-of-bounds Cai Xinchen (1): fbdev: savage: Handle err return when savagefb_check_var failed Chaitanya Kumar Borah (1): drm/i915/audio: Fix audio time stamp programming for DP Chao Yu (1): f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() Christoffer Sandberg (1): ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx Dan Gora (1): Bluetooth: btrtl: Add missing MODULE_FIRMWARE declarations Daniel Borkmann (1): vxlan: Fix regression when dropping packets due to invalid src addresses Daniel Thompson (5): kdb: Fix buffer overflow during tab-complete kdb: Use format-strings rather than '\0' injection in kdb_read() kdb: Fix console handling when editing and tab-completing commands kdb: Merge identical case statements in kdb_read() kdb: Use format-specifiers rather than memset() for padding in kdb_read() Dhananjay Ugwekar (1): cpufreq: amd-pstate: Fix the inconsistency in max frequency units Dominique Martinet (1): 9p: add missing locking around taking dentry fid list Enzo Matsumiya (1): smb: client: fix deadlock in smb2_find_smb_tcon() Eric Dumazet (1): net: fix __dst_negative_advice() race Florian Fainelli (1): scripts/gdb: fix SB_* constants parsing Frank Li (1): i3c: master: svc: fix invalidate IBI type and miss call client IBI handler Frank van der Linden (2): mm/cma: drop incorrect alignment check in cma_init_reserved_mem mm/hugetlb: pass correct order_per_bit to cma_declare_contiguous_nid Greg Kroah-Hartman (1): Linux 6.1.94 Hans Verkuil (2): media: mc: mark the media devnode as registered from the, start media: v4l2-core: hold videodev_lock until dev reg, finishes Hans de Goede (5): mmc: core: Add mmc_gpiod_set_cd_config() function mmc: sdhci-acpi: Sort DMI quirks alphabetically mmc: sdhci-acpi: Fix Lenovo Yoga Tablet 2 Pro 1380 sdcard slot not working mmc: sdhci-acpi: Disable write protect detection on Toshiba WT10-A mmc: sdhci-acpi: Add quirk to enable pull-up on the card-detect GPIO on Asus T100TA Haorong Lu (1): riscv: signal: handle syscall restart before get_signal Harald Freudenberger (3): s390/ap: Fix crash in AP internal function modify_bitmap() s390/cpacf: Split and rework cpacf query functions s390/cpacf: Make use of invalid opcode produce a link error Helge Deller (2): parisc: Define HAVE_ARCH_HUGETLB_UNMAPPED_AREA parisc: Define sigset_t in parisc uapi header Herbert Xu (1): crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak Ilpo Järvinen (1): EDAC/igen6: Convert PCIBIOS_* return codes to errnos Ingo Molnar (1): smp: Provide 'setup_max_cpus' definition on UP too Johan Hovold (1): arm64: dts: qcom: qcs404: fix bluetooth device address Jorge Ramirez-Ortiz (1): mmc: core: Do not force a retune before RPMB switch Judith Mendez (1): watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a safety margin Konrad Dybcio (1): thermal/drivers/qcom/lmh: Check for SCM availability at probe Krzysztof Kozlowski (1): arm64: tegra: Correct Tegra132 I2C alias Li Ma (1): drm/amdgpu/atomfirmware: add intergrated info v2.3 table Liam R. Howlett (1): maple_tree: fix mas_empty_area_rev() null pointer dereference Marc Dionne (1): afs: Don't cross .backup mountpoint from backup volume Marc Zyngier (3): KVM: arm64: Fix AArch32 register narrowing on userspace write KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode KVM: arm64: AArch32: Fix spurious trapping of conditional instructions Mario Limonciello (1): drm/amd: Fix shutdown (again) on some SMU v13.0.4/11 platforms Martin K. Petersen (1): scsi: core: Handle devices which return an unusually large VPD page count Matthew Mirvish (1): bcache: fix variable length array abuse in btree_iter Matthieu Baerts (NGI0) (1): mptcp: fix full TCP keep-alive support Maulik Shah (1): soc: qcom: rpmh-rsc: Enhance check for VRM in-flight request Mike Gilbert (1): sparc: move struct termio to asm/termios.h Nathan Chancellor (1): media: mxl5xx: Move xpt structures off stack Nikita Zhandarovich (1): net/9p: fix uninit-value in p9_client_rpc() Omar Sandoval (1): btrfs: fix crash on racing fsync and size-extending write into prealloc Paolo Abeni (2): mptcp: avoid some duplicate code in socket option handling mptcp: cleanup SOL_TCP handling Peng Zhang (1): maple_tree: fix allocation in mas_sparse_area() Ping-Ke Shih (2): wifi: rtw89: correct aSIFSTime for 6GHz band wifi: rtw89: pci: correct TX resource checking for PCI DMA channel of firmware command Puranjay Mohan (1): powerpc/bpf: enforce full ordering for ATOMIC operations with BPF_FETCH Ryan Roberts (1): mm: fix race between __split_huge_pmd_locked() and GUP-fast Ryusuke Konishi (1): nilfs2: fix use-after-free of timer for log writer thread Sam Ravnborg (1): sparc64: Fix number of online CPUs Sergey Shtylyov (2): ata: pata_legacy: make legacy_exit() work again nfs: fix undefined behavior in nfs_block_bits() Shradha Gupta (2): drm: Check output polling initialized before disabling drm: Check polling initialized before enabling in drm_helper_probe_single_connector_modes Stefan Berger (1): crypto: ecdsa - Fix module auto-load on add-key Tomi Valkeinen (1): media: mc: Fix graph walk in media_pipeline_start Vitaly Chikunov (1): crypto: ecrdsa - Fix module auto-load on add_key Yang Xiwen (1): arm64: dts: hi3798cv200: fix the size of GICR Yu Kuai (1): md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING Zheyu Ma (1): media: lgdt3306a: Add a check against null-pointer-def xu xin (1): net/ipv6: Fix route deleting failure when metric equals 0

1 year, 3 months

1
1
0 0

Linux 5.15.161

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.161 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/media/i2c/ovti,ov2680.yaml | 18 Documentation/devicetree/bindings/pci/rcar-pci-host.yaml | 14 Documentation/devicetree/bindings/pinctrl/mediatek,mt7622-pinctrl.yaml | 92 +- Documentation/devicetree/bindings/soc/rockchip/grf.yaml | 1 Documentation/devicetree/bindings/sound/rt5645.txt | 6 Documentation/driver-api/fpga/fpga-region.rst | 17 Documentation/networking/device_drivers/ethernet/amazon/ena.rst | 32 Makefile | 2 arch/arm64/boot/dts/hisilicon/hi3798cv200.dtsi | 2 arch/arm64/boot/dts/nvidia/tegra132-norrin.dts | 4 arch/arm64/boot/dts/nvidia/tegra132.dtsi | 2 arch/arm64/boot/dts/qcom/qcs404-evb.dtsi | 2 arch/arm64/include/asm/asm-bug.h | 1 arch/arm64/kvm/guest.c | 3 arch/m68k/kernel/entry.S | 4 arch/m68k/mac/misc.c | 36 - arch/microblaze/kernel/Makefile | 1 arch/microblaze/kernel/cpu/cpuinfo-static.c | 2 arch/parisc/kernel/parisc_ksyms.c | 1 arch/powerpc/include/asm/hvcall.h | 2 arch/powerpc/platforms/pseries/lpar.c | 6 arch/powerpc/platforms/pseries/lparcfg.c | 6 arch/powerpc/sysdev/fsl_msi.c | 2 arch/riscv/kernel/entry.S | 3 arch/riscv/kernel/stacktrace.c | 29 arch/s390/boot/startup.c | 1 arch/s390/include/asm/cpacf.h | 109 ++- arch/s390/kernel/ipl.c | 10 arch/s390/kernel/setup.c | 2 arch/s390/kernel/vdso32/Makefile | 5 arch/s390/kernel/vdso64/Makefile | 6 arch/s390/net/bpf_jit_comp.c | 8 arch/sh/kernel/kprobes.c | 7 arch/sh/lib/checksum.S | 67 -- arch/sparc/include/asm/smp_64.h | 2 arch/sparc/include/uapi/asm/termbits.h | 10 arch/sparc/include/uapi/asm/termios.h | 9 arch/sparc/kernel/prom_64.c | 4 arch/sparc/kernel/setup_64.c | 1 arch/sparc/kernel/smp_64.c | 14 arch/um/drivers/line.c | 14 arch/um/drivers/ubd_kern.c | 4 arch/um/drivers/vector_kern.c | 2 arch/um/include/asm/mmu.h | 2 arch/um/include/shared/skas/mm_id.h | 2 arch/x86/Kconfig.debug | 5 arch/x86/crypto/nh-avx2-x86_64.S | 1 arch/x86/crypto/sha256-avx2-asm.S | 1 arch/x86/crypto/sha512-avx2-asm.S | 1 arch/x86/entry/vsyscall/vsyscall_64.c | 28 arch/x86/include/asm/processor.h | 1 arch/x86/kernel/apic/vector.c | 9 arch/x86/kernel/tsc_sync.c | 6 arch/x86/kvm/cpuid.c | 21 arch/x86/lib/x86-opcode-map.txt | 2 arch/x86/mm/fault.c | 33 - arch/x86/purgatory/Makefile | 3 arch/x86/tools/relocs.c | 9 crypto/ecdsa.c | 3 crypto/ecrdsa.c | 1 drivers/accessibility/speakup/main.c | 2 drivers/acpi/acpica/Makefile | 1 drivers/acpi/resource.c | 12 drivers/ata/pata_legacy.c | 8 drivers/block/null_blk/main.c | 3 drivers/char/ppdev.c | 21 drivers/clk/qcom/mmcc-msm8998.c | 8 drivers/cpufreq/cppc_cpufreq.c | 14 drivers/cpufreq/cpufreq.c | 83 +- drivers/crypto/bcm/spu2.c | 2 drivers/crypto/ccp/sp-platform.c | 14 drivers/crypto/qat/qat_common/adf_aer.c | 19 drivers/dma-buf/sync_debug.c | 4 drivers/dma/idma64.c | 4 drivers/edac/igen6_edac.c | 4 drivers/extcon/Kconfig | 3 drivers/firmware/dmi-id.c | 7 drivers/firmware/raspberrypi.c | 7 drivers/fpga/dfl-fme-region.c | 17 drivers/fpga/dfl.c | 12 drivers/fpga/fpga-region.c | 129 +-- drivers/fpga/of-fpga-region.c | 10 drivers/gpu/drm/amd/amdgpu/amdgpu_atomfirmware.c | 15 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 8 drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 3 drivers/gpu/drm/amd/amdkfd/kfd_process.c | 8 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 1 drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c | 5 drivers/gpu/drm/amd/include/atomfirmware.h | 43 + drivers/gpu/drm/arm/malidp_mw.c | 5 drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c | 3 drivers/gpu/drm/bridge/lontium-lt8912b.c | 6 drivers/gpu/drm/bridge/lontium-lt9611.c | 6 drivers/gpu/drm/bridge/tc358775.c | 27 drivers/gpu/drm/drm_mipi_dsi.c | 6 drivers/gpu/drm/drm_modeset_helper.c | 19 drivers/gpu/drm/drm_probe_helper.c | 15 drivers/gpu/drm/mediatek/mtk_drm_gem.c | 3 drivers/gpu/drm/meson/meson_vclk.c | 6 drivers/gpu/drm/msm/disp/dpu1/dpu_encoder_phys_cmd.c | 3 drivers/gpu/drm/msm/dsi/dsi_host.c | 10 drivers/gpu/drm/panel/panel-simple.c | 3 drivers/gpu/drm/vc4/vc4_hdmi.c | 2 drivers/hid/intel-ish-hid/ipc/pci-ish.c | 5 drivers/hwmon/shtc1.c | 2 drivers/hwtracing/coresight/coresight-etm4x-core.c | 65 - drivers/hwtracing/coresight/coresight-etm4x.h | 44 - drivers/hwtracing/intel_th/pci.c | 5 drivers/hwtracing/stm/core.c | 11 drivers/i3c/master/svc-i3c-master.c | 16 drivers/iio/pressure/dps310.c | 11 drivers/infiniband/hw/hns/hns_roce_hem.h | 12 drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 7 drivers/infiniband/hw/hns/hns_roce_main.c | 1 drivers/infiniband/hw/hns/hns_roce_mr.c | 15 drivers/infiniband/hw/hns/hns_roce_srq.c | 6 drivers/infiniband/hw/mlx5/mr.c | 3 drivers/infiniband/ulp/ipoib/ipoib_vlan.c | 8 drivers/input/misc/ims-pcu.c | 4 drivers/input/misc/pm8xxx-vibrator.c | 7 drivers/input/mouse/cyapa.c | 12 drivers/input/serio/ioc3kbd.c | 13 drivers/irqchip/irq-alpine-msi.c | 2 drivers/irqchip/irq-loongson-pch-msi.c | 2 drivers/macintosh/via-macii.c | 11 drivers/md/md-bitmap.c | 6 drivers/md/raid5.c | 15 drivers/media/cec/core/cec-adap.c | 265 +++++--- drivers/media/cec/core/cec-api.c | 29 drivers/media/cec/core/cec-core.c | 4 drivers/media/cec/core/cec-pin-priv.h | 11 drivers/media/cec/core/cec-pin.c | 23 drivers/media/cec/core/cec-priv.h | 10 drivers/media/dvb-frontends/lgdt3306a.c | 5 drivers/media/dvb-frontends/mxl5xx.c | 22 drivers/media/mc/mc-devnode.c | 5 drivers/media/pci/intel/ipu3/ipu3-cio2-main.c | 146 ++-- drivers/media/pci/ngene/ngene-core.c | 4 drivers/media/radio/radio-shark2.c | 2 drivers/media/usb/b2c2/flexcop-usb.c | 12 drivers/media/usb/stk1160/stk1160-video.c | 20 drivers/media/v4l2-core/v4l2-dev.c | 3 drivers/mmc/core/host.c | 3 drivers/mmc/core/slot-gpio.c | 20 drivers/mmc/host/sdhci-acpi.c | 48 + drivers/mmc/host/sdhci_am654.c | 205 ++++-- drivers/mtd/mtdcore.c | 6 drivers/mtd/nand/raw/nand_hynix.c | 2 drivers/net/Makefile | 4 drivers/net/dsa/mv88e6xxx/chip.c | 50 + drivers/net/dsa/mv88e6xxx/chip.h | 6 drivers/net/dsa/mv88e6xxx/global1.c | 89 ++ drivers/net/dsa/mv88e6xxx/global1.h | 2 drivers/net/dsa/sja1105/sja1105_main.c | 9 drivers/net/ethernet/amazon/ena/ena_admin_defs.h | 16 drivers/net/ethernet/amazon/ena/ena_com.c | 330 +++------- drivers/net/ethernet/amazon/ena/ena_com.h | 13 drivers/net/ethernet/amazon/ena/ena_eth_com.c | 49 - drivers/net/ethernet/amazon/ena/ena_eth_com.h | 15 drivers/net/ethernet/amazon/ena/ena_netdev.c | 205 +++--- drivers/net/ethernet/amazon/ena/ena_netdev.h | 13 drivers/net/ethernet/cisco/enic/enic_main.c | 12 drivers/net/ethernet/cortina/gemini.c | 12 drivers/net/ethernet/freescale/fec_main.c | 10 drivers/net/ethernet/freescale/fec_ptp.c | 14 drivers/net/ethernet/intel/ice/ice_ethtool.c | 19 drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 3 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_rxtx.h | 17 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 2 drivers/net/ethernet/qlogic/qed/qed_main.c | 9 drivers/net/ethernet/realtek/r8169_main.c | 9 drivers/net/ethernet/smsc/smc91x.h | 4 drivers/net/ethernet/sun/sungem.c | 14 drivers/net/ipvlan/ipvlan_core.c | 4 drivers/net/phy/micrel.c | 1 drivers/net/usb/aqc111.c | 8 drivers/net/usb/qmi_wwan.c | 3 drivers/net/usb/smsc95xx.c | 26 drivers/net/usb/sr9700.c | 10 drivers/net/vxlan/vxlan_core.c | 4 drivers/net/wireless/ath/ar5523/ar5523.c | 14 drivers/net/wireless/ath/ath10k/core.c | 3 drivers/net/wireless/ath/ath10k/debugfs_sta.c | 2 drivers/net/wireless/ath/ath10k/hw.h | 1 drivers/net/wireless/ath/ath10k/targaddrs.h | 3 drivers/net/wireless/ath/ath10k/wmi.c | 26 drivers/net/wireless/ath/carl9170/usb.c | 32 drivers/net/wireless/marvell/mwl8k.c | 2 drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 26 drivers/net/wireless/realtek/rtlwifi/rtl8192de/trx.c | 21 drivers/net/wireless/realtek/rtlwifi/rtl8192de/trx.h | 79 -- drivers/nvme/host/multipath.c | 3 drivers/nvme/target/configfs.c | 8 drivers/pci/controller/dwc/pcie-tegra194.c | 3 drivers/pci/pcie/edr.c | 28 drivers/pwm/pwm-sti.c | 48 - drivers/regulator/bd71828-regulator.c | 58 - drivers/regulator/irq_helpers.c | 3 drivers/regulator/vqmmc-ipq4019-regulator.c | 1 drivers/s390/cio/trace.h | 2 drivers/s390/crypto/ap_bus.c | 2 drivers/scsi/bfa/bfad_debugfs.c | 4 drivers/scsi/hpsa.c | 2 drivers/scsi/libsas/sas_expander.c | 3 drivers/scsi/qedf/qedf_debugfs.c | 2 drivers/scsi/qla2xxx/qla_dfs.c | 2 drivers/scsi/qla2xxx/qla_init.c | 8 drivers/scsi/qla2xxx/qla_mr.c | 20 drivers/scsi/ufs/cdns-pltfrm.c | 2 drivers/scsi/ufs/ufs-qcom.c | 13 drivers/scsi/ufs/ufs-qcom.h | 21 drivers/scsi/ufs/ufshcd.c | 4 drivers/soc/mediatek/mtk-cmdq-helper.c | 5 drivers/soc/qcom/cmd-db.c | 32 drivers/soc/qcom/rpmh-rsc.c | 3 drivers/soundwire/cadence_master.c | 2 drivers/spi/spi-stm32.c | 2 drivers/spi/spi.c | 4 drivers/staging/greybus/arche-apb-ctrl.c | 1 drivers/staging/greybus/arche-platform.c | 9 drivers/staging/greybus/light.c | 8 drivers/staging/media/atomisp/pci/sh_css.c | 1 drivers/thermal/qcom/lmh.c | 3 drivers/thermal/qcom/tsens.c | 2 drivers/tty/n_gsm.c | 140 ++-- drivers/tty/serial/8250/8250_bcm7271.c | 101 +-- drivers/tty/serial/max3100.c | 22 drivers/tty/serial/sc16is7xx.c | 2 drivers/tty/serial/sh-sci.c | 5 drivers/usb/gadget/function/u_audio.c | 2 drivers/video/fbdev/Kconfig | 4 drivers/video/fbdev/savage/savagefb_driver.c | 5 drivers/video/fbdev/sh_mobile_lcdcfb.c | 2 drivers/video/fbdev/sis/init301.c | 3 drivers/virt/acrn/acrn_drv.h | 10 drivers/virt/acrn/mm.c | 70 +- drivers/virtio/virtio_pci_common.c | 4 drivers/watchdog/bd9576_wdt.c | 59 - drivers/watchdog/rti_wdt.c | 34 - fs/afs/mntpt.c | 5 fs/ecryptfs/keystore.c | 4 fs/eventpoll.c | 38 + fs/ext4/mballoc.c | 134 ++-- fs/ext4/mballoc.h | 2 fs/ext4/namei.c | 2 fs/ext4/xattr.c | 4 fs/f2fs/checkpoint.c | 4 fs/f2fs/compress.c | 2 fs/f2fs/data.c | 8 fs/f2fs/extent_cache.c | 4 fs/f2fs/f2fs.h | 10 fs/f2fs/file.c | 85 +- fs/f2fs/inode.c | 6 fs/f2fs/namei.c | 2 fs/f2fs/node.c | 2 fs/f2fs/segment.c | 2 fs/gfs2/glock.c | 4 fs/gfs2/glops.c | 3 fs/gfs2/util.c | 1 fs/jffs2/xattr.c | 3 fs/nfs/callback.c | 2 fs/nfs/internal.h | 4 fs/nfs/nfs4proc.c | 2 fs/nfs/nfs4state.c | 12 fs/nfsd/nfs4proc.c | 3 fs/nilfs2/ioctl.c | 2 fs/nilfs2/segment.c | 63 + fs/ntfs3/dir.c | 1 fs/ntfs3/fslog.c | 3 fs/ntfs3/index.c | 6 fs/ntfs3/inode.c | 7 fs/ntfs3/ntfs.h | 2 fs/ntfs3/record.c | 11 fs/ntfs3/super.c | 2 fs/openpromfs/inode.c | 8 include/drm/drm_mipi_dsi.h | 6 include/linux/dev_printk.h | 25 include/linux/fpga/fpga-region.h | 43 + include/linux/mmc/slot-gpio.h | 1 include/linux/printk.h | 2 include/media/cec.h | 15 include/net/dst_ops.h | 2 include/net/inet6_hashtables.h | 16 include/net/inet_hashtables.h | 18 include/net/netfilter/nf_tables_core.h | 10 include/net/sock.h | 13 include/soc/qcom/cmd-db.h | 10 include/trace/events/asoc.h | 2 include/uapi/linux/bpf.h | 2 io_uring/io_uring.c | 2 kernel/bpf/verifier.c | 10 kernel/cgroup/cpuset.c | 2 kernel/debug/kdb/kdb_io.c | 99 +-- kernel/dma/map_benchmark.c | 6 kernel/irq/cpuhotplug.c | 16 kernel/sched/core.c | 2 kernel/sched/fair.c | 53 + kernel/sched/topology.c | 2 kernel/softirq.c | 12 kernel/trace/ring_buffer.c | 9 lib/slub_kunit.c | 2 net/9p/client.c | 2 net/core/dev.c | 3 net/dsa/tag_sja1105.c | 34 - net/ipv4/inet_hashtables.c | 29 net/ipv4/netfilter/nf_tproxy_ipv4.c | 2 net/ipv4/route.c | 22 net/ipv4/tcp_dctcp.c | 13 net/ipv4/tcp_ipv4.c | 13 net/ipv4/udp.c | 55 - net/ipv6/inet6_hashtables.c | 27 net/ipv6/reassembly.c | 2 net/ipv6/route.c | 34 - net/ipv6/seg6.c | 5 net/ipv6/seg6_hmac.c | 42 - net/ipv6/seg6_iptunnel.c | 11 net/ipv6/udp.c | 61 - net/mptcp/protocol.h | 3 net/mptcp/sockopt.c | 117 +++ net/netfilter/nfnetlink_queue.c | 2 net/netfilter/nft_payload.c | 111 ++- net/netrom/nr_route.c | 19 net/nfc/nci/core.c | 17 net/openvswitch/actions.c | 6 net/openvswitch/flow.c | 3 net/packet/af_packet.c | 3 net/qrtr/ns.c | 27 net/sunrpc/auth_gss/svcauth_gss.c | 12 net/sunrpc/clnt.c | 1 net/sunrpc/svc.c | 2 net/sunrpc/svc_xprt.c | 4 net/sunrpc/xprtrdma/verbs.c | 6 net/tls/tls_main.c | 10 net/unix/af_unix.c | 30 net/wireless/trace.h | 4 net/xfrm/xfrm_policy.c | 11 scripts/gdb/linux/constants.py.in | 12 scripts/kconfig/symbol.c | 6 sound/core/init.c | 11 sound/core/timer.c | 10 sound/soc/codecs/da7219-aad.c | 6 sound/soc/codecs/rt5645.c | 25 sound/soc/codecs/rt715-sdca.c | 8 sound/soc/codecs/rt715-sdw.c | 1 sound/soc/codecs/tas2552.c | 15 sound/soc/intel/boards/bxt_da7219_max98357a.c | 1 sound/soc/intel/boards/bxt_rt298.c | 1 sound/soc/intel/boards/glk_rt5682_max98357a.c | 2 sound/soc/intel/boards/kbl_da7219_max98357a.c | 1 sound/soc/intel/boards/kbl_da7219_max98927.c | 4 sound/soc/intel/boards/kbl_rt5660.c | 1 sound/soc/intel/boards/kbl_rt5663_max98927.c | 2 sound/soc/intel/boards/kbl_rt5663_rt5514_max98927.c | 1 sound/soc/intel/boards/skl_hda_dsp_generic.c | 2 sound/soc/intel/boards/skl_nau88l25_max98357a.c | 1 sound/soc/intel/boards/skl_rt286.c | 1 sound/soc/kirkwood/kirkwood-dma.c | 3 sound/soc/mediatek/mt8192/mt8192-dai-tdm.c | 4 tools/arch/x86/lib/x86-opcode-map.txt | 2 tools/bpf/resolve_btfids/main.c | 2 tools/include/uapi/linux/bpf.h | 2 tools/lib/subcmd/parse-options.c | 8 tools/testing/selftests/bpf/test_sockmap.c | 2 tools/testing/selftests/filesystems/binderfs/Makefile | 2 tools/testing/selftests/kcmp/kcmp_test.c | 8 tools/testing/selftests/net/forwarding/bridge_igmp.sh | 6 tools/testing/selftests/net/forwarding/bridge_mld.sh | 6 tools/testing/selftests/resctrl/Makefile | 4 tools/testing/selftests/syscall_user_dispatch/sud_test.c | 14 tools/tracing/latency/latency-collector.c | 8 370 files changed, 3703 insertions(+), 2418 deletions(-) Aapo Vienamo (1): mtd: core: Report error if first mtd_otp_size() call fails in mtd_otp_nvmem_add() Aaron Conole (1): openvswitch: Set the skbuff pkt_type for proper pmtud support. Abel Vesa (1): scsi: ufs: ufs-qcom: Clear qunipro_g4_sel for HW version major 5 Adrian Hunter (1): x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map Akiva Goldberger (1): net/mlx5: Discard command completions in internal error Al Viro (1): parisc: add missing export of __cmpxchg_u8() Aleksandr Aprelkov (1): sunrpc: removed redundant procp check Aleksandr Burakov (1): media: ngene: Add dvb_ca_en50221_init return value check Aleksandr Mishin (6): crypto: bcm - Fix pointer arithmetic cppc_cpufreq: Fix possible null pointer dereference thermal/drivers/tsens: Fix null pointer dereference ASoC: kirkwood: Fix potential NULL dereference drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference drm: vc4: Fix possible null pointer dereference Alexander Egorenkov (2): s390/ipl: Fix incorrect initialization of len fields in nvme reipl block s390/ipl: Fix incorrect initialization of nvme dump block Alexander Shishkin (1): intel_th: pci: Add Meteor Lake-S CPU support Andrea Mayer (1): ipv6: sr: fix missing sk_buff release in seg6_input_core Andreas Gruenbacher (2): gfs2: Don't forget to complete delayed withdraw gfs2: Fix "ignore unlock failures after withdraw" Andrew Halaney (7): scsi: ufs: qcom: Perform read back after writing reset bit scsi: ufs: qcom: Perform read back after writing REG_UFS_SYS1CLK_1US scsi: ufs: qcom: Perform read back after writing unipro mode scsi: ufs: qcom: Perform read back after writing CGC enable scsi: ufs: cdns-pltfrm: Perform read back after writing HCLKDIV scsi: ufs: core: Perform read back after disabling interrupts scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL Andy Shevchenko (5): media: ipu3-cio2: Use temporary storage for struct device pointer serial: max3100: Lock port->lock when calling uart_handle_cts_change() serial: max3100: Update uart_driver_registered on driver removal serial: max3100: Fix bitwise types spi: Don't mark message DMA mapped when no transfer in it is Anna Schumaker (1): NFS: Fix READ_PLUS when server doesn't support OP_READ_PLUS Anshuman Khandual (1): coresight: etm4x: Fix unbalanced pm_runtime_enable() Anton Protopopov (1): bpf: Pack struct bpf_fib_lookup Ard Biesheuvel (1): x86/purgatory: Switch to the position-independent small code model Armin Wolf (1): Revert "drm/amdgpu: init iommu after amdkfd device init" Arnd Bergmann (10): nilfs2: fix out-of-range warning crypto: ccp - drop platform ifdef checks qed: avoid truncating work queue length ACPI: disable -Wstringop-truncation fbdev: shmobile: fix snprintf truncation powerpc/fsl-soc: hide unused const variable fbdev: sisfb: hide unused variables firmware: dmi-id: add a release callback function greybus: arche-ctrl: move device table to its right location Input: ims-pcu - fix printf string overflow Arthur Kiyanovski (2): net: ena: Add capabilities field with support for ENI stats capability net: ena: Extract recurring driver reset code into a function Azeem Shaikh (1): scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() Baochen Qiang (1): wifi: ath10k: poll service ready message before failing Baokun Li (2): ext4: set type of ac_groups_linear_remaining to __u32 to avoid overflow ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() Benjamin Coddington (1): NFSv4: Fixup smatch warning for ambiguous return Bitterblue Smith (3): wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU wifi: rtlwifi: rtl8192de: Fix low speed with WPA3-SAE wifi: rtlwifi: rtl8192de: Fix endianness issue in RX path Bob Zhou (1): drm/amdgpu: add error handle to avoid out-of-bounds Breno Leitao (1): af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg Brian Kubisiak (1): ecryptfs: Fix buffer size for tag 66 packet Bui Quang Minh (2): scsi: bfa: Ensure the copied buf is NUL terminated scsi: qedf: Ensure the copied buf is NUL terminated Cai Xinchen (1): fbdev: savage: Handle err return when savagefb_check_var failed Carolina Jubran (1): net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion Cezary Rojewski (1): ASoC: Intel: Disable route checks for Skylake boards Chao Yu (9): f2fs: fix to wait on page writeback in __clone_blkaddrs() f2fs: compress: fix to relocate check condition in f2fs_{release,reserve}_compress_blocks() f2fs: compress: fix to relocate check condition in f2fs_ioc_{,de}compress_file() f2fs: fix to relocate check condition in f2fs_fallocate() f2fs: fix to check pinfile flag in f2fs_move_file_range() f2fs: compress: fix to cover {reserve,release}_compress_blocks() w/ cp_rwsem lock f2fs: fix to release node block count in error path of f2fs_new_node_page() f2fs: compress: don't allow unaligned truncation on released compress inode f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() Chen Ni (2): HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors dmaengine: idma64: Add check for dma_set_max_seg_size Cheng Yu (1): sched/core: Fix incorrect initialization of the 'burst' parameter in cpu_max_write() Chengchang Tang (4): RDMA/hns: Fix deadlock on SRQ async events. RDMA/hns: Fix GMV table pagesize RDMA/hns: Use complete parentheses in macros RDMA/hns: Modify the print level of CQE error Chris Lew (1): net: qrtr: ns: Fix module refcnt Chris Wulff (1): usb: gadget: u_audio: Clear uac pointer when freed. Christian Hewitt (1): drm/meson: vclk: fix calculation of 59.94 fractional rates Christoffer Sandberg (1): ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx Christoph Hellwig (1): virt: acrn: stop using follow_pfn Christophe JAILLET (1): ppdev: Remove usage of the deprecated ida_simple_xx() API Chuck Lever (2): SUNRPC: Fix gss_free_in_token_pages() SUNRPC: Fix loop termination condition in gss_free_in_token_pages() Chun-Kuang Hu (1): soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE Clément Léger (1): selftests: sud_test: return correct emulated syscall value on RISC-V Dae R. Jeong (1): tls: fix missing memory barrier in tls_init Dan Aloni (2): sunrpc: fix NFSACL RPC retry on soft mount rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL Dan Carpenter (5): speakup: Fix sizeof() vs ARRAY_SIZE() bug wifi: mwl8k: initialize cmd->addr[] properly ext4: fix potential unnitialized variable stm class: Fix a double free in stm_register_device() media: stk1160: fix bounds checking in stk1160_copy_video() Daniel Borkmann (1): vxlan: Fix regression when dropping packets due to invalid src addresses Daniel J Blueman (1): x86/tsc: Trust initial offset in architectural TSC-adjust MSRs Daniel Starke (2): tty: n_gsm: fix possible out-of-bounds in gsm0_receive() tty: n_gsm: fix missing receive state reset after mode switch Daniel Thompson (5): kdb: Fix buffer overflow during tab-complete kdb: Use format-strings rather than '\0' injection in kdb_read() kdb: Fix console handling when editing and tab-completing commands kdb: Merge identical case statements in kdb_read() kdb: Use format-specifiers rather than memset() for padding in kdb_read() Daniele Palmas (1): net: usb: qmi_wwan: add Telit FN920C04 compositions David Arinzon (3): net: ena: Add dynamic recycling mechanism for rx buffers net: ena: Reduce lines with longer column width boundary net: ena: Fix DMA syncing in XDP path when SWIOTLB is on David Hildenbrand (1): drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map() Derek Fang (2): ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating ASoC: dt-bindings: rt5645: add cbj sleeve gpio property Dmitry Baryshkov (2): wifi: ath10k: populate board data for WCN3990 drm/mipi-dsi: use correct return type for the DSC functions Dmitry Torokhov (1): watchdog: bd9576_wdt: switch to using devm_fwnode_gpiod_get() Dongli Zhang (1): genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline Dongliang Mu (1): media: flexcop-usb: fix sanity check of bNumEndpoints Doug Berger (1): serial: 8250_bcm7271: use default_mux_rate if possible Duoming Zhou (1): um: Fix return value in ubd_init() Edward Liaw (1): selftests/kcmp: remove unused open mode Eric Biggers (3): crypto: x86/nh-avx2 - add missing vzeroupper crypto: x86/sha256-avx2 - add missing vzeroupper crypto: x86/sha512-avx2 - add missing vzeroupper Eric Dumazet (9): tcp: avoid premature drops in tcp_add_backlog() net: give more chances to rcu in netdev_wait_allrefs_any() usb: aqc111: stop lying about skb->truesize net: usb: sr9700: stop lying about skb->truesize net: usb: smsc95xx: stop lying about skb->truesize netrom: fix possible dead-lock in nr_rt_ioctl() af_packet: do not call packet_read_pending() from tpacket_destruct_skb() netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() net: fix __dst_negative_advice() race Eric Sandeen (1): openpromfs: finish conversion to the new mount API Fabio Estevam (1): media: dt-bindings: ovti,ov2680: Fix the power supply names Fabio M. De Francesco (1): f2fs: Delete f2fs_copy_page() and replace with memcpy_page() Fedor Pchelkin (2): dma-mapping: benchmark: fix node id validation dma-mapping: benchmark: handle NUMA_NO_NODE correctly Fenglin Wu (1): Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation Finn Thain (2): macintosh/via-macii: Fix "BUG: sleeping function called from invalid context" m68k: mac: Fix reboot hang on Mac IIci Florian Fainelli (2): net: Always descend into dsa/ folder with CONFIG_NET_DSA enabled scripts/gdb: fix SB_* constants parsing Florian Westphal (2): netfilter: nft_payload: rebuild vlan header on h_proto access netfilter: tproxy: bail out if IP has been disabled on the device Frank Li (1): i3c: master: svc: fix invalidate IBI type and miss call client IBI handler Friedrich Vock (1): bpf: Fix potential integer overflow in resolve_btfids Gabriel Krisman Bertazi (1): udp: Avoid call to compute_score on multiple sites Gautam Menghani (1): selftests/kcmp: Make the test output consistent and clear Geert Uytterhoeven (4): sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe() printk: Let no_printk() use _printk() dev_printk: Add and use dev_no_printk() dt-bindings: PCI: rcar-pci-host: Add missing IOMMU properties Geliang Tang (1): selftests/bpf: Fix umount cgroup2 error in test_sockmap Gerd Hoffmann (1): KVM: x86: Don't advertise guest.MAXPHYADDR as host.MAXPHYADDR in CPUID Greg Kroah-Hartman (1): Linux 5.15.161 Guenter Roeck (3): mm/slub, kunit: Use inverted data to corrupt kmem cache Revert "sh: Handle calling csum_partial with misaligned data" hwmon: (shtc1) Fix property misspelling Guixiong Wei (1): x86/boot: Ignore relocations in .notes sections in walk_relocs() too Guo Ren (1): riscv: stacktrace: Make walk_stackframe cross pt_regs frame Hangbin Liu (4): ipv6: sr: add missing seg6_local_exit ipv6: sr: fix incorrect unregister order ipv6: sr: fix invalid unregister error path ipv6: sr: fix memleak in seg6_hmac_init_algo Hans Verkuil (12): media: cec: cec-adap: always cancel work in cec_transmit_msg_fh media: cec: cec-api: add locking in cec_release() media: cec: call enable_adap on s_log_addrs media: cec: abort if the current transmit was canceled media: cec: correctly pass on reply results media: cec: use call_op and check for !unregistered media: cec-adap.c: drop activate_cnt, use state info instead media: cec: core: avoid recursive cec_claim_log_addrs media: cec: core: avoid confusing "transmit timed out" message media: cec: core: add adap_nb_transmit_canceled() callback media: mc: mark the media devnode as registered from the, start media: v4l2-core: hold videodev_lock until dev reg, finishes Hans de Goede (4): mmc: core: Add mmc_gpiod_set_cd_config() function mmc: sdhci-acpi: Sort DMI quirks alphabetically mmc: sdhci-acpi: Fix Lenovo Yoga Tablet 2 Pro 1380 sdcard slot not working mmc: sdhci-acpi: Disable write protect detection on Toshiba WT10-A Harald Freudenberger (3): s390/ap: Fix crash in AP internal function modify_bitmap() s390/cpacf: Split and rework cpacf query functions s390/cpacf: Make use of invalid opcode produce a link error Heiko Carstens (1): s390/vdso: Use standard stack frame layout Heiner Kallweit (1): Revert "r8169: don't try to disable interrupts if NAPI is, scheduled already" Herbert Xu (1): crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak Himanshu Madhani (1): scsi: qla2xxx: Fix debugfs output for fw_resource_count Hsin-Te Yuan (1): ASoC: mediatek: mt8192: fix register configuration for tdm Huai-Yuan Liu (2): drm/arm/malidp: fix a possible null pointer dereference ppdev: Add an error check in register_device Hugo Villeneuve (1): serial: sc16is7xx: add proper sched.h include for sched_set_fifo() Hyeonggon Yoo (1): net: ena: Do not waste napi skb cache Ian Rogers (1): libsubcmd: Fix parse-options memory leak Igor Artemiev (1): wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class Ilpo Järvinen (1): EDAC/igen6: Convert PCIBIOS_* return codes to errnos Ilya Denisyev (1): jffs2: prevent xattr node from overflowing the eraseblock Ilya Leoshkevich (1): s390/bpf: Emit a barrier for BPF_FETCH instructions Ilya Maximets (1): net: openvswitch: fix overwriting ct original tuple for ICMPv6 Jack Yu (2): ASoC: rt715: add vendor clear control register ASoC: rt715-sdca: volume step modification Jaegeuk Kim (1): f2fs: do not allow partial truncation on pinned file Jakub Kicinski (1): eth: sungem: remove .ndo_poll_controller to avoid deadlocks Jakub Sitnicki (1): bpf: Allow delete from sockmap/sockhash only if update is allowed James Clark (2): coresight: no-op refactor to make INSTP0 check more idiomatic coresight: etm4x: Cleanup TRCIDR0 register accesses Jan Kara (1): ext4: avoid excessive credit estimate in ext4_tmpfile() Jens Remus (1): s390/vdso: Generate unwind information for C modules Jiangfeng Xiao (1): arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY Jinyoung CHOI (1): f2fs: fix typos in comments Jiri Pirko (1): virtio: delete vq in vp_find_vqs_msix() when request_irq() fails Johan Hovold (2): media: flexcop-usb: clean up endpoint sanity checks arm64: dts: qcom: qcs404: fix bluetooth device address Johannes Berg (1): um: vector: fix bpfflash parameter evaluation John Hubbard (2): selftests/binderfs: use the Makefile's rules, not Make's implicit rules selftests/resctrl: fix clang build failure: use LOCAL_HDRS Jorge Ramirez-Ortiz (1): mmc: core: Do not force a retune before RPMB switch Joshua Ashton (1): drm/amd/display: Set color_mgmt_changed to true on unsuspend Judith Mendez (6): mmc: sdhci_am654: Add tuning algorithm for delay chain mmc: sdhci_am654: Write ITAPDLY for DDR52 timing mmc: sdhci_am654: Add OTAP/ITAP delay enable mmc: sdhci_am654: Add ITAPDLYSEL in sdhci_j721e_4bit_set_clock mmc: sdhci_am654: Fix ITAPDLY for HS400 timing watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a safety margin Justin Green (1): drm/mediatek: Add 0 size check to mtk_drm_gem_obj Karel Balej (1): Input: ioc3kbd - add device table Kemeng Shi (4): ext4: simplify calculation of blkoff in ext4_mb_new_blocks_simple ext4: fix unit mismatch in ext4_mb_new_blocks_simple ext4: try all groups in ext4_mb_new_blocks_simple ext4: remove unused parameter from ext4_mb_new_blocks_simple() Ken Milmore (1): r8169: Fix possible ring buffer corruption on fragmented Tx packets. Konrad Dybcio (1): thermal/drivers/qcom/lmh: Check for SCM availability at probe Konstantin Komarov (6): fs/ntfs3: Remove max link count info display during driver init fs/ntfs3: Taking DOS names into account during link counting fs/ntfs3: Fix case when index is reused during tree transformation fs/ntfs3: Break dir enumeration if directory contents error fs/ntfs3: Use 64 bit variable to avoid 32 bit overflow fs/ntfs3: Use variable length array instead of fixed size Krzysztof Kozlowski (2): regulator: vqmmc-ipq4019: fix module autoloading arm64: tegra: Correct Tegra132 I2C alias Kuniyuki Iwashima (2): af_unix: Update unix_sk(sk)->oob_skb under sk_receive_queue lock. tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). Kuppuswamy Sathyanarayanan (2): PCI/EDR: Align EDR_PORT_DPC_ENABLE_DSM with PCI Firmware r3.3 PCI/EDR: Align EDR_PORT_LOCATE_DSM with PCI Firmware r3.3 Lancelot SIX (1): drm/amdkfd: Flush the process wq before creating a kfd_process Larysa Zaremba (1): ice: Interpret .set_channels() input differently Laurent Pinchart (1): firmware: raspberrypi: Use correct device for DMA mappings Len Baker (1): virt: acrn: Prefer array_size and struct_size over open coded arithmetic Leon Romanovsky (1): RDMA/IPoIB: Fix format truncation compilation errors Li Ma (1): drm/amdgpu/atomfirmware: add intergrated info v2.3 table Linus Torvalds (2): x86/mm: Remove broken vsyscall emulation code from the page fault code epoll: be better about file lifetimes Linus Walleij (1): net: ethernet: cortina: Locking fixes Lorenz Bauer (2): net: export inet_lookup_reuseport and inet6_lookup_reuseport net: remove duplicate reuseport_lookup functions Manivannan Sadhasivam (1): scsi: ufs: ufs-qcom: Fix the Qcom register name for offset 0xD0 Marc Dionne (1): afs: Don't cross .backup mountpoint from backup volume Marc Gonzalez (1): clk: qcom: mmcc-msm8998: fix venus clock issue Marc Zyngier (2): KVM: arm64: Fix AArch32 register narrowing on userspace write KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode Marco Pagani (1): fpga: region: add owner module and take its refcount Marek Szyprowski (1): Input: cyapa - add missing input core locking to suspend/resume functions Marek Vasut (1): drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector Marijn Suijten (2): drm/msm/dsi: Print dual-DSI-adjusted pclk instead of original mode pclk drm/msm/dpu: Always flush the slave INTF on the CTL Masahiro Yamada (2): x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when UNWINDER_FRAME_POINTER=y kconfig: fix comparison to constant symbols, 'm', 'n' Mathieu Othacehe (1): net: phy: micrel: set soft_reset callback to genphy_soft_reset for KSZ8061 Matthew Bystrin (1): riscv: stacktrace: fixed walk_stackframe() Matthias Schiffer (2): net: dsa: mv88e6xxx: Add support for model-specific pre- and post-reset handlers net: dsa: mv88e6xxx: Avoid EEPROM timeout without EEPROM on 88E6250-family switches Matthieu Baerts (NGI0) (2): mptcp: SO_KEEPALIVE: fix getsockopt support mptcp: fix full TCP keep-alive support Matti Vaittinen (3): regulator: irq_helpers: duplicate IRQ name watchdog: bd9576: Drop "always-running" property regulator: bd71828: Don't overwrite runtime voltages Maulik Shah (1): soc: qcom: rpmh-rsc: Enhance check for VRM in-flight request Maxim Korotkov (1): mtd: rawnand: hynix: fixed typo Michael Schmitz (1): m68k: Fix spinlock race in kernel thread creation Michael Walle (1): drm/bridge: tc358775: fix support for jeida-18 and jeida-24 Michal Simek (2): microblaze: Remove gcc flag for non existing early_printk.c file microblaze: Remove early printk call from cpuinfo-static.c Mike Gilbert (1): sparc: move struct termio to asm/termios.h Ming Lei (1): io_uring: fail NOP if non-zero op flags is passed in Nathan Chancellor (1): media: mxl5xx: Move xpt structures off stack Neil Armstrong (1): scsi: ufs: ufs-qcom: Clear qunipro_g4_sel for HW major version > 5 NeilBrown (1): sunrpc: exclude from freezer when waiting for requests: Nikita Zhandarovich (3): wifi: carl9170: add a proper sanity check for endpoints wifi: ar5523: enable proper endpoint verification net/9p: fix uninit-value in p9_client_rpc() Nikolay Aleksandrov (1): selftests: net: bridge: increase IGMP/MLD exclude timeout membership interval Nilay Shroff (1): nvme: find numa distance only if controller has valid numa id Nícolas F. R. A. Prado (3): drm/bridge: lt8912b: Don't log an error when DSI host can't be found drm/bridge: lt9611: Don't log an error when DSI host can't be found drm/bridge: tc358775: Don't log an error when DSI host can't be found Or Har-Toov (1): RDMA/mlx5: Adding remote atomic access flag to updatable flags Pablo Neira Ayuso (4): netfilter: nft_payload: restore vlan q-in-q match support netfilter: nft_payload: move struct nft_payload_set definition where it belongs netfilter: nft_payload: rebuild vlan header when needed netfilter: nft_payload: skbuff vlan metadata mangle support Parthiban Veerasooran (1): net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM Peter Oberparleiter (1): s390/cio: fix tracepoint subchannel type field Petr Pavlu (1): ring-buffer: Fix a race between readers and resize checks Pierre-Louis Bossart (2): ASoC: da7219-aad: fix usage of device_get_named_child_node() soundwire: cadence: fix invalid PDI offset Rafael J. Wysocki (3): cpufreq: Reorganize checks in cpufreq_offline() cpufreq: Split cpufreq_offline() cpufreq: Rearrange locking in cpufreq_remove_dev() Rafał Miłecki (1): dt-bindings: pinctrl: mediatek: mt7622: fix array properties Rahul Rameshbabu (1): net/mlx5e: Fix IPsec tunnel mode offload feature check Randy Dunlap (2): fbdev: sh7760fb: allow modular build extcon: max8997: select IRQ_DOMAIN instead of depending on it Ricardo Ribalda (1): media: radio-shark2: Avoid led_names truncations Rob Herring (1): dt-bindings: rockchip: grf: Add missing type to 'pcie-phy' node Roberto Sassu (1): um: Add winch to winch_handlers before registering winch IRQ Roded Zats (1): enic: Validate length of nl attributes in enic_set_vf_port Rui Miguel Silva (1): greybus: lights: check return of get_channel_from_mode Russ Weight (1): fpga: region: Use standard dev_release for class driver Ryosuke Yasuoka (2): nfc: nci: Fix uninit-value in nci_rx_work nfc: nci: Fix handling of zero-length payload packets in nci_rx_work() Ryusuke Konishi (3): nilfs2: fix unexpected freezing of nilfs_segctor_sync() nilfs2: fix potential hang in nilfs_detach_log_writer() nilfs2: fix use-after-free of timer for log writer thread Sagi Grimberg (1): nvmet: fix ns enable/disable possible hang Sakari Ailus (1): media: ipu3-cio2: Request IRQ earlier Sam Ravnborg (1): sparc64: Fix number of online CPUs Sergey Shtylyov (2): ata: pata_legacy: make legacy_exit() work again nfs: fix undefined behavior in nfs_block_bits() Shay Agroskin (1): net: ena: Fix redundant device NUMA node override Shenghao Ding (1): ASoC: tas2552: Add TX path for capturing AUDIO-OUT data Shradha Gupta (2): drm: Check output polling initialized before disabling drm: Check polling initialized before enabling in drm_helper_probe_single_connector_modes Shrikanth Hegde (2): sched/fair: Add EAS checks before updating root_domain::overutilized powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp Shuah Khan (1): tools/latency-collector: Fix -Wformat-security compile warns Srinivasan Shanmugam (1): drm/amd/display: Fix potential index out of bounds in color transformation function Stefan Berger (1): crypto: ecdsa - Fix module auto-load on add-key Steven Rostedt (1): ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value Su Hui (1): wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() Sumanth Korikkar (2): s390/vdso: filter out mno-pic-data-is-text-relative cflag s390/vdso64: filter out munaligned-symbols flag for vdso Suzuki K Poulose (4): coresight: etm4x: Do not hardcode IOMEM access for register restore coresight: etm4x: Do not save/restore Data trace control registers coresight: etm4x: Safe access for TRCQCLTR coresight: etm4x: Fix access to resource selector registers Sven Schnelle (1): s390/boot: Remove alt_stfle_fac_list from decompressor Takashi Iwai (3): ALSA: core: Fix NULL module pointer assignment at card init ALSA: Fix deadlocks with kctl removals at disconnection ALSA: timer: Set lower bound of start tick time Tetsuo Handa (2): nfc: nci: Fix kcov check in nci_rx_work() dma-buf/sw-sync: don't enable IRQ from sync_print_obj() Thomas Haemmerle (1): iio: pressure: dps310: support negative temperature values Thorsten Blum (1): net: smc91x: Fix m68k kernel compilation for ColdFire CPU Tiwei Bie (1): um: Fix the -Wmissing-prototypes warning for __switch_mm Uwe Kleine-König (5): pwm: sti: Convert to platform remove callback returning void pwm: sti: Prepare removing pwm_chip from driver data pwm: sti: Simplify probe function using devm functions Input: ioc3kbd - convert to platform remove callback returning void spi: stm32: Don't warn about spurious interrupts Vidya Sagar (1): PCI: tegra194: Fix probe path for Endpoint mode Vignesh Raghavendra (1): mmc: sdhci_am654: Drop lookup for deprecated ti,otap-del-sel Viresh Kumar (1): cpufreq: exit() callback is optional Vitalii Bursov (1): sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level Vitaly Chikunov (1): crypto: ecrdsa - Fix module auto-load on add_key Vladimir Oltean (2): net: dsa: sja1105: always enable the INCL_SRCPT option net: dsa: tag_sja1105: always prefer source port information from INCL_SRCPT Wei Fang (1): net: fec: avoid lock evasion when reading pps_enable Wolfram Sang (2): dt-bindings: PCI: rcar-pci-host: Add optional regulators serial: sh-sci: protect invalidating RXDMA on shutdown Xiaolei Wang (1): net:fec: Add fec_enet_deinit() Xingui Yang (1): scsi: libsas: Fix the failure of adding phy with zero-address to port Yang Xiwen (1): arm64: dts: hi3798cv200: fix the size of GICR Yangtao Li (1): f2fs: convert to use sbi directly Yu Kuai (2): md: fix resync softlockup when bitmap size is less than array size md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING Yue Haibing (1): ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound Yuri Karpov (1): scsi: hpsa: Fix allocation size for Scsi_Host private data Zenghui Yu (2): irqchip/alpine-msi: Fix off-by-one in allocation error path irqchip/loongson-pch-msi: Fix off-by-one on allocation error path Zhengchao Shao (1): RDMA/hns: Fix return value in hns_roce_map_mr_sg Zheyu Ma (1): media: lgdt3306a: Add a check against null-pointer-def Zhipeng Lu (1): media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries Zhu Yanjun (2): null_blk: Fix missing mutex_destroy() at module removal null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() Zqiang (1): softirq: Fix suspicious RCU usage in __do_softirq() gaoxingwang (1): net: ipv6: fix wrong start position when receive hop-by-hop fragment xu xin (1): net/ipv6: Fix route deleting failure when metric equals 0

1 year, 3 months

1
1
0 0

Linux 5.10.219

by Greg Kroah-Hartman

I'm announcing the release of the 5.10.219 kernel. All users of the 5.10 kernel series must upgrade. The updated 5.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/sound/rt5645.txt | 6 Documentation/driver-api/fpga/fpga-bridge.rst | 10 Documentation/driver-api/fpga/fpga-mgr.rst | 12 Documentation/driver-api/fpga/fpga-programming.rst | 8 Documentation/driver-api/fpga/fpga-region.rst | 33 + Documentation/filesystems/f2fs.rst | 36 ++ Makefile | 2 arch/arm64/boot/dts/hisilicon/hi3798cv200.dtsi | 2 arch/arm64/boot/dts/nvidia/tegra132-norrin.dts | 4 arch/arm64/boot/dts/nvidia/tegra132.dtsi | 2 arch/arm64/boot/dts/qcom/qcs404-evb.dtsi | 2 arch/arm64/include/asm/asm-bug.h | 1 arch/arm64/kvm/guest.c | 1 arch/m68k/kernel/entry.S | 4 arch/m68k/mac/misc.c | 36 +- arch/microblaze/kernel/Makefile | 1 arch/microblaze/kernel/cpu/cpuinfo-static.c | 2 arch/parisc/kernel/parisc_ksyms.c | 1 arch/powerpc/include/asm/hvcall.h | 2 arch/powerpc/platforms/pseries/lpar.c | 6 arch/powerpc/platforms/pseries/lparcfg.c | 6 arch/powerpc/sysdev/fsl_msi.c | 2 arch/s390/kernel/ipl.c | 10 arch/sh/kernel/kprobes.c | 7 arch/sh/lib/checksum.S | 67 +-- arch/sparc/include/asm/smp_64.h | 2 arch/sparc/include/uapi/asm/termbits.h | 10 arch/sparc/include/uapi/asm/termios.h | 9 arch/sparc/kernel/prom_64.c | 4 arch/sparc/kernel/setup_64.c | 1 arch/sparc/kernel/smp_64.c | 14 arch/um/drivers/line.c | 14 arch/um/drivers/ubd_kern.c | 4 arch/um/drivers/vector_kern.c | 2 arch/um/include/asm/mmu.h | 2 arch/um/include/shared/skas/mm_id.h | 2 arch/x86/Kconfig.debug | 5 arch/x86/crypto/nh-avx2-x86_64.S | 1 arch/x86/crypto/sha256-avx2-asm.S | 1 arch/x86/entry/vsyscall/vsyscall_64.c | 28 - arch/x86/include/asm/processor.h | 1 arch/x86/kernel/apic/vector.c | 9 arch/x86/kernel/tsc_sync.c | 6 arch/x86/lib/x86-opcode-map.txt | 2 arch/x86/mm/fault.c | 27 - arch/x86/purgatory/Makefile | 3 arch/x86/tools/relocs.c | 9 crypto/ecrdsa.c | 1 drivers/accessibility/speakup/main.c | 2 drivers/acpi/acpica/Makefile | 1 drivers/acpi/resource.c | 12 drivers/android/binder.c | 4 drivers/ata/pata_legacy.c | 8 drivers/block/null_blk/main.c | 3 drivers/char/ppdev.c | 21 - drivers/clk/qcom/mmcc-msm8998.c | 8 drivers/cpufreq/cpufreq.c | 83 ++-- drivers/crypto/bcm/spu2.c | 2 drivers/crypto/ccp/sp-platform.c | 14 drivers/crypto/qat/qat_common/adf_aer.c | 19 - drivers/dma-buf/sync_debug.c | 4 drivers/dma/idma64.c | 4 drivers/extcon/Kconfig | 3 drivers/firmware/dmi-id.c | 7 drivers/firmware/raspberrypi.c | 7 drivers/fpga/dfl-fme-region.c | 17 drivers/fpga/dfl.c | 12 drivers/fpga/fpga-region.c | 145 +++----- drivers/fpga/of-fpga-region.c | 10 drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 3 drivers/gpu/drm/amd/amdkfd/kfd_process.c | 8 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 1 drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c | 5 drivers/gpu/drm/arm/malidp_mw.c | 5 drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c | 3 drivers/gpu/drm/bridge/lontium-lt9611.c | 6 drivers/gpu/drm/bridge/tc358775.c | 27 - drivers/gpu/drm/drm_mipi_dsi.c | 6 drivers/gpu/drm/mediatek/mtk_drm_gem.c | 3 drivers/gpu/drm/meson/meson_vclk.c | 6 drivers/gpu/drm/msm/disp/dpu1/dpu_encoder_phys_cmd.c | 3 drivers/gpu/drm/panel/panel-simple.c | 3 drivers/gpu/drm/vc4/vc4_hdmi.c | 2 drivers/hid/intel-ish-hid/ipc/pci-ish.c | 5 drivers/hwmon/shtc1.c | 2 drivers/hwtracing/intel_th/pci.c | 5 drivers/hwtracing/stm/core.c | 11 drivers/iio/pressure/dps310.c | 11 drivers/infiniband/hw/hns/hns_roce_alloc.c | 128 ++++--- drivers/infiniband/hw/hns/hns_roce_cmd.c | 10 drivers/infiniband/hw/hns/hns_roce_cmd.h | 2 drivers/infiniband/hw/hns/hns_roce_common.h | 14 drivers/infiniband/hw/hns/hns_roce_db.c | 8 drivers/infiniband/hw/hns/hns_roce_device.h | 115 +++--- drivers/infiniband/hw/hns/hns_roce_hem.h | 12 drivers/infiniband/hw/hns/hns_roce_hw_v1.c | 8 drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 35 +- drivers/infiniband/hw/hns/hns_roce_main.c | 2 drivers/infiniband/hw/hns/hns_roce_mr.c | 65 +-- drivers/infiniband/hw/hns/hns_roce_qp.c | 129 ++++++- drivers/infiniband/ulp/ipoib/ipoib_vlan.c | 8 drivers/input/misc/ims-pcu.c | 4 drivers/input/misc/pm8xxx-vibrator.c | 7 drivers/input/serio/ioc3kbd.c | 13 drivers/irqchip/irq-alpine-msi.c | 2 drivers/irqchip/irq-loongson-pch-msi.c | 2 drivers/macintosh/via-macii.c | 11 drivers/md/md-bitmap.c | 6 drivers/md/raid5.c | 15 drivers/media/cec/core/cec-adap.c | 291 ++++++++++------- drivers/media/cec/core/cec-api.c | 31 - drivers/media/cec/core/cec-core.c | 7 drivers/media/cec/core/cec-pin-priv.h | 11 drivers/media/cec/core/cec-pin.c | 23 - drivers/media/cec/core/cec-priv.h | 10 drivers/media/dvb-frontends/lgdt3306a.c | 5 drivers/media/dvb-frontends/mxl5xx.c | 22 - drivers/media/mc/mc-devnode.c | 5 drivers/media/pci/ngene/ngene-core.c | 4 drivers/media/radio/radio-shark2.c | 2 drivers/media/usb/b2c2/flexcop-usb.c | 12 drivers/media/usb/stk1160/stk1160-video.c | 20 - drivers/media/v4l2-core/v4l2-dev.c | 3 drivers/mmc/core/host.c | 3 drivers/mmc/core/slot-gpio.c | 20 + drivers/mmc/host/sdhci-acpi.c | 48 ++ drivers/mmc/host/sdhci_am654.c | 205 ++++++++--- drivers/mtd/nand/raw/nand_hynix.c | 2 drivers/net/ethernet/cisco/enic/enic_main.c | 12 drivers/net/ethernet/cortina/gemini.c | 12 drivers/net/ethernet/freescale/fec_main.c | 10 drivers/net/ethernet/freescale/fec_ptp.c | 14 drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 3 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 2 drivers/net/ethernet/qlogic/qed/qed_main.c | 9 drivers/net/ethernet/smsc/smc91x.h | 4 drivers/net/ethernet/sun/sungem.c | 14 drivers/net/ipvlan/ipvlan_core.c | 4 drivers/net/usb/aqc111.c | 8 drivers/net/usb/qmi_wwan.c | 3 drivers/net/usb/smsc95xx.c | 26 - drivers/net/usb/sr9700.c | 10 drivers/net/vxlan/vxlan_core.c | 4 drivers/net/wireless/ath/ar5523/ar5523.c | 14 drivers/net/wireless/ath/ath10k/core.c | 3 drivers/net/wireless/ath/ath10k/debugfs_sta.c | 2 drivers/net/wireless/ath/ath10k/hw.h | 1 drivers/net/wireless/ath/ath10k/targaddrs.h | 3 drivers/net/wireless/ath/ath10k/wmi.c | 26 + drivers/net/wireless/ath/carl9170/usb.c | 32 + drivers/net/wireless/marvell/mwl8k.c | 2 drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 26 - drivers/net/wireless/realtek/rtlwifi/rtl8192de/trx.c | 21 - drivers/net/wireless/realtek/rtlwifi/rtl8192de/trx.h | 79 +--- drivers/nvme/host/multipath.c | 3 drivers/nvme/target/configfs.c | 8 drivers/pci/pcie/edr.c | 28 - drivers/regulator/bd71828-regulator.c | 58 --- drivers/regulator/vqmmc-ipq4019-regulator.c | 1 drivers/s390/cio/trace.h | 2 drivers/s390/crypto/ap_bus.c | 2 drivers/scsi/bfa/bfad_debugfs.c | 4 drivers/scsi/hpsa.c | 2 drivers/scsi/libsas/sas_expander.c | 3 drivers/scsi/qedf/qedf_debugfs.c | 2 drivers/scsi/qla2xxx/qla_init.c | 8 drivers/scsi/qla2xxx/qla_mr.c | 20 - drivers/scsi/ufs/cdns-pltfrm.c | 2 drivers/scsi/ufs/ufs-qcom.c | 31 + drivers/scsi/ufs/ufs-qcom.h | 21 - drivers/scsi/ufs/ufshcd.c | 4 drivers/soc/mediatek/mtk-cmdq-helper.c | 5 drivers/soundwire/cadence_master.c | 2 drivers/spi/spi-stm32.c | 2 drivers/spi/spi.c | 4 drivers/staging/greybus/arche-apb-ctrl.c | 1 drivers/staging/greybus/arche-platform.c | 9 drivers/staging/greybus/light.c | 8 drivers/staging/media/atomisp/pci/sh_css.c | 1 drivers/tty/n_gsm.c | 8 drivers/tty/serial/max3100.c | 22 + drivers/tty/serial/sc16is7xx.c | 2 drivers/tty/serial/sh-sci.c | 5 drivers/usb/gadget/function/u_audio.c | 2 drivers/video/fbdev/Kconfig | 4 drivers/video/fbdev/savage/savagefb_driver.c | 5 drivers/video/fbdev/sh_mobile_lcdcfb.c | 2 drivers/video/fbdev/sis/init301.c | 3 drivers/virtio/virtio_pci_common.c | 4 drivers/watchdog/rti_wdt.c | 34 - fs/afs/mntpt.c | 5 fs/ecryptfs/keystore.c | 4 fs/ext4/mballoc.c | 134 +++---- fs/ext4/namei.c | 2 fs/ext4/xattr.c | 4 fs/f2fs/checkpoint.c | 4 fs/f2fs/compress.c | 91 ++--- fs/f2fs/data.c | 10 fs/f2fs/extent_cache.c | 4 fs/f2fs/f2fs.h | 52 ++- fs/f2fs/file.c | 86 +++-- fs/f2fs/inode.c | 9 fs/f2fs/namei.c | 2 fs/f2fs/node.c | 2 fs/f2fs/segment.c | 4 fs/f2fs/super.c | 32 + fs/gfs2/glock.c | 4 fs/gfs2/util.c | 1 fs/jffs2/xattr.c | 3 fs/nfs/internal.h | 4 fs/nfs/nfs4proc.c | 2 fs/nilfs2/ioctl.c | 2 fs/nilfs2/segment.c | 63 ++- fs/openpromfs/inode.c | 8 include/drm/drm_mipi_dsi.h | 6 include/linux/f2fs_fs.h | 3 include/linux/fpga/fpga-region.h | 43 +- include/linux/mmc/slot-gpio.h | 1 include/linux/moduleparam.h | 2 include/media/cec.h | 26 + include/media/v4l2-h264.h | 6 include/media/v4l2-jpeg.h | 2 include/net/dst_ops.h | 2 include/net/inet6_hashtables.h | 16 include/net/inet_hashtables.h | 18 - include/net/netfilter/nf_tables.h | 2 include/net/sock.h | 13 include/sound/soc-acpi.h | 6 include/trace/events/asoc.h | 2 include/uapi/linux/cec.h | 3 include/uapi/linux/v4l2-subdev.h | 12 include/uapi/linux/videodev2.h | 15 io_uring/io_uring.c | 2 kernel/bpf/verifier.c | 10 kernel/cgroup/cpuset.c | 2 kernel/debug/kdb/kdb_io.c | 99 +++-- kernel/irq/cpuhotplug.c | 16 kernel/params.c | 18 + kernel/sched/topology.c | 2 kernel/trace/ring_buffer.c | 9 net/9p/client.c | 2 net/core/dev.c | 3 net/ipv4/inet_hashtables.c | 29 + net/ipv4/netfilter/nf_tproxy_ipv4.c | 2 net/ipv4/route.c | 22 - net/ipv4/tcp_dctcp.c | 13 net/ipv4/tcp_ipv4.c | 13 net/ipv4/udp.c | 55 +-- net/ipv6/inet6_hashtables.c | 27 - net/ipv6/reassembly.c | 2 net/ipv6/route.c | 34 + net/ipv6/seg6.c | 5 net/ipv6/seg6_hmac.c | 42 +- net/ipv6/udp.c | 61 +-- net/netfilter/nf_tables_api.c | 22 - net/netfilter/nfnetlink_queue.c | 2 net/netfilter/nft_payload.c | 23 - net/netfilter/nft_tunnel.c | 1 net/netrom/nr_route.c | 19 - net/nfc/nci/core.c | 17 net/openvswitch/actions.c | 6 net/openvswitch/flow.c | 3 net/packet/af_packet.c | 3 net/qrtr/af_qrtr.c | 16 net/qrtr/ns.c | 34 + net/qrtr/qrtr.h | 2 net/sunrpc/auth_gss/svcauth_gss.c | 12 net/sunrpc/clnt.c | 1 net/sunrpc/svc.c | 2 net/sunrpc/xprtrdma/verbs.c | 6 net/sunrpc/xprtsock.c | 18 - net/tls/tls_main.c | 10 net/unix/af_unix.c | 2 net/wireless/trace.h | 4 net/xfrm/xfrm_policy.c | 11 scripts/kconfig/symbol.c | 6 sound/core/init.c | 2 sound/core/timer.c | 10 sound/soc/codecs/da7219-aad.c | 6 sound/soc/codecs/rt5645.c | 25 + sound/soc/codecs/rt715-sdw.c | 1 sound/soc/codecs/tas2552.c | 15 sound/soc/intel/boards/bxt_da7219_max98357a.c | 1 sound/soc/intel/boards/bxt_rt298.c | 1 sound/soc/intel/boards/glk_rt5682_max98357a.c | 2 sound/soc/intel/boards/kbl_da7219_max98357a.c | 1 sound/soc/intel/boards/kbl_da7219_max98927.c | 4 sound/soc/intel/boards/kbl_rt5660.c | 1 sound/soc/intel/boards/kbl_rt5663_max98927.c | 2 sound/soc/intel/boards/kbl_rt5663_rt5514_max98927.c | 1 sound/soc/intel/boards/skl_hda_dsp_generic.c | 2 sound/soc/intel/boards/skl_nau88l25_max98357a.c | 1 sound/soc/intel/boards/skl_rt286.c | 1 tools/arch/x86/lib/x86-opcode-map.txt | 2 tools/bpf/resolve_btfids/main.c | 2 tools/lib/subcmd/parse-options.c | 8 tools/testing/selftests/bpf/test_sockmap.c | 2 tools/testing/selftests/filesystems/binderfs/Makefile | 2 tools/testing/selftests/kcmp/kcmp_test.c | 8 299 files changed, 2650 insertions(+), 1755 deletions(-) Aaron Conole (1): openvswitch: Set the skbuff pkt_type for proper pmtud support. Abel Vesa (1): scsi: ufs: ufs-qcom: Clear qunipro_g4_sel for HW version major 5 Adrian Hunter (1): x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map Akiva Goldberger (1): net/mlx5: Discard command completions in internal error Al Viro (1): parisc: add missing export of __cmpxchg_u8() Aleksandr Aprelkov (1): sunrpc: removed redundant procp check Aleksandr Burakov (1): media: ngene: Add dvb_ca_en50221_init return value check Aleksandr Mishin (3): crypto: bcm - Fix pointer arithmetic drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference drm: vc4: Fix possible null pointer dereference Alexander Egorenkov (2): s390/ipl: Fix incorrect initialization of len fields in nvme reipl block s390/ipl: Fix incorrect initialization of nvme dump block Alexander Shishkin (1): intel_th: pci: Add Meteor Lake-S CPU support Andreas Gruenbacher (1): gfs2: Fix "ignore unlock failures after withdraw" Andrew Halaney (7): scsi: ufs: qcom: Perform read back after writing reset bit scsi: ufs: qcom: Perform read back after writing REG_UFS_SYS1CLK_1US scsi: ufs: qcom: Perform read back after writing unipro mode scsi: ufs: qcom: Perform read back after writing CGC enable scsi: ufs: cdns-pltfrm: Perform read back after writing HCLKDIV scsi: ufs: core: Perform read back after disabling interrupts scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL Andy Shevchenko (4): serial: max3100: Lock port->lock when calling uart_handle_cts_change() serial: max3100: Update uart_driver_registered on driver removal serial: max3100: Fix bitwise types spi: Don't mark message DMA mapped when no transfer in it is Anna Schumaker (1): NFS: Fix READ_PLUS when server doesn't support OP_READ_PLUS Ard Biesheuvel (1): x86/purgatory: Switch to the position-independent small code model Arnd Bergmann (10): nilfs2: fix out-of-range warning crypto: ccp - drop platform ifdef checks qed: avoid truncating work queue length ACPI: disable -Wstringop-truncation fbdev: shmobile: fix snprintf truncation powerpc/fsl-soc: hide unused const variable fbdev: sisfb: hide unused variables firmware: dmi-id: add a release callback function greybus: arche-ctrl: move device table to its right location Input: ims-pcu - fix printf string overflow Azeem Shaikh (1): scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() Baochen Qiang (1): wifi: ath10k: poll service ready message before failing Baokun Li (1): ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() Bitterblue Smith (3): wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU wifi: rtlwifi: rtl8192de: Fix low speed with WPA3-SAE wifi: rtlwifi: rtl8192de: Fix endianness issue in RX path Bob Zhou (1): drm/amdgpu: add error handle to avoid out-of-bounds Breno Leitao (1): af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg Brian Kubisiak (1): ecryptfs: Fix buffer size for tag 66 packet Bui Quang Minh (2): scsi: bfa: Ensure the copied buf is NUL terminated scsi: qedf: Ensure the copied buf is NUL terminated Cai Xinchen (1): fbdev: savage: Handle err return when savagefb_check_var failed Carlos Llamas (1): binder: fix max_thread type inconsistency Carolina Jubran (1): net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion Cezary Rojewski (1): ASoC: Intel: Disable route checks for Skylake boards Chao Yu (14): f2fs: fix to wait on page writeback in __clone_blkaddrs() f2fs: compress: support chksum f2fs: compress: clean up parameter of __f2fs_cluster_blocks() f2fs: compress: remove unneeded preallocation f2fs: compress: fix to relocate check condition in f2fs_{release,reserve}_compress_blocks() f2fs: add cp_error check in f2fs_write_compressed_pages f2fs: fix to force keeping write barrier for strict fsync mode f2fs: fix to relocate check condition in f2fs_fallocate() f2fs: fix to check pinfile flag in f2fs_move_file_range() f2fs: compress: fix to cover {reserve,release}_compress_blocks() w/ cp_rwsem lock f2fs: fix to release node block count in error path of f2fs_new_node_page() f2fs: compress: don't allow unaligned truncation on released compress inode f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() f2fs: compress: fix compression chksum Chen Ni (2): HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors dmaengine: idma64: Add check for dma_set_max_seg_size Chengchang Tang (3): RDMA/hns: Use complete parentheses in macros RDMA/hns: Modify the print level of CQE error RDMA/hns: Fix CQ and QP cache affinity Chris Lew (1): net: qrtr: ns: Fix module refcnt Chris Wulff (1): usb: gadget: u_audio: Clear uac pointer when freed. Christian Hewitt (1): drm/meson: vclk: fix calculation of 59.94 fractional rates Christoffer Sandberg (1): ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx Christophe JAILLET (1): ppdev: Remove usage of the deprecated ida_simple_xx() API Chuck Lever (2): SUNRPC: Fix gss_free_in_token_pages() SUNRPC: Fix loop termination condition in gss_free_in_token_pages() Chun-Kuang Hu (1): soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE Dae R. Jeong (1): tls: fix missing memory barrier in tls_init Daeho Jeong (1): f2fs: add compress_mode mount option Dan Aloni (2): sunrpc: fix NFSACL RPC retry on soft mount rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL Dan Carpenter (5): speakup: Fix sizeof() vs ARRAY_SIZE() bug wifi: mwl8k: initialize cmd->addr[] properly ext4: fix potential unnitialized variable stm class: Fix a double free in stm_register_device() media: stk1160: fix bounds checking in stk1160_copy_video() Daniel Borkmann (1): vxlan: Fix regression when dropping packets due to invalid src addresses Daniel J Blueman (1): x86/tsc: Trust initial offset in architectural TSC-adjust MSRs Daniel Starke (1): tty: n_gsm: fix possible out-of-bounds in gsm0_receive() Daniel Thompson (5): kdb: Fix buffer overflow during tab-complete kdb: Use format-strings rather than '\0' injection in kdb_read() kdb: Fix console handling when editing and tab-completing commands kdb: Merge identical case statements in kdb_read() kdb: Use format-specifiers rather than memset() for padding in kdb_read() Daniele Palmas (1): net: usb: qmi_wwan: add Telit FN920C04 compositions Derek Fang (2): ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating ASoC: dt-bindings: rt5645: add cbj sleeve gpio property Dmitry Baryshkov (2): wifi: ath10k: populate board data for WCN3990 drm/mipi-dsi: use correct return type for the DSC functions Dongli Zhang (1): genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline Dongliang Mu (1): media: flexcop-usb: fix sanity check of bNumEndpoints Duoming Zhou (1): um: Fix return value in ubd_init() Edward Liaw (1): selftests/kcmp: remove unused open mode Eric Biggers (2): crypto: x86/nh-avx2 - add missing vzeroupper crypto: x86/sha256-avx2 - add missing vzeroupper Eric Dumazet (9): tcp: avoid premature drops in tcp_add_backlog() net: give more chances to rcu in netdev_wait_allrefs_any() usb: aqc111: stop lying about skb->truesize net: usb: sr9700: stop lying about skb->truesize net: usb: smsc95xx: stop lying about skb->truesize netrom: fix possible dead-lock in nr_rt_ioctl() af_packet: do not call packet_read_pending() from tpacket_destruct_skb() netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() net: fix __dst_negative_advice() race Eric Sandeen (1): openpromfs: finish conversion to the new mount API Fenglin Wu (1): Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation Finn Thain (2): macintosh/via-macii: Fix "BUG: sleeping function called from invalid context" m68k: mac: Fix reboot hang on Mac IIci Florian Westphal (1): netfilter: tproxy: bail out if IP has been disabled on the device Friedrich Vock (1): bpf: Fix potential integer overflow in resolve_btfids Gabriel Krisman Bertazi (1): udp: Avoid call to compute_score on multiple sites Gautam Menghani (1): selftests/kcmp: Make the test output consistent and clear Geert Uytterhoeven (1): sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe() Geliang Tang (1): selftests/bpf: Fix umount cgroup2 error in test_sockmap Greg Kroah-Hartman (1): Linux 5.10.219 Guenter Roeck (2): Revert "sh: Handle calling csum_partial with misaligned data" hwmon: (shtc1) Fix property misspelling Guixiong Wei (1): x86/boot: Ignore relocations in .notes sections in walk_relocs() too Hangbin Liu (4): ipv6: sr: add missing seg6_local_exit ipv6: sr: fix incorrect unregister order ipv6: sr: fix invalid unregister error path ipv6: sr: fix memleak in seg6_hmac_init_algo Hans Verkuil (14): media: cec: cec-adap: always cancel work in cec_transmit_msg_fh media: cec: cec-api: add locking in cec_release() media: core headers: fix kernel-doc warnings media: cec: fix a deadlock situation media: cec: call enable_adap on s_log_addrs media: cec: abort if the current transmit was canceled media: cec: correctly pass on reply results media: cec: use call_op and check for !unregistered media: cec-adap.c: drop activate_cnt, use state info instead media: cec: core: avoid recursive cec_claim_log_addrs media: cec: core: avoid confusing "transmit timed out" message media: cec: core: add adap_nb_transmit_canceled() callback media: mc: mark the media devnode as registered from the, start media: v4l2-core: hold videodev_lock until dev reg, finishes Hans de Goede (4): mmc: core: Add mmc_gpiod_set_cd_config() function mmc: sdhci-acpi: Sort DMI quirks alphabetically mmc: sdhci-acpi: Fix Lenovo Yoga Tablet 2 Pro 1380 sdcard slot not working mmc: sdhci-acpi: Disable write protect detection on Toshiba WT10-A Harald Freudenberger (1): s390/ap: Fix crash in AP internal function modify_bitmap() Herbert Xu (1): crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak Huai-Yuan Liu (2): drm/arm/malidp: fix a possible null pointer dereference ppdev: Add an error check in register_device Hugo Villeneuve (1): serial: sc16is7xx: add proper sched.h include for sched_set_fifo() Ian Rogers (1): libsubcmd: Fix parse-options memory leak Igor Artemiev (1): wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class Ilya Denisyev (1): jffs2: prevent xattr node from overflowing the eraseblock Ilya Maximets (1): net: openvswitch: fix overwriting ct original tuple for ICMPv6 Jack Yu (1): ASoC: rt715: add vendor clear control register Jaegeuk Kim (2): f2fs: introduce FI_COMPRESS_RELEASED instead of using IMMUTABLE bit f2fs: do not allow partial truncation on pinned file Jakub Kicinski (1): eth: sungem: remove .ndo_poll_controller to avoid deadlocks Jakub Sitnicki (1): bpf: Allow delete from sockmap/sockhash only if update is allowed Jan Kara (1): ext4: avoid excessive credit estimate in ext4_tmpfile() Jiangfeng Xiao (1): arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY Jinyoung CHOI (1): f2fs: fix typos in comments Jiri Pirko (1): virtio: delete vq in vp_find_vqs_msix() when request_irq() fails Johan Hovold (2): media: flexcop-usb: clean up endpoint sanity checks arm64: dts: qcom: qcs404: fix bluetooth device address Johannes Berg (1): um: vector: fix bpfflash parameter evaluation John Hubbard (1): selftests/binderfs: use the Makefile's rules, not Make's implicit rules Jorge Ramirez-Ortiz (1): mmc: core: Do not force a retune before RPMB switch Joshua Ashton (1): drm/amd/display: Set color_mgmt_changed to true on unsuspend Judith Mendez (6): mmc: sdhci_am654: Add tuning algorithm for delay chain mmc: sdhci_am654: Write ITAPDLY for DDR52 timing mmc: sdhci_am654: Add OTAP/ITAP delay enable mmc: sdhci_am654: Add ITAPDLYSEL in sdhci_j721e_4bit_set_clock mmc: sdhci_am654: Fix ITAPDLY for HS400 timing watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a safety margin Justin Green (1): drm/mediatek: Add 0 size check to mtk_drm_gem_obj Karel Balej (1): Input: ioc3kbd - add device table Kemeng Shi (4): ext4: simplify calculation of blkoff in ext4_mb_new_blocks_simple ext4: fix unit mismatch in ext4_mb_new_blocks_simple ext4: try all groups in ext4_mb_new_blocks_simple ext4: remove unused parameter from ext4_mb_new_blocks_simple() Krzysztof Kozlowski (2): regulator: vqmmc-ipq4019: fix module autoloading arm64: tegra: Correct Tegra132 I2C alias Kuniyuki Iwashima (1): tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). Kuppuswamy Sathyanarayanan (2): PCI/EDR: Align EDR_PORT_DPC_ENABLE_DSM with PCI Firmware r3.3 PCI/EDR: Align EDR_PORT_LOCATE_DSM with PCI Firmware r3.3 Lancelot SIX (1): drm/amdkfd: Flush the process wq before creating a kfd_process Laurent Pinchart (1): firmware: raspberrypi: Use correct device for DMA mappings Leon Romanovsky (1): RDMA/IPoIB: Fix format truncation compilation errors Linus Torvalds (1): x86/mm: Remove broken vsyscall emulation code from the page fault code Linus Walleij (1): net: ethernet: cortina: Locking fixes Lorenz Bauer (2): net: export inet_lookup_reuseport and inet6_lookup_reuseport net: remove duplicate reuseport_lookup functions Manivannan Sadhasivam (1): scsi: ufs: ufs-qcom: Fix the Qcom register name for offset 0xD0 Marc Dionne (1): afs: Don't cross .backup mountpoint from backup volume Marc Gonzalez (1): clk: qcom: mmcc-msm8998: fix venus clock issue Marc Zyngier (1): KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode Marco Pagani (1): fpga: region: add owner module and take its refcount Marek Vasut (1): drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector Marijn Suijten (1): drm/msm/dpu: Always flush the slave INTF on the CTL Masahiro Yamada (2): x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when UNWINDER_FRAME_POINTER=y kconfig: fix comparison to constant symbols, 'm', 'n' Matti Vaittinen (1): regulator: bd71828: Don't overwrite runtime voltages Mauro Carvalho Chehab (1): docs: driver-api: fpga: avoid using UTF-8 chars Maxim Korotkov (1): mtd: rawnand: hynix: fixed typo Michael Schmitz (1): m68k: Fix spinlock race in kernel thread creation Michael Walle (1): drm/bridge: tc358775: fix support for jeida-18 and jeida-24 Michal Simek (2): microblaze: Remove gcc flag for non existing early_printk.c file microblaze: Remove early printk call from cpuinfo-static.c Mike Gilbert (1): sparc: move struct termio to asm/termios.h Ming Lei (1): io_uring: fail NOP if non-zero op flags is passed in Nathan Chancellor (1): media: mxl5xx: Move xpt structures off stack Neil Armstrong (1): scsi: ufs: ufs-qcom: Clear qunipro_g4_sel for HW major version > 5 Nikita Zhandarovich (3): wifi: carl9170: add a proper sanity check for endpoints wifi: ar5523: enable proper endpoint verification net/9p: fix uninit-value in p9_client_rpc() Nilay Shroff (1): nvme: find numa distance only if controller has valid numa id Nícolas F. R. A. Prado (2): drm/bridge: lt9611: Don't log an error when DSI host can't be found drm/bridge: tc358775: Don't log an error when DSI host can't be found Pablo Neira Ayuso (2): netfilter: nft_payload: restore vlan q-in-q match support netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV Parthiban Veerasooran (1): net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM Peter Oberparleiter (1): s390/cio: fix tracepoint subchannel type field Petr Pavlu (1): ring-buffer: Fix a race between readers and resize checks Pierre-Louis Bossart (3): ASoC: da7219-aad: fix usage of device_get_named_child_node() ASoC: soc-acpi: add helper to identify parent driver. soundwire: cadence: fix invalid PDI offset Qinglang Miao (1): net: qrtr: fix null-ptr-deref in qrtr_ns_remove Rafael J. Wysocki (3): cpufreq: Reorganize checks in cpufreq_offline() cpufreq: Split cpufreq_offline() cpufreq: Rearrange locking in cpufreq_remove_dev() Randy Dunlap (2): fbdev: sh7760fb: allow modular build extcon: max8997: select IRQ_DOMAIN instead of depending on it Ricardo Ribalda (1): media: radio-shark2: Avoid led_names truncations Roberto Sassu (1): um: Add winch to winch_handlers before registering winch IRQ Roded Zats (1): enic: Validate length of nl attributes in enic_set_vf_port Rui Miguel Silva (1): greybus: lights: check return of get_channel_from_mode Russ Weight (2): fpga: region: Rename dev to parent for parent device fpga: region: Use standard dev_release for class driver Ryosuke Yasuoka (2): nfc: nci: Fix uninit-value in nci_rx_work nfc: nci: Fix handling of zero-length payload packets in nci_rx_work() Ryusuke Konishi (3): nilfs2: fix unexpected freezing of nilfs_segctor_sync() nilfs2: fix potential hang in nilfs_detach_log_writer() nilfs2: fix use-after-free of timer for log writer thread Sagi Grimberg (2): params: lift param_set_uint_minmax to common code nvmet: fix ns enable/disable possible hang Sam Ravnborg (1): sparc64: Fix number of online CPUs Sergey Shtylyov (2): ata: pata_legacy: make legacy_exit() work again nfs: fix undefined behavior in nfs_block_bits() Shenghao Ding (1): ASoC: tas2552: Add TX path for capturing AUDIO-OUT data Shrikanth Hegde (1): powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp Srinivasan Shanmugam (1): drm/amd/display: Fix potential index out of bounds in color transformation function Steven Rostedt (1): ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value Su Hui (1): wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() Takashi Iwai (2): ALSA: core: Fix NULL module pointer assignment at card init ALSA: timer: Set lower bound of start tick time Tetsuo Handa (2): nfc: nci: Fix kcov check in nci_rx_work() dma-buf/sw-sync: don't enable IRQ from sync_print_obj() Thomas Haemmerle (1): iio: pressure: dps310: support negative temperature values Thorsten Blum (1): net: smc91x: Fix m68k kernel compilation for ColdFire CPU Tiwei Bie (1): um: Fix the -Wmissing-prototypes warning for __switch_mm Tom Rix (1): fpga: region: change FPGA indirect article to an Uwe Kleine-König (2): Input: ioc3kbd - convert to platform remove callback returning void spi: stm32: Don't warn about spurious interrupts Vignesh Raghavendra (1): mmc: sdhci_am654: Drop lookup for deprecated ti,otap-del-sel Viresh Kumar (1): cpufreq: exit() callback is optional Vitalii Bursov (1): sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level Vitaly Chikunov (1): crypto: ecrdsa - Fix module auto-load on add_key Wei Fang (1): net: fec: avoid lock evasion when reading pps_enable Wenpeng Liang (1): RDMA/hns: Fix incorrect symbol types Wolfram Sang (1): serial: sh-sci: protect invalidating RXDMA on shutdown Xi Wang (1): RDMA/hns: Refactor the hns_roce_buf allocation flow Xiaolei Wang (1): net:fec: Add fec_enet_deinit() Xingui Yang (1): scsi: libsas: Fix the failure of adding phy with zero-address to port Yang Xiwen (1): arm64: dts: hi3798cv200: fix the size of GICR Yangyang Li (2): RDMA/hns: Create QP with selected QPN for bank load balance RDMA/hns: Use mutex instead of spinlock for ida allocation Yu Kuai (2): md: fix resync softlockup when bitmap size is less than array size md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING Yue Haibing (1): ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound Yuri Karpov (1): scsi: hpsa: Fix allocation size for Scsi_Host private data Zenghui Yu (2): irqchip/alpine-msi: Fix off-by-one in allocation error path irqchip/loongson-pch-msi: Fix off-by-one on allocation error path Zhengchao Shao (1): RDMA/hns: Fix return value in hns_roce_map_mr_sg Zheyu Ma (1): media: lgdt3306a: Add a check against null-pointer-def Zhipeng Lu (1): media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries Zhu Yanjun (2): null_blk: Fix missing mutex_destroy() at module removal null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() Ziqi Chen (1): scsi: ufs-qcom: Fix ufs RST_n spec violation Ziyang Xuan (1): netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() gaoxingwang (1): net: ipv6: fix wrong start position when receive hop-by-hop fragment xu xin (1): net/ipv6: Fix route deleting failure when metric equals 0

1 year, 3 months

1
1
0 0

Linux 5.4.278

by Greg Kroah-Hartman

I'm announcing the release of the 5.4.278 kernel. All users of the 5.4 kernel series must upgrade. The updated 5.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.4.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/sound/rt5645.txt | 6 Makefile | 2 arch/arm64/boot/dts/hisilicon/hi3798cv200.dtsi | 2 arch/arm64/boot/dts/nvidia/tegra132-norrin.dts | 4 arch/arm64/boot/dts/nvidia/tegra132.dtsi | 2 arch/arm64/include/asm/asm-bug.h | 1 arch/arm64/kvm/guest.c | 1 arch/m68k/kernel/entry.S | 4 arch/m68k/mac/misc.c | 36 +-- arch/microblaze/kernel/Makefile | 1 arch/microblaze/kernel/cpu/cpuinfo-static.c | 2 arch/parisc/kernel/parisc_ksyms.c | 1 arch/powerpc/include/asm/hvcall.h | 2 arch/powerpc/platforms/pseries/lpar.c | 6 arch/powerpc/platforms/pseries/lparcfg.c | 6 arch/powerpc/sysdev/fsl_msi.c | 2 arch/sh/kernel/kprobes.c | 7 arch/sh/lib/checksum.S | 67 +------ arch/sparc/include/asm/smp_64.h | 2 arch/sparc/include/uapi/asm/termbits.h | 10 - arch/sparc/include/uapi/asm/termios.h | 9 arch/sparc/kernel/prom_64.c | 4 arch/sparc/kernel/setup_64.c | 1 arch/sparc/kernel/smp_64.c | 14 - arch/um/drivers/line.c | 14 - arch/um/drivers/ubd_kern.c | 4 arch/um/include/asm/mmu.h | 2 arch/um/include/shared/skas/mm_id.h | 2 arch/x86/Kconfig.debug | 5 arch/x86/entry/vsyscall/vsyscall_64.c | 28 --- arch/x86/include/asm/processor.h | 1 arch/x86/kernel/apic/vector.c | 9 arch/x86/kernel/tsc_sync.c | 6 arch/x86/lib/x86-opcode-map.txt | 2 arch/x86/mm/fault.c | 27 -- arch/x86/purgatory/Makefile | 3 arch/x86/tools/relocs.c | 9 crypto/ecrdsa.c | 1 drivers/acpi/acpica/Makefile | 1 drivers/acpi/resource.c | 12 + drivers/android/binder.c | 4 drivers/ata/pata_legacy.c | 8 drivers/block/null_blk_main.c | 3 drivers/char/ppdev.c | 21 +- drivers/cpufreq/cpufreq.c | 83 +++++--- drivers/crypto/bcm/spu2.c | 2 drivers/crypto/ccp/sp-platform.c | 14 - drivers/crypto/qat/qat_common/adf_aer.c | 19 -- drivers/dma-buf/sync_debug.c | 4 drivers/dma/idma64.c | 4 drivers/extcon/Kconfig | 3 drivers/firmware/dmi-id.c | 7 drivers/firmware/raspberrypi.c | 7 drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 3 drivers/gpu/drm/amd/amdkfd/kfd_process.c | 8 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 1 drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c | 5 drivers/gpu/drm/arm/malidp_mw.c | 5 drivers/gpu/drm/mediatek/mtk_drm_gem.c | 3 drivers/gpu/drm/msm/disp/dpu1/dpu_encoder_phys_cmd.c | 3 drivers/gpu/drm/panel/panel-simple.c | 3 drivers/hid/intel-ish-hid/ipc/pci-ish.c | 5 drivers/hwtracing/intel_th/pci.c | 5 drivers/hwtracing/stm/core.c | 11 - drivers/iio/pressure/dps310.c | 11 - drivers/infiniband/hw/hns/hns_roce_hem.h | 12 - drivers/infiniband/ulp/ipoib/ipoib_vlan.c | 8 drivers/input/misc/ims-pcu.c | 4 drivers/input/misc/pm8xxx-vibrator.c | 7 drivers/irqchip/irq-alpine-msi.c | 2 drivers/macintosh/via-macii.c | 11 - drivers/md/md-bitmap.c | 6 drivers/md/raid5.c | 15 - drivers/media/cec/cec-adap.c | 3 drivers/media/cec/cec-api.c | 3 drivers/media/dvb-frontends/lgdt3306a.c | 5 drivers/media/dvb-frontends/mxl5xx.c | 22 +- drivers/media/mc/mc-devnode.c | 5 drivers/media/pci/ngene/ngene-core.c | 4 drivers/media/radio/radio-shark2.c | 2 drivers/media/usb/stk1160/stk1160-video.c | 20 +- drivers/media/v4l2-core/v4l2-dev.c | 3 drivers/mmc/core/host.c | 3 drivers/mtd/nand/raw/nand_hynix.c | 2 drivers/net/ethernet/cisco/enic/enic_main.c | 12 + drivers/net/ethernet/cortina/gemini.c | 12 + drivers/net/ethernet/freescale/fec_main.c | 10 + drivers/net/ethernet/freescale/fec_ptp.c | 14 - drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 2 drivers/net/ethernet/qlogic/qed/qed_main.c | 9 drivers/net/ethernet/smsc/smc91x.h | 4 drivers/net/ipvlan/ipvlan_core.c | 4 drivers/net/usb/aqc111.c | 8 drivers/net/usb/qmi_wwan.c | 3 drivers/net/usb/smsc95xx.c | 122 ++++++------- drivers/net/usb/sr9700.c | 10 - drivers/net/vxlan.c | 4 drivers/net/wireless/ath/ar5523/ar5523.c | 14 + drivers/net/wireless/ath/ath10k/core.c | 3 drivers/net/wireless/ath/ath10k/debugfs_sta.c | 2 drivers/net/wireless/ath/ath10k/hw.h | 1 drivers/net/wireless/ath/ath10k/targaddrs.h | 3 drivers/net/wireless/ath/ath10k/wmi.c | 26 ++ drivers/net/wireless/ath/carl9170/usb.c | 32 +++ drivers/net/wireless/marvell/mwl8k.c | 2 drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 26 +- drivers/nvme/host/multipath.c | 3 drivers/nvme/target/configfs.c | 8 drivers/platform/x86/xiaomi-wmi.c | 4 drivers/s390/cio/trace.h | 2 drivers/s390/crypto/ap_bus.c | 2 drivers/scsi/bfa/bfad_debugfs.c | 4 drivers/scsi/hpsa.c | 2 drivers/scsi/libsas/sas_expander.c | 3 drivers/scsi/qedf/qedf_debugfs.c | 2 drivers/scsi/qla2xxx/qla_init.c | 8 drivers/scsi/qla2xxx/qla_mr.c | 20 +- drivers/scsi/ufs/cdns-pltfrm.c | 2 drivers/scsi/ufs/ufs-qcom.h | 12 - drivers/scsi/ufs/ufshcd.c | 4 drivers/soundwire/cadence_master.c | 158 +++-------------- drivers/soundwire/cadence_master.h | 34 --- drivers/soundwire/intel.c | 132 ++------------ drivers/spi/spi-stm32.c | 2 drivers/spi/spi.c | 4 drivers/staging/greybus/arche-apb-ctrl.c | 1 drivers/staging/greybus/arche-platform.c | 9 drivers/staging/greybus/light.c | 8 drivers/staging/speakup/main.c | 2 drivers/tty/n_gsm.c | 8 drivers/tty/serial/max3100.c | 22 ++ drivers/tty/serial/sh-sci.c | 5 drivers/usb/gadget/function/u_audio.c | 2 drivers/video/fbdev/Kconfig | 4 drivers/video/fbdev/savage/savagefb_driver.c | 5 drivers/video/fbdev/sh_mobile_lcdcfb.c | 2 drivers/video/fbdev/sis/init301.c | 3 drivers/virtio/virtio_pci_common.c | 4 fs/afs/mntpt.c | 5 fs/ecryptfs/keystore.c | 4 fs/ext4/namei.c | 2 fs/ext4/xattr.c | 4 fs/f2fs/inode.c | 6 fs/f2fs/node.c | 2 fs/io_uring.c | 2 fs/jffs2/xattr.c | 3 fs/nfs/internal.h | 4 fs/nilfs2/ioctl.c | 2 fs/nilfs2/segment.c | 63 +++++- fs/openpromfs/inode.c | 8 include/linux/moduleparam.h | 2 include/net/dst_ops.h | 2 include/net/sock.h | 13 - include/trace/events/asoc.h | 2 kernel/cgroup/cpuset.c | 2 kernel/debug/kdb/kdb_io.c | 99 ++++++---- kernel/irq/cpuhotplug.c | 16 - kernel/params.c | 18 + kernel/sched/topology.c | 9 kernel/trace/ring_buffer.c | 9 net/9p/client.c | 2 net/ipv4/netfilter/nf_tproxy_ipv4.c | 2 net/ipv4/route.c | 22 -- net/ipv4/tcp_dctcp.c | 13 + net/ipv4/tcp_ipv4.c | 14 + net/ipv6/route.c | 34 ++- net/ipv6/seg6.c | 5 net/ipv6/seg6_hmac.c | 42 +++- net/netfilter/nfnetlink_queue.c | 2 net/netrom/nr_route.c | 19 -- net/nfc/nci/core.c | 17 + net/openvswitch/actions.c | 6 net/openvswitch/flow.c | 3 net/packet/af_packet.c | 3 net/sunrpc/auth_gss/svcauth_gss.c | 12 - net/sunrpc/clnt.c | 1 net/sunrpc/svc.c | 2 net/sunrpc/xprtsock.c | 18 - net/unix/af_unix.c | 2 net/wireless/trace.h | 4 net/xdp/xsk.c | 2 net/xfrm/xfrm_policy.c | 11 - scripts/kconfig/symbol.c | 6 sound/core/timer.c | 10 + sound/soc/codecs/da7219-aad.c | 6 sound/soc/codecs/rt5645.c | 25 ++ tools/arch/x86/lib/x86-opcode-map.txt | 2 tools/lib/subcmd/parse-options.c | 8 tools/testing/selftests/kcmp/kcmp_test.c | 8 189 files changed, 1094 insertions(+), 985 deletions(-) Aaron Conole (1): openvswitch: Set the skbuff pkt_type for proper pmtud support. Adrian Hunter (1): x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map Al Viro (1): parisc: add missing export of __cmpxchg_u8() Aleksandr Aprelkov (1): sunrpc: removed redundant procp check Aleksandr Burakov (1): media: ngene: Add dvb_ca_en50221_init return value check Aleksandr Mishin (1): crypto: bcm - Fix pointer arithmetic Alexander Shishkin (1): intel_th: pci: Add Meteor Lake-S CPU support Andre Edich (2): smsc95xx: remove redundant function arguments smsc95xx: use usbnet->driver_priv Andrew Halaney (4): scsi: ufs: qcom: Perform read back after writing reset bit scsi: ufs: cdns-pltfrm: Perform read back after writing HCLKDIV scsi: ufs: core: Perform read back after disabling interrupts scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL Andy Shevchenko (4): serial: max3100: Lock port->lock when calling uart_handle_cts_change() serial: max3100: Update uart_driver_registered on driver removal serial: max3100: Fix bitwise types spi: Don't mark message DMA mapped when no transfer in it is Ard Biesheuvel (1): x86/purgatory: Switch to the position-independent small code model Arnd Bergmann (10): nilfs2: fix out-of-range warning crypto: ccp - drop platform ifdef checks qed: avoid truncating work queue length ACPI: disable -Wstringop-truncation fbdev: shmobile: fix snprintf truncation powerpc/fsl-soc: hide unused const variable fbdev: sisfb: hide unused variables firmware: dmi-id: add a release callback function greybus: arche-ctrl: move device table to its right location Input: ims-pcu - fix printf string overflow Azeem Shaikh (1): scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() Baochen Qiang (1): wifi: ath10k: poll service ready message before failing Baokun Li (1): ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() Bard Liao (1): soundwire: cadence_master: improve PDI allocation Bitterblue Smith (1): wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU Bob Zhou (1): drm/amdgpu: add error handle to avoid out-of-bounds Breno Leitao (1): af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg Brian Kubisiak (1): ecryptfs: Fix buffer size for tag 66 packet Bui Quang Minh (2): scsi: bfa: Ensure the copied buf is NUL terminated scsi: qedf: Ensure the copied buf is NUL terminated Cai Xinchen (1): fbdev: savage: Handle err return when savagefb_check_var failed Carlos Llamas (1): binder: fix max_thread type inconsistency Carolina Jubran (1): net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion Chao Yu (2): f2fs: fix to release node block count in error path of f2fs_new_node_page() f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() Chen Ni (2): HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors dmaengine: idma64: Add check for dma_set_max_seg_size Chengchang Tang (1): RDMA/hns: Use complete parentheses in macros Chris Wulff (1): usb: gadget: u_audio: Clear uac pointer when freed. Christoffer Sandberg (1): ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx Christophe JAILLET (1): ppdev: Remove usage of the deprecated ida_simple_xx() API Chuck Lever (2): SUNRPC: Fix gss_free_in_token_pages() SUNRPC: Fix loop termination condition in gss_free_in_token_pages() Dan Aloni (1): sunrpc: fix NFSACL RPC retry on soft mount Dan Carpenter (4): speakup: Fix sizeof() vs ARRAY_SIZE() bug wifi: mwl8k: initialize cmd->addr[] properly stm class: Fix a double free in stm_register_device() media: stk1160: fix bounds checking in stk1160_copy_video() Daniel Borkmann (1): vxlan: Fix regression when dropping packets due to invalid src addresses Daniel J Blueman (1): x86/tsc: Trust initial offset in architectural TSC-adjust MSRs Daniel Starke (1): tty: n_gsm: fix possible out-of-bounds in gsm0_receive() Daniel Thompson (5): kdb: Fix buffer overflow during tab-complete kdb: Use format-strings rather than '\0' injection in kdb_read() kdb: Fix console handling when editing and tab-completing commands kdb: Merge identical case statements in kdb_read() kdb: Use format-specifiers rather than memset() for padding in kdb_read() Daniele Palmas (1): net: usb: qmi_wwan: add Telit FN920C04 compositions Derek Fang (2): ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating ASoC: dt-bindings: rt5645: add cbj sleeve gpio property Dmitry Baryshkov (1): wifi: ath10k: populate board data for WCN3990 Dongli Zhang (1): genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline Duoming Zhou (1): um: Fix return value in ubd_init() Edward Liaw (1): selftests/kcmp: remove unused open mode Eric Dumazet (10): tcp: minor optimization in tcp_add_backlog() tcp: avoid premature drops in tcp_add_backlog() usb: aqc111: stop lying about skb->truesize net: usb: sr9700: stop lying about skb->truesize net: usb: smsc95xx: stop lying about skb->truesize netrom: fix possible dead-lock in nr_rt_ioctl() af_packet: do not call packet_read_pending() from tpacket_destruct_skb() netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() net: fix __dst_negative_advice() race xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING Eric Sandeen (1): openpromfs: finish conversion to the new mount API Fenglin Wu (1): Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation Finn Thain (2): macintosh/via-macii: Fix "BUG: sleeping function called from invalid context" m68k: mac: Fix reboot hang on Mac IIci Florian Westphal (1): netfilter: tproxy: bail out if IP has been disabled on the device Gautam Menghani (1): selftests/kcmp: Make the test output consistent and clear Geert Uytterhoeven (1): sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe() Greg Kroah-Hartman (1): Linux 5.4.278 Guenter Roeck (1): Revert "sh: Handle calling csum_partial with misaligned data" Guixiong Wei (1): x86/boot: Ignore relocations in .notes sections in walk_relocs() too Hangbin Liu (4): ipv6: sr: add missing seg6_local_exit ipv6: sr: fix incorrect unregister order ipv6: sr: fix invalid unregister error path ipv6: sr: fix memleak in seg6_hmac_init_algo Hans Verkuil (4): media: cec: cec-adap: always cancel work in cec_transmit_msg_fh media: cec: cec-api: add locking in cec_release() media: mc: mark the media devnode as registered from the, start media: v4l2-core: hold videodev_lock until dev reg, finishes Harald Freudenberger (1): s390/ap: Fix crash in AP internal function modify_bitmap() Herbert Xu (1): crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak Huai-Yuan Liu (2): drm/arm/malidp: fix a possible null pointer dereference ppdev: Add an error check in register_device Ian Rogers (1): libsubcmd: Fix parse-options memory leak Igor Artemiev (1): wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class Ilya Denisyev (1): jffs2: prevent xattr node from overflowing the eraseblock Ilya Maximets (1): net: openvswitch: fix overwriting ct original tuple for ICMPv6 Jan Kara (1): ext4: avoid excessive credit estimate in ext4_tmpfile() Jiangfeng Xiao (1): arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY Jiri Pirko (1): virtio: delete vq in vp_find_vqs_msix() when request_irq() fails Jorge Ramirez-Ortiz (1): mmc: core: Do not force a retune before RPMB switch Joshua Ashton (1): drm/amd/display: Set color_mgmt_changed to true on unsuspend Justin Green (1): drm/mediatek: Add 0 size check to mtk_drm_gem_obj Krzysztof Kozlowski (1): arm64: tegra: Correct Tegra132 I2C alias Kuniyuki Iwashima (1): tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). Lancelot SIX (1): drm/amdkfd: Flush the process wq before creating a kfd_process Laurent Pinchart (1): firmware: raspberrypi: Use correct device for DMA mappings Leon Romanovsky (1): RDMA/IPoIB: Fix format truncation compilation errors Linus Torvalds (1): x86/mm: Remove broken vsyscall emulation code from the page fault code Linus Walleij (1): net: ethernet: cortina: Locking fixes Lu Wei (1): tcp: fix a signed-integer-overflow bug in tcp_add_backlog() Marc Dionne (1): afs: Don't cross .backup mountpoint from backup volume Marc Zyngier (1): KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode Marek Vasut (1): drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector Marijn Suijten (1): drm/msm/dpu: Always flush the slave INTF on the CTL Masahiro Yamada (2): x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when UNWINDER_FRAME_POINTER=y kconfig: fix comparison to constant symbols, 'm', 'n' Maxim Korotkov (1): mtd: rawnand: hynix: fixed typo Michael Schmitz (1): m68k: Fix spinlock race in kernel thread creation Michal Simek (2): microblaze: Remove gcc flag for non existing early_printk.c file microblaze: Remove early printk call from cpuinfo-static.c Mike Gilbert (1): sparc: move struct termio to asm/termios.h Ming Lei (1): io_uring: fail NOP if non-zero op flags is passed in Nathan Chancellor (1): media: mxl5xx: Move xpt structures off stack Nikita Zhandarovich (3): wifi: carl9170: add a proper sanity check for endpoints wifi: ar5523: enable proper endpoint verification net/9p: fix uninit-value in p9_client_rpc() Nilay Shroff (1): nvme: find numa distance only if controller has valid numa id Parthiban Veerasooran (1): net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM Peter Oberparleiter (1): s390/cio: fix tracepoint subchannel type field Petr Pavlu (1): ring-buffer: Fix a race between readers and resize checks Pierre-Louis Bossart (4): ASoC: da7219-aad: fix usage of device_get_named_child_node() soundwire: cadence/intel: simplify PDI/port mapping soundwire: intel: don't filter out PDI0/1 soundwire: cadence: fix invalid PDI offset Rafael J. Wysocki (3): cpufreq: Reorganize checks in cpufreq_offline() cpufreq: Split cpufreq_offline() cpufreq: Rearrange locking in cpufreq_remove_dev() Randy Dunlap (2): fbdev: sh7760fb: allow modular build extcon: max8997: select IRQ_DOMAIN instead of depending on it Ricardo Ribalda (1): media: radio-shark2: Avoid led_names truncations Roberto Sassu (1): um: Add winch to winch_handlers before registering winch IRQ Roded Zats (1): enic: Validate length of nl attributes in enic_set_vf_port Rui Miguel Silva (1): greybus: lights: check return of get_channel_from_mode Ryosuke Yasuoka (2): nfc: nci: Fix uninit-value in nci_rx_work nfc: nci: Fix handling of zero-length payload packets in nci_rx_work() Ryusuke Konishi (3): nilfs2: fix unexpected freezing of nilfs_segctor_sync() nilfs2: fix potential hang in nilfs_detach_log_writer() nilfs2: fix use-after-free of timer for log writer thread Sagi Grimberg (2): params: lift param_set_uint_minmax to common code nvmet: fix ns enable/disable possible hang Sam Ravnborg (1): sparc64: Fix number of online CPUs Sergey Shtylyov (2): ata: pata_legacy: make legacy_exit() work again nfs: fix undefined behavior in nfs_block_bits() Shrikanth Hegde (1): powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp Srinivasan Shanmugam (1): drm/amd/display: Fix potential index out of bounds in color transformation function Steven Rostedt (1): ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value Su Hui (1): wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() Takashi Iwai (1): ALSA: timer: Set lower bound of start tick time Tetsuo Handa (2): nfc: nci: Fix kcov check in nci_rx_work() dma-buf/sw-sync: don't enable IRQ from sync_print_obj() Thomas Haemmerle (1): iio: pressure: dps310: support negative temperature values Thorsten Blum (1): net: smc91x: Fix m68k kernel compilation for ColdFire CPU Tiwei Bie (1): um: Fix the -Wmissing-prototypes warning for __switch_mm Uwe Kleine-König (1): spi: stm32: Don't warn about spurious interrupts Valentin Schneider (1): sched/topology: Don't set SD_BALANCE_WAKE on cpuset domain relax Viresh Kumar (1): cpufreq: exit() callback is optional Vitalii Bursov (1): sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level Vitaly Chikunov (1): crypto: ecrdsa - Fix module auto-load on add_key Wei Fang (1): net: fec: avoid lock evasion when reading pps_enable Wolfram Sang (1): serial: sh-sci: protect invalidating RXDMA on shutdown Xiaolei Wang (1): net:fec: Add fec_enet_deinit() Xingui Yang (1): scsi: libsas: Fix the failure of adding phy with zero-address to port Yang Xiwen (1): arm64: dts: hi3798cv200: fix the size of GICR Yu Kuai (2): md: fix resync softlockup when bitmap size is less than array size md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING Yue Haibing (1): ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound YueHaibing (1): platform/x86: wmi: Make two functions static Yuri Karpov (1): scsi: hpsa: Fix allocation size for Scsi_Host private data Zenghui Yu (1): irqchip/alpine-msi: Fix off-by-one in allocation error path Zheyu Ma (1): media: lgdt3306a: Add a check against null-pointer-def Zhu Yanjun (2): null_blk: Fix missing mutex_destroy() at module removal null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() xu xin (1): net/ipv6: Fix route deleting failure when metric equals 0

1 year, 3 months

1
1
0 0

Linux 4.19.316

by Greg Kroah-Hartman

I'm announcing the release of the 4.19.316 kernel. All users of the 4.19 kernel series must upgrade. The updated 4.19.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.19.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/sound/rt5645.txt | 6 Makefile | 2 arch/arm64/boot/dts/hisilicon/hi3798cv200.dtsi | 2 arch/arm64/boot/dts/nvidia/tegra132-norrin.dts | 4 arch/arm64/boot/dts/nvidia/tegra132.dtsi | 2 arch/arm64/include/asm/asm-bug.h | 1 arch/arm64/kvm/guest.c | 1 arch/m68k/kernel/entry.S | 4 arch/m68k/mac/misc.c | 46 - arch/microblaze/kernel/Makefile | 1 arch/microblaze/kernel/cpu/cpuinfo-static.c | 2 arch/parisc/kernel/parisc_ksyms.c | 1 arch/powerpc/include/asm/hvcall.h | 2 arch/powerpc/platforms/pseries/lpar.c | 6 arch/powerpc/platforms/pseries/lparcfg.c | 6 arch/powerpc/sysdev/fsl_msi.c | 2 arch/sh/kernel/kprobes.c | 7 arch/sh/lib/checksum.S | 67 -- arch/sparc/include/asm/smp_64.h | 2 arch/sparc/include/uapi/asm/termbits.h | 10 arch/sparc/include/uapi/asm/termios.h | 9 arch/sparc/kernel/prom_64.c | 4 arch/sparc/kernel/setup_64.c | 1 arch/sparc/kernel/smp_64.c | 14 arch/um/drivers/line.c | 14 arch/um/drivers/ubd_kern.c | 4 arch/um/include/asm/mmu.h | 2 arch/um/include/shared/skas/mm_id.h | 2 arch/x86/Kconfig.debug | 5 arch/x86/kernel/apic/vector.c | 9 arch/x86/kernel/tsc_sync.c | 6 arch/x86/lib/x86-opcode-map.txt | 2 arch/x86/purgatory/Makefile | 3 arch/x86/tools/relocs.c | 9 drivers/acpi/acpica/Makefile | 1 drivers/android/binder.c | 4 drivers/ata/pata_legacy.c | 8 drivers/block/null_blk_main.c | 3 drivers/char/ppdev.c | 21 drivers/crypto/bcm/spu2.c | 2 drivers/crypto/ccp/sp-platform.c | 59 - drivers/crypto/qat/qat_common/adf_aer.c | 19 drivers/dma-buf/sync_debug.c | 4 drivers/dma/idma64.c | 4 drivers/extcon/Kconfig | 3 drivers/firmware/dmi-id.c | 7 drivers/firmware/raspberrypi.c | 7 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 1 drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c | 5 drivers/gpu/drm/arm/malidp_mw.c | 5 drivers/gpu/drm/mediatek/mtk_drm_gem.c | 3 drivers/gpu/drm/msm/disp/dpu1/dpu_encoder_phys_cmd.c | 12 drivers/gpu/drm/msm/disp/dpu1/dpu_encoder_phys_vid.c | 9 drivers/hwtracing/intel_th/pci.c | 5 drivers/hwtracing/stm/core.c | 11 drivers/infiniband/hw/hns/hns_roce_hem.h | 12 drivers/infiniband/ulp/ipoib/ipoib_vlan.c | 8 drivers/input/misc/ims-pcu.c | 4 drivers/input/misc/pm8xxx-vibrator.c | 7 drivers/irqchip/irq-alpine-msi.c | 2 drivers/macintosh/adb-iop.c | 48 - drivers/macintosh/via-macii.c | 328 ++++------ drivers/md/md-bitmap.c | 6 drivers/md/raid5.c | 15 drivers/media/cec/cec-adap.c | 3 drivers/media/cec/cec-api.c | 3 drivers/media/dvb-frontends/mxl5xx.c | 22 drivers/media/pci/ngene/ngene-core.c | 4 drivers/media/radio/radio-shark2.c | 2 drivers/media/usb/stk1160/stk1160-video.c | 20 drivers/media/v4l2-core/v4l2-dev.c | 3 drivers/mmc/core/host.c | 3 drivers/mtd/nand/raw/nand_hynix.c | 2 drivers/net/ethernet/cisco/enic/enic_main.c | 12 drivers/net/ethernet/cortina/gemini.c | 12 drivers/net/ethernet/freescale/fec_main.c | 10 drivers/net/ethernet/freescale/fec_ptp.c | 14 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 2 drivers/net/ethernet/qlogic/qed/qed_main.c | 9 drivers/net/ethernet/smsc/smc91x.h | 4 drivers/net/ipvlan/ipvlan_core.c | 4 drivers/net/usb/qmi_wwan.c | 3 drivers/net/usb/smsc95xx.c | 122 +-- drivers/net/usb/sr9700.c | 10 drivers/net/vxlan.c | 4 drivers/net/wireless/ath/ar5523/ar5523.c | 14 drivers/net/wireless/ath/ath10k/core.c | 3 drivers/net/wireless/ath/ath10k/debugfs_sta.c | 2 drivers/net/wireless/ath/ath10k/hw.h | 1 drivers/net/wireless/ath/ath10k/targaddrs.h | 3 drivers/net/wireless/ath/ath10k/wmi.c | 26 drivers/net/wireless/ath/carl9170/usb.c | 32 + drivers/net/wireless/marvell/mwl8k.c | 2 drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 26 drivers/nvme/target/configfs.c | 8 drivers/power/supply/cros_usbpd-charger.c | 11 drivers/s390/cio/trace.h | 2 drivers/s390/crypto/ap_bus.c | 2 drivers/scsi/bfa/bfad_debugfs.c | 4 drivers/scsi/hpsa.c | 2 drivers/scsi/libsas/sas_expander.c | 3 drivers/scsi/qedf/qedf_debugfs.c | 2 drivers/scsi/ufs/ufs-qcom.h | 12 drivers/scsi/ufs/ufs.h | 30 drivers/scsi/ufs/ufshcd.c | 185 ++--- drivers/scsi/ufs/ufshci.h | 25 drivers/spi/spi.c | 4 drivers/staging/greybus/arche-apb-ctrl.c | 1 drivers/staging/greybus/arche-platform.c | 9 drivers/staging/greybus/light.c | 8 drivers/staging/speakup/main.c | 2 drivers/tty/n_gsm.c | 8 drivers/tty/serial/max3100.c | 22 drivers/tty/serial/sh-sci.c | 24 drivers/usb/gadget/function/u_audio.c | 2 drivers/video/fbdev/Kconfig | 4 drivers/video/fbdev/savage/savagefb_driver.c | 5 drivers/video/fbdev/sh_mobile_lcdcfb.c | 2 drivers/video/fbdev/sis/init301.c | 3 drivers/virtio/virtio_pci_common.c | 4 fs/ecryptfs/keystore.c | 4 fs/ext4/namei.c | 2 fs/ext4/xattr.c | 4 fs/f2fs/node.c | 2 fs/f2fs/segment.c | 6 fs/f2fs/super.c | 4 fs/jffs2/xattr.c | 3 fs/nfs/internal.h | 4 fs/nfsd/nfs4state.c | 11 fs/nilfs2/ioctl.c | 2 fs/nilfs2/segment.c | 63 +- include/linux/moduleparam.h | 2 include/net/dst_ops.h | 2 include/net/neighbour.h | 2 include/net/netfilter/nf_tables.h | 132 +--- include/net/sock.h | 13 include/trace/events/asoc.h | 2 include/uapi/linux/netfilter/nf_tables.h | 1 kernel/cgroup/cpuset.c | 2 kernel/debug/kdb/kdb_io.c | 99 +-- kernel/irq/cpuhotplug.c | 16 kernel/params.c | 18 kernel/sched/topology.c | 9 kernel/trace/ring_buffer.c | 9 net/9p/client.c | 2 net/ipv4/route.c | 22 net/ipv4/tcp_dctcp.c | 13 net/ipv6/route.c | 29 net/ipv6/seg6.c | 5 net/ipv6/seg6_hmac.c | 42 - net/netfilter/nf_tables_api.c | 529 ++++++++++++++--- net/netfilter/nfnetlink_queue.c | 2 net/netfilter/nft_chain_filter.c | 3 net/netfilter/nft_compat.c | 32 + net/netfilter/nft_dynset.c | 24 net/netfilter/nft_exthdr.c | 14 net/netfilter/nft_flow_offload.c | 5 net/netfilter/nft_nat.c | 5 net/netfilter/nft_rt.c | 5 net/netfilter/nft_set_bitmap.c | 5 net/netfilter/nft_set_hash.c | 111 ++- net/netfilter/nft_set_rbtree.c | 387 ++++++++++-- net/netfilter/nft_socket.c | 5 net/netfilter/nft_tproxy.c | 5 net/netrom/nr_route.c | 19 net/nfc/nci/core.c | 17 net/openvswitch/actions.c | 6 net/openvswitch/flow.c | 3 net/packet/af_packet.c | 3 net/sunrpc/auth_gss/svcauth_gss.c | 12 net/sunrpc/xprtsock.c | 18 net/unix/af_unix.c | 2 net/wireless/trace.h | 4 net/xfrm/xfrm_policy.c | 11 scripts/kconfig/symbol.c | 6 sound/core/timer.c | 10 sound/soc/codecs/da7219-aad.c | 6 sound/soc/codecs/rt5645.c | 25 tools/lib/subcmd/parse-options.c | 8 tools/objtool/arch/x86/lib/x86-opcode-map.txt | 2 tools/testing/selftests/kcmp/kcmp_test.c | 8 181 files changed, 2155 insertions(+), 1304 deletions(-) Aaron Conole (1): openvswitch: Set the skbuff pkt_type for proper pmtud support. Adrian Hunter (1): x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map Al Viro (1): parisc: add missing export of __cmpxchg_u8() Aleksandr Burakov (1): media: ngene: Add dvb_ca_en50221_init return value check Aleksandr Mishin (1): crypto: bcm - Fix pointer arithmetic Alexander Shishkin (1): intel_th: pci: Add Meteor Lake-S CPU support Andre Edich (2): smsc95xx: remove redundant function arguments smsc95xx: use usbnet->driver_priv Andrew Halaney (3): scsi: ufs: qcom: Perform read back after writing reset bit scsi: ufs: core: Perform read back after disabling interrupts scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL Andy Shevchenko (4): serial: max3100: Lock port->lock when calling uart_handle_cts_change() serial: max3100: Update uart_driver_registered on driver removal serial: max3100: Fix bitwise types spi: Don't mark message DMA mapped when no transfer in it is Ard Biesheuvel (1): x86/purgatory: Switch to the position-independent small code model Arnd Bergmann (10): nilfs2: fix out-of-range warning crypto: ccp - drop platform ifdef checks qed: avoid truncating work queue length ACPI: disable -Wstringop-truncation fbdev: shmobile: fix snprintf truncation powerpc/fsl-soc: hide unused const variable fbdev: sisfb: hide unused variables firmware: dmi-id: add a release callback function greybus: arche-ctrl: move device table to its right location Input: ims-pcu - fix printf string overflow Baochen Qiang (1): wifi: ath10k: poll service ready message before failing Baokun Li (1): ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() Bitterblue Smith (1): wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU Breno Leitao (1): af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg Brian Kubisiak (1): ecryptfs: Fix buffer size for tag 66 packet Bui Quang Minh (2): scsi: bfa: Ensure the copied buf is NUL terminated scsi: qedf: Ensure the copied buf is NUL terminated Cai Xinchen (1): fbdev: savage: Handle err return when savagefb_check_var failed Carlos Llamas (1): binder: fix max_thread type inconsistency Carolina Jubran (1): net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion Chao Yu (1): f2fs: fix to release node block count in error path of f2fs_new_node_page() Chen Ni (1): dmaengine: idma64: Add check for dma_set_max_seg_size Chengchang Tang (1): RDMA/hns: Use complete parentheses in macros Chris Wulff (1): usb: gadget: u_audio: Clear uac pointer when freed. Christoph Hellwig (2): scsi: ufs: cleanup struct utp_task_req_desc scsi: ufs: add a low-level __ufshcd_issue_tm_cmd helper Christophe JAILLET (1): ppdev: Remove usage of the deprecated ida_simple_xx() API Chuck Lever (2): SUNRPC: Fix gss_free_in_token_pages() SUNRPC: Fix loop termination condition in gss_free_in_token_pages() Dan Carpenter (4): speakup: Fix sizeof() vs ARRAY_SIZE() bug wifi: mwl8k: initialize cmd->addr[] properly stm class: Fix a double free in stm_register_device() media: stk1160: fix bounds checking in stk1160_copy_video() Daniel Borkmann (1): vxlan: Fix regression when dropping packets due to invalid src addresses Daniel J Blueman (1): x86/tsc: Trust initial offset in architectural TSC-adjust MSRs Daniel Starke (1): tty: n_gsm: fix possible out-of-bounds in gsm0_receive() Daniel Thompson (5): kdb: Fix buffer overflow during tab-complete kdb: Use format-strings rather than '\0' injection in kdb_read() kdb: Fix console handling when editing and tab-completing commands kdb: Merge identical case statements in kdb_read() kdb: Use format-specifiers rather than memset() for padding in kdb_read() Daniele Palmas (1): net: usb: qmi_wwan: add Telit FN920C04 compositions Derek Fang (2): ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating ASoC: dt-bindings: rt5645: add cbj sleeve gpio property Dmitry Baryshkov (1): wifi: ath10k: populate board data for WCN3990 Dongli Zhang (1): genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline Duoming Zhou (1): um: Fix return value in ubd_init() Edward Liaw (1): selftests/kcmp: remove unused open mode Eric Dumazet (6): net: usb: sr9700: stop lying about skb->truesize net: usb: smsc95xx: stop lying about skb->truesize netrom: fix possible dead-lock in nr_rt_ioctl() af_packet: do not call packet_read_pending() from tpacket_destruct_skb() netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() net: fix __dst_negative_advice() race Fenglin Wu (1): Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation Finn Thain (5): macintosh/via-macii: Remove BUG_ON assertions macintosh/via-macii, macintosh/adb-iop: Clean up whitespace macintosh/via-macii: Fix "BUG: sleeping function called from invalid context" m68k/mac: Use '030 reset method on SE/30 m68k: mac: Fix reboot hang on Mac IIci Florian Westphal (4): netfilter: nf_tables: defer gc run if previous batch is still pending netfilter: nftables: exthdr: fix 4-byte stack OOB write netfilter: nf_tables: mark newset as dead on transaction abort netfilter: nf_tables: set dormant flag on hook register failure Gautam Menghani (1): selftests/kcmp: Make the test output consistent and clear Geert Uytterhoeven (2): sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe() serial: sh-sci: Extract sci_dma_rx_chan_invalidate() Greg Kroah-Hartman (1): Linux 4.19.316 Guenter Roeck (1): Revert "sh: Handle calling csum_partial with misaligned data" Guixiong Wei (1): x86/boot: Ignore relocations in .notes sections in walk_relocs() too Hangbin Liu (4): ipv6: sr: add missing seg6_local_exit ipv6: sr: fix incorrect unregister order ipv6: sr: fix invalid unregister error path ipv6: sr: fix memleak in seg6_hmac_init_algo Hans Verkuil (3): media: cec: cec-adap: always cancel work in cec_transmit_msg_fh media: cec: cec-api: add locking in cec_release() media: v4l2-core: hold videodev_lock until dev reg, finishes Harald Freudenberger (1): s390/ap: Fix crash in AP internal function modify_bitmap() Herbert Xu (1): crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak Huai-Yuan Liu (2): drm/arm/malidp: fix a possible null pointer dereference ppdev: Add an error check in register_device Ian Rogers (1): libsubcmd: Fix parse-options memory leak Ignat Korchagin (1): netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() Igor Artemiev (1): wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class Ilya Denisyev (1): jffs2: prevent xattr node from overflowing the eraseblock Ilya Maximets (1): net: openvswitch: fix overwriting ct original tuple for ICMPv6 Jan Kara (1): ext4: avoid excessive credit estimate in ext4_tmpfile() Jeykumar Sankaran (1): drm/msm/dpu: use kms stored hw mdp block Jiangfeng Xiao (1): arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY Jiri Pirko (1): virtio: delete vq in vp_find_vqs_msix() when request_irq() fails Jorge Ramirez-Ortiz (1): mmc: core: Do not force a retune before RPMB switch Joshua Ashton (1): drm/amd/display: Set color_mgmt_changed to true on unsuspend Justin Green (1): drm/mediatek: Add 0 size check to mtk_drm_gem_obj Krzysztof Kozlowski (1): arm64: tegra: Correct Tegra132 I2C alias Kuniyuki Iwashima (1): tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). Laurent Pinchart (1): firmware: raspberrypi: Use correct device for DMA mappings Leon Romanovsky (1): RDMA/IPoIB: Fix format truncation compilation errors Linus Walleij (1): net: ethernet: cortina: Locking fixes Marc Zyngier (1): KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode Masahiro Yamada (2): x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when UNWINDER_FRAME_POINTER=y kconfig: fix comparison to constant symbols, 'm', 'n' Maxim Korotkov (1): mtd: rawnand: hynix: fixed typo Michael Schmitz (1): m68k: Fix spinlock race in kernel thread creation Michal Simek (2): microblaze: Remove gcc flag for non existing early_printk.c file microblaze: Remove early printk call from cpuinfo-static.c Mike Gilbert (1): sparc: move struct termio to asm/termios.h Nathan Chancellor (2): crypto: ccp - Remove forward declaration media: mxl5xx: Move xpt structures off stack NeilBrown (1): nfsd: drop st_mutex before calling move_to_close_lru() Nikita Zhandarovich (3): wifi: carl9170: add a proper sanity check for endpoints wifi: ar5523: enable proper endpoint verification net/9p: fix uninit-value in p9_client_rpc() Pablo Neira Ayuso (34): netfilter: nf_tables: pass context to nft_set_destroy() netfilter: nftables: rename set element data activation/deactivation functions netfilter: nf_tables: drop map element references from preparation phase netfilter: nft_set_rbtree: allow loose matching of closing element in interval netfilter: nft_set_rbtree: Switch to node list walk for overlap detection netfilter: nft_set_rbtree: fix null deref on element insertion netfilter: nft_set_rbtree: fix overlap expiration walk netfilter: nf_tables: don't skip expired elements during walk netfilter: nf_tables: GC transaction API to avoid race with control plane netfilter: nf_tables: adapt set backend to use GC transaction API netfilter: nf_tables: remove busy mark and gc batch API netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path netfilter: nf_tables: GC transaction race with netns dismantle netfilter: nf_tables: GC transaction race with abort path netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration netfilter: nf_tables: fix memleak when more than 255 elements expired netfilter: nf_tables: unregister flowtable hooks on netns exit netfilter: nf_tables: double hook unregistration in netns path netfilter: nftables: update table flags from the commit phase netfilter: nf_tables: fix table flag updates netfilter: nf_tables: disable toggling dormant table state more than once netfilter: nf_tables: bogus EBUSY when deleting flowtable after flush (for 4.19) netfilter: nft_dynset: fix timeouts later than 23 days netfilter: nft_dynset: report EOPNOTSUPP on missing set feature netfilter: nft_dynset: relax superfluous check on set updates netfilter: nf_tables: skip dead set elements in netlink dump netfilter: nf_tables: validate NFPROTO_* family netfilter: nft_set_rbtree: skip end interval element from gc netfilter: nf_tables: do not compare internal table flags on updates netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout netfilter: nf_tables: reject new basechain after table flag update netfilter: nf_tables: discard table flag update with pending basechain deletion Parthiban Veerasooran (1): net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM Peter Oberparleiter (1): s390/cio: fix tracepoint subchannel type field Petr Pavlu (1): ring-buffer: Fix a race between readers and resize checks Phil Sutter (1): netfilter: nft_set_rbtree: Add missing expired checks Pierre-Louis Bossart (1): ASoC: da7219-aad: fix usage of device_get_named_child_node() Qingfang DENG (1): neighbour: fix unaligned access to pneigh_entry Randy Dunlap (2): fbdev: sh7760fb: allow modular build extcon: max8997: select IRQ_DOMAIN instead of depending on it Ricardo Ribalda (1): media: radio-shark2: Avoid led_names truncations Roberto Sassu (1): um: Add winch to winch_handlers before registering winch IRQ Roded Zats (1): enic: Validate length of nl attributes in enic_set_vf_port Rui Miguel Silva (1): greybus: lights: check return of get_channel_from_mode Ryosuke Yasuoka (2): nfc: nci: Fix uninit-value in nci_rx_work nfc: nci: Fix handling of zero-length payload packets in nci_rx_work() Ryusuke Konishi (3): nilfs2: fix unexpected freezing of nilfs_segctor_sync() nilfs2: fix potential hang in nilfs_detach_log_writer() nilfs2: fix use-after-free of timer for log writer thread Sagi Grimberg (2): params: lift param_set_uint_minmax to common code nvmet: fix ns enable/disable possible hang Sahitya Tummala (1): f2fs: add error prints for debugging mount failure Sam Ravnborg (1): sparc64: Fix number of online CPUs Sergey Shtylyov (2): ata: pata_legacy: make legacy_exit() work again nfs: fix undefined behavior in nfs_block_bits() Shrikanth Hegde (1): powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp Srinivasan Shanmugam (1): drm/amd/display: Fix potential index out of bounds in color transformation function Steven Rostedt (1): ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value Su Hui (1): wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() Takashi Iwai (1): ALSA: timer: Set lower bound of start tick time Tetsuo Handa (2): nfc: nci: Fix kcov check in nci_rx_work() dma-buf/sw-sync: don't enable IRQ from sync_print_obj() Thorsten Blum (1): net: smc91x: Fix m68k kernel compilation for ColdFire CPU Tiwei Bie (1): um: Fix the -Wmissing-prototypes warning for __switch_mm Tzung-Bi Shih (1): power: supply: cros_usbpd: provide ID table for avoiding fallback match Valentin Schneider (1): sched/topology: Don't set SD_BALANCE_WAKE on cpuset domain relax Vitalii Bursov (1): sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level Wei Fang (1): net: fec: avoid lock evasion when reading pps_enable Wolfram Sang (1): serial: sh-sci: protect invalidating RXDMA on shutdown Xiaolei Wang (1): net:fec: Add fec_enet_deinit() Xingui Yang (1): scsi: libsas: Fix the failure of adding phy with zero-address to port Yang Xiwen (1): arm64: dts: hi3798cv200: fix the size of GICR Yu Kuai (2): md: fix resync softlockup when bitmap size is less than array size md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING Yue Haibing (1): ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound Yuri Karpov (1): scsi: hpsa: Fix allocation size for Scsi_Host private data Zenghui Yu (1): irqchip/alpine-msi: Fix off-by-one in allocation error path Zhu Yanjun (2): null_blk: Fix missing mutex_destroy() at module removal null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION()

1 year, 3 months

1
1
0 0

[PATCH v2] devres: Fix devm_krealloc() allocating memory with wrong size

by Zijun Hu

Kernel API devm_krealloc() calls alloc_dr() with wrong argument @total_new_size, and it will cause more memory to be allocated than required, fixed by using @new_size as alloc_dr()'s argument. Fixes: f82485722e5d ("devres: provide devm_krealloc()") Cc: stable(a)vger.kernel.org Signed-off-by: Zijun Hu <quic_zijuhu(a)quicinc.com> --- V2: Add inline comments and stable tag Previous discussion link: https://lore.kernel.org/all/1718531655-29761-1-git-send-email-quic_zijuhu@q… drivers/base/devres.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/base/devres.c b/drivers/base/devres.c index 3df0025d12aa..0d4e5d1b9967 100644 --- a/drivers/base/devres.c +++ b/drivers/base/devres.c @@ -896,9 +896,12 @@ void *devm_krealloc(struct device *dev, void *ptr, size_t new_size, gfp_t gfp) /* * Otherwise: allocate new, larger chunk. We need to allocate before * taking the lock as most probably the caller uses GFP_KERNEL. + * alloc_dr() will call check_dr_size() to reserve extra memory such + * as struct devres_node automatically, so size @new_size user request + * is delivered to it directly as devm_kmalloc() does. */ new_dr = alloc_dr(devm_kmalloc_release, - total_new_size, gfp, dev_to_node(dev)); + new_size, gfp, dev_to_node(dev)); if (!new_dr) return NULL; -- 2.7.4

1 year, 3 months

1
0
0 0

[PATCH v2] ata: libata-scsi: Set the RMB bit only for removable media devices

by Niklas Cassel

From: Damien Le Moal <dlemoal(a)kernel.org> The SCSI Removable Media Bit (RMB) should only be set for removable media, where the device stays and the media changes, e.g. CD-ROM or floppy. The ATA removable media device bit is obsoleted since ATA-8 ACS (2006), but before that it was used to indicate that the device can have its media removed (while the device stays). Commit 8a3e33cf92c7 ("ata: ahci: find eSATA ports and flag them as removable") introduced a change to set the RMB bit if the port has either the eSATA bit or the hot-plug capable bit set. The reasoning was that the author wanted his eSATA ports to get treated like a USB stick. This is however wrong. See "20-082r23SPC-6: Removable Medium Bit Expectations" which has since been integrated to SPC, which states that: """ Reports have been received that some USB Memory Stick device servers set the removable medium (RMB) bit to one. The rub comes when the medium is actually removed, because... The device server is removed concurrently with the medium removal. If there is no device server, then there is no device server that is waiting to have removable medium inserted. Sufficient numbers of SCSI analysts see such a device: - not as a device that supports removable medium; but - as a removable, hot pluggable device. """ The definition of the RMB bit in the SPC specification has since been clarified to match this. Thus, a USB stick should not have the RMB bit set (and neither shall an eSATA nor a hot-plug capable port). Commit dc8b4afc4a04 ("ata: ahci: don't mark HotPlugCapable Ports as external/removable") then changed so that the RMB bit is only set for the eSATA bit (and not for the hot-plug capable bit), because of a lot of bug reports of SATA devices were being automounted by udisks. However, treating eSATA and hot-plug capable ports differently is not correct. From the AHCI 1.3.1 spec: Hot Plug Capable Port (HPCP): When set to '1', indicates that this port's signal and power connectors are externally accessible via a joint signal and power connector for blindmate device hot plug. So a hot-plug capable port is an external port, just like commit 45b96d65ec68 ("ata: ahci: a hotplug capable port is an external port") claims. In order to not violate the SPC specification, modify the SCSI INQUIRY data to only set the RMB bit if the ATA device can have its media removed. This fixes a reported problem where GNOME/udisks was automounting devices connected to hot-plug capable ports. Fixes: 45b96d65ec68 ("ata: ahci: a hotplug capable port is an external port") Cc: stable(a)vger.kernel.org Reviewed-by: Mario Limonciello <mario.limonciello(a)amd.com> Reviewed-by: Thomas Weißschuh <linux(a)weissschuh.net> Tested-by: Thomas Weißschuh <linux(a)weissschuh.net> Reported-by: Thomas Weißschuh <linux(a)weissschuh.net> Closes: https://lore.kernel.org/linux-ide/c0de8262-dc4b-4c22-9fac-33432e5bddd3@t-8c… Signed-off-by: Damien Le Moal <dlemoal(a)kernel.org> [cassel: wrote commit message] Signed-off-by: Niklas Cassel <cassel(a)kernel.org> --- Changes since v1: -Added Cc: stable. -Updated comment and commit message to correctly state that the ATA removable media device bit is obsoleted since ATA-8 ACS. drivers/ata/libata-scsi.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c index cdf29b178ddc..bb4d30d377ae 100644 --- a/drivers/ata/libata-scsi.c +++ b/drivers/ata/libata-scsi.c @@ -1831,11 +1831,11 @@ static unsigned int ata_scsiop_inq_std(struct ata_scsi_args *args, u8 *rbuf) 2 }; - /* set scsi removable (RMB) bit per ata bit, or if the - * AHCI port says it's external (Hotplug-capable, eSATA). + /* + * Set the SCSI Removable Media Bit (RMB) if the ATA removable media + * device bit (obsolete since ATA-8 ACS) is set. */ - if (ata_id_removable(args->id) || - (args->dev->link->ap->pflags & ATA_PFLAG_EXTERNAL)) + if (ata_id_removable(args->id)) hdr[1] |= (1 << 7); if (args->dev->class == ATA_DEV_ZAC) { -- 2.45.2

1 year, 3 months

1
1
0 0

[PATCH v2] crypto: ccp - Fix null pointer dereference in __sev_snp_shutdown_locked

by Kim Phillips

Fix a null pointer dereference induced by DEBUG_TEST_DRIVER_REMOVE. Return from __sev_snp_shutdown_locked() if the psp_device or the sev_device structs are not initialized. Without the fix, the driver will produce the following splat: ccp 0000:55:00.5: enabling device (0000 -> 0002) ccp 0000:55:00.5: sev enabled ccp 0000:55:00.5: psp enabled BUG: kernel NULL pointer dereference, address: 00000000000000f0 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC NOPTI CPU: 262 PID: 1 Comm: swapper/0 Not tainted 6.9.0-rc1+ #29 RIP: 0010:__sev_snp_shutdown_locked+0x2e/0x150 Code: 00 55 48 89 e5 41 57 41 56 41 54 53 48 83 ec 10 41 89 f7 49 89 fe 65 48 8b 04 25 28 00 00 00 48 89 45 d8 48 8b 05 6a 5a 7f 06 <4c> 8b a0 f0 00 00 00 41 0f b6 9c 24 a2 00 00 00 48 83 fb 02 0f 83 RSP: 0018:ffffb2ea4014b7b8 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff9e4acd2e0a28 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffb2ea4014b808 RBP: ffffb2ea4014b7e8 R08: 0000000000000106 R09: 000000000003d9c0 R10: 0000000000000001 R11: ffffffffa39ff070 R12: ffff9e49d40590c8 R13: 0000000000000000 R14: ffffb2ea4014b808 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff9e58b1e00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000f0 CR3: 0000000418a3e001 CR4: 0000000000770ef0 PKRU: 55555554 Call Trace: <TASK> ? __die_body+0x6f/0xb0 ? __die+0xcc/0xf0 ? page_fault_oops+0x330/0x3a0 ? save_trace+0x2a5/0x360 ? do_user_addr_fault+0x583/0x630 ? exc_page_fault+0x81/0x120 ? asm_exc_page_fault+0x2b/0x30 ? __sev_snp_shutdown_locked+0x2e/0x150 __sev_firmware_shutdown+0x349/0x5b0 ? pm_runtime_barrier+0x66/0xe0 sev_dev_destroy+0x34/0xb0 psp_dev_destroy+0x27/0x60 sp_destroy+0x39/0x90 sp_pci_remove+0x22/0x60 pci_device_remove+0x4e/0x110 really_probe+0x271/0x4e0 __driver_probe_device+0x8f/0x160 driver_probe_device+0x24/0x120 __driver_attach+0xc7/0x280 ? driver_attach+0x30/0x30 bus_for_each_dev+0x10d/0x130 driver_attach+0x22/0x30 bus_add_driver+0x171/0x2b0 ? unaccepted_memory_init_kdump+0x20/0x20 driver_register+0x67/0x100 __pci_register_driver+0x83/0x90 sp_pci_init+0x22/0x30 sp_mod_init+0x13/0x30 do_one_initcall+0xb8/0x290 ? sched_clock_noinstr+0xd/0x10 ? local_clock_noinstr+0x3e/0x100 ? stack_depot_save_flags+0x21e/0x6a0 ? local_clock+0x1c/0x60 ? stack_depot_save_flags+0x21e/0x6a0 ? sched_clock_noinstr+0xd/0x10 ? local_clock_noinstr+0x3e/0x100 ? __lock_acquire+0xd90/0xe30 ? sched_clock_noinstr+0xd/0x10 ? local_clock_noinstr+0x3e/0x100 ? __create_object+0x66/0x100 ? local_clock+0x1c/0x60 ? __create_object+0x66/0x100 ? parameq+0x1b/0x90 ? parse_one+0x6d/0x1d0 ? parse_args+0xd7/0x1f0 ? do_initcall_level+0x180/0x180 do_initcall_level+0xb0/0x180 do_initcalls+0x60/0xa0 ? kernel_init+0x1f/0x1d0 do_basic_setup+0x41/0x50 kernel_init_freeable+0x1ac/0x230 ? rest_init+0x1f0/0x1f0 kernel_init+0x1f/0x1d0 ? rest_init+0x1f0/0x1f0 ret_from_fork+0x3d/0x50 ? rest_init+0x1f0/0x1f0 ret_from_fork_asm+0x11/0x20 </TASK> Modules linked in: CR2: 00000000000000f0 ---[ end trace 0000000000000000 ]--- RIP: 0010:__sev_snp_shutdown_locked+0x2e/0x150 Code: 00 55 48 89 e5 41 57 41 56 41 54 53 48 83 ec 10 41 89 f7 49 89 fe 65 48 8b 04 25 28 00 00 00 48 89 45 d8 48 8b 05 6a 5a 7f 06 <4c> 8b a0 f0 00 00 00 41 0f b6 9c 24 a2 00 00 00 48 83 fb 02 0f 83 RSP: 0018:ffffb2ea4014b7b8 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff9e4acd2e0a28 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffb2ea4014b808 RBP: ffffb2ea4014b7e8 R08: 0000000000000106 R09: 000000000003d9c0 R10: 0000000000000001 R11: ffffffffa39ff070 R12: ffff9e49d40590c8 R13: 0000000000000000 R14: ffffb2ea4014b808 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff9e58b1e00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000f0 CR3: 0000000418a3e001 CR4: 0000000000770ef0 PKRU: 55555554 Kernel panic - not syncing: Fatal exception Kernel Offset: 0x1fc00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) Fixes: 1ca5614b84ee ("crypto: ccp: Add support to initialize the AMD-SP for SEV-SNP") Cc: stable(a)vger.kernel.org Signed-off-by: Kim Phillips <kim.phillips(a)amd.com> Reviewed-by: Liam Merwick <liam.merwick(a)oracle.com> Reviewed-by: Mario Limonciello <mario.limonciello(a)amd.com> Reviewed-by: John Allen <john.allen(a)amd.com> --- v2: - Correct the Fixes tag (Tom L.) - Remove log timestamps, elaborate commit text (John Allen) - Add Reviews-by. v1: - https://lore.kernel.org/linux-crypto/20240603151212.18342-1-kim.phillips@am… drivers/crypto/ccp/sev-dev.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 2102377f727b..1912bee22dd4 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -1642,10 +1642,16 @@ static int sev_update_firmware(struct device *dev) static int __sev_snp_shutdown_locked(int *error, bool panic) { - struct sev_device *sev = psp_master->sev_data; + struct psp_device *psp = psp_master; + struct sev_device *sev; struct sev_data_snp_shutdown_ex data; int ret; + if (!psp || !psp->sev_data) + return 0; + + sev = psp->sev_data; + if (!sev->snp_initialized) return 0; -- 2.34.1

1 year, 3 months

3
2
0 0

[PATCH] xhci: Don't issue Reset Device command to Etron xHCI host

by Kuangyi Chiang

Sometimes hub driver does not recognize USB device that is connected to external USB2.0 Hub when system resumes from S4. This happens when xHCI driver issue Reset Device command to inform Etron xHCI host that USB device has been reset. Seems that Etron xHCI host can not perform this command correctly, affecting that USB device. Instead, to aviod this, xHCI driver should reassign device slot ID by calling xhci_free_dev() and then xhci_alloc_dev(), the effect is the same. Add XHCI_ETRON_HOST quirk flag to invoke workaround in xhci_discover_or_reset_device(). Cc: <stable(a)vger.kernel.org> Signed-off-by: Kuangyi Chiang <ki.chiang65(a)gmail.com> --- drivers/usb/host/xhci-pci.c | 2 ++ drivers/usb/host/xhci.c | 11 ++++++++++- drivers/usb/host/xhci.h | 2 ++ 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c index 05881153883e..c7a88340a6f8 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -395,11 +395,13 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) pdev->device == PCI_DEVICE_ID_EJ168) { xhci->quirks |= XHCI_RESET_ON_RESUME; xhci->quirks |= XHCI_BROKEN_STREAMS; + xhci->quirks |= XHCI_ETRON_HOST; } if (pdev->vendor == PCI_VENDOR_ID_ETRON && pdev->device == PCI_DEVICE_ID_EJ188) { xhci->quirks |= XHCI_RESET_ON_RESUME; xhci->quirks |= XHCI_BROKEN_STREAMS; + xhci->quirks |= XHCI_ETRON_HOST; } if (pdev->vendor == PCI_VENDOR_ID_RENESAS && diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index 37eb37b0affa..aba4164b0873 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -3752,6 +3752,15 @@ static int xhci_discover_or_reset_device(struct usb_hcd *hcd, SLOT_STATE_DISABLED) return 0; + if (xhci->quirks & XHCI_ETRON_HOST) { + xhci_free_dev(hcd, udev); + ret = xhci_alloc_dev(hcd, udev); + if (ret == 1) + return 0; + else + return -EINVAL; + } + trace_xhci_discover_or_reset_device(slot_ctx); xhci_dbg(xhci, "Resetting device with slot ID %u\n", slot_id); @@ -3862,7 +3871,7 @@ static int xhci_discover_or_reset_device(struct usb_hcd *hcd, * disconnected, and all traffic has been stopped and the endpoints have been * disabled. Free any HC data structures associated with that device. */ -static void xhci_free_dev(struct usb_hcd *hcd, struct usb_device *udev) +void xhci_free_dev(struct usb_hcd *hcd, struct usb_device *udev) { struct xhci_hcd *xhci = hcd_to_xhci(hcd); struct xhci_virt_device *virt_dev; diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h index 30415158ed3c..f46b4dcb0613 100644 --- a/drivers/usb/host/xhci.h +++ b/drivers/usb/host/xhci.h @@ -1627,6 +1627,7 @@ struct xhci_hcd { #define XHCI_RESET_TO_DEFAULT BIT_ULL(44) #define XHCI_ZHAOXIN_TRB_FETCH BIT_ULL(45) #define XHCI_ZHAOXIN_HOST BIT_ULL(46) +#define XHCI_ETRON_HOST BIT_ULL(47) unsigned int num_active_eps; unsigned int limit_active_eps; @@ -1863,6 +1864,7 @@ int xhci_resume(struct xhci_hcd *xhci, pm_message_t msg); irqreturn_t xhci_irq(struct usb_hcd *hcd); irqreturn_t xhci_msi_irq(int irq, void *hcd); int xhci_alloc_dev(struct usb_hcd *hcd, struct usb_device *udev); +void xhci_free_dev(struct usb_hcd *hcd, struct usb_device *udev); int xhci_alloc_tt_info(struct xhci_hcd *xhci, struct xhci_virt_device *virt_dev, struct usb_device *hdev, -- 2.25.1

1 year, 3 months

3
3
0 0

[merged mm-hotfixes-stable] kcov-dont-lose-track-of-remote-references-during-softirqs.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: kcov: don't lose track of remote references during softirqs has been removed from the -mm tree. Its filename was kcov-dont-lose-track-of-remote-references-during-softirqs.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Aleksandr Nogikh <nogikh(a)google.com> Subject: kcov: don't lose track of remote references during softirqs Date: Tue, 11 Jun 2024 15:32:29 +0200 In kcov_remote_start()/kcov_remote_stop(), we swap the previous KCOV metadata of the current task into a per-CPU variable. However, the kcov_mode_enabled(mode) check is not sufficient in the case of remote KCOV coverage: current->kcov_mode always remains KCOV_MODE_DISABLED for remote KCOV objects. If the original task that has invoked the KCOV_REMOTE_ENABLE ioctl happens to get interrupted and kcov_remote_start() is called, it ultimately leads to kcov_remote_stop() NOT restoring the original KCOV reference. So when the task exits, all registered remote KCOV handles remain active forever. The most uncomfortable effect (at least for syzkaller) is that the bug prevents the reuse of the same /sys/kernel/debug/kcov descriptor. If we obtain it in the parent process and then e.g. drop some capabilities and continuously fork to execute individual programs, at some point current->kcov of the forked process is lost, kcov_task_exit() takes no action, and all KCOV_REMOTE_ENABLE ioctls calls from subsequent forks fail. And, yes, the efficiency is also affected if we keep on losing remote kcov objects. a) kcov_remote_map keeps on growing forever. b) (If I'm not mistaken), we're also not freeing the memory referenced by kcov->area. Fix it by introducing a special kcov_mode that is assigned to the task that owns a KCOV remote object. It makes kcov_mode_enabled() return true and yet does not trigger coverage collection in __sanitizer_cov_trace_pc() and write_comp_data(). [nogikh(a)google.com: replace WRITE_ONCE() with an ordinary assignment] Link: https://lkml.kernel.org/r/20240614171221.2837584-1-nogikh@google.com Link: https://lkml.kernel.org/r/20240611133229.527822-1-nogikh@google.com Fixes: 5ff3b30ab57d ("kcov: collect coverage from interrupts") Signed-off-by: Aleksandr Nogikh <nogikh(a)google.com> Reviewed-by: Dmitry Vyukov <dvyukov(a)google.com> Reviewed-by: Andrey Konovalov <andreyknvl(a)gmail.com> Tested-by: Andrey Konovalov <andreyknvl(a)gmail.com> Cc: Alexander Potapenko <glider(a)google.com> Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: Marco Elver <elver(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/kcov.h | 2 ++ kernel/kcov.c | 1 + 2 files changed, 3 insertions(+) --- a/include/linux/kcov.h~kcov-dont-lose-track-of-remote-references-during-softirqs +++ a/include/linux/kcov.h @@ -21,6 +21,8 @@ enum kcov_mode { KCOV_MODE_TRACE_PC = 2, /* Collecting comparison operands mode. */ KCOV_MODE_TRACE_CMP = 3, + /* The process owns a KCOV remote reference. */ + KCOV_MODE_REMOTE = 4, }; #define KCOV_IN_CTXSW (1 << 30) --- a/kernel/kcov.c~kcov-dont-lose-track-of-remote-references-during-softirqs +++ a/kernel/kcov.c @@ -632,6 +632,7 @@ static int kcov_ioctl_locked(struct kcov return -EINVAL; kcov->mode = mode; t->kcov = kcov; + t->kcov_mode = KCOV_MODE_REMOTE; kcov->t = t; kcov->remote = true; kcov->remote_size = remote_arg->area_size; _ Patches currently in -mm which might be from nogikh(a)google.com are

1 year, 3 months

1
0
0 0

[merged mm-hotfixes-stable] mm-shmem-fix-getting-incorrect-lruvec-when-replacing-a-shmem-folio.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: shmem: fix getting incorrect lruvec when replacing a shmem folio has been removed from the -mm tree. Its filename was mm-shmem-fix-getting-incorrect-lruvec-when-replacing-a-shmem-folio.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Baolin Wang <baolin.wang(a)linux.alibaba.com> Subject: mm: shmem: fix getting incorrect lruvec when replacing a shmem folio Date: Thu, 13 Jun 2024 16:21:19 +0800 When testing shmem swapin, I encountered the warning below on my machine. The reason is that replacing an old shmem folio with a new one causes mem_cgroup_migrate() to clear the old folio's memcg data. As a result, the old folio cannot get the correct memcg's lruvec needed to remove itself from the LRU list when it is being freed. This could lead to possible serious problems, such as LRU list crashes due to holding the wrong LRU lock, and incorrect LRU statistics. To fix this issue, we can fallback to use the mem_cgroup_replace_folio() to replace the old shmem folio. [ 5241.100311] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5d9960 [ 5241.100317] head: order:4 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 5241.100319] flags: 0x17fffe0000040068(uptodate|lru|head|swapbacked|node=0|zone=2|lastcpupid=0x3ffff) [ 5241.100323] raw: 17fffe0000040068 fffffdffd6687948 fffffdffd69ae008 0000000000000000 [ 5241.100325] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 5241.100326] head: 17fffe0000040068 fffffdffd6687948 fffffdffd69ae008 0000000000000000 [ 5241.100327] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 5241.100328] head: 17fffe0000000204 fffffdffd6665801 ffffffffffffffff 0000000000000000 [ 5241.100329] head: 0000000a00000010 0000000000000000 00000000ffffffff 0000000000000000 [ 5241.100330] page dumped because: VM_WARN_ON_ONCE_FOLIO(!memcg && !mem_cgroup_disabled()) [ 5241.100338] ------------[ cut here ]------------ [ 5241.100339] WARNING: CPU: 19 PID: 78402 at include/linux/memcontrol.h:775 folio_lruvec_lock_irqsave+0x140/0x150 [...] [ 5241.100374] pc : folio_lruvec_lock_irqsave+0x140/0x150 [ 5241.100375] lr : folio_lruvec_lock_irqsave+0x138/0x150 [ 5241.100376] sp : ffff80008b38b930 [...] [ 5241.100398] Call trace: [ 5241.100399] folio_lruvec_lock_irqsave+0x140/0x150 [ 5241.100401] __page_cache_release+0x90/0x300 [ 5241.100404] __folio_put+0x50/0x108 [ 5241.100406] shmem_replace_folio+0x1b4/0x240 [ 5241.100409] shmem_swapin_folio+0x314/0x528 [ 5241.100411] shmem_get_folio_gfp+0x3b4/0x930 [ 5241.100412] shmem_fault+0x74/0x160 [ 5241.100414] __do_fault+0x40/0x218 [ 5241.100417] do_shared_fault+0x34/0x1b0 [ 5241.100419] do_fault+0x40/0x168 [ 5241.100420] handle_pte_fault+0x80/0x228 [ 5241.100422] __handle_mm_fault+0x1c4/0x440 [ 5241.100424] handle_mm_fault+0x60/0x1f0 [ 5241.100426] do_page_fault+0x120/0x488 [ 5241.100429] do_translation_fault+0x4c/0x68 [ 5241.100431] do_mem_abort+0x48/0xa0 [ 5241.100434] el0_da+0x38/0xc0 [ 5241.100436] el0t_64_sync_handler+0x68/0xc0 [ 5241.100437] el0t_64_sync+0x14c/0x150 [ 5241.100439] ---[ end trace 0000000000000000 ]--- [baolin.wang(a)linux.alibaba.com: remove less helpful comments, per Matthew] Link: https://lkml.kernel.org/r/ccad3fe1375b468ebca3227b6b729f3eaf9d8046.17184231… Link: https://lkml.kernel.org/r/3c11000dd6c1df83015a8321a859e9775ebbc23e.17182661… Fixes: 85ce2c517ade ("memcontrol: only transfer the memcg data for migration") Signed-off-by: Baolin Wang <baolin.wang(a)linux.alibaba.com> Reviewed-by: Shakeel Butt <shakeel.butt(a)linux.dev> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Hugh Dickins <hughd(a)google.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Nhat Pham <nphamcs(a)gmail.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Roman Gushchin <roman.gushchin(a)linux.dev> Cc: Muchun Song <songmuchun(a)bytedance.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memcontrol.c | 3 +-- mm/shmem.c | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) --- a/mm/memcontrol.c~mm-shmem-fix-getting-incorrect-lruvec-when-replacing-a-shmem-folio +++ a/mm/memcontrol.c @@ -7745,8 +7745,7 @@ void __mem_cgroup_uncharge_folios(struct * @new: Replacement folio. * * Charge @new as a replacement folio for @old. @old will - * be uncharged upon free. This is only used by the page cache - * (in replace_page_cache_folio()). + * be uncharged upon free. * * Both folios must be locked, @new->mapping must be set up. */ --- a/mm/shmem.c~mm-shmem-fix-getting-incorrect-lruvec-when-replacing-a-shmem-folio +++ a/mm/shmem.c @@ -1786,7 +1786,7 @@ static int shmem_replace_folio(struct fo xa_lock_irq(&swap_mapping->i_pages); error = shmem_replace_entry(swap_mapping, swap_index, old, new); if (!error) { - mem_cgroup_migrate(old, new); + mem_cgroup_replace_folio(old, new); __lruvec_stat_mod_folio(new, NR_FILE_PAGES, 1); __lruvec_stat_mod_folio(new, NR_SHMEM, 1); __lruvec_stat_mod_folio(old, NR_FILE_PAGES, -1); _ Patches currently in -mm which might be from baolin.wang(a)linux.alibaba.com are mm-memory-extend-finish_fault-to-support-large-folio.patch mm-memory-extend-finish_fault-to-support-large-folio-fix.patch mm-memory-extend-finish_fault-to-support-large-folio-fix-fix.patch mm-shmem-add-thp-validation-for-pmd-mapped-thp-related-statistics.patch mm-shmem-add-multi-size-thp-sysfs-interface-for-anonymous-shmem.patch mm-shmem-add-multi-size-thp-sysfs-interface-for-anonymous-shmem-fix.patch mm-shmem-add-mthp-support-for-anonymous-shmem.patch mm-shmem-add-mthp-size-alignment-in-shmem_get_unmapped_area.patch mm-shmem-add-mthp-counters-for-anonymous-shmem.patch mm-shmem-add-mthp-counters-for-anonymous-shmem-fix.patch mm-memcontrol-add-vm_bug_on_folio-to-catch-lru-folio-in-mem_cgroup_migrate.patch

1 year, 3 months

1
0
0 0

[merged mm-hotfixes-stable] mm-mmap-allow-for-the-maximum-number-of-bits-for-randomizing-mmap_base-by-default.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: mmap: allow for the maximum number of bits for randomizing mmap_base by default has been removed from the -mm tree. Its filename was mm-mmap-allow-for-the-maximum-number-of-bits-for-randomizing-mmap_base-by-default.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Rafael Aquini <aquini(a)redhat.com> Subject: mm: mmap: allow for the maximum number of bits for randomizing mmap_base by default Date: Thu, 6 Jun 2024 14:06:22 -0400 An ASLR regression was noticed [1] and tracked down to file-mapped areas being backed by THP in recent kernels. The 21-bit alignment constraint for such mappings reduces the entropy for randomizing the placement of 64-bit library mappings and breaks ASLR completely for 32-bit libraries. The reported issue is easily addressed by increasing vm.mmap_rnd_bits and vm.mmap_rnd_compat_bits. This patch just provides a simple way to set ARCH_MMAP_RND_BITS and ARCH_MMAP_RND_COMPAT_BITS to their maximum values allowed by the architecture at build time. [1] https://zolutal.github.io/aslrnt/ [akpm(a)linux-foundation.org: default to `y' if 32-bit, per Rafael] Link: https://lkml.kernel.org/r/20240606180622.102099-1-aquini@redhat.com Fixes: 1854bc6e2420 ("mm/readahead: Align file mappings for non-DAX") Signed-off-by: Rafael Aquini <aquini(a)redhat.com> Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: Heiko Carstens <hca(a)linux.ibm.com> Cc: Mike Rapoport (IBM) <rppt(a)kernel.org> Cc: Paul E. McKenney <paulmck(a)kernel.org> Cc: Petr Mladek <pmladek(a)suse.com> Cc: Samuel Holland <samuel.holland(a)sifive.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/Kconfig | 12 ++++++++++++ 1 file changed, 12 insertions(+) --- a/arch/Kconfig~mm-mmap-allow-for-the-maximum-number-of-bits-for-randomizing-mmap_base-by-default +++ a/arch/Kconfig @@ -1046,10 +1046,21 @@ config ARCH_MMAP_RND_BITS_MAX config ARCH_MMAP_RND_BITS_DEFAULT int +config FORCE_MAX_MMAP_RND_BITS + bool "Force maximum number of bits to use for ASLR of mmap base address" + default y if !64BIT + help + ARCH_MMAP_RND_BITS and ARCH_MMAP_RND_COMPAT_BITS represent the number + of bits to use for ASLR and if no custom value is assigned (EXPERT) + then the architecture's lower bound (minimum) value is assumed. + This toggle changes that default assumption to assume the arch upper + bound (maximum) value instead. + config ARCH_MMAP_RND_BITS int "Number of bits to use for ASLR of mmap base address" if EXPERT range ARCH_MMAP_RND_BITS_MIN ARCH_MMAP_RND_BITS_MAX default ARCH_MMAP_RND_BITS_DEFAULT if ARCH_MMAP_RND_BITS_DEFAULT + default ARCH_MMAP_RND_BITS_MAX if FORCE_MAX_MMAP_RND_BITS default ARCH_MMAP_RND_BITS_MIN depends on HAVE_ARCH_MMAP_RND_BITS help @@ -1084,6 +1095,7 @@ config ARCH_MMAP_RND_COMPAT_BITS int "Number of bits to use for ASLR of mmap base address for compatible applications" if EXPERT range ARCH_MMAP_RND_COMPAT_BITS_MIN ARCH_MMAP_RND_COMPAT_BITS_MAX default ARCH_MMAP_RND_COMPAT_BITS_DEFAULT if ARCH_MMAP_RND_COMPAT_BITS_DEFAULT + default ARCH_MMAP_RND_COMPAT_BITS_MAX if FORCE_MAX_MMAP_RND_BITS default ARCH_MMAP_RND_COMPAT_BITS_MIN depends on HAVE_ARCH_MMAP_RND_COMPAT_BITS help _ Patches currently in -mm which might be from aquini(a)redhat.com are

1 year, 3 months

1
0
0 0

[merged mm-hotfixes-stable] gcov-add-support-for-gcc-14.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: gcov: add support for GCC 14 has been removed from the -mm tree. Its filename was gcov-add-support-for-gcc-14.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Peter Oberparleiter <oberpar(a)linux.ibm.com> Subject: gcov: add support for GCC 14 Date: Mon, 10 Jun 2024 11:27:43 +0200 Using gcov on kernels compiled with GCC 14 results in truncated 16-byte long .gcda files with no usable data. To fix this, update GCOV_COUNTERS to match the value defined by GCC 14. Tested with GCC versions 14.1.0 and 13.2.0. Link: https://lkml.kernel.org/r/20240610092743.1609845-1-oberpar@linux.ibm.com Signed-off-by: Peter Oberparleiter <oberpar(a)linux.ibm.com> Reported-by: Allison Henderson <allison.henderson(a)oracle.com> Reported-by: Chuck Lever III <chuck.lever(a)oracle.com> Tested-by: Chuck Lever <chuck.lever(a)oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/gcov/gcc_4_7.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/kernel/gcov/gcc_4_7.c~gcov-add-support-for-gcc-14 +++ a/kernel/gcov/gcc_4_7.c @@ -18,7 +18,9 @@ #include <linux/mm.h> #include "gcov.h" -#if (__GNUC__ >= 10) +#if (__GNUC__ >= 14) +#define GCOV_COUNTERS 9 +#elif (__GNUC__ >= 10) #define GCOV_COUNTERS 8 #elif (__GNUC__ >= 7) #define GCOV_COUNTERS 9 _ Patches currently in -mm which might be from oberpar(a)linux.ibm.com are

1 year, 3 months

1
0
0 0

[merged mm-hotfixes-stable] mm-huge_memory-fix-misused-mapping_large_folio_support-for-anon-folios.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: huge_memory: fix misused mapping_large_folio_support() for anon folios has been removed from the -mm tree. Its filename was mm-huge_memory-fix-misused-mapping_large_folio_support-for-anon-folios.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Ran Xiaokai <ran.xiaokai(a)zte.com.cn> Subject: mm: huge_memory: fix misused mapping_large_folio_support() for anon folios Date: Fri, 7 Jun 2024 17:40:48 +0800 (CST) When I did a large folios split test, a WARNING "[ 5059.122759][ T166] Cannot split file folio to non-0 order" was triggered. But the test cases are only for anonmous folios. while mapping_large_folio_support() is only reasonable for page cache folios. In split_huge_page_to_list_to_order(), the folio passed to mapping_large_folio_support() maybe anonmous folio. The folio_test_anon() check is missing. So the split of the anonmous THP is failed. This is also the same for shmem_mapping(). We'd better add a check for both. But the shmem_mapping() in __split_huge_page() is not involved, as for anonmous folios, the end parameter is set to -1, so (head[i].index >= end) is always false. shmem_mapping() is not called. Also add a VM_WARN_ON_ONCE() in mapping_large_folio_support() for anon mapping, So we can detect the wrong use more easily. THP folios maybe exist in the pagecache even the file system doesn't support large folio, it is because when CONFIG_TRANSPARENT_HUGEPAGE is enabled, khugepaged will try to collapse read-only file-backed pages to THP. But the mapping does not actually support multi order large folios properly. Using /sys/kernel/debug/split_huge_pages to verify this, with this patch, large anon THP is successfully split and the warning is ceased. Link: https://lkml.kernel.org/r/202406071740485174hcFl7jRxncsHDtI-Pz-o@zte.com.cn Fixes: c010d47f107f ("mm: thp: split huge page to any lower order pages") Reviewed-by: Barry Song <baohua(a)kernel.org> Reviewed-by: Zi Yan <ziy(a)nvidia.com> Acked-by: David Hildenbrand <david(a)redhat.com> Signed-off-by: Ran Xiaokai <ran.xiaokai(a)zte.com.cn> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: xu xin <xu.xin16(a)zte.com.cn> Cc: Yang Yang <yang.yang29(a)zte.com.cn> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/pagemap.h | 4 ++++ mm/huge_memory.c | 28 +++++++++++++++++----------- 2 files changed, 21 insertions(+), 11 deletions(-) --- a/include/linux/pagemap.h~mm-huge_memory-fix-misused-mapping_large_folio_support-for-anon-folios +++ a/include/linux/pagemap.h @@ -381,6 +381,10 @@ static inline void mapping_set_large_fol */ static inline bool mapping_large_folio_support(struct address_space *mapping) { + /* AS_LARGE_FOLIO_SUPPORT is only reasonable for pagecache folios */ + VM_WARN_ONCE((unsigned long)mapping & PAGE_MAPPING_ANON, + "Anonymous mapping always supports large folio"); + return IS_ENABLED(CONFIG_TRANSPARENT_HUGEPAGE) && test_bit(AS_LARGE_FOLIO_SUPPORT, &mapping->flags); } --- a/mm/huge_memory.c~mm-huge_memory-fix-misused-mapping_large_folio_support-for-anon-folios +++ a/mm/huge_memory.c @@ -3009,30 +3009,36 @@ int split_huge_page_to_list_to_order(str if (new_order >= folio_order(folio)) return -EINVAL; - /* Cannot split anonymous THP to order-1 */ - if (new_order == 1 && folio_test_anon(folio)) { - VM_WARN_ONCE(1, "Cannot split to order-1 folio"); - return -EINVAL; - } - - if (new_order) { - /* Only swapping a whole PMD-mapped folio is supported */ - if (folio_test_swapcache(folio)) + if (folio_test_anon(folio)) { + /* order-1 is not supported for anonymous THP. */ + if (new_order == 1) { + VM_WARN_ONCE(1, "Cannot split to order-1 folio"); return -EINVAL; + } + } else if (new_order) { /* Split shmem folio to non-zero order not supported */ if (shmem_mapping(folio->mapping)) { VM_WARN_ONCE(1, "Cannot split shmem folio to non-0 order"); return -EINVAL; } - /* No split if the file system does not support large folio */ - if (!mapping_large_folio_support(folio->mapping)) { + /* + * No split if the file system does not support large folio. + * Note that we might still have THPs in such mappings due to + * CONFIG_READ_ONLY_THP_FOR_FS. But in that case, the mapping + * does not actually support large folios properly. + */ + if (IS_ENABLED(CONFIG_READ_ONLY_THP_FOR_FS) && + !mapping_large_folio_support(folio->mapping)) { VM_WARN_ONCE(1, "Cannot split file folio to non-0 order"); return -EINVAL; } } + /* Only swapping a whole PMD-mapped folio is supported */ + if (folio_test_swapcache(folio) && new_order) + return -EINVAL; is_hzp = is_huge_zero_folio(folio); if (is_hzp) { _ Patches currently in -mm which might be from ran.xiaokai(a)zte.com.cn are mm-huge_memory-mark-racy-access-onhuge_anon_orders_always.patch

1 year, 3 months

1
0
0 0

[merged mm-hotfixes-stable] mm-page_table_check-fix-crash-on-zone_device.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/page_table_check: fix crash on ZONE_DEVICE has been removed from the -mm tree. Its filename was mm-page_table_check-fix-crash-on-zone_device.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Peter Xu <peterx(a)redhat.com> Subject: mm/page_table_check: fix crash on ZONE_DEVICE Date: Wed, 5 Jun 2024 17:21:46 -0400 Not all pages may apply to pgtable check. One example is ZONE_DEVICE pages: they map PFNs directly, and they don't allocate page_ext at all even if there's struct page around. One may reference devm_memremap_pages(). When both ZONE_DEVICE and page-table-check enabled, then try to map some dax memories, one can trigger kernel bug constantly now when the kernel was trying to inject some pfn maps on the dax device: kernel BUG at mm/page_table_check.c:55! While it's pretty legal to use set_pxx_at() for ZONE_DEVICE pages for page fault resolutions, skip all the checks if page_ext doesn't even exist in pgtable checker, which applies to ZONE_DEVICE but maybe more. Link: https://lkml.kernel.org/r/20240605212146.994486-1-peterx@redhat.com Fixes: df4e817b7108 ("mm: page table check") Signed-off-by: Peter Xu <peterx(a)redhat.com> Reviewed-by: Pasha Tatashin <pasha.tatashin(a)soleen.com> Reviewed-by: Dan Williams <dan.j.williams(a)intel.com> Reviewed-by: Alistair Popple <apopple(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/page_table_check.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) --- a/mm/page_table_check.c~mm-page_table_check-fix-crash-on-zone_device +++ a/mm/page_table_check.c @@ -73,6 +73,9 @@ static void page_table_check_clear(unsig page = pfn_to_page(pfn); page_ext = page_ext_get(page); + if (!page_ext) + return; + BUG_ON(PageSlab(page)); anon = PageAnon(page); @@ -110,6 +113,9 @@ static void page_table_check_set(unsigne page = pfn_to_page(pfn); page_ext = page_ext_get(page); + if (!page_ext) + return; + BUG_ON(PageSlab(page)); anon = PageAnon(page); @@ -140,7 +146,10 @@ void __page_table_check_zero(struct page BUG_ON(PageSlab(page)); page_ext = page_ext_get(page); - BUG_ON(!page_ext); + + if (!page_ext) + return; + for (i = 0; i < (1ul << order); i++) { struct page_table_check *ptc = get_page_table_check(page_ext); _ Patches currently in -mm which might be from peterx(a)redhat.com are mm-drop-leftover-comment-references-to-pxx_huge.patch

1 year, 3 months

1
0
0 0

[merged mm-hotfixes-stable] ocfs2-fix-null-pointer-dereference-in-ocfs2_abort_trigger.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: ocfs2: fix NULL pointer dereference in ocfs2_abort_trigger() has been removed from the -mm tree. Its filename was ocfs2-fix-null-pointer-dereference-in-ocfs2_abort_trigger.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Joseph Qi <joseph.qi(a)linux.alibaba.com> Subject: ocfs2: fix NULL pointer dereference in ocfs2_abort_trigger() Date: Thu, 30 May 2024 19:06:30 +0800 bdev->bd_super has been removed and commit 8887b94d9322 change the usage from bdev->bd_super to b_assoc_map->host->i_sb. Since ocfs2 hasn't set bh->b_assoc_map, it will trigger NULL pointer dereference when calling into ocfs2_abort_trigger(). Actually this was pointed out in history, see commit 74e364ad1b13. But I've made a mistake when reviewing commit 8887b94d9322 and then re-introduce this regression. Since we cannot revive bdev in buffer head, so fix this issue by initializing all types of ocfs2 triggers when fill super, and then get the specific ocfs2 trigger from ocfs2_caching_info when access journal. [joseph.qi(a)linux.alibaba.com: v2] Link: https://lkml.kernel.org/r/20240602112045.1112708-1-joseph.qi@linux.alibaba.… Link: https://lkml.kernel.org/r/20240530110630.3933832-2-joseph.qi@linux.alibaba.… Fixes: 8887b94d9322 ("ocfs2: stop using bdev->bd_super for journal error logging") Signed-off-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Reviewed-by: Heming Zhao <heming.zhao(a)suse.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Gang He <ghe(a)suse.com> Cc: Jun Piao <piaojun(a)huawei.com> Cc: <stable(a)vger.kernel.org> [6.6+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/journal.c | 190 +++++++++++++++++++++++-------------------- fs/ocfs2/ocfs2.h | 27 ++++++ fs/ocfs2/super.c | 4 3 files changed, 135 insertions(+), 86 deletions(-) --- a/fs/ocfs2/journal.c~ocfs2-fix-null-pointer-dereference-in-ocfs2_abort_trigger +++ a/fs/ocfs2/journal.c @@ -479,12 +479,6 @@ bail: return status; } - -struct ocfs2_triggers { - struct jbd2_buffer_trigger_type ot_triggers; - int ot_offset; -}; - static inline struct ocfs2_triggers *to_ocfs2_trigger(struct jbd2_buffer_trigger_type *triggers) { return container_of(triggers, struct ocfs2_triggers, ot_triggers); @@ -548,85 +542,76 @@ static void ocfs2_db_frozen_trigger(stru static void ocfs2_abort_trigger(struct jbd2_buffer_trigger_type *triggers, struct buffer_head *bh) { + struct ocfs2_triggers *ot = to_ocfs2_trigger(triggers); + mlog(ML_ERROR, "ocfs2_abort_trigger called by JBD2. bh = 0x%lx, " "bh->b_blocknr = %llu\n", (unsigned long)bh, (unsigned long long)bh->b_blocknr); - ocfs2_error(bh->b_assoc_map->host->i_sb, + ocfs2_error(ot->sb, "JBD2 has aborted our journal, ocfs2 cannot continue\n"); } -static struct ocfs2_triggers di_triggers = { - .ot_triggers = { - .t_frozen = ocfs2_frozen_trigger, - .t_abort = ocfs2_abort_trigger, - }, - .ot_offset = offsetof(struct ocfs2_dinode, i_check), -}; - -static struct ocfs2_triggers eb_triggers = { - .ot_triggers = { - .t_frozen = ocfs2_frozen_trigger, - .t_abort = ocfs2_abort_trigger, - }, - .ot_offset = offsetof(struct ocfs2_extent_block, h_check), -}; - -static struct ocfs2_triggers rb_triggers = { - .ot_triggers = { - .t_frozen = ocfs2_frozen_trigger, - .t_abort = ocfs2_abort_trigger, - }, - .ot_offset = offsetof(struct ocfs2_refcount_block, rf_check), -}; - -static struct ocfs2_triggers gd_triggers = { - .ot_triggers = { - .t_frozen = ocfs2_frozen_trigger, - .t_abort = ocfs2_abort_trigger, - }, - .ot_offset = offsetof(struct ocfs2_group_desc, bg_check), -}; - -static struct ocfs2_triggers db_triggers = { - .ot_triggers = { - .t_frozen = ocfs2_db_frozen_trigger, - .t_abort = ocfs2_abort_trigger, - }, -}; - -static struct ocfs2_triggers xb_triggers = { - .ot_triggers = { - .t_frozen = ocfs2_frozen_trigger, - .t_abort = ocfs2_abort_trigger, - }, - .ot_offset = offsetof(struct ocfs2_xattr_block, xb_check), -}; - -static struct ocfs2_triggers dq_triggers = { - .ot_triggers = { - .t_frozen = ocfs2_dq_frozen_trigger, - .t_abort = ocfs2_abort_trigger, - }, -}; - -static struct ocfs2_triggers dr_triggers = { - .ot_triggers = { - .t_frozen = ocfs2_frozen_trigger, - .t_abort = ocfs2_abort_trigger, - }, - .ot_offset = offsetof(struct ocfs2_dx_root_block, dr_check), -}; - -static struct ocfs2_triggers dl_triggers = { - .ot_triggers = { - .t_frozen = ocfs2_frozen_trigger, - .t_abort = ocfs2_abort_trigger, - }, - .ot_offset = offsetof(struct ocfs2_dx_leaf, dl_check), -}; +static void ocfs2_setup_csum_triggers(struct super_block *sb, + enum ocfs2_journal_trigger_type type, + struct ocfs2_triggers *ot) +{ + BUG_ON(type >= OCFS2_JOURNAL_TRIGGER_COUNT); + + switch (type) { + case OCFS2_JTR_DI: + ot->ot_triggers.t_frozen = ocfs2_frozen_trigger; + ot->ot_offset = offsetof(struct ocfs2_dinode, i_check); + break; + case OCFS2_JTR_EB: + ot->ot_triggers.t_frozen = ocfs2_frozen_trigger; + ot->ot_offset = offsetof(struct ocfs2_extent_block, h_check); + break; + case OCFS2_JTR_RB: + ot->ot_triggers.t_frozen = ocfs2_frozen_trigger; + ot->ot_offset = offsetof(struct ocfs2_refcount_block, rf_check); + break; + case OCFS2_JTR_GD: + ot->ot_triggers.t_frozen = ocfs2_frozen_trigger; + ot->ot_offset = offsetof(struct ocfs2_group_desc, bg_check); + break; + case OCFS2_JTR_DB: + ot->ot_triggers.t_frozen = ocfs2_db_frozen_trigger; + break; + case OCFS2_JTR_XB: + ot->ot_triggers.t_frozen = ocfs2_frozen_trigger; + ot->ot_offset = offsetof(struct ocfs2_xattr_block, xb_check); + break; + case OCFS2_JTR_DQ: + ot->ot_triggers.t_frozen = ocfs2_dq_frozen_trigger; + break; + case OCFS2_JTR_DR: + ot->ot_triggers.t_frozen = ocfs2_frozen_trigger; + ot->ot_offset = offsetof(struct ocfs2_dx_root_block, dr_check); + break; + case OCFS2_JTR_DL: + ot->ot_triggers.t_frozen = ocfs2_frozen_trigger; + ot->ot_offset = offsetof(struct ocfs2_dx_leaf, dl_check); + break; + case OCFS2_JTR_NONE: + /* To make compiler happy... */ + return; + } + + ot->ot_triggers.t_abort = ocfs2_abort_trigger; + ot->sb = sb; +} + +void ocfs2_initialize_journal_triggers(struct super_block *sb, + struct ocfs2_triggers triggers[]) +{ + enum ocfs2_journal_trigger_type type; + + for (type = OCFS2_JTR_DI; type < OCFS2_JOURNAL_TRIGGER_COUNT; type++) + ocfs2_setup_csum_triggers(sb, type, &triggers[type]); +} static int __ocfs2_journal_access(handle_t *handle, struct ocfs2_caching_info *ci, @@ -708,56 +693,91 @@ static int __ocfs2_journal_access(handle int ocfs2_journal_access_di(handle_t *handle, struct ocfs2_caching_info *ci, struct buffer_head *bh, int type) { - return __ocfs2_journal_access(handle, ci, bh, &di_triggers, type); + struct ocfs2_super *osb = OCFS2_SB(ocfs2_metadata_cache_get_super(ci)); + + return __ocfs2_journal_access(handle, ci, bh, + &osb->s_journal_triggers[OCFS2_JTR_DI], + type); } int ocfs2_journal_access_eb(handle_t *handle, struct ocfs2_caching_info *ci, struct buffer_head *bh, int type) { - return __ocfs2_journal_access(handle, ci, bh, &eb_triggers, type); + struct ocfs2_super *osb = OCFS2_SB(ocfs2_metadata_cache_get_super(ci)); + + return __ocfs2_journal_access(handle, ci, bh, + &osb->s_journal_triggers[OCFS2_JTR_EB], + type); } int ocfs2_journal_access_rb(handle_t *handle, struct ocfs2_caching_info *ci, struct buffer_head *bh, int type) { - return __ocfs2_journal_access(handle, ci, bh, &rb_triggers, + struct ocfs2_super *osb = OCFS2_SB(ocfs2_metadata_cache_get_super(ci)); + + return __ocfs2_journal_access(handle, ci, bh, + &osb->s_journal_triggers[OCFS2_JTR_RB], type); } int ocfs2_journal_access_gd(handle_t *handle, struct ocfs2_caching_info *ci, struct buffer_head *bh, int type) { - return __ocfs2_journal_access(handle, ci, bh, &gd_triggers, type); + struct ocfs2_super *osb = OCFS2_SB(ocfs2_metadata_cache_get_super(ci)); + + return __ocfs2_journal_access(handle, ci, bh, + &osb->s_journal_triggers[OCFS2_JTR_GD], + type); } int ocfs2_journal_access_db(handle_t *handle, struct ocfs2_caching_info *ci, struct buffer_head *bh, int type) { - return __ocfs2_journal_access(handle, ci, bh, &db_triggers, type); + struct ocfs2_super *osb = OCFS2_SB(ocfs2_metadata_cache_get_super(ci)); + + return __ocfs2_journal_access(handle, ci, bh, + &osb->s_journal_triggers[OCFS2_JTR_DB], + type); } int ocfs2_journal_access_xb(handle_t *handle, struct ocfs2_caching_info *ci, struct buffer_head *bh, int type) { - return __ocfs2_journal_access(handle, ci, bh, &xb_triggers, type); + struct ocfs2_super *osb = OCFS2_SB(ocfs2_metadata_cache_get_super(ci)); + + return __ocfs2_journal_access(handle, ci, bh, + &osb->s_journal_triggers[OCFS2_JTR_XB], + type); } int ocfs2_journal_access_dq(handle_t *handle, struct ocfs2_caching_info *ci, struct buffer_head *bh, int type) { - return __ocfs2_journal_access(handle, ci, bh, &dq_triggers, type); + struct ocfs2_super *osb = OCFS2_SB(ocfs2_metadata_cache_get_super(ci)); + + return __ocfs2_journal_access(handle, ci, bh, + &osb->s_journal_triggers[OCFS2_JTR_DQ], + type); } int ocfs2_journal_access_dr(handle_t *handle, struct ocfs2_caching_info *ci, struct buffer_head *bh, int type) { - return __ocfs2_journal_access(handle, ci, bh, &dr_triggers, type); + struct ocfs2_super *osb = OCFS2_SB(ocfs2_metadata_cache_get_super(ci)); + + return __ocfs2_journal_access(handle, ci, bh, + &osb->s_journal_triggers[OCFS2_JTR_DR], + type); } int ocfs2_journal_access_dl(handle_t *handle, struct ocfs2_caching_info *ci, struct buffer_head *bh, int type) { - return __ocfs2_journal_access(handle, ci, bh, &dl_triggers, type); + struct ocfs2_super *osb = OCFS2_SB(ocfs2_metadata_cache_get_super(ci)); + + return __ocfs2_journal_access(handle, ci, bh, + &osb->s_journal_triggers[OCFS2_JTR_DL], + type); } int ocfs2_journal_access(handle_t *handle, struct ocfs2_caching_info *ci, --- a/fs/ocfs2/ocfs2.h~ocfs2-fix-null-pointer-dereference-in-ocfs2_abort_trigger +++ a/fs/ocfs2/ocfs2.h @@ -284,6 +284,30 @@ enum ocfs2_mount_options #define OCFS2_OSB_ERROR_FS 0x0004 #define OCFS2_DEFAULT_ATIME_QUANTUM 60 +struct ocfs2_triggers { + struct jbd2_buffer_trigger_type ot_triggers; + int ot_offset; + struct super_block *sb; +}; + +enum ocfs2_journal_trigger_type { + OCFS2_JTR_DI, + OCFS2_JTR_EB, + OCFS2_JTR_RB, + OCFS2_JTR_GD, + OCFS2_JTR_DB, + OCFS2_JTR_XB, + OCFS2_JTR_DQ, + OCFS2_JTR_DR, + OCFS2_JTR_DL, + OCFS2_JTR_NONE /* This must be the last entry */ +}; + +#define OCFS2_JOURNAL_TRIGGER_COUNT OCFS2_JTR_NONE + +void ocfs2_initialize_journal_triggers(struct super_block *sb, + struct ocfs2_triggers triggers[]); + struct ocfs2_journal; struct ocfs2_slot_info; struct ocfs2_recovery_map; @@ -351,6 +375,9 @@ struct ocfs2_super struct ocfs2_journal *journal; unsigned long osb_commit_interval; + /* Journal triggers for checksum */ + struct ocfs2_triggers s_journal_triggers[OCFS2_JOURNAL_TRIGGER_COUNT]; + struct delayed_work la_enable_wq; /* --- a/fs/ocfs2/super.c~ocfs2-fix-null-pointer-dereference-in-ocfs2_abort_trigger +++ a/fs/ocfs2/super.c @@ -1075,9 +1075,11 @@ static int ocfs2_fill_super(struct super debugfs_create_file("fs_state", S_IFREG|S_IRUSR, osb->osb_debug_root, osb, &ocfs2_osb_debug_fops); - if (ocfs2_meta_ecc(osb)) + if (ocfs2_meta_ecc(osb)) { + ocfs2_initialize_journal_triggers(sb, osb->s_journal_triggers); ocfs2_blockcheck_stats_debugfs_install( &osb->osb_ecc_stats, osb->osb_debug_root); + } status = ocfs2_mount_volume(sb); if (status < 0) _ Patches currently in -mm which might be from joseph.qi(a)linux.alibaba.com are

1 year, 3 months

1
0
0 0

[merged mm-hotfixes-stable] ocfs2-fix-null-pointer-dereference-in-ocfs2_journal_dirty.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: ocfs2: fix NULL pointer dereference in ocfs2_journal_dirty() has been removed from the -mm tree. Its filename was ocfs2-fix-null-pointer-dereference-in-ocfs2_journal_dirty.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Joseph Qi <joseph.qi(a)linux.alibaba.com> Subject: ocfs2: fix NULL pointer dereference in ocfs2_journal_dirty() Date: Thu, 30 May 2024 19:06:29 +0800 bdev->bd_super has been removed and commit 8887b94d9322 change the usage from bdev->bd_super to b_assoc_map->host->i_sb. This introduces the following NULL pointer dereference in ocfs2_journal_dirty() since b_assoc_map is still not initialized. This can be easily reproduced by running xfstests generic/186, which simulate no more credits. [ 134.351592] BUG: kernel NULL pointer dereference, address: 0000000000000000 ... [ 134.355341] RIP: 0010:ocfs2_journal_dirty+0x14f/0x160 [ocfs2] ... [ 134.365071] Call Trace: [ 134.365312] <TASK> [ 134.365524] ? __die_body+0x1e/0x60 [ 134.365868] ? page_fault_oops+0x13d/0x4f0 [ 134.366265] ? __pfx_bit_wait_io+0x10/0x10 [ 134.366659] ? schedule+0x27/0xb0 [ 134.366981] ? exc_page_fault+0x6a/0x140 [ 134.367356] ? asm_exc_page_fault+0x26/0x30 [ 134.367762] ? ocfs2_journal_dirty+0x14f/0x160 [ocfs2] [ 134.368305] ? ocfs2_journal_dirty+0x13d/0x160 [ocfs2] [ 134.368837] ocfs2_create_new_meta_bhs.isra.51+0x139/0x2e0 [ocfs2] [ 134.369454] ocfs2_grow_tree+0x688/0x8a0 [ocfs2] [ 134.369927] ocfs2_split_and_insert.isra.67+0x35c/0x4a0 [ocfs2] [ 134.370521] ocfs2_split_extent+0x314/0x4d0 [ocfs2] [ 134.371019] ocfs2_change_extent_flag+0x174/0x410 [ocfs2] [ 134.371566] ocfs2_add_refcount_flag+0x3fa/0x630 [ocfs2] [ 134.372117] ocfs2_reflink_remap_extent+0x21b/0x4c0 [ocfs2] [ 134.372994] ? inode_update_timestamps+0x4a/0x120 [ 134.373692] ? __pfx_ocfs2_journal_access_di+0x10/0x10 [ocfs2] [ 134.374545] ? __pfx_ocfs2_journal_access_di+0x10/0x10 [ocfs2] [ 134.375393] ocfs2_reflink_remap_blocks+0xe4/0x4e0 [ocfs2] [ 134.376197] ocfs2_remap_file_range+0x1de/0x390 [ocfs2] [ 134.376971] ? security_file_permission+0x29/0x50 [ 134.377644] vfs_clone_file_range+0xfe/0x320 [ 134.378268] ioctl_file_clone+0x45/0xa0 [ 134.378853] do_vfs_ioctl+0x457/0x990 [ 134.379422] __x64_sys_ioctl+0x6e/0xd0 [ 134.379987] do_syscall_64+0x5d/0x170 [ 134.380550] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 134.381231] RIP: 0033:0x7fa4926397cb [ 134.381786] Code: 73 01 c3 48 8b 0d bd 56 38 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 8d 56 38 00 f7 d8 64 89 01 48 [ 134.383930] RSP: 002b:00007ffc2b39f7b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 134.384854] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fa4926397cb [ 134.385734] RDX: 00007ffc2b39f7f0 RSI: 000000004020940d RDI: 0000000000000003 [ 134.386606] RBP: 0000000000000000 R08: 00111a82a4f015bb R09: 00007fa494221000 [ 134.387476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 134.388342] R13: 0000000000f10000 R14: 0000558e844e2ac8 R15: 0000000000f10000 [ 134.389207] </TASK> Fix it by only aborting transaction and journal in ocfs2_journal_dirty() now, and leave ocfs2_abort() later when detecting an aborted handle, e.g. start next transaction. Also log the handle details in this case. Link: https://lkml.kernel.org/r/20240530110630.3933832-1-joseph.qi@linux.alibaba.… Fixes: 8887b94d9322 ("ocfs2: stop using bdev->bd_super for journal error logging") Signed-off-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Reviewed-by: Heming Zhao <heming.zhao(a)suse.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Gang He <ghe(a)suse.com> Cc: Jun Piao <piaojun(a)huawei.com> Cc: <stable(a)vger.kernel.org> [6.6+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/journal.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) --- a/fs/ocfs2/journal.c~ocfs2-fix-null-pointer-dereference-in-ocfs2_journal_dirty +++ a/fs/ocfs2/journal.c @@ -778,13 +778,15 @@ void ocfs2_journal_dirty(handle_t *handl if (!is_handle_aborted(handle)) { journal_t *journal = handle->h_transaction->t_journal; - mlog(ML_ERROR, "jbd2_journal_dirty_metadata failed. " - "Aborting transaction and journal.\n"); + mlog(ML_ERROR, "jbd2_journal_dirty_metadata failed: " + "handle type %u started at line %u, credits %u/%u " + "errcode %d. Aborting transaction and journal.\n", + handle->h_type, handle->h_line_no, + handle->h_requested_credits, + jbd2_handle_buffer_credits(handle), status); handle->h_err = status; jbd2_journal_abort_handle(handle); jbd2_journal_abort(journal, status); - ocfs2_abort(bh->b_assoc_map->host->i_sb, - "Journal already aborted.\n"); } } } _ Patches currently in -mm which might be from joseph.qi(a)linux.alibaba.com are

1 year, 3 months

1
0
0 0

[PATCH v7] af_packet: Handle outgoing VLAN packets without hardware offloading

by Chengen Du

The issue initially stems from libpcap. The ethertype will be overwritten as the VLAN TPID if the network interface lacks hardware VLAN offloading. In the outbound packet path, if hardware VLAN offloading is unavailable, the VLAN tag is inserted into the payload but then cleared from the sk_buff struct. Consequently, this can lead to a false negative when checking for the presence of a VLAN tag, causing the packet sniffing outcome to lack VLAN tag information (i.e., TCI-TPID). As a result, the packet capturing tool may be unable to parse packets as expected. The TCI-TPID is missing because the prb_fill_vlan_info() function does not modify the tp_vlan_tci/tp_vlan_tpid values, as the information is in the payload and not in the sk_buff struct. The skb_vlan_tag_present() function only checks vlan_all in the sk_buff struct. In cooked mode, the L2 header is stripped, preventing the packet capturing tool from determining the correct TCI-TPID value. Additionally, the protocol in SLL is incorrect, which means the packet capturing tool cannot parse the L3 header correctly. Link: https://github.com/the-tcpdump-group/libpcap/issues/1105 Link: https://lore.kernel.org/netdev/20240520070348.26725-1-chengen.du@canonical.… Fixes: 393e52e33c6c ("packet: deliver VLAN TCI to userspace") Cc: stable(a)vger.kernel.org Signed-off-by: Chengen Du <chengen.du(a)canonical.com> --- net/packet/af_packet.c | 93 +++++++++++++++++++++++++++++++++++++++++- 1 file changed, 91 insertions(+), 2 deletions(-) diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c index ea3ebc160e25..41d6ebb38774 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c @@ -538,6 +538,69 @@ static void *packet_current_frame(struct packet_sock *po, return packet_lookup_frame(po, rb, rb->head, status); } +static u16 vlan_get_tci(struct sk_buff *skb, struct net_device *dev) +{ + struct vlan_hdr vhdr, *vh; + u8 *skb_orig_data = skb->data; + int skb_orig_len = skb->len; + unsigned int header_len; + + if (!dev) { + if (!skb->dev) + return 0; + dev = skb->dev; + } + + /* In the SOCK_DGRAM scenario, skb data starts at the network + * protocol, which is after the VLAN headers. The outer VLAN + * header is at the hard_header_len offset in non-variable + * length link layer headers. If it's a VLAN device, the + * min_header_len should be used to exclude the VLAN header + * size. + */ + if (dev->min_header_len == dev->hard_header_len) + header_len = dev->hard_header_len; + else if (is_vlan_dev(dev)) + header_len = dev->min_header_len; + else + return 0; + + skb_push(skb, skb->data - skb_mac_header(skb)); + vh = skb_header_pointer(skb, header_len, sizeof(vhdr), &vhdr); + if (skb_orig_data != skb->data) { + skb->data = skb_orig_data; + skb->len = skb_orig_len; + } + if (unlikely(!vh)) + return 0; + + return ntohs(vh->h_vlan_TCI); +} + +static __be16 vlan_get_protocol_dgram(struct sk_buff *skb) +{ + __be16 proto = skb->protocol; + + if (unlikely(eth_type_vlan(proto))) { + u8 *skb_orig_data = skb->data; + int skb_orig_len = skb->len; + + /* In the SOCK_DGRAM scenario, skb data starts at the network + * protocol, which is after the VLAN headers. The protocol must + * point to the network protocol to accurately reflect the real + * scenario. + */ + skb_push(skb, skb->data - skb_mac_header(skb)); + proto = __vlan_get_protocol(skb, proto, NULL); + if (skb_orig_data != skb->data) { + skb->data = skb_orig_data; + skb->len = skb_orig_len; + } + } + + return proto; +} + static void prb_del_retire_blk_timer(struct tpacket_kbdq_core *pkc) { del_timer_sync(&pkc->retire_blk_timer); @@ -1007,10 +1070,16 @@ static void prb_clear_rxhash(struct tpacket_kbdq_core *pkc, static void prb_fill_vlan_info(struct tpacket_kbdq_core *pkc, struct tpacket3_hdr *ppd) { + struct packet_sock *po = container_of(pkc, struct packet_sock, rx_ring.prb_bdqc); + if (skb_vlan_tag_present(pkc->skb)) { ppd->hv1.tp_vlan_tci = skb_vlan_tag_get(pkc->skb); ppd->hv1.tp_vlan_tpid = ntohs(pkc->skb->vlan_proto); ppd->tp_status = TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; + } else if (unlikely(po->sk.sk_type == SOCK_DGRAM && eth_type_vlan(pkc->skb->protocol))) { + ppd->hv1.tp_vlan_tci = vlan_get_tci(pkc->skb, NULL); + ppd->hv1.tp_vlan_tpid = ntohs(pkc->skb->protocol); + ppd->tp_status = TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; } else { ppd->hv1.tp_vlan_tci = 0; ppd->hv1.tp_vlan_tpid = 0; @@ -2428,6 +2497,10 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, h.h2->tp_vlan_tci = skb_vlan_tag_get(skb); h.h2->tp_vlan_tpid = ntohs(skb->vlan_proto); status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; + } else if (unlikely(sk->sk_type == SOCK_DGRAM && eth_type_vlan(skb->protocol))) { + h.h2->tp_vlan_tci = vlan_get_tci(skb, NULL); + h.h2->tp_vlan_tpid = ntohs(skb->protocol); + status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; } else { h.h2->tp_vlan_tci = 0; h.h2->tp_vlan_tpid = 0; @@ -2457,7 +2530,8 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, sll->sll_halen = dev_parse_header(skb, sll->sll_addr); sll->sll_family = AF_PACKET; sll->sll_hatype = dev->type; - sll->sll_protocol = skb->protocol; + sll->sll_protocol = (sk->sk_type == SOCK_DGRAM) ? + vlan_get_protocol_dgram(skb) : skb->protocol; sll->sll_pkttype = skb->pkt_type; if (unlikely(packet_sock_flag(po, PACKET_SOCK_ORIGDEV))) sll->sll_ifindex = orig_dev->ifindex; @@ -3482,7 +3556,8 @@ static int packet_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, /* Original length was stored in sockaddr_ll fields */ origlen = PACKET_SKB_CB(skb)->sa.origlen; sll->sll_family = AF_PACKET; - sll->sll_protocol = skb->protocol; + sll->sll_protocol = (sock->type == SOCK_DGRAM) ? + vlan_get_protocol_dgram(skb) : skb->protocol; } sock_recv_cmsgs(msg, sk, skb); @@ -3539,6 +3614,20 @@ static int packet_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, aux.tp_vlan_tci = skb_vlan_tag_get(skb); aux.tp_vlan_tpid = ntohs(skb->vlan_proto); aux.tp_status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; + } else if (unlikely(sock->type == SOCK_DGRAM && eth_type_vlan(skb->protocol))) { + struct sockaddr_ll *sll = &PACKET_SKB_CB(skb)->sa.ll; + struct net_device *dev; + + dev = dev_get_by_index(sock_net(sk), sll->sll_ifindex); + if (dev) { + aux.tp_vlan_tci = vlan_get_tci(skb, dev); + aux.tp_vlan_tpid = ntohs(skb->protocol); + aux.tp_status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; + dev_put(dev); + } else { + aux.tp_vlan_tci = 0; + aux.tp_vlan_tpid = 0; + } } else { aux.tp_vlan_tci = 0; aux.tp_vlan_tpid = 0; -- 2.43.0

1 year, 3 months

2
1
0 0

[git:media_stage/master] media: ivsc: csi: don't count privacy on as error

by Hans Verkuil

This is an automatic generated email to let you know that the following patch were queued: Subject: media: ivsc: csi: don't count privacy on as error Author: Wentong Wu <wentong.wu(a)intel.com> Date: Fri Jun 7 21:25:45 2024 +0800 Prior to the ongoing command privacy is on, it would return -1 to indicate the current privacy status, and the ongoing command would be well executed by firmware as well, so this is not error. This patch changes its behavior to notify privacy on directly by V4L2 privacy control instead of reporting error. Fixes: 29006e196a56 ("media: pci: intel: ivsc: Add CSI submodule") Cc: stable(a)vger.kernel.org # for 6.6 and later Reported-by: Hao Yao <hao.yao(a)intel.com> Signed-off-by: Wentong Wu <wentong.wu(a)intel.com> Tested-by: Jason Chen <jason.z.chen(a)intel.com> Signed-off-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> drivers/media/pci/intel/ivsc/mei_csi.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) --- diff --git a/drivers/media/pci/intel/ivsc/mei_csi.c b/drivers/media/pci/intel/ivsc/mei_csi.c index c6d8f72e4eec..16791a7f4f15 100644 --- a/drivers/media/pci/intel/ivsc/mei_csi.c +++ b/drivers/media/pci/intel/ivsc/mei_csi.c @@ -192,7 +192,11 @@ static int mei_csi_send(struct mei_csi *csi, u8 *buf, size_t len) /* command response status */ ret = csi->cmd_response.status; - if (ret) { + if (ret == -1) { + /* notify privacy on instead of reporting error */ + ret = 0; + v4l2_ctrl_s_ctrl(csi->privacy_ctrl, 1); + } else if (ret) { ret = -EINVAL; goto out; }

1 year, 3 months

1
0
0 0

[git:media_stage/master] media: ivsc: csi: add separate lock for v4l2 control handler

by Hans Verkuil

This is an automatic generated email to let you know that the following patch were queued: Subject: media: ivsc: csi: add separate lock for v4l2 control handler Author: Wentong Wu <wentong.wu(a)intel.com> Date: Fri Jun 7 21:25:46 2024 +0800 There're possibilities that privacy status change notification happens in the middle of the ongoing mei command which already takes the command lock, but v4l2_ctrl_s_ctrl() would also need the same lock prior to this patch, so this may results in circular locking problem. This patch adds one dedicated lock for v4l2 control handler to avoid described issue. Fixes: 29006e196a56 ("media: pci: intel: ivsc: Add CSI submodule") Cc: stable(a)vger.kernel.org # for 6.6 and later Reported-by: Hao Yao <hao.yao(a)intel.com> Signed-off-by: Wentong Wu <wentong.wu(a)intel.com> Tested-by: Jason Chen <jason.z.chen(a)intel.com> Signed-off-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> drivers/media/pci/intel/ivsc/mei_csi.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) --- diff --git a/drivers/media/pci/intel/ivsc/mei_csi.c b/drivers/media/pci/intel/ivsc/mei_csi.c index f04a89584334..c6d8f72e4eec 100644 --- a/drivers/media/pci/intel/ivsc/mei_csi.c +++ b/drivers/media/pci/intel/ivsc/mei_csi.c @@ -126,6 +126,8 @@ struct mei_csi { struct v4l2_ctrl_handler ctrl_handler; struct v4l2_ctrl *freq_ctrl; struct v4l2_ctrl *privacy_ctrl; + /* lock for v4l2 controls */ + struct mutex ctrl_lock; unsigned int remote_pad; /* start streaming or not */ int streaming; @@ -559,11 +561,13 @@ static int mei_csi_init_controls(struct mei_csi *csi) u32 max; int ret; + mutex_init(&csi->ctrl_lock); + ret = v4l2_ctrl_handler_init(&csi->ctrl_handler, 2); if (ret) return ret; - csi->ctrl_handler.lock = &csi->lock; + csi->ctrl_handler.lock = &csi->ctrl_lock; max = ARRAY_SIZE(link_freq_menu_items) - 1; csi->freq_ctrl = v4l2_ctrl_new_int_menu(&csi->ctrl_handler, @@ -755,6 +759,7 @@ err_entity: err_ctrl_handler: v4l2_ctrl_handler_free(&csi->ctrl_handler); + mutex_destroy(&csi->ctrl_lock); v4l2_async_nf_unregister(&csi->notifier); v4l2_async_nf_cleanup(&csi->notifier); @@ -774,6 +779,7 @@ static void mei_csi_remove(struct mei_cl_device *cldev) v4l2_async_nf_unregister(&csi->notifier); v4l2_async_nf_cleanup(&csi->notifier); v4l2_ctrl_handler_free(&csi->ctrl_handler); + mutex_destroy(&csi->ctrl_lock); v4l2_async_unregister_subdev(&csi->subdev); v4l2_subdev_cleanup(&csi->subdev); media_entity_cleanup(&csi->subdev.entity);

1 year, 3 months

1
0
0 0

[git:media_stage/master] media: i2c: alvium: Move V4L2_CID_GAIN to V4L2_CID_ANALOG_GAIN

by Hans Verkuil

This is an automatic generated email to let you know that the following patch were queued: Subject: media: i2c: alvium: Move V4L2_CID_GAIN to V4L2_CID_ANALOG_GAIN Author: Tommaso Merciai <tomm.merciai(a)gmail.com> Date: Mon Jun 10 10:10:34 2024 +0200 Into alvium cameras REG_BCRM_GAIN_RW control the analog gain. Let's use the right V4L2_CID_ANALOGUE_GAIN ctrl. Fixes: 0a7af872915e ("media: i2c: Add support for alvium camera") Cc: stable(a)vger.kernel.org Signed-off-by: Tommaso Merciai <tomm.merciai(a)gmail.com> Signed-off-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> drivers/media/i2c/alvium-csi2.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- diff --git a/drivers/media/i2c/alvium-csi2.c b/drivers/media/i2c/alvium-csi2.c index c27c6fcaede4..5ddfd3dcb188 100644 --- a/drivers/media/i2c/alvium-csi2.c +++ b/drivers/media/i2c/alvium-csi2.c @@ -1998,7 +1998,7 @@ static int alvium_g_volatile_ctrl(struct v4l2_ctrl *ctrl) int val; switch (ctrl->id) { - case V4L2_CID_GAIN: + case V4L2_CID_ANALOGUE_GAIN: val = alvium_get_gain(alvium); if (val < 0) return val; @@ -2030,7 +2030,7 @@ static int alvium_s_ctrl(struct v4l2_ctrl *ctrl) return 0; switch (ctrl->id) { - case V4L2_CID_GAIN: + case V4L2_CID_ANALOGUE_GAIN: ret = alvium_set_ctrl_gain(alvium, ctrl->val); break; case V4L2_CID_AUTOGAIN: @@ -2159,7 +2159,7 @@ static int alvium_ctrl_init(struct alvium_dev *alvium) if (alvium->avail_ft.gain) { ctrls->gain = v4l2_ctrl_new_std(hdl, ops, - V4L2_CID_GAIN, + V4L2_CID_ANALOGUE_GAIN, alvium->min_gain, alvium->max_gain, alvium->inc_gain,

1 year, 3 months

1
0
0 0

[PATCH 6.6.y 0/2] Fix missing lib.sh for net/unicast_extensions.sh and net/pmtu.sh tests

by Po-Hsu Lin

Since upstream commit: * 0f4765d0 "selftests/net: convert unicast_extensions.sh to run it in unique namespace" * 378f082e "selftests/net: convert pmtu.sh to run it in unique namespace" The lib.sh from commit 25ae948b "selftests/net: add lib.sh" will be needed. Otherwise these test will complain about missing files and fail: $ sudo ./unicast_extensions.sh ./unicast_extensions.sh: line 31: lib.sh: No such file or directory ... $ sudo ./pmtu.sh ./pmtu.sh: line 201: lib.sh: No such file or directory ./pmtu.sh: line 941: cleanup_all_ns: command not found ... Another commit b6925b4e "selftests/net: add variable NS_LIST for lib.sh" is needed to add support for the cleanup_all_ns above. Hangbin Liu (2): selftests/net: add lib.sh selftests/net: add variable NS_LIST for lib.sh tools/testing/selftests/net/Makefile | 2 +- tools/testing/selftests/net/forwarding/lib.sh | 27 +------- tools/testing/selftests/net/lib.sh | 93 +++++++++++++++++++++++++++ 3 files changed, 95 insertions(+), 27 deletions(-) create mode 100644 tools/testing/selftests/net/lib.sh -- 2.7.4

1 year, 3 months

2
3
0 0

+ ocfs2-fix-dio-failure-due-to-insufficient-transaction-credits.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: ocfs2: fix DIO failure due to insufficient transaction credits has been added to the -mm mm-hotfixes-unstable branch. Its filename is ocfs2-fix-dio-failure-due-to-insufficient-transaction-credits.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Jan Kara <jack(a)suse.cz> Subject: ocfs2: fix DIO failure due to insufficient transaction credits Date: Fri, 14 Jun 2024 16:52:43 +0200 The code in ocfs2_dio_end_io_write() estimates number of necessary transaction credits using ocfs2_calc_extend_credits(). This however does not take into account that the IO could be arbitrarily large and can contain arbitrary number of extents. Extent tree manipulations do often extend the current transaction but not in all of the cases. For example if we have only single block extents in the tree, ocfs2_mark_extent_written() will end up calling ocfs2_replace_extent_rec() all the time and we will never extend the current transaction and eventually exhaust all the transaction credits if the IO contains many single block extents. Make sure the transaction always has enough credits for one extent insert before each call of ocfs2_mark_extent_written(). Link: https://lkml.kernel.org/r/20240614145243.8837-1-jack@suse.cz Signed-off-by: Jan Kara <jack(a)suse.cz> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Heming Zhao <heming.zhao(a)suse.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Gang He <ghe(a)suse.com> Cc: Jun Piao <piaojun(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/aops.c | 5 +++++ fs/ocfs2/journal.c | 17 +++++++++++++++++ fs/ocfs2/journal.h | 2 ++ fs/ocfs2/ocfs2_trace.h | 2 ++ 4 files changed, 26 insertions(+) --- a/fs/ocfs2/aops.c~ocfs2-fix-dio-failure-due-to-insufficient-transaction-credits +++ a/fs/ocfs2/aops.c @@ -2366,6 +2366,11 @@ static int ocfs2_dio_end_io_write(struct } list_for_each_entry(ue, &dwc->dw_zero_list, ue_node) { + ret = ocfs2_assure_trans_credits(handle, credits); + if (ret < 0) { + mlog_errno(ret); + break; + } ret = ocfs2_mark_extent_written(inode, &et, handle, ue->ue_cpos, 1, ue->ue_phys, --- a/fs/ocfs2/journal.c~ocfs2-fix-dio-failure-due-to-insufficient-transaction-credits +++ a/fs/ocfs2/journal.c @@ -446,6 +446,23 @@ bail: } /* + * Make sure handle has at least 'nblocks' credits available. If it does not + * have that many credits available, we will try to extend the handle to have + * enough credits. If that fails, we will restart transaction to have enough + * credits. Similar notes regarding data consistency and locking implications + * as for ocfs2_extend_trans() apply here. + */ +int ocfs2_assure_trans_credits(handle_t *handle, int nblocks) +{ + int old_nblks = jbd2_handle_buffer_credits(handle); + + trace_ocfs2_assure_trans_credits(old_nblks); + if (old_nblks >= nblocks) + return 0; + return ocfs2_extend_trans(handle, nblocks - old_nblks); +} + +/* * If we have fewer than thresh credits, extend by OCFS2_MAX_TRANS_DATA. * If that fails, restart the transaction & regain write access for the * buffer head which is used for metadata modifications. --- a/fs/ocfs2/journal.h~ocfs2-fix-dio-failure-due-to-insufficient-transaction-credits +++ a/fs/ocfs2/journal.h @@ -243,6 +243,8 @@ handle_t *ocfs2_start_trans(struct int ocfs2_commit_trans(struct ocfs2_super *osb, handle_t *handle); int ocfs2_extend_trans(handle_t *handle, int nblocks); +int ocfs2_assure_trans_credits(handle_t *handle, + int nblocks); int ocfs2_allocate_extend_trans(handle_t *handle, int thresh); --- a/fs/ocfs2/ocfs2_trace.h~ocfs2-fix-dio-failure-due-to-insufficient-transaction-credits +++ a/fs/ocfs2/ocfs2_trace.h @@ -2577,6 +2577,8 @@ DEFINE_OCFS2_ULL_UINT_EVENT(ocfs2_commit DEFINE_OCFS2_INT_INT_EVENT(ocfs2_extend_trans); +DEFINE_OCFS2_INT_EVENT(ocfs2_assure_trans_credits); + DEFINE_OCFS2_INT_EVENT(ocfs2_extend_trans_restart); DEFINE_OCFS2_INT_INT_EVENT(ocfs2_allocate_extend_trans); _ Patches currently in -mm which might be from jack(a)suse.cz are ocfs2-fix-dio-failure-due-to-insufficient-transaction-credits.patch

1 year, 3 months

1
0
0 0

[PATCH 1/2] docs: stable-kernel-rules: provide example of specifying target series

by Shung-Hsi Yu

Provide a concrete example of how to specify what stable series should be targeted for change inclusion. Looking around on the stable mailing list this seems like a common practice already, so let's mention that in the documentation as well (but worded so it is not interpreted as the only way to do so). Signed-off-by: Shung-Hsi Yu <shung-hsi.yu(a)suse.com> --- Documentation/process/stable-kernel-rules.rst | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/Documentation/process/stable-kernel-rules.rst b/Documentation/process/stable-kernel-rules.rst index edf90bbe30f4..daa542988095 100644 --- a/Documentation/process/stable-kernel-rules.rst +++ b/Documentation/process/stable-kernel-rules.rst @@ -57,10 +57,13 @@ options for cases where a mainlined patch needs adjustments to apply in older series (for example due to API changes). When using option 2 or 3 you can ask for your change to be included in specific -stable series. When doing so, ensure the fix or an equivalent is applicable, -submitted, or already present in all newer stable trees still supported. This is -meant to prevent regressions that users might later encounter on updating, if -e.g. a fix merged for 5.19-rc1 would be backported to 5.10.y, but not to 5.15.y. +stable series, one way to do so is by specifying the target series in the +subject prefix (e.g. '[PATCH stable 5.15 5.10]' asks that the patch to be +included in both 5.10.y and 5.15.y). When doing so, ensure the fix or an +equivalent is applicable, submitted, or already present in all newer stable +trees still supported. This is meant to prevent regressions that users might +later encounter on updating, if e.g. a fix merged for 5.19-rc1 would be +backported to 5.10.y, but not to 5.15.y. .. _option_1: -- 2.45.1

1 year, 3 months

3
5
0 0

+ kasan-fix-bad-call-to-unpoison_slab_object.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: kasan: fix bad call to unpoison_slab_object has been added to the -mm mm-hotfixes-unstable branch. Its filename is kasan-fix-bad-call-to-unpoison_slab_object.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Andrey Konovalov <andreyknvl(a)gmail.com> Subject: kasan: fix bad call to unpoison_slab_object Date: Fri, 14 Jun 2024 16:32:38 +0200 Commit 29d7355a9d05 ("kasan: save alloc stack traces for mempool") messed up one of the calls to unpoison_slab_object: the last two arguments are supposed to be GFP flags and whether to init the object memory. Fix the call. Without this fix, __kasan_mempool_unpoison_object provides the object's size as GFP flags to unpoison_slab_object, which can cause LOCKDEP reports (and probably other issues). Link: https://lkml.kernel.org/r/20240614143238.60323-1-andrey.konovalov@linux.dev Fixes: 29d7355a9d05 ("kasan: save alloc stack traces for mempool") Signed-off-by: Andrey Konovalov <andreyknvl(a)gmail.com> Reported-by: Brad Spengler <spender(a)grsecurity.net> Acked-by: Marco Elver <elver(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/kasan/common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/kasan/common.c~kasan-fix-bad-call-to-unpoison_slab_object +++ a/mm/kasan/common.c @@ -532,7 +532,7 @@ void __kasan_mempool_unpoison_object(voi return; /* Unpoison the object and save alloc info for non-kmalloc() allocations. */ - unpoison_slab_object(slab->slab_cache, ptr, size, flags); + unpoison_slab_object(slab->slab_cache, ptr, flags, false); /* Poison the redzone and save alloc info for kmalloc() allocations. */ if (is_kmalloc_cache(slab->slab_cache)) _ Patches currently in -mm which might be from andreyknvl(a)gmail.com are kasan-fix-bad-call-to-unpoison_slab_object.patch

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] io_uring: check for non-NULL file pointer in" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 5fc16fa5f13b3c06fdb959ef262050bd810416a2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061318-hypocrite-elude-31f3@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 5fc16fa5f13b ("io_uring: check for non-NULL file pointer in io_file_can_poll()") 95041b93e90a ("io_uring: add io_file_can_poll() helper") 521223d7c229 ("io_uring/cancel: don't default to setting req->work.cancel_seq") 4bcb982cce74 ("io_uring: expand main struct io_kiocb flags to 64-bits") 595e52284d24 ("io_uring/poll: don't enable lazy wake for POLLEXCLUSIVE") 4de520f1fcef ("Merge tag 'io_uring-futex-2023-10-30' of git://git.kernel.dk/linux") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5fc16fa5f13b3c06fdb959ef262050bd810416a2 Mon Sep 17 00:00:00 2001 From: Jens Axboe <axboe(a)kernel.dk> Date: Sat, 1 Jun 2024 12:25:35 -0600 Subject: [PATCH] io_uring: check for non-NULL file pointer in io_file_can_poll() In earlier kernels, it was possible to trigger a NULL pointer dereference off the forced async preparation path, if no file had been assigned. The trace leading to that looks as follows: BUG: kernel NULL pointer dereference, address: 00000000000000b0 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP CPU: 67 PID: 1633 Comm: buf-ring-invali Not tainted 6.8.0-rc3+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS unknown 2/2/2022 RIP: 0010:io_buffer_select+0xc3/0x210 Code: 00 00 48 39 d1 0f 82 ae 00 00 00 48 81 4b 48 00 00 01 00 48 89 73 70 0f b7 50 0c 66 89 53 42 85 ed 0f 85 d2 00 00 00 48 8b 13 <48> 8b 92 b0 00 00 00 48 83 7a 40 00 0f 84 21 01 00 00 4c 8b 20 5b RSP: 0018:ffffb7bec38c7d88 EFLAGS: 00010246 RAX: ffff97af2be61000 RBX: ffff97af234f1700 RCX: 0000000000000040 RDX: 0000000000000000 RSI: ffff97aecfb04820 RDI: ffff97af234f1700 RBP: 0000000000000000 R08: 0000000000200030 R09: 0000000000000020 R10: ffffb7bec38c7dc8 R11: 000000000000c000 R12: ffffb7bec38c7db8 R13: ffff97aecfb05800 R14: ffff97aecfb05800 R15: ffff97af2be5e000 FS: 00007f852f74b740(0000) GS:ffff97b1eeec0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000b0 CR3: 000000016deab005 CR4: 0000000000370ef0 Call Trace: <TASK> ? __die+0x1f/0x60 ? page_fault_oops+0x14d/0x420 ? do_user_addr_fault+0x61/0x6a0 ? exc_page_fault+0x6c/0x150 ? asm_exc_page_fault+0x22/0x30 ? io_buffer_select+0xc3/0x210 __io_import_iovec+0xb5/0x120 io_readv_prep_async+0x36/0x70 io_queue_sqe_fallback+0x20/0x260 io_submit_sqes+0x314/0x630 __do_sys_io_uring_enter+0x339/0xbc0 ? __do_sys_io_uring_register+0x11b/0xc50 ? vm_mmap_pgoff+0xce/0x160 do_syscall_64+0x5f/0x180 entry_SYSCALL_64_after_hwframe+0x46/0x4e RIP: 0033:0x55e0a110a67e Code: ba cc 00 00 00 45 31 c0 44 0f b6 92 d0 00 00 00 31 d2 41 b9 08 00 00 00 41 83 e2 01 41 c1 e2 04 41 09 c2 b8 aa 01 00 00 0f 05 <c3> 90 89 30 eb a9 0f 1f 40 00 48 8b 42 20 8b 00 a8 06 75 af 85 f6 because the request is marked forced ASYNC and has a bad file fd, and hence takes the forced async prep path. Current kernels with the request async prep cleaned up can no longer hit this issue, but for ease of backporting, let's add this safety check in here too as it really doesn't hurt. For both cases, this will inevitably end with a CQE posted with -EBADF. Cc: stable(a)vger.kernel.org Fixes: a76c0b31eef5 ("io_uring: commit non-pollable provided mapped buffers upfront") Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/io_uring/io_uring.h b/io_uring/io_uring.h index 624ca9076a50..726e6367af4d 100644 --- a/io_uring/io_uring.h +++ b/io_uring/io_uring.h @@ -433,7 +433,7 @@ static inline bool io_file_can_poll(struct io_kiocb *req) { if (req->flags & REQ_F_CAN_POLL) return true; - if (file_can_poll(req->file)) { + if (req->file && file_can_poll(req->file)) { req->flags |= REQ_F_CAN_POLL; return true; }

1 year, 3 months

2
1
0 0

Re: [PATCH 6.9 000/157] 6.9.5-rc1 review

by Ronald Warsow

Hi Greg +++ Update +++ the below crash seems to only to happen with mesa-24.1.x mesa-24.0.9 is fine filled a bug report: https://bugzilla.redhat.com/show_bug.cgi?id=2292434 ==== Jun 13 18:49:22 obelix.fritz.box kernel: RIP: 0010:drm_suballoc_free+0x13/0x110 [drm_suballoc_helper] Jun 13 18:49:22 obelix.fritz.box kernel: Code: eb ce 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 85 ff 0f 84 e1 00 00 00 41 54 55 48 89 fd 53 48 89 f3 <4c> 8b 67 20 4c 89 e7 e8 61 53 bd e2 48 85 db 0f 84 9f 00 00 00 48 Jun 13 18:49:22 obelix.fritz.box kernel: RSP: 0018:ffff9caa851f7630 EFLAGS: 00010286 Jun 13 18:49:22 obelix.fritz.box kernel: RAX: fffffffffffffe00 RBX: 0000000000000000 RCX: 000000000000890b Jun 13 18:49:22 obelix.fritz.box kernel: RDX: 00000000000088fb RSI: 0000000000000000 RDI: fffffffffffffe00 Jun 13 18:49:22 obelix.fritz.box kernel: RBP: fffffffffffffe00 R08: 0000000000000000 R09: 0000000000000001 Jun 13 18:49:22 obelix.fritz.box kernel: R10: 0000000000000000 R11: 0000000000000180 R12: ffff8ebf913c1158 Jun 13 18:49:22 obelix.fritz.box kernel: R13: fffffffffffffe00 R14: ffff9caa851f78a8 R15: ffff8ebf913c0000 Jun 13 18:49:22 obelix.fritz.box kernel: FS: 00007fd4f4640b00(0000) GS:ffff8ec2cf980000(0000) knlGS:0000000000000000 Jun 13 18:49:22 obelix.fritz.box kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 Jun 13 18:49:22 obelix.fritz.box kernel: CR2: fffffffffffffe20 CR3: 0000000110bc4001 CR4: 0000000000770ef0 Jun 13 18:49:22 obelix.fritz.box kernel: PKRU: 55555554 Jun 13 18:49:22 obelix.fritz.box kernel: Call Trace: Jun 13 18:49:22 obelix.fritz.box kernel: <TASK> Jun 13 18:49:22 obelix.fritz.box kernel: ? __die_body.cold+0x19/0x2c Jun 13 18:49:22 obelix.fritz.box kernel: ? page_fault_oops+0x155/0x280 Jun 13 18:49:22 obelix.fritz.box kernel: ? search_module_extables+0x10/0x50 Jun 13 18:49:22 obelix.fritz.box kernel: ? search_bpf_extables+0x56/0x80 Jun 13 18:49:22 obelix.fritz.box kernel: ? exc_page_fault+0x7a/0x80 Jun 13 18:49:22 obelix.fritz.box kernel: ? asm_exc_page_fault+0x22/0x30 Jun 13 18:49:22 obelix.fritz.box kernel: ? drm_suballoc_free+0x13/0x110 [drm_suballoc_helper] Jun 13 18:49:22 obelix.fritz.box kernel: xe_migrate_update_pgtables+0x692/0x9b0 [xe] Jun 13 18:49:22 obelix.fritz.box kernel: ? kmalloc_trace+0x11f/0x2d0 Jun 13 18:49:22 obelix.fritz.box kernel: __xe_pt_bind_vma+0x492/0xbe0 [xe] Jun 13 18:49:22 obelix.fritz.box kernel: xe_vm_bind_vma+0xa6/0x2e0 [xe] Jun 13 18:49:22 obelix.fritz.box kernel: xe_vm_bind+0xf3/0x200 [xe] Jun 13 18:49:22 obelix.fritz.box kernel: __xe_vma_op_execute+0x278/0x490 [xe] Jun 13 18:49:22 obelix.fritz.box kernel: xe_vm_bind_ioctl+0x1ce0/0x1f20 [xe] Jun 13 18:49:22 obelix.fritz.box kernel: ? __pfx_xe_vm_bind_ioctl+0x10/0x10 [xe] Jun 13 18:49:22 obelix.fritz.box kernel: drm_ioctl_kernel+0xa7/0x100 [drm] Jun 13 18:49:22 obelix.fritz.box kernel: drm_ioctl+0x312/0x5c0 [drm] Jun 13 18:49:22 obelix.fritz.box kernel: ? __pfx_xe_vm_bind_ioctl+0x10/0x10 [xe] Jun 13 18:49:22 obelix.fritz.box kernel: __x64_sys_ioctl+0x40d/0xb70 Jun 13 18:49:22 obelix.fritz.box kernel: do_syscall_64+0x7a/0x160 Jun 13 18:49:22 obelix.fritz.box kernel: ? __x64_sys_ioctl+0x13e/0xb70 Jun 13 18:49:22 obelix.fritz.box kernel: ? __count_memcg_events+0x43/0xb0 Jun 13 18:49:22 obelix.fritz.box kernel: ? handle_mm_fault+0x1f9/0x300 Jun 13 18:49:22 obelix.fritz.box kernel: ? syscall_exit_to_user_mode+0x68/0x1e0 Jun 13 18:49:22 obelix.fritz.box kernel: ? do_syscall_64+0x86/0x160 Jun 13 18:49:22 obelix.fritz.box kernel: ? clear_bhb_loop+0x45/0xa0 Jun 13 18:49:22 obelix.fritz.box kernel: ? clear_bhb_loop+0x45/0xa0 Jun 13 18:49:22 obelix.fritz.box kernel: ? clear_bhb_loop+0x45/0xa0 Jun 13 18:49:22 obelix.fritz.box kernel: entry_SYSCALL_64_after_hwframe+0x76/0x7e Jun 13 18:49:22 obelix.fritz.box kernel: RIP: 0033:0x7fd4f4d23d2d Jun 13 18:49:22 obelix.fritz.box kernel: Code: 04 25 28 00 00 00 48 89 45 c8 31 c0 48 8d 45 10 c7 45 b0 10 00 00 00 48 89 45 b8 48 8d 45 d0 48 89 45 c0 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1a 48 8b 45 c8 64 48 2b 04 25 28 00 00 00 Jun 13 18:49:22 obelix.fritz.box kernel: RSP: 002b:00007fff94738650 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 Jun 13 18:49:22 obelix.fritz.box kernel: RAX: ffffffffffffffda RBX: 00007fff94738710 RCX: 00007fd4f4d23d2d Jun 13 18:49:22 obelix.fritz.box kernel: RDX: 00007fff94738710 RSI: 0000000040886445 RDI: 0000000000000010 Jun 13 18:49:22 obelix.fritz.box kernel: RBP: 00007fff947386a0 R08: 0000000000001000 R09: 0000000000000000 Jun 13 18:49:22 obelix.fritz.box kernel: R10: 0000555a7a0fded0 R11: 0000000000000246 R12: 0000000000000010 Jun 13 18:49:22 obelix.fritz.box kernel: R13: 0000000000000000 R14: 0000555a78671160 R15: 0000555a7a234fa0 Jun 13 18:49:22 obelix.fritz.box kernel: </TASK> Jun 13 18:49:22 obelix.fritz.box kernel: Modules linked in: vboxnetadp(OE) vboxnetflt(OE) vboxdrv(OE) rfcomm nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables bnep iwlmvm mac80211 libarc4 snd_hda_codec_hdmi intel_rapl_common kvm_intel iwlwifi snd_hda_codec_realtek kvm btusb snd_hda_codec_generic btintel snd_hda_scodec_component bluetooth snd_hda_intel cfg80211 snd_intel_dspcfg snd_hda_codec snd_hda_core mei_hdcp mei_pxp rfkill nfnetlink xe drm_ttm_helper ttm agpgart i2c_algo_bit gpu_sched drm_buddy drm_suballoc_helper drm_gpuvm drm_exec drm_display_helper drm_kms_helper drm Jun 13 18:49:22 obelix.fritz.box kernel: CR2: fffffffffffffe20 Jun 13 18:49:22 obelix.fritz.box kernel: ---[ end trace 0000000000000000 ]--- Jun 13 18:49:22 obelix.fritz.box kernel: RIP: 0010:drm_suballoc_free+0x13/0x110 [drm_suballoc_helper] Jun 13 18:49:22 obelix.fritz.box kernel: Code: eb ce 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 85 ff 0f 84 e1 00 00 00 41 54 55 48 89 fd 53 48 89 f3 <4c> 8b 67 20 4c 89 e7 e8 61 53 bd e2 48 85 db 0f 84 9f 00 00 00 48 Jun 13 18:49:22 obelix.fritz.box kernel: RSP: 0018:ffff9caa851f7630 EFLAGS: 00010286 Jun 13 18:49:22 obelix.fritz.box kernel: RAX: fffffffffffffe00 RBX: 0000000000000000 RCX: 000000000000890b Jun 13 18:49:22 obelix.fritz.box kernel: RDX: 00000000000088fb RSI: 0000000000000000 RDI: fffffffffffffe00 Jun 13 18:49:22 obelix.fritz.box kernel: RBP: fffffffffffffe00 R08: 0000000000000000 R09: 0000000000000001 Jun 13 18:49:22 obelix.fritz.box kernel: R10: 0000000000000000 R11: 0000000000000180 R12: ffff8ebf913c1158 Jun 13 18:49:22 obelix.fritz.box kernel: R13: fffffffffffffe00 R14: ffff9caa851f78a8 R15: ffff8ebf913c0000 Jun 13 18:49:22 obelix.fritz.box kernel: FS: 00007fd4f4640b00(0000) GS:ffff8ec2cf980000(0000) knlGS:0000000000000000 Jun 13 18:49:22 obelix.fritz.box kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 Jun 13 18:49:22 obelix.fritz.box kernel: CR2: fffffffffffffe20 CR3: 0000000110bc4001 CR4: 0000000000770ef0 Jun 13 18:49:22 obelix.fritz.box kernel: PKRU: 55555554 Jun 13 18:49:22 obelix.fritz.box kernel: note: Xorg[3657] exited with irqs disabled

1 year, 3 months

1
0
0 0

[PATCH] net: usb: ax88179_178a: fix link status when link is set to down/up

by Jose Ignacio Tornos Martinez

The idea was to keep only one reset at initialization stage in order to reduce the total delay, or the reset from usbnet_probe or the reset from usbnet_open. I have seen that restarting from usbnet_probe is necessary to avoid doing too complex things. But when the link is set to down/up (for example to configure a different mac address) the link is not correctly recovered unless a reset is commanded from usbnet_open. So, detect the initialization stage (first call) to not reset from usbnet_open after the reset from usbnet_probe and after this stage, always reset from usbnet_open too (when the link needs to be rechecked). Apply to all the possible devices, the behavior now is going to be the same. cc: stable(a)vger.kernel.org # 6.6+ Fixes: 56f78615bcb1 ("net: usb: ax88179_178a: avoid writing the mac address before first reading") Reported-by: Isaac Ganoung <inventor500(a)vivaldi.net> Reported-by: Yongqin Liu <yongqin.liu(a)linaro.org> Signed-off-by: Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> --- drivers/net/usb/ax88179_178a.c | 37 ++++++++++++++++++++++++---------- 1 file changed, 26 insertions(+), 11 deletions(-) diff --git a/drivers/net/usb/ax88179_178a.c b/drivers/net/usb/ax88179_178a.c index 377be0d9ef14..a0edb410f746 100644 --- a/drivers/net/usb/ax88179_178a.c +++ b/drivers/net/usb/ax88179_178a.c @@ -174,6 +174,7 @@ struct ax88179_data { u32 wol_supported; u32 wolopts; u8 disconnecting; + u8 initialized; }; struct ax88179_int_data { @@ -1672,6 +1673,18 @@ static int ax88179_reset(struct usbnet *dev) return 0; } +static int ax88179_net_reset(struct usbnet *dev) +{ + struct ax88179_data *ax179_data = dev->driver_priv; + + if (ax179_data->initialized) + ax88179_reset(dev); + else + ax179_data->initialized = 1; + + return 0; +} + static int ax88179_stop(struct usbnet *dev) { u16 tmp16; @@ -1691,6 +1704,7 @@ static const struct driver_info ax88179_info = { .unbind = ax88179_unbind, .status = ax88179_status, .link_reset = ax88179_link_reset, + .reset = ax88179_net_reset, .stop = ax88179_stop, .flags = FLAG_ETHER | FLAG_FRAMING_AX, .rx_fixup = ax88179_rx_fixup, @@ -1703,6 +1717,7 @@ static const struct driver_info ax88178a_info = { .unbind = ax88179_unbind, .status = ax88179_status, .link_reset = ax88179_link_reset, + .reset = ax88179_net_reset, .stop = ax88179_stop, .flags = FLAG_ETHER | FLAG_FRAMING_AX, .rx_fixup = ax88179_rx_fixup, @@ -1715,7 +1730,7 @@ static const struct driver_info cypress_GX3_info = { .unbind = ax88179_unbind, .status = ax88179_status, .link_reset = ax88179_link_reset, - .reset = ax88179_reset, + .reset = ax88179_net_reset, .stop = ax88179_stop, .flags = FLAG_ETHER | FLAG_FRAMING_AX, .rx_fixup = ax88179_rx_fixup, @@ -1728,7 +1743,7 @@ static const struct driver_info dlink_dub1312_info = { .unbind = ax88179_unbind, .status = ax88179_status, .link_reset = ax88179_link_reset, - .reset = ax88179_reset, + .reset = ax88179_net_reset, .stop = ax88179_stop, .flags = FLAG_ETHER | FLAG_FRAMING_AX, .rx_fixup = ax88179_rx_fixup, @@ -1741,7 +1756,7 @@ static const struct driver_info sitecom_info = { .unbind = ax88179_unbind, .status = ax88179_status, .link_reset = ax88179_link_reset, - .reset = ax88179_reset, + .reset = ax88179_net_reset, .stop = ax88179_stop, .flags = FLAG_ETHER | FLAG_FRAMING_AX, .rx_fixup = ax88179_rx_fixup, @@ -1754,7 +1769,7 @@ static const struct driver_info samsung_info = { .unbind = ax88179_unbind, .status = ax88179_status, .link_reset = ax88179_link_reset, - .reset = ax88179_reset, + .reset = ax88179_net_reset, .stop = ax88179_stop, .flags = FLAG_ETHER | FLAG_FRAMING_AX, .rx_fixup = ax88179_rx_fixup, @@ -1767,7 +1782,7 @@ static const struct driver_info lenovo_info = { .unbind = ax88179_unbind, .status = ax88179_status, .link_reset = ax88179_link_reset, - .reset = ax88179_reset, + .reset = ax88179_net_reset, .stop = ax88179_stop, .flags = FLAG_ETHER | FLAG_FRAMING_AX, .rx_fixup = ax88179_rx_fixup, @@ -1780,7 +1795,7 @@ static const struct driver_info belkin_info = { .unbind = ax88179_unbind, .status = ax88179_status, .link_reset = ax88179_link_reset, - .reset = ax88179_reset, + .reset = ax88179_net_reset, .stop = ax88179_stop, .flags = FLAG_ETHER | FLAG_FRAMING_AX, .rx_fixup = ax88179_rx_fixup, @@ -1793,7 +1808,7 @@ static const struct driver_info toshiba_info = { .unbind = ax88179_unbind, .status = ax88179_status, .link_reset = ax88179_link_reset, - .reset = ax88179_reset, + .reset = ax88179_net_reset, .stop = ax88179_stop, .flags = FLAG_ETHER | FLAG_FRAMING_AX, .rx_fixup = ax88179_rx_fixup, @@ -1806,7 +1821,7 @@ static const struct driver_info mct_info = { .unbind = ax88179_unbind, .status = ax88179_status, .link_reset = ax88179_link_reset, - .reset = ax88179_reset, + .reset = ax88179_net_reset, .stop = ax88179_stop, .flags = FLAG_ETHER | FLAG_FRAMING_AX, .rx_fixup = ax88179_rx_fixup, @@ -1819,7 +1834,7 @@ static const struct driver_info at_umc2000_info = { .unbind = ax88179_unbind, .status = ax88179_status, .link_reset = ax88179_link_reset, - .reset = ax88179_reset, + .reset = ax88179_net_reset, .stop = ax88179_stop, .flags = FLAG_ETHER | FLAG_FRAMING_AX, .rx_fixup = ax88179_rx_fixup, @@ -1832,7 +1847,7 @@ static const struct driver_info at_umc200_info = { .unbind = ax88179_unbind, .status = ax88179_status, .link_reset = ax88179_link_reset, - .reset = ax88179_reset, + .reset = ax88179_net_reset, .stop = ax88179_stop, .flags = FLAG_ETHER | FLAG_FRAMING_AX, .rx_fixup = ax88179_rx_fixup, @@ -1845,7 +1860,7 @@ static const struct driver_info at_umc2000sp_info = { .unbind = ax88179_unbind, .status = ax88179_status, .link_reset = ax88179_link_reset, - .reset = ax88179_reset, + .reset = ax88179_net_reset, .stop = ax88179_stop, .flags = FLAG_ETHER | FLAG_FRAMING_AX, .rx_fixup = ax88179_rx_fixup, -- 2.44.0

1 year, 3 months

4
12
0 0

[PATCH 6.6] backport: fix 6.6 backport of changes to fork

by Leah Rumancik

The original backport didn't move the code to link the vma into the MT and also the code to increment the map_count causing ~15 xfstests (including ext4/303 generic/051 generic/054 generic/069) to hard fail on some platforms. This patch resolves test failures. Fixes: cec11fa2eb51 ("fork: defer linking file vma until vma is fully initialized") Signed-off-by: Leah Rumancik <leah.rumancik(a)gmail.com> --- kernel/fork.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/kernel/fork.c b/kernel/fork.c index 2eab916b504b..3bf0203c2195 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -733,6 +733,12 @@ static __latent_entropy int dup_mmap(struct mm_struct *mm, if (is_vm_hugetlb_page(tmp)) hugetlb_dup_vma_private(tmp); + /* Link the vma into the MT */ + if (vma_iter_bulk_store(&vmi, tmp)) + goto fail_nomem_vmi_store; + + mm->map_count++; + if (tmp->vm_ops && tmp->vm_ops->open) tmp->vm_ops->open(tmp); @@ -752,11 +758,6 @@ static __latent_entropy int dup_mmap(struct mm_struct *mm, i_mmap_unlock_write(mapping); } - /* Link the vma into the MT */ - if (vma_iter_bulk_store(&vmi, tmp)) - goto fail_nomem_vmi_store; - - mm->map_count++; if (!(tmp->vm_flags & VM_WIPEONFORK)) retval = copy_page_range(tmp, mpnt); -- 2.45.1.288.g0e0cd299f1-goog

1 year, 3 months

3
6
0 0

[PATCH v2] kcov: don't lose track of remote references during softirqs

by Aleksandr Nogikh

In kcov_remote_start()/kcov_remote_stop(), we swap the previous KCOV metadata of the current task into a per-CPU variable. However, the kcov_mode_enabled(mode) check is not sufficient in the case of remote KCOV coverage: current->kcov_mode always remains KCOV_MODE_DISABLED for remote KCOV objects. If the original task that has invoked the KCOV_REMOTE_ENABLE ioctl happens to get interrupted and kcov_remote_start() is called, it ultimately leads to kcov_remote_stop() NOT restoring the original KCOV reference. So when the task exits, all registered remote KCOV handles remain active forever. Fix it by introducing a special kcov_mode that is assigned to the task that owns a KCOV remote object. It makes kcov_mode_enabled() return true and yet does not trigger coverage collection in __sanitizer_cov_trace_pc() and write_comp_data(). Cc: stable(a)vger.kernel.org Signed-off-by: Aleksandr Nogikh <nogikh(a)google.com> Reviewed-by: Dmitry Vyukov <dvyukov(a)google.com> Reviewed-by: Andrey Konovalov <andreyknvl(a)gmail.com> Tested-by: Andrey Konovalov <andreyknvl(a)gmail.com> Fixes: 5ff3b30ab57d ("kcov: collect coverage from interrupts") --- Changes v1 -> v2: * Replaced WRITE_ONCE() with an ordinary assignment. * Added stable(a)vger.kernel.org to the Cc list. --- include/linux/kcov.h | 2 ++ kernel/kcov.c | 1 + 2 files changed, 3 insertions(+) diff --git a/include/linux/kcov.h b/include/linux/kcov.h index b851ba415e03..3b479a3d235a 100644 --- a/include/linux/kcov.h +++ b/include/linux/kcov.h @@ -21,6 +21,8 @@ enum kcov_mode { KCOV_MODE_TRACE_PC = 2, /* Collecting comparison operands mode. */ KCOV_MODE_TRACE_CMP = 3, + /* The process owns a KCOV remote reference. */ + KCOV_MODE_REMOTE = 4, }; #define KCOV_IN_CTXSW (1 << 30) diff --git a/kernel/kcov.c b/kernel/kcov.c index c3124f6d5536..f0a69d402066 100644 --- a/kernel/kcov.c +++ b/kernel/kcov.c @@ -632,6 +632,7 @@ static int kcov_ioctl_locked(struct kcov *kcov, unsigned int cmd, return -EINVAL; kcov->mode = mode; t->kcov = kcov; + t->kcov_mode = KCOV_MODE_REMOTE; kcov->t = t; kcov->remote = true; kcov->remote_size = remote_arg->area_size; -- 2.45.2.627.g7a2c4fd464-goog

1 year, 3 months

1
0
0 0

[GIT PULL] memblock:fix validation of NUMA coverage

by Mike Rapoport

Hi Linus, The following changes since commit 1613e604df0cd359cf2a7fbd9be7a0bcfacfabd0: Linux 6.10-rc1 (2024-05-26 15:20:12 -0700) are available in the Git repository at: https://git.kernel.org/pub/scm/linux/kernel/git/rppt/memblock for you to fetch changes up to 3ac36aa7307363b7247ccb6f6a804e11496b2b36: x86/mm/numa: Use NUMA_NO_NODE when calling memblock_set_node() (2024-06-06 22:20:39 +0300) ---------------------------------------------------------------- Jan Beulich (2): memblock: make memblock_set_node() also warn about use of MAX_NUMNODES x86/mm/numa: Use NUMA_NO_NODE when calling memblock_set_node() arch/x86/mm/numa.c | 6 +++--- mm/memblock.c | 4 ++++ 2 files changed, 7 insertions(+), 3 deletions(-) -- Sincerely yours, Mike.

1 year, 3 months

4
7
0 0

[PATCH] net: do not leave dangling sk pointer in inet_create()/inet6_create()

by Ignat Korchagin

It is possible to trigger a use-after-free by: * attaching an fentry probe to __sock_release() and the probe calling the bpf_get_socket_cookie() helper * running traceroute -I 1.1.1.1 on a freshly booted VM A KASAN enabled kernel will log something like below (decoded): [ 78.328507][ T299] ================================================================== [ 78.329018][ T299] BUG: KASAN: slab-use-after-free in __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29) [ 78.329366][ T299] Read of size 8 at addr ffff888007110dd8 by task traceroute/299 [ 78.329366][ T299] [ 78.329366][ T299] CPU: 2 PID: 299 Comm: traceroute Tainted: G E 6.10.0-rc2+ #2 [ 78.329366][ T299] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 [ 78.329366][ T299] Call Trace: [ 78.329366][ T299] <TASK> [ 78.329366][ T299] dump_stack_lvl (lib/dump_stack.c:117 (discriminator 1)) [ 78.329366][ T299] print_report (mm/kasan/report.c:378 mm/kasan/report.c:488) [ 78.329366][ T299] ? __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29) [ 78.329366][ T299] kasan_report (mm/kasan/report.c:603) [ 78.329366][ T299] ? __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29) [ 78.329366][ T299] kasan_check_range (mm/kasan/generic.c:183 mm/kasan/generic.c:189) [ 78.329366][ T299] __sock_gen_cookie (./arch/x86/include/asm/atomic64_64.h:15 ./include/linux/atomic/atomic-arch-fallback.h:2583 ./include/linux/atomic/atomic-instrumented.h:1611 net/core/sock_diag.c:29) [ 78.329366][ T299] bpf_get_socket_ptr_cookie (./arch/x86/include/asm/preempt.h:94 ./include/linux/sock_diag.h:42 net/core/filter.c:5094 net/core/filter.c:5092) [ 78.329366][ T299] bpf_prog_875642cf11f1d139___sock_release+0x6e/0x8e [ 78.329366][ T299] bpf_trampoline_6442506592+0x47/0xaf [ 78.329366][ T299] __sock_release (net/socket.c:652) [ 78.329366][ T299] __sock_create (net/socket.c:1601) [ 78.329366][ T299] ? srso_return_thunk (arch/x86/lib/retpoline.S:224) [ 78.329366][ T299] __sys_socket (net/socket.c:1660 net/socket.c:1644 net/socket.c:1706) [ 78.329366][ T299] ? __pfx___sys_socket (net/socket.c:1702) [ 78.329366][ T299] ? srso_return_thunk (arch/x86/lib/retpoline.S:224) [ 78.329366][ T299] ? up_read (./arch/x86/include/asm/atomic64_64.h:79 ./include/linux/atomic/atomic-arch-fallback.h:2749 ./include/linux/atomic/atomic-long.h:184 ./include/linux/atomic/atomic-instrumented.h:3317 kernel/locking/rwsem.c:1347 kernel/locking/rwsem.c:1622) [ 78.329366][ T299] ? srso_return_thunk (arch/x86/lib/retpoline.S:224) [ 78.329366][ T299] ? do_user_addr_fault (arch/x86/mm/fault.c:1419) [ 78.329366][ T299] __x64_sys_socket (net/socket.c:1718) [ 78.329366][ T299] ? srso_return_thunk (arch/x86/lib/retpoline.S:224) [ 78.329366][ T299] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) [ 78.329366][ T299] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) [ 78.329366][ T299] RIP: 0033:0x7f4022818ca7 [ 78.329366][ T299] Code: 73 01 c3 48 8b 0d 59 71 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 29 71 0c 00 f7 d8 64 89 01 48 All code ======== 0: 73 01 jae 0x3 2: c3 ret 3: 48 8b 0d 59 71 0c 00 mov 0xc7159(%rip),%rcx # 0xc7163 a: f7 d8 neg %eax c: 64 89 01 mov %eax,%fs:(%rcx) f: 48 83 c8 ff or $0xffffffffffffffff,%rax 13: c3 ret 14: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1) 1b: 00 00 00 1e: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1) 23: b8 29 00 00 00 mov $0x29,%eax 28: 0f 05 syscall 2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction 30: 73 01 jae 0x33 32: c3 ret 33: 48 8b 0d 29 71 0c 00 mov 0xc7129(%rip),%rcx # 0xc7163 3a: f7 d8 neg %eax 3c: 64 89 01 mov %eax,%fs:(%rcx) 3f: 48 rex.W Code starting with the faulting instruction =========================================== 0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax 6: 73 01 jae 0x9 8: c3 ret 9: 48 8b 0d 29 71 0c 00 mov 0xc7129(%rip),%rcx # 0xc7139 10: f7 d8 neg %eax 12: 64 89 01 mov %eax,%fs:(%rcx) 15: 48 rex.W [ 78.329366][ T299] RSP: 002b:00007ffd57e63db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 78.329366][ T299] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f4022818ca7 [ 78.329366][ T299] RDX: 0000000000000001 RSI: 0000000000000002 RDI: 0000000000000002 [ 78.329366][ T299] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000564be3dc8ec0 [ 78.329366][ T299] R10: 0c41e8ba3f6107df R11: 0000000000000246 R12: 0000564bbab801e0 [ 78.329366][ T299] R13: 0000000000000000 R14: 0000564bbab7db18 R15: 00007f4022934020 [ 78.329366][ T299] </TASK> [ 78.329366][ T299] [ 78.329366][ T299] Allocated by task 299 on cpu 2 at 78.328492s: [ 78.329366][ T299] kasan_save_stack (mm/kasan/common.c:48) [ 78.329366][ T299] kasan_save_track (mm/kasan/common.c:68) [ 78.329366][ T299] __kasan_slab_alloc (mm/kasan/common.c:312 mm/kasan/common.c:338) [ 78.329366][ T299] kmem_cache_alloc_noprof (mm/slub.c:3941 mm/slub.c:4000 mm/slub.c:4007) [ 78.329366][ T299] sk_prot_alloc (net/core/sock.c:2075) [ 78.329366][ T299] sk_alloc (net/core/sock.c:2134) [ 78.329366][ T299] inet_create (net/ipv4/af_inet.c:327 net/ipv4/af_inet.c:252) [ 78.329366][ T299] __sock_create (net/socket.c:1572) [ 78.329366][ T299] __sys_socket (net/socket.c:1660 net/socket.c:1644 net/socket.c:1706) [ 78.329366][ T299] __x64_sys_socket (net/socket.c:1718) [ 78.329366][ T299] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) [ 78.329366][ T299] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) [ 78.329366][ T299] [ 78.329366][ T299] Freed by task 299 on cpu 2 at 78.328502s: [ 78.329366][ T299] kasan_save_stack (mm/kasan/common.c:48) [ 78.329366][ T299] kasan_save_track (mm/kasan/common.c:68) [ 78.329366][ T299] kasan_save_free_info (mm/kasan/generic.c:582) [ 78.329366][ T299] poison_slab_object (mm/kasan/common.c:242) [ 78.329366][ T299] __kasan_slab_free (mm/kasan/common.c:256) [ 78.329366][ T299] kmem_cache_free (mm/slub.c:4437 mm/slub.c:4511) [ 78.329366][ T299] __sk_destruct (net/core/sock.c:2117 net/core/sock.c:2208) [ 78.329366][ T299] inet_create (net/ipv4/af_inet.c:397 net/ipv4/af_inet.c:252) [ 78.329366][ T299] __sock_create (net/socket.c:1572) [ 78.329366][ T299] __sys_socket (net/socket.c:1660 net/socket.c:1644 net/socket.c:1706) [ 78.329366][ T299] __x64_sys_socket (net/socket.c:1718) [ 78.329366][ T299] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) [ 78.329366][ T299] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) [ 78.329366][ T299] [ 78.329366][ T299] The buggy address belongs to the object at ffff888007110d80 [ 78.329366][ T299] which belongs to the cache PING of size 976 [ 78.329366][ T299] The buggy address is located 88 bytes inside of [ 78.329366][ T299] freed 976-byte region [ffff888007110d80, ffff888007111150) [ 78.329366][ T299] [ 78.329366][ T299] The buggy address belongs to the physical page: [ 78.329366][ T299] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7110 [ 78.329366][ T299] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 78.329366][ T299] flags: 0x1ffff800000040(head|node=0|zone=1|lastcpupid=0x1ffff) [ 78.329366][ T299] page_type: 0xffffefff(slab) [ 78.329366][ T299] raw: 001ffff800000040 ffff888002f328c0 dead000000000122 0000000000000000 [ 78.329366][ T299] raw: 0000000000000000 00000000801c001c 00000001ffffefff 0000000000000000 [ 78.329366][ T299] head: 001ffff800000040 ffff888002f328c0 dead000000000122 0000000000000000 [ 78.329366][ T299] head: 0000000000000000 00000000801c001c 00000001ffffefff 0000000000000000 [ 78.329366][ T299] head: 001ffff800000003 ffffea00001c4401 ffffffffffffffff 0000000000000000 [ 78.329366][ T299] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 78.329366][ T299] page dumped because: kasan: bad access detected [ 78.329366][ T299] [ 78.329366][ T299] Memory state around the buggy address: [ 78.329366][ T299] ffff888007110c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 78.329366][ T299] ffff888007110d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 78.329366][ T299] >ffff888007110d80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 78.329366][ T299] ^ [ 78.329366][ T299] ffff888007110e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 78.329366][ T299] ffff888007110e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 78.329366][ T299] ================================================================== [ 78.366431][ T299] Disabling lock debugging due to kernel taint Fix this by ensuring the error path of inet_create()/inet6_create do not leave a dangling sk pointer after sk was released. Fixes: 086c653f5862 ("sock: struct proto hash function may error") Fixes: 610236587600 ("bpf: Add new cgroup attach type to enable sock modifications") Cc: stable(a)vger.kernel.org Signed-off-by: Ignat Korchagin <ignat(a)cloudflare.com> --- net/ipv4/af_inet.c | 3 +++ net/ipv6/af_inet6.c | 3 +++ 2 files changed, 6 insertions(+) diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c index b24d74616637..db53701db29e 100644 --- a/net/ipv4/af_inet.c +++ b/net/ipv4/af_inet.c @@ -378,6 +378,7 @@ static int inet_create(struct net *net, struct socket *sock, int protocol, err = sk->sk_prot->hash(sk); if (err) { sk_common_release(sk); + sock->sk = NULL; goto out; } } @@ -386,6 +387,7 @@ static int inet_create(struct net *net, struct socket *sock, int protocol, err = sk->sk_prot->init(sk); if (err) { sk_common_release(sk); + sock->sk = NULL; goto out; } } @@ -394,6 +396,7 @@ static int inet_create(struct net *net, struct socket *sock, int protocol, err = BPF_CGROUP_RUN_PROG_INET_SOCK(sk); if (err) { sk_common_release(sk); + sock->sk = NULL; goto out; } } diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c index 8041dc181bd4..6d5ebb2af928 100644 --- a/net/ipv6/af_inet6.c +++ b/net/ipv6/af_inet6.c @@ -254,6 +254,7 @@ static int inet6_create(struct net *net, struct socket *sock, int protocol, err = sk->sk_prot->hash(sk); if (err) { sk_common_release(sk); + sock->sk = NULL; goto out; } } @@ -261,6 +262,7 @@ static int inet6_create(struct net *net, struct socket *sock, int protocol, err = sk->sk_prot->init(sk); if (err) { sk_common_release(sk); + sock->sk = NULL; goto out; } } @@ -269,6 +271,7 @@ static int inet6_create(struct net *net, struct socket *sock, int protocol, err = BPF_CGROUP_RUN_PROG_INET_SOCK(sk); if (err) { sk_common_release(sk); + sock->sk = NULL; goto out; } } -- 2.39.2

1 year, 3 months

2
4
0 0

[PATCH v2] kasan: fix bad call to unpoison_slab_object

by andrey.konovalov＠linux.dev

From: Andrey Konovalov <andreyknvl(a)gmail.com> Commit 29d7355a9d05 ("kasan: save alloc stack traces for mempool") messed up one of the calls to unpoison_slab_object: the last two arguments are supposed to be GFP flags and whether to init the object memory. Fix the call. Without this fix, __kasan_mempool_unpoison_object provides the object's size as GFP flags to unpoison_slab_object, which can cause LOCKDEP reports (and probably other issues). Fixes: 29d7355a9d05 ("kasan: save alloc stack traces for mempool") Reported-by: Brad Spengler <spender(a)grsecurity.net> Cc: stable(a)vger.kernel.org Acked-by: Marco Elver <elver(a)google.com> Signed-off-by: Andrey Konovalov <andreyknvl(a)gmail.com> --- Changes v1->v2: - Fix typo in commit message. - CC stable. --- mm/kasan/common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/kasan/common.c b/mm/kasan/common.c index e7c9a4dc89f8..85e7c6b4575c 100644 --- a/mm/kasan/common.c +++ b/mm/kasan/common.c @@ -532,7 +532,7 @@ void __kasan_mempool_unpoison_object(void *ptr, size_t size, unsigned long ip) return; /* Unpoison the object and save alloc info for non-kmalloc() allocations. */ - unpoison_slab_object(slab->slab_cache, ptr, size, flags); + unpoison_slab_object(slab->slab_cache, ptr, flags, false); /* Poison the redzone and save alloc info for kmalloc() allocations. */ if (is_kmalloc_cache(slab->slab_cache)) -- 2.25.1

1 year, 3 months

1
0
0 0

[PATCH v2 1/2] drm/i915/mso: using joiner is not possible with eDP MSO

by Jani Nikula

It's not possible to use the joiner at the same time with eDP MSO. When a panel needs MSO, it's not optional, so MSO trumps joiner. While just reporting false for intel_dp_has_joiner() should be sufficient, also skip creation of the joiner force enable debugfs to better handle this in testing. Cc: stable(a)vger.kernel.org Cc: Ville Syrjala <ville.syrjala(a)linux.intel.com> Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/1668 Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> --- drivers/gpu/drm/i915/display/intel_display_debugfs.c | 8 ++++++-- drivers/gpu/drm/i915/display/intel_dp.c | 4 ++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/i915/display/intel_display_debugfs.c b/drivers/gpu/drm/i915/display/intel_display_debugfs.c index 91757fed9c6d..5eb31404436c 100644 --- a/drivers/gpu/drm/i915/display/intel_display_debugfs.c +++ b/drivers/gpu/drm/i915/display/intel_display_debugfs.c @@ -1546,8 +1546,12 @@ void intel_connector_debugfs_add(struct intel_connector *connector) if (DISPLAY_VER(i915) >= 11 && (connector_type == DRM_MODE_CONNECTOR_DisplayPort || connector_type == DRM_MODE_CONNECTOR_eDP)) { - debugfs_create_bool("i915_bigjoiner_force_enable", 0644, root, - &connector->force_bigjoiner_enable); + struct intel_dp *intel_dp = intel_attached_dp(connector); + + /* eDP MSO is not compatible with joiner */ + if (!intel_dp->mso_link_count) + debugfs_create_bool("i915_bigjoiner_force_enable", 0644, root, + &connector->force_bigjoiner_enable); } if (connector_type == DRM_MODE_CONNECTOR_DSI || diff --git a/drivers/gpu/drm/i915/display/intel_dp.c b/drivers/gpu/drm/i915/display/intel_dp.c index 9a9bb0f5b7fe..ab33c9de393a 100644 --- a/drivers/gpu/drm/i915/display/intel_dp.c +++ b/drivers/gpu/drm/i915/display/intel_dp.c @@ -465,6 +465,10 @@ bool intel_dp_has_joiner(struct intel_dp *intel_dp) struct intel_encoder *encoder = &intel_dig_port->base; struct drm_i915_private *dev_priv = to_i915(encoder->base.dev); + /* eDP MSO is not compatible with joiner */ + if (intel_dp->mso_link_count) + return false; + return DISPLAY_VER(dev_priv) >= 12 || (DISPLAY_VER(dev_priv) == 11 && encoder->port != PORT_A); -- 2.39.2

1 year, 3 months

2
2
0 0

Please backport 2d43cc701b96 to v6.9 and v6.6

by Michael Ellerman

Hi stable team, Can you please backport: 2d43cc701b96 ("powerpc/uaccess: Fix build errors seen with GCC 13/14") To v6.9 and v6.6. It was marked for backporting, but hasn't been picked up AFAICS. I'm not sure if it clashed with the asm_goto_output changes or something. But it backports cleanly to the current stable branches. It needs a custom backport for earlier kernels, I'll send those. cheers

1 year, 3 months

2
2
0 0

[PATCH v6.1] powerpc/uaccess: Fix build errors seen with GCC 13/14

by Michael Ellerman

commit 2d43cc701b96f910f50915ac4c2a0cae5deb734c upstream. Building ppc64le_defconfig with GCC 14 fails with assembler errors: CC fs/readdir.o /tmp/ccdQn0mD.s: Assembler messages: /tmp/ccdQn0mD.s:212: Error: operand out of domain (18 is not a multiple of 4) /tmp/ccdQn0mD.s:226: Error: operand out of domain (18 is not a multiple of 4) ... [6 lines] /tmp/ccdQn0mD.s:1699: Error: operand out of domain (18 is not a multiple of 4) A snippet of the asm shows: # ../fs/readdir.c:210: unsafe_copy_dirent_name(dirent->d_name, name, namlen, efault_end); ld 9,0(29) # MEM[(u64 *)name_38(D) + _88 * 1], MEM[(u64 *)name_38(D) + _88 * 1] # 210 "../fs/readdir.c" 1 1: std 9,18(8) # put_user # *__pus_addr_52, MEM[(u64 *)name_38(D) + _88 * 1] The 'std' instruction requires a 4-byte aligned displacement because it is a DS-form instruction, and as the assembler says, 18 is not a multiple of 4. A similar error is seen with GCC 13 and CONFIG_UBSAN_SIGNED_WRAP=y. The fix is to change the constraint on the memory operand to put_user(), from "m" which is a general memory reference to "YZ". The "Z" constraint is documented in the GCC manual PowerPC machine constraints, and specifies a "memory operand accessed with indexed or indirect addressing". "Y" is not documented in the manual but specifies a "memory operand for a DS-form instruction". Using both allows the compiler to generate a DS-form "std" or X-form "stdx" as appropriate. Unfortunately clang doesn't support the "Y" constraint so that has to be behind an ifdef. Although the build error is only seen with GCC 13/14, that appears to just be luck. The constraint has been incorrect since it was first added. Fixes: c20beffeec3c ("powerpc/uaccess: Use flexible addressing with __put_user()/__get_user()") Suggested-by: Kewen Lin <linkw(a)gcc.gnu.org> [mpe: Drop CONFIG_PPC_KERNEL_PREFIXED ifdef for backport] Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Link: https://msgid.link/20240529123029.146953-1-mpe@ellerman.id.au --- arch/powerpc/include/asm/uaccess.h | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/include/asm/uaccess.h b/arch/powerpc/include/asm/uaccess.h index 45d4c9cf3f3a..661046150e49 100644 --- a/arch/powerpc/include/asm/uaccess.h +++ b/arch/powerpc/include/asm/uaccess.h @@ -80,9 +80,20 @@ __pu_failed: \ : \ : label) +#ifdef CONFIG_CC_IS_CLANG +#define DS_FORM_CONSTRAINT "Z<>" +#else +#define DS_FORM_CONSTRAINT "YZ<>" +#endif + #ifdef __powerpc64__ -#define __put_user_asm2_goto(x, ptr, label) \ - __put_user_asm_goto(x, ptr, label, "std") +#define __put_user_asm2_goto(x, addr, label) \ + asm goto ("1: std%U1%X1 %0,%1 # put_user\n" \ + EX_TABLE(1b, %l2) \ + : \ + : "r" (x), DS_FORM_CONSTRAINT (*addr) \ + : \ + : label) #else /* __powerpc64__ */ #define __put_user_asm2_goto(x, addr, label) \ asm goto( \ -- 2.45.1

1 year, 3 months

1
0
0 0

[PATCH v5.15] powerpc/uaccess: Fix build errors seen with GCC 13/14

by Michael Ellerman

commit 2d43cc701b96f910f50915ac4c2a0cae5deb734c upstream. Building ppc64le_defconfig with GCC 14 fails with assembler errors: CC fs/readdir.o /tmp/ccdQn0mD.s: Assembler messages: /tmp/ccdQn0mD.s:212: Error: operand out of domain (18 is not a multiple of 4) /tmp/ccdQn0mD.s:226: Error: operand out of domain (18 is not a multiple of 4) ... [6 lines] /tmp/ccdQn0mD.s:1699: Error: operand out of domain (18 is not a multiple of 4) A snippet of the asm shows: # ../fs/readdir.c:210: unsafe_copy_dirent_name(dirent->d_name, name, namlen, efault_end); ld 9,0(29) # MEM[(u64 *)name_38(D) + _88 * 1], MEM[(u64 *)name_38(D) + _88 * 1] # 210 "../fs/readdir.c" 1 1: std 9,18(8) # put_user # *__pus_addr_52, MEM[(u64 *)name_38(D) + _88 * 1] The 'std' instruction requires a 4-byte aligned displacement because it is a DS-form instruction, and as the assembler says, 18 is not a multiple of 4. A similar error is seen with GCC 13 and CONFIG_UBSAN_SIGNED_WRAP=y. The fix is to change the constraint on the memory operand to put_user(), from "m" which is a general memory reference to "YZ". The "Z" constraint is documented in the GCC manual PowerPC machine constraints, and specifies a "memory operand accessed with indexed or indirect addressing". "Y" is not documented in the manual but specifies a "memory operand for a DS-form instruction". Using both allows the compiler to generate a DS-form "std" or X-form "stdx" as appropriate. Unfortunately clang doesn't support the "Y" constraint so that has to be behind an ifdef. Although the build error is only seen with GCC 13/14, that appears to just be luck. The constraint has been incorrect since it was first added. Fixes: c20beffeec3c ("powerpc/uaccess: Use flexible addressing with __put_user()/__get_user()") Suggested-by: Kewen Lin <linkw(a)gcc.gnu.org> [mpe: Drop CONFIG_PPC_KERNEL_PREFIXED ifdef for backport] Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Link: https://msgid.link/20240529123029.146953-1-mpe@ellerman.id.au --- arch/powerpc/include/asm/uaccess.h | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/include/asm/uaccess.h b/arch/powerpc/include/asm/uaccess.h index b2680070d65d..6013a7fc74ba 100644 --- a/arch/powerpc/include/asm/uaccess.h +++ b/arch/powerpc/include/asm/uaccess.h @@ -90,9 +90,20 @@ __pu_failed: \ : \ : label) +#ifdef CONFIG_CC_IS_CLANG +#define DS_FORM_CONSTRAINT "Z<>" +#else +#define DS_FORM_CONSTRAINT "YZ<>" +#endif + #ifdef __powerpc64__ -#define __put_user_asm2_goto(x, ptr, label) \ - __put_user_asm_goto(x, ptr, label, "std") +#define __put_user_asm2_goto(x, addr, label) \ + asm goto ("1: std%U1%X1 %0,%1 # put_user\n" \ + EX_TABLE(1b, %l2) \ + : \ + : "r" (x), DS_FORM_CONSTRAINT (*addr) \ + : \ + : label) #else /* __powerpc64__ */ #define __put_user_asm2_goto(x, addr, label) \ asm_volatile_goto( \ -- 2.45.1

1 year, 3 months

1
0
0 0

[PATCH 6.6 000/301] 6.6.31-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.31 release. There are 301 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 16 May 2024 10:09:32 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.31-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.31-rc1 Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix firmware check error path Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix info leak when fetching fw build id Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix info leak when fetching board id Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: generalise device address check Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix NVM configuration parsing Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: add missing firmware sanity checks Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix wcn3991 device address check Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix invalid device address check Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Do not treat events directory different than other directories Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Do not differentiate the toplevel events directory Steven Rostedt (Google) <rostedt(a)goodmis.org> tracefs: Still use mount point as default permissions for instances Steven Rostedt (Google) <rostedt(a)goodmis.org> tracefs: Reset permissions on remount if permissions are options Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: do not grant v2 lease if parent lease key and epoch are not set Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: avoid to send duplicate lease break notifications Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: off ipv6only for both ipv4/ipv6 binding Conor Dooley <conor.dooley(a)microchip.com> spi: microchip-core-qspi: fix setting spi bus clock rate Johan Hovold <johan+linaro(a)kernel.org> regulator: core: fix debugfs creation regression Sean Anderson <sean.anderson(a)linux.dev> nvme-pci: Add quirk for broken MSIs Peter Xu <peterx(a)redhat.com> mm/userfaultfd: reset ptes when close() for wr-protected ones Kefeng Wang <wangkefeng.wang(a)huawei.com> mm: use memalloc_nofs_save() in page_cache_ra_order() Michael Ellerman <mpe(a)ellerman.id.au> selftests/mm: fix powerpc ARCH check Thomas Gleixner <tglx(a)linutronix.de> x86/apic: Don't access the APIC when disabling x2APIC Lakshmi Yadlapati <lakshmiy(a)us.ibm.com> hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> net: fix out-of-bounds access in ops_init Volodymyr Babchuk <Volodymyr_Babchuk(a)epam.com> arm64: dts: qcom: sa8155p-adp: fix SDHC2 CD pin configuration Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Fix incorrect DSC instance for MST George Shen <george.shen(a)amd.com> drm/amd/display: Handle Y carry-over in VCP X.Y calculation Karthikeyan Ramasubramanian <kramasub(a)chromium.org> drm/i915/bios: Fix parsing backlight BDB data Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Automate CCS Mode setting during engine resets Chaitanya Kumar Borah <chaitanya.kumar.borah(a)intel.com> drm/i915/audio: Fix audio time stamp programming for DP Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix invalid reads in fence signaled events Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Fix Legacy Display Unit Zack Rusin <zack.rusin(a)broadcom.com> drm/ttm: Print the memory decryption status just once Alex Deucher <alexander.deucher(a)amd.com> drm/amdkfd: don't allow mapping the MMIO HDP page with large pages Dave Airlie <airlied(a)redhat.com> Revert "drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()" Lyude Paul <lyude(a)redhat.com> drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor() Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add lunar lake point M DID Frank Oltmanns <frank(a)oltmanns.dev> clk: sunxi-ng: a64: Set minimum and maximum rate for PLL-MIPI Frank Oltmanns <frank(a)oltmanns.dev> clk: sunxi-ng: common: Support minimum and maximum rate Viken Dadhaniya <quic_vdadhani(a)quicinc.com> slimbus: qcom-ngd-ctrl: Add timeout for wait operation Jim Cromie <jim.cromie(a)gmail.com> dyndbg: fix old BUG_ON in >control parser Joao Paulo Goncalves <joao.goncalves(a)toradex.com> ASoC: ti: davinci-mcasp: Fix race condition during probe Sameer Pujar <spujar(a)nvidia.com> ASoC: tegra: Fix DSPK 16-bit playback Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize UMAC_CMD access Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access Max Filippov <jcmvbkbc(a)gmail.com> xtensa: fix MAKE_PC_FROM_RA second argument Paolo Abeni <pabeni(a)redhat.com> tipc: fix UAF in error path Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: change usleep_range to udelay in PHY mdic access Alexander Potapenko <glider(a)google.com> kmsan: compiler_types: declare __no_sanitize_or_inline Hans de Goede <hdegoede(a)redhat.com> iio: accel: mxc4005: Interrupt handling fixes Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: pressure: Fixes BME280 SPI driver data Ramona Gradinariu <ramona.bolboaca13(a)gmail.com> iio:imu: adis16475: Fix sync mode setting Javier Carrasco <javier.carrasco.cruz(a)gmail.com> dt-bindings: iio: health: maxim,max30102: fix compatible check Sven Schnelle <svens(a)linux.ibm.com> workqueue: Fix selection of wake_cpu in kick_pool() Gregory Detal <gregory.detal(a)gmail.com> mptcp: only allow set existing scheduler for net.mptcp.scheduler Paolo Abeni <pabeni(a)redhat.com> mptcp: ensure snd_nxt is properly initialized on connect Dan Carpenter <dan.carpenter(a)linaro.org> mm/slab: make __free(kfree) accept error pointers Liam R. Howlett <Liam.Howlett(a)oracle.com> maple_tree: fix mas_empty_area_rev() null pointer dereference Qu Wenruo <wqu(a)suse.com> btrfs: set correct ram_bytes when splitting ordered extent Dominique Martinet <dominique.martinet(a)atmark-techno.com> btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: ohci: fulfill timestamp for some local asynchronous transaction Aman Dhoot <amandhoot12(a)gmail.com> ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU Badhri Jagan Sridharan <badhri(a)google.com> usb: typec: tcpm: Check for port partner validity before consuming it Amit Sunil Dhamne <amitsd(a)google.com> usb: typec: tcpm: unregister existing source caps before re-registration RD Babiera <rdbabiera(a)google.com> usb: typec: tcpm: clear pd_event queue in PORT_RESET Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: core: Prevent phy suspend during init Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: xhci-plat: Don't include xhci.h Chris Wulff <Chris.Wulff(a)biamp.com> usb: gadget: f_fs: Fix a race condition when processing setup packets. Wesley Cheng <quic_wcheng(a)quicinc.com> usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete Ivan Avdeev <me(a)provod.works> usb: gadget: uvc: use correct buffer size when parsing configfs lists Peter Korsgaard <peter(a)korsgaard.com> usb: gadget: composite: fix OS descriptors w_value logic Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix access violation during port device removal Guenter Roeck <linux(a)roeck-us.net> usb: ohci: Prevent missed ohci interrupts Alan Stern <stern(a)rowland.harvard.edu> usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Fix connector check on init Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Check for notifications after init Linus Torvalds <torvalds(a)linux-foundation.org> Reapply "drm/qxl: simplify qxl_fence_wait" Thanassis Avgerinos <thanassis.avgerinos(a)gmail.com> firewire: nosy: ensure user_length is taken into account when fetching packet contents Dmitry Antipov <dmantipov(a)yandex.ru> btrfs: fix kvcalloc() arguments order in btrfs_ioctl_send() Christian König <christian.koenig(a)amd.com> drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 Michel Dänzer <mdaenzer(a)redhat.com> drm/amdgpu: Fix comparison in amdgpu_res_cpu_visible Gabe Teeger <gabe.teeger(a)amd.com> drm/amd/display: Atom Integrated System Info v2_2 for DCN35 Kent Gibson <warthog618(a)gmail.com> gpiolib: cdev: fix uninitialised kfifo Kent Gibson <warthog618(a)gmail.com> gpiolib: cdev: relocate debounce_period_us from struct gpio_desc Zhongqiu Han <quic_zhonhan(a)quicinc.com> gpiolib: cdev: Fix use after free in lineinfo_changed_notify Mario Limonciello <mario.limonciello(a)amd.com> dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users Douglas Anderson <dianders(a)chromium.org> drm/connector: Add \n to message about demoting connector force-probes Jerome Brunet <jbrunet(a)baylibre.com> drm/meson: dw-hdmi: add bandgap setting for g12 Jerome Brunet <jbrunet(a)baylibre.com> drm/meson: dw-hdmi: power up phy on device init Steffen Bätz <steffen(a)innosonix.de> net: dsa: mv88e6xxx: add phylink_get_caps for the mv88e6320/21 family Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix kernel crash when devlink reload during initialization Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix port vlan filter not disabled issue Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: use appropriate barrier function after setting a bit value Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: release PTP resources if pf initialization failed Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: change type of numa_node_mask as nodemask_t Jian Shen <shenjian15(a)huawei.com> net: hns3: direct return when receive a unknown mailbox message Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: using user configure after hardware reset Wen Gu <guwen(a)linux.alibaba.com> net/smc: fix neighbour and rtable leak in smc_ib_find_route() Eric Dumazet <edumazet(a)google.com> ipv6: prevent NULL dereference in ip6_output() Eric Dumazet <edumazet(a)google.com> ipv6: annotate data-races around cnf.disable_ipv6 Lukasz Majewski <lukma(a)denx.de> hsr: Simplify code for announcing HSR nodes timer setup Eric Dumazet <edumazet(a)google.com> net-sysfs: convert dev->operstate reads to lockless ones Eric Dumazet <edumazet(a)google.com> ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() Daniel Golle <daniel(a)makrotopia.org> dt-bindings: net: mediatek: remove wrongly added clocks and SerDes David Howells <dhowells(a)redhat.com> rxrpc: Only transmit one ACK per jumbo packet received David Howells <dhowells(a)redhat.com> rxrpc: Fix congestion control algorithm David Howells <dhowells(a)redhat.com> rxrpc: Fix the names of the fields in the ACK trailer struct Ido Schimmel <idosch(a)nvidia.com> selftests: test_bridge_neigh_suppress.sh: Fix failures due to duplicate MAC Hangbin Liu <liuhangbin(a)gmail.com> selftests/net: convert test_bridge_neigh_suppress.sh to run it in unique namespace Shigeru Yoshida <syoshida(a)redhat.com> ipv6: Fix potential uninit-value access in __ip6_make_skb() Felix Fietkau <nbd(a)nbd.name> net: bridge: fix corrupted ethernet header on multicast-to-unicast Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> nfc: nci: Fix kcov check in nci_rx_work() Eric Dumazet <edumazet(a)google.com> phonet: fix rtm_phonet_notify() skb allocation Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use a separate buffer for sending commands Roded Zats <rzats(a)paloaltonetworks.com> rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Marek Vasut <marex(a)denx.de> net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout Sungwoo Kim <iam(a)sung-woo.kim> Bluetooth: HCI: Fix potential null-ptr-deref Sungwoo Kim <iam(a)sung-woo.kim> Bluetooth: msft: fix slab-use-after-free in msft_do_close() Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Eric Dumazet <edumazet(a)google.com> tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets Boy.Wu <boy.wu(a)mediatek.com> ARM: 9381/1: kasan: clear stale stack poison Paul Davey <paul.davey(a)alliedtelesis.co.nz> xfrm: Preserve vlan tags for transport mode software GRO Al Viro <viro(a)zeniv.linux.org.uk> qibfs: fix dentry leak Olga Kornievskaia <kolga(a)netapp.com> SUNRPC: add a missing rpc_stat for TCP TLS Li Nan <linan122(a)huawei.com> blk-iocost: do not WARN if iocg was already offlined Vanillan Wang <vanillanwang(a)163.com> net:usb:qmi_wwan: support Rolling modules Alex Deucher <alexander.deucher(a)amd.com> drm/radeon: silence UBSAN warning (v3) Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> platform/x86: ISST: Add Granite Rapids-D to HPM CPU list Lyude Paul <lyude(a)redhat.com> drm/nouveau/dp: Don't probe eDP ports twice harder Krzysztof Kozlowski <krzk(a)kernel.org> gpio: lpc32xx: fix module autoloading Joakim Sindholt <opensource(a)zhasha.com> fs/9p: drop inodes immediately on non-.L too Stephen Boyd <sboyd(a)kernel.org> clk: Don't hold prepare_lock when calling kref_put() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: crystalcove: Use -ENOTSUPP consistently Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: wcove: Use -ENOTSUPP consistently Michael Ellerman <mpe(a)ellerman.id.au> powerpc/crypto/chacha-p10: Fix failure on non Power10 Jeff Layton <jlayton(a)kernel.org> 9p: explicitly deny setlease attempts Joakim Sindholt <opensource(a)zhasha.com> fs/9p: fix the cache always being enabled on files with qid flags Joakim Sindholt <opensource(a)zhasha.com> fs/9p: translate O_TRUNC into OTRUNC Joakim Sindholt <opensource(a)zhasha.com> fs/9p: only translate RWX permissions for plain 9P2000 Krzysztof Kozlowski <krzk(a)kernel.org> iommu: mtk: fix module autoloading Steve French <stfrench(a)microsoft.com> smb3: fix broken reconnect when password changing on the server by allowing password rotation Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted Rick Edgecombe <rick.p.edgecombe(a)intel.com> uio_hv_generic: Don't free decrypted memory Rick Edgecombe <rick.p.edgecombe(a)intel.com> hv_netvsc: Don't free decrypted memory Rick Edgecombe <rick.p.edgecombe(a)intel.com> Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl Rick Edgecombe <rick.p.edgecombe(a)intel.com> Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails John Stultz <jstultz(a)google.com> selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior Zhigang Luo <Zhigang.Luo(a)amd.com> amd/amdkfd: sync all devices to wait all processes being evicted Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Fix VCN allocation in CPX partition Alex Hung <alex.hung(a)amd.com> drm/amd/display: Skip on writeback when it's not applicable Tao Zhou <tao.zhou1(a)amd.com> drm/amdgpu: implement IRQ_STATE_ENABLE for SDMA v4.4.2 Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Refine IB schedule error logging Justin Ernst <justin.ernst(a)hpe.com> tools/power/turbostat: Fix uncore frequency file string Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: scall: Save thread_info.syscall unconditionally on entry Thierry Reding <treding(a)nvidia.com> gpu: host1x: Do not setup DMA for virtual devices Rik van Riel <riel(a)surriel.com> blk-iocost: avoid out of bounds shift Xiang Chen <chenxiang66(a)hisilicon.com> scsi: hisi_sas: Handle the NCQ error returned by D2H frame Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix SELinux error when systemd-modules loads the target module Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `BIT' Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `panic' Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `early_pfn_to_nid' Boris Burkov <boris(a)bur.io> btrfs: always clear PERTRANS metadata during commit Boris Burkov <boris(a)bur.io> btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve Len Brown <len.brown(a)intel.com> tools/power turbostat: Fix warning upon failed /dev/cpu_dma_latency read Patryk Wlazlyn <patryk.wlazlyn(a)linux.intel.com> tools/power turbostat: Print ucode revision only if valid Peng Liu <liupeng17(a)lenovo.com> tools/power turbostat: Fix Bzy_MHz documentation typo Wyes Karny <wyes.karny(a)amd.com> tools/power turbostat: Increase the limit for fd opened Doug Smythies <dsmythies(a)telus.net> tools/power turbostat: Fix added raw MSR output Adam Goldman <adamg(a)pobox.com> firewire: ohci: mask bus reset interrupts between ISR and bottom half Chen Ni <nichen(a)iscas.ac.cn> ata: sata_gemini: Check clk_enable() result Jeff Layton <jlayton(a)kernel.org> vboxsf: explicitly deny setlease attempts Phil Elwell <phil(a)raspberrypi.com> net: bcmgenet: Reset RBUF on first open Li Nan <linan122(a)huawei.com> block: fix overflow in blk_ioctl_discard() Takashi Iwai <tiwai(a)suse.de> ALSA: line6: Zero-initialize message buffers Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: Fix MCQ mode dev command timeout Yihang Li <liyihang9(a)huawei.com> scsi: libsas: Align SMP request allocation to ARCH_DMA_MINALIGN Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: WLUN suspend dev/link state error recovery André Apitzsch <git(a)apitzsch.eu> regulator: tps65132: Add of_match table Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda-dsp: Skip IMR boot on ACE platforms in case of S3 suspend Borislav Petkov (AMD) <bp(a)alien8.de> kbuild: Disable KCSAN for autogenerated *.mod.c intermediaries Mark Rutland <mark.rutland(a)arm.com> selftests/ftrace: Fix event filter target_func selection Andrei Matei <andreimatei1(a)gmail.com> bpf: Check bloom filter map value size Jonathan Kim <Jonathan.Kim(a)amd.com> drm/amdkfd: range check cp bad op exception interrupts Mukul Joshi <mukul.joshi(a)amd.com> drm/amdkfd: Check cgroup when returning DMABuf info Anand Jain <anand.jain(a)oracle.com> btrfs: return accurate error code on open failure in open_fs_devices() Saurav Kashyap <skashyap(a)marvell.com> scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> scsi: mpi3mr: Avoid memcpy field-spanning write WARNING linke li <lilinke99(a)qq.com> net: mark racy access on sk->sk_rcvbuf Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: mvm: guard against invalid STA ID on removal Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: read txq->read_ptr under lock Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix prep_connection error path Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> wifi: cfg80211: fix rdev_dump_mpp() arguments order Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc Andrew Price <anprice(a)redhat.com> gfs2: Fix invalid metadata access in punch_hole Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Use a dedicated lock for ras_fwlog state Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Move NPIV's transport unregistration to after resource clean up Rohit Ner <rohitner(a)google.com> scsi: ufs: core: Fix MCQ MAC configuration Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() Marc Zyngier <maz(a)kernel.org> KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id Will Deacon <will(a)kernel.org> swiotlb: initialise restricted pool list_head when SWIOTLB_DYNAMIC=y Gaurav Batra <gbatra(a)linux.ibm.com> powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE Nayna Jain <nayna(a)linux.ibm.com> powerpc/pseries: make max polling consistent for longer H_CALLs Jernej Skrabec <jernej.skrabec(a)gmail.com> clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change Adam Skladowski <a39.skl(a)gmail.com> clk: qcom: smd-rpm: Restore msm8976 num_clk Richard Gobert <richardbgobert(a)gmail.com> net: gro: add flush check in udp_gro_receive_segment Richard Gobert <richardbgobert(a)gmail.com> net: gro: fix udp bad offset in socket lookup by adding {inner_}network_offset to napi_gro_cb Richard Gobert <richardbgobert(a)gmail.com> net: gro: parse ipv6 ext headers without frag0 invalidation Shigeru Yoshida <syoshida(a)redhat.com> ipv4: Fix uninit-value access in __ip_make_skb() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Use predefined error codes Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Respect deferred probe Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Correct use of device property APIs Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: Fix kernel panic after setting hsuid Guillaume Nault <gnault(a)redhat.com> vxlan: Pull inner IP header in vxlan_rcv(). Xin Long <lucien.xin(a)gmail.com> tipc: fix a possible memleak in tipc_buf_append Jeffrey Altman <jaltman(a)auristor.com> rxrpc: Clients must accept conn from any address Felix Fietkau <nbd(a)nbd.name> net: core: reject skb_copy(_expand) for fraglist GSO skbs Felix Fietkau <nbd(a)nbd.name> net: bridge: fix multicast-to-unicast with fraglist GSO Mans Rullgard <mans(a)mansr.com> spi: fix null pointer dereference within spi_sync Shashank Sharma <shashank.sharma(a)amd.com> drm/amdgpu: fix doorbell regression Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> cxgb4: Properly lock TX queue for the selftest. Bui Quang Minh <minhquangbui99(a)gmail.com> s390/cio: Ensure the copied buf is NUL terminated Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: cards: select SND_DYNAMIC_MINORS Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-tdm-interface: manage formatters in trigger Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-card: make links nonatomic Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-fifo: use threaded irq to check periods Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-fifo: use FIELD helpers Guillaume Nault <gnault(a)redhat.com> vxlan: Add missing VNI filter counter update in arp_reduce(). Guillaume Nault <gnault(a)redhat.com> vxlan: Fix racy device stats updates. Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_actions() Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flow_spec Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flower Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: fix E-MU dock initialization Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: move the whole GPIO event handling to the workqueue Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: factor out snd_emu1010_load_dock_firmware() Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: fix E-MU card dock presence monitoring David Howells <dhowells(a)redhat.com> Fix a potential infinite loop in extract_user_to_sg() Jens Remus <jremus(a)linux.ibm.com> s390/vdso: Add CFI for RA register to asm macro vdso_func David Bauer <mail(a)david-bauer.net> net l2tp: drop flow hash on forward Kuniyuki Iwashima <kuniyu(a)amazon.com> nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). Bui Quang Minh <minhquangbui99(a)gmail.com> octeontx2-af: avoid off-by-one read from userspace Bui Quang Minh <minhquangbui99(a)gmail.com> bna: ensure the copied buf is NUL terminated Toke Høiland-Jørgensen <toke(a)redhat.com> xdp: use flags field to disambiguate broadcast redirect Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix clearing storage keys for huge pages Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix storage key clearing for guest huge pages Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: codecs: wsa881x: set clk_stop_mode1 flag Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: Intel: avs: Set name of control as in topology Xu Kuohai <xukuohai(a)huawei.com> riscv, bpf: Fix incorrect runtime stats Xu Kuohai <xukuohai(a)huawei.com> bpf, arm64: Fix incorrect runtime stats Devyn Liu <liudingyuan(a)huawei.com> spi: hisi-kunpeng: Delete the dump interface of data registers in debugfs David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: fix version format string David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: use common AXI macros David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: move msg state to new struct David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: use devm_spi_alloc_host() David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: simplify driver data allocation Li Zetao <lizetao1(a)huawei.com> spi: spi-axi-spi-engine: Use helper function devm_clk_get_enabled() Anton Protopopov <aspsk(a)isovalent.com> bpf: Fix a verifier verbose message Yi Zhang <yi.zhang(a)redhat.com> nvme: fix warn output about shared namespaces without CONFIG_NVME_MULTIPATH Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: SOF: Intel: add default firmware library path for LNL Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Introduce generic names for IPC types Richard Fitzgerald <rf(a)opensource.cirrus.com> regmap: Add regmap_read_bypassed() Jason Xing <kernelxing(a)tencent.com> bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Andrii Nakryiko <andrii(a)kernel.org> bpf, kconfig: Fix DEBUG_INFO_BTF_MODULES Kconfig definition Matti Vaittinen <mazziesaccount(a)gmail.com> regulator: change devm_regulator_get_enable_optional() stub to return Ok Matti Vaittinen <mazziesaccount(a)gmail.com> regulator: change stubbed devm_regulator_get_enable to return Ok AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> regulator: mt6360: De-capitalize devicetree regulator subnodes Zeng Heng <zengheng4(a)huawei.com> pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> power: supply: mt6360_charger: Fix of_match for usb-otg-vbus regulator Arnd Bergmann <arnd(a)arndb.de> power: rt9455: hide unused rt9455_boost_voltage_values Hans de Goede <hdegoede(a)redhat.com> pinctrl: baytrail: Fix selecting gpio pinctrl state Kuniyuki Iwashima <kuniyu(a)amazon.com> nfs: Handle error of rpc_proc_register() in nfs_net_init(). Josef Bacik <josef(a)toxicpanda.com> nfs: make the rpc_stat per net namespace Josef Bacik <josef(a)toxicpanda.com> nfs: expose /proc/net/sunrpc/nfs in net namespaces Josef Bacik <josef(a)toxicpanda.com> sunrpc: add a struct rpc_stats arg to rpc_create_args Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback Dan Carpenter <dan.carpenter(a)linaro.org> pinctrl: core: delete incorrect free in pinctrl_enable() Jan Dakinevich <jan.dakinevich(a)salutedevices.com> pinctrl/meson: fix typo in PDM's pin name Billy Tsai <billy_tsai(a)aspeedtech.com> pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T Tim Jiang <quic_tjiang(a)quicinc.com> Bluetooth: qca: add support for QCA2066 Daniel Okazaki <dtokazaki(a)google.com> eeprom: at24: fix memory corruption race condition Heiner Kallweit <hkallweit1(a)gmail.com> eeprom: at24: Probe for DDR3 thermal sensor in the SPD case Wedson Almeida Filho <walmeida(a)microsoft.com> rust: kernel: require `Send` for `Module` implementations Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: don't free NULL coalescing rule Benno Lossin <benno.lossin(a)proton.me> rust: macros: fix soundness issue in `module!` macro Thomas Bertschinger <tahbertschinger(a)gmail.com> rust: module: place generated init_module() function in .init.text Christian Marangi <ansuelsmth(a)gmail.com> mtd: limit OTP NVMEM cell parse to non-NAND devices Rafał Miłecki <rafal(a)milecki.pl> nvmem: add explicit config option to read old syntax fixed OF cells Vinod Koul <vkoul(a)kernel.org> dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state" Bumyong Lee <bumyong.lee(a)samsung.com> dmaengine: pl330: issue_pending waits until WFP state ------------- Diffstat: .../bindings/iio/health/maxim,max30102.yaml | 2 +- .../devicetree/bindings/net/mediatek,net.yaml | 22 +- Makefile | 4 +- arch/arm/kernel/sleep.S | 4 + arch/arm64/boot/dts/qcom/sa8155p-adp.dts | 30 +- arch/arm64/kvm/vgic/vgic-kvm-device.c | 12 +- arch/arm64/net/bpf_jit_comp.c | 6 +- arch/mips/include/asm/ptrace.h | 2 +- arch/mips/kernel/asm-offsets.c | 1 + arch/mips/kernel/ptrace.c | 15 +- arch/mips/kernel/scall32-o32.S | 23 +- arch/mips/kernel/scall64-n32.S | 3 +- arch/mips/kernel/scall64-n64.S | 3 +- arch/mips/kernel/scall64-o32.S | 33 +- arch/powerpc/crypto/chacha-p10-glue.c | 8 +- arch/powerpc/include/asm/plpks.h | 5 +- arch/powerpc/platforms/pseries/iommu.c | 8 + arch/powerpc/platforms/pseries/plpks.c | 10 +- arch/riscv/net/bpf_jit_comp64.c | 6 +- arch/s390/include/asm/dwarf.h | 1 + arch/s390/kernel/vdso64/vdso_user_wrapper.S | 2 + arch/s390/mm/gmap.c | 2 +- arch/s390/mm/hugetlbpage.c | 2 +- arch/x86/kernel/apic/apic.c | 16 +- arch/xtensa/include/asm/processor.h | 8 +- arch/xtensa/include/asm/ptrace.h | 2 +- arch/xtensa/kernel/process.c | 5 +- arch/xtensa/kernel/stacktrace.c | 3 +- block/blk-iocost.c | 14 +- block/ioctl.c | 5 +- drivers/ata/sata_gemini.c | 5 +- drivers/base/regmap/regmap.c | 37 +++ drivers/bluetooth/btqca.c | 208 ++++++++++++- drivers/bluetooth/btqca.h | 8 +- drivers/bluetooth/hci_qca.c | 13 +- drivers/clk/clk.c | 12 +- drivers/clk/qcom/clk-smd-rpm.c | 1 + drivers/clk/sunxi-ng/ccu-sun50i-a64.c | 2 + drivers/clk/sunxi-ng/ccu-sun50i-h6.c | 19 +- drivers/clk/sunxi-ng/ccu_common.c | 19 ++ drivers/clk/sunxi-ng/ccu_common.h | 3 + drivers/firewire/nosy.c | 6 +- drivers/firewire/ohci.c | 14 +- drivers/gpio/gpio-crystalcove.c | 2 +- drivers/gpio/gpio-lpc32xx.c | 1 + drivers/gpio/gpio-wcove.c | 2 +- drivers/gpio/gpiolib-cdev.c | 181 +++++++++-- drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 14 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 56 ++-- drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c | 15 +- drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c | 16 +- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 11 +- drivers/gpu/drm/amd/amdkfd/kfd_device.c | 17 +- drivers/gpu/drm/amd/amdkfd/kfd_int_process_v10.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_int_process_v11.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_int_process_v9.c | 3 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 10 + .../drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 48 ++- drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 1 + .../display/dc/dcn31/dcn31_hpo_dp_link_encoder.c | 6 + .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c | 2 +- drivers/gpu/drm/drm_connector.c | 2 +- drivers/gpu/drm/i915/display/intel_audio.c | 113 +------ drivers/gpu/drm/i915/display/intel_bios.c | 19 +- drivers/gpu/drm/i915/display/intel_vbt_defs.h | 5 - drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c | 6 +- drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h | 2 +- drivers/gpu/drm/i915/gt/intel_workarounds.c | 4 +- drivers/gpu/drm/meson/meson_dw_hdmi.c | 70 ++--- drivers/gpu/drm/nouveau/nouveau_dp.c | 13 +- drivers/gpu/drm/panel/Kconfig | 2 +- drivers/gpu/drm/panel/panel-ilitek-ili9341.c | 13 +- drivers/gpu/drm/qxl/qxl_release.c | 50 +--- drivers/gpu/drm/radeon/pptable.h | 10 +- drivers/gpu/drm/ttm/ttm_tt.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 1 + drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 +- drivers/gpu/host1x/bus.c | 8 - drivers/hv/channel.c | 29 +- drivers/hv/connection.c | 29 +- drivers/hwmon/corsair-cpro.c | 43 ++- drivers/hwmon/pmbus/ucd9000.c | 6 +- drivers/iio/accel/mxc4005.c | 24 +- drivers/iio/imu/adis16475.c | 4 +- drivers/iio/pressure/bmp280-spi.c | 4 +- drivers/infiniband/hw/qib/qib_fs.c | 1 + drivers/iommu/mtk_iommu.c | 1 + drivers/iommu/mtk_iommu_v1.c | 1 + drivers/misc/eeprom/at24.c | 47 ++- drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/mtd/mtdcore.c | 2 + drivers/net/dsa/mv88e6xxx/chip.c | 20 +- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 32 +- drivers/net/ethernet/broadcom/genet/bcmgenet.h | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 8 +- drivers/net/ethernet/broadcom/genet/bcmmii.c | 6 +- drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 4 +- drivers/net/ethernet/chelsio/cxgb4/sge.c | 6 +- drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 52 ++-- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.h | 5 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 7 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 20 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 2 +- drivers/net/ethernet/intel/e1000e/phy.c | 8 +- .../ethernet/marvell/octeontx2/af/rvu_debugfs.c | 4 +- drivers/net/ethernet/micrel/ks8851_common.c | 16 +- drivers/net/ethernet/qlogic/qede/qede_filter.c | 14 +- drivers/net/hyperv/netvsc.c | 7 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/vxlan/vxlan_core.c | 49 ++- drivers/net/wireless/intel/iwlwifi/mvm/mld-sta.c | 7 +- drivers/net/wireless/intel/iwlwifi/queue/tx.c | 2 +- drivers/nvme/host/core.c | 2 +- drivers/nvme/host/nvme.h | 5 + drivers/nvme/host/pci.c | 14 +- drivers/nvmem/apple-efuses.c | 1 + drivers/nvmem/core.c | 8 +- drivers/nvmem/imx-ocotp-scu.c | 1 + drivers/nvmem/imx-ocotp.c | 1 + drivers/nvmem/meson-efuse.c | 1 + drivers/nvmem/meson-mx-efuse.c | 1 + drivers/nvmem/microchip-otpc.c | 1 + drivers/nvmem/mtk-efuse.c | 1 + drivers/nvmem/qcom-spmi-sdam.c | 1 + drivers/nvmem/qfprom.c | 1 + drivers/nvmem/rave-sp-eeprom.c | 1 + drivers/nvmem/rockchip-efuse.c | 1 + drivers/nvmem/sc27xx-efuse.c | 1 + drivers/nvmem/sec-qfprom.c | 1 + drivers/nvmem/sprd-efuse.c | 1 + drivers/nvmem/stm32-romem.c | 1 + drivers/nvmem/sunplus-ocotp.c | 1 + drivers/nvmem/sunxi_sid.c | 1 + drivers/nvmem/uniphier-efuse.c | 1 + drivers/nvmem/zynqmp_nvmem.c | 1 + drivers/pinctrl/aspeed/pinctrl-aspeed-g6.c | 34 +-- drivers/pinctrl/core.c | 8 +- drivers/pinctrl/devicetree.c | 10 +- drivers/pinctrl/intel/pinctrl-baytrail.c | 74 ++--- drivers/pinctrl/intel/pinctrl-intel.h | 4 + drivers/pinctrl/mediatek/pinctrl-paris.c | 40 +-- drivers/pinctrl/meson/pinctrl-meson-a1.c | 6 +- .../x86/intel/speed_select_if/isst_if_common.c | 1 + drivers/power/supply/mt6360_charger.c | 2 +- drivers/power/supply/rt9455_charger.c | 2 + drivers/regulator/core.c | 27 +- drivers/regulator/mt6360-regulator.c | 32 +- drivers/regulator/tps65132-regulator.c | 7 + drivers/rtc/nvmem.c | 1 + drivers/s390/cio/cio_inject.c | 2 +- drivers/s390/net/qeth_core_main.c | 69 ++--- drivers/scsi/bnx2fc/bnx2fc_tgt.c | 2 - drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 10 +- drivers/scsi/libsas/sas_expander.c | 2 +- drivers/scsi/lpfc/lpfc.h | 2 +- drivers/scsi/lpfc/lpfc_attr.c | 4 +- drivers/scsi/lpfc/lpfc_bsg.c | 20 +- drivers/scsi/lpfc/lpfc_debugfs.c | 12 +- drivers/scsi/lpfc/lpfc_els.c | 20 +- drivers/scsi/lpfc/lpfc_hbadisc.c | 5 +- drivers/scsi/lpfc/lpfc_init.c | 5 +- drivers/scsi/lpfc/lpfc_nvme.c | 4 +- drivers/scsi/lpfc/lpfc_scsi.c | 13 +- drivers/scsi/lpfc/lpfc_sli.c | 34 +-- drivers/scsi/lpfc/lpfc_vport.c | 8 +- drivers/scsi/mpi3mr/mpi3mr_app.c | 2 +- drivers/slimbus/qcom-ngd-ctrl.c | 6 +- drivers/spi/spi-axi-spi-engine.c | 229 +++++++------- drivers/spi/spi-hisi-kunpeng.c | 2 - drivers/spi/spi-microchip-core-qspi.c | 1 + drivers/spi/spi.c | 1 + drivers/target/target_core_configfs.c | 12 + drivers/ufs/core/ufs-mcq.c | 2 +- drivers/ufs/core/ufshcd.c | 9 +- drivers/uio/uio_hv_generic.c | 12 +- drivers/usb/core/hub.c | 5 +- drivers/usb/core/port.c | 8 +- drivers/usb/dwc3/core.c | 90 +++--- drivers/usb/dwc3/core.h | 1 + drivers/usb/dwc3/gadget.c | 2 + drivers/usb/dwc3/host.c | 27 ++ drivers/usb/gadget/composite.c | 6 +- drivers/usb/gadget/function/f_fs.c | 9 +- drivers/usb/gadget/function/uvc_configfs.c | 4 +- drivers/usb/host/ohci-hcd.c | 8 + drivers/usb/host/xhci-plat.h | 4 +- drivers/usb/host/xhci-rzv2m.c | 1 + drivers/usb/typec/tcpm/tcpm.c | 36 ++- drivers/usb/typec/ucsi/ucsi.c | 12 +- drivers/w1/slaves/w1_ds250x.c | 1 + fs/9p/fid.h | 3 - fs/9p/vfs_file.c | 2 + fs/9p/vfs_inode.c | 5 +- fs/9p/vfs_super.c | 1 + fs/btrfs/inode.c | 2 +- fs/btrfs/ordered-data.c | 1 + fs/btrfs/send.c | 4 +- fs/btrfs/transaction.c | 2 +- fs/btrfs/volumes.c | 18 +- fs/gfs2/bmap.c | 5 +- fs/nfs/client.c | 5 +- fs/nfs/inode.c | 13 +- fs/nfs/internal.h | 2 - fs/nfs/netns.h | 2 + fs/smb/client/cifsglob.h | 1 + fs/smb/client/connect.c | 8 + fs/smb/client/fs_context.c | 21 ++ fs/smb/client/fs_context.h | 2 + fs/smb/client/misc.c | 1 + fs/smb/client/smb2pdu.c | 11 + fs/smb/server/oplock.c | 35 ++- fs/smb/server/transport_tcp.c | 4 + fs/tracefs/event_inode.c | 74 ++--- fs/tracefs/inode.c | 92 +++++- fs/tracefs/internal.h | 14 +- fs/userfaultfd.c | 4 + fs/vboxsf/file.c | 1 + include/linux/compiler_types.h | 11 + include/linux/dma-fence.h | 7 - include/linux/gfp_types.h | 2 + include/linux/hyperv.h | 1 + include/linux/nvmem-provider.h | 2 + include/linux/regmap.h | 8 + include/linux/regulator/consumer.h | 4 +- include/linux/skbuff.h | 15 + include/linux/skmsg.h | 2 + include/linux/slab.h | 2 +- include/linux/sunrpc/clnt.h | 1 + include/net/gro.h | 9 + include/net/xfrm.h | 3 + include/sound/emu10k1.h | 3 +- include/sound/sof.h | 7 +- include/trace/events/rxrpc.h | 2 +- include/uapi/linux/kfd_ioctl.h | 17 +- include/uapi/scsi/scsi_bsg_mpi3mr.h | 2 +- kernel/bpf/bloom_filter.c | 13 + kernel/bpf/verifier.c | 3 +- kernel/dma/swiotlb.c | 1 + kernel/workqueue.c | 8 +- lib/Kconfig.debug | 5 +- lib/dynamic_debug.c | 6 +- lib/maple_tree.c | 16 +- lib/scatterlist.c | 2 +- mm/readahead.c | 4 + net/8021q/vlan_core.c | 2 + net/bluetooth/hci_core.c | 3 +- net/bluetooth/hci_event.c | 2 + net/bluetooth/l2cap_core.c | 3 + net/bluetooth/msft.c | 2 +- net/bluetooth/msft.h | 4 +- net/bluetooth/sco.c | 4 + net/bridge/br_forward.c | 9 +- net/bridge/br_netlink.c | 3 +- net/core/filter.c | 42 ++- net/core/gro.c | 1 + net/core/link_watch.c | 4 +- net/core/net-sysfs.c | 4 +- net/core/net_namespace.c | 13 +- net/core/rtnetlink.c | 6 +- net/core/skbuff.c | 27 +- net/core/skmsg.c | 5 +- net/core/sock.c | 4 +- net/hsr/hsr_device.c | 31 +- net/ipv4/af_inet.c | 1 + net/ipv4/ip_output.c | 2 +- net/ipv4/raw.c | 3 + net/ipv4/tcp.c | 4 +- net/ipv4/tcp_input.c | 2 + net/ipv4/tcp_ipv4.c | 8 +- net/ipv4/tcp_output.c | 4 +- net/ipv4/udp.c | 3 +- net/ipv4/udp_offload.c | 15 +- net/ipv4/xfrm4_input.c | 6 +- net/ipv6/addrconf.c | 11 +- net/ipv6/fib6_rules.c | 6 +- net/ipv6/ip6_input.c | 4 +- net/ipv6/ip6_offload.c | 52 +++- net/ipv6/ip6_output.c | 4 +- net/ipv6/udp.c | 3 +- net/ipv6/udp_offload.c | 3 +- net/ipv6/xfrm6_input.c | 6 +- net/l2tp/l2tp_eth.c | 3 + net/mac80211/ieee80211_i.h | 4 +- net/mac80211/mlme.c | 5 +- net/mptcp/ctrl.c | 39 ++- net/mptcp/protocol.c | 3 + net/nfc/nci/core.c | 1 + net/nsh/nsh.c | 14 +- net/phonet/pn_netlink.c | 2 +- net/rxrpc/ar-internal.h | 2 +- net/rxrpc/call_object.c | 7 +- net/rxrpc/conn_event.c | 16 +- net/rxrpc/conn_object.c | 9 +- net/rxrpc/input.c | 71 +++-- net/rxrpc/output.c | 14 +- net/rxrpc/protocol.h | 6 +- net/smc/smc_ib.c | 19 +- net/sunrpc/clnt.c | 5 +- net/sunrpc/xprtsock.c | 1 + net/tipc/msg.c | 8 +- net/wireless/nl80211.c | 2 + net/wireless/trace.h | 2 +- net/xfrm/xfrm_input.c | 8 + rust/kernel/lib.rs | 2 +- rust/macros/module.rs | 185 +++++++----- scripts/Makefile.modfinal | 2 +- sound/hda/intel-sdw-acpi.c | 2 + sound/pci/emu10k1/emu10k1.c | 3 +- sound/pci/emu10k1/emu10k1_main.c | 139 +++++---- sound/pci/hda/patch_realtek.c | 1 + sound/soc/codecs/wsa881x.c | 1 + sound/soc/intel/avs/topology.c | 2 + sound/soc/meson/Kconfig | 1 + sound/soc/meson/axg-card.c | 1 + sound/soc/meson/axg-fifo.c | 56 ++-- sound/soc/meson/axg-fifo.h | 12 +- sound/soc/meson/axg-frddr.c | 5 +- sound/soc/meson/axg-tdm-interface.c | 34 ++- sound/soc/meson/axg-toddr.c | 22 +- sound/soc/sof/intel/hda-dsp.c | 20 +- sound/soc/sof/intel/pci-lnl.c | 3 + sound/soc/tegra/tegra186_dspk.c | 7 +- sound/soc/ti/davinci-mcasp.c | 12 +- sound/usb/line6/driver.c | 6 +- tools/include/linux/kernel.h | 1 + tools/include/linux/mm.h | 5 + tools/include/linux/panic.h | 19 ++ tools/power/x86/turbostat/turbostat.8 | 2 +- tools/power/x86/turbostat/turbostat.c | 45 ++- .../selftests/bpf/prog_tests/bloom_filter_map.c | 6 + .../ftrace/test.d/filter/event-filter-function.tc | 2 +- tools/testing/selftests/mm/Makefile | 6 +- .../selftests/net/test_bridge_neigh_suppress.sh | 333 ++++++++++----------- tools/testing/selftests/timers/valid-adjtimex.c | 73 +++-- 338 files changed, 3043 insertions(+), 1798 deletions(-)

1 year, 3 months

9
311
0 0

[PATCH v6] af_packet: Handle outgoing VLAN packets without hardware offloading

by Chengen Du

The issue initially stems from libpcap. The ethertype will be overwritten as the VLAN TPID if the network interface lacks hardware VLAN offloading. In the outbound packet path, if hardware VLAN offloading is unavailable, the VLAN tag is inserted into the payload but then cleared from the sk_buff struct. Consequently, this can lead to a false negative when checking for the presence of a VLAN tag, causing the packet sniffing outcome to lack VLAN tag information (i.e., TCI-TPID). As a result, the packet capturing tool may be unable to parse packets as expected. The TCI-TPID is missing because the prb_fill_vlan_info() function does not modify the tp_vlan_tci/tp_vlan_tpid values, as the information is in the payload and not in the sk_buff struct. The skb_vlan_tag_present() function only checks vlan_all in the sk_buff struct. In cooked mode, the L2 header is stripped, preventing the packet capturing tool from determining the correct TCI-TPID value. Additionally, the protocol in SLL is incorrect, which means the packet capturing tool cannot parse the L3 header correctly. Link: https://github.com/the-tcpdump-group/libpcap/issues/1105 Link: https://lore.kernel.org/netdev/20240520070348.26725-1-chengen.du@canonical.… Fixes: 393e52e33c6c ("packet: deliver VLAN TCI to userspace") Cc: stable(a)vger.kernel.org Signed-off-by: Chengen Du <chengen.du(a)canonical.com> --- net/packet/af_packet.c | 57 ++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 55 insertions(+), 2 deletions(-) diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c index ea3ebc160e25..8cffbe1f912d 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c @@ -538,6 +538,43 @@ static void *packet_current_frame(struct packet_sock *po, return packet_lookup_frame(po, rb, rb->head, status); } +static u16 vlan_get_tci(struct sk_buff *skb) +{ + struct vlan_hdr vhdr, *vh; + u8 *skb_orig_data = skb->data; + int skb_orig_len = skb->len; + + skb_push(skb, skb->data - skb_mac_header(skb)); + vh = skb_header_pointer(skb, ETH_HLEN, sizeof(vhdr), &vhdr); + if (skb_orig_data != skb->data) { + skb->data = skb_orig_data; + skb->len = skb_orig_len; + } + if (unlikely(!vh)) + return 0; + + return ntohs(vh->h_vlan_TCI); +} + +static __be16 vlan_get_protocol_dgram(struct sk_buff *skb) +{ + __be16 proto = skb->protocol; + + if (unlikely(eth_type_vlan(proto))) { + u8 *skb_orig_data = skb->data; + int skb_orig_len = skb->len; + + skb_push(skb, skb->data - skb_mac_header(skb)); + proto = __vlan_get_protocol(skb, proto, NULL); + if (skb_orig_data != skb->data) { + skb->data = skb_orig_data; + skb->len = skb_orig_len; + } + } + + return proto; +} + static void prb_del_retire_blk_timer(struct tpacket_kbdq_core *pkc) { del_timer_sync(&pkc->retire_blk_timer); @@ -1007,10 +1044,16 @@ static void prb_clear_rxhash(struct tpacket_kbdq_core *pkc, static void prb_fill_vlan_info(struct tpacket_kbdq_core *pkc, struct tpacket3_hdr *ppd) { + struct packet_sock *po = container_of(pkc, struct packet_sock, rx_ring.prb_bdqc); + if (skb_vlan_tag_present(pkc->skb)) { ppd->hv1.tp_vlan_tci = skb_vlan_tag_get(pkc->skb); ppd->hv1.tp_vlan_tpid = ntohs(pkc->skb->vlan_proto); ppd->tp_status = TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; + } else if (unlikely(po->sk.sk_type == SOCK_DGRAM && eth_type_vlan(pkc->skb->protocol))) { + ppd->hv1.tp_vlan_tci = vlan_get_tci(pkc->skb); + ppd->hv1.tp_vlan_tpid = ntohs(pkc->skb->protocol); + ppd->tp_status = TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; } else { ppd->hv1.tp_vlan_tci = 0; ppd->hv1.tp_vlan_tpid = 0; @@ -2428,6 +2471,10 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, h.h2->tp_vlan_tci = skb_vlan_tag_get(skb); h.h2->tp_vlan_tpid = ntohs(skb->vlan_proto); status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; + } else if (unlikely(sk->sk_type == SOCK_DGRAM && eth_type_vlan(skb->protocol))) { + h.h2->tp_vlan_tci = vlan_get_tci(skb); + h.h2->tp_vlan_tpid = ntohs(skb->protocol); + status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; } else { h.h2->tp_vlan_tci = 0; h.h2->tp_vlan_tpid = 0; @@ -2457,7 +2504,8 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, sll->sll_halen = dev_parse_header(skb, sll->sll_addr); sll->sll_family = AF_PACKET; sll->sll_hatype = dev->type; - sll->sll_protocol = skb->protocol; + sll->sll_protocol = (sk->sk_type == SOCK_DGRAM) ? + vlan_get_protocol_dgram(skb) : skb->protocol; sll->sll_pkttype = skb->pkt_type; if (unlikely(packet_sock_flag(po, PACKET_SOCK_ORIGDEV))) sll->sll_ifindex = orig_dev->ifindex; @@ -3482,7 +3530,8 @@ static int packet_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, /* Original length was stored in sockaddr_ll fields */ origlen = PACKET_SKB_CB(skb)->sa.origlen; sll->sll_family = AF_PACKET; - sll->sll_protocol = skb->protocol; + sll->sll_protocol = (sock->type == SOCK_DGRAM) ? + vlan_get_protocol_dgram(skb) : skb->protocol; } sock_recv_cmsgs(msg, sk, skb); @@ -3539,6 +3588,10 @@ static int packet_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, aux.tp_vlan_tci = skb_vlan_tag_get(skb); aux.tp_vlan_tpid = ntohs(skb->vlan_proto); aux.tp_status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; + } else if (unlikely(sock->type == SOCK_DGRAM && eth_type_vlan(skb->protocol))) { + aux.tp_vlan_tci = vlan_get_tci(skb); + aux.tp_vlan_tpid = ntohs(skb->protocol); + aux.tp_status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; } else { aux.tp_vlan_tci = 0; aux.tp_vlan_tpid = 0; -- 2.43.0

1 year, 3 months

2
11
0 0

Intel e1000e driver bug on stable (6.9.x)

by Ismael Luceno

Hi, I noticed that the NIC started to fail on a couple of notebooks [0] [1] after upgrading to 6.9.1. I tracked down the problem to commit 861e8086029e ("e1000e: move force SMBUS from enable ulp function to avoid PHY loss issue", 2024-03-03), included in all 6.9.x releases. The fix is in commit bfd546a552e1 ("e1000e: move force SMBUS near the end of enable_ulp function", 2024-05-28) from mainline. The NIC fails right after boot on both systems I tried; I mention because the description is a bit unclear about that on the fix, maybe other systems are affected differently. Best regards. [0] HP ZBook 17 Gen 1 (D5D93AV) [8086:153a (rev 04)] [1] Lenovo Thinkpad P15 Gen 1 [8086:0d4c]

1 year, 3 months

3
3
0 0

[PATCH 6.6] Revert "fork: defer linking file vma until vma is fully initialized"

by Sam James

This reverts commit cec11fa2eb512ebe3a459c185f4aca1d44059bbf. The backport is incomplete and causes xfstests failures. The consequences of the incomplete backport seem worse than the original issue, so pick the lesser evil and revert until a full backport is ready. Link: https://lore.kernel.org/stable/20240604004751.3883227-1-leah.rumancik@gmail… Reported-by: Leah Rumancik <leah.rumancik(a)gmail.com> Signed-off-by: Sam James <sam(a)gentoo.org> --- kernel/fork.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/kernel/fork.c b/kernel/fork.c index 2eab916b504bf..177ce7438db6b 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -727,15 +727,6 @@ static __latent_entropy int dup_mmap(struct mm_struct *mm, } else if (anon_vma_fork(tmp, mpnt)) goto fail_nomem_anon_vma_fork; vm_flags_clear(tmp, VM_LOCKED_MASK); - /* - * Copy/update hugetlb private vma information. - */ - if (is_vm_hugetlb_page(tmp)) - hugetlb_dup_vma_private(tmp); - - if (tmp->vm_ops && tmp->vm_ops->open) - tmp->vm_ops->open(tmp); - file = tmp->vm_file; if (file) { struct address_space *mapping = file->f_mapping; @@ -752,6 +743,12 @@ static __latent_entropy int dup_mmap(struct mm_struct *mm, i_mmap_unlock_write(mapping); } + /* + * Copy/update hugetlb private vma information. + */ + if (is_vm_hugetlb_page(tmp)) + hugetlb_dup_vma_private(tmp); + /* Link the vma into the MT */ if (vma_iter_bulk_store(&vmi, tmp)) goto fail_nomem_vmi_store; @@ -760,6 +757,9 @@ static __latent_entropy int dup_mmap(struct mm_struct *mm, if (!(tmp->vm_flags & VM_WIPEONFORK)) retval = copy_page_range(tmp, mpnt); + if (tmp->vm_ops && tmp->vm_ops->open) + tmp->vm_ops->open(tmp); + if (retval) goto loop_out; } -- 2.45.2

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] mm/memory-failure: fix handling of dissolved but not taken" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 8cf360b9d6a840700e06864236a01a883b34bbad # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061349-snowdrop-pusher-dcdb@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 8cf360b9d6a8 ("mm/memory-failure: fix handling of dissolved but not taken off from buddy pages") b6fd410c32f1 ("memory-failure: use a folio in me_huge_page()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8cf360b9d6a840700e06864236a01a883b34bbad Mon Sep 17 00:00:00 2001 From: Miaohe Lin <linmiaohe(a)huawei.com> Date: Thu, 23 May 2024 15:12:17 +0800 Subject: [PATCH] mm/memory-failure: fix handling of dissolved but not taken off from buddy pages When I did memory failure tests recently, below panic occurs: page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8cee00 flags: 0x6fffe0000000000(node=1|zone=2|lastcpupid=0x7fff) raw: 06fffe0000000000 dead000000000100 dead000000000122 0000000000000000 raw: 0000000000000000 0000000000000009 00000000ffffffff 0000000000000000 page dumped because: VM_BUG_ON_PAGE(!PageBuddy(page)) ------------[ cut here ]------------ kernel BUG at include/linux/page-flags.h:1009! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI RIP: 0010:__del_page_from_free_list+0x151/0x180 RSP: 0018:ffffa49c90437998 EFLAGS: 00000046 RAX: 0000000000000035 RBX: 0000000000000009 RCX: ffff8dd8dfd1c9c8 RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff8dd8dfd1c9c0 RBP: ffffd901233b8000 R08: ffffffffab5511f8 R09: 0000000000008c69 R10: 0000000000003c15 R11: ffffffffab5511f8 R12: ffff8dd8fffc0c80 R13: 0000000000000001 R14: ffff8dd8fffc0c80 R15: 0000000000000009 FS: 00007ff916304740(0000) GS:ffff8dd8dfd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055eae50124c8 CR3: 00000008479e0000 CR4: 00000000000006f0 Call Trace: <TASK> __rmqueue_pcplist+0x23b/0x520 get_page_from_freelist+0x26b/0xe40 __alloc_pages_noprof+0x113/0x1120 __folio_alloc_noprof+0x11/0xb0 alloc_buddy_hugetlb_folio.isra.0+0x5a/0x130 __alloc_fresh_hugetlb_folio+0xe7/0x140 alloc_pool_huge_folio+0x68/0x100 set_max_huge_pages+0x13d/0x340 hugetlb_sysctl_handler_common+0xe8/0x110 proc_sys_call_handler+0x194/0x280 vfs_write+0x387/0x550 ksys_write+0x64/0xe0 do_syscall_64+0xc2/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ff916114887 RSP: 002b:00007ffec8a2fd78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000055eae500e350 RCX: 00007ff916114887 RDX: 0000000000000004 RSI: 000055eae500e390 RDI: 0000000000000003 RBP: 000055eae50104c0 R08: 0000000000000000 R09: 000055eae50104c0 R10: 0000000000000077 R11: 0000000000000246 R12: 0000000000000004 R13: 0000000000000004 R14: 00007ff916216b80 R15: 00007ff916216a00 </TASK> Modules linked in: mce_inject hwpoison_inject ---[ end trace 0000000000000000 ]--- And before the panic, there had an warning about bad page state: BUG: Bad page state in process page-types pfn:8cee00 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8cee00 flags: 0x6fffe0000000000(node=1|zone=2|lastcpupid=0x7fff) page_type: 0xffffff7f(buddy) raw: 06fffe0000000000 ffffd901241c0008 ffffd901240f8008 0000000000000000 raw: 0000000000000000 0000000000000009 00000000ffffff7f 0000000000000000 page dumped because: nonzero mapcount Modules linked in: mce_inject hwpoison_inject CPU: 8 PID: 154211 Comm: page-types Not tainted 6.9.0-rc4-00499-g5544ec3178e2-dirty #22 Call Trace: <TASK> dump_stack_lvl+0x83/0xa0 bad_page+0x63/0xf0 free_unref_page+0x36e/0x5c0 unpoison_memory+0x50b/0x630 simple_attr_write_xsigned.constprop.0.isra.0+0xb3/0x110 debugfs_attr_write+0x42/0x60 full_proxy_write+0x5b/0x80 vfs_write+0xcd/0x550 ksys_write+0x64/0xe0 do_syscall_64+0xc2/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f189a514887 RSP: 002b:00007ffdcd899718 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f189a514887 RDX: 0000000000000009 RSI: 00007ffdcd899730 RDI: 0000000000000003 RBP: 00007ffdcd8997a0 R08: 0000000000000000 R09: 00007ffdcd8994b2 R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdcda199a8 R13: 0000000000404af1 R14: 000000000040ad78 R15: 00007f189a7a5040 </TASK> The root cause should be the below race: memory_failure try_memory_failure_hugetlb me_huge_page __page_handle_poison dissolve_free_hugetlb_folio drain_all_pages -- Buddy page can be isolated e.g. for compaction. take_page_off_buddy -- Failed as page is not in the buddy list. -- Page can be putback into buddy after compaction. page_ref_inc -- Leads to buddy page with refcnt = 1. Then unpoison_memory() can unpoison the page and send the buddy page back into buddy list again leading to the above bad page state warning. And bad_page() will call page_mapcount_reset() to remove PageBuddy from buddy page leading to later VM_BUG_ON_PAGE(!PageBuddy(page)) when trying to allocate this page. Fix this issue by only treating __page_handle_poison() as successful when it returns 1. Link: https://lkml.kernel.org/r/20240523071217.1696196-1-linmiaohe@huawei.com Fixes: ceaf8fbea79a ("mm, hwpoison: skip raw hwpoison page in freeing 1GB hugepage") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/memory-failure.c b/mm/memory-failure.c index a9fe9eda593f..d3c830e817e3 100644 --- a/mm/memory-failure.c +++ b/mm/memory-failure.c @@ -1221,7 +1221,7 @@ static int me_huge_page(struct page_state *ps, struct page *p) * subpages. */ folio_put(folio); - if (__page_handle_poison(p) >= 0) { + if (__page_handle_poison(p) > 0) { page_ref_inc(p); res = MF_RECOVERED; } else { @@ -2091,7 +2091,7 @@ static int try_memory_failure_hugetlb(unsigned long pfn, int flags, int *hugetlb */ if (res == 0) { folio_unlock(folio); - if (__page_handle_poison(p) >= 0) { + if (__page_handle_poison(p) > 0) { page_ref_inc(p); res = MF_RECOVERED; } else {

1 year, 3 months

2
1
0 0

FAILED: patch "[PATCH] mm/huge_memory: don't unpoison huge_zero_folio" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x fe6f86f4b40855a130a19aa589f9ba7f650423f4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061358-duplicate-demeaning-9772@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: fe6f86f4b408 ("mm/huge_memory: don't unpoison huge_zero_folio") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fe6f86f4b40855a130a19aa589f9ba7f650423f4 Mon Sep 17 00:00:00 2001 From: Miaohe Lin <linmiaohe(a)huawei.com> Date: Thu, 16 May 2024 20:26:08 +0800 Subject: [PATCH] mm/huge_memory: don't unpoison huge_zero_folio When I did memory failure tests recently, below panic occurs: kernel BUG at include/linux/mm.h:1135! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 9 PID: 137 Comm: kswapd1 Not tainted 6.9.0-rc4-00491-gd5ce28f156fe-dirty #14 RIP: 0010:shrink_huge_zero_page_scan+0x168/0x1a0 RSP: 0018:ffff9933c6c57bd0 EFLAGS: 00000246 RAX: 000000000000003e RBX: 0000000000000000 RCX: ffff88f61fc5c9c8 RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff88f61fc5c9c0 RBP: ffffcd7c446b0000 R08: ffffffff9a9405f0 R09: 0000000000005492 R10: 00000000000030ea R11: ffffffff9a9405f0 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88e703c4ac00 FS: 0000000000000000(0000) GS:ffff88f61fc40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055f4da6e9878 CR3: 0000000c71048000 CR4: 00000000000006f0 Call Trace: <TASK> do_shrink_slab+0x14f/0x6a0 shrink_slab+0xca/0x8c0 shrink_node+0x2d0/0x7d0 balance_pgdat+0x33a/0x720 kswapd+0x1f3/0x410 kthread+0xd5/0x100 ret_from_fork+0x2f/0x50 ret_from_fork_asm+0x1a/0x30 </TASK> Modules linked in: mce_inject hwpoison_inject ---[ end trace 0000000000000000 ]--- RIP: 0010:shrink_huge_zero_page_scan+0x168/0x1a0 RSP: 0018:ffff9933c6c57bd0 EFLAGS: 00000246 RAX: 000000000000003e RBX: 0000000000000000 RCX: ffff88f61fc5c9c8 RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff88f61fc5c9c0 RBP: ffffcd7c446b0000 R08: ffffffff9a9405f0 R09: 0000000000005492 R10: 00000000000030ea R11: ffffffff9a9405f0 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88e703c4ac00 FS: 0000000000000000(0000) GS:ffff88f61fc40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055f4da6e9878 CR3: 0000000c71048000 CR4: 00000000000006f0 The root cause is that HWPoison flag will be set for huge_zero_folio without increasing the folio refcnt. But then unpoison_memory() will decrease the folio refcnt unexpectedly as it appears like a successfully hwpoisoned folio leading to VM_BUG_ON_PAGE(page_ref_count(page) == 0) when releasing huge_zero_folio. Skip unpoisoning huge_zero_folio in unpoison_memory() to fix this issue. We're not prepared to unpoison huge_zero_folio yet. Link: https://lkml.kernel.org/r/20240516122608.22610-1-linmiaohe@huawei.com Fixes: 478d134e9506 ("mm/huge_memory: do not overkill when splitting huge_zero_page") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Acked-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Yang Shi <shy828301(a)gmail.com> Reviewed-by: Oscar Salvador <osalvador(a)suse.de> Reviewed-by: Anshuman Khandual <anshuman.khandual(a)arm.com> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Xu Yu <xuyu(a)linux.alibaba.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/memory-failure.c b/mm/memory-failure.c index 16ada4fb02b7..a9fe9eda593f 100644 --- a/mm/memory-failure.c +++ b/mm/memory-failure.c @@ -2546,6 +2546,13 @@ int unpoison_memory(unsigned long pfn) goto unlock_mutex; } + if (is_huge_zero_folio(folio)) { + unpoison_pr_info("Unpoison: huge zero page is not supported %#lx\n", + pfn, &unpoison_rs); + ret = -EOPNOTSUPP; + goto unlock_mutex; + } + if (!PageHWPoison(p)) { unpoison_pr_info("Unpoison: Page was already unpoisoned %#lx\n", pfn, &unpoison_rs);

1 year, 3 months

2
1
0 0

[PATCH] fbdev: vesafb: Detect VGA compatibility from screen info's VESA attributes

by Thomas Zimmermann

Test the vesa_attributes field in struct screen_info for compatibility with VGA hardware. Vesafb currently tests bit 1 in screen_info's capabilities field, It sets the framebuffer address size and is unrelated to VGA. Section 4.4 of the Vesa VBE 2.0 specifications defines that bit 5 in the mode's attributes field signals VGA compatibility. The mode is compatible with VGA hardware if the bit is clear. In that case, the driver can access VGA state of the VBE's underlying hardware. The vesafb driver uses this feature to program the color LUT in palette modes. Without, colors might be incorrect. The problem got introduced in commit 89ec4c238e7a ("[PATCH] vesafb: Fix incorrect logo colors in x86_64"). It incorrectly stores the mode attributes in the screen_info's capabilities field and updates vesafb accordingly. Later, commit 5e8ddcbe8692 ("Video mode probing support for the new x86 setup code") fixed the screen_info, but did not update vesafb. Color output still tends to work, because bit 1 in capabilities is usually 0. Besides fixing the bug in vesafb, this commit introduces a helper that reads the correct bit from screen_info. Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Fixes: 5e8ddcbe8692 ("Video mode probing support for the new x86 setup code") Cc: <stable(a)vger.kernel.org> # v2.6.23+ --- drivers/video/fbdev/vesafb.c | 2 +- include/linux/screen_info.h | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/video/fbdev/vesafb.c b/drivers/video/fbdev/vesafb.c index 8ab64ae4cad3e..5a161750a3aee 100644 --- a/drivers/video/fbdev/vesafb.c +++ b/drivers/video/fbdev/vesafb.c @@ -271,7 +271,7 @@ static int vesafb_probe(struct platform_device *dev) if (si->orig_video_isVGA != VIDEO_TYPE_VLFB) return -ENODEV; - vga_compat = (si->capabilities & 2) ? 0 : 1; + vga_compat = !__screen_info_vbe_mode_nonvga(si); vesafb_fix.smem_start = si->lfb_base; vesafb_defined.bits_per_pixel = si->lfb_depth; if (15 == vesafb_defined.bits_per_pixel) diff --git a/include/linux/screen_info.h b/include/linux/screen_info.h index 75303c126285a..95f2a339de329 100644 --- a/include/linux/screen_info.h +++ b/include/linux/screen_info.h @@ -49,6 +49,11 @@ static inline u64 __screen_info_lfb_size(const struct screen_info *si, unsigned return lfb_size; } +static inline bool __screen_info_vbe_mode_nonvga(const struct screen_info *si) +{ + return si->vesa_attributes & BIT(5); // VGA if _not_ set +} + static inline unsigned int __screen_info_video_type(unsigned int type) { switch (type) { -- 2.45.2

1 year, 3 months

3
8
0 0

[PATCH net v1 1/2] net: phy: dp83tg720: wake up PHYs in managed mode

by Oleksij Rempel

In case this PHY is bootstrapped for managed mode, we need to manually wake it. Otherwise no link will be detected. Cc: stable(a)vger.kernel.org Fixes: cb80ee2f9bee1 ("net: phy: Add support for the DP83TG720S Ethernet PHY") Signed-off-by: Oleksij Rempel <o.rempel(a)pengutronix.de> --- drivers/net/phy/dp83tg720.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/drivers/net/phy/dp83tg720.c b/drivers/net/phy/dp83tg720.c index 326c9770a6dcc..1186dfc70fb3c 100644 --- a/drivers/net/phy/dp83tg720.c +++ b/drivers/net/phy/dp83tg720.c @@ -17,6 +17,11 @@ #define DP83TG720S_PHY_RESET 0x1f #define DP83TG720S_HW_RESET BIT(15) +#define DP83TG720S_LPS_CFG3 0x18c +/* Power modes are documented as bit fields but used as values */ +/* Power Mode 0 is Normal mode */ +#define DP83TG720S_LPS_CFG3_PWR_MODE_0 BIT(0) + #define DP83TG720S_RGMII_DELAY_CTRL 0x602 /* In RGMII mode, Enable or disable the internal delay for RXD */ #define DP83TG720S_RGMII_RX_CLK_SEL BIT(1) @@ -154,10 +159,17 @@ static int dp83tg720_config_init(struct phy_device *phydev) */ usleep_range(1000, 2000); - if (phy_interface_is_rgmii(phydev)) - return dp83tg720_config_rgmii_delay(phydev); + if (phy_interface_is_rgmii(phydev)) { + ret = dp83tg720_config_rgmii_delay(phydev); + if (ret) + return ret; + } - return 0; + /* In case the PHY is bootstrapped in managed mode, we need to + * wake it. + */ + return phy_write_mmd(phydev, MDIO_MMD_VEND2, DP83TG720S_LPS_CFG3, + DP83TG720S_LPS_CFG3_PWR_MODE_0); } static struct phy_driver dp83tg720_driver[] = { -- 2.39.2

1 year, 3 months

2
4
0 0

[PATCH] scsi: ufs: core: Free memory allocated for model before reinit

by Joel Slebodnick

Under the conditions that a device is to be reinitialized within ufshcd_probe_hba, the device must first be fully reset. Resetting the device should include freeing U8 model (member of dev_info) but does not, and this causes a memory leak. ufs_put_device_desc is responsible for freeing model. unreferenced object 0xffff3f63008bee60 (size 32): comm "kworker/u33:1", pid 60, jiffies 4294892642 hex dump (first 32 bytes): 54 48 47 4a 46 47 54 30 54 32 35 42 41 5a 5a 41 THGJFGT0T25BAZZA 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc ed7ff1a9): [<ffffb86705f1243c>] kmemleak_alloc+0x34/0x40 [<ffffb8670511cee4>] __kmalloc_noprof+0x1e4/0x2fc [<ffffb86705c247fc>] ufshcd_read_string_desc+0x94/0x190 [<ffffb86705c26854>] ufshcd_device_init+0x480/0xdf8 [<ffffb86705c27b68>] ufshcd_probe_hba+0x3c/0x404 [<ffffb86705c29264>] ufshcd_async_scan+0x40/0x370 [<ffffb86704f43e9c>] async_run_entry_fn+0x34/0xe0 [<ffffb86704f34638>] process_one_work+0x154/0x298 [<ffffb86704f34a74>] worker_thread+0x2f8/0x408 [<ffffb86704f3cfa4>] kthread+0x114/0x118 [<ffffb86704e955a0>] ret_from_fork+0x10/0x20 Fixes: 96a7141da332 ("scsi: ufs: core: Add support for reinitializing the UFS device") Cc: <stable(a)vger.kernel.org> Reviewed-by: Andrew Halaney <ahalaney(a)redhat.com> Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> Signed-off-by: Joel Slebodnick <jslebodn(a)redhat.com> --- drivers/ufs/core/ufshcd.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c index 0cf07194bbe8..a0407b9213ca 100644 --- a/drivers/ufs/core/ufshcd.c +++ b/drivers/ufs/core/ufshcd.c @@ -8787,6 +8787,7 @@ static int ufshcd_probe_hba(struct ufs_hba *hba, bool init_dev_params) (hba->quirks & UFSHCD_QUIRK_REINIT_AFTER_MAX_GEAR_SWITCH)) { /* Reset the device and controller before doing reinit */ ufshcd_device_reset(hba); + ufs_put_device_desc(hba); ufshcd_hba_stop(hba); ufshcd_vops_reinit_notify(hba); ret = ufshcd_hba_enable(hba); -- 2.40.1

1 year, 3 months

3
2
0 0

FAILED: patch "[PATCH] mm/huge_memory: don't unpoison huge_zero_folio" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x fe6f86f4b40855a130a19aa589f9ba7f650423f4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061359-shimmy-enable-1fbd@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: fe6f86f4b408 ("mm/huge_memory: don't unpoison huge_zero_folio") 6c54312f9689 ("mm/memory-failure: fix hardware poison check in unpoison_memory()") a6fddef49eef ("mm/memory-failure: convert unpoison_memory() to folios") 9637d7dfb19c ("mm/memory-failure: convert free_raw_hwp_pages() to folios") 2ff6cecee669 ("mm/memory-failure: convert hugetlb_clear_page_hwpoison to folios") bc1cfde19467 ("mm/memory-failure: convert try_memory_failure_hugetlb() to folios") 911565b82853 ("mm/hugetlb: convert destroy_compound_gigantic_page() to folios") e0ff42804233 ("mm/memory-failure.c: cleanup in unpoison_memory") cb67f4282bf9 ("mm,thp,rmap: simplify compound page mapcount handling") dad6a5eb5556 ("mm,hugetlb: use folio fields in second tail page") f074732d599e ("mm/hugetlb_cgroup: convert hugetlb_cgroup_from_page() to folios") a098c977722c ("mm/hugetlb_cgroup: convert __set_hugetlb_cgroup() to folios") 5033091de814 ("mm/hwpoison: introduce per-memory_block hwpoison counter") a46c9304b4bb ("mm/hwpoison: pass pfn to num_poisoned_pages_*()") d027122d8363 ("mm/hwpoison: move definitions of num_poisoned_pages_* to memory-failure.c") e591ef7d96d6 ("mm,hwpoison,hugetlb,memory_hotplug: hotremove memory section with hwpoisoned hugepage") b66d00dfebe7 ("mm: memory-failure: make action_result() return int") 4781593d5dba ("mm/hugetlb: unify clearing of RestoreReserve for private pages") 149562f75094 ("mm/hugetlb: add hugetlb_folio_subpool() helpers") d340625f4849 ("mm: add private field of first tail to struct page and struct folio") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fe6f86f4b40855a130a19aa589f9ba7f650423f4 Mon Sep 17 00:00:00 2001 From: Miaohe Lin <linmiaohe(a)huawei.com> Date: Thu, 16 May 2024 20:26:08 +0800 Subject: [PATCH] mm/huge_memory: don't unpoison huge_zero_folio When I did memory failure tests recently, below panic occurs: kernel BUG at include/linux/mm.h:1135! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 9 PID: 137 Comm: kswapd1 Not tainted 6.9.0-rc4-00491-gd5ce28f156fe-dirty #14 RIP: 0010:shrink_huge_zero_page_scan+0x168/0x1a0 RSP: 0018:ffff9933c6c57bd0 EFLAGS: 00000246 RAX: 000000000000003e RBX: 0000000000000000 RCX: ffff88f61fc5c9c8 RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff88f61fc5c9c0 RBP: ffffcd7c446b0000 R08: ffffffff9a9405f0 R09: 0000000000005492 R10: 00000000000030ea R11: ffffffff9a9405f0 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88e703c4ac00 FS: 0000000000000000(0000) GS:ffff88f61fc40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055f4da6e9878 CR3: 0000000c71048000 CR4: 00000000000006f0 Call Trace: <TASK> do_shrink_slab+0x14f/0x6a0 shrink_slab+0xca/0x8c0 shrink_node+0x2d0/0x7d0 balance_pgdat+0x33a/0x720 kswapd+0x1f3/0x410 kthread+0xd5/0x100 ret_from_fork+0x2f/0x50 ret_from_fork_asm+0x1a/0x30 </TASK> Modules linked in: mce_inject hwpoison_inject ---[ end trace 0000000000000000 ]--- RIP: 0010:shrink_huge_zero_page_scan+0x168/0x1a0 RSP: 0018:ffff9933c6c57bd0 EFLAGS: 00000246 RAX: 000000000000003e RBX: 0000000000000000 RCX: ffff88f61fc5c9c8 RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff88f61fc5c9c0 RBP: ffffcd7c446b0000 R08: ffffffff9a9405f0 R09: 0000000000005492 R10: 00000000000030ea R11: ffffffff9a9405f0 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88e703c4ac00 FS: 0000000000000000(0000) GS:ffff88f61fc40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055f4da6e9878 CR3: 0000000c71048000 CR4: 00000000000006f0 The root cause is that HWPoison flag will be set for huge_zero_folio without increasing the folio refcnt. But then unpoison_memory() will decrease the folio refcnt unexpectedly as it appears like a successfully hwpoisoned folio leading to VM_BUG_ON_PAGE(page_ref_count(page) == 0) when releasing huge_zero_folio. Skip unpoisoning huge_zero_folio in unpoison_memory() to fix this issue. We're not prepared to unpoison huge_zero_folio yet. Link: https://lkml.kernel.org/r/20240516122608.22610-1-linmiaohe@huawei.com Fixes: 478d134e9506 ("mm/huge_memory: do not overkill when splitting huge_zero_page") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Acked-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Yang Shi <shy828301(a)gmail.com> Reviewed-by: Oscar Salvador <osalvador(a)suse.de> Reviewed-by: Anshuman Khandual <anshuman.khandual(a)arm.com> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Xu Yu <xuyu(a)linux.alibaba.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/memory-failure.c b/mm/memory-failure.c index 16ada4fb02b7..a9fe9eda593f 100644 --- a/mm/memory-failure.c +++ b/mm/memory-failure.c @@ -2546,6 +2546,13 @@ int unpoison_memory(unsigned long pfn) goto unlock_mutex; } + if (is_huge_zero_folio(folio)) { + unpoison_pr_info("Unpoison: huge zero page is not supported %#lx\n", + pfn, &unpoison_rs); + ret = -EOPNOTSUPP; + goto unlock_mutex; + } + if (!PageHWPoison(p)) { unpoison_pr_info("Unpoison: Page was already unpoisoned %#lx\n", pfn, &unpoison_rs);

1 year, 3 months

2
1
0 0

FAILED: patch "[PATCH] iommu/dma: Trace bounce buffer usage when mapping buffers" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x a63c357b9fd56ad5fe64616f5b22835252c6a76a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024012226-unmanned-marshy-5819@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: a63c357b9fd5 ("iommu/dma: Trace bounce buffer usage when mapping buffers") f316ba0a8814 ("dma-iommu: Check that swiotlb is active before trying to use it") a17e3026bc4d ("iommu: Move flush queue data into iommu_dma_cookie") f7f07484542f ("iommu/iova: Move flush queue code to iommu-dma") ea4d71bb5e3f ("iommu/iova: Consolidate flush queue code") 87f60cc65d24 ("iommu/vt-d: Use put_pages_list") 649ad9835a37 ("iommu/iova: Squash flush_cb abstraction") d5c383f2c98a ("iommu/iova: Squash entry_dtor abstraction") d7061627d701 ("iommu/iova: Fix race between FQ timeout and teardown") 2e727bffbe93 ("iommu/dma: Check CONFIG_SWIOTLB more broadly") 9b49bbc2c4df ("iommu/dma: Fold _swiotlb helpers into callers") ee9d4097cc14 ("iommu/dma: Skip extra sync during unmap w/swiotlb") 06e620345d54 ("iommu/dma: Fix arch_sync_dma for map") 08ae5d4a1ae9 ("iommu/dma: Fix sync_sg with swiotlb") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a63c357b9fd56ad5fe64616f5b22835252c6a76a Mon Sep 17 00:00:00 2001 From: "Isaac J. Manjarres" <isaacmanjarres(a)google.com> Date: Fri, 8 Dec 2023 15:41:40 -0800 Subject: [PATCH] iommu/dma: Trace bounce buffer usage when mapping buffers When commit 82612d66d51d ("iommu: Allow the dma-iommu api to use bounce buffers") was introduced, it did not add the logic for tracing the bounce buffer usage from iommu_dma_map_page(). All of the users of swiotlb_tbl_map_single() trace their bounce buffer usage, except iommu_dma_map_page(). This makes it difficult to track SWIOTLB usage from that function. Thus, trace bounce buffer usage from iommu_dma_map_page(). Fixes: 82612d66d51d ("iommu: Allow the dma-iommu api to use bounce buffers") Cc: stable(a)vger.kernel.org # v5.15+ Cc: Tom Murphy <murphyt7(a)tcd.ie> Cc: Lu Baolu <baolu.lu(a)linux.intel.com> Cc: Saravana Kannan <saravanak(a)google.com> Signed-off-by: Isaac J. Manjarres <isaacmanjarres(a)google.com> Link: https://lore.kernel.org/r/20231208234141.2356157-1-isaacmanjarres@google.com Signed-off-by: Joerg Roedel <jroedel(a)suse.de> diff --git a/drivers/iommu/dma-iommu.c b/drivers/iommu/dma-iommu.c index 85163a83df2f..037fcf826407 100644 --- a/drivers/iommu/dma-iommu.c +++ b/drivers/iommu/dma-iommu.c @@ -29,6 +29,7 @@ #include <linux/spinlock.h> #include <linux/swiotlb.h> #include <linux/vmalloc.h> +#include <trace/events/swiotlb.h> #include "dma-iommu.h" @@ -1156,6 +1157,8 @@ static dma_addr_t iommu_dma_map_page(struct device *dev, struct page *page, return DMA_MAPPING_ERROR; } + trace_swiotlb_bounced(dev, phys, size); + aligned_size = iova_align(iovad, size); phys = swiotlb_tbl_map_single(dev, phys, size, aligned_size, iova_mask(iovad), dir, attrs);

1 year, 3 months

4
6
0 0

FAILED: patch "[PATCH] mm/vmalloc: fix vmalloc which may return null if called with" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 8e0545c83d672750632f46e3f9ad95c48c91a0fc # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061303-heap-catalyst-0a58@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 8e0545c83d67 ("mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL") e9c3cda4d86e ("mm, vmalloc: fix high order __GFP_NOFAIL allocations") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8e0545c83d672750632f46e3f9ad95c48c91a0fc Mon Sep 17 00:00:00 2001 From: "Hailong.Liu" <hailong.liu(a)oppo.com> Date: Fri, 10 May 2024 18:01:31 +0800 Subject: [PATCH] mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL commit a421ef303008 ("mm: allow !GFP_KERNEL allocations for kvmalloc") includes support for __GFP_NOFAIL, but it presents a conflict with commit dd544141b9eb ("vmalloc: back off when the current task is OOM-killed"). A possible scenario is as follows: process-a __vmalloc_node_range(GFP_KERNEL | __GFP_NOFAIL) __vmalloc_area_node() vm_area_alloc_pages() --> oom-killer send SIGKILL to process-a if (fatal_signal_pending(current)) break; --> return NULL; To fix this, do not check fatal_signal_pending() in vm_area_alloc_pages() if __GFP_NOFAIL set. This issue occurred during OPLUS KASAN TEST. Below is part of the log -> oom-killer sends signal to process [65731.222840] [ T1308] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/apps/uid_10198,task=gs.intelligence,pid=32454,uid=10198 [65731.259685] [T32454] Call trace: [65731.259698] [T32454] dump_backtrace+0xf4/0x118 [65731.259734] [T32454] show_stack+0x18/0x24 [65731.259756] [T32454] dump_stack_lvl+0x60/0x7c [65731.259781] [T32454] dump_stack+0x18/0x38 [65731.259800] [T32454] mrdump_common_die+0x250/0x39c [mrdump] [65731.259936] [T32454] ipanic_die+0x20/0x34 [mrdump] [65731.260019] [T32454] atomic_notifier_call_chain+0xb4/0xfc [65731.260047] [T32454] notify_die+0x114/0x198 [65731.260073] [T32454] die+0xf4/0x5b4 [65731.260098] [T32454] die_kernel_fault+0x80/0x98 [65731.260124] [T32454] __do_kernel_fault+0x160/0x2a8 [65731.260146] [T32454] do_bad_area+0x68/0x148 [65731.260174] [T32454] do_mem_abort+0x151c/0x1b34 [65731.260204] [T32454] el1_abort+0x3c/0x5c [65731.260227] [T32454] el1h_64_sync_handler+0x54/0x90 [65731.260248] [T32454] el1h_64_sync+0x68/0x6c [65731.260269] [T32454] z_erofs_decompress_queue+0x7f0/0x2258 --> be->decompressed_pages = kvcalloc(be->nr_pages, sizeof(struct page *), GFP_KERNEL | __GFP_NOFAIL); kernel panic by NULL pointer dereference. erofs assume kvmalloc with __GFP_NOFAIL never return NULL. [65731.260293] [T32454] z_erofs_runqueue+0xf30/0x104c [65731.260314] [T32454] z_erofs_readahead+0x4f0/0x968 [65731.260339] [T32454] read_pages+0x170/0xadc [65731.260364] [T32454] page_cache_ra_unbounded+0x874/0xf30 [65731.260388] [T32454] page_cache_ra_order+0x24c/0x714 [65731.260411] [T32454] filemap_fault+0xbf0/0x1a74 [65731.260437] [T32454] __do_fault+0xd0/0x33c [65731.260462] [T32454] handle_mm_fault+0xf74/0x3fe0 [65731.260486] [T32454] do_mem_abort+0x54c/0x1b34 [65731.260509] [T32454] el0_da+0x44/0x94 [65731.260531] [T32454] el0t_64_sync_handler+0x98/0xb4 [65731.260553] [T32454] el0t_64_sync+0x198/0x19c Link: https://lkml.kernel.org/r/20240510100131.1865-1-hailong.liu@oppo.com Fixes: 9376130c390a ("mm/vmalloc: add support for __GFP_NOFAIL") Signed-off-by: Hailong.Liu <hailong.liu(a)oppo.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Suggested-by: Barry Song <21cnbao(a)gmail.com> Reported-by: Oven <liyangouwen1(a)oppo.com> Reviewed-by: Barry Song <baohua(a)kernel.org> Reviewed-by: Uladzislau Rezki (Sony) <urezki(a)gmail.com> Cc: Chao Yu <chao(a)kernel.org> Cc: Christoph Hellwig <hch(a)infradead.org> Cc: Gao Xiang <xiang(a)kernel.org> Cc: Lorenzo Stoakes <lstoakes(a)gmail.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/vmalloc.c b/mm/vmalloc.c index 6641be0ca80b..5d3aa2dc88a8 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -3498,7 +3498,7 @@ vm_area_alloc_pages(gfp_t gfp, int nid, { unsigned int nr_allocated = 0; gfp_t alloc_gfp = gfp; - bool nofail = false; + bool nofail = gfp & __GFP_NOFAIL; struct page *page; int i; @@ -3555,12 +3555,11 @@ vm_area_alloc_pages(gfp_t gfp, int nid, * and compaction etc. */ alloc_gfp &= ~__GFP_NOFAIL; - nofail = true; } /* High-order pages or fallback path if "bulk" fails. */ while (nr_allocated < nr_pages) { - if (fatal_signal_pending(current)) + if (!nofail && fatal_signal_pending(current)) break; if (nid == NUMA_NO_NODE)

1 year, 3 months

2
1
0 0

+ mm-fix-incorrect-vbq-reference-in-purge_fragmented_block.patch tentatively added to mm-hotfixes-stable branch

by Andrew Morton

The patch titled Subject: mm: fix incorrect vbq reference in purge_fragmented_block has been added to the -mm mm-hotfixes-stable branch. Its filename is mm-fix-incorrect-vbq-reference-in-purge_fragmented_block.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-stable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> Subject: mm: fix incorrect vbq reference in purge_fragmented_block Date: Fri, 7 Jun 2024 10:31:16 +0800 xa_for_each() in _vm_unmap_aliases() loops through all vbs. However, since commit 062eacf57ad9 ("mm: vmalloc: remove a global vmap_blocks xarray") the vb from xarray may not be on the corresponding CPU vmap_block_queue. Consequently, purge_fragmented_block() might use the wrong vbq->lock to protect the free list, leading to vbq->free breakage. Incorrect lock protection can exhaust all vmalloc space as follows: CPU0 CPU1 +--------------------------------------------+ | +--------------------+ +-----+ | +--> | |---->| |------+ | CPU1:vbq free_list | | vb1 | +--- | |<----| |<-----+ | +--------------------+ +-----+ | +--------------------------------------------+ _vm_unmap_aliases() vb_alloc() new_vmap_block() xa_for_each(&vbq->vmap_blocks, idx, vb) --> vb in CPU1:vbq->freelist purge_fragmented_block(vb) spin_lock(&vbq->lock) spin_lock(&vbq->lock) --> use CPU0:vbq->lock --> use CPU1:vbq->lock list_del_rcu(&vb->free_list) list_add_tail_rcu(&vb->free_list, &vbq->free) __list_del(vb->prev, vb->next) next->prev = prev +--------------------+ | | | CPU1:vbq free_list | +---| |<--+ | +--------------------+ | +----------------------------+ __list_add(new, head->prev, head) +--------------------------------------------+ | +--------------------+ +-----+ | +--> | |---->| |------+ | CPU1:vbq free_list | | vb2 | +--- | |<----| |<-----+ | +--------------------+ +-----+ | +--------------------------------------------+ prev->next = next +--------------------------------------------+ |----------------------------+ | | +--------------------+ | +-----+ | +--> | |--+ | |------+ | CPU1:vbq free_list | | vb2 | +--- | |<----| |<-----+ | +--------------------+ +-----+ | +--------------------------------------------+ Here��s a list breakdown. All vbs, which were to be added to ��prev��, cannot be used by list_for_each_entry_rcu(vb, &vbq->free, free_list) in vb_alloc(). Thus, vmalloc space is exhausted. This issue affects both erofs and f2fs, the stacktrace is as follows: erofs: [<ffffffd4ffb93ad4>] __switch_to+0x174 [<ffffffd4ffb942f0>] __schedule+0x624 [<ffffffd4ffb946f4>] schedule+0x7c [<ffffffd4ffb947cc>] schedule_preempt_disabled+0x24 [<ffffffd4ffb962ec>] __mutex_lock+0x374 [<ffffffd4ffb95998>] __mutex_lock_slowpath+0x14 [<ffffffd4ffb95954>] mutex_lock+0x24 [<ffffffd4fef2900c>] reclaim_and_purge_vmap_areas+0x44 [<ffffffd4fef25908>] alloc_vmap_area+0x2e0 [<ffffffd4fef24ea0>] vm_map_ram+0x1b0 [<ffffffd4ff1b46f4>] z_erofs_lz4_decompress+0x278 [<ffffffd4ff1b8ac4>] z_erofs_decompress_queue+0x650 [<ffffffd4ff1b8328>] z_erofs_runqueue+0x7f4 [<ffffffd4ff1b66a8>] z_erofs_read_folio+0x104 [<ffffffd4feeb6fec>] filemap_read_folio+0x6c [<ffffffd4feeb68c4>] filemap_fault+0x300 [<ffffffd4fef0ecac>] __do_fault+0xc8 [<ffffffd4fef0c908>] handle_mm_fault+0xb38 [<ffffffd4ffb9f008>] do_page_fault+0x288 [<ffffffd4ffb9ed64>] do_translation_fault[jt]+0x40 [<ffffffd4fec39c78>] do_mem_abort+0x58 [<ffffffd4ffb8c3e4>] el0_ia+0x70 [<ffffffd4ffb8c260>] el0t_64_sync_handler[jt]+0xb0 [<ffffffd4fec11588>] ret_to_user[jt]+0x0 f2fs: [<ffffffd4ffb93ad4>] __switch_to+0x174 [<ffffffd4ffb942f0>] __schedule+0x624 [<ffffffd4ffb946f4>] schedule+0x7c [<ffffffd4ffb947cc>] schedule_preempt_disabled+0x24 [<ffffffd4ffb962ec>] __mutex_lock+0x374 [<ffffffd4ffb95998>] __mutex_lock_slowpath+0x14 [<ffffffd4ffb95954>] mutex_lock+0x24 [<ffffffd4fef2900c>] reclaim_and_purge_vmap_areas+0x44 [<ffffffd4fef25908>] alloc_vmap_area+0x2e0 [<ffffffd4fef24ea0>] vm_map_ram+0x1b0 [<ffffffd4ff1a3b60>] f2fs_prepare_decomp_mem+0x144 [<ffffffd4ff1a6c24>] f2fs_alloc_dic+0x264 [<ffffffd4ff175468>] f2fs_read_multi_pages+0x428 [<ffffffd4ff17b46c>] f2fs_mpage_readpages+0x314 [<ffffffd4ff1785c4>] f2fs_readahead+0x50 [<ffffffd4feec3384>] read_pages+0x80 [<ffffffd4feec32c0>] page_cache_ra_unbounded+0x1a0 [<ffffffd4feec39e8>] page_cache_ra_order+0x274 [<ffffffd4feeb6cec>] do_sync_mmap_readahead+0x11c [<ffffffd4feeb6764>] filemap_fault+0x1a0 [<ffffffd4ff1423bc>] f2fs_filemap_fault+0x28 [<ffffffd4fef0ecac>] __do_fault+0xc8 [<ffffffd4fef0c908>] handle_mm_fault+0xb38 [<ffffffd4ffb9f008>] do_page_fault+0x288 [<ffffffd4ffb9ed64>] do_translation_fault[jt]+0x40 [<ffffffd4fec39c78>] do_mem_abort+0x58 [<ffffffd4ffb8c3e4>] el0_ia+0x70 [<ffffffd4ffb8c260>] el0t_64_sync_handler[jt]+0xb0 [<ffffffd4fec11588>] ret_to_user[jt]+0x0 To fix this, introducee cpu within vmap_block to record which this vb belongs to. Link: https://lkml.kernel.org/r/20240607023116.1720640-1-zhaoyang.huang@unisoc.com Fixes: fc1e0d980037 ("mm/vmalloc: prevent stale TLBs in fully utilized blocks") Signed-off-by: Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> Suggested-by: Hailong.Liu <hailong.liu(a)oppo.com> Reviewed-by: Uladzislau Rezki (Sony) <urezki(a)gmail.com> Cc: Baoquan He <bhe(a)redhat.com> Cc: Christoph Hellwig <hch(a)infradead.org> Cc: Lorenzo Stoakes <lstoakes(a)gmail.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmalloc.c | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) --- a/mm/vmalloc.c~mm-fix-incorrect-vbq-reference-in-purge_fragmented_block +++ a/mm/vmalloc.c @@ -2498,6 +2498,7 @@ struct vmap_block { struct list_head free_list; struct rcu_head rcu_head; struct list_head purge; + unsigned int cpu; }; /* Queue of free and dirty vmap blocks, for allocation and flushing purposes */ @@ -2625,8 +2626,15 @@ static void *new_vmap_block(unsigned int free_vmap_area(va); return ERR_PTR(err); } - - vbq = raw_cpu_ptr(&vmap_block_queue); + /* + * list_add_tail_rcu could happened in another core + * rather than vb->cpu due to task migration, which + * is safe as list_add_tail_rcu will ensure the list's + * integrity together with list_for_each_rcu from read + * side. + */ + vb->cpu = raw_smp_processor_id(); + vbq = per_cpu_ptr(&vmap_block_queue, vb->cpu); spin_lock(&vbq->lock); list_add_tail_rcu(&vb->free_list, &vbq->free); spin_unlock(&vbq->lock); @@ -2654,9 +2662,10 @@ static void free_vmap_block(struct vmap_ } static bool purge_fragmented_block(struct vmap_block *vb, - struct vmap_block_queue *vbq, struct list_head *purge_list, - bool force_purge) + struct list_head *purge_list, bool force_purge) { + struct vmap_block_queue *vbq = &per_cpu(vmap_block_queue, vb->cpu); + if (vb->free + vb->dirty != VMAP_BBMAP_BITS || vb->dirty == VMAP_BBMAP_BITS) return false; @@ -2704,7 +2713,7 @@ static void purge_fragmented_blocks(int continue; spin_lock(&vb->lock); - purge_fragmented_block(vb, vbq, &purge, true); + purge_fragmented_block(vb, &purge, true); spin_unlock(&vb->lock); } rcu_read_unlock(); @@ -2841,7 +2850,7 @@ static void _vm_unmap_aliases(unsigned l * not purgeable, check whether there is dirty * space to be flushed. */ - if (!purge_fragmented_block(vb, vbq, &purge_list, false) && + if (!purge_fragmented_block(vb, &purge_list, false) && vb->dirty_max && vb->dirty != VMAP_BBMAP_BITS) { unsigned long va_start = vb->va->va_start; unsigned long s, e; _ Patches currently in -mm which might be from zhaoyang.huang(a)unisoc.com are mm-fix-incorrect-vbq-reference-in-purge_fragmented_block.patch mm-optimization-on-page-allocation-when-cma-enabled.patch

1 year, 3 months

1
0
0 0

[PATCHv5 1/1] mm: fix incorrect vbq reference in purge_fragmented_block

by zhaoyang.huang

From: Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> The function xa_for_each() in _vm_unmap_aliases() loops through all vbs. However, since commit 062eacf57ad9 ("mm: vmalloc: remove a global vmap_blocks xarray") the vb from xarray may not be on the corresponding CPU vmap_block_queue. Consequently, purge_fragmented_block() might use the wrong vbq->lock to protect the free list, leading to vbq->free breakage. Incorrect lock protection can exhaust all vmalloc space as follows: CPU0 CPU1 +--------------------------------------------+ | +--------------------+ +-----+ | +--> | |---->| |------+ | CPU1:vbq free_list | | vb1 | +--- | |<----| |<-----+ | +--------------------+ +-----+ | +--------------------------------------------+ _vm_unmap_aliases() vb_alloc() new_vmap_block() xa_for_each(&vbq->vmap_blocks, idx, vb) --> vb in CPU1:vbq->freelist purge_fragmented_block(vb) spin_lock(&vbq->lock) spin_lock(&vbq->lock) --> use CPU0:vbq->lock --> use CPU1:vbq->lock list_del_rcu(&vb->free_list) list_add_tail_rcu(&vb->free_list, &vbq->free) __list_del(vb->prev, vb->next) next->prev = prev +--------------------+ | | | CPU1:vbq free_list | +---| |<--+ | +--------------------+ | +----------------------------+ __list_add(new, head->prev, head) +--------------------------------------------+ | +--------------------+ +-----+ | +--> | |---->| |------+ | CPU1:vbq free_list | | vb2 | +--- | |<----| |<-----+ | +--------------------+ +-----+ | +--------------------------------------------+ prev->next = next +--------------------------------------------+ |----------------------------+ | | +--------------------+ | +-----+ | +--> | |--+ | |------+ | CPU1:vbq free_list | | vb2 | +--- | |<----| |<-----+ | +--------------------+ +-----+ | +--------------------------------------------+ Here’s a list breakdown. All vbs, which were to be added to ‘prev’, cannot be used by list_for_each_entry_rcu(vb, &vbq->free, free_list) in vb_alloc(). Thus, vmalloc space is exhausted. This issue affects both erofs and f2fs, the stacktrace is as follows: erofs: [<ffffffd4ffb93ad4>] __switch_to+0x174 [<ffffffd4ffb942f0>] __schedule+0x624 [<ffffffd4ffb946f4>] schedule+0x7c [<ffffffd4ffb947cc>] schedule_preempt_disabled+0x24 [<ffffffd4ffb962ec>] __mutex_lock+0x374 [<ffffffd4ffb95998>] __mutex_lock_slowpath+0x14 [<ffffffd4ffb95954>] mutex_lock+0x24 [<ffffffd4fef2900c>] reclaim_and_purge_vmap_areas+0x44 [<ffffffd4fef25908>] alloc_vmap_area+0x2e0 [<ffffffd4fef24ea0>] vm_map_ram+0x1b0 [<ffffffd4ff1b46f4>] z_erofs_lz4_decompress+0x278 [<ffffffd4ff1b8ac4>] z_erofs_decompress_queue+0x650 [<ffffffd4ff1b8328>] z_erofs_runqueue+0x7f4 [<ffffffd4ff1b66a8>] z_erofs_read_folio+0x104 [<ffffffd4feeb6fec>] filemap_read_folio+0x6c [<ffffffd4feeb68c4>] filemap_fault+0x300 [<ffffffd4fef0ecac>] __do_fault+0xc8 [<ffffffd4fef0c908>] handle_mm_fault+0xb38 [<ffffffd4ffb9f008>] do_page_fault+0x288 [<ffffffd4ffb9ed64>] do_translation_fault[jt]+0x40 [<ffffffd4fec39c78>] do_mem_abort+0x58 [<ffffffd4ffb8c3e4>] el0_ia+0x70 [<ffffffd4ffb8c260>] el0t_64_sync_handler[jt]+0xb0 [<ffffffd4fec11588>] ret_to_user[jt]+0x0 f2fs: [<ffffffd4ffb93ad4>] __switch_to+0x174 [<ffffffd4ffb942f0>] __schedule+0x624 [<ffffffd4ffb946f4>] schedule+0x7c [<ffffffd4ffb947cc>] schedule_preempt_disabled+0x24 [<ffffffd4ffb962ec>] __mutex_lock+0x374 [<ffffffd4ffb95998>] __mutex_lock_slowpath+0x14 [<ffffffd4ffb95954>] mutex_lock+0x24 [<ffffffd4fef2900c>] reclaim_and_purge_vmap_areas+0x44 [<ffffffd4fef25908>] alloc_vmap_area+0x2e0 [<ffffffd4fef24ea0>] vm_map_ram+0x1b0 [<ffffffd4ff1a3b60>] f2fs_prepare_decomp_mem+0x144 [<ffffffd4ff1a6c24>] f2fs_alloc_dic+0x264 [<ffffffd4ff175468>] f2fs_read_multi_pages+0x428 [<ffffffd4ff17b46c>] f2fs_mpage_readpages+0x314 [<ffffffd4ff1785c4>] f2fs_readahead+0x50 [<ffffffd4feec3384>] read_pages+0x80 [<ffffffd4feec32c0>] page_cache_ra_unbounded+0x1a0 [<ffffffd4feec39e8>] page_cache_ra_order+0x274 [<ffffffd4feeb6cec>] do_sync_mmap_readahead+0x11c [<ffffffd4feeb6764>] filemap_fault+0x1a0 [<ffffffd4ff1423bc>] f2fs_filemap_fault+0x28 [<ffffffd4fef0ecac>] __do_fault+0xc8 [<ffffffd4fef0c908>] handle_mm_fault+0xb38 [<ffffffd4ffb9f008>] do_page_fault+0x288 [<ffffffd4ffb9ed64>] do_translation_fault[jt]+0x40 [<ffffffd4fec39c78>] do_mem_abort+0x58 [<ffffffd4ffb8c3e4>] el0_ia+0x70 [<ffffffd4ffb8c260>] el0t_64_sync_handler[jt]+0xb0 [<ffffffd4fec11588>] ret_to_user[jt]+0x0 To fix this, replace xa_for_each() with list_for_each_entry_rcu() which reverts commit fc1e0d980037 ("mm/vmalloc: prevent stale TLBs in fully utilized blocks") Fixes: fc1e0d980037 ("mm/vmalloc: prevent stale TLBs in fully utilized blocks") Cc: stable(a)vger.kernel.org Suggested-by: Hailong.Liu <hailong.liu(a)oppo.com> Signed-off-by: Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> --- v2: introduce cpu in vmap_block to record the right CPU number v3: use get_cpu/put_cpu to prevent schedule between core v4: replace get_cpu/put_cpu by another API to avoid disabling preemption v5: update the commit message by Hailong.Liu --- --- mm/vmalloc.c | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/mm/vmalloc.c b/mm/vmalloc.c index 22aa63f4ef63..89eb034f4ac6 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -2458,6 +2458,7 @@ struct vmap_block { struct list_head free_list; struct rcu_head rcu_head; struct list_head purge; + unsigned int cpu; }; /* Queue of free and dirty vmap blocks, for allocation and flushing purposes */ @@ -2585,8 +2586,15 @@ static void *new_vmap_block(unsigned int order, gfp_t gfp_mask) free_vmap_area(va); return ERR_PTR(err); } - - vbq = raw_cpu_ptr(&vmap_block_queue); + /* + * list_add_tail_rcu could happened in another core + * rather than vb->cpu due to task migration, which + * is safe as list_add_tail_rcu will ensure the list's + * integrity together with list_for_each_rcu from read + * side. + */ + vb->cpu = raw_smp_processor_id(); + vbq = per_cpu_ptr(&vmap_block_queue, vb->cpu); spin_lock(&vbq->lock); list_add_tail_rcu(&vb->free_list, &vbq->free); spin_unlock(&vbq->lock); @@ -2614,9 +2622,10 @@ static void free_vmap_block(struct vmap_block *vb) } static bool purge_fragmented_block(struct vmap_block *vb, - struct vmap_block_queue *vbq, struct list_head *purge_list, - bool force_purge) + struct list_head *purge_list, bool force_purge) { + struct vmap_block_queue *vbq = &per_cpu(vmap_block_queue, vb->cpu); + if (vb->free + vb->dirty != VMAP_BBMAP_BITS || vb->dirty == VMAP_BBMAP_BITS) return false; @@ -2664,7 +2673,7 @@ static void purge_fragmented_blocks(int cpu) continue; spin_lock(&vb->lock); - purge_fragmented_block(vb, vbq, &purge, true); + purge_fragmented_block(vb, &purge, true); spin_unlock(&vb->lock); } rcu_read_unlock(); @@ -2801,7 +2810,7 @@ static void _vm_unmap_aliases(unsigned long start, unsigned long end, int flush) * not purgeable, check whether there is dirty * space to be flushed. */ - if (!purge_fragmented_block(vb, vbq, &purge_list, false) && + if (!purge_fragmented_block(vb, &purge_list, false) && vb->dirty_max && vb->dirty != VMAP_BBMAP_BITS) { unsigned long va_start = vb->va->va_start; unsigned long s, e; -- 2.25.1

1 year, 3 months

3
2
0 0

[update PATCHv5 1/1] mm: fix incorrect vbq reference in purge_fragmented_block

by zhaoyang.huang

From: Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> The function xa_for_each() in _vm_unmap_aliases() loops through all vbs. However, since commit 062eacf57ad9 ("mm: vmalloc: remove a global vmap_blocks xarray") the vb from xarray may not be on the corresponding CPU vmap_block_queue. Consequently, purge_fragmented_block() might use the wrong vbq->lock to protect the free list, leading to vbq->free breakage. Incorrect lock protection can exhaust all vmalloc space as follows: CPU0 CPU1 +--------------------------------------------+ | +--------------------+ +-----+ | +--> | |---->| |------+ | CPU1:vbq free_list | | vb1 | +--- | |<----| |<-----+ | +--------------------+ +-----+ | +--------------------------------------------+ _vm_unmap_aliases() vb_alloc() new_vmap_block() xa_for_each(&vbq->vmap_blocks, idx, vb) --> vb in CPU1:vbq->freelist purge_fragmented_block(vb) spin_lock(&vbq->lock) spin_lock(&vbq->lock) --> use CPU0:vbq->lock --> use CPU1:vbq->lock list_del_rcu(&vb->free_list) list_add_tail_rcu(&vb->free_list, &vbq->free) __list_del(vb->prev, vb->next) next->prev = prev +--------------------+ | | | CPU1:vbq free_list | +---| |<--+ | +--------------------+ | +----------------------------+ __list_add(new, head->prev, head) +--------------------------------------------+ | +--------------------+ +-----+ | +--> | |---->| |------+ | CPU1:vbq free_list | | vb2 | +--- | |<----| |<-----+ | +--------------------+ +-----+ | +--------------------------------------------+ prev->next = next +--------------------------------------------+ |----------------------------+ | | +--------------------+ | +-----+ | +--> | |--+ | |------+ | CPU1:vbq free_list | | vb2 | +--- | |<----| |<-----+ | +--------------------+ +-----+ | +--------------------------------------------+ Here’s a list breakdown. All vbs, which were to be added to ‘prev’, cannot be used by list_for_each_entry_rcu(vb, &vbq->free, free_list) in vb_alloc(). Thus, vmalloc space is exhausted. This issue affects both erofs and f2fs, the stacktrace is as follows: erofs: [<ffffffd4ffb93ad4>] __switch_to+0x174 [<ffffffd4ffb942f0>] __schedule+0x624 [<ffffffd4ffb946f4>] schedule+0x7c [<ffffffd4ffb947cc>] schedule_preempt_disabled+0x24 [<ffffffd4ffb962ec>] __mutex_lock+0x374 [<ffffffd4ffb95998>] __mutex_lock_slowpath+0x14 [<ffffffd4ffb95954>] mutex_lock+0x24 [<ffffffd4fef2900c>] reclaim_and_purge_vmap_areas+0x44 [<ffffffd4fef25908>] alloc_vmap_area+0x2e0 [<ffffffd4fef24ea0>] vm_map_ram+0x1b0 [<ffffffd4ff1b46f4>] z_erofs_lz4_decompress+0x278 [<ffffffd4ff1b8ac4>] z_erofs_decompress_queue+0x650 [<ffffffd4ff1b8328>] z_erofs_runqueue+0x7f4 [<ffffffd4ff1b66a8>] z_erofs_read_folio+0x104 [<ffffffd4feeb6fec>] filemap_read_folio+0x6c [<ffffffd4feeb68c4>] filemap_fault+0x300 [<ffffffd4fef0ecac>] __do_fault+0xc8 [<ffffffd4fef0c908>] handle_mm_fault+0xb38 [<ffffffd4ffb9f008>] do_page_fault+0x288 [<ffffffd4ffb9ed64>] do_translation_fault[jt]+0x40 [<ffffffd4fec39c78>] do_mem_abort+0x58 [<ffffffd4ffb8c3e4>] el0_ia+0x70 [<ffffffd4ffb8c260>] el0t_64_sync_handler[jt]+0xb0 [<ffffffd4fec11588>] ret_to_user[jt]+0x0 f2fs: [<ffffffd4ffb93ad4>] __switch_to+0x174 [<ffffffd4ffb942f0>] __schedule+0x624 [<ffffffd4ffb946f4>] schedule+0x7c [<ffffffd4ffb947cc>] schedule_preempt_disabled+0x24 [<ffffffd4ffb962ec>] __mutex_lock+0x374 [<ffffffd4ffb95998>] __mutex_lock_slowpath+0x14 [<ffffffd4ffb95954>] mutex_lock+0x24 [<ffffffd4fef2900c>] reclaim_and_purge_vmap_areas+0x44 [<ffffffd4fef25908>] alloc_vmap_area+0x2e0 [<ffffffd4fef24ea0>] vm_map_ram+0x1b0 [<ffffffd4ff1a3b60>] f2fs_prepare_decomp_mem+0x144 [<ffffffd4ff1a6c24>] f2fs_alloc_dic+0x264 [<ffffffd4ff175468>] f2fs_read_multi_pages+0x428 [<ffffffd4ff17b46c>] f2fs_mpage_readpages+0x314 [<ffffffd4ff1785c4>] f2fs_readahead+0x50 [<ffffffd4feec3384>] read_pages+0x80 [<ffffffd4feec32c0>] page_cache_ra_unbounded+0x1a0 [<ffffffd4feec39e8>] page_cache_ra_order+0x274 [<ffffffd4feeb6cec>] do_sync_mmap_readahead+0x11c [<ffffffd4feeb6764>] filemap_fault+0x1a0 [<ffffffd4ff1423bc>] f2fs_filemap_fault+0x28 [<ffffffd4fef0ecac>] __do_fault+0xc8 [<ffffffd4fef0c908>] handle_mm_fault+0xb38 [<ffffffd4ffb9f008>] do_page_fault+0x288 [<ffffffd4ffb9ed64>] do_translation_fault[jt]+0x40 [<ffffffd4fec39c78>] do_mem_abort+0x58 [<ffffffd4ffb8c3e4>] el0_ia+0x70 [<ffffffd4ffb8c260>] el0t_64_sync_handler[jt]+0xb0 [<ffffffd4fec11588>] ret_to_user[jt]+0x0 To fix this, introducing cpu within vmap_block to record which this vb belongs to. Fixes: fc1e0d980037 ("mm/vmalloc: prevent stale TLBs in fully utilized blocks") Cc: stable(a)vger.kernel.org Suggested-by: Hailong.Liu <hailong.liu(a)oppo.com> Signed-off-by: Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> --- v2: introduce cpu in vmap_block to record the right CPU number v3: use get_cpu/put_cpu to prevent schedule between core v4: replace get_cpu/put_cpu by another API to avoid disabling preemption v5: update the commit message by Hailong.Liu --- --- mm/vmalloc.c | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/mm/vmalloc.c b/mm/vmalloc.c index 22aa63f4ef63..89eb034f4ac6 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -2458,6 +2458,7 @@ struct vmap_block { struct list_head free_list; struct rcu_head rcu_head; struct list_head purge; + unsigned int cpu; }; /* Queue of free and dirty vmap blocks, for allocation and flushing purposes */ @@ -2585,8 +2586,15 @@ static void *new_vmap_block(unsigned int order, gfp_t gfp_mask) free_vmap_area(va); return ERR_PTR(err); } - - vbq = raw_cpu_ptr(&vmap_block_queue); + /* + * list_add_tail_rcu could happened in another core + * rather than vb->cpu due to task migration, which + * is safe as list_add_tail_rcu will ensure the list's + * integrity together with list_for_each_rcu from read + * side. + */ + vb->cpu = raw_smp_processor_id(); + vbq = per_cpu_ptr(&vmap_block_queue, vb->cpu); spin_lock(&vbq->lock); list_add_tail_rcu(&vb->free_list, &vbq->free); spin_unlock(&vbq->lock); @@ -2614,9 +2622,10 @@ static void free_vmap_block(struct vmap_block *vb) } static bool purge_fragmented_block(struct vmap_block *vb, - struct vmap_block_queue *vbq, struct list_head *purge_list, - bool force_purge) + struct list_head *purge_list, bool force_purge) { + struct vmap_block_queue *vbq = &per_cpu(vmap_block_queue, vb->cpu); + if (vb->free + vb->dirty != VMAP_BBMAP_BITS || vb->dirty == VMAP_BBMAP_BITS) return false; @@ -2664,7 +2673,7 @@ static void purge_fragmented_blocks(int cpu) continue; spin_lock(&vb->lock); - purge_fragmented_block(vb, vbq, &purge, true); + purge_fragmented_block(vb, &purge, true); spin_unlock(&vb->lock); } rcu_read_unlock(); @@ -2801,7 +2810,7 @@ static void _vm_unmap_aliases(unsigned long start, unsigned long end, int flush) * not purgeable, check whether there is dirty * space to be flushed. */ - if (!purge_fragmented_block(vb, vbq, &purge_list, false) && + if (!purge_fragmented_block(vb, &purge_list, false) && vb->dirty_max && vb->dirty != VMAP_BBMAP_BITS) { unsigned long va_start = vb->va->va_start; unsigned long s, e; -- 2.25.1

1 year, 3 months

1
0
0 0

[Resend PATCHv4 1/1] mm: fix incorrect vbq reference in purge_fragmented_block

by zhaoyang.huang

From: Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> vmalloc area runs out in our ARM64 system during an erofs test as vm_map_ram failed[1]. By following the debug log, we find that vm_map_ram()->vb_alloc() will allocate new vb->va which corresponding to 4MB vmalloc area as list_for_each_entry_rcu returns immediately when vbq->free->next points to vbq->free. That is to say, 65536 times of page fault after the list's broken will run out of the whole vmalloc area. This should be introduced by one vbq->free->next point to vbq->free which makes list_for_each_entry_rcu can not iterate the list and find the BUG. [1] PID: 1 TASK: ffffff80802b4e00 CPU: 6 COMMAND: "init" #0 [ffffffc08006afe0] __switch_to at ffffffc08111d5cc #1 [ffffffc08006b040] __schedule at ffffffc08111dde0 #2 [ffffffc08006b0a0] schedule at ffffffc08111e294 #3 [ffffffc08006b0d0] schedule_preempt_disabled at ffffffc08111e3f0 #4 [ffffffc08006b140] __mutex_lock at ffffffc08112068c #5 [ffffffc08006b180] __mutex_lock_slowpath at ffffffc08111f8f8 #6 [ffffffc08006b1a0] mutex_lock at ffffffc08111f834 #7 [ffffffc08006b1d0] reclaim_and_purge_vmap_areas at ffffffc0803ebc3c #8 [ffffffc08006b290] alloc_vmap_area at ffffffc0803e83fc #9 [ffffffc08006b300] vm_map_ram at ffffffc0803e78c0 Fixes: fc1e0d980037 ("mm/vmalloc: prevent stale TLBs in fully utilized blocks") For detailed reason of broken list, please refer to below URL https://lore.kernel.org/all/20240531024820.5507-1-hailong.liu@oppo.com/ Suggested-by: Hailong.Liu <hailong.liu(a)oppo.com> Signed-off-by: Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> --- v2: introduce cpu in vmap_block to record the right CPU number v3: use get_cpu/put_cpu to prevent schedule between core v4: replace get_cpu/put_cpu by another API to avoid disabling preemption --- --- mm/vmalloc.c | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/mm/vmalloc.c b/mm/vmalloc.c index 22aa63f4ef63..89eb034f4ac6 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -2458,6 +2458,7 @@ struct vmap_block { struct list_head free_list; struct rcu_head rcu_head; struct list_head purge; + unsigned int cpu; }; /* Queue of free and dirty vmap blocks, for allocation and flushing purposes */ @@ -2585,8 +2586,15 @@ static void *new_vmap_block(unsigned int order, gfp_t gfp_mask) free_vmap_area(va); return ERR_PTR(err); } - - vbq = raw_cpu_ptr(&vmap_block_queue); + /* + * list_add_tail_rcu could happened in another core + * rather than vb->cpu due to task migration, which + * is safe as list_add_tail_rcu will ensure the list's + * integrity together with list_for_each_rcu from read + * side. + */ + vb->cpu = raw_smp_processor_id(); + vbq = per_cpu_ptr(&vmap_block_queue, vb->cpu); spin_lock(&vbq->lock); list_add_tail_rcu(&vb->free_list, &vbq->free); spin_unlock(&vbq->lock); @@ -2614,9 +2622,10 @@ static void free_vmap_block(struct vmap_block *vb) } static bool purge_fragmented_block(struct vmap_block *vb, - struct vmap_block_queue *vbq, struct list_head *purge_list, - bool force_purge) + struct list_head *purge_list, bool force_purge) { + struct vmap_block_queue *vbq = &per_cpu(vmap_block_queue, vb->cpu); + if (vb->free + vb->dirty != VMAP_BBMAP_BITS || vb->dirty == VMAP_BBMAP_BITS) return false; @@ -2664,7 +2673,7 @@ static void purge_fragmented_blocks(int cpu) continue; spin_lock(&vb->lock); - purge_fragmented_block(vb, vbq, &purge, true); + purge_fragmented_block(vb, &purge, true); spin_unlock(&vb->lock); } rcu_read_unlock(); @@ -2801,7 +2810,7 @@ static void _vm_unmap_aliases(unsigned long start, unsigned long end, int flush) * not purgeable, check whether there is dirty * space to be flushed. */ - if (!purge_fragmented_block(vb, vbq, &purge_list, false) && + if (!purge_fragmented_block(vb, &purge_list, false) && vb->dirty_max && vb->dirty != VMAP_BBMAP_BITS) { unsigned long va_start = vb->va->va_start; unsigned long s, e; -- 2.25.1

1 year, 3 months

7
15
0 0

[PATCH v3 2/2] usb: Do not query the IO advice hints grouping mode page for USB devices

by Bart Van Assche

Recently it was reported that the following USB storage devices are unusable with Linux kernel 6.9: * Kingston DataTraveler G2 * Garmin FR35 This is because attempting to read the IO advice hints grouping mode page causes these devices to reset. Hence do not read the IO advice hints grouping mode page from USB storage devices. Acked-by: Alan Stern <stern(a)rowland.harvard.edu> Cc: stable(a)vger.kernel.org Fixes: 4f53138fffc2 ("scsi: sd: Translate data lifetime information") Reported-by: Joao Machado <jocrismachado(a)gmail.com> Closes: https://lore.kernel.org/linux-scsi/20240130214911.1863909-1-bvanassche@acm.… Tested-by: Andy Shevchenko <andy.shevchenko(a)gmail.com> Bisected-by: Christian Heusel <christian(a)heusel.eu> Reported-by: Andy Shevchenko <andy.shevchenko(a)gmail.com> Closes: https://lore.kernel.org/linux-scsi/CACLx9VdpUanftfPo2jVAqXdcWe8Y43MsDeZmMPo… Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> --- drivers/usb/storage/scsiglue.c | 6 ++++++ drivers/usb/storage/uas.c | 7 +++++++ 2 files changed, 13 insertions(+) diff --git a/drivers/usb/storage/scsiglue.c b/drivers/usb/storage/scsiglue.c index b31464740f6c..8c8b5e6041cc 100644 --- a/drivers/usb/storage/scsiglue.c +++ b/drivers/usb/storage/scsiglue.c @@ -79,6 +79,12 @@ static int slave_alloc (struct scsi_device *sdev) if (us->protocol == USB_PR_BULK && us->max_lun > 0) sdev->sdev_bflags |= BLIST_FORCELUN; + /* + * Some USB storage devices reset if the IO advice hints grouping mode + * page is queried. Hence skip that mode page. + */ + sdev->sdev_bflags |= BLIST_SKIP_IO_HINTS; + return 0; } diff --git a/drivers/usb/storage/uas.c b/drivers/usb/storage/uas.c index a48870a87a29..b610a2de4ae5 100644 --- a/drivers/usb/storage/uas.c +++ b/drivers/usb/storage/uas.c @@ -21,6 +21,7 @@ #include <scsi/scsi.h> #include <scsi/scsi_eh.h> #include <scsi/scsi_dbg.h> +#include <scsi/scsi_devinfo.h> #include <scsi/scsi_cmnd.h> #include <scsi/scsi_device.h> #include <scsi/scsi_host.h> @@ -820,6 +821,12 @@ static int uas_slave_alloc(struct scsi_device *sdev) struct uas_dev_info *devinfo = (struct uas_dev_info *)sdev->host->hostdata; + /* + * Some USB storage devices reset if the IO advice hints grouping mode + * page is queried. Hence skip that mode page. + */ + sdev->sdev_bflags |= BLIST_SKIP_IO_HINTS; + sdev->hostdata = devinfo; return 0; }

1 year, 3 months

1
0
0 0

[PATCH v3 1/2] scsi: core: Introduce the BLIST_SKIP_IO_HINTS flag

by Bart Van Assche

Prepare for skipping the IO advice hints grouping mode page for USB storage devices. Cc: Alan Stern <stern(a)rowland.harvard.edu> Cc: Joao Machado <jocrismachado(a)gmail.com> Cc: Andy Shevchenko <andy.shevchenko(a)gmail.com> Cc: Christian Heusel <christian(a)heusel.eu> Cc: stable(a)vger.kernel.org Fixes: 4f53138fffc2 ("scsi: sd: Translate data lifetime information") Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> --- drivers/scsi/sd.c | 4 ++++ include/scsi/scsi_devinfo.h | 4 +++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c index 3a43e2209751..fcf3d7730466 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c @@ -63,6 +63,7 @@ #include <scsi/scsi_cmnd.h> #include <scsi/scsi_dbg.h> #include <scsi/scsi_device.h> +#include <scsi/scsi_devinfo.h> #include <scsi/scsi_driver.h> #include <scsi/scsi_eh.h> #include <scsi/scsi_host.h> @@ -3117,6 +3118,9 @@ static void sd_read_io_hints(struct scsi_disk *sdkp, unsigned char *buffer) struct scsi_mode_data data; int res; + if (sdp->sdev_bflags & BLIST_SKIP_IO_HINTS) + return; + res = scsi_mode_sense(sdp, /*dbd=*/0x8, /*modepage=*/0x0a, /*subpage=*/0x05, buffer, SD_BUF_SIZE, SD_TIMEOUT, sdkp->max_retries, &data, &sshdr); diff --git a/include/scsi/scsi_devinfo.h b/include/scsi/scsi_devinfo.h index 6b548dc2c496..5856b68a5180 100644 --- a/include/scsi/scsi_devinfo.h +++ b/include/scsi/scsi_devinfo.h @@ -69,8 +69,10 @@ #define BLIST_RETRY_ITF ((__force blist_flags_t)(1ULL << 32)) /* Always retry ABORTED_COMMAND with ASC 0xc1 */ #define BLIST_RETRY_ASC_C1 ((__force blist_flags_t)(1ULL << 33)) +/* Do not query the IO advice hints grouping mode page */ +#define BLIST_SKIP_IO_HINTS ((__force blist_flags_t)(1ULL << 34)) -#define __BLIST_LAST_USED BLIST_RETRY_ASC_C1 +#define __BLIST_LAST_USED BLIST_SKIP_IO_HINTS #define __BLIST_HIGH_UNUSED (~(__BLIST_LAST_USED | \ (__force blist_flags_t) \

1 year, 3 months

1
0
0 0

+ mm-shmem-fix-getting-incorrect-lruvec-when-replacing-a-shmem-folio.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: shmem: fix getting incorrect lruvec when replacing a shmem folio has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-shmem-fix-getting-incorrect-lruvec-when-replacing-a-shmem-folio.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Baolin Wang <baolin.wang(a)linux.alibaba.com> Subject: mm: shmem: fix getting incorrect lruvec when replacing a shmem folio Date: Thu, 13 Jun 2024 16:21:19 +0800 When testing shmem swapin, I encountered the warning below on my machine. The reason is that replacing an old shmem folio with a new one causes mem_cgroup_migrate() to clear the old folio's memcg data. As a result, the old folio cannot get the correct memcg's lruvec needed to remove itself from the LRU list when it is being freed. This could lead to possible serious problems, such as LRU list crashes due to holding the wrong LRU lock, and incorrect LRU statistics. To fix this issue, we can fallback to use the mem_cgroup_replace_folio() to replace the old shmem folio. [ 5241.100311] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5d9960 [ 5241.100317] head: order:4 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 5241.100319] flags: 0x17fffe0000040068(uptodate|lru|head|swapbacked|node=0|zone=2|lastcpupid=0x3ffff) [ 5241.100323] raw: 17fffe0000040068 fffffdffd6687948 fffffdffd69ae008 0000000000000000 [ 5241.100325] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 5241.100326] head: 17fffe0000040068 fffffdffd6687948 fffffdffd69ae008 0000000000000000 [ 5241.100327] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 5241.100328] head: 17fffe0000000204 fffffdffd6665801 ffffffffffffffff 0000000000000000 [ 5241.100329] head: 0000000a00000010 0000000000000000 00000000ffffffff 0000000000000000 [ 5241.100330] page dumped because: VM_WARN_ON_ONCE_FOLIO(!memcg && !mem_cgroup_disabled()) [ 5241.100338] ------------[ cut here ]------------ [ 5241.100339] WARNING: CPU: 19 PID: 78402 at include/linux/memcontrol.h:775 folio_lruvec_lock_irqsave+0x140/0x150 [...] [ 5241.100374] pc : folio_lruvec_lock_irqsave+0x140/0x150 [ 5241.100375] lr : folio_lruvec_lock_irqsave+0x138/0x150 [ 5241.100376] sp : ffff80008b38b930 [...] [ 5241.100398] Call trace: [ 5241.100399] folio_lruvec_lock_irqsave+0x140/0x150 [ 5241.100401] __page_cache_release+0x90/0x300 [ 5241.100404] __folio_put+0x50/0x108 [ 5241.100406] shmem_replace_folio+0x1b4/0x240 [ 5241.100409] shmem_swapin_folio+0x314/0x528 [ 5241.100411] shmem_get_folio_gfp+0x3b4/0x930 [ 5241.100412] shmem_fault+0x74/0x160 [ 5241.100414] __do_fault+0x40/0x218 [ 5241.100417] do_shared_fault+0x34/0x1b0 [ 5241.100419] do_fault+0x40/0x168 [ 5241.100420] handle_pte_fault+0x80/0x228 [ 5241.100422] __handle_mm_fault+0x1c4/0x440 [ 5241.100424] handle_mm_fault+0x60/0x1f0 [ 5241.100426] do_page_fault+0x120/0x488 [ 5241.100429] do_translation_fault+0x4c/0x68 [ 5241.100431] do_mem_abort+0x48/0xa0 [ 5241.100434] el0_da+0x38/0xc0 [ 5241.100436] el0t_64_sync_handler+0x68/0xc0 [ 5241.100437] el0t_64_sync+0x14c/0x150 [ 5241.100439] ---[ end trace 0000000000000000 ]--- Link: https://lkml.kernel.org/r/3c11000dd6c1df83015a8321a859e9775ebbc23e.17182661… Fixes: 85ce2c517ade ("memcontrol: only transfer the memcg data for migration") Signed-off-by: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Nhat Pham <nphamcs(a)gmail.com> Cc: Shakeel Butt <shakeel.butt(a)linux.dev> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Roman Gushchin <roman.gushchin(a)linux.dev> Cc: Muchun Song <songmuchun(a)bytedance.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/shmem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/shmem.c~mm-shmem-fix-getting-incorrect-lruvec-when-replacing-a-shmem-folio +++ a/mm/shmem.c @@ -1786,7 +1786,7 @@ static int shmem_replace_folio(struct fo xa_lock_irq(&swap_mapping->i_pages); error = shmem_replace_entry(swap_mapping, swap_index, old, new); if (!error) { - mem_cgroup_migrate(old, new); + mem_cgroup_replace_folio(old, new); __lruvec_stat_mod_folio(new, NR_FILE_PAGES, 1); __lruvec_stat_mod_folio(new, NR_SHMEM, 1); __lruvec_stat_mod_folio(old, NR_FILE_PAGES, -1); _ Patches currently in -mm which might be from baolin.wang(a)linux.alibaba.com are mm-shmem-fix-getting-incorrect-lruvec-when-replacing-a-shmem-folio.patch mm-memory-extend-finish_fault-to-support-large-folio.patch mm-memory-extend-finish_fault-to-support-large-folio-fix.patch mm-shmem-add-thp-validation-for-pmd-mapped-thp-related-statistics.patch mm-shmem-add-multi-size-thp-sysfs-interface-for-anonymous-shmem.patch mm-shmem-add-multi-size-thp-sysfs-interface-for-anonymous-shmem-fix.patch mm-shmem-add-mthp-support-for-anonymous-shmem.patch mm-shmem-add-mthp-size-alignment-in-shmem_get_unmapped_area.patch mm-shmem-add-mthp-counters-for-anonymous-shmem.patch

1 year, 3 months

1
0
0 0

+ mm-fix-incorrect-vbq-reference-in-purge_fragmented_block.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: fix incorrect vbq reference in purge_fragmented_block has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-fix-incorrect-vbq-reference-in-purge_fragmented_block.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> Subject: mm: fix incorrect vbq reference in purge_fragmented_block Date: Fri, 7 Jun 2024 10:31:16 +0800 vmalloc area runs out in our ARM64 system during an erofs test as vm_map_ram failed[1]. By following the debug log, we find that vm_map_ram()->vb_alloc() will allocate new vb->va which corresponding to 4MB vmalloc area as list_for_each_entry_rcu returns immediately when vbq->free->next points to vbq->free. That is to say, 65536 times of page fault after the list's broken will run out of the whole vmalloc area. This should be introduced by one vbq->free->next point to vbq->free which makes list_for_each_entry_rcu can not iterate the list and find the BUG. [1] PID: 1 TASK: ffffff80802b4e00 CPU: 6 COMMAND: "init" #0 [ffffffc08006afe0] __switch_to at ffffffc08111d5cc #1 [ffffffc08006b040] __schedule at ffffffc08111dde0 #2 [ffffffc08006b0a0] schedule at ffffffc08111e294 #3 [ffffffc08006b0d0] schedule_preempt_disabled at ffffffc08111e3f0 #4 [ffffffc08006b140] __mutex_lock at ffffffc08112068c #5 [ffffffc08006b180] __mutex_lock_slowpath at ffffffc08111f8f8 #6 [ffffffc08006b1a0] mutex_lock at ffffffc08111f834 #7 [ffffffc08006b1d0] reclaim_and_purge_vmap_areas at ffffffc0803ebc3c #8 [ffffffc08006b290] alloc_vmap_area at ffffffc0803e83fc #9 [ffffffc08006b300] vm_map_ram at ffffffc0803e78c0 For detailed descri[ption of the broken list, please see https://lore.kernel.org/all/20240531024820.5507-1-hailong.liu@oppo.com/ Link: https://lkml.kernel.org/r/20240607023116.1720640-1-zhaoyang.huang@unisoc.com Fixes: fc1e0d980037 ("mm/vmalloc: prevent stale TLBs in fully utilized blocks") Signed-off-by: Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> Suggested-by: Hailong.Liu <hailong.liu(a)oppo.com> Reviewed-by: Uladzislau Rezki (Sony) <urezki(a)gmail.com> Cc: Baoquan He <bhe(a)redhat.com> Cc: Christoph Hellwig <hch(a)infradead.org> Cc: Lorenzo Stoakes <lstoakes(a)gmail.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmalloc.c | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) --- a/mm/vmalloc.c~mm-fix-incorrect-vbq-reference-in-purge_fragmented_block +++ a/mm/vmalloc.c @@ -2498,6 +2498,7 @@ struct vmap_block { struct list_head free_list; struct rcu_head rcu_head; struct list_head purge; + unsigned int cpu; }; /* Queue of free and dirty vmap blocks, for allocation and flushing purposes */ @@ -2625,8 +2626,15 @@ static void *new_vmap_block(unsigned int free_vmap_area(va); return ERR_PTR(err); } - - vbq = raw_cpu_ptr(&vmap_block_queue); + /* + * list_add_tail_rcu could happened in another core + * rather than vb->cpu due to task migration, which + * is safe as list_add_tail_rcu will ensure the list's + * integrity together with list_for_each_rcu from read + * side. + */ + vb->cpu = raw_smp_processor_id(); + vbq = per_cpu_ptr(&vmap_block_queue, vb->cpu); spin_lock(&vbq->lock); list_add_tail_rcu(&vb->free_list, &vbq->free); spin_unlock(&vbq->lock); @@ -2654,9 +2662,10 @@ static void free_vmap_block(struct vmap_ } static bool purge_fragmented_block(struct vmap_block *vb, - struct vmap_block_queue *vbq, struct list_head *purge_list, - bool force_purge) + struct list_head *purge_list, bool force_purge) { + struct vmap_block_queue *vbq = &per_cpu(vmap_block_queue, vb->cpu); + if (vb->free + vb->dirty != VMAP_BBMAP_BITS || vb->dirty == VMAP_BBMAP_BITS) return false; @@ -2704,7 +2713,7 @@ static void purge_fragmented_blocks(int continue; spin_lock(&vb->lock); - purge_fragmented_block(vb, vbq, &purge, true); + purge_fragmented_block(vb, &purge, true); spin_unlock(&vb->lock); } rcu_read_unlock(); @@ -2841,7 +2850,7 @@ static void _vm_unmap_aliases(unsigned l * not purgeable, check whether there is dirty * space to be flushed. */ - if (!purge_fragmented_block(vb, vbq, &purge_list, false) && + if (!purge_fragmented_block(vb, &purge_list, false) && vb->dirty_max && vb->dirty != VMAP_BBMAP_BITS) { unsigned long va_start = vb->va->va_start; unsigned long s, e; _ Patches currently in -mm which might be from zhaoyang.huang(a)unisoc.com are mm-fix-incorrect-vbq-reference-in-purge_fragmented_block.patch mm-optimization-on-page-allocation-when-cma-enabled.patch

1 year, 3 months

1
0
0 0

6.6.y: cifs broken since 6.6.23 writing big files with vers=1.0 and 2.0

by Thomas Voegtle

Hello, a machine booted with Linux 6.6.23 up to 6.6.32: writing /dev/zero with dd on a mounted cifs share with vers=1.0 or vers=2.0 slows down drastically in my setup after writing approx. 46GB of data. The whole machine gets unresponsive as it was under very high IO load. It pings but opening a new ssh session needs too much time. I can stop the dd (ctrl-c) and after a few minutes the machine is fine again. cifs with vers=3.1.1 seems to be fine with 6.6.32. Linux 6.10-rc3 is fine with vers=1.0 and vers=2.0. Bisected down to: cifs-fix-writeback-data-corruption.patch which is: Upstream commit f3dc1bdb6b0b0693562c7c54a6c28bafa608ba3c and linux-stable commit e45deec35bf7f1f4f992a707b2d04a8c162f2240 Reverting this patch on 6.6.32 fixes the problem for me. Thomas

1 year, 3 months

3
8
0 0

[PATCH v2 1/2] scsi: core: Introduce the BLIST_SKIP_IO_HINTS flag

by Bart Van Assche

Prepare for skipping reading the IO hints VPD page for USB storage devices. Cc: Alan Stern <stern(a)rowland.harvard.edu> Cc: Joao Machado <jocrismachado(a)gmail.com> Cc: Andy Shevchenko <andy.shevchenko(a)gmail.com> Cc: Christian Heusel <christian(a)heusel.eu> Cc: stable(a)vger.kernel.org Fixes: 4f53138fffc2 ("scsi: sd: Translate data lifetime information") Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> --- drivers/scsi/sd.c | 4 ++++ include/scsi/scsi_devinfo.h | 4 +++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c index 3a43e2209751..fcf3d7730466 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c @@ -63,6 +63,7 @@ #include <scsi/scsi_cmnd.h> #include <scsi/scsi_dbg.h> #include <scsi/scsi_device.h> +#include <scsi/scsi_devinfo.h> #include <scsi/scsi_driver.h> #include <scsi/scsi_eh.h> #include <scsi/scsi_host.h> @@ -3117,6 +3118,9 @@ static void sd_read_io_hints(struct scsi_disk *sdkp, unsigned char *buffer) struct scsi_mode_data data; int res; + if (sdp->sdev_bflags & BLIST_SKIP_IO_HINTS) + return; + res = scsi_mode_sense(sdp, /*dbd=*/0x8, /*modepage=*/0x0a, /*subpage=*/0x05, buffer, SD_BUF_SIZE, SD_TIMEOUT, sdkp->max_retries, &data, &sshdr); diff --git a/include/scsi/scsi_devinfo.h b/include/scsi/scsi_devinfo.h index 6b548dc2c496..fa8721e49dec 100644 --- a/include/scsi/scsi_devinfo.h +++ b/include/scsi/scsi_devinfo.h @@ -69,8 +69,10 @@ #define BLIST_RETRY_ITF ((__force blist_flags_t)(1ULL << 32)) /* Always retry ABORTED_COMMAND with ASC 0xc1 */ #define BLIST_RETRY_ASC_C1 ((__force blist_flags_t)(1ULL << 33)) +/* Do not read the I/O hints mode page */ +#define BLIST_SKIP_IO_HINTS ((__force blist_flags_t)(1ULL << 34)) -#define __BLIST_LAST_USED BLIST_RETRY_ASC_C1 +#define __BLIST_LAST_USED BLIST_SKIP_IO_HINTS #define __BLIST_HIGH_UNUSED (~(__BLIST_LAST_USED | \ (__force blist_flags_t) \

1 year, 3 months

3
2
0 0

[PATCH 2/2] scsi: core: Do not query IO hints for USB devices

by Bart Van Assche

Recently it was reported that the following USB storage devices are unusable with Linux kernel 6.9: * Kingston DataTraveler G2 * Garmin FR35 This is because attempting to read the IO hint VPD page causes these devices to reset. Hence do not read the IO hint VPD page from USB storage devices. Cc: Alan Stern <stern(a)rowland.harvard.edu> Cc: linux-usb(a)vger.kernel.org Cc: Joao Machado <jocrismachado(a)gmail.com> Cc: Andy Shevchenko <andy.shevchenko(a)gmail.com> Cc: Christian Heusel <christian(a)heusel.eu> Cc: stable(a)vger.kernel.org Fixes: 4f53138fffc2 ("scsi: sd: Translate data lifetime information") Reported-by: Joao Machado <jocrismachado(a)gmail.com> Closes: https://lore.kernel.org/linux-scsi/20240130214911.1863909-1-bvanassche@acm.… Tested-by: Andy Shevchenko <andy.shevchenko(a)gmail.com> Bisected-by: Christian Heusel <christian(a)heusel.eu> Reported-by: Andy Shevchenko <andy.shevchenko(a)gmail.com> Closes: https://lore.kernel.org/linux-scsi/CACLx9VdpUanftfPo2jVAqXdcWe8Y43MsDeZmMPo… Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> --- drivers/usb/storage/scsiglue.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/usb/storage/scsiglue.c b/drivers/usb/storage/scsiglue.c index b31464740f6c..9a7185c68872 100644 --- a/drivers/usb/storage/scsiglue.c +++ b/drivers/usb/storage/scsiglue.c @@ -79,6 +79,8 @@ static int slave_alloc (struct scsi_device *sdev) if (us->protocol == USB_PR_BULK && us->max_lun > 0) sdev->sdev_bflags |= BLIST_FORCELUN; + sdev->sdev_bflags |= BLIST_SKIP_IO_HINTS; + return 0; }

1 year, 3 months

3
6
0 0

FAILED: patch "[PATCH] kbuild: Remove support for Clang's ThinLTO caching" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x aba091547ef6159d52471f42a3ef531b7b660ed8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061342-unimpeded-hardcover-349c@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: aba091547ef6 ("kbuild: Remove support for Clang's ThinLTO caching") 1db773da58df ("kbuild: remove old Rust docs output path") 7ea01d3169a2 ("rust: delete rust-project.json when running make clean") 8afc66e8d43b ("Merge tag 'kbuild-v6.1' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From aba091547ef6159d52471f42a3ef531b7b660ed8 Mon Sep 17 00:00:00 2001 From: Nathan Chancellor <nathan(a)kernel.org> Date: Wed, 1 May 2024 15:55:25 -0700 Subject: [PATCH] kbuild: Remove support for Clang's ThinLTO caching MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit There is an issue in clang's ThinLTO caching (enabled for the kernel via '--thinlto-cache-dir') with .incbin, which the kernel occasionally uses to include data within the kernel, such as the .config file for /proc/config.gz. For example, when changing the .config and rebuilding vmlinux, the copy of .config in vmlinux does not match the copy of .config in the build folder: $ echo 'CONFIG_LTO_NONE=n CONFIG_LTO_CLANG_THIN=y CONFIG_IKCONFIG=y CONFIG_HEADERS_INSTALL=y' >kernel/configs/repro.config $ make -skj"$(nproc)" ARCH=x86_64 LLVM=1 clean defconfig repro.config vmlinux ... $ grep CONFIG_HEADERS_INSTALL .config CONFIG_HEADERS_INSTALL=y $ scripts/extract-ikconfig vmlinux | grep CONFIG_HEADERS_INSTALL CONFIG_HEADERS_INSTALL=y $ scripts/config -d HEADERS_INSTALL $ make -kj"$(nproc)" ARCH=x86_64 LLVM=1 vmlinux ... UPD kernel/config_data GZIP kernel/config_data.gz CC kernel/configs.o ... LD vmlinux ... $ grep CONFIG_HEADERS_INSTALL .config # CONFIG_HEADERS_INSTALL is not set $ scripts/extract-ikconfig vmlinux | grep CONFIG_HEADERS_INSTALL CONFIG_HEADERS_INSTALL=y Without '--thinlto-cache-dir' or when using full LTO, this issue does not occur. Benchmarking incremental builds on a few different machines with and without the cache shows a 20% increase in incremental build time without the cache when measured by touching init/main.c and running 'make all'. ARCH=arm64 defconfig + CONFIG_LTO_CLANG_THIN=y on an arm64 host: Benchmark 1: With ThinLTO cache Time (mean ± σ): 56.347 s ± 0.163 s [User: 83.768 s, System: 24.661 s] Range (min … max): 56.109 s … 56.594 s 10 runs Benchmark 2: Without ThinLTO cache Time (mean ± σ): 67.740 s ± 0.479 s [User: 718.458 s, System: 31.797 s] Range (min … max): 67.059 s … 68.556 s 10 runs Summary With ThinLTO cache ran 1.20 ± 0.01 times faster than Without ThinLTO cache ARCH=x86_64 defconfig + CONFIG_LTO_CLANG_THIN=y on an x86_64 host: Benchmark 1: With ThinLTO cache Time (mean ± σ): 85.772 s ± 0.252 s [User: 91.505 s, System: 8.408 s] Range (min … max): 85.447 s … 86.244 s 10 runs Benchmark 2: Without ThinLTO cache Time (mean ± σ): 103.833 s ± 0.288 s [User: 232.058 s, System: 8.569 s] Range (min … max): 103.286 s … 104.124 s 10 runs Summary With ThinLTO cache ran 1.21 ± 0.00 times faster than Without ThinLTO cache While it is unfortunate to take this performance improvement off the table, correctness is more important. If/when this is fixed in LLVM, it can potentially be brought back in a conditional manner. Alternatively, a developer can just disable LTO if doing incremental compiles quickly is important, as a full compile cycle can still take over a minute even with the cache and it is unlikely that LTO will result in functional differences for a kernel change. Cc: stable(a)vger.kernel.org Fixes: dc5723b02e52 ("kbuild: add support for Clang LTO") Reported-by: Yifan Hong <elsk(a)google.com> Closes: https://github.com/ClangBuiltLinux/linux/issues/2021 Reported-by: Masami Hiramatsu <mhiramat(a)kernel.org> Closes: https://lore.kernel.org/r/20220327115526.cc4b0ff55fc53c97683c3e4d@kernel.or… Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> Signed-off-by: Masahiro Yamada <masahiroy(a)kernel.org> diff --git a/Makefile b/Makefile index 026971f9f6bc..12e1a792b8de 100644 --- a/Makefile +++ b/Makefile @@ -942,7 +942,6 @@ endif ifdef CONFIG_LTO_CLANG ifdef CONFIG_LTO_CLANG_THIN CC_FLAGS_LTO := -flto=thin -fsplit-lto-unit -KBUILD_LDFLAGS += --thinlto-cache-dir=$(extmod_prefix).thinlto-cache else CC_FLAGS_LTO := -flto endif @@ -1480,7 +1479,7 @@ endif # CONFIG_MODULES # Directories & files removed with 'make clean' CLEAN_FILES += vmlinux.symvers modules-only.symvers \ modules.builtin modules.builtin.modinfo modules.nsdeps \ - compile_commands.json .thinlto-cache rust/test \ + compile_commands.json rust/test \ rust-project.json .vmlinux.objs .vmlinux.export.c # Directories & files removed with 'make mrproper' @@ -1787,7 +1786,7 @@ PHONY += compile_commands.json clean-dirs := $(KBUILD_EXTMOD) clean: rm-files := $(KBUILD_EXTMOD)/Module.symvers $(KBUILD_EXTMOD)/modules.nsdeps \ - $(KBUILD_EXTMOD)/compile_commands.json $(KBUILD_EXTMOD)/.thinlto-cache + $(KBUILD_EXTMOD)/compile_commands.json PHONY += prepare # now expand this into a simple variable to reduce the cost of shell evaluations

1 year, 3 months

2
1
0 0

Regression Impact from Commit dceb683ab87c on Kubernetes Hairpin Tests

by Allen Pais

Hi Greg, I hope this message finds you well. I'm reaching out to report a regression issue linked to the commit dceb683ab87c(v5.15.158), which addresses the netfilter subsystem by skipping the conntrack input hook for promiscuous packets. [dceb683ab87c 2024-04-09 netfilter: br_netfilter: skip conntrack input hook for promiscuous packets.] Unfortunately, this update appears to be breaking Kubernetes hairpin tests, impacting the normal functionality expected in Kubernetes environments. Additionally, it's worth noting that this specific commit is associated with a security vulnerability, as detailed in the NVD: CVE-2024-27018. We have bisected the issue to the specific commit dceb683ab87c. By reverting this commit, we confirmed that the Kubernetes hairpin test issues are resolved. However, given that this commit addresses the security vulnerability CVE-2024-27018, directly reverting it is not a viable option. We’re in a tricky position and would greatly appreciate your advice on how we might approach this problem. Thank you for your attention to this matter. I look forward to your guidance on how we might proceed. Best regards, Allen

1 year, 3 months

2
2
0 0

[PATCH v2 2/2] scsi: core: Do not query IO hints for USB devices

by Bart Van Assche

Recently it was reported that the following USB storage devices are unusable with Linux kernel 6.9: * Kingston DataTraveler G2 * Garmin FR35 This is because attempting to read the IO hint VPD page causes these devices to reset. Hence do not read the IO hint VPD page from USB storage devices. Cc: Alan Stern <stern(a)rowland.harvard.edu> Cc: linux-usb(a)vger.kernel.org Cc: Joao Machado <jocrismachado(a)gmail.com> Cc: Andy Shevchenko <andy.shevchenko(a)gmail.com> Cc: Christian Heusel <christian(a)heusel.eu> Cc: stable(a)vger.kernel.org Fixes: 4f53138fffc2 ("scsi: sd: Translate data lifetime information") Reported-by: Joao Machado <jocrismachado(a)gmail.com> Closes: https://lore.kernel.org/linux-scsi/20240130214911.1863909-1-bvanassche@acm.… Tested-by: Andy Shevchenko <andy.shevchenko(a)gmail.com> Bisected-by: Christian Heusel <christian(a)heusel.eu> Reported-by: Andy Shevchenko <andy.shevchenko(a)gmail.com> Closes: https://lore.kernel.org/linux-scsi/CACLx9VdpUanftfPo2jVAqXdcWe8Y43MsDeZmMPo… Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> --- drivers/usb/storage/scsiglue.c | 6 ++++++ drivers/usb/storage/uas.c | 7 +++++++ 2 files changed, 13 insertions(+) diff --git a/drivers/usb/storage/scsiglue.c b/drivers/usb/storage/scsiglue.c index b31464740f6c..b4cf0349fd0d 100644 --- a/drivers/usb/storage/scsiglue.c +++ b/drivers/usb/storage/scsiglue.c @@ -79,6 +79,12 @@ static int slave_alloc (struct scsi_device *sdev) if (us->protocol == USB_PR_BULK && us->max_lun > 0) sdev->sdev_bflags |= BLIST_FORCELUN; + /* + * Some USB storage devices reset if the IO hints VPD page is queried. + * Hence skip that VPD page. + */ + sdev->sdev_bflags |= BLIST_SKIP_IO_HINTS; + return 0; } diff --git a/drivers/usb/storage/uas.c b/drivers/usb/storage/uas.c index a48870a87a29..77fdfb6a90c8 100644 --- a/drivers/usb/storage/uas.c +++ b/drivers/usb/storage/uas.c @@ -21,6 +21,7 @@ #include <scsi/scsi.h> #include <scsi/scsi_eh.h> #include <scsi/scsi_dbg.h> +#include <scsi/scsi_devinfo.h> #include <scsi/scsi_cmnd.h> #include <scsi/scsi_device.h> #include <scsi/scsi_host.h> @@ -820,6 +821,12 @@ static int uas_slave_alloc(struct scsi_device *sdev) struct uas_dev_info *devinfo = (struct uas_dev_info *)sdev->host->hostdata; + /* + * Some USB storage devices reset if the IO hints VPD page is queried. + * Hence skip that VPD page. + */ + sdev->sdev_bflags |= BLIST_SKIP_IO_HINTS; + sdev->hostdata = devinfo; return 0; }

1 year, 3 months

3
2
0 0

Re: [PATCH 6.9 000/157] 6.9.5-rc1 review

by Ronald Warsow

Hi Greg ... today I had a crash with 6.9.4, see below seems not to be reproduceable with 6.9.5-rc1 ==== the above last sentence is *NOT* true, cause 6.9.5-rc1 show the same behavior (this time compiled with gcc) Jun 13 18:49:22 obelix.fritz.box kernel: Hardware name: ASUS System Product Name/ROG STRIX B560-G GAMING WIFI, BIOS 2203 02/06/2024 Jun 13 18:49:22 obelix.fritz.box kernel: RIP: 0010:drm_suballoc_free+0x13/0x110 [drm_suballoc_helper] Jun 13 18:49:22 obelix.fritz.box kernel: Code: eb ce 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 85 ff 0f 84 e1 00 00 00 41 54 55 48 89 fd 53 48 89 f3 <4c> 8b 67 20 4c 89 e7 e8 61 53 bd e2 48 85 db 0f 84 9f 00 00 00 48 Jun 13 18:49:22 obelix.fritz.box kernel: RSP: 0018:ffff9caa851f7630 EFLAGS: 00010286 Jun 13 18:49:22 obelix.fritz.box kernel: RAX: fffffffffffffe00 RBX: 0000000000000000 RCX: 000000000000890b Jun 13 18:49:22 obelix.fritz.box kernel: RDX: 00000000000088fb RSI: 0000000000000000 RDI: fffffffffffffe00 Jun 13 18:49:22 obelix.fritz.box kernel: RBP: fffffffffffffe00 R08: 0000000000000000 R09: 0000000000000001 Jun 13 18:49:22 obelix.fritz.box kernel: R10: 0000000000000000 R11: 0000000000000180 R12: ffff8ebf913c1158 Jun 13 18:49:22 obelix.fritz.box kernel: R13: fffffffffffffe00 R14: ffff9caa851f78a8 R15: ffff8ebf913c0000 Jun 13 18:49:22 obelix.fritz.box kernel: FS: 00007fd4f4640b00(0000) GS:ffff8ec2cf980000(0000) knlGS:0000000000000000 Jun 13 18:49:22 obelix.fritz.box kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 Jun 13 18:49:22 obelix.fritz.box kernel: CR2: fffffffffffffe20 CR3: 0000000110bc4001 CR4: 0000000000770ef0 Jun 13 18:49:22 obelix.fritz.box kernel: PKRU: 55555554 Jun 13 18:49:22 obelix.fritz.box kernel: Call Trace: Jun 13 18:49:22 obelix.fritz.box kernel: <TASK> Jun 13 18:49:22 obelix.fritz.box kernel: ? __die_body.cold+0x19/0x2c Jun 13 18:49:22 obelix.fritz.box kernel: ? page_fault_oops+0x155/0x280 Jun 13 18:49:22 obelix.fritz.box kernel: ? search_module_extables+0x10/0x50 Jun 13 18:49:22 obelix.fritz.box kernel: ? search_bpf_extables+0x56/0x80 Jun 13 18:49:22 obelix.fritz.box kernel: ? exc_page_fault+0x7a/0x80 Jun 13 18:49:22 obelix.fritz.box kernel: ? asm_exc_page_fault+0x22/0x30 Jun 13 18:49:22 obelix.fritz.box kernel: ? drm_suballoc_free+0x13/0x110 [drm_suballoc_helper] Jun 13 18:49:22 obelix.fritz.box kernel: xe_migrate_update_pgtables+0x692/0x9b0 [xe] Jun 13 18:49:22 obelix.fritz.box kernel: ? kmalloc_trace+0x11f/0x2d0 Jun 13 18:49:22 obelix.fritz.box kernel: __xe_pt_bind_vma+0x492/0xbe0 [xe] Jun 13 18:49:22 obelix.fritz.box kernel: xe_vm_bind_vma+0xa6/0x2e0 [xe] Jun 13 18:49:22 obelix.fritz.box kernel: xe_vm_bind+0xf3/0x200 [xe] Jun 13 18:49:22 obelix.fritz.box kernel: __xe_vma_op_execute+0x278/0x490 [xe] Jun 13 18:49:22 obelix.fritz.box kernel: xe_vm_bind_ioctl+0x1ce0/0x1f20 [xe] Jun 13 18:49:22 obelix.fritz.box kernel: ? __pfx_xe_vm_bind_ioctl+0x10/0x10 [xe] Jun 13 18:49:22 obelix.fritz.box kernel: drm_ioctl_kernel+0xa7/0x100 [drm] Jun 13 18:49:22 obelix.fritz.box kernel: drm_ioctl+0x312/0x5c0 [drm] Jun 13 18:49:22 obelix.fritz.box kernel: ? __pfx_xe_vm_bind_ioctl+0x10/0x10 [xe] Jun 13 18:49:22 obelix.fritz.box kernel: __x64_sys_ioctl+0x40d/0xb70 Jun 13 18:49:22 obelix.fritz.box kernel: do_syscall_64+0x7a/0x160 Jun 13 18:49:22 obelix.fritz.box kernel: ? __x64_sys_ioctl+0x13e/0xb70 Jun 13 18:49:22 obelix.fritz.box kernel: ? __count_memcg_events+0x43/0xb0 Jun 13 18:49:22 obelix.fritz.box kernel: ? handle_mm_fault+0x1f9/0x300 Jun 13 18:49:22 obelix.fritz.box kernel: ? syscall_exit_to_user_mode+0x68/0x1e0 Jun 13 18:49:22 obelix.fritz.box kernel: ? do_syscall_64+0x86/0x160 Jun 13 18:49:22 obelix.fritz.box kernel: ? clear_bhb_loop+0x45/0xa0 Jun 13 18:49:22 obelix.fritz.box kernel: ? clear_bhb_loop+0x45/0xa0 Jun 13 18:49:22 obelix.fritz.box kernel: ? clear_bhb_loop+0x45/0xa0 Jun 13 18:49:22 obelix.fritz.box kernel: entry_SYSCALL_64_after_hwframe+0x76/0x7e Jun 13 18:49:22 obelix.fritz.box kernel: RIP: 0033:0x7fd4f4d23d2d Jun 13 18:49:22 obelix.fritz.box kernel: Code: 04 25 28 00 00 00 48 89 45 c8 31 c0 48 8d 45 10 c7 45 b0 10 00 00 00 48 89 45 b8 48 8d 45 d0 48 89 45 c0 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1a 48 8b 45 c8 64 48 2b 04 25 28 00 00 00 Jun 13 18:49:22 obelix.fritz.box kernel: RSP: 002b:00007fff94738650 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 Jun 13 18:49:22 obelix.fritz.box kernel: RAX: ffffffffffffffda RBX: 00007fff94738710 RCX: 00007fd4f4d23d2d Jun 13 18:49:22 obelix.fritz.box kernel: RDX: 00007fff94738710 RSI: 0000000040886445 RDI: 0000000000000010 Jun 13 18:49:22 obelix.fritz.box kernel: RBP: 00007fff947386a0 R08: 0000000000001000 R09: 0000000000000000 Jun 13 18:49:22 obelix.fritz.box kernel: R10: 0000555a7a0fded0 R11: 0000000000000246 R12: 0000000000000010 Jun 13 18:49:22 obelix.fritz.box kernel: R13: 0000000000000000 R14: 0000555a78671160 R15: 0000555a7a234fa0 Jun 13 18:49:22 obelix.fritz.box kernel: </TASK> Jun 13 18:49:22 obelix.fritz.box kernel: Modules linked in: vboxnetadp(OE) vboxnetflt(OE) vboxdrv(OE) rfcomm nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables bnep iwlmvm mac80211 libarc4 snd_hda_codec_hdmi intel_rapl_common kvm_intel iwlwifi snd_hda_codec_realtek kvm btusb snd_hda_codec_generic btintel snd_hda_scodec_component bluetooth snd_hda_intel cfg80211 snd_intel_dspcfg snd_hda_codec snd_hda_core mei_hdcp mei_pxp rfkill nfnetlink xe drm_ttm_helper ttm agpgart i2c_algo_bit gpu_sched drm_buddy drm_suballoc_helper drm_gpuvm drm_exec drm_display_helper drm_kms_helper drm Jun 13 18:49:22 obelix.fritz.box kernel: CR2: fffffffffffffe20 Jun 13 18:49:22 obelix.fritz.box kernel: ---[ end trace 0000000000000000 ]--- Jun 13 18:49:22 obelix.fritz.box kernel: RIP: 0010:drm_suballoc_free+0x13/0x110 [drm_suballoc_helper] Jun 13 18:49:22 obelix.fritz.box kernel: Code: eb ce 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 85 ff 0f 84 e1 00 00 00 41 54 55 48 89 fd 53 48 89 f3 <4c> 8b 67 20 4c 89 e7 e8 61 53 bd e2 48 85 db 0f 84 9f 00 00 00 48 Jun 13 18:49:22 obelix.fritz.box kernel: RSP: 0018:ffff9caa851f7630 EFLAGS: 00010286 Jun 13 18:49:22 obelix.fritz.box kernel: RAX: fffffffffffffe00 RBX: 0000000000000000 RCX: 000000000000890b Jun 13 18:49:22 obelix.fritz.box kernel: RDX: 00000000000088fb RSI: 0000000000000000 RDI: fffffffffffffe00 Jun 13 18:49:22 obelix.fritz.box kernel: RBP: fffffffffffffe00 R08: 0000000000000000 R09: 0000000000000001 Jun 13 18:49:22 obelix.fritz.box kernel: R10: 0000000000000000 R11: 0000000000000180 R12: ffff8ebf913c1158 Jun 13 18:49:22 obelix.fritz.box kernel: R13: fffffffffffffe00 R14: ffff9caa851f78a8 R15: ffff8ebf913c0000 Jun 13 18:49:22 obelix.fritz.box kernel: FS: 00007fd4f4640b00(0000) GS:ffff8ec2cf980000(0000) knlGS:0000000000000000 Jun 13 18:49:22 obelix.fritz.box kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 Jun 13 18:49:22 obelix.fritz.box kernel: CR2: fffffffffffffe20 CR3: 0000000110bc4001 CR4: 0000000000770ef0 Jun 13 18:49:22 obelix.fritz.box kernel: PKRU: 55555554 Jun 13 18:49:22 obelix.fritz.box kernel: note: Xorg[3657] exited with irqs disabled

1 year, 3 months

1
0
0 0

[PATCH] leds: mt6360: fix memory leak in mt6360_init_isnk_properties()

by Javier Carrasco

The fwnode_for_each_child_node() loop requires manual intervention to decrement the child refcount in case of an early return. Add the missing calls to fwnode_handle_put(child) to avoid memory leaks in the error paths. Cc: stable(a)vger.kernel.org Fixes: 679f8652064b ("leds: Add mt6360 driver") Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> --- This bug was found while analyzing the code and I have no real hardware to validate the fix beyond compilation and static analysis. But given that the child node is only used to retrieve some properties within the fwnode_for_each_child_node(), and it is not used outside the loop, the fix is straightforward. Nevertheless, any tests to catch regressions with real hardware are always welcome. The bug has been around since the driver was added. --- drivers/leds/flash/leds-mt6360.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/leds/flash/leds-mt6360.c b/drivers/leds/flash/leds-mt6360.c index 1b75b4d36834..4c74f1cf01f0 100644 --- a/drivers/leds/flash/leds-mt6360.c +++ b/drivers/leds/flash/leds-mt6360.c @@ -643,14 +643,17 @@ static int mt6360_init_isnk_properties(struct mt6360_led *led, ret = fwnode_property_read_u32(child, "reg", &reg); if (ret || reg > MT6360_LED_ISNK3 || - priv->leds_active & BIT(reg)) + priv->leds_active & BIT(reg)) { + fwnode_handle_put(child); return -EINVAL; + } ret = fwnode_property_read_u32(child, "color", &color); if (ret) { dev_err(priv->dev, "led %d, no color specified\n", led->led_no); + fwnode_handle_put(child); return ret; } --- base-commit: d35b2284e966c0bef3e2182a5c5ea02177dd32e4 change-id: 20240610-leds-mt6360-memleak-78faf3e435b0 Best regards, -- Javier Carrasco <javier.carrasco.cruz(a)gmail.com>

1 year, 3 months

4
4
0 0

[PATCH V4 1/8] clk: qcom: clk-alpha-pll: Fix CAL_L_VAL override for LUCID EVO PLL

by Ajit Pandey

In LUCID EVO PLL CAL_L_VAL and L_VAL bitfields are part of single PLL_L_VAL register. Update for L_VAL bitfield values in PLL_L_VAL register using regmap_write() API in __alpha_pll_trion_set_rate callback will override LUCID EVO PLL initial configuration related to PLL_CAL_L_VAL bit fields in PLL_L_VAL register. Observed random PLL lock failures during PLL enable due to such override in PLL calibration value. Use regmap_update_bits() with L_VAL bitfield mask instead of regmap_write() API to update only PLL_L_VAL bitfields in __alpha_pll_trion_set_rate callback. Fixes: 260e36606a03 ("clk: qcom: clk-alpha-pll: add Lucid EVO PLL configuration interfaces") Cc: stable(a)vger.kernel.org Signed-off-by: Ajit Pandey <quic_ajipan(a)quicinc.com> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> --- drivers/clk/qcom/clk-alpha-pll.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/clk/qcom/clk-alpha-pll.c b/drivers/clk/qcom/clk-alpha-pll.c index c51647e37df8..a538559caaa0 100644 --- a/drivers/clk/qcom/clk-alpha-pll.c +++ b/drivers/clk/qcom/clk-alpha-pll.c @@ -1665,7 +1665,7 @@ static int __alpha_pll_trion_set_rate(struct clk_hw *hw, unsigned long rate, if (ret < 0) return ret; - regmap_write(pll->clkr.regmap, PLL_L_VAL(pll), l); + regmap_update_bits(pll->clkr.regmap, PLL_L_VAL(pll), LUCID_EVO_PLL_L_VAL_MASK, l); regmap_write(pll->clkr.regmap, PLL_ALPHA_VAL(pll), a); /* Latch the PLL input */ -- 2.25.1

1 year, 3 months

3
2
0 0

[PATCH v2] leds: triggers: flush pending brightness before activating trigger

by Thomas Weißschuh

The race fixed in timer_trig_activate() between a blocking set_brightness() call and trigger->activate() can affect any trigger. So move the call to flush_work() into led_trigger_set() where it can avoid the race for all triggers. Fixes: 0db37915d912 ("leds: avoid races with workqueue") Fixes: 8c0f693c6eff ("leds: avoid flush_work in atomic context") Cc: stable(a)vger.kernel.org Tested-by: Dustin L. Howett <dustin(a)howett.net> Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> --- Changes in v2: - Cc stable - Add Dustin's Tested-by - Rebase against led/for-leds-next - Always execute flush_work(), similar to synchronize_rcu() - Link to v1: https://lore.kernel.org/r/20240603-led-trigger-flush-v1-1-c904c6e2fb34@weis… --- Commit 7abae7a11fc9 ("leds: trigger: Call synchronize_rcu() before calling trig->activate()") alone also solves the issue that the LED stays completely off after enabling the trigger. But there is a recognizable timeframe where it is disabled in between. Also from a correctness perspective, this seems like a coincidence and the call to flush_work() is the correct fix for that race. --- drivers/leds/led-triggers.c | 6 ++++++ drivers/leds/trigger/ledtrig-timer.c | 5 ----- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/drivers/leds/led-triggers.c b/drivers/leds/led-triggers.c index 59deadb86335..78eb20093b2c 100644 --- a/drivers/leds/led-triggers.c +++ b/drivers/leds/led-triggers.c @@ -201,6 +201,12 @@ int led_trigger_set(struct led_classdev *led_cdev, struct led_trigger *trig) */ synchronize_rcu(); + /* + * If "set brightness to 0" is pending in workqueue, + * we don't want that to be reordered after ->activate() + */ + flush_work(&led_cdev->set_brightness_work); + ret = 0; if (trig->activate) ret = trig->activate(led_cdev); diff --git a/drivers/leds/trigger/ledtrig-timer.c b/drivers/leds/trigger/ledtrig-timer.c index b4688d1d9d2b..1d213c999d40 100644 --- a/drivers/leds/trigger/ledtrig-timer.c +++ b/drivers/leds/trigger/ledtrig-timer.c @@ -110,11 +110,6 @@ static int timer_trig_activate(struct led_classdev *led_cdev) led_cdev->flags &= ~LED_INIT_DEFAULT_TRIGGER; } - /* - * If "set brightness to 0" is pending in workqueue, we don't - * want that to be reordered after blink_set() - */ - flush_work(&led_cdev->set_brightness_work); led_blink_set(led_cdev, &led_cdev->blink_delay_on, &led_cdev->blink_delay_off); --- base-commit: 005408af25d5550e1bd22a18bf371651969c17ee change-id: 20240603-led-trigger-flush-3bef303eb902 Best regards, -- Thomas Weißschuh <linux(a)weissschuh.net>

1 year, 3 months

2
1
0 0

[PATCH net] gve: Clear napi->skb before dev_kfree_skb_any()

by Ziwei Xiao

gve_rx_free_skb incorrectly leaves napi->skb referencing an skb after it is freed with dev_kfree_skb_any(). This can result in a subsequent call to napi_get_frags returning a dangling pointer. Fix this by clearing napi->skb before the skb is freed. Fixes: 9b8dd5e5ea48 ("gve: DQO: Add RX path") Cc: stable(a)vger.kernel.org Reported-by: Shailend Chand <shailend(a)google.com> Signed-off-by: Ziwei Xiao <ziweixiao(a)google.com> Reviewed-by: Harshitha Ramamurthy <hramamurthy(a)google.com> Reviewed-by: Shailend Chand <shailend(a)google.com> Reviewed-by: Praveen Kaligineedi <pkaligineedi(a)google.com> --- drivers/net/ethernet/google/gve/gve_rx_dqo.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/net/ethernet/google/gve/gve_rx_dqo.c b/drivers/net/ethernet/google/gve/gve_rx_dqo.c index c1c912de59c7..1154c1d8f66f 100644 --- a/drivers/net/ethernet/google/gve/gve_rx_dqo.c +++ b/drivers/net/ethernet/google/gve/gve_rx_dqo.c @@ -647,11 +647,13 @@ static void gve_rx_skb_hash(struct sk_buff *skb, skb_set_hash(skb, le32_to_cpu(compl_desc->hash), hash_type); } -static void gve_rx_free_skb(struct gve_rx_ring *rx) +static void gve_rx_free_skb(struct napi_struct *napi, struct gve_rx_ring *rx) { if (!rx->ctx.skb_head) return; + if (rx->ctx.skb_head == napi->skb) + napi->skb = NULL; dev_kfree_skb_any(rx->ctx.skb_head); rx->ctx.skb_head = NULL; rx->ctx.skb_tail = NULL; @@ -950,7 +952,7 @@ int gve_rx_poll_dqo(struct gve_notify_block *block, int budget) err = gve_rx_dqo(napi, rx, compl_desc, complq->head, rx->q_num); if (err < 0) { - gve_rx_free_skb(rx); + gve_rx_free_skb(napi, rx); u64_stats_update_begin(&rx->statss); if (err == -ENOMEM) rx->rx_skb_alloc_fail++; @@ -993,7 +995,7 @@ int gve_rx_poll_dqo(struct gve_notify_block *block, int budget) /* gve_rx_complete_skb() will consume skb if successful */ if (gve_rx_complete_skb(rx, napi, compl_desc, feat) != 0) { - gve_rx_free_skb(rx); + gve_rx_free_skb(napi, rx); u64_stats_update_begin(&rx->statss); rx->rx_desc_err_dropped_pkt++; u64_stats_update_end(&rx->statss); -- 2.45.2.505.gda0bf45e8d-goog

1 year, 3 months

3
2
0 0

FAILED: patch "[PATCH] mmc: davinci: Don't strip remove function when driver is" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 55c421b364482b61c4c45313a535e61ed5ae4ea3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061227-zit-rupture-640c@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 55c421b36448 ("mmc: davinci: Don't strip remove function when driver is builtin") bc1711e8332d ("mmc: davinci_mmc: Convert to platform remove callback returning void") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 55c421b364482b61c4c45313a535e61ed5ae4ea3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Uwe=20Kleine-K=C3=B6nig?= <u.kleine-koenig(a)pengutronix.de> Date: Sun, 24 Mar 2024 12:40:17 +0100 Subject: [PATCH] mmc: davinci: Don't strip remove function when driver is builtin MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Using __exit for the remove function results in the remove callback being discarded with CONFIG_MMC_DAVINCI=y. When such a device gets unbound (e.g. using sysfs or hotplug), the driver is just removed without the cleanup being performed. This results in resource leaks. Fix it by compiling in the remove callback unconditionally. This also fixes a W=1 modpost warning: WARNING: modpost: drivers/mmc/host/davinci_mmc: section mismatch in reference: davinci_mmcsd_driver+0x10 (section: .data) -> davinci_mmcsd_remove (section: .exit.text) Fixes: b4cff4549b7a ("DaVinci: MMC: MMC/SD controller driver for DaVinci family") Signed-off-by: Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240324114017.231936-2-u.kleine-koenig@pengutron… Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/host/davinci_mmc.c b/drivers/mmc/host/davinci_mmc.c index 8bd938919687..d7427894e0bc 100644 --- a/drivers/mmc/host/davinci_mmc.c +++ b/drivers/mmc/host/davinci_mmc.c @@ -1337,7 +1337,7 @@ static int davinci_mmcsd_probe(struct platform_device *pdev) return ret; } -static void __exit davinci_mmcsd_remove(struct platform_device *pdev) +static void davinci_mmcsd_remove(struct platform_device *pdev) { struct mmc_davinci_host *host = platform_get_drvdata(pdev); @@ -1392,7 +1392,7 @@ static struct platform_driver davinci_mmcsd_driver = { .of_match_table = davinci_mmc_dt_ids, }, .probe = davinci_mmcsd_probe, - .remove_new = __exit_p(davinci_mmcsd_remove), + .remove_new = davinci_mmcsd_remove, .id_table = davinci_mmc_devtype, };

1 year, 3 months

3
3
0 0

Re: [PATCH 6.9 000/157] 6.9.5-rc1 review

by Ronald Warsow

Hi Greg no regressions *here* on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de> ==== for the record: today I had a crash with 6.9.4, see below seems not to be reproduceable with 6.9.5-rc1 Kernel was compiled with LLVM=1 and Xe Graphic driver Crash happend 3 times while editing a LibreOffice Calc sheet only a hard reset got the box to live again Jun 13 14:47:40 obelix.fritz.box kernel: BUG: unable to handle page fault for address: fffffffffffffe20 Jun 13 14:47:40 obelix.fritz.box kernel: #PF: supervisor read access in kernel mode Jun 13 14:47:40 obelix.fritz.box kernel: #PF: error_code(0x0000) - not-present page Jun 13 14:47:40 obelix.fritz.box kernel: PGD 3d822f067 P4D 3d822f067 PUD 3d8231067 PMD 0 Jun 13 14:47:40 obelix.fritz.box kernel: Oops: 0000 [#1] PREEMPT SMP NOPTI Jun 13 14:47:40 obelix.fritz.box kernel: CPU: 5 PID: 2680 Comm: Xorg Tainted: G OE 6.9.4_MY_LLVM #1 Jun 13 14:47:40 obelix.fritz.box kernel: Hardware name: ASUS System Product Name/ROG STRIX B560-G GAMING WIFI, BIOS 2203 02/06/2024 Jun 13 14:47:40 obelix.fritz.box kernel: RIP: 0010:drm_suballoc_free+0x10/0xf0 [drm_suballoc_helper] Jun 13 14:47:40 obelix.fritz.box kernel: Code: e9 56 ff ff ff e8 20 6c bd e9 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 85 ff 74 50 41 57 41 56 53 49 89 f7 49 89 fe <48> 8b 5f 20 48 89 df e8 94 2f be e9 4d 85 ff 74 2a 49 8b 47 30 a8 Jun 13 14:47:40 obelix.fritz.box kernel: RSP: 0018:ffff9ecb068fb570 EFLAGS: 00010286 Jun 13 14:47:40 obelix.fritz.box kernel: RAX: fffffffffffffe00 RBX: 00000000fffffe00 RCX: 0000000000003e45 Jun 13 14:47:40 obelix.fritz.box kernel: RDX: 0000000000003e35 RSI: 0000000000000000 RDI: fffffffffffffe00 Jun 13 14:47:40 obelix.fritz.box kernel: RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffffab258530 Jun 13 14:47:40 obelix.fritz.box kernel: R10: 0000000000000001 R11: 0000000000000005 R12: 0000000000000008 Jun 13 14:47:40 obelix.fritz.box kernel: R13: ffff9ecb068fb710 R14: fffffffffffffe00 R15: 0000000000000000 Jun 13 14:47:40 obelix.fritz.box kernel: FS: 00007f98cc24fb00(0000) GS:ffff8f870f680000(0000) knlGS:0000000000000000 Jun 13 14:47:40 obelix.fritz.box kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 Jun 13 14:47:40 obelix.fritz.box kernel: CR2: fffffffffffffe20 CR3: 0000000112d62002 CR4: 0000000000770ef0 Jun 13 14:47:40 obelix.fritz.box kernel: PKRU: 55555554 Jun 13 14:47:40 obelix.fritz.box kernel: Call Trace: Jun 13 14:47:40 obelix.fritz.box kernel: <TASK> Jun 13 14:47:40 obelix.fritz.box kernel: ? __die_body+0x61/0xb0 Jun 13 14:47:40 obelix.fritz.box kernel: ? page_fault_oops+0x2f4/0x400 Jun 13 14:47:40 obelix.fritz.box kernel: ? do_kern_addr_fault+0x92/0xd0 Jun 13 14:47:40 obelix.fritz.box kernel: ? exc_page_fault+0x60/0x70 Jun 13 14:47:40 obelix.fritz.box kernel: ? asm_exc_page_fault+0x22/0x30 Jun 13 14:47:40 obelix.fritz.box kernel: ? drm_suballoc_free+0x10/0xf0 [drm_suballoc_helper] Jun 13 14:47:40 obelix.fritz.box kernel: xe_migrate_update_pgtables+0x7d1/0x880 [xe] Jun 13 14:47:40 obelix.fritz.box kernel: __xe_pt_bind_vma+0x909/0xd40 [xe] Jun 13 14:47:40 obelix.fritz.box kernel: ? ttm_bo_validate+0x3f/0x1c0 [ttm] Jun 13 14:47:40 obelix.fritz.box kernel: xe_vm_bind_vma+0x12f/0x290 [xe] Jun 13 14:47:40 obelix.fritz.box kernel: xe_vm_bind+0xb3/0x1b0 [xe] Jun 13 14:47:40 obelix.fritz.box kernel: __xe_vma_op_execute+0x3cb/0x4e0 [xe] Jun 13 14:47:40 obelix.fritz.box kernel: vm_bind_ioctl_ops_execute+0x94/0x230 [xe] Jun 13 14:47:40 obelix.fritz.box kernel: xe_vm_bind_ioctl+0xe0a/0x1370 [xe] Jun 13 14:47:40 obelix.fritz.box kernel: ? __pfx_xe_vm_bind_ioctl+0x10/0x10 [xe] Jun 13 14:47:40 obelix.fritz.box kernel: drm_ioctl_kernel+0xb6/0x100 [drm] Jun 13 14:47:40 obelix.fritz.box kernel: drm_ioctl+0x354/0x4d0 [drm] Jun 13 14:47:40 obelix.fritz.box kernel: ? __pfx_xe_vm_bind_ioctl+0x10/0x10 [xe] Jun 13 14:47:40 obelix.fritz.box kernel: __x64_sys_ioctl+0xdc3/0xf10 Jun 13 14:47:40 obelix.fritz.box kernel: ? do_syscall_64+0x96/0x140 Jun 13 14:47:40 obelix.fritz.box kernel: ? __x64_sys_ioctl+0x66/0xf10 Jun 13 14:47:40 obelix.fritz.box kernel: ? __count_memcg_events+0x47/0xb0 Jun 13 14:47:40 obelix.fritz.box kernel: ? handle_mm_fault+0xb39/0x11b0 Jun 13 14:47:40 obelix.fritz.box kernel: ? mt_find+0x99/0x140 Jun 13 14:47:40 obelix.fritz.box kernel: do_syscall_64+0x8a/0x140 Jun 13 14:47:40 obelix.fritz.box kernel: ? syscall_exit_to_user_mode+0x71/0x90 Jun 13 14:47:40 obelix.fritz.box kernel: ? do_syscall_64+0x96/0x140 Jun 13 14:47:40 obelix.fritz.box kernel: ? do_user_addr_fault+0x372/0x720 Jun 13 14:47:40 obelix.fritz.box kernel: ? syscall_exit_to_user_mode+0x71/0x90 Jun 13 14:47:40 obelix.fritz.box kernel: ? clear_bhb_loop+0x45/0xa0 Jun 13 14:47:40 obelix.fritz.box kernel: ? clear_bhb_loop+0x45/0xa0 Jun 13 14:47:40 obelix.fritz.box kernel: ? clear_bhb_loop+0x45/0xa0 Jun 13 14:47:40 obelix.fritz.box kernel: entry_SYSCALL_64_after_hwframe+0x76/0x7e Jun 13 14:47:40 obelix.fritz.box kernel: RIP: 0033:0x7f98cc955d2d Jun 13 14:47:40 obelix.fritz.box kernel: Code: 04 25 28 00 00 00 48 89 45 c8 31 c0 48 8d 45 10 c7 45 b0 10 00 00 00 48 89 45 b8 48 8d 45 d0 48 89 45 c0 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1a 48 8b 45 c8 64 48 2b 04 25 28 00 00 00 Jun 13 14:47:40 obelix.fritz.box kernel: RSP: 002b:00007ffd7b24c7d0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 Jun 13 14:47:40 obelix.fritz.box kernel: RAX: ffffffffffffffda RBX: 00007ffd7b24c890 RCX: 00007f98cc955d2d Jun 13 14:47:40 obelix.fritz.box kernel: RDX: 00007ffd7b24c890 RSI: 0000000040886445 RDI: 0000000000000010 Jun 13 14:47:40 obelix.fritz.box kernel: RBP: 00007ffd7b24c820 R08: 0000000000006000 R09: 0000000000000000 Jun 13 14:47:40 obelix.fritz.box kernel: R10: 000055fa0f794010 R11: 0000000000000246 R12: 0000000000000010 Jun 13 14:47:40 obelix.fritz.box kernel: R13: 0000000000000000 R14: 000055fa0f84a170 R15: 000055fa1140a090 Jun 13 14:47:40 obelix.fritz.box kernel: </TASK> Jun 13 14:47:40 obelix.fritz.box kernel: Modules linked in: rfcomm nft_fib_inet nft_fib_ipv6 nft_fib_ipv4 nft_fib nft_reject_inet nft_reject nf_reject_ipv6 nf_reject_ipv4 nft_ct nft_chain_nat nf_nat vboxnetadp(OE) vboxnetflt(OE) nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables vboxdrv(OE) bnep iwlmvm mac80211 btusb btintel snd_hda_codec_hdmi bluetooth libarc4 snd_hda_codec_realtek snd_hda_scodec_component snd_hda_codec_generic iwlwifi intel_rapl_common kvm_intel snd_hda_intel snd_intel_dspcfg snd_hda_codec kvm cfg80211 snd_hda_core mei_pxp mei_hdcp rfkill nfnetlink xe i2c_algo_bit drm_display_helper drm_kms_helper drm_buddy drm_suballoc_helper gpu_sched drm_ttm_helper ttm agpgart drm_gpuvm drm_exec drm Jun 13 14:47:40 obelix.fritz.box kernel: CR2: fffffffffffffe20 Jun 13 14:47:40 obelix.fritz.box kernel: ---[ end trace 0000000000000000 ]--- Jun 13 14:47:40 obelix.fritz.box kernel: RIP: 0010:drm_suballoc_free+0x10/0xf0 [drm_suballoc_helper] Jun 13 14:47:40 obelix.fritz.box kernel: Code: e9 56 ff ff ff e8 20 6c bd e9 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 85 ff 74 50 41 57 41 56 53 49 89 f7 49 89 fe <48> 8b 5f 20 48 89 df e8 94 2f be e9 4d 85 ff 74 2a 49 8b 47 30 a8 Jun 13 14:47:40 obelix.fritz.box kernel: RSP: 0018:ffff9ecb068fb570 EFLAGS: 00010286 Jun 13 14:47:40 obelix.fritz.box kernel: RAX: fffffffffffffe00 RBX: 00000000fffffe00 RCX: 0000000000003e45 Jun 13 14:47:40 obelix.fritz.box kernel: RDX: 0000000000003e35 RSI: 0000000000000000 RDI: fffffffffffffe00 Jun 13 14:47:40 obelix.fritz.box kernel: RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffffab258530 Jun 13 14:47:40 obelix.fritz.box kernel: R10: 0000000000000001 R11: 0000000000000005 R12: 0000000000000008 Jun 13 14:47:40 obelix.fritz.box kernel: R13: ffff9ecb068fb710 R14: fffffffffffffe00 R15: 0000000000000000 Jun 13 14:47:40 obelix.fritz.box kernel: FS: 00007f98cc24fb00(0000) GS:ffff8f870f680000(0000) knlGS:0000000000000000 Jun 13 14:47:40 obelix.fritz.box kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 Jun 13 14:47:40 obelix.fritz.box kernel: CR2: fffffffffffffe20 CR3: 0000000112d62002 CR4: 0000000000770ef0 Jun 13 14:47:40 obelix.fritz.box kernel: PKRU: 55555554 Jun 13 14:47:40 obelix.fritz.box kernel: note: Xorg[2680] exited with irqs disabled

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] s390/cpacf: Split and rework cpacf query functions" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 830999bd7e72f4128b9dfa37090d9fa8120ce323 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061358-scanning-hacksaw-0540@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 830999bd7e72 ("s390/cpacf: Split and rework cpacf query functions") b84d0c417a5a ("s390/cpacf: get rid of register asm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 830999bd7e72f4128b9dfa37090d9fa8120ce323 Mon Sep 17 00:00:00 2001 From: Harald Freudenberger <freude(a)linux.ibm.com> Date: Fri, 3 May 2024 11:31:42 +0200 Subject: [PATCH] s390/cpacf: Split and rework cpacf query functions Rework the cpacf query functions to use the correct RRE or RRF instruction formats and set register fields within instructions correctly. Fixes: 1afd43e0fbba ("s390/crypto: allow to query all known cpacf functions") Reported-by: Nina Schoetterl-Glausch <nsg(a)linux.ibm.com> Suggested-by: Heiko Carstens <hca(a)linux.ibm.com> Suggested-by: Juergen Christ <jchrist(a)linux.ibm.com> Suggested-by: Holger Dengler <dengler(a)linux.ibm.com> Signed-off-by: Harald Freudenberger <freude(a)linux.ibm.com> Reviewed-by: Holger Dengler <dengler(a)linux.ibm.com> Reviewed-by: Juergen Christ <jchrist(a)linux.ibm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/arch/s390/include/asm/cpacf.h b/arch/s390/include/asm/cpacf.h index b378e2b57ad8..153dc4fcc40a 100644 --- a/arch/s390/include/asm/cpacf.h +++ b/arch/s390/include/asm/cpacf.h @@ -166,28 +166,79 @@ typedef struct { unsigned char bytes[16]; } cpacf_mask_t; -/** - * cpacf_query() - check if a specific CPACF function is available - * @opcode: the opcode of the crypto instruction - * @func: the function code to test for - * - * Executes the query function for the given crypto instruction @opcode - * and checks if @func is available - * - * Returns 1 if @func is available for @opcode, 0 otherwise - */ -static __always_inline void __cpacf_query(unsigned int opcode, cpacf_mask_t *mask) +static __always_inline void __cpacf_query_rre(u32 opc, u8 r1, u8 r2, + cpacf_mask_t *mask) { asm volatile( - " lghi 0,0\n" /* query function */ - " lgr 1,%[mask]\n" - " spm 0\n" /* pckmo doesn't change the cc */ - /* Parameter regs are ignored, but must be nonzero and unique */ - "0: .insn rrf,%[opc] << 16,2,4,6,0\n" - " brc 1,0b\n" /* handle partial completion */ - : "=m" (*mask) - : [mask] "d" ((unsigned long)mask), [opc] "i" (opcode) - : "cc", "0", "1"); + " la %%r1,%[mask]\n" + " xgr %%r0,%%r0\n" + " .insn rre,%[opc] << 16,%[r1],%[r2]\n" + : [mask] "=R" (*mask) + : [opc] "i" (opc), + [r1] "i" (r1), [r2] "i" (r2) + : "cc", "r0", "r1"); +} + +static __always_inline void __cpacf_query_rrf(u32 opc, + u8 r1, u8 r2, u8 r3, u8 m4, + cpacf_mask_t *mask) +{ + asm volatile( + " la %%r1,%[mask]\n" + " xgr %%r0,%%r0\n" + " .insn rrf,%[opc] << 16,%[r1],%[r2],%[r3],%[m4]\n" + : [mask] "=R" (*mask) + : [opc] "i" (opc), [r1] "i" (r1), [r2] "i" (r2), + [r3] "i" (r3), [m4] "i" (m4) + : "cc", "r0", "r1"); +} + +static __always_inline void __cpacf_query(unsigned int opcode, + cpacf_mask_t *mask) +{ + switch (opcode) { + case CPACF_KDSA: + __cpacf_query_rre(CPACF_KDSA, 0, 2, mask); + break; + case CPACF_KIMD: + __cpacf_query_rre(CPACF_KIMD, 0, 2, mask); + break; + case CPACF_KLMD: + __cpacf_query_rre(CPACF_KLMD, 0, 2, mask); + break; + case CPACF_KM: + __cpacf_query_rre(CPACF_KM, 2, 4, mask); + break; + case CPACF_KMA: + __cpacf_query_rrf(CPACF_KMA, 2, 4, 6, 0, mask); + break; + case CPACF_KMAC: + __cpacf_query_rre(CPACF_KMAC, 0, 2, mask); + break; + case CPACF_KMC: + __cpacf_query_rre(CPACF_KMC, 2, 4, mask); + break; + case CPACF_KMCTR: + __cpacf_query_rrf(CPACF_KMCTR, 2, 4, 6, 0, mask); + break; + case CPACF_KMF: + __cpacf_query_rre(CPACF_KMF, 2, 4, mask); + break; + case CPACF_KMO: + __cpacf_query_rre(CPACF_KMO, 2, 4, mask); + break; + case CPACF_PCC: + __cpacf_query_rre(CPACF_PCC, 0, 0, mask); + break; + case CPACF_PCKMO: + __cpacf_query_rre(CPACF_PCKMO, 0, 0, mask); + break; + case CPACF_PRNO: + __cpacf_query_rre(CPACF_PRNO, 2, 4, mask); + break; + default: + BUG(); + } } static __always_inline int __cpacf_check_opcode(unsigned int opcode) @@ -215,6 +266,16 @@ static __always_inline int __cpacf_check_opcode(unsigned int opcode) } } +/** + * cpacf_query() - check if a specific CPACF function is available + * @opcode: the opcode of the crypto instruction + * @func: the function code to test for + * + * Executes the query function for the given crypto instruction @opcode + * and checks if @func is available + * + * Returns 1 if @func is available for @opcode, 0 otherwise + */ static __always_inline int cpacf_query(unsigned int opcode, cpacf_mask_t *mask) { if (__cpacf_check_opcode(opcode)) {

1 year, 3 months

2
1
0 0

FAILED: patch "[PATCH] s390/cpacf: Split and rework cpacf query functions" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 830999bd7e72f4128b9dfa37090d9fa8120ce323 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061359-wasting-ribcage-b58b@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 830999bd7e72 ("s390/cpacf: Split and rework cpacf query functions") b84d0c417a5a ("s390/cpacf: get rid of register asm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 830999bd7e72f4128b9dfa37090d9fa8120ce323 Mon Sep 17 00:00:00 2001 From: Harald Freudenberger <freude(a)linux.ibm.com> Date: Fri, 3 May 2024 11:31:42 +0200 Subject: [PATCH] s390/cpacf: Split and rework cpacf query functions Rework the cpacf query functions to use the correct RRE or RRF instruction formats and set register fields within instructions correctly. Fixes: 1afd43e0fbba ("s390/crypto: allow to query all known cpacf functions") Reported-by: Nina Schoetterl-Glausch <nsg(a)linux.ibm.com> Suggested-by: Heiko Carstens <hca(a)linux.ibm.com> Suggested-by: Juergen Christ <jchrist(a)linux.ibm.com> Suggested-by: Holger Dengler <dengler(a)linux.ibm.com> Signed-off-by: Harald Freudenberger <freude(a)linux.ibm.com> Reviewed-by: Holger Dengler <dengler(a)linux.ibm.com> Reviewed-by: Juergen Christ <jchrist(a)linux.ibm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/arch/s390/include/asm/cpacf.h b/arch/s390/include/asm/cpacf.h index b378e2b57ad8..153dc4fcc40a 100644 --- a/arch/s390/include/asm/cpacf.h +++ b/arch/s390/include/asm/cpacf.h @@ -166,28 +166,79 @@ typedef struct { unsigned char bytes[16]; } cpacf_mask_t; -/** - * cpacf_query() - check if a specific CPACF function is available - * @opcode: the opcode of the crypto instruction - * @func: the function code to test for - * - * Executes the query function for the given crypto instruction @opcode - * and checks if @func is available - * - * Returns 1 if @func is available for @opcode, 0 otherwise - */ -static __always_inline void __cpacf_query(unsigned int opcode, cpacf_mask_t *mask) +static __always_inline void __cpacf_query_rre(u32 opc, u8 r1, u8 r2, + cpacf_mask_t *mask) { asm volatile( - " lghi 0,0\n" /* query function */ - " lgr 1,%[mask]\n" - " spm 0\n" /* pckmo doesn't change the cc */ - /* Parameter regs are ignored, but must be nonzero and unique */ - "0: .insn rrf,%[opc] << 16,2,4,6,0\n" - " brc 1,0b\n" /* handle partial completion */ - : "=m" (*mask) - : [mask] "d" ((unsigned long)mask), [opc] "i" (opcode) - : "cc", "0", "1"); + " la %%r1,%[mask]\n" + " xgr %%r0,%%r0\n" + " .insn rre,%[opc] << 16,%[r1],%[r2]\n" + : [mask] "=R" (*mask) + : [opc] "i" (opc), + [r1] "i" (r1), [r2] "i" (r2) + : "cc", "r0", "r1"); +} + +static __always_inline void __cpacf_query_rrf(u32 opc, + u8 r1, u8 r2, u8 r3, u8 m4, + cpacf_mask_t *mask) +{ + asm volatile( + " la %%r1,%[mask]\n" + " xgr %%r0,%%r0\n" + " .insn rrf,%[opc] << 16,%[r1],%[r2],%[r3],%[m4]\n" + : [mask] "=R" (*mask) + : [opc] "i" (opc), [r1] "i" (r1), [r2] "i" (r2), + [r3] "i" (r3), [m4] "i" (m4) + : "cc", "r0", "r1"); +} + +static __always_inline void __cpacf_query(unsigned int opcode, + cpacf_mask_t *mask) +{ + switch (opcode) { + case CPACF_KDSA: + __cpacf_query_rre(CPACF_KDSA, 0, 2, mask); + break; + case CPACF_KIMD: + __cpacf_query_rre(CPACF_KIMD, 0, 2, mask); + break; + case CPACF_KLMD: + __cpacf_query_rre(CPACF_KLMD, 0, 2, mask); + break; + case CPACF_KM: + __cpacf_query_rre(CPACF_KM, 2, 4, mask); + break; + case CPACF_KMA: + __cpacf_query_rrf(CPACF_KMA, 2, 4, 6, 0, mask); + break; + case CPACF_KMAC: + __cpacf_query_rre(CPACF_KMAC, 0, 2, mask); + break; + case CPACF_KMC: + __cpacf_query_rre(CPACF_KMC, 2, 4, mask); + break; + case CPACF_KMCTR: + __cpacf_query_rrf(CPACF_KMCTR, 2, 4, 6, 0, mask); + break; + case CPACF_KMF: + __cpacf_query_rre(CPACF_KMF, 2, 4, mask); + break; + case CPACF_KMO: + __cpacf_query_rre(CPACF_KMO, 2, 4, mask); + break; + case CPACF_PCC: + __cpacf_query_rre(CPACF_PCC, 0, 0, mask); + break; + case CPACF_PCKMO: + __cpacf_query_rre(CPACF_PCKMO, 0, 0, mask); + break; + case CPACF_PRNO: + __cpacf_query_rre(CPACF_PRNO, 2, 4, mask); + break; + default: + BUG(); + } } static __always_inline int __cpacf_check_opcode(unsigned int opcode) @@ -215,6 +266,16 @@ static __always_inline int __cpacf_check_opcode(unsigned int opcode) } } +/** + * cpacf_query() - check if a specific CPACF function is available + * @opcode: the opcode of the crypto instruction + * @func: the function code to test for + * + * Executes the query function for the given crypto instruction @opcode + * and checks if @func is available + * + * Returns 1 if @func is available for @opcode, 0 otherwise + */ static __always_inline int cpacf_query(unsigned int opcode, cpacf_mask_t *mask) { if (__cpacf_check_opcode(opcode)) {

1 year, 3 months

2
1
0 0

FAILED: patch "[PATCH] s390/cpacf: Split and rework cpacf query functions" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 830999bd7e72f4128b9dfa37090d9fa8120ce323 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061300-undead-mortuary-7444@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 830999bd7e72 ("s390/cpacf: Split and rework cpacf query functions") b84d0c417a5a ("s390/cpacf: get rid of register asm") 5c8e10f83262 ("s390: mark __cpacf_query() as __always_inline") e60fb8bf68d4 ("s390/cpacf: mark scpacf_query() as __always_inline") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 830999bd7e72f4128b9dfa37090d9fa8120ce323 Mon Sep 17 00:00:00 2001 From: Harald Freudenberger <freude(a)linux.ibm.com> Date: Fri, 3 May 2024 11:31:42 +0200 Subject: [PATCH] s390/cpacf: Split and rework cpacf query functions Rework the cpacf query functions to use the correct RRE or RRF instruction formats and set register fields within instructions correctly. Fixes: 1afd43e0fbba ("s390/crypto: allow to query all known cpacf functions") Reported-by: Nina Schoetterl-Glausch <nsg(a)linux.ibm.com> Suggested-by: Heiko Carstens <hca(a)linux.ibm.com> Suggested-by: Juergen Christ <jchrist(a)linux.ibm.com> Suggested-by: Holger Dengler <dengler(a)linux.ibm.com> Signed-off-by: Harald Freudenberger <freude(a)linux.ibm.com> Reviewed-by: Holger Dengler <dengler(a)linux.ibm.com> Reviewed-by: Juergen Christ <jchrist(a)linux.ibm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/arch/s390/include/asm/cpacf.h b/arch/s390/include/asm/cpacf.h index b378e2b57ad8..153dc4fcc40a 100644 --- a/arch/s390/include/asm/cpacf.h +++ b/arch/s390/include/asm/cpacf.h @@ -166,28 +166,79 @@ typedef struct { unsigned char bytes[16]; } cpacf_mask_t; -/** - * cpacf_query() - check if a specific CPACF function is available - * @opcode: the opcode of the crypto instruction - * @func: the function code to test for - * - * Executes the query function for the given crypto instruction @opcode - * and checks if @func is available - * - * Returns 1 if @func is available for @opcode, 0 otherwise - */ -static __always_inline void __cpacf_query(unsigned int opcode, cpacf_mask_t *mask) +static __always_inline void __cpacf_query_rre(u32 opc, u8 r1, u8 r2, + cpacf_mask_t *mask) { asm volatile( - " lghi 0,0\n" /* query function */ - " lgr 1,%[mask]\n" - " spm 0\n" /* pckmo doesn't change the cc */ - /* Parameter regs are ignored, but must be nonzero and unique */ - "0: .insn rrf,%[opc] << 16,2,4,6,0\n" - " brc 1,0b\n" /* handle partial completion */ - : "=m" (*mask) - : [mask] "d" ((unsigned long)mask), [opc] "i" (opcode) - : "cc", "0", "1"); + " la %%r1,%[mask]\n" + " xgr %%r0,%%r0\n" + " .insn rre,%[opc] << 16,%[r1],%[r2]\n" + : [mask] "=R" (*mask) + : [opc] "i" (opc), + [r1] "i" (r1), [r2] "i" (r2) + : "cc", "r0", "r1"); +} + +static __always_inline void __cpacf_query_rrf(u32 opc, + u8 r1, u8 r2, u8 r3, u8 m4, + cpacf_mask_t *mask) +{ + asm volatile( + " la %%r1,%[mask]\n" + " xgr %%r0,%%r0\n" + " .insn rrf,%[opc] << 16,%[r1],%[r2],%[r3],%[m4]\n" + : [mask] "=R" (*mask) + : [opc] "i" (opc), [r1] "i" (r1), [r2] "i" (r2), + [r3] "i" (r3), [m4] "i" (m4) + : "cc", "r0", "r1"); +} + +static __always_inline void __cpacf_query(unsigned int opcode, + cpacf_mask_t *mask) +{ + switch (opcode) { + case CPACF_KDSA: + __cpacf_query_rre(CPACF_KDSA, 0, 2, mask); + break; + case CPACF_KIMD: + __cpacf_query_rre(CPACF_KIMD, 0, 2, mask); + break; + case CPACF_KLMD: + __cpacf_query_rre(CPACF_KLMD, 0, 2, mask); + break; + case CPACF_KM: + __cpacf_query_rre(CPACF_KM, 2, 4, mask); + break; + case CPACF_KMA: + __cpacf_query_rrf(CPACF_KMA, 2, 4, 6, 0, mask); + break; + case CPACF_KMAC: + __cpacf_query_rre(CPACF_KMAC, 0, 2, mask); + break; + case CPACF_KMC: + __cpacf_query_rre(CPACF_KMC, 2, 4, mask); + break; + case CPACF_KMCTR: + __cpacf_query_rrf(CPACF_KMCTR, 2, 4, 6, 0, mask); + break; + case CPACF_KMF: + __cpacf_query_rre(CPACF_KMF, 2, 4, mask); + break; + case CPACF_KMO: + __cpacf_query_rre(CPACF_KMO, 2, 4, mask); + break; + case CPACF_PCC: + __cpacf_query_rre(CPACF_PCC, 0, 0, mask); + break; + case CPACF_PCKMO: + __cpacf_query_rre(CPACF_PCKMO, 0, 0, mask); + break; + case CPACF_PRNO: + __cpacf_query_rre(CPACF_PRNO, 2, 4, mask); + break; + default: + BUG(); + } } static __always_inline int __cpacf_check_opcode(unsigned int opcode) @@ -215,6 +266,16 @@ static __always_inline int __cpacf_check_opcode(unsigned int opcode) } } +/** + * cpacf_query() - check if a specific CPACF function is available + * @opcode: the opcode of the crypto instruction + * @func: the function code to test for + * + * Executes the query function for the given crypto instruction @opcode + * and checks if @func is available + * + * Returns 1 if @func is available for @opcode, 0 otherwise + */ static __always_inline int cpacf_query(unsigned int opcode, cpacf_mask_t *mask) { if (__cpacf_check_opcode(opcode)) {

1 year, 3 months

2
1
0 0

FAILED: patch "[PATCH] cifs: fix creating sockets when using sfu mount options" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 518549c120e671c4906f77d1802b97e9b23f673a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061319-machine-lanky-74ba@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 518549c120e6 ("cifs: fix creating sockets when using sfu mount options") c6ff459037b2 ("smb: client: instantiate when creating SFU files") b0348e459c83 ("smb: client: introduce cifs_sfu_make_node()") 45e724022e27 ("smb: client: set correct file type from NFS reparse points") 539aad7f14da ("smb: client: introduce ->parse_reparse_point()") ed3e0a149b58 ("smb: client: implement ->query_reparse_point() for SMB1") 72bc63f5e23a ("smb3: fix creating FIFOs when mounting with "sfu" mount option") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 518549c120e671c4906f77d1802b97e9b23f673a Mon Sep 17 00:00:00 2001 From: Steve French <stfrench(a)microsoft.com> Date: Wed, 29 May 2024 18:16:56 -0500 Subject: [PATCH] cifs: fix creating sockets when using sfu mount options When running fstest generic/423 with sfu mount option, it was being skipped due to inability to create sockets: generic/423 [not run] cifs does not support mknod/mkfifo which can also be easily reproduced with their af_unix tool: ./src/af_unix /mnt1/socket-two bind: Operation not permitted Fix sfu mount option to allow creating and reporting sockets. Cc: stable(a)vger.kernel.org Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/cifspdu.h b/fs/smb/client/cifspdu.h index c46d418c1c0c..a2072ab9e586 100644 --- a/fs/smb/client/cifspdu.h +++ b/fs/smb/client/cifspdu.h @@ -2574,7 +2574,7 @@ typedef struct { struct win_dev { - unsigned char type[8]; /* IntxCHR or IntxBLK or LnxFIFO*/ + unsigned char type[8]; /* IntxCHR or IntxBLK or LnxFIFO or LnxSOCK */ __le64 major; __le64 minor; } __attribute__((packed)); diff --git a/fs/smb/client/inode.c b/fs/smb/client/inode.c index 262576573eb5..4a8aa1de9522 100644 --- a/fs/smb/client/inode.c +++ b/fs/smb/client/inode.c @@ -606,6 +606,10 @@ cifs_sfu_type(struct cifs_fattr *fattr, const char *path, mnr = le64_to_cpu(*(__le64 *)(pbuf+16)); fattr->cf_rdev = MKDEV(mjr, mnr); } + } else if (memcmp("LnxSOCK", pbuf, 8) == 0) { + cifs_dbg(FYI, "Socket\n"); + fattr->cf_mode |= S_IFSOCK; + fattr->cf_dtype = DT_SOCK; } else if (memcmp("IntxLNK", pbuf, 7) == 0) { cifs_dbg(FYI, "Symlink\n"); fattr->cf_mode |= S_IFLNK; diff --git a/fs/smb/client/smb2ops.c b/fs/smb/client/smb2ops.c index 4ce6c3121a7e..c8e536540895 100644 --- a/fs/smb/client/smb2ops.c +++ b/fs/smb/client/smb2ops.c @@ -4997,6 +4997,9 @@ static int __cifs_sfu_make_node(unsigned int xid, struct inode *inode, pdev.major = cpu_to_le64(MAJOR(dev)); pdev.minor = cpu_to_le64(MINOR(dev)); break; + case S_IFSOCK: + strscpy(pdev.type, "LnxSOCK"); + break; case S_IFIFO: strscpy(pdev.type, "LnxFIFO"); break;

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] cifs: fix creating sockets when using sfu mount options" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 518549c120e671c4906f77d1802b97e9b23f673a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061318-percolate-breeching-4de7@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 518549c120e6 ("cifs: fix creating sockets when using sfu mount options") c6ff459037b2 ("smb: client: instantiate when creating SFU files") b0348e459c83 ("smb: client: introduce cifs_sfu_make_node()") 45e724022e27 ("smb: client: set correct file type from NFS reparse points") 539aad7f14da ("smb: client: introduce ->parse_reparse_point()") ed3e0a149b58 ("smb: client: implement ->query_reparse_point() for SMB1") 72bc63f5e23a ("smb3: fix creating FIFOs when mounting with "sfu" mount option") a18280e7fdea ("smb: cilent: set reparse mount points as automounts") 9a49e221a641 ("smb: client: do not query reparse points twice on symlinks") 5f71ebc41294 ("smb: client: parse reparse point flag in create response") 348a04a8d113 ("smb: client: get rid of dfs code dep in namespace.c") 0a049935e47e ("smb: client: get rid of dfs naming in automount code") 561f82a3a24c ("smb: client: rename cifs_dfs_ref.c to namespace.c") c5f44a3d5477 ("smb: client: make smb2_compound_op() return resp buffer on success") 8b4e285d8ce3 ("smb: client: move some params to cifs_open_info_data") c071b34f62dd ("cifs: is_network_name_deleted should return a bool") 3ae872de4107 ("smb: client: fix shared DFS root mounts with different prefixes") 49024ec8795e ("smb: client: fix parsing of source mount option") d439b29057e2 ("smb: client: fix broken file attrs with nodfs mounts") 33f736187d08 ("cifs: prevent use-after-free by freeing the cfile later") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 518549c120e671c4906f77d1802b97e9b23f673a Mon Sep 17 00:00:00 2001 From: Steve French <stfrench(a)microsoft.com> Date: Wed, 29 May 2024 18:16:56 -0500 Subject: [PATCH] cifs: fix creating sockets when using sfu mount options When running fstest generic/423 with sfu mount option, it was being skipped due to inability to create sockets: generic/423 [not run] cifs does not support mknod/mkfifo which can also be easily reproduced with their af_unix tool: ./src/af_unix /mnt1/socket-two bind: Operation not permitted Fix sfu mount option to allow creating and reporting sockets. Cc: stable(a)vger.kernel.org Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/cifspdu.h b/fs/smb/client/cifspdu.h index c46d418c1c0c..a2072ab9e586 100644 --- a/fs/smb/client/cifspdu.h +++ b/fs/smb/client/cifspdu.h @@ -2574,7 +2574,7 @@ typedef struct { struct win_dev { - unsigned char type[8]; /* IntxCHR or IntxBLK or LnxFIFO*/ + unsigned char type[8]; /* IntxCHR or IntxBLK or LnxFIFO or LnxSOCK */ __le64 major; __le64 minor; } __attribute__((packed)); diff --git a/fs/smb/client/inode.c b/fs/smb/client/inode.c index 262576573eb5..4a8aa1de9522 100644 --- a/fs/smb/client/inode.c +++ b/fs/smb/client/inode.c @@ -606,6 +606,10 @@ cifs_sfu_type(struct cifs_fattr *fattr, const char *path, mnr = le64_to_cpu(*(__le64 *)(pbuf+16)); fattr->cf_rdev = MKDEV(mjr, mnr); } + } else if (memcmp("LnxSOCK", pbuf, 8) == 0) { + cifs_dbg(FYI, "Socket\n"); + fattr->cf_mode |= S_IFSOCK; + fattr->cf_dtype = DT_SOCK; } else if (memcmp("IntxLNK", pbuf, 7) == 0) { cifs_dbg(FYI, "Symlink\n"); fattr->cf_mode |= S_IFLNK; diff --git a/fs/smb/client/smb2ops.c b/fs/smb/client/smb2ops.c index 4ce6c3121a7e..c8e536540895 100644 --- a/fs/smb/client/smb2ops.c +++ b/fs/smb/client/smb2ops.c @@ -4997,6 +4997,9 @@ static int __cifs_sfu_make_node(unsigned int xid, struct inode *inode, pdev.major = cpu_to_le64(MAJOR(dev)); pdev.minor = cpu_to_le64(MINOR(dev)); break; + case S_IFSOCK: + strscpy(pdev.type, "LnxSOCK"); + break; case S_IFIFO: strscpy(pdev.type, "LnxFIFO"); break;

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] nilfs2: fix nilfs_empty_dir() misjudgment and long loop on" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 7373a51e7998b508af7136530f3a997b286ce81c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061340-jogger-smooth-6cf5@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 7373a51e7998 ("nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors") 09a46acb3697 ("nilfs2: return the mapped address from nilfs_get_page()") 79ea65563ad8 ("nilfs2: Remove check for PageError") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7373a51e7998b508af7136530f3a997b286ce81c Mon Sep 17 00:00:00 2001 From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Date: Tue, 4 Jun 2024 22:42:55 +0900 Subject: [PATCH] nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors The error handling in nilfs_empty_dir() when a directory folio/page read fails is incorrect, as in the old ext2 implementation, and if the folio/page cannot be read or nilfs_check_folio() fails, it will falsely determine the directory as empty and corrupt the file system. In addition, since nilfs_empty_dir() does not immediately return on a failed folio/page read, but continues to loop, this can cause a long loop with I/O if i_size of the directory's inode is also corrupted, causing the log writer thread to wait and hang, as reported by syzbot. Fix these issues by making nilfs_empty_dir() immediately return a false value (0) if it fails to get a directory folio/page. Link: https://lkml.kernel.org/r/20240604134255.7165-1-konishi.ryusuke@gmail.com Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: syzbot+c8166c541d3971bf6c87(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=c8166c541d3971bf6c87 Fixes: 2ba466d74ed7 ("nilfs2: directory entry operations") Tested-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/nilfs2/dir.c b/fs/nilfs2/dir.c index a002a44ff161..52e50b1b7f22 100644 --- a/fs/nilfs2/dir.c +++ b/fs/nilfs2/dir.c @@ -607,7 +607,7 @@ int nilfs_empty_dir(struct inode *inode) kaddr = nilfs_get_folio(inode, i, &folio); if (IS_ERR(kaddr)) - continue; + return 0; de = (struct nilfs_dir_entry *)kaddr; kaddr += nilfs_last_byte(inode, i) - NILFS_DIR_REC_LEN(1);

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] nilfs2: fix nilfs_empty_dir() misjudgment and long loop on" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 7373a51e7998b508af7136530f3a997b286ce81c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061339-promenade-licking-9943@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 7373a51e7998 ("nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors") 09a46acb3697 ("nilfs2: return the mapped address from nilfs_get_page()") 79ea65563ad8 ("nilfs2: Remove check for PageError") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7373a51e7998b508af7136530f3a997b286ce81c Mon Sep 17 00:00:00 2001 From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Date: Tue, 4 Jun 2024 22:42:55 +0900 Subject: [PATCH] nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors The error handling in nilfs_empty_dir() when a directory folio/page read fails is incorrect, as in the old ext2 implementation, and if the folio/page cannot be read or nilfs_check_folio() fails, it will falsely determine the directory as empty and corrupt the file system. In addition, since nilfs_empty_dir() does not immediately return on a failed folio/page read, but continues to loop, this can cause a long loop with I/O if i_size of the directory's inode is also corrupted, causing the log writer thread to wait and hang, as reported by syzbot. Fix these issues by making nilfs_empty_dir() immediately return a false value (0) if it fails to get a directory folio/page. Link: https://lkml.kernel.org/r/20240604134255.7165-1-konishi.ryusuke@gmail.com Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: syzbot+c8166c541d3971bf6c87(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=c8166c541d3971bf6c87 Fixes: 2ba466d74ed7 ("nilfs2: directory entry operations") Tested-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/nilfs2/dir.c b/fs/nilfs2/dir.c index a002a44ff161..52e50b1b7f22 100644 --- a/fs/nilfs2/dir.c +++ b/fs/nilfs2/dir.c @@ -607,7 +607,7 @@ int nilfs_empty_dir(struct inode *inode) kaddr = nilfs_get_folio(inode, i, &folio); if (IS_ERR(kaddr)) - continue; + return 0; de = (struct nilfs_dir_entry *)kaddr; kaddr += nilfs_last_byte(inode, i) - NILFS_DIR_REC_LEN(1);

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] nilfs2: fix nilfs_empty_dir() misjudgment and long loop on" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 7373a51e7998b508af7136530f3a997b286ce81c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061338-mothball-scrooge-f07e@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 7373a51e7998 ("nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors") 09a46acb3697 ("nilfs2: return the mapped address from nilfs_get_page()") 79ea65563ad8 ("nilfs2: Remove check for PageError") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7373a51e7998b508af7136530f3a997b286ce81c Mon Sep 17 00:00:00 2001 From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Date: Tue, 4 Jun 2024 22:42:55 +0900 Subject: [PATCH] nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors The error handling in nilfs_empty_dir() when a directory folio/page read fails is incorrect, as in the old ext2 implementation, and if the folio/page cannot be read or nilfs_check_folio() fails, it will falsely determine the directory as empty and corrupt the file system. In addition, since nilfs_empty_dir() does not immediately return on a failed folio/page read, but continues to loop, this can cause a long loop with I/O if i_size of the directory's inode is also corrupted, causing the log writer thread to wait and hang, as reported by syzbot. Fix these issues by making nilfs_empty_dir() immediately return a false value (0) if it fails to get a directory folio/page. Link: https://lkml.kernel.org/r/20240604134255.7165-1-konishi.ryusuke@gmail.com Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: syzbot+c8166c541d3971bf6c87(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=c8166c541d3971bf6c87 Fixes: 2ba466d74ed7 ("nilfs2: directory entry operations") Tested-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/nilfs2/dir.c b/fs/nilfs2/dir.c index a002a44ff161..52e50b1b7f22 100644 --- a/fs/nilfs2/dir.c +++ b/fs/nilfs2/dir.c @@ -607,7 +607,7 @@ int nilfs_empty_dir(struct inode *inode) kaddr = nilfs_get_folio(inode, i, &folio); if (IS_ERR(kaddr)) - continue; + return 0; de = (struct nilfs_dir_entry *)kaddr; kaddr += nilfs_last_byte(inode, i) - NILFS_DIR_REC_LEN(1);

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] nilfs2: fix nilfs_empty_dir() misjudgment and long loop on" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 7373a51e7998b508af7136530f3a997b286ce81c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061337-eclair-moneywise-df20@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 7373a51e7998 ("nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors") 09a46acb3697 ("nilfs2: return the mapped address from nilfs_get_page()") 79ea65563ad8 ("nilfs2: Remove check for PageError") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7373a51e7998b508af7136530f3a997b286ce81c Mon Sep 17 00:00:00 2001 From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Date: Tue, 4 Jun 2024 22:42:55 +0900 Subject: [PATCH] nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors The error handling in nilfs_empty_dir() when a directory folio/page read fails is incorrect, as in the old ext2 implementation, and if the folio/page cannot be read or nilfs_check_folio() fails, it will falsely determine the directory as empty and corrupt the file system. In addition, since nilfs_empty_dir() does not immediately return on a failed folio/page read, but continues to loop, this can cause a long loop with I/O if i_size of the directory's inode is also corrupted, causing the log writer thread to wait and hang, as reported by syzbot. Fix these issues by making nilfs_empty_dir() immediately return a false value (0) if it fails to get a directory folio/page. Link: https://lkml.kernel.org/r/20240604134255.7165-1-konishi.ryusuke@gmail.com Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: syzbot+c8166c541d3971bf6c87(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=c8166c541d3971bf6c87 Fixes: 2ba466d74ed7 ("nilfs2: directory entry operations") Tested-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/nilfs2/dir.c b/fs/nilfs2/dir.c index a002a44ff161..52e50b1b7f22 100644 --- a/fs/nilfs2/dir.c +++ b/fs/nilfs2/dir.c @@ -607,7 +607,7 @@ int nilfs_empty_dir(struct inode *inode) kaddr = nilfs_get_folio(inode, i, &folio); if (IS_ERR(kaddr)) - continue; + return 0; de = (struct nilfs_dir_entry *)kaddr; kaddr += nilfs_last_byte(inode, i) - NILFS_DIR_REC_LEN(1);

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] nilfs2: fix nilfs_empty_dir() misjudgment and long loop on" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 7373a51e7998b508af7136530f3a997b286ce81c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061335-elevating-tumble-532e@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 7373a51e7998 ("nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors") 09a46acb3697 ("nilfs2: return the mapped address from nilfs_get_page()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7373a51e7998b508af7136530f3a997b286ce81c Mon Sep 17 00:00:00 2001 From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Date: Tue, 4 Jun 2024 22:42:55 +0900 Subject: [PATCH] nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors The error handling in nilfs_empty_dir() when a directory folio/page read fails is incorrect, as in the old ext2 implementation, and if the folio/page cannot be read or nilfs_check_folio() fails, it will falsely determine the directory as empty and corrupt the file system. In addition, since nilfs_empty_dir() does not immediately return on a failed folio/page read, but continues to loop, this can cause a long loop with I/O if i_size of the directory's inode is also corrupted, causing the log writer thread to wait and hang, as reported by syzbot. Fix these issues by making nilfs_empty_dir() immediately return a false value (0) if it fails to get a directory folio/page. Link: https://lkml.kernel.org/r/20240604134255.7165-1-konishi.ryusuke@gmail.com Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: syzbot+c8166c541d3971bf6c87(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=c8166c541d3971bf6c87 Fixes: 2ba466d74ed7 ("nilfs2: directory entry operations") Tested-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/nilfs2/dir.c b/fs/nilfs2/dir.c index a002a44ff161..52e50b1b7f22 100644 --- a/fs/nilfs2/dir.c +++ b/fs/nilfs2/dir.c @@ -607,7 +607,7 @@ int nilfs_empty_dir(struct inode *inode) kaddr = nilfs_get_folio(inode, i, &folio); if (IS_ERR(kaddr)) - continue; + return 0; de = (struct nilfs_dir_entry *)kaddr; kaddr += nilfs_last_byte(inode, i) - NILFS_DIR_REC_LEN(1);

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] nilfs2: fix nilfs_empty_dir() misjudgment and long loop on" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 7373a51e7998b508af7136530f3a997b286ce81c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061336-douche-credibly-5e48@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 7373a51e7998 ("nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors") 09a46acb3697 ("nilfs2: return the mapped address from nilfs_get_page()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7373a51e7998b508af7136530f3a997b286ce81c Mon Sep 17 00:00:00 2001 From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Date: Tue, 4 Jun 2024 22:42:55 +0900 Subject: [PATCH] nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors The error handling in nilfs_empty_dir() when a directory folio/page read fails is incorrect, as in the old ext2 implementation, and if the folio/page cannot be read or nilfs_check_folio() fails, it will falsely determine the directory as empty and corrupt the file system. In addition, since nilfs_empty_dir() does not immediately return on a failed folio/page read, but continues to loop, this can cause a long loop with I/O if i_size of the directory's inode is also corrupted, causing the log writer thread to wait and hang, as reported by syzbot. Fix these issues by making nilfs_empty_dir() immediately return a false value (0) if it fails to get a directory folio/page. Link: https://lkml.kernel.org/r/20240604134255.7165-1-konishi.ryusuke@gmail.com Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: syzbot+c8166c541d3971bf6c87(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=c8166c541d3971bf6c87 Fixes: 2ba466d74ed7 ("nilfs2: directory entry operations") Tested-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/nilfs2/dir.c b/fs/nilfs2/dir.c index a002a44ff161..52e50b1b7f22 100644 --- a/fs/nilfs2/dir.c +++ b/fs/nilfs2/dir.c @@ -607,7 +607,7 @@ int nilfs_empty_dir(struct inode *inode) kaddr = nilfs_get_folio(inode, i, &folio); if (IS_ERR(kaddr)) - continue; + return 0; de = (struct nilfs_dir_entry *)kaddr; kaddr += nilfs_last_byte(inode, i) - NILFS_DIR_REC_LEN(1);

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] nilfs2: fix potential kernel bug due to lack of writeback" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x a4ca369ca221bb7e06c725792ac107f0e48e82e7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061330-jolliness-decorator-05e9@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: a4ca369ca221 ("nilfs2: fix potential kernel bug due to lack of writeback flag waiting") ff5710c3f3c2 ("nilfs2: convert nilfs_segctor_prepare_write to use folios") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a4ca369ca221bb7e06c725792ac107f0e48e82e7 Mon Sep 17 00:00:00 2001 From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Date: Thu, 30 May 2024 23:15:56 +0900 Subject: [PATCH] nilfs2: fix potential kernel bug due to lack of writeback flag waiting Destructive writes to a block device on which nilfs2 is mounted can cause a kernel bug in the folio/page writeback start routine or writeback end routine (__folio_start_writeback in the log below): kernel BUG at mm/page-writeback.c:3070! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI ... RIP: 0010:__folio_start_writeback+0xbaa/0x10e0 Code: 25 ff 0f 00 00 0f 84 18 01 00 00 e8 40 ca c6 ff e9 17 f6 ff ff e8 36 ca c6 ff 4c 89 f7 48 c7 c6 80 c0 12 84 e8 e7 b3 0f 00 90 <0f> 0b e8 1f ca c6 ff 4c 89 f7 48 c7 c6 a0 c6 12 84 e8 d0 b3 0f 00 ... Call Trace: <TASK> nilfs_segctor_do_construct+0x4654/0x69d0 [nilfs2] nilfs_segctor_construct+0x181/0x6b0 [nilfs2] nilfs_segctor_thread+0x548/0x11c0 [nilfs2] kthread+0x2f0/0x390 ret_from_fork+0x4b/0x80 ret_from_fork_asm+0x1a/0x30 </TASK> This is because when the log writer starts a writeback for segment summary blocks or a super root block that use the backing device's page cache, it does not wait for the ongoing folio/page writeback, resulting in an inconsistent writeback state. Fix this issue by waiting for ongoing writebacks when putting folios/pages on the backing device into writeback state. Link: https://lkml.kernel.org/r/20240530141556.4411-1-konishi.ryusuke@gmail.com Fixes: 9ff05123e3bf ("nilfs2: segment constructor") Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Tested-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/nilfs2/segment.c b/fs/nilfs2/segment.c index 60d4f59f7665..6ea81f1d5094 100644 --- a/fs/nilfs2/segment.c +++ b/fs/nilfs2/segment.c @@ -1652,6 +1652,7 @@ static void nilfs_segctor_prepare_write(struct nilfs_sc_info *sci) if (bh->b_folio != bd_folio) { if (bd_folio) { folio_lock(bd_folio); + folio_wait_writeback(bd_folio); folio_clear_dirty_for_io(bd_folio); folio_start_writeback(bd_folio); folio_unlock(bd_folio); @@ -1665,6 +1666,7 @@ static void nilfs_segctor_prepare_write(struct nilfs_sc_info *sci) if (bh == segbuf->sb_super_root) { if (bh->b_folio != bd_folio) { folio_lock(bd_folio); + folio_wait_writeback(bd_folio); folio_clear_dirty_for_io(bd_folio); folio_start_writeback(bd_folio); folio_unlock(bd_folio); @@ -1681,6 +1683,7 @@ static void nilfs_segctor_prepare_write(struct nilfs_sc_info *sci) } if (bd_folio) { folio_lock(bd_folio); + folio_wait_writeback(bd_folio); folio_clear_dirty_for_io(bd_folio); folio_start_writeback(bd_folio); folio_unlock(bd_folio);

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] nilfs2: fix potential kernel bug due to lack of writeback" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x a4ca369ca221bb7e06c725792ac107f0e48e82e7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061328-whinny-taking-53a8@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: a4ca369ca221 ("nilfs2: fix potential kernel bug due to lack of writeback flag waiting") ff5710c3f3c2 ("nilfs2: convert nilfs_segctor_prepare_write to use folios") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a4ca369ca221bb7e06c725792ac107f0e48e82e7 Mon Sep 17 00:00:00 2001 From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Date: Thu, 30 May 2024 23:15:56 +0900 Subject: [PATCH] nilfs2: fix potential kernel bug due to lack of writeback flag waiting Destructive writes to a block device on which nilfs2 is mounted can cause a kernel bug in the folio/page writeback start routine or writeback end routine (__folio_start_writeback in the log below): kernel BUG at mm/page-writeback.c:3070! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI ... RIP: 0010:__folio_start_writeback+0xbaa/0x10e0 Code: 25 ff 0f 00 00 0f 84 18 01 00 00 e8 40 ca c6 ff e9 17 f6 ff ff e8 36 ca c6 ff 4c 89 f7 48 c7 c6 80 c0 12 84 e8 e7 b3 0f 00 90 <0f> 0b e8 1f ca c6 ff 4c 89 f7 48 c7 c6 a0 c6 12 84 e8 d0 b3 0f 00 ... Call Trace: <TASK> nilfs_segctor_do_construct+0x4654/0x69d0 [nilfs2] nilfs_segctor_construct+0x181/0x6b0 [nilfs2] nilfs_segctor_thread+0x548/0x11c0 [nilfs2] kthread+0x2f0/0x390 ret_from_fork+0x4b/0x80 ret_from_fork_asm+0x1a/0x30 </TASK> This is because when the log writer starts a writeback for segment summary blocks or a super root block that use the backing device's page cache, it does not wait for the ongoing folio/page writeback, resulting in an inconsistent writeback state. Fix this issue by waiting for ongoing writebacks when putting folios/pages on the backing device into writeback state. Link: https://lkml.kernel.org/r/20240530141556.4411-1-konishi.ryusuke@gmail.com Fixes: 9ff05123e3bf ("nilfs2: segment constructor") Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Tested-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/nilfs2/segment.c b/fs/nilfs2/segment.c index 60d4f59f7665..6ea81f1d5094 100644 --- a/fs/nilfs2/segment.c +++ b/fs/nilfs2/segment.c @@ -1652,6 +1652,7 @@ static void nilfs_segctor_prepare_write(struct nilfs_sc_info *sci) if (bh->b_folio != bd_folio) { if (bd_folio) { folio_lock(bd_folio); + folio_wait_writeback(bd_folio); folio_clear_dirty_for_io(bd_folio); folio_start_writeback(bd_folio); folio_unlock(bd_folio); @@ -1665,6 +1666,7 @@ static void nilfs_segctor_prepare_write(struct nilfs_sc_info *sci) if (bh == segbuf->sb_super_root) { if (bh->b_folio != bd_folio) { folio_lock(bd_folio); + folio_wait_writeback(bd_folio); folio_clear_dirty_for_io(bd_folio); folio_start_writeback(bd_folio); folio_unlock(bd_folio); @@ -1681,6 +1683,7 @@ static void nilfs_segctor_prepare_write(struct nilfs_sc_info *sci) } if (bd_folio) { folio_lock(bd_folio); + folio_wait_writeback(bd_folio); folio_clear_dirty_for_io(bd_folio); folio_start_writeback(bd_folio); folio_unlock(bd_folio);

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] nilfs2: fix potential kernel bug due to lack of writeback" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x a4ca369ca221bb7e06c725792ac107f0e48e82e7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061327-aerobics-siberian-30c2@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: a4ca369ca221 ("nilfs2: fix potential kernel bug due to lack of writeback flag waiting") ff5710c3f3c2 ("nilfs2: convert nilfs_segctor_prepare_write to use folios") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a4ca369ca221bb7e06c725792ac107f0e48e82e7 Mon Sep 17 00:00:00 2001 From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Date: Thu, 30 May 2024 23:15:56 +0900 Subject: [PATCH] nilfs2: fix potential kernel bug due to lack of writeback flag waiting Destructive writes to a block device on which nilfs2 is mounted can cause a kernel bug in the folio/page writeback start routine or writeback end routine (__folio_start_writeback in the log below): kernel BUG at mm/page-writeback.c:3070! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI ... RIP: 0010:__folio_start_writeback+0xbaa/0x10e0 Code: 25 ff 0f 00 00 0f 84 18 01 00 00 e8 40 ca c6 ff e9 17 f6 ff ff e8 36 ca c6 ff 4c 89 f7 48 c7 c6 80 c0 12 84 e8 e7 b3 0f 00 90 <0f> 0b e8 1f ca c6 ff 4c 89 f7 48 c7 c6 a0 c6 12 84 e8 d0 b3 0f 00 ... Call Trace: <TASK> nilfs_segctor_do_construct+0x4654/0x69d0 [nilfs2] nilfs_segctor_construct+0x181/0x6b0 [nilfs2] nilfs_segctor_thread+0x548/0x11c0 [nilfs2] kthread+0x2f0/0x390 ret_from_fork+0x4b/0x80 ret_from_fork_asm+0x1a/0x30 </TASK> This is because when the log writer starts a writeback for segment summary blocks or a super root block that use the backing device's page cache, it does not wait for the ongoing folio/page writeback, resulting in an inconsistent writeback state. Fix this issue by waiting for ongoing writebacks when putting folios/pages on the backing device into writeback state. Link: https://lkml.kernel.org/r/20240530141556.4411-1-konishi.ryusuke@gmail.com Fixes: 9ff05123e3bf ("nilfs2: segment constructor") Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Tested-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/nilfs2/segment.c b/fs/nilfs2/segment.c index 60d4f59f7665..6ea81f1d5094 100644 --- a/fs/nilfs2/segment.c +++ b/fs/nilfs2/segment.c @@ -1652,6 +1652,7 @@ static void nilfs_segctor_prepare_write(struct nilfs_sc_info *sci) if (bh->b_folio != bd_folio) { if (bd_folio) { folio_lock(bd_folio); + folio_wait_writeback(bd_folio); folio_clear_dirty_for_io(bd_folio); folio_start_writeback(bd_folio); folio_unlock(bd_folio); @@ -1665,6 +1666,7 @@ static void nilfs_segctor_prepare_write(struct nilfs_sc_info *sci) if (bh == segbuf->sb_super_root) { if (bh->b_folio != bd_folio) { folio_lock(bd_folio); + folio_wait_writeback(bd_folio); folio_clear_dirty_for_io(bd_folio); folio_start_writeback(bd_folio); folio_unlock(bd_folio); @@ -1681,6 +1683,7 @@ static void nilfs_segctor_prepare_write(struct nilfs_sc_info *sci) } if (bd_folio) { folio_lock(bd_folio); + folio_wait_writeback(bd_folio); folio_clear_dirty_for_io(bd_folio); folio_start_writeback(bd_folio); folio_unlock(bd_folio);

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] nilfs2: fix potential kernel bug due to lack of writeback" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x a4ca369ca221bb7e06c725792ac107f0e48e82e7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061326-unleash-doorbell-437e@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: a4ca369ca221 ("nilfs2: fix potential kernel bug due to lack of writeback flag waiting") ff5710c3f3c2 ("nilfs2: convert nilfs_segctor_prepare_write to use folios") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a4ca369ca221bb7e06c725792ac107f0e48e82e7 Mon Sep 17 00:00:00 2001 From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Date: Thu, 30 May 2024 23:15:56 +0900 Subject: [PATCH] nilfs2: fix potential kernel bug due to lack of writeback flag waiting Destructive writes to a block device on which nilfs2 is mounted can cause a kernel bug in the folio/page writeback start routine or writeback end routine (__folio_start_writeback in the log below): kernel BUG at mm/page-writeback.c:3070! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI ... RIP: 0010:__folio_start_writeback+0xbaa/0x10e0 Code: 25 ff 0f 00 00 0f 84 18 01 00 00 e8 40 ca c6 ff e9 17 f6 ff ff e8 36 ca c6 ff 4c 89 f7 48 c7 c6 80 c0 12 84 e8 e7 b3 0f 00 90 <0f> 0b e8 1f ca c6 ff 4c 89 f7 48 c7 c6 a0 c6 12 84 e8 d0 b3 0f 00 ... Call Trace: <TASK> nilfs_segctor_do_construct+0x4654/0x69d0 [nilfs2] nilfs_segctor_construct+0x181/0x6b0 [nilfs2] nilfs_segctor_thread+0x548/0x11c0 [nilfs2] kthread+0x2f0/0x390 ret_from_fork+0x4b/0x80 ret_from_fork_asm+0x1a/0x30 </TASK> This is because when the log writer starts a writeback for segment summary blocks or a super root block that use the backing device's page cache, it does not wait for the ongoing folio/page writeback, resulting in an inconsistent writeback state. Fix this issue by waiting for ongoing writebacks when putting folios/pages on the backing device into writeback state. Link: https://lkml.kernel.org/r/20240530141556.4411-1-konishi.ryusuke@gmail.com Fixes: 9ff05123e3bf ("nilfs2: segment constructor") Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Tested-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/nilfs2/segment.c b/fs/nilfs2/segment.c index 60d4f59f7665..6ea81f1d5094 100644 --- a/fs/nilfs2/segment.c +++ b/fs/nilfs2/segment.c @@ -1652,6 +1652,7 @@ static void nilfs_segctor_prepare_write(struct nilfs_sc_info *sci) if (bh->b_folio != bd_folio) { if (bd_folio) { folio_lock(bd_folio); + folio_wait_writeback(bd_folio); folio_clear_dirty_for_io(bd_folio); folio_start_writeback(bd_folio); folio_unlock(bd_folio); @@ -1665,6 +1666,7 @@ static void nilfs_segctor_prepare_write(struct nilfs_sc_info *sci) if (bh == segbuf->sb_super_root) { if (bh->b_folio != bd_folio) { folio_lock(bd_folio); + folio_wait_writeback(bd_folio); folio_clear_dirty_for_io(bd_folio); folio_start_writeback(bd_folio); folio_unlock(bd_folio); @@ -1681,6 +1683,7 @@ static void nilfs_segctor_prepare_write(struct nilfs_sc_info *sci) } if (bd_folio) { folio_lock(bd_folio); + folio_wait_writeback(bd_folio); folio_clear_dirty_for_io(bd_folio); folio_start_writeback(bd_folio); folio_unlock(bd_folio);

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] nilfs2: fix potential kernel bug due to lack of writeback" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x a4ca369ca221bb7e06c725792ac107f0e48e82e7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061325-rubbing-sappiness-1a44@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: a4ca369ca221 ("nilfs2: fix potential kernel bug due to lack of writeback flag waiting") ff5710c3f3c2 ("nilfs2: convert nilfs_segctor_prepare_write to use folios") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a4ca369ca221bb7e06c725792ac107f0e48e82e7 Mon Sep 17 00:00:00 2001 From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Date: Thu, 30 May 2024 23:15:56 +0900 Subject: [PATCH] nilfs2: fix potential kernel bug due to lack of writeback flag waiting Destructive writes to a block device on which nilfs2 is mounted can cause a kernel bug in the folio/page writeback start routine or writeback end routine (__folio_start_writeback in the log below): kernel BUG at mm/page-writeback.c:3070! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI ... RIP: 0010:__folio_start_writeback+0xbaa/0x10e0 Code: 25 ff 0f 00 00 0f 84 18 01 00 00 e8 40 ca c6 ff e9 17 f6 ff ff e8 36 ca c6 ff 4c 89 f7 48 c7 c6 80 c0 12 84 e8 e7 b3 0f 00 90 <0f> 0b e8 1f ca c6 ff 4c 89 f7 48 c7 c6 a0 c6 12 84 e8 d0 b3 0f 00 ... Call Trace: <TASK> nilfs_segctor_do_construct+0x4654/0x69d0 [nilfs2] nilfs_segctor_construct+0x181/0x6b0 [nilfs2] nilfs_segctor_thread+0x548/0x11c0 [nilfs2] kthread+0x2f0/0x390 ret_from_fork+0x4b/0x80 ret_from_fork_asm+0x1a/0x30 </TASK> This is because when the log writer starts a writeback for segment summary blocks or a super root block that use the backing device's page cache, it does not wait for the ongoing folio/page writeback, resulting in an inconsistent writeback state. Fix this issue by waiting for ongoing writebacks when putting folios/pages on the backing device into writeback state. Link: https://lkml.kernel.org/r/20240530141556.4411-1-konishi.ryusuke@gmail.com Fixes: 9ff05123e3bf ("nilfs2: segment constructor") Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Tested-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/nilfs2/segment.c b/fs/nilfs2/segment.c index 60d4f59f7665..6ea81f1d5094 100644 --- a/fs/nilfs2/segment.c +++ b/fs/nilfs2/segment.c @@ -1652,6 +1652,7 @@ static void nilfs_segctor_prepare_write(struct nilfs_sc_info *sci) if (bh->b_folio != bd_folio) { if (bd_folio) { folio_lock(bd_folio); + folio_wait_writeback(bd_folio); folio_clear_dirty_for_io(bd_folio); folio_start_writeback(bd_folio); folio_unlock(bd_folio); @@ -1665,6 +1666,7 @@ static void nilfs_segctor_prepare_write(struct nilfs_sc_info *sci) if (bh == segbuf->sb_super_root) { if (bh->b_folio != bd_folio) { folio_lock(bd_folio); + folio_wait_writeback(bd_folio); folio_clear_dirty_for_io(bd_folio); folio_start_writeback(bd_folio); folio_unlock(bd_folio); @@ -1681,6 +1683,7 @@ static void nilfs_segctor_prepare_write(struct nilfs_sc_info *sci) } if (bd_folio) { folio_lock(bd_folio); + folio_wait_writeback(bd_folio); folio_clear_dirty_for_io(bd_folio); folio_start_writeback(bd_folio); folio_unlock(bd_folio);

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] nilfs2: fix potential kernel bug due to lack of writeback" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x a4ca369ca221bb7e06c725792ac107f0e48e82e7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061324-prize-qualifier-989e@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: a4ca369ca221 ("nilfs2: fix potential kernel bug due to lack of writeback flag waiting") ff5710c3f3c2 ("nilfs2: convert nilfs_segctor_prepare_write to use folios") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a4ca369ca221bb7e06c725792ac107f0e48e82e7 Mon Sep 17 00:00:00 2001 From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Date: Thu, 30 May 2024 23:15:56 +0900 Subject: [PATCH] nilfs2: fix potential kernel bug due to lack of writeback flag waiting Destructive writes to a block device on which nilfs2 is mounted can cause a kernel bug in the folio/page writeback start routine or writeback end routine (__folio_start_writeback in the log below): kernel BUG at mm/page-writeback.c:3070! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI ... RIP: 0010:__folio_start_writeback+0xbaa/0x10e0 Code: 25 ff 0f 00 00 0f 84 18 01 00 00 e8 40 ca c6 ff e9 17 f6 ff ff e8 36 ca c6 ff 4c 89 f7 48 c7 c6 80 c0 12 84 e8 e7 b3 0f 00 90 <0f> 0b e8 1f ca c6 ff 4c 89 f7 48 c7 c6 a0 c6 12 84 e8 d0 b3 0f 00 ... Call Trace: <TASK> nilfs_segctor_do_construct+0x4654/0x69d0 [nilfs2] nilfs_segctor_construct+0x181/0x6b0 [nilfs2] nilfs_segctor_thread+0x548/0x11c0 [nilfs2] kthread+0x2f0/0x390 ret_from_fork+0x4b/0x80 ret_from_fork_asm+0x1a/0x30 </TASK> This is because when the log writer starts a writeback for segment summary blocks or a super root block that use the backing device's page cache, it does not wait for the ongoing folio/page writeback, resulting in an inconsistent writeback state. Fix this issue by waiting for ongoing writebacks when putting folios/pages on the backing device into writeback state. Link: https://lkml.kernel.org/r/20240530141556.4411-1-konishi.ryusuke@gmail.com Fixes: 9ff05123e3bf ("nilfs2: segment constructor") Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Tested-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/nilfs2/segment.c b/fs/nilfs2/segment.c index 60d4f59f7665..6ea81f1d5094 100644 --- a/fs/nilfs2/segment.c +++ b/fs/nilfs2/segment.c @@ -1652,6 +1652,7 @@ static void nilfs_segctor_prepare_write(struct nilfs_sc_info *sci) if (bh->b_folio != bd_folio) { if (bd_folio) { folio_lock(bd_folio); + folio_wait_writeback(bd_folio); folio_clear_dirty_for_io(bd_folio); folio_start_writeback(bd_folio); folio_unlock(bd_folio); @@ -1665,6 +1666,7 @@ static void nilfs_segctor_prepare_write(struct nilfs_sc_info *sci) if (bh == segbuf->sb_super_root) { if (bh->b_folio != bd_folio) { folio_lock(bd_folio); + folio_wait_writeback(bd_folio); folio_clear_dirty_for_io(bd_folio); folio_start_writeback(bd_folio); folio_unlock(bd_folio); @@ -1681,6 +1683,7 @@ static void nilfs_segctor_prepare_write(struct nilfs_sc_info *sci) } if (bd_folio) { folio_lock(bd_folio); + folio_wait_writeback(bd_folio); folio_clear_dirty_for_io(bd_folio); folio_start_writeback(bd_folio); folio_unlock(bd_folio);

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] bpf: fix multi-uprobe PID filtering logic" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 46ba0e49b64232adac35a2bc892f1710c5b0fb7f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061330-custody-resolved-131a@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 46ba0e49b642 ("bpf: fix multi-uprobe PID filtering logic") f17d1a18a3dd ("selftests/bpf: Add more uprobe multi fail tests") 0d83786f5661 ("selftests/bpf: Add test for abnormal cnt during multi-uprobe attachment") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 46ba0e49b64232adac35a2bc892f1710c5b0fb7f Mon Sep 17 00:00:00 2001 From: Andrii Nakryiko <andrii(a)kernel.org> Date: Tue, 21 May 2024 09:33:57 -0700 Subject: [PATCH] bpf: fix multi-uprobe PID filtering logic Current implementation of PID filtering logic for multi-uprobes in uprobe_prog_run() is filtering down to exact *thread*, while the intent for PID filtering it to filter by *process* instead. The check in uprobe_prog_run() also differs from the analogous one in uprobe_multi_link_filter() for some reason. The latter is correct, checking task->mm, not the task itself. Fix the check in uprobe_prog_run() to perform the same task->mm check. While doing this, we also update get_pid_task() use to use PIDTYPE_TGID type of lookup, given the intent is to get a representative task of an entire process. This doesn't change behavior, but seems more logical. It would hold task group leader task now, not any random thread task. Last but not least, given multi-uprobe support is half-broken due to this PID filtering logic (depending on whether PID filtering is important or not), we need to make it easy for user space consumers (including libbpf) to easily detect whether PID filtering logic was already fixed. We do it here by adding an early check on passed pid parameter. If it's negative (and so has no chance of being a valid PID), we return -EINVAL. Previous behavior would eventually return -ESRCH ("No process found"), given there can't be any process with negative PID. This subtle change won't make any practical change in behavior, but will allow applications to detect PID filtering fixes easily. Libbpf fixes take advantage of this in the next patch. Cc: stable(a)vger.kernel.org Acked-by: Jiri Olsa <jolsa(a)kernel.org> Fixes: b733eeade420 ("bpf: Add pid filter support for uprobe_multi link") Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Link: https://lore.kernel.org/r/20240521163401.3005045-2-andrii@kernel.org Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index f5154c051d2c..1baaeb9ca205 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -3295,7 +3295,7 @@ static int uprobe_prog_run(struct bpf_uprobe *uprobe, struct bpf_run_ctx *old_run_ctx; int err = 0; - if (link->task && current != link->task) + if (link->task && current->mm != link->task->mm) return 0; if (sleepable) @@ -3396,8 +3396,9 @@ int bpf_uprobe_multi_link_attach(const union bpf_attr *attr, struct bpf_prog *pr upath = u64_to_user_ptr(attr->link_create.uprobe_multi.path); uoffsets = u64_to_user_ptr(attr->link_create.uprobe_multi.offsets); cnt = attr->link_create.uprobe_multi.cnt; + pid = attr->link_create.uprobe_multi.pid; - if (!upath || !uoffsets || !cnt) + if (!upath || !uoffsets || !cnt || pid < 0) return -EINVAL; if (cnt > MAX_UPROBE_MULTI_CNT) return -E2BIG; @@ -3421,10 +3422,9 @@ int bpf_uprobe_multi_link_attach(const union bpf_attr *attr, struct bpf_prog *pr goto error_path_put; } - pid = attr->link_create.uprobe_multi.pid; if (pid) { rcu_read_lock(); - task = get_pid_task(find_vpid(pid), PIDTYPE_PID); + task = get_pid_task(find_vpid(pid), PIDTYPE_TGID); rcu_read_unlock(); if (!task) { err = -ESRCH; diff --git a/tools/testing/selftests/bpf/prog_tests/uprobe_multi_test.c b/tools/testing/selftests/bpf/prog_tests/uprobe_multi_test.c index 8269cdee33ae..38fda42fd70f 100644 --- a/tools/testing/selftests/bpf/prog_tests/uprobe_multi_test.c +++ b/tools/testing/selftests/bpf/prog_tests/uprobe_multi_test.c @@ -397,7 +397,7 @@ static void test_attach_api_fails(void) link_fd = bpf_link_create(prog_fd, 0, BPF_TRACE_UPROBE_MULTI, &opts); if (!ASSERT_ERR(link_fd, "link_fd")) goto cleanup; - ASSERT_EQ(link_fd, -ESRCH, "pid_is_wrong"); + ASSERT_EQ(link_fd, -EINVAL, "pid_is_wrong"); cleanup: if (link_fd >= 0)

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix leak of qgroup extent records after transaction" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x fb33eb2ef0d88e75564983ef057b44c5b7e4fded # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061357-december-gaming-f1a1@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: fb33eb2ef0d8 ("btrfs: fix leak of qgroup extent records after transaction abort") 99f09ce309b8 ("btrfs: make btrfs_destroy_delayed_refs() return void") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fb33eb2ef0d88e75564983ef057b44c5b7e4fded Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Mon, 3 Jun 2024 12:49:08 +0100 Subject: [PATCH] btrfs: fix leak of qgroup extent records after transaction abort Qgroup extent records are created when delayed ref heads are created and then released after accounting extents at btrfs_qgroup_account_extents(), called during the transaction commit path. If a transaction is aborted we free the qgroup records by calling btrfs_qgroup_destroy_extent_records() at btrfs_destroy_delayed_refs(), unless we don't have delayed references. We are incorrectly assuming that no delayed references means we don't have qgroup extents records. We can currently have no delayed references because we ran them all during a transaction commit and the transaction was aborted after that due to some error in the commit path. So fix this by ensuring we btrfs_qgroup_destroy_extent_records() at btrfs_destroy_delayed_refs() even if we don't have any delayed references. Reported-by: syzbot+0fecc032fa134afd49df(a)syzkaller.appspotmail.com Link: https://lore.kernel.org/linux-btrfs/0000000000004e7f980619f91835@google.com/ Fixes: 81f7eb00ff5b ("btrfs: destroy qgroup extent records on transaction abort") CC: stable(a)vger.kernel.org # 6.1+ Reviewed-by: Josef Bacik <josef(a)toxicpanda.com> Reviewed-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c index a91a8056758a..242ada7e47b4 100644 --- a/fs/btrfs/disk-io.c +++ b/fs/btrfs/disk-io.c @@ -4538,18 +4538,10 @@ static void btrfs_destroy_delayed_refs(struct btrfs_transaction *trans, struct btrfs_fs_info *fs_info) { struct rb_node *node; - struct btrfs_delayed_ref_root *delayed_refs; + struct btrfs_delayed_ref_root *delayed_refs = &trans->delayed_refs; struct btrfs_delayed_ref_node *ref; - delayed_refs = &trans->delayed_refs; - spin_lock(&delayed_refs->lock); - if (atomic_read(&delayed_refs->num_entries) == 0) { - spin_unlock(&delayed_refs->lock); - btrfs_debug(fs_info, "delayed_refs has NO entry"); - return; - } - while ((node = rb_first_cached(&delayed_refs->href_root)) != NULL) { struct btrfs_delayed_ref_head *head; struct rb_node *n;

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: qgroup: update rescan message levels and error codes" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 1fa7603d569b9e738e9581937ba8725cd7d39b48 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061307-gab-underfoot-f7db@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 1fa7603d569b ("btrfs: qgroup: update rescan message levels and error codes") 182940f4f4db ("btrfs: qgroup: add new quota mode for simple quotas") 6b0cd63bc75c ("btrfs: qgroup: introduce quota mode") 515020900d44 ("btrfs: read raid stripe tree from disk") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1fa7603d569b9e738e9581937ba8725cd7d39b48 Mon Sep 17 00:00:00 2001 From: David Sterba <dsterba(a)suse.com> Date: Thu, 2 May 2024 22:45:58 +0200 Subject: [PATCH] btrfs: qgroup: update rescan message levels and error codes On filesystems without enabled quotas there's still a warning message in the logs when rescan is called. In that case it's not a problem that should be reported, rescan can be called unconditionally. Change the error code to ENOTCONN which is used for 'quotas not enabled' elsewhere. Remove message (also a warning) when rescan is called during an ongoing rescan, this brings no useful information and the error code is sufficient. Change message levels to debug for now, they can be removed eventually. CC: stable(a)vger.kernel.org # 6.6+ Reviewed-by: Boris Burkov <boris(a)bur.io> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/qgroup.c b/fs/btrfs/qgroup.c index eb28141d5c37..f93354a96909 100644 --- a/fs/btrfs/qgroup.c +++ b/fs/btrfs/qgroup.c @@ -3820,14 +3820,14 @@ qgroup_rescan_init(struct btrfs_fs_info *fs_info, u64 progress_objectid, /* we're resuming qgroup rescan at mount time */ if (!(fs_info->qgroup_flags & BTRFS_QGROUP_STATUS_FLAG_RESCAN)) { - btrfs_warn(fs_info, + btrfs_debug(fs_info, "qgroup rescan init failed, qgroup rescan is not queued"); ret = -EINVAL; } else if (!(fs_info->qgroup_flags & BTRFS_QGROUP_STATUS_FLAG_ON)) { - btrfs_warn(fs_info, + btrfs_debug(fs_info, "qgroup rescan init failed, qgroup is not enabled"); - ret = -EINVAL; + ret = -ENOTCONN; } if (ret) @@ -3838,14 +3838,12 @@ qgroup_rescan_init(struct btrfs_fs_info *fs_info, u64 progress_objectid, if (init_flags) { if (fs_info->qgroup_flags & BTRFS_QGROUP_STATUS_FLAG_RESCAN) { - btrfs_warn(fs_info, - "qgroup rescan is already in progress"); ret = -EINPROGRESS; } else if (!(fs_info->qgroup_flags & BTRFS_QGROUP_STATUS_FLAG_ON)) { - btrfs_warn(fs_info, + btrfs_debug(fs_info, "qgroup rescan init failed, qgroup is not enabled"); - ret = -EINVAL; + ret = -ENOTCONN; } else if (btrfs_qgroup_mode(fs_info) == BTRFS_QGROUP_MODE_DISABLED) { /* Quota disable is in progress */ ret = -EBUSY;

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] tracefs: Update inode permissions on remount" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 27c046484382d78b4abb0a6e9905a20121af9b35 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061310-exemplify-snore-c1b0@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 27c046484382 ("tracefs: Update inode permissions on remount") baa23a8d4360 ("tracefs: Reset permissions on remount if permissions are options") 8dce06e98c70 ("eventfs: Clean up dentry ops and add revalidate function") 49304c2b93e4 ("tracefs: dentry lookup crapectomy") 4fa4b010b83f ("eventfs: Initialize the tracefs inode properly") d81786f53aec ("tracefs: Zero out the tracefs_inode when allocating it") 29142dc92c37 ("tracefs: remove stale 'update_gid' code") 8186fff7ab64 ("tracefs/eventfs: Use root and instance inodes as default ownership") b0f7e2d739b4 ("eventfs: Remove "lookup" parameter from create_dir/file_dentry()") ad579864637a ("tracefs: Check for dentry->d_inode exists in set_gid()") 7e8358edf503 ("eventfs: Fix file and directory uid and gid ownership") 0dfc852b6fe3 ("eventfs: Have event files and directories default to parent uid and gid") 5eaf7f0589c0 ("eventfs: Fix events beyond NAME_MAX blocking tasks") f49f950c217b ("eventfs: Make sure that parent->d_inode is locked in creating files/dirs") fc4561226fea ("eventfs: Do not allow NULL parent to eventfs_start_creating()") bcae32c5632f ("eventfs: Move taking of inode_lock into dcache_dir_open_wrapper()") 71cade82f2b5 ("eventfs: Do not invalidate dentry in create_file/dir_dentry()") 88903daecacf ("eventfs: Remove expectation that ei->is_freed means ei->dentry == NULL") 44365329f821 ("eventfs: Hold eventfs_mutex when calling callback functions") 28e12c09f5aa ("eventfs: Save ownership and mode") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 27c046484382d78b4abb0a6e9905a20121af9b35 Mon Sep 17 00:00:00 2001 From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> Date: Thu, 23 May 2024 01:14:27 -0400 Subject: [PATCH] tracefs: Update inode permissions on remount When a remount happens, if a gid or uid is specified update the inodes to have the same gid and uid. This will allow the simplification of the permissions logic for the dynamically created files and directories. Link: https://lore.kernel.org/linux-trace-kernel/20240523051539.592429986@goodmis… Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Masahiro Yamada <masahiroy(a)kernel.org> Fixes: baa23a8d4360d ("tracefs: Reset permissions on remount if permissions are options") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index 55a40a730b10..5dfb1ccd56ea 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -317,20 +317,29 @@ void eventfs_remount(struct tracefs_inode *ti, bool update_uid, bool update_gid) if (!ei) return; - if (update_uid) + if (update_uid) { ei->attr.mode &= ~EVENTFS_SAVE_UID; + ei->attr.uid = ti->vfs_inode.i_uid; + } - if (update_gid) + + if (update_gid) { ei->attr.mode &= ~EVENTFS_SAVE_GID; + ei->attr.gid = ti->vfs_inode.i_gid; + } if (!ei->entry_attrs) return; for (int i = 0; i < ei->nr_entries; i++) { - if (update_uid) + if (update_uid) { ei->entry_attrs[i].mode &= ~EVENTFS_SAVE_UID; - if (update_gid) + ei->entry_attrs[i].uid = ti->vfs_inode.i_uid; + } + if (update_gid) { ei->entry_attrs[i].mode &= ~EVENTFS_SAVE_GID; + ei->entry_attrs[i].gid = ti->vfs_inode.i_gid; + } } } diff --git a/fs/tracefs/inode.c b/fs/tracefs/inode.c index a827f6a716c4..9252e0d78ea2 100644 --- a/fs/tracefs/inode.c +++ b/fs/tracefs/inode.c @@ -373,12 +373,21 @@ static int tracefs_apply_options(struct super_block *sb, bool remount) rcu_read_lock(); list_for_each_entry_rcu(ti, &tracefs_inodes, list) { - if (update_uid) + if (update_uid) { ti->flags &= ~TRACEFS_UID_PERM_SET; + ti->vfs_inode.i_uid = fsi->uid; + } - if (update_gid) + if (update_gid) { ti->flags &= ~TRACEFS_GID_PERM_SET; + ti->vfs_inode.i_gid = fsi->gid; + } + /* + * Note, the above ti->vfs_inode updates are + * used in eventfs_remount() so they must come + * before calling it. + */ if (ti->flags & TRACEFS_EVENT_INODE) eventfs_remount(ti, update_uid, update_gid); }

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] tracefs: Update inode permissions on remount" failed to apply to 6.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.9.y git checkout FETCH_HEAD git cherry-pick -x 27c046484382d78b4abb0a6e9905a20121af9b35 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061309-pliable-outcast-adb7@gregkh' --subject-prefix 'PATCH 6.9.y' HEAD^.. Possible dependencies: 27c046484382 ("tracefs: Update inode permissions on remount") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 27c046484382d78b4abb0a6e9905a20121af9b35 Mon Sep 17 00:00:00 2001 From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> Date: Thu, 23 May 2024 01:14:27 -0400 Subject: [PATCH] tracefs: Update inode permissions on remount When a remount happens, if a gid or uid is specified update the inodes to have the same gid and uid. This will allow the simplification of the permissions logic for the dynamically created files and directories. Link: https://lore.kernel.org/linux-trace-kernel/20240523051539.592429986@goodmis… Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Masahiro Yamada <masahiroy(a)kernel.org> Fixes: baa23a8d4360d ("tracefs: Reset permissions on remount if permissions are options") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index 55a40a730b10..5dfb1ccd56ea 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -317,20 +317,29 @@ void eventfs_remount(struct tracefs_inode *ti, bool update_uid, bool update_gid) if (!ei) return; - if (update_uid) + if (update_uid) { ei->attr.mode &= ~EVENTFS_SAVE_UID; + ei->attr.uid = ti->vfs_inode.i_uid; + } - if (update_gid) + + if (update_gid) { ei->attr.mode &= ~EVENTFS_SAVE_GID; + ei->attr.gid = ti->vfs_inode.i_gid; + } if (!ei->entry_attrs) return; for (int i = 0; i < ei->nr_entries; i++) { - if (update_uid) + if (update_uid) { ei->entry_attrs[i].mode &= ~EVENTFS_SAVE_UID; - if (update_gid) + ei->entry_attrs[i].uid = ti->vfs_inode.i_uid; + } + if (update_gid) { ei->entry_attrs[i].mode &= ~EVENTFS_SAVE_GID; + ei->entry_attrs[i].gid = ti->vfs_inode.i_gid; + } } } diff --git a/fs/tracefs/inode.c b/fs/tracefs/inode.c index a827f6a716c4..9252e0d78ea2 100644 --- a/fs/tracefs/inode.c +++ b/fs/tracefs/inode.c @@ -373,12 +373,21 @@ static int tracefs_apply_options(struct super_block *sb, bool remount) rcu_read_lock(); list_for_each_entry_rcu(ti, &tracefs_inodes, list) { - if (update_uid) + if (update_uid) { ti->flags &= ~TRACEFS_UID_PERM_SET; + ti->vfs_inode.i_uid = fsi->uid; + } - if (update_gid) + if (update_gid) { ti->flags &= ~TRACEFS_GID_PERM_SET; + ti->vfs_inode.i_gid = fsi->gid; + } + /* + * Note, the above ti->vfs_inode updates are + * used in eventfs_remount() so they must come + * before calling it. + */ if (ti->flags & TRACEFS_EVENT_INODE) eventfs_remount(ti, update_uid, update_gid); }

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] eventfs: Update all the eventfs_inodes from the events" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 340f0c7067a95281ad13734f8225f49c6cf52067 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061306-handed-oyster-2002@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 340f0c7067a9 ("eventfs: Update all the eventfs_inodes from the events descriptor") 27c046484382 ("tracefs: Update inode permissions on remount") baa23a8d4360 ("tracefs: Reset permissions on remount if permissions are options") 8dce06e98c70 ("eventfs: Clean up dentry ops and add revalidate function") 49304c2b93e4 ("tracefs: dentry lookup crapectomy") 4fa4b010b83f ("eventfs: Initialize the tracefs inode properly") d81786f53aec ("tracefs: Zero out the tracefs_inode when allocating it") 29142dc92c37 ("tracefs: remove stale 'update_gid' code") 8186fff7ab64 ("tracefs/eventfs: Use root and instance inodes as default ownership") b0f7e2d739b4 ("eventfs: Remove "lookup" parameter from create_dir/file_dentry()") ad579864637a ("tracefs: Check for dentry->d_inode exists in set_gid()") 7e8358edf503 ("eventfs: Fix file and directory uid and gid ownership") 0dfc852b6fe3 ("eventfs: Have event files and directories default to parent uid and gid") 5eaf7f0589c0 ("eventfs: Fix events beyond NAME_MAX blocking tasks") f49f950c217b ("eventfs: Make sure that parent->d_inode is locked in creating files/dirs") fc4561226fea ("eventfs: Do not allow NULL parent to eventfs_start_creating()") bcae32c5632f ("eventfs: Move taking of inode_lock into dcache_dir_open_wrapper()") 71cade82f2b5 ("eventfs: Do not invalidate dentry in create_file/dir_dentry()") 88903daecacf ("eventfs: Remove expectation that ei->is_freed means ei->dentry == NULL") 44365329f821 ("eventfs: Hold eventfs_mutex when calling callback functions") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 340f0c7067a95281ad13734f8225f49c6cf52067 Mon Sep 17 00:00:00 2001 From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> Date: Thu, 23 May 2024 01:14:28 -0400 Subject: [PATCH] eventfs: Update all the eventfs_inodes from the events descriptor The change to update the permissions of the eventfs_inode had the misconception that using the tracefs_inode would find all the eventfs_inodes that have been updated and reset them on remount. The problem with this approach is that the eventfs_inodes are freed when they are no longer used (basically the reason the eventfs system exists). When they are freed, the updated eventfs_inodes are not reset on a remount because their tracefs_inodes have been freed. Instead, since the events directory eventfs_inode always has a tracefs_inode pointing to it (it is not freed when finished), and the events directory has a link to all its children, have the eventfs_remount() function only operate on the events eventfs_inode and have it descend into its children updating their uid and gids. Link: https://lore.kernel.org/all/CAK7LNARXgaWw3kH9JgrnH4vK6fr8LDkNKf3wq8NhMWJrVw… Link: https://lore.kernel.org/linux-trace-kernel/20240523051539.754424703@goodmis… Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Fixes: baa23a8d4360d ("tracefs: Reset permissions on remount if permissions are options") Reported-by: Masahiro Yamada <masahiroy(a)kernel.org> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index 5dfb1ccd56ea..129d0f54ba62 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -305,6 +305,45 @@ static const struct file_operations eventfs_file_operations = { .llseek = generic_file_llseek, }; +static void eventfs_set_attrs(struct eventfs_inode *ei, bool update_uid, kuid_t uid, + bool update_gid, kgid_t gid, int level) +{ + struct eventfs_inode *ei_child; + + /* Update events/<system>/<event> */ + if (WARN_ON_ONCE(level > 3)) + return; + + if (update_uid) { + ei->attr.mode &= ~EVENTFS_SAVE_UID; + ei->attr.uid = uid; + } + + if (update_gid) { + ei->attr.mode &= ~EVENTFS_SAVE_GID; + ei->attr.gid = gid; + } + + list_for_each_entry(ei_child, &ei->children, list) { + eventfs_set_attrs(ei_child, update_uid, uid, update_gid, gid, level + 1); + } + + if (!ei->entry_attrs) + return; + + for (int i = 0; i < ei->nr_entries; i++) { + if (update_uid) { + ei->entry_attrs[i].mode &= ~EVENTFS_SAVE_UID; + ei->entry_attrs[i].uid = uid; + } + if (update_gid) { + ei->entry_attrs[i].mode &= ~EVENTFS_SAVE_GID; + ei->entry_attrs[i].gid = gid; + } + } + +} + /* * On a remount of tracefs, if UID or GID options are set, then * the mount point inode permissions should be used. @@ -314,33 +353,12 @@ void eventfs_remount(struct tracefs_inode *ti, bool update_uid, bool update_gid) { struct eventfs_inode *ei = ti->private; - if (!ei) + /* Only the events directory does the updates */ + if (!ei || !ei->is_events || ei->is_freed) return; - if (update_uid) { - ei->attr.mode &= ~EVENTFS_SAVE_UID; - ei->attr.uid = ti->vfs_inode.i_uid; - } - - - if (update_gid) { - ei->attr.mode &= ~EVENTFS_SAVE_GID; - ei->attr.gid = ti->vfs_inode.i_gid; - } - - if (!ei->entry_attrs) - return; - - for (int i = 0; i < ei->nr_entries; i++) { - if (update_uid) { - ei->entry_attrs[i].mode &= ~EVENTFS_SAVE_UID; - ei->entry_attrs[i].uid = ti->vfs_inode.i_uid; - } - if (update_gid) { - ei->entry_attrs[i].mode &= ~EVENTFS_SAVE_GID; - ei->entry_attrs[i].gid = ti->vfs_inode.i_gid; - } - } + eventfs_set_attrs(ei, update_uid, ti->vfs_inode.i_uid, + update_gid, ti->vfs_inode.i_gid, 0); } /* Return the evenfs_inode of the "events" directory */

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] eventfs: Update all the eventfs_inodes from the events" failed to apply to 6.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.9.y git checkout FETCH_HEAD git cherry-pick -x 340f0c7067a95281ad13734f8225f49c6cf52067 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061305-kilogram-handheld-7bd9@gregkh' --subject-prefix 'PATCH 6.9.y' HEAD^.. Possible dependencies: 340f0c7067a9 ("eventfs: Update all the eventfs_inodes from the events descriptor") 27c046484382 ("tracefs: Update inode permissions on remount") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 340f0c7067a95281ad13734f8225f49c6cf52067 Mon Sep 17 00:00:00 2001 From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> Date: Thu, 23 May 2024 01:14:28 -0400 Subject: [PATCH] eventfs: Update all the eventfs_inodes from the events descriptor The change to update the permissions of the eventfs_inode had the misconception that using the tracefs_inode would find all the eventfs_inodes that have been updated and reset them on remount. The problem with this approach is that the eventfs_inodes are freed when they are no longer used (basically the reason the eventfs system exists). When they are freed, the updated eventfs_inodes are not reset on a remount because their tracefs_inodes have been freed. Instead, since the events directory eventfs_inode always has a tracefs_inode pointing to it (it is not freed when finished), and the events directory has a link to all its children, have the eventfs_remount() function only operate on the events eventfs_inode and have it descend into its children updating their uid and gids. Link: https://lore.kernel.org/all/CAK7LNARXgaWw3kH9JgrnH4vK6fr8LDkNKf3wq8NhMWJrVw… Link: https://lore.kernel.org/linux-trace-kernel/20240523051539.754424703@goodmis… Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Fixes: baa23a8d4360d ("tracefs: Reset permissions on remount if permissions are options") Reported-by: Masahiro Yamada <masahiroy(a)kernel.org> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index 5dfb1ccd56ea..129d0f54ba62 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -305,6 +305,45 @@ static const struct file_operations eventfs_file_operations = { .llseek = generic_file_llseek, }; +static void eventfs_set_attrs(struct eventfs_inode *ei, bool update_uid, kuid_t uid, + bool update_gid, kgid_t gid, int level) +{ + struct eventfs_inode *ei_child; + + /* Update events/<system>/<event> */ + if (WARN_ON_ONCE(level > 3)) + return; + + if (update_uid) { + ei->attr.mode &= ~EVENTFS_SAVE_UID; + ei->attr.uid = uid; + } + + if (update_gid) { + ei->attr.mode &= ~EVENTFS_SAVE_GID; + ei->attr.gid = gid; + } + + list_for_each_entry(ei_child, &ei->children, list) { + eventfs_set_attrs(ei_child, update_uid, uid, update_gid, gid, level + 1); + } + + if (!ei->entry_attrs) + return; + + for (int i = 0; i < ei->nr_entries; i++) { + if (update_uid) { + ei->entry_attrs[i].mode &= ~EVENTFS_SAVE_UID; + ei->entry_attrs[i].uid = uid; + } + if (update_gid) { + ei->entry_attrs[i].mode &= ~EVENTFS_SAVE_GID; + ei->entry_attrs[i].gid = gid; + } + } + +} + /* * On a remount of tracefs, if UID or GID options are set, then * the mount point inode permissions should be used. @@ -314,33 +353,12 @@ void eventfs_remount(struct tracefs_inode *ti, bool update_uid, bool update_gid) { struct eventfs_inode *ei = ti->private; - if (!ei) + /* Only the events directory does the updates */ + if (!ei || !ei->is_events || ei->is_freed) return; - if (update_uid) { - ei->attr.mode &= ~EVENTFS_SAVE_UID; - ei->attr.uid = ti->vfs_inode.i_uid; - } - - - if (update_gid) { - ei->attr.mode &= ~EVENTFS_SAVE_GID; - ei->attr.gid = ti->vfs_inode.i_gid; - } - - if (!ei->entry_attrs) - return; - - for (int i = 0; i < ei->nr_entries; i++) { - if (update_uid) { - ei->entry_attrs[i].mode &= ~EVENTFS_SAVE_UID; - ei->entry_attrs[i].uid = ti->vfs_inode.i_uid; - } - if (update_gid) { - ei->entry_attrs[i].mode &= ~EVENTFS_SAVE_GID; - ei->entry_attrs[i].gid = ti->vfs_inode.i_gid; - } - } + eventfs_set_attrs(ei, update_uid, ti->vfs_inode.i_uid, + update_gid, ti->vfs_inode.i_gid, 0); } /* Return the evenfs_inode of the "events" directory */

1 year, 3 months

1
0
0 0

[PATCH v2] usb: ucsi: stm32: fix command completion handling

by Fabrice Gasnier

Sometimes errors are seen, when doing DR swap, like: [ 24.672481] ucsi-stm32g0-i2c 0-0035: UCSI_GET_PDOS failed (-5) [ 24.720188] ucsi-stm32g0-i2c 0-0035: ucsi_handle_connector_change: GET_CONNECTOR_STATUS failed (-5) There may be some race, which lead to read CCI, before the command complete flag is set, hence returning -EIO. Similar fix has been done also in ucsi_acpi [1]. In case of a spurious or otherwise delayed notification it is possible that CCI still reports the previous completion. The UCSI spec is aware of this and provides two completion bits in CCI, one for normal commands and one for acks. As acks and commands alternate the notification handler can determine if the completion bit is from the current command. To fix this add the ACK_PENDING bit for ucsi_stm32g0 and only complete commands if the completion bit matches. [1] https://lore.kernel.org/lkml/20240121204123.275441-3-lk@c--e.de/ Fixes: 72849d4fcee7 ("usb: typec: ucsi: stm32g0: add support for stm32g0 controller") Signed-off-by: Fabrice Gasnier <fabrice.gasnier(a)foss.st.com> --- Changes in v2: rebase and define ACK_PENDING as commented by Dmitry. --- drivers/usb/typec/ucsi/ucsi_stm32g0.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/drivers/usb/typec/ucsi/ucsi_stm32g0.c b/drivers/usb/typec/ucsi/ucsi_stm32g0.c index ac48b7763114..ac69288e8bb0 100644 --- a/drivers/usb/typec/ucsi/ucsi_stm32g0.c +++ b/drivers/usb/typec/ucsi/ucsi_stm32g0.c @@ -65,6 +65,7 @@ struct ucsi_stm32g0 { struct device *dev; unsigned long flags; #define COMMAND_PENDING 1 +#define ACK_PENDING 2 const char *fw_name; struct ucsi *ucsi; bool suspended; @@ -396,9 +397,13 @@ static int ucsi_stm32g0_sync_write(struct ucsi *ucsi, unsigned int offset, const size_t len) { struct ucsi_stm32g0 *g0 = ucsi_get_drvdata(ucsi); + bool ack = UCSI_COMMAND(*(u64 *)val) == UCSI_ACK_CC_CI; int ret; - set_bit(COMMAND_PENDING, &g0->flags); + if (ack) + set_bit(ACK_PENDING, &g0->flags); + else + set_bit(COMMAND_PENDING, &g0->flags); ret = ucsi_stm32g0_async_write(ucsi, offset, val, len); if (ret) @@ -406,9 +411,14 @@ static int ucsi_stm32g0_sync_write(struct ucsi *ucsi, unsigned int offset, const if (!wait_for_completion_timeout(&g0->complete, msecs_to_jiffies(5000))) ret = -ETIMEDOUT; + else + return 0; out_clear_bit: - clear_bit(COMMAND_PENDING, &g0->flags); + if (ack) + clear_bit(ACK_PENDING, &g0->flags); + else + clear_bit(COMMAND_PENDING, &g0->flags); return ret; } @@ -429,8 +439,9 @@ static irqreturn_t ucsi_stm32g0_irq_handler(int irq, void *data) if (UCSI_CCI_CONNECTOR(cci)) ucsi_connector_change(g0->ucsi, UCSI_CCI_CONNECTOR(cci)); - if (test_bit(COMMAND_PENDING, &g0->flags) && - cci & (UCSI_CCI_ACK_COMPLETE | UCSI_CCI_COMMAND_COMPLETE)) + if (cci & UCSI_CCI_ACK_COMPLETE && test_and_clear_bit(ACK_PENDING, &g0->flags)) + complete(&g0->complete); + if (cci & UCSI_CCI_COMMAND_COMPLETE && test_and_clear_bit(COMMAND_PENDING, &g0->flags)) complete(&g0->complete); return IRQ_HANDLED; -- 2.25.1

1 year, 3 months

3
2
0 0

FAILED: patch "[PATCH] ext4: fix slab-out-of-bounds in" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 13df4d44a3aaabe61cd01d277b6ee23ead2a5206 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024061335-payee-pamphlet-09d5@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 13df4d44a3aa ("ext4: fix slab-out-of-bounds in ext4_mb_find_good_group_avg_frag_lists()") 57341fe3179c ("ext4: refactor out ext4_generic_attr_show()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 13df4d44a3aaabe61cd01d277b6ee23ead2a5206 Mon Sep 17 00:00:00 2001 From: Baokun Li <libaokun1(a)huawei.com> Date: Tue, 19 Mar 2024 19:33:20 +0800 Subject: [PATCH] ext4: fix slab-out-of-bounds in ext4_mb_find_good_group_avg_frag_lists() We can trigger a slab-out-of-bounds with the following commands: mkfs.ext4 -F /dev/$disk 10G mount /dev/$disk /tmp/test echo 2147483647 > /sys/fs/ext4/$disk/mb_group_prealloc echo test > /tmp/test/file && sync ================================================================== BUG: KASAN: slab-out-of-bounds in ext4_mb_find_good_group_avg_frag_lists+0x8a/0x200 [ext4] Read of size 8 at addr ffff888121b9d0f0 by task kworker/u2:0/11 CPU: 0 PID: 11 Comm: kworker/u2:0 Tainted: GL 6.7.0-next-20240118 #521 Call Trace: dump_stack_lvl+0x2c/0x50 kasan_report+0xb6/0xf0 ext4_mb_find_good_group_avg_frag_lists+0x8a/0x200 [ext4] ext4_mb_regular_allocator+0x19e9/0x2370 [ext4] ext4_mb_new_blocks+0x88a/0x1370 [ext4] ext4_ext_map_blocks+0x14f7/0x2390 [ext4] ext4_map_blocks+0x569/0xea0 [ext4] ext4_do_writepages+0x10f6/0x1bc0 [ext4] [...] ================================================================== The flow of issue triggering is as follows: // Set s_mb_group_prealloc to 2147483647 via sysfs ext4_mb_new_blocks ext4_mb_normalize_request ext4_mb_normalize_group_request ac->ac_g_ex.fe_len = EXT4_SB(sb)->s_mb_group_prealloc ext4_mb_regular_allocator ext4_mb_choose_next_group ext4_mb_choose_next_group_best_avail mb_avg_fragment_size_order order = fls(len) - 2 = 29 ext4_mb_find_good_group_avg_frag_lists frag_list = &sbi->s_mb_avg_fragment_size[order] if (list_empty(frag_list)) // Trigger SOOB! At 4k block size, the length of the s_mb_avg_fragment_size list is 14, but an oversized s_mb_group_prealloc is set, causing slab-out-of-bounds to be triggered by an attempt to access an element at index 29. Add a new attr_id attr_clusters_in_group with values in the range [0, sbi->s_clusters_per_group] and declare mb_group_prealloc as that type to fix the issue. In addition avoid returning an order from mb_avg_fragment_size_order() greater than MB_NUM_ORDERS(sb) and reduce some useless loops. Fixes: 7e170922f06b ("ext4: Add allocation criteria 1.5 (CR1_5)") CC: stable(a)vger.kernel.org Signed-off-by: Baokun Li <libaokun1(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Reviewed-by: Ojaswin Mujoo <ojaswin(a)linux.ibm.com> Link: https://lore.kernel.org/r/20240319113325.3110393-5-libaokun1@huawei.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c index 12b3f196010b..dbf04f91516c 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -831,6 +831,8 @@ static int mb_avg_fragment_size_order(struct super_block *sb, ext4_grpblk_t len) return 0; if (order == MB_NUM_ORDERS(sb)) order--; + if (WARN_ON_ONCE(order > MB_NUM_ORDERS(sb))) + order = MB_NUM_ORDERS(sb) - 1; return order; } @@ -1008,6 +1010,8 @@ static void ext4_mb_choose_next_group_best_avail(struct ext4_allocation_context * goal length. */ order = fls(ac->ac_g_ex.fe_len) - 1; + if (WARN_ON_ONCE(order - 1 > MB_NUM_ORDERS(ac->ac_sb))) + order = MB_NUM_ORDERS(ac->ac_sb); min_order = order - sbi->s_mb_best_avail_max_trim_order; if (min_order < 0) min_order = 0; diff --git a/fs/ext4/sysfs.c b/fs/ext4/sysfs.c index 7f455b5f22c0..ddd71673176c 100644 --- a/fs/ext4/sysfs.c +++ b/fs/ext4/sysfs.c @@ -29,6 +29,7 @@ typedef enum { attr_trigger_test_error, attr_first_error_time, attr_last_error_time, + attr_clusters_in_group, attr_feature, attr_pointer_ui, attr_pointer_ul, @@ -207,13 +208,14 @@ EXT4_ATTR_FUNC(sra_exceeded_retry_limit, 0444); EXT4_ATTR_OFFSET(inode_readahead_blks, 0644, inode_readahead, ext4_sb_info, s_inode_readahead_blks); +EXT4_ATTR_OFFSET(mb_group_prealloc, 0644, clusters_in_group, + ext4_sb_info, s_mb_group_prealloc); EXT4_RW_ATTR_SBI_UI(inode_goal, s_inode_goal); EXT4_RW_ATTR_SBI_UI(mb_stats, s_mb_stats); EXT4_RW_ATTR_SBI_UI(mb_max_to_scan, s_mb_max_to_scan); EXT4_RW_ATTR_SBI_UI(mb_min_to_scan, s_mb_min_to_scan); EXT4_RW_ATTR_SBI_UI(mb_order2_req, s_mb_order2_reqs); EXT4_RW_ATTR_SBI_UI(mb_stream_req, s_mb_stream_request); -EXT4_RW_ATTR_SBI_UI(mb_group_prealloc, s_mb_group_prealloc); EXT4_RW_ATTR_SBI_UI(mb_max_linear_groups, s_mb_max_linear_groups); EXT4_RW_ATTR_SBI_UI(extent_max_zeroout_kb, s_extent_max_zeroout_kb); EXT4_ATTR(trigger_fs_error, 0200, trigger_test_error); @@ -376,6 +378,7 @@ static ssize_t ext4_generic_attr_show(struct ext4_attr *a, switch (a->attr_id) { case attr_inode_readahead: + case attr_clusters_in_group: case attr_pointer_ui: if (a->attr_ptr == ptr_ext4_super_block_offset) return sysfs_emit(buf, "%u\n", le32_to_cpup(ptr)); @@ -455,6 +458,14 @@ static ssize_t ext4_generic_attr_store(struct ext4_attr *a, else *((unsigned int *) ptr) = t; return len; + case attr_clusters_in_group: + ret = kstrtouint(skip_spaces(buf), 0, &t); + if (ret) + return ret; + if (t > sbi->s_clusters_per_group) + return -EINVAL; + *((unsigned int *) ptr) = t; + return len; case attr_pointer_ul: ret = kstrtoul(skip_spaces(buf), 0, &lt); if (ret)

1 year, 3 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror