- Linux-stable-mirror - lists.linaro.org

[PATCH 5.10/5.15/6.1] Bluetooth: btbcm: Handle memory allocation failure in btbcm_get_board_name()

by Aleksandr Mishin

No upstream commit exists for this commit. The issue was introduced with commit 63fac3343b99 ("Bluetooth: btbcm: Support per-board firmware variants"). In btbcm_get_board_name() devm_kstrdup() can return NULL due to memory allocation failure. Add NULL return check to prevent NULL dereference. Upstream branch code has been significantly refactored and can't be backported directly. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 63fac3343b99 ("Bluetooth: btbcm: Support per-board firmware variants") Signed-off-by: Aleksandr Mishin <amishin(a)t-argos.ru> --- drivers/bluetooth/btbcm.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/bluetooth/btbcm.c b/drivers/bluetooth/btbcm.c index de2ea589aa49..6191fd74ab3d 100644 --- a/drivers/bluetooth/btbcm.c +++ b/drivers/bluetooth/btbcm.c @@ -551,6 +551,8 @@ static const char *btbcm_get_board_name(struct device *dev) /* get rid of any '/' in the compatible string */ len = strlen(tmp) + 1; board_type = devm_kzalloc(dev, len, GFP_KERNEL); + if (!board_type) + return NULL; strscpy(board_type, tmp, len); for (i = 0; i < len; i++) { if (board_type[i] == '/') -- 2.30.2

1 year, 3 months

1
0
0 0

[PATCH 1/2] net: dsa: RCU-protect dsa_ptr in struct net_device

by A. Sverdlin

From: Alexander Sverdlin <alexander.sverdlin(a)siemens.com> There are multiple races of zeroing dsa_ptr in struct net_device (on shutdown/remove) against asynchronous dereferences all over the net code. Widespread pattern is as follows: CPU0 CPU1 if (netdev_uses_dsa()) dev->dsa_ptr = NULL; dev->dsa_ptr->... One of the possible crashes: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010 CPU: 0 PID: 12 Comm: ksoftirqd/0 Tainted: G O 6.1.99+ #1 pc : lan9303_rcv lr : lan9303_rcv Call trace: lan9303_rcv dsa_switch_rcv __netif_receive_skb_list_core netif_receive_skb_list_internal napi_gro_receive fec_enet_rx_napi __napi_poll net_rx_action ... RCU-protect dsa_ptr and use rcu_dereference() or rtnl_dereference() depending on the calling context. Rename netdev_uses_dsa() into __netdev_uses_dsa_currently() (assumes ether RCU or RTNL lock held) and netdev_uses_dsa_currently() variants which better reflect the uselessness of the function's return value, which becomes outdated right after the call. Fixes: ee534378f005 ("net: dsa: fix panic when DSA master device unbinds on shutdown") Cc: stable(a)vger.kernel.org Signed-off-by: Alexander Sverdlin <alexander.sverdlin(a)siemens.com> --- drivers/net/dsa/mt7530.c | 3 +- drivers/net/dsa/ocelot/felix.c | 3 +- drivers/net/dsa/qca/qca8k-8xxx.c | 3 +- drivers/net/ethernet/broadcom/bcmsysport.c | 8 +- drivers/net/ethernet/mediatek/airoha_eth.c | 2 +- drivers/net/ethernet/mediatek/mtk_eth_soc.c | 22 +++-- drivers/net/ethernet/mediatek/mtk_ppe.c | 15 ++- include/linux/netdevice.h | 2 +- include/net/dsa.h | 36 +++++-- include/net/dsa_stubs.h | 6 +- net/bridge/br_input.c | 2 +- net/core/dev.c | 3 +- net/core/flow_dissector.c | 19 ++-- net/dsa/conduit.c | 66 ++++++++----- net/dsa/dsa.c | 19 ++-- net/dsa/port.c | 3 +- net/dsa/tag.c | 3 +- net/dsa/tag.h | 19 ++-- net/dsa/tag_8021q.c | 10 +- net/dsa/tag_brcm.c | 2 +- net/dsa/tag_dsa.c | 8 +- net/dsa/tag_qca.c | 10 +- net/dsa/tag_sja1105.c | 22 +++-- net/dsa/user.c | 104 +++++++++++--------- net/ethernet/eth.c | 2 +- 25 files changed, 240 insertions(+), 152 deletions(-) diff --git a/drivers/net/dsa/mt7530.c b/drivers/net/dsa/mt7530.c index ec18e68bf3a8..82d3f1786156 100644 --- a/drivers/net/dsa/mt7530.c +++ b/drivers/net/dsa/mt7530.c @@ -20,6 +20,7 @@ #include <linux/reset.h> #include <linux/gpio/consumer.h> #include <linux/gpio/driver.h> +#include <linux/rtnetlink.h> #include <net/dsa.h> #include "mt7530.h" @@ -3092,7 +3093,7 @@ mt753x_conduit_state_change(struct dsa_switch *ds, const struct net_device *conduit, bool operational) { - struct dsa_port *cpu_dp = conduit->dsa_ptr; + struct dsa_port *cpu_dp = rtnl_dereference(conduit->dsa_ptr); struct mt7530_priv *priv = ds->priv; int val = 0; u8 mask; diff --git a/drivers/net/dsa/ocelot/felix.c b/drivers/net/dsa/ocelot/felix.c index 4a705f7333f4..f6bc0ff0c116 100644 --- a/drivers/net/dsa/ocelot/felix.c +++ b/drivers/net/dsa/ocelot/felix.c @@ -21,6 +21,7 @@ #include <linux/of_net.h> #include <linux/pci.h> #include <linux/of.h> +#include <linux/rtnetlink.h> #include <net/pkt_sched.h> #include <net/dsa.h> #include "felix.h" @@ -57,7 +58,7 @@ static int felix_cpu_port_for_conduit(struct dsa_switch *ds, return lag; } - cpu_dp = conduit->dsa_ptr; + cpu_dp = rtnl_dereference(conduit->dsa_ptr); return cpu_dp->index; } diff --git a/drivers/net/dsa/qca/qca8k-8xxx.c b/drivers/net/dsa/qca/qca8k-8xxx.c index f8d8c70642c4..10b4d7e9be2f 100644 --- a/drivers/net/dsa/qca/qca8k-8xxx.c +++ b/drivers/net/dsa/qca/qca8k-8xxx.c @@ -20,6 +20,7 @@ #include <linux/gpio/consumer.h> #include <linux/etherdevice.h> #include <linux/dsa/tag_qca.h> +#include <linux/rtnetlink.h> #include "qca8k.h" #include "qca8k_leds.h" @@ -1754,7 +1755,7 @@ static void qca8k_conduit_change(struct dsa_switch *ds, const struct net_device *conduit, bool operational) { - struct dsa_port *dp = conduit->dsa_ptr; + struct dsa_port *dp = rtnl_dereference(conduit->dsa_ptr); struct qca8k_priv *priv = ds->priv; /* Ethernet MIB/MDIO is only supported for CPU port 0 */ diff --git a/drivers/net/ethernet/broadcom/bcmsysport.c b/drivers/net/ethernet/broadcom/bcmsysport.c index c9faa8540859..bd9bc081346d 100644 --- a/drivers/net/ethernet/broadcom/bcmsysport.c +++ b/drivers/net/ethernet/broadcom/bcmsysport.c @@ -145,7 +145,7 @@ static void bcm_sysport_set_rx_csum(struct net_device *dev, * sure we tell the RXCHK hardware to expect a 4-bytes Broadcom * tag after the Ethernet MAC Source Address. */ - if (netdev_uses_dsa(dev)) + if (__netdev_uses_dsa_currently(dev)) reg |= RXCHK_BRCM_TAG_EN; else reg &= ~RXCHK_BRCM_TAG_EN; @@ -173,7 +173,7 @@ static void bcm_sysport_set_tx_csum(struct net_device *dev, * checksum to be computed correctly when using VLAN HW acceleration, * else it has no effect, so it can always be turned on. */ - if (netdev_uses_dsa(dev)) + if (__netdev_uses_dsa_currently(dev)) reg |= tdma_control_bit(priv, SW_BRCM_TAG); else reg &= ~tdma_control_bit(priv, SW_BRCM_TAG); @@ -1950,7 +1950,7 @@ static inline void gib_set_pad_extension(struct bcm_sysport_priv *priv) reg = gib_readl(priv, GIB_CONTROL); /* Include Broadcom tag in pad extension and fix up IPG_LENGTH */ - if (netdev_uses_dsa(priv->netdev)) { + if (__netdev_uses_dsa_currently(priv->netdev)) { reg &= ~(GIB_PAD_EXTENSION_MASK << GIB_PAD_EXTENSION_SHIFT); reg |= ENET_BRCM_TAG_LEN << GIB_PAD_EXTENSION_SHIFT; } @@ -2299,7 +2299,7 @@ static u16 bcm_sysport_select_queue(struct net_device *dev, struct sk_buff *skb, struct bcm_sysport_tx_ring *tx_ring; unsigned int q, port; - if (!netdev_uses_dsa(dev)) + if (!__netdev_uses_dsa_currently(dev)) return netdev_pick_tx(dev, skb, NULL); /* DSA tagging layer will have configured the correct queue */ diff --git a/drivers/net/ethernet/mediatek/airoha_eth.c b/drivers/net/ethernet/mediatek/airoha_eth.c index 1c5b85a86df1..f7425d393b22 100644 --- a/drivers/net/ethernet/mediatek/airoha_eth.c +++ b/drivers/net/ethernet/mediatek/airoha_eth.c @@ -2255,7 +2255,7 @@ static int airoha_dev_open(struct net_device *dev) if (err) return err; - if (netdev_uses_dsa(dev)) + if (__netdev_uses_dsa_currently(dev)) airoha_fe_set(eth, REG_GDM_INGRESS_CFG(port->id), GDM_STAG_EN_MASK); else diff --git a/drivers/net/ethernet/mediatek/mtk_eth_soc.c b/drivers/net/ethernet/mediatek/mtk_eth_soc.c index 16ca427cf4c3..82a828349323 100644 --- a/drivers/net/ethernet/mediatek/mtk_eth_soc.c +++ b/drivers/net/ethernet/mediatek/mtk_eth_soc.c @@ -24,6 +24,7 @@ #include <linux/pcs/pcs-mtk-lynxi.h> #include <linux/jhash.h> #include <linux/bitfield.h> +#include <linux/rcupdate.h> #include <net/dsa.h> #include <net/dst_metadata.h> #include <net/page_pool/helpers.h> @@ -1375,7 +1376,8 @@ static void mtk_tx_set_dma_desc_v2(struct net_device *dev, void *txd, /* tx checksum offload */ if (info->csum) data |= TX_DMA_CHKSUM_V2; - if (mtk_is_netsys_v3_or_greater(eth) && netdev_uses_dsa(dev)) + if (mtk_is_netsys_v3_or_greater(eth) && + __netdev_uses_dsa_currently(dev)) data |= TX_DMA_SPTAG_V3; } WRITE_ONCE(desc->txd5, data); @@ -2183,7 +2185,7 @@ static int mtk_poll_rx(struct napi_struct *napi, int budget, * hardware treats the MTK special tag as a VLAN and untags it. */ if (mtk_is_netsys_v1(eth) && (trxd.rxd2 & RX_DMA_VTAG) && - netdev_uses_dsa(netdev)) { + __netdev_uses_dsa_currently(netdev)) { unsigned int port = RX_DMA_VPID(trxd.rxd3) & GENMASK(2, 0); if (port < ARRAY_SIZE(eth->dsa_meta) && @@ -3304,7 +3306,7 @@ static void mtk_gdm_config(struct mtk_eth *eth, u32 id, u32 config) val |= config; - if (eth->netdev[id] && netdev_uses_dsa(eth->netdev[id])) + if (eth->netdev[id] && __netdev_uses_dsa_currently(eth->netdev[id])) val |= MTK_GDMA_SPECIAL_TAG; mtk_w32(eth, val, MTK_GDMA_FWD_CFG(id)); @@ -3313,12 +3315,16 @@ static void mtk_gdm_config(struct mtk_eth *eth, u32 id, u32 config) static bool mtk_uses_dsa(struct net_device *dev) { + bool ret = false; #if IS_ENABLED(CONFIG_NET_DSA) - return netdev_uses_dsa(dev) && - dev->dsa_ptr->tag_ops->proto == DSA_TAG_PROTO_MTK; -#else - return false; + struct dsa_port *dp; + + rcu_read_lock(); + dp = rcu_dereference(dev->dsa_ptr); + ret = dp && dp->tag_ops->proto == DSA_TAG_PROTO_MTK; + rcu_read_unlock(); #endif + return ret; } static int mtk_device_event(struct notifier_block *n, unsigned long event, void *ptr) @@ -4482,7 +4488,7 @@ static u16 mtk_select_queue(struct net_device *dev, struct sk_buff *skb, struct mtk_mac *mac = netdev_priv(dev); unsigned int queue = 0; - if (netdev_uses_dsa(dev)) + if (__netdev_uses_dsa_currently(dev)) queue = skb_get_queue_mapping(skb) + 3; else queue = mac->id; diff --git a/drivers/net/ethernet/mediatek/mtk_ppe.c b/drivers/net/ethernet/mediatek/mtk_ppe.c index 0acee405a749..0c78ec90d855 100644 --- a/drivers/net/ethernet/mediatek/mtk_ppe.c +++ b/drivers/net/ethernet/mediatek/mtk_ppe.c @@ -8,6 +8,7 @@ #include <linux/platform_device.h> #include <linux/if_ether.h> #include <linux/if_vlan.h> +#include <linux/rcupdate.h> #include <net/dst_metadata.h> #include <net/dsa.h> #include "mtk_eth_soc.h" @@ -785,9 +786,17 @@ void __mtk_ppe_check_skb(struct mtk_ppe *ppe, struct sk_buff *skb, u16 hash) switch (skb->protocol) { #if IS_ENABLED(CONFIG_NET_DSA) case htons(ETH_P_XDSA): - if (!netdev_uses_dsa(skb->dev) || - skb->dev->dsa_ptr->tag_ops->proto != DSA_TAG_PROTO_MTK) - goto out; + { + struct dsa_port *dp; + bool proto_mtk; + + rcu_read_lock(); + dp = rcu_dereference(skb->dev->dsa_ptr); + proto_mtk = dp && dp->tag_ops->proto == DSA_TAG_PROTO_MTK; + rcu_read_unlock(); + if (!proto_mtk) + goto out; + } if (!skb_metadata_dst(skb)) tag += 4; diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index 607009150b5f..e645c7eabd42 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -2229,7 +2229,7 @@ struct net_device { struct vlan_info __rcu *vlan_info; #endif #if IS_ENABLED(CONFIG_NET_DSA) - struct dsa_port *dsa_ptr; + struct dsa_port __rcu *dsa_ptr; #endif #if IS_ENABLED(CONFIG_TIPC) struct tipc_bearer __rcu *tipc_ptr; diff --git a/include/net/dsa.h b/include/net/dsa.h index d7a6c2930277..ab2777611e71 100644 --- a/include/net/dsa.h +++ b/include/net/dsa.h @@ -19,6 +19,7 @@ #include <linux/phy.h> #include <linux/platform_data/dsa.h> #include <linux/phylink.h> +#include <linux/rcupdate.h> #include <net/devlink.h> #include <net/switchdev.h> @@ -92,8 +93,9 @@ struct dsa_switch; struct dsa_device_ops { struct sk_buff *(*xmit)(struct sk_buff *skb, struct net_device *dev); struct sk_buff *(*rcv)(struct sk_buff *skb, struct net_device *dev); - void (*flow_dissect)(const struct sk_buff *skb, __be16 *proto, - int *offset); + void (*flow_dissect)(const struct sk_buff *skb, + const struct dsa_port *dp, + __be16 *proto, int *offset); int (*connect)(struct dsa_switch *ds); void (*disconnect)(struct dsa_switch *ds); unsigned int needed_headroom; @@ -1334,14 +1336,29 @@ bool dsa_mdb_present_in_other_db(struct dsa_switch *ds, int port, struct dsa_db db); /* Keep inline for faster access in hot path */ -static inline bool netdev_uses_dsa(const struct net_device *dev) + +/* Must be called under RCU or RTNL lock */ +static inline bool __netdev_uses_dsa_currently(const struct net_device *dev) { #if IS_ENABLED(CONFIG_NET_DSA) - return dev->dsa_ptr && dev->dsa_ptr->rcv; + struct dsa_port *dp = rcu_dereference_rtnl(dev->dsa_ptr); + + return dp && dp->rcv; #endif return false; } +static inline bool netdev_uses_dsa_currently(const struct net_device *dev) +{ + bool ret = false; +#if IS_ENABLED(CONFIG_NET_DSA) + rcu_read_lock(); + ret = __netdev_uses_dsa_currently(dev); + rcu_read_unlock(); +#endif + return ret; +} + /* All DSA tags that push the EtherType to the right (basically all except tail * tags, which don't break dissection) can be treated the same from the * perspective of the flow dissector. @@ -1355,17 +1372,20 @@ static inline bool netdev_uses_dsa(const struct net_device *dev) * that, in __be16 shorts). * * - proto: the value of the real EtherType. + * + * Must be called under RCU read lock (because of dp). */ static inline void dsa_tag_generic_flow_dissect(const struct sk_buff *skb, + const struct dsa_port *dp, __be16 *proto, int *offset) { -#if IS_ENABLED(CONFIG_NET_DSA) - const struct dsa_device_ops *ops = skb->dev->dsa_ptr->tag_ops; - int tag_len = ops->needed_headroom; + int tag_len; + RCU_LOCKDEP_WARN(!rcu_read_lock_any_held(), "no rcu lock held"); + + tag_len = dp->tag_ops->needed_headroom; *offset = tag_len; *proto = ((__be16 *)skb->data)[(tag_len / 2) - 1]; -#endif } void dsa_unregister_switch(struct dsa_switch *ds); diff --git a/include/net/dsa_stubs.h b/include/net/dsa_stubs.h index 6f384897f287..ca899305ba36 100644 --- a/include/net/dsa_stubs.h +++ b/include/net/dsa_stubs.h @@ -22,9 +22,6 @@ static inline int dsa_conduit_hwtstamp_validate(struct net_device *dev, const struct kernel_hwtstamp_config *config, struct netlink_ext_ack *extack) { - if (!netdev_uses_dsa(dev)) - return 0; - /* rtnl_lock() is a sufficient guarantee, because as long as * netdev_uses_dsa() returns true, the dsa_core module is still * registered, and so, dsa_unregister_stubs() couldn't have run. @@ -33,6 +30,9 @@ static inline int dsa_conduit_hwtstamp_validate(struct net_device *dev, */ ASSERT_RTNL(); + if (!__netdev_uses_dsa_currently(dev)) + return 0; + return dsa_stubs->conduit_hwtstamp_validate(dev, config, extack); } diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c index ceaa5a89b947..542cfc5678df 100644 --- a/net/bridge/br_input.c +++ b/net/bridge/br_input.c @@ -443,7 +443,7 @@ static rx_handler_result_t br_handle_frame_dummy(struct sk_buff **pskb) rx_handler_func_t *br_get_rx_handler(const struct net_device *dev) { - if (netdev_uses_dsa(dev)) + if (__netdev_uses_dsa_currently(dev)) return br_handle_frame_dummy; return br_handle_frame; diff --git a/net/core/dev.c b/net/core/dev.c index f66e61407883..9ae1c097cbad 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -5568,7 +5568,8 @@ static int __netif_receive_skb_core(struct sk_buff **pskb, bool pfmemalloc, } } - if (unlikely(skb_vlan_tag_present(skb)) && !netdev_uses_dsa(skb->dev)) { + if (unlikely(skb_vlan_tag_present(skb)) && + !__netdev_uses_dsa_currently(skb->dev)) { check_vlan_id: if (skb_vlan_tag_get_id(skb)) { /* Vlan id is non 0 and vlan_do_receive() above couldn't diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c index 0e638a37aa09..e1523c609bb7 100644 --- a/net/core/flow_dissector.c +++ b/net/core/flow_dissector.c @@ -1071,25 +1071,30 @@ bool __skb_flow_dissect(const struct net *net, nhoff = skb_network_offset(skb); hlen = skb_headlen(skb); #if IS_ENABLED(CONFIG_NET_DSA) - if (unlikely(skb->dev && netdev_uses_dsa(skb->dev) && - proto == htons(ETH_P_XDSA))) { + if (unlikely(skb->dev && proto == htons(ETH_P_XDSA))) { struct metadata_dst *md_dst = skb_metadata_dst(skb); - const struct dsa_device_ops *ops; + struct dsa_port *dp; int offset = 0; - ops = skb->dev->dsa_ptr->tag_ops; + rcu_read_lock(); + + dp = rcu_dereference(skb->dev->dsa_ptr); /* Only DSA header taggers break flow dissection */ - if (ops->needed_headroom && + if (dp && dp->tag_ops->needed_headroom && (!md_dst || md_dst->type != METADATA_HW_PORT_MUX)) { - if (ops->flow_dissect) - ops->flow_dissect(skb, &proto, &offset); + if (dp->tag_ops->flow_dissect) + dp->tag_ops->flow_dissect(skb, dp, + &proto, &offset); else dsa_tag_generic_flow_dissect(skb, + dp, &proto, &offset); hlen -= offset; nhoff += offset; } + + rcu_read_unlock(); } #endif } diff --git a/net/dsa/conduit.c b/net/dsa/conduit.c index 3dfdb3cb47dc..967770cdf88f 100644 --- a/net/dsa/conduit.c +++ b/net/dsa/conduit.c @@ -9,6 +9,7 @@ #include <linux/ethtool.h> #include <linux/netdevice.h> #include <linux/netlink.h> +#include <linux/rcupdate.h> #include <net/dsa.h> #include "conduit.h" @@ -18,7 +19,7 @@ static int dsa_conduit_get_regs_len(struct net_device *dev) { - struct dsa_port *cpu_dp = dev->dsa_ptr; + struct dsa_port *cpu_dp = rtnl_dereference(dev->dsa_ptr); const struct ethtool_ops *ops = cpu_dp->orig_ethtool_ops; struct dsa_switch *ds = cpu_dp->ds; int port = cpu_dp->index; @@ -48,7 +49,7 @@ static int dsa_conduit_get_regs_len(struct net_device *dev) static void dsa_conduit_get_regs(struct net_device *dev, struct ethtool_regs *regs, void *data) { - struct dsa_port *cpu_dp = dev->dsa_ptr; + struct dsa_port *cpu_dp = rtnl_dereference(dev->dsa_ptr); const struct ethtool_ops *ops = cpu_dp->orig_ethtool_ops; struct dsa_switch *ds = cpu_dp->ds; struct ethtool_drvinfo *cpu_info; @@ -84,7 +85,7 @@ static void dsa_conduit_get_ethtool_stats(struct net_device *dev, struct ethtool_stats *stats, uint64_t *data) { - struct dsa_port *cpu_dp = dev->dsa_ptr; + struct dsa_port *cpu_dp = rtnl_dereference(dev->dsa_ptr); const struct ethtool_ops *ops = cpu_dp->orig_ethtool_ops; struct dsa_switch *ds = cpu_dp->ds; int port = cpu_dp->index; @@ -103,7 +104,7 @@ static void dsa_conduit_get_ethtool_phy_stats(struct net_device *dev, struct ethtool_stats *stats, uint64_t *data) { - struct dsa_port *cpu_dp = dev->dsa_ptr; + struct dsa_port *cpu_dp = rtnl_dereference(dev->dsa_ptr); const struct ethtool_ops *ops = cpu_dp->orig_ethtool_ops; struct dsa_switch *ds = cpu_dp->ds; int port = cpu_dp->index; @@ -127,7 +128,7 @@ static void dsa_conduit_get_ethtool_phy_stats(struct net_device *dev, static int dsa_conduit_get_sset_count(struct net_device *dev, int sset) { - struct dsa_port *cpu_dp = dev->dsa_ptr; + struct dsa_port *cpu_dp = rtnl_dereference(dev->dsa_ptr); const struct ethtool_ops *ops = cpu_dp->orig_ethtool_ops; struct dsa_switch *ds = cpu_dp->ds; int count = 0; @@ -150,7 +151,7 @@ static int dsa_conduit_get_sset_count(struct net_device *dev, int sset) static void dsa_conduit_get_strings(struct net_device *dev, uint32_t stringset, uint8_t *data) { - struct dsa_port *cpu_dp = dev->dsa_ptr; + struct dsa_port *cpu_dp = rtnl_dereference(dev->dsa_ptr); const struct ethtool_ops *ops = cpu_dp->orig_ethtool_ops; struct dsa_switch *ds = cpu_dp->ds; int port = cpu_dp->index; @@ -202,7 +203,7 @@ int __dsa_conduit_hwtstamp_validate(struct net_device *dev, const struct kernel_hwtstamp_config *config, struct netlink_ext_ack *extack) { - struct dsa_port *cpu_dp = dev->dsa_ptr; + struct dsa_port *cpu_dp = rtnl_dereference(dev->dsa_ptr); struct dsa_switch *ds = cpu_dp->ds; struct dsa_switch_tree *dst; struct dsa_port *dp; @@ -222,7 +223,7 @@ int __dsa_conduit_hwtstamp_validate(struct net_device *dev, static int dsa_conduit_ethtool_setup(struct net_device *dev) { - struct dsa_port *cpu_dp = dev->dsa_ptr; + struct dsa_port *cpu_dp = rtnl_dereference(dev->dsa_ptr); struct dsa_switch *ds = cpu_dp->ds; struct ethtool_ops *ops; @@ -251,7 +252,7 @@ static int dsa_conduit_ethtool_setup(struct net_device *dev) static void dsa_conduit_ethtool_teardown(struct net_device *dev) { - struct dsa_port *cpu_dp = dev->dsa_ptr; + struct dsa_port *cpu_dp = rtnl_dereference(dev->dsa_ptr); if (netif_is_lag_master(dev)) return; @@ -267,13 +268,14 @@ static void dsa_conduit_ethtool_teardown(struct net_device *dev) */ static void dsa_conduit_set_promiscuity(struct net_device *dev, int inc) { - const struct dsa_device_ops *ops = dev->dsa_ptr->tag_ops; + const struct dsa_device_ops *ops; + + ASSERT_RTNL(); + ops = rtnl_dereference(dev->dsa_ptr)->tag_ops; if ((dev->priv_flags & IFF_UNICAST_FLT) && !ops->promisc_on_conduit) return; - ASSERT_RTNL(); - dev_set_promiscuity(dev, inc); } @@ -281,10 +283,17 @@ static ssize_t tagging_show(struct device *d, struct device_attribute *attr, char *buf) { struct net_device *dev = to_net_dev(d); - struct dsa_port *cpu_dp = dev->dsa_ptr; + struct dsa_port *cpu_dp; + int ret = 0; + + rcu_read_lock(); + cpu_dp = rcu_dereference(dev->dsa_ptr); + if (cpu_dp) + ret = sysfs_emit(buf, "%s\n", + dsa_tag_protocol_to_str(cpu_dp->tag_ops)); + rcu_read_unlock(); - return sysfs_emit(buf, "%s\n", - dsa_tag_protocol_to_str(cpu_dp->tag_ops)); + return ret; } static ssize_t tagging_store(struct device *d, struct device_attribute *attr, @@ -293,7 +302,7 @@ static ssize_t tagging_store(struct device *d, struct device_attribute *attr, const struct dsa_device_ops *new_tag_ops, *old_tag_ops; const char *end = strchrnul(buf, '\n'), *name; struct net_device *dev = to_net_dev(d); - struct dsa_port *cpu_dp = dev->dsa_ptr; + struct dsa_port *cpu_dp; size_t len = end - buf; int err; @@ -305,13 +314,17 @@ static ssize_t tagging_store(struct device *d, struct device_attribute *attr, if (!name) return -ENOMEM; - old_tag_ops = cpu_dp->tag_ops; new_tag_ops = dsa_tag_driver_get_by_name(name); kfree(name); /* Bad tagger name? */ if (IS_ERR(new_tag_ops)) return PTR_ERR(new_tag_ops); + if (!rtnl_trylock()) + return restart_syscall(); + + cpu_dp = rtnl_dereference(dev->dsa_ptr); + old_tag_ops = cpu_dp->tag_ops; if (new_tag_ops == old_tag_ops) /* Drop the temporarily held duplicate reference, since * the DSA switch tree uses this tagger. @@ -321,6 +334,7 @@ static ssize_t tagging_store(struct device *d, struct device_attribute *attr, err = dsa_tree_change_tag_proto(cpu_dp->ds->dst, new_tag_ops, old_tag_ops); if (err) { + rtnl_unlock(); /* On failure the old tagger is restored, so we don't need the * driver for the new one. */ @@ -331,6 +345,7 @@ static ssize_t tagging_store(struct device *d, struct device_attribute *attr, /* On success we no longer need the module for the old tagging protocol */ out: + rtnl_unlock(); dsa_tag_driver_put(old_tag_ops); return count; } @@ -384,13 +399,11 @@ int dsa_conduit_setup(struct net_device *dev, struct dsa_port *cpu_dp) netdev_warn(dev, "error %d setting MTU to %d to include DSA overhead\n", ret, mtu); - /* If we use a tagging format that doesn't have an ethertype - * field, make sure that all packets from this point on get - * sent to the tag format's receive function. + rcu_assign_pointer(dev->dsa_ptr, cpu_dp); + /* + * No need to synchronize_rcu() here because dsa_ptr in not going away + * before it will be zeroed */ - wmb(); - - dev->dsa_ptr = cpu_dp; dsa_conduit_set_promiscuity(dev, 1); @@ -418,13 +431,12 @@ void dsa_conduit_teardown(struct net_device *dev) dsa_conduit_reset_mtu(dev); dsa_conduit_set_promiscuity(dev, -1); - dev->dsa_ptr = NULL; - /* If we used a tagging format that doesn't have an ethertype * field, make sure that all packets from this point get sent * without the tag and go through the regular receive path. */ - wmb(); + rcu_assign_pointer(dev->dsa_ptr, NULL); + synchronize_rcu(); } int dsa_conduit_lag_setup(struct net_device *lag_dev, struct dsa_port *cpu_dp, @@ -434,7 +446,7 @@ int dsa_conduit_lag_setup(struct net_device *lag_dev, struct dsa_port *cpu_dp, bool conduit_setup = false; int err; - if (!netdev_uses_dsa(lag_dev)) { + if (!__netdev_uses_dsa_currently(lag_dev)) { err = dsa_conduit_setup(lag_dev, cpu_dp); if (err) return err; diff --git a/net/dsa/dsa.c b/net/dsa/dsa.c index 668c729946ea..36b9ebddc8b8 100644 --- a/net/dsa/dsa.c +++ b/net/dsa/dsa.c @@ -976,6 +976,8 @@ static int dsa_tree_bind_tag_proto(struct dsa_switch_tree *dst, /* Since the dsa/tagging sysfs device attribute is per conduit, the assumption * is that all DSA switches within a tree share the same tagger, otherwise * they would have formed disjoint trees (different "dsa,member" values). + * + * Must be called with RTNL lock held. */ int dsa_tree_change_tag_proto(struct dsa_switch_tree *dst, const struct dsa_device_ops *tag_ops, @@ -985,8 +987,7 @@ int dsa_tree_change_tag_proto(struct dsa_switch_tree *dst, struct dsa_port *dp; int err = -EBUSY; - if (!rtnl_trylock()) - return restart_syscall(); + ASSERT_RTNL(); /* At the moment we don't allow changing the tag protocol under * traffic. The rtnl_mutex also happens to serialize concurrent @@ -1011,15 +1012,12 @@ int dsa_tree_change_tag_proto(struct dsa_switch_tree *dst, if (err) goto out_unwind_tagger; - rtnl_unlock(); - return 0; out_unwind_tagger: info.tag_ops = old_tag_ops; dsa_tree_notify(dst, DSA_NOTIFIER_TAG_PROTO, &info); out_unlock: - rtnl_unlock(); return err; } @@ -1027,7 +1025,7 @@ static void dsa_tree_conduit_state_change(struct dsa_switch_tree *dst, struct net_device *conduit) { struct dsa_notifier_conduit_state_info info; - struct dsa_port *cpu_dp = conduit->dsa_ptr; + struct dsa_port *cpu_dp = rtnl_dereference(conduit->dsa_ptr); info.conduit = conduit; info.operational = dsa_port_conduit_is_operational(cpu_dp); @@ -1039,7 +1037,7 @@ void dsa_tree_conduit_admin_state_change(struct dsa_switch_tree *dst, struct net_device *conduit, bool up) { - struct dsa_port *cpu_dp = conduit->dsa_ptr; + struct dsa_port *cpu_dp = rtnl_dereference(conduit->dsa_ptr); bool notify = false; /* Don't keep track of admin state on LAG DSA conduits, @@ -1062,7 +1060,7 @@ void dsa_tree_conduit_oper_state_change(struct dsa_switch_tree *dst, struct net_device *conduit, bool up) { - struct dsa_port *cpu_dp = conduit->dsa_ptr; + struct dsa_port *cpu_dp = rtnl_dereference(conduit->dsa_ptr); bool notify = false; /* Don't keep track of oper state on LAG DSA conduits, @@ -1594,10 +1592,11 @@ void dsa_switch_shutdown(struct dsa_switch *ds) } /* Disconnect from further netdevice notifiers on the conduit, - * since netdev_uses_dsa() will now return false. + * from now on, netdev_uses_dsa_currently() will return false. */ dsa_switch_for_each_cpu_port(dp, ds) - dp->conduit->dsa_ptr = NULL; + rcu_assign_pointer(dp->conduit->dsa_ptr, NULL); + synchronize_rcu(); rtnl_unlock(); out: diff --git a/net/dsa/port.c b/net/dsa/port.c index 25258b33e59e..6220c520d776 100644 --- a/net/dsa/port.c +++ b/net/dsa/port.c @@ -11,6 +11,7 @@ #include <linux/notifier.h> #include <linux/of_mdio.h> #include <linux/of_net.h> +#include <linux/rtnetlink.h> #include "dsa.h" #include "port.h" @@ -1414,7 +1415,7 @@ static int dsa_port_assign_conduit(struct dsa_port *dp, if (err && fail_on_err) return err; - dp->cpu_dp = conduit->dsa_ptr; + dp->cpu_dp = rtnl_dereference(conduit->dsa_ptr); dp->cpu_port_in_lag = netif_is_lag_master(conduit); return 0; diff --git a/net/dsa/tag.c b/net/dsa/tag.c index 79ad105902d9..ba662adecc14 100644 --- a/net/dsa/tag.c +++ b/net/dsa/tag.c @@ -10,6 +10,7 @@ #include <linux/netdevice.h> #include <linux/ptp_classify.h> #include <linux/skbuff.h> +#include <linux/rcupdate.h> #include <net/dsa.h> #include <net/dst_metadata.h> @@ -55,7 +56,7 @@ static int dsa_switch_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt, struct net_device *unused) { struct metadata_dst *md_dst = skb_metadata_dst(skb); - struct dsa_port *cpu_dp = dev->dsa_ptr; + struct dsa_port *cpu_dp = rcu_dereference(dev->dsa_ptr); struct sk_buff *nskb = NULL; struct dsa_user_priv *p; diff --git a/net/dsa/tag.h b/net/dsa/tag.h index d5707870906b..dbb2217d4344 100644 --- a/net/dsa/tag.h +++ b/net/dsa/tag.h @@ -5,6 +5,7 @@ #include <linux/if_vlan.h> #include <linux/list.h> +#include <linux/rcupdate.h> #include <linux/types.h> #include <net/dsa.h> @@ -32,11 +33,14 @@ static inline int dsa_tag_protocol_overhead(const struct dsa_device_ops *ops) static inline struct net_device *dsa_conduit_find_user(struct net_device *dev, int device, int port) { - struct dsa_port *cpu_dp = dev->dsa_ptr; - struct dsa_switch_tree *dst = cpu_dp->dst; + struct dsa_port *cpu_dp; struct dsa_port *dp; - list_for_each_entry(dp, &dst->ports, list) + cpu_dp = rcu_dereference(dev->dsa_ptr); + if (!cpu_dp) + return NULL; + + list_for_each_entry(dp, &cpu_dp->dst->ports, list) if (dp->ds->index == device && dp->index == port && dp->type == DSA_PORT_TYPE_USER) return dp->user; @@ -184,14 +188,17 @@ static inline struct sk_buff *dsa_software_vlan_untag(struct sk_buff *skb) static inline struct net_device * dsa_find_designated_bridge_port_by_vid(struct net_device *conduit, u16 vid) { - struct dsa_port *cpu_dp = conduit->dsa_ptr; - struct dsa_switch_tree *dst = cpu_dp->dst; + struct dsa_port *cpu_dp; struct bridge_vlan_info vinfo; struct net_device *user; struct dsa_port *dp; int err; - list_for_each_entry(dp, &dst->ports, list) { + cpu_dp = rcu_dereference(conduit->dsa_ptr); + if (!cpu_dp) + return NULL; + + list_for_each_entry(dp, &cpu_dp->dst->ports, list) { if (dp->type != DSA_PORT_TYPE_USER) continue; diff --git a/net/dsa/tag_8021q.c b/net/dsa/tag_8021q.c index 3ee53e28ec2e..c9fb4fd2a4cf 100644 --- a/net/dsa/tag_8021q.c +++ b/net/dsa/tag_8021q.c @@ -5,6 +5,7 @@ * primitives for taggers that rely on 802.1Q VLAN tags to use. */ #include <linux/if_vlan.h> +#include <linux/rcupdate.h> #include <linux/dsa/8021q.h> #include "port.h" @@ -474,14 +475,17 @@ EXPORT_SYMBOL_GPL(dsa_8021q_xmit); static struct net_device * dsa_tag_8021q_find_port_by_vbid(struct net_device *conduit, int vbid) { - struct dsa_port *cpu_dp = conduit->dsa_ptr; - struct dsa_switch_tree *dst = cpu_dp->dst; + struct dsa_port *cpu_dp; struct dsa_port *dp; if (WARN_ON(!vbid)) return NULL; - dsa_tree_for_each_user_port(dp, dst) { + cpu_dp = rcu_dereference(conduit->dsa_ptr); + if (!cpu_dp) + return NULL; + + dsa_tree_for_each_user_port(dp, cpu_dp->dst) { if (!dp->bridge) continue; diff --git a/net/dsa/tag_brcm.c b/net/dsa/tag_brcm.c index 8c3c068728e5..c87f16cd959f 100644 --- a/net/dsa/tag_brcm.c +++ b/net/dsa/tag_brcm.c @@ -269,7 +269,7 @@ static struct sk_buff *brcm_leg_tag_rcv(struct sk_buff *skb, return NULL; /* VLAN tag is added by BCM63xx internal switch */ - if (netdev_uses_dsa(skb->dev)) + if (__netdev_uses_dsa_currently(skb->dev)) len += VLAN_HLEN; /* Remove Broadcom tag and update checksum */ diff --git a/net/dsa/tag_dsa.c b/net/dsa/tag_dsa.c index 2a2c4fb61a65..7f5dc8d384c9 100644 --- a/net/dsa/tag_dsa.c +++ b/net/dsa/tag_dsa.c @@ -48,6 +48,7 @@ #include <linux/dsa/mv88e6xxx.h> #include <linux/etherdevice.h> #include <linux/list.h> +#include <linux/rcupdate.h> #include <linux/slab.h> #include "tag.h" @@ -257,14 +258,15 @@ static struct sk_buff *dsa_rcv_ll(struct sk_buff *skb, struct net_device *dev, source_port = (dsa_header[1] >> 3) & 0x1f; if (trunk) { - struct dsa_port *cpu_dp = dev->dsa_ptr; - struct dsa_lag *lag; + struct dsa_port *cpu_dp = rcu_dereference(dev->dsa_ptr); + struct dsa_lag *lag = NULL; /* The exact source port is not available in the tag, * so we inject the frame directly on the upper * team/bond. */ - lag = dsa_lag_by_id(cpu_dp->dst, source_port + 1); + if (cpu_dp) + lag = dsa_lag_by_id(cpu_dp->dst, source_port + 1); skb->dev = lag ? lag->dev : NULL; } else { skb->dev = dsa_conduit_find_user(dev, source_device, diff --git a/net/dsa/tag_qca.c b/net/dsa/tag_qca.c index 0cf61286b426..dbc1f659ed07 100644 --- a/net/dsa/tag_qca.c +++ b/net/dsa/tag_qca.c @@ -5,6 +5,7 @@ #include <linux/etherdevice.h> #include <linux/bitfield.h> +#include <linux/rcupdate.h> #include <net/dsa.h> #include <linux/dsa/tag_qca.h> @@ -36,8 +37,8 @@ static struct sk_buff *qca_tag_xmit(struct sk_buff *skb, struct net_device *dev) static struct sk_buff *qca_tag_rcv(struct sk_buff *skb, struct net_device *dev) { struct qca_tagger_data *tagger_data; - struct dsa_port *dp = dev->dsa_ptr; - struct dsa_switch *ds = dp->ds; + struct dsa_port *dp; + struct dsa_switch *ds; u8 ver, pk_type; __be16 *phdr; int port; @@ -45,6 +46,11 @@ static struct sk_buff *qca_tag_rcv(struct sk_buff *skb, struct net_device *dev) BUILD_BUG_ON(sizeof(struct qca_mgmt_ethhdr) != QCA_HDR_MGMT_HEADER_LEN + QCA_HDR_LEN); + dp = rcu_dereference(dev->dsa_ptr); + if (!dp) + return NULL; + ds = dp->ds; + tagger_data = ds->tagger_data; if (unlikely(!pskb_may_pull(skb, QCA_HDR_LEN))) diff --git a/net/dsa/tag_sja1105.c b/net/dsa/tag_sja1105.c index 3e902af7eea6..0746a7d34178 100644 --- a/net/dsa/tag_sja1105.c +++ b/net/dsa/tag_sja1105.c @@ -5,6 +5,7 @@ #include <linux/dsa/sja1105.h> #include <linux/dsa/8021q.h> #include <linux/packing.h> +#include <linux/rcupdate.h> #include "tag.h" #include "tag_8021q.h" @@ -530,12 +531,13 @@ static struct sk_buff *sja1110_rcv_meta(struct sk_buff *skb, u16 rx_header) int n_ts = SJA1110_RX_HEADER_N_TS(rx_header); struct sja1105_tagger_data *tagger_data; struct net_device *conduit = skb->dev; + struct dsa_switch *ds = NULL; struct dsa_port *cpu_dp; - struct dsa_switch *ds; int i; - cpu_dp = conduit->dsa_ptr; - ds = dsa_switch_find(cpu_dp->dst->index, switch_id); + cpu_dp = rcu_dereference(conduit->dsa_ptr); + if (cpu_dp) + ds = dsa_switch_find(cpu_dp->dst->index, switch_id); if (!ds) { net_err_ratelimited("%s: cannot find switch id %d\n", conduit->name, switch_id); @@ -662,24 +664,26 @@ static struct sk_buff *sja1110_rcv(struct sk_buff *skb, return skb; } -static void sja1105_flow_dissect(const struct sk_buff *skb, __be16 *proto, - int *offset) +static void sja1105_flow_dissect(const struct sk_buff *skb, + const struct dsa_port *dp, + __be16 *proto, int *offset) { /* No tag added for management frames, all ok */ if (unlikely(sja1105_is_link_local(skb))) return; - dsa_tag_generic_flow_dissect(skb, proto, offset); + dsa_tag_generic_flow_dissect(skb, dp, proto, offset); } -static void sja1110_flow_dissect(const struct sk_buff *skb, __be16 *proto, - int *offset) +static void sja1110_flow_dissect(const struct sk_buff *skb, + const struct dsa_port *dp, + __be16 *proto, int *offset) { /* Management frames have 2 DSA tags on RX, so the needed_headroom we * declared is fine for the generic dissector adjustment procedure. */ if (unlikely(sja1105_is_link_local(skb))) - return dsa_tag_generic_flow_dissect(skb, proto, offset); + return dsa_tag_generic_flow_dissect(skb, dp, proto, offset); /* For the rest, there is a single DSA tag, the tag_8021q one */ *offset = VLAN_HLEN; diff --git a/net/dsa/user.c b/net/dsa/user.c index f5adfa1d978a..2afd21e34772 100644 --- a/net/dsa/user.c +++ b/net/dsa/user.c @@ -21,6 +21,7 @@ #include <linux/if_hsr.h> #include <net/dcbnl.h> #include <linux/netpoll.h> +#include <linux/rcupdate.h> #include <linux/string.h> #include "conduit.h" @@ -2839,7 +2840,7 @@ int dsa_user_change_conduit(struct net_device *dev, struct net_device *conduit, return -EOPNOTSUPP; } - if (!netdev_uses_dsa(conduit)) { + if (!__netdev_uses_dsa_currently(conduit)) { NL_SET_ERR_MSG_MOD(extack, "Interface not eligible as DSA conduit"); return -EOPNOTSUPP; @@ -3141,8 +3142,8 @@ static int dsa_lag_conduit_validate(struct net_device *lag_dev, netdev_for_each_lower_dev(lag_dev, lower1, iter1) { netdev_for_each_lower_dev(lag_dev, lower2, iter2) { - if (!netdev_uses_dsa(lower1) || - !netdev_uses_dsa(lower2)) { + if (!__netdev_uses_dsa_currently(lower1) || + !__netdev_uses_dsa_currently(lower2)) { NL_SET_ERR_MSG_MOD(extack, "All LAG ports must be eligible as DSA conduits"); return notifier_from_errno(-EINVAL); @@ -3151,8 +3152,8 @@ static int dsa_lag_conduit_validate(struct net_device *lag_dev, if (lower1 == lower2) continue; - if (!dsa_port_tree_same(lower1->dsa_ptr, - lower2->dsa_ptr)) { + if (!dsa_port_tree_same(rtnl_dereference(lower1->dsa_ptr), + rtnl_dereference(lower2->dsa_ptr))) { NL_SET_ERR_MSG_MOD(extack, "LAG contains DSA conduits of disjoint switch trees"); return notifier_from_errno(-EINVAL); @@ -3169,7 +3170,7 @@ dsa_conduit_prechangeupper_sanity_check(struct net_device *conduit, { struct netlink_ext_ack *extack = netdev_notifier_info_to_extack(&info->info); - if (!netdev_uses_dsa(conduit)) + if (!__netdev_uses_dsa_currently(conduit)) return NOTIFY_DONE; if (!info->linking) @@ -3205,20 +3206,22 @@ dsa_lag_conduit_prechangelower_sanity_check(struct net_device *dev, struct net_device *lower; struct list_head *iter; - if (!netdev_uses_dsa(lag_dev) || !netif_is_lag_master(lag_dev)) + if (!__netdev_uses_dsa_currently(lag_dev) || + !netif_is_lag_master(lag_dev)) return NOTIFY_DONE; if (!info->linking) return NOTIFY_DONE; - if (!netdev_uses_dsa(dev)) { + if (!__netdev_uses_dsa_currently(dev)) { NL_SET_ERR_MSG(extack, "Only DSA conduits can join a LAG DSA conduit"); return notifier_from_errno(-EINVAL); } netdev_for_each_lower_dev(lag_dev, lower, iter) { - if (!dsa_port_tree_same(dev->dsa_ptr, lower->dsa_ptr)) { + if (!dsa_port_tree_same(rtnl_dereference(dev->dsa_ptr), + rtnl_dereference(lower->dsa_ptr))) { NL_SET_ERR_MSG(extack, "Interface is DSA conduit for a different switch tree than this LAG"); return notifier_from_errno(-EINVAL); @@ -3257,7 +3260,8 @@ dsa_bridge_prechangelower_sanity_check(struct net_device *new_lower, extack = netdev_notifier_info_to_extack(&info->info); netdev_for_each_lower_dev(br, lower, iter) { - if (!netdev_uses_dsa(new_lower) && !netdev_uses_dsa(lower)) + if (!__netdev_uses_dsa_currently(new_lower) && + !__netdev_uses_dsa_currently(lower)) continue; if (!netdev_port_same_parent_id(lower, new_lower)) { @@ -3295,7 +3299,7 @@ static int dsa_conduit_lag_join(struct net_device *conduit, struct netdev_lag_upper_info *uinfo, struct netlink_ext_ack *extack) { - struct dsa_port *cpu_dp = conduit->dsa_ptr; + struct dsa_port *cpu_dp = rtnl_dereference(conduit->dsa_ptr); struct dsa_switch_tree *dst = cpu_dp->dst; struct dsa_port *dp; int err; @@ -3328,7 +3332,7 @@ static int dsa_conduit_lag_join(struct net_device *conduit, } } - dsa_conduit_lag_teardown(lag_dev, conduit->dsa_ptr); + dsa_conduit_lag_teardown(lag_dev, rtnl_dereference(conduit->dsa_ptr)); return err; } @@ -3336,17 +3340,16 @@ static int dsa_conduit_lag_join(struct net_device *conduit, static void dsa_conduit_lag_leave(struct net_device *conduit, struct net_device *lag_dev) { - struct dsa_port *dp, *cpu_dp = lag_dev->dsa_ptr; + struct dsa_port *dp, *cpu_dp = rtnl_dereference(lag_dev->dsa_ptr); struct dsa_switch_tree *dst = cpu_dp->dst; struct dsa_port *new_cpu_dp = NULL; struct net_device *lower; struct list_head *iter; netdev_for_each_lower_dev(lag_dev, lower, iter) { - if (netdev_uses_dsa(lower)) { - new_cpu_dp = lower->dsa_ptr; + new_cpu_dp = rtnl_dereference(lower->dsa_ptr); + if (new_cpu_dp) break; - } } if (new_cpu_dp) { @@ -3360,8 +3363,11 @@ static void dsa_conduit_lag_leave(struct net_device *conduit, /* Update the index of the virtual CPU port to match the lowest * physical CPU port */ - lag_dev->dsa_ptr = new_cpu_dp; - wmb(); + rcu_assign_pointer(lag_dev->dsa_ptr, new_cpu_dp); + /* + * No need to synchronize_rcu() here because dsa_ptr in not + * going away before it will be zeroed + */ } else { /* If the LAG DSA conduit has no ports left, migrate back all * user ports to the first physical CPU port @@ -3372,7 +3378,7 @@ static void dsa_conduit_lag_leave(struct net_device *conduit, /* This DSA conduit has left its LAG in any case, so let * the CPU port leave the hardware LAG as well */ - dsa_conduit_lag_teardown(lag_dev, conduit->dsa_ptr); + dsa_conduit_lag_teardown(lag_dev, rtnl_dereference(conduit->dsa_ptr)); } static int dsa_conduit_changeupper(struct net_device *dev, @@ -3381,7 +3387,7 @@ static int dsa_conduit_changeupper(struct net_device *dev, struct netlink_ext_ack *extack; int err = NOTIFY_DONE; - if (!netdev_uses_dsa(dev)) + if (!__netdev_uses_dsa_currently(dev)) return err; extack = netdev_notifier_info_to_extack(&info->info); @@ -3464,14 +3470,14 @@ static int dsa_user_netdevice_event(struct notifier_block *nb, err = dsa_port_lag_change(dp, info->lower_state_info); } + dp = rtnl_dereference(dev->dsa_ptr); + if (!dp) + return NOTIFY_OK; + /* Mirror LAG port events on DSA conduits that are in * a LAG towards their respective switch CPU ports */ - if (netdev_uses_dsa(dev)) { - dp = dev->dsa_ptr; - - err = dsa_port_lag_change(dp, info->lower_state_info); - } + err = dsa_port_lag_change(dp, info->lower_state_info); return notifier_from_errno(err); } @@ -3481,39 +3487,41 @@ static int dsa_user_netdevice_event(struct notifier_block *nb, * DSA driver may require the conduit port (and indirectly * the tagger) to be available for some special operation. */ - if (netdev_uses_dsa(dev)) { - struct dsa_port *cpu_dp = dev->dsa_ptr; - struct dsa_switch_tree *dst = cpu_dp->ds->dst; - - /* Track when the conduit port is UP */ - dsa_tree_conduit_oper_state_change(dst, dev, - netif_oper_up(dev)); - - /* Track when the conduit port is ready and can accept - * packet. - * NETDEV_UP event is not enough to flag a port as ready. - * We also have to wait for linkwatch_do_dev to dev_activate - * and emit a NETDEV_CHANGE event. - * We check if a conduit port is ready by checking if the dev - * have a qdisc assigned and is not noop. - */ - dsa_tree_conduit_admin_state_change(dst, dev, - !qdisc_tx_is_noop(dev)); + struct dsa_port *cpu_dp = rtnl_dereference(dev->dsa_ptr); + struct dsa_switch_tree *dst; - return NOTIFY_OK; - } + if (!cpu_dp) + return NOTIFY_DONE; + + dst = cpu_dp->ds->dst; + + /* Track when the conduit port is UP */ + dsa_tree_conduit_oper_state_change(dst, dev, + netif_oper_up(dev)); + + /* Track when the conduit port is ready and can accept + * packet. + * NETDEV_UP event is not enough to flag a port as ready. + * We also have to wait for linkwatch_do_dev to dev_activate + * and emit a NETDEV_CHANGE event. + * We check if a conduit port is ready by checking if the dev + * have a qdisc assigned and is not noop. + */ + dsa_tree_conduit_admin_state_change(dst, dev, + !qdisc_tx_is_noop(dev)); + + return NOTIFY_OK; - return NOTIFY_DONE; } case NETDEV_GOING_DOWN: { struct dsa_port *dp, *cpu_dp; struct dsa_switch_tree *dst; LIST_HEAD(close_list); - if (!netdev_uses_dsa(dev)) + cpu_dp = rtnl_dereference(dev->dsa_ptr); + if (!cpu_dp) return NOTIFY_DONE; - cpu_dp = dev->dsa_ptr; dst = cpu_dp->ds->dst; dsa_tree_conduit_admin_state_change(dst, dev, false); diff --git a/net/ethernet/eth.c b/net/ethernet/eth.c index 4e3651101b86..a05ff82551c3 100644 --- a/net/ethernet/eth.c +++ b/net/ethernet/eth.c @@ -170,7 +170,7 @@ __be16 eth_type_trans(struct sk_buff *skb, struct net_device *dev) * variants has been configured on the receiving interface, * and if so, set skb->protocol without looking at the packet. */ - if (unlikely(netdev_uses_dsa(dev))) + if (unlikely(netdev_uses_dsa_currently(dev))) return htons(ETH_P_XDSA); if (likely(eth_proto_is_802_3(eth->h_proto))) -- 2.46.0

1 year, 3 months

7
9
0 0

[PATCH 5.10] xhci: check virt_dev is valid before dereferencing it

by Roman Smirnov

From: Mathias Nyman <mathias.nyman(a)linux.intel.com> commit 03ed579d9d51aa018830b0de3e8b463faf6b87db upstream. Check that the xhci_virt_dev structure that we dug out based on a slot_id value from a command completion is valid before dereferencing it. Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Link: https://lore.kernel.org/r/20210129130044.206855-7-mathias.nyman@linux.intel… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Roman Smirnov <r.smirnov(a)omp.ru> --- drivers/usb/host/xhci-ring.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c index fbb7a5b51ef4..a769803e7d38 100644 --- a/drivers/usb/host/xhci-ring.c +++ b/drivers/usb/host/xhci-ring.c @@ -1415,6 +1415,8 @@ static void xhci_handle_cmd_config_ep(struct xhci_hcd *xhci, int slot_id, * is not waiting on the configure endpoint command. */ virt_dev = xhci->devs[slot_id]; + if (!virt_dev) + return; ctrl_ctx = xhci_get_input_control_ctx(virt_dev->in_ctx); if (!ctrl_ctx) { xhci_warn(xhci, "Could not get input context, bad type.\n"); @@ -1459,6 +1461,8 @@ static void xhci_handle_cmd_addr_dev(struct xhci_hcd *xhci, int slot_id) struct xhci_slot_ctx *slot_ctx; vdev = xhci->devs[slot_id]; + if (!vdev) + return; slot_ctx = xhci_get_slot_ctx(xhci, vdev->out_ctx); trace_xhci_handle_cmd_addr_dev(slot_ctx); } @@ -1470,13 +1474,15 @@ static void xhci_handle_cmd_reset_dev(struct xhci_hcd *xhci, int slot_id, struct xhci_slot_ctx *slot_ctx; vdev = xhci->devs[slot_id]; + if (!vdev) { + xhci_warn(xhci, "Reset device command completion for disabled slot %u\n", + slot_id); + return; + } slot_ctx = xhci_get_slot_ctx(xhci, vdev->out_ctx); trace_xhci_handle_cmd_reset_dev(slot_ctx); xhci_dbg(xhci, "Completed reset device command.\n"); - if (!xhci->devs[slot_id]) - xhci_warn(xhci, "Reset device command completion " - "for disabled slot %u\n", slot_id); } static void xhci_handle_cmd_nec_get_fw(struct xhci_hcd *xhci, -- 2.34.1

1 year, 3 months

1
1
0 0

[PATCH] list: Remove duplicated and unused macro list_for_each_reverse

by Zijun Hu

From: Zijun Hu <quic_zijuhu(a)quicinc.com> Remove macro list_for_each_reverse due to below reasons: - it is same as list_for_each_prev. - it is not used by current kernel tree. Fixes: 8bf0cdfac7f8 ("<linux/list.h>: Introduce the list_for_each_reverse() method") Cc: stable(a)vger.kernel.org Signed-off-by: Zijun Hu <quic_zijuhu(a)quicinc.com> --- include/linux/list.h | 8 -------- 1 file changed, 8 deletions(-) diff --git a/include/linux/list.h b/include/linux/list.h index 5f4b0a39cf46..29a375889fb8 100644 --- a/include/linux/list.h +++ b/include/linux/list.h @@ -686,14 +686,6 @@ static inline void list_splice_tail_init(struct list_head *list, #define list_for_each(pos, head) \ for (pos = (head)->next; !list_is_head(pos, (head)); pos = pos->next) -/** - * list_for_each_reverse - iterate backwards over a list - * @pos: the &struct list_head to use as a loop cursor. - * @head: the head for your list. - */ -#define list_for_each_reverse(pos, head) \ - for (pos = (head)->prev; pos != (head); pos = pos->prev) - /** * list_for_each_rcu - Iterate over a list in an RCU-safe fashion * @pos: the &struct list_head to use as a loop cursor. --- base-commit: 6a36d828bdef0e02b1e6c12e2160f5b83be6aab5 change-id: 20240916-fix_list-553c447bde0f Best regards, -- Zijun Hu <quic_zijuhu(a)quicinc.com>

1 year, 3 months

2
2
0 0

[PATCH 5.10] xhci: check virt_dev is valid before dereferencing it

by Roman Smirnov

From: Mathias Nyman <mathias.nyman(a)linux.intel.com> commit 03ed579d9d51aa018830b0de3e8b463faf6b87db upstream. Check that the xhci_virt_dev structure that we dug out based on a slot_id value from a command completion is valid before dereferencing it. Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Link: https://lore.kernel.org/r/20210129130044.206855-7-mathias.nyman@linux.intel… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Roman Smirnov <r.smirnov(a)omp.ru> --- drivers/usb/host/xhci-ring.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c index fbb7a5b51ef4..a769803e7d38 100644 --- a/drivers/usb/host/xhci-ring.c +++ b/drivers/usb/host/xhci-ring.c @@ -1415,6 +1415,8 @@ static void xhci_handle_cmd_config_ep(struct xhci_hcd *xhci, int slot_id, * is not waiting on the configure endpoint command. */ virt_dev = xhci->devs[slot_id]; + if (!virt_dev) + return; ctrl_ctx = xhci_get_input_control_ctx(virt_dev->in_ctx); if (!ctrl_ctx) { xhci_warn(xhci, "Could not get input context, bad type.\n"); @@ -1459,6 +1461,8 @@ static void xhci_handle_cmd_addr_dev(struct xhci_hcd *xhci, int slot_id) struct xhci_slot_ctx *slot_ctx; vdev = xhci->devs[slot_id]; + if (!vdev) + return; slot_ctx = xhci_get_slot_ctx(xhci, vdev->out_ctx); trace_xhci_handle_cmd_addr_dev(slot_ctx); } @@ -1470,13 +1474,15 @@ static void xhci_handle_cmd_reset_dev(struct xhci_hcd *xhci, int slot_id, struct xhci_slot_ctx *slot_ctx; vdev = xhci->devs[slot_id]; + if (!vdev) { + xhci_warn(xhci, "Reset device command completion for disabled slot %u\n", + slot_id); + return; + } slot_ctx = xhci_get_slot_ctx(xhci, vdev->out_ctx); trace_xhci_handle_cmd_reset_dev(slot_ctx); xhci_dbg(xhci, "Completed reset device command.\n"); - if (!xhci->devs[slot_id]) - xhci_warn(xhci, "Reset device command completion " - "for disabled slot %u\n", slot_id); } static void xhci_handle_cmd_nec_get_fw(struct xhci_hcd *xhci, -- 2.34.1

1 year, 3 months

1
0
0 0

[PATCH 5.10] regmap: cache: Add extra parameter check in regcache_init

by Roman Smirnov

From: Schspa Shi <schspa(a)gmail.com> commit a5201d42e2f8a8e8062103170027840ee372742f upstream. When num_reg_defaults > 0 but reg_defaults is NULL, there will be a NULL pointer exception. Current code has no such usage, but as additional hardening, also check this to prevent any chance of crashing. Signed-off-by: Schspa Shi <schspa(a)gmail.com> Link: https://lore.kernel.org/r/20220629130951.63040-1-schspa@gmail.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Roman Smirnov <r.smirnov(a)omp.ru> --- drivers/base/regmap/regcache.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/base/regmap/regcache.c b/drivers/base/regmap/regcache.c index 7fdd702e564a..5ff79ba665ad 100644 --- a/drivers/base/regmap/regcache.c +++ b/drivers/base/regmap/regcache.c @@ -133,6 +133,12 @@ int regcache_init(struct regmap *map, const struct regmap_config *config) return -EINVAL; } + if (config->num_reg_defaults && !config->reg_defaults) { + dev_err(map->dev, + "Register defaults number are set without the reg!\n"); + return -EINVAL; + } + for (i = 0; i < config->num_reg_defaults; i++) if (config->reg_defaults[i].reg % map->reg_stride) return -EINVAL; -- 2.34.1

1 year, 3 months

1
0
0 0

[PATCH v2 6.10] LoongArch: KVM: Remove undefined a6 argument comment for kvm_hypercall()

by WangYuli

From: Dandan Zhang <zhangdandan(a)uniontech.com> [ Upstream commit 494b0792d962e8efac72b3a5b6d9bcd4e6fa8cf0 ] The kvm_hypercall() set for LoongArch is limited to a1-a5. So the mention of a6 in the comment is undefined that needs to be rectified. Reviewed-by: Bibo Mao <maobibo(a)loongson.cn> Signed-off-by: Wentao Guan <guanwentao(a)uniontech.com> Signed-off-by: Dandan Zhang <zhangdandan(a)uniontech.com> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> -- Changlog: *v1 -> v2: Correct the commit-msg format. --- arch/loongarch/include/asm/kvm_para.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/loongarch/include/asm/kvm_para.h b/arch/loongarch/include/asm/kvm_para.h index 4ba2312e5f8c..6d5e9b6c5714 100644 --- a/arch/loongarch/include/asm/kvm_para.h +++ b/arch/loongarch/include/asm/kvm_para.h @@ -28,9 +28,9 @@ * Hypercall interface for KVM hypervisor * * a0: function identifier - * a1-a6: args + * a1-a5: args * Return value will be placed in a0. - * Up to 6 arguments are passed in a1, a2, a3, a4, a5, a6. + * Up to 5 arguments are passed in a1, a2, a3, a4, a5. */ static __always_inline long kvm_hypercall0(u64 fid) { -- 2.43.0

1 year, 3 months

2
3
0 0

[merged mm-stable] zram-free-secondary-algorithms-names.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: zram: free secondary algorithms names has been removed from the -mm tree. Its filename was zram-free-secondary-algorithms-names.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Sergey Senozhatsky <senozhatsky(a)chromium.org> Subject: zram: free secondary algorithms names Date: Wed, 11 Sep 2024 11:54:56 +0900 We need to kfree() secondary algorithms names when reset zram device that had multi-streams, otherwise we leak memory. [senozhatsky(a)chromium.org: kfree(NULL) is legal] Link: https://lkml.kernel.org/r/20240917013021.868769-1-senozhatsky@chromium.org Link: https://lkml.kernel.org/r/20240911025600.3681789-1-senozhatsky@chromium.org Fixes: 001d92735701 ("zram: add recompression algorithm sysfs knob") Signed-off-by: Sergey Senozhatsky <senozhatsky(a)chromium.org> Cc: Minchan Kim <minchan(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/block/zram/zram_drv.c | 5 +++++ 1 file changed, 5 insertions(+) --- a/drivers/block/zram/zram_drv.c~zram-free-secondary-algorithms-names +++ a/drivers/block/zram/zram_drv.c @@ -2112,6 +2112,11 @@ static void zram_destroy_comps(struct zr zram->num_active_comps--; } + for (prio = ZRAM_SECONDARY_COMP; prio < ZRAM_MAX_COMPS; prio++) { + kfree(zram->comp_algs[prio]); + zram->comp_algs[prio] = NULL; + } + zram_comp_params_reset(zram); } _ Patches currently in -mm which might be from senozhatsky(a)chromium.org are

1 year, 3 months

1
0
0 0

[merged mm-stable] mm-z3fold-deprecate-config_z3fold.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: z3fold: deprecate CONFIG_Z3FOLD has been removed from the -mm tree. Its filename was mm-z3fold-deprecate-config_z3fold.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Yosry Ahmed <yosryahmed(a)google.com> Subject: mm: z3fold: deprecate CONFIG_Z3FOLD Date: Wed, 4 Sep 2024 23:33:43 +0000 The z3fold compressed pages allocator is rarely used, most users use zsmalloc. The only disadvantage of zsmalloc in comparison is the dependency on MMU, and zbud is a more common option for !MMU as it was the default zswap allocator for a long time. Historically, zsmalloc had worse latency than zbud and z3fold but offered better memory savings. This is no longer the case as shown by a simple recent analysis [1]. That analysis showed that z3fold does not have any advantage over zsmalloc or zbud considering both performance and memory usage. In a kernel build test on tmpfs in a limited cgroup, z3fold took 3% more time and used 1.8% more memory. The latency of zswap_load() was 7% higher, and that of zswap_store() was 10% higher. Zsmalloc is better in all metrics. Moreover, z3fold apparently has latent bugs, which was made noticeable by a recent soft lockup bug report with z3fold [2]. Switching to zsmalloc not only fixed the problem, but also reduced the swap usage from 6~8G to 1~2G. Other users have also reported being bitten by mistakenly enabling z3fold. Other than hurting users, z3fold is repeatedly causing wasted engineering effort. Apart from investigating the above bug, it came up in multiple development discussions (e.g. [3]) as something we need to handle, when there aren't any legit users (at least not intentionally). The natural course of action is to deprecate z3fold, and remove in a few cycles if no objections are raised from active users. Next on the list should be zbud, as it offers marginal latency gains at the cost of huge memory waste when compared to zsmalloc. That one will need to wait until zsmalloc does not depend on MMU. Rename the user-visible config option from CONFIG_Z3FOLD to CONFIG_Z3FOLD_DEPRECATED so that users with CONFIG_Z3FOLD=y get a new prompt with explanation during make oldconfig. Also, remove CONFIG_Z3FOLD=y from defconfigs. [1]https://lore.kernel.org/lkml/CAJD7tkbRF6od-2x_L8-A1QL3=2Ww13sCj4S3i4bNndq… [2]https://lore.kernel.org/lkml/EF0ABD3E-A239-4111-A8AB-5C442E759CF3@gmail.c… [3]https://lore.kernel.org/lkml/CAJD7tkbnmeVugfunffSovJf9FAgy9rhBVt_tx=nxUve… [arnd(a)arndb.de: deprecate ZSWAP_ZPOOL_DEFAULT_Z3FOLD as well] Link: https://lkml.kernel.org/r/20240909202625.1054880-1-arnd@kernel.org Link: https://lkml.kernel.org/r/20240904233343.933462-1-yosryahmed@google.com Signed-off-by: Yosry Ahmed <yosryahmed(a)google.com> Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> Acked-by: Chris Down <chris(a)chrisdown.name> Acked-by: Nhat Pham <nphamcs(a)gmail.com> Acked-by: Johannes Weiner <hannes(a)cmpxchg.org> Acked-by: Vitaly Wool <vitaly.wool(a)konsulko.com> Acked-by: Christoph Hellwig <hch(a)lst.de> Cc: Aneesh Kumar K.V <aneesh.kumar(a)kernel.org> Cc: Christophe Leroy <christophe.leroy(a)csgroup.eu> Cc: Huacai Chen <chenhuacai(a)kernel.org> Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Michael Ellerman <mpe(a)ellerman.id.au> Cc: Naveen N. Rao <naveen.n.rao(a)linux.ibm.com> Cc: Nicholas Piggin <npiggin(a)gmail.com> Cc: Sergey Senozhatsky <senozhatsky(a)chromium.org> Cc: WANG Xuerui <kernel(a)xen0n.name> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/loongarch/configs/loongson3_defconfig | 1 arch/powerpc/configs/ppc64_defconfig | 1 mm/Kconfig | 25 ++++++++++++++----- 3 files changed, 19 insertions(+), 8 deletions(-) --- a/arch/loongarch/configs/loongson3_defconfig~mm-z3fold-deprecate-config_z3fold +++ a/arch/loongarch/configs/loongson3_defconfig @@ -96,7 +96,6 @@ CONFIG_ZPOOL=y CONFIG_ZSWAP=y CONFIG_ZSWAP_COMPRESSOR_DEFAULT_ZSTD=y CONFIG_ZBUD=y -CONFIG_Z3FOLD=y CONFIG_ZSMALLOC=m # CONFIG_COMPAT_BRK is not set CONFIG_MEMORY_HOTPLUG=y --- a/arch/powerpc/configs/ppc64_defconfig~mm-z3fold-deprecate-config_z3fold +++ a/arch/powerpc/configs/ppc64_defconfig @@ -81,7 +81,6 @@ CONFIG_MODULE_SIG_SHA512=y CONFIG_PARTITION_ADVANCED=y CONFIG_BINFMT_MISC=m CONFIG_ZSWAP=y -CONFIG_Z3FOLD=y CONFIG_ZSMALLOC=y # CONFIG_SLAB_MERGE_DEFAULT is not set CONFIG_SLAB_FREELIST_RANDOM=y --- a/mm/Kconfig~mm-z3fold-deprecate-config_z3fold +++ a/mm/Kconfig @@ -146,12 +146,15 @@ config ZSWAP_ZPOOL_DEFAULT_ZBUD help Use the zbud allocator as the default allocator. -config ZSWAP_ZPOOL_DEFAULT_Z3FOLD - bool "z3fold" - select Z3FOLD +config ZSWAP_ZPOOL_DEFAULT_Z3FOLD_DEPRECATED + bool "z3foldi (DEPRECATED)" + select Z3FOLD_DEPRECATED help Use the z3fold allocator as the default allocator. + Deprecated and scheduled for removal in a few cycles, + see CONFIG_Z3FOLD_DEPRECATED. + config ZSWAP_ZPOOL_DEFAULT_ZSMALLOC bool "zsmalloc" select ZSMALLOC @@ -163,7 +166,7 @@ config ZSWAP_ZPOOL_DEFAULT string depends on ZSWAP default "zbud" if ZSWAP_ZPOOL_DEFAULT_ZBUD - default "z3fold" if ZSWAP_ZPOOL_DEFAULT_Z3FOLD + default "z3fold" if ZSWAP_ZPOOL_DEFAULT_Z3FOLD_DEPRECATED default "zsmalloc" if ZSWAP_ZPOOL_DEFAULT_ZSMALLOC default "" @@ -177,15 +180,25 @@ config ZBUD deterministic reclaim properties that make it preferable to a higher density approach when reclaim will be used. -config Z3FOLD - tristate "3:1 compression allocator (z3fold)" +config Z3FOLD_DEPRECATED + tristate "3:1 compression allocator (z3fold) (DEPRECATED)" depends on ZSWAP help + Deprecated and scheduled for removal in a few cycles. If you have + a good reason for using Z3FOLD over ZSMALLOC, please contact + linux-mm(a)kvack.org and the zswap maintainers. + A special purpose allocator for storing compressed pages. It is designed to store up to three compressed pages per physical page. It is a ZBUD derivative so the simplicity and determinism are still there. +config Z3FOLD + tristate + default y if Z3FOLD_DEPRECATED=y + default m if Z3FOLD_DEPRECATED=m + depends on Z3FOLD_DEPRECATED + config ZSMALLOC tristate prompt "N:1 compression allocator (zsmalloc)" if (ZSWAP || ZRAM) _ Patches currently in -mm which might be from yosryahmed(a)google.com are

1 year, 3 months

1
0
0 0

[merged mm-hotfixes-stable] mm-huge_memory-ensure-huge_zero_folio-wont-have-large_rmappable-flag-set.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/huge_memory: ensure huge_zero_folio won't have large_rmappable flag set has been removed from the -mm tree. Its filename was mm-huge_memory-ensure-huge_zero_folio-wont-have-large_rmappable-flag-set.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Miaohe Lin <linmiaohe(a)huawei.com> Subject: mm/huge_memory: ensure huge_zero_folio won't have large_rmappable flag set Date: Sat, 14 Sep 2024 09:53:06 +0800 Ensure huge_zero_folio won't have large_rmappable flag set. So it can be reported as thp,zero correctly through stable_page_flags(). Link: https://lkml.kernel.org/r/20240914015306.3656791-1-linmiaohe@huawei.com Fixes: 5691753d73a2 ("mm: convert huge_zero_page to huge_zero_folio") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/huge_memory.c | 2 ++ 1 file changed, 2 insertions(+) --- a/mm/huge_memory.c~mm-huge_memory-ensure-huge_zero_folio-wont-have-large_rmappable-flag-set +++ a/mm/huge_memory.c @@ -220,6 +220,8 @@ retry: count_vm_event(THP_ZERO_PAGE_ALLOC_FAILED); return false; } + /* Ensure zero folio won't have large_rmappable flag set. */ + folio_clear_large_rmappable(zero_folio); preempt_disable(); if (cmpxchg(&huge_zero_folio, NULL, zero_folio)) { preempt_enable(); _ Patches currently in -mm which might be from linmiaohe(a)huawei.com are mm-memory-failure-fix-vm_bug_on_pagepagepoisonedpage-when-unpoison-memory.patch

1 year, 3 months

1
0
0 0

[merged mm-hotfixes-stable] mm-hugetlbc-fix-uaf-of-vma-in-hugetlb-fault-pathway.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/hugetlb.c: fix UAF of vma in hugetlb fault pathway has been removed from the -mm tree. Its filename was mm-hugetlbc-fix-uaf-of-vma-in-hugetlb-fault-pathway.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: "Vishal Moola (Oracle)" <vishal.moola(a)gmail.com> Subject: mm/hugetlb.c: fix UAF of vma in hugetlb fault pathway Date: Sat, 14 Sep 2024 12:41:19 -0700 Syzbot reports a UAF in hugetlb_fault(). This happens because vmf_anon_prepare() could drop the per-VMA lock and allow the current VMA to be freed before hugetlb_vma_unlock_read() is called. We can fix this by using a modified version of vmf_anon_prepare() that doesn't release the VMA lock on failure, and then release it ourselves after hugetlb_vma_unlock_read(). Link: https://lkml.kernel.org/r/20240914194243.245-2-vishal.moola@gmail.com Fixes: 9acad7ba3e25 ("hugetlb: use vmf_anon_prepare() instead of anon_vma_prepare()") Reported-by: syzbot+2dab93857ee95f2eeb08(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/linux-mm/00000000000067c20b06219fbc26@google.com/ Signed-off-by: Vishal Moola (Oracle) <vishal.moola(a)gmail.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) --- a/mm/hugetlb.c~mm-hugetlbc-fix-uaf-of-vma-in-hugetlb-fault-pathway +++ a/mm/hugetlb.c @@ -6048,7 +6048,7 @@ retry_avoidcopy: * When the original hugepage is shared one, it does not have * anon_vma prepared. */ - ret = vmf_anon_prepare(vmf); + ret = __vmf_anon_prepare(vmf); if (unlikely(ret)) goto out_release_all; @@ -6247,7 +6247,7 @@ static vm_fault_t hugetlb_no_page(struct } if (!(vma->vm_flags & VM_MAYSHARE)) { - ret = vmf_anon_prepare(vmf); + ret = __vmf_anon_prepare(vmf); if (unlikely(ret)) goto out; } @@ -6378,6 +6378,14 @@ static vm_fault_t hugetlb_no_page(struct folio_unlock(folio); out: hugetlb_vma_unlock_read(vma); + + /* + * We must check to release the per-VMA lock. __vmf_anon_prepare() is + * the only way ret can be set to VM_FAULT_RETRY. + */ + if (unlikely(ret & VM_FAULT_RETRY)) + vma_end_read(vma); + mutex_unlock(&hugetlb_fault_mutex_table[hash]); return ret; @@ -6599,6 +6607,14 @@ out_ptl: } out_mutex: hugetlb_vma_unlock_read(vma); + + /* + * We must check to release the per-VMA lock. __vmf_anon_prepare() in + * hugetlb_wp() is the only way ret can be set to VM_FAULT_RETRY. + */ + if (unlikely(ret & VM_FAULT_RETRY)) + vma_end_read(vma); + mutex_unlock(&hugetlb_fault_mutex_table[hash]); /* * Generally it's safe to hold refcount during waiting page lock. But _ Patches currently in -mm which might be from vishal.moola(a)gmail.com are

1 year, 3 months

1
0
0 0

[merged mm-hotfixes-stable] mm-change-vmf_anon_prepare-to-__vmf_anon_prepare.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: change vmf_anon_prepare() to __vmf_anon_prepare() has been removed from the -mm tree. Its filename was mm-change-vmf_anon_prepare-to-__vmf_anon_prepare.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: "Vishal Moola (Oracle)" <vishal.moola(a)gmail.com> Subject: mm: change vmf_anon_prepare() to __vmf_anon_prepare() Date: Sat, 14 Sep 2024 12:41:18 -0700 Some callers of vmf_anon_prepare() may not want us to release the per-VMA lock ourselves. Rename vmf_anon_prepare() to __vmf_anon_prepare() and let the callers drop the lock when desired. Also, make vmf_anon_prepare() a wrapper that releases the per-VMA lock itself for any callers that don't care. This is in preparation to fix this bug reported by syzbot: https://lore.kernel.org/linux-mm/00000000000067c20b06219fbc26@google.com/ Link: https://lkml.kernel.org/r/20240914194243.245-1-vishal.moola@gmail.com Fixes: 9acad7ba3e25 ("hugetlb: use vmf_anon_prepare() instead of anon_vma_prepare()") Reported-by: syzbot+2dab93857ee95f2eeb08(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/linux-mm/00000000000067c20b06219fbc26@google.com/ Signed-off-by: Vishal Moola (Oracle) <vishal.moola(a)gmail.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/internal.h | 11 ++++++++++- mm/memory.c | 8 +++----- 2 files changed, 13 insertions(+), 6 deletions(-) --- a/mm/internal.h~mm-change-vmf_anon_prepare-to-__vmf_anon_prepare +++ a/mm/internal.h @@ -310,7 +310,16 @@ static inline void wake_throttle_isolate wake_up(wqh); } -vm_fault_t vmf_anon_prepare(struct vm_fault *vmf); +vm_fault_t __vmf_anon_prepare(struct vm_fault *vmf); +static inline vm_fault_t vmf_anon_prepare(struct vm_fault *vmf) +{ + vm_fault_t ret = __vmf_anon_prepare(vmf); + + if (unlikely(ret & VM_FAULT_RETRY)) + vma_end_read(vmf->vma); + return ret; +} + vm_fault_t do_swap_page(struct vm_fault *vmf); void folio_rotate_reclaimable(struct folio *folio); bool __folio_end_writeback(struct folio *folio); --- a/mm/memory.c~mm-change-vmf_anon_prepare-to-__vmf_anon_prepare +++ a/mm/memory.c @@ -3259,7 +3259,7 @@ static inline vm_fault_t vmf_can_call_fa } /** - * vmf_anon_prepare - Prepare to handle an anonymous fault. + * __vmf_anon_prepare - Prepare to handle an anonymous fault. * @vmf: The vm_fault descriptor passed from the fault handler. * * When preparing to insert an anonymous page into a VMA from a @@ -3273,7 +3273,7 @@ static inline vm_fault_t vmf_can_call_fa * Return: 0 if fault handling can proceed. Any other value should be * returned to the caller. */ -vm_fault_t vmf_anon_prepare(struct vm_fault *vmf) +vm_fault_t __vmf_anon_prepare(struct vm_fault *vmf) { struct vm_area_struct *vma = vmf->vma; vm_fault_t ret = 0; @@ -3281,10 +3281,8 @@ vm_fault_t vmf_anon_prepare(struct vm_fa if (likely(vma->anon_vma)) return 0; if (vmf->flags & FAULT_FLAG_VMA_LOCK) { - if (!mmap_read_trylock(vma->vm_mm)) { - vma_end_read(vma); + if (!mmap_read_trylock(vma->vm_mm)) return VM_FAULT_RETRY; - } } if (__anon_vma_prepare(vma)) ret = VM_FAULT_OOM; _ Patches currently in -mm which might be from vishal.moola(a)gmail.com are

1 year, 3 months

1
0
0 0

[merged mm-hotfixes-stable] resource-fix-region_intersects-vs-add_memory_driver_managed.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: resource: fix region_intersects() vs add_memory_driver_managed() has been removed from the -mm tree. Its filename was resource-fix-region_intersects-vs-add_memory_driver_managed.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Huang Ying <ying.huang(a)intel.com> Subject: resource: fix region_intersects() vs add_memory_driver_managed() Date: Fri, 6 Sep 2024 11:07:11 +0800 On a system with CXL memory, the resource tree (/proc/iomem) related to CXL memory may look like something as follows. 490000000-50fffffff : CXL Window 0 490000000-50fffffff : region0 490000000-50fffffff : dax0.0 490000000-50fffffff : System RAM (kmem) Because drivers/dax/kmem.c calls add_memory_driver_managed() during onlining CXL memory, which makes "System RAM (kmem)" a descendant of "CXL Window X". This confuses region_intersects(), which expects all "System RAM" resources to be at the top level of iomem_resource. This can lead to bugs. For example, when the following command line is executed to write some memory in CXL memory range via /dev/mem, $ dd if=data of=/dev/mem bs=$((1 << 10)) seek=$((0x490000000 >> 10)) count=1 dd: error writing '/dev/mem': Bad address 1+0 records in 0+0 records out 0 bytes copied, 0.0283507 s, 0.0 kB/s the command fails as expected. However, the error code is wrong. It should be "Operation not permitted" instead of "Bad address". More seriously, the /dev/mem permission checking in devmem_is_allowed() passes incorrectly. Although the accessing is prevented later because ioremap() isn't allowed to map system RAM, it is a potential security issue. During command executing, the following warning is reported in the kernel log for calling ioremap() on system RAM. ioremap on RAM at 0x0000000490000000 - 0x0000000490000fff WARNING: CPU: 2 PID: 416 at arch/x86/mm/ioremap.c:216 __ioremap_caller.constprop.0+0x131/0x35d Call Trace: memremap+0xcb/0x184 xlate_dev_mem_ptr+0x25/0x2f write_mem+0x94/0xfb vfs_write+0x128/0x26d ksys_write+0xac/0xfe do_syscall_64+0x9a/0xfd entry_SYSCALL_64_after_hwframe+0x4b/0x53 The details of command execution process are as follows. In the above resource tree, "System RAM" is a descendant of "CXL Window 0" instead of a top level resource. So, region_intersects() will report no System RAM resources in the CXL memory region incorrectly, because it only checks the top level resources. Consequently, devmem_is_allowed() will return 1 (allow access via /dev/mem) for CXL memory region incorrectly. Fortunately, ioremap() doesn't allow to map System RAM and reject the access. So, region_intersects() needs to be fixed to work correctly with the resource tree with "System RAM" not at top level as above. To fix it, if we found a unmatched resource in the top level, we will continue to search matched resources in its descendant resources. So, we will not miss any matched resources in resource tree anymore. In the new implementation, an example resource tree |------------- "CXL Window 0" ------------| |-- "System RAM" --| will behave similar as the following fake resource tree for region_intersects(, IORESOURCE_SYSTEM_RAM, ), |-- "System RAM" --||-- "CXL Window 0a" --| Where "CXL Window 0a" is part of the original "CXL Window 0" that isn't covered by "System RAM". Link: https://lkml.kernel.org/r/20240906030713.204292-2-ying.huang@intel.com Fixes: c221c0b0308f ("device-dax: "Hotplug" persistent memory for use like normal RAM") Signed-off-by: "Huang, Ying" <ying.huang(a)intel.com> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Davidlohr Bueso <dave(a)stgolabs.net> Cc: Jonathan Cameron <jonathan.cameron(a)huawei.com> Cc: Dave Jiang <dave.jiang(a)intel.com> Cc: Alison Schofield <alison.schofield(a)intel.com> Cc: Vishal Verma <vishal.l.verma(a)intel.com> Cc: Ira Weiny <ira.weiny(a)intel.com> Cc: Alistair Popple <apopple(a)nvidia.com> Cc: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Cc: Bjorn Helgaas <bhelgaas(a)google.com> Cc: Baoquan He <bhe(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/resource.c | 58 +++++++++++++++++++++++++++++++++++++------- 1 file changed, 50 insertions(+), 8 deletions(-) --- a/kernel/resource.c~resource-fix-region_intersects-vs-add_memory_driver_managed +++ a/kernel/resource.c @@ -540,20 +540,62 @@ static int __region_intersects(struct re size_t size, unsigned long flags, unsigned long desc) { - struct resource res; + resource_size_t ostart, oend; int type = 0; int other = 0; - struct resource *p; + struct resource *p, *dp; + bool is_type, covered; + struct resource res; res.start = start; res.end = start + size - 1; for (p = parent->child; p ; p = p->sibling) { - bool is_type = (((p->flags & flags) == flags) && - ((desc == IORES_DESC_NONE) || - (desc == p->desc))); - - if (resource_overlaps(p, &res)) - is_type ? type++ : other++; + if (!resource_overlaps(p, &res)) + continue; + is_type = (p->flags & flags) == flags && + (desc == IORES_DESC_NONE || desc == p->desc); + if (is_type) { + type++; + continue; + } + /* + * Continue to search in descendant resources as if the + * matched descendant resources cover some ranges of 'p'. + * + * |------------- "CXL Window 0" ------------| + * |-- "System RAM" --| + * + * will behave similar as the following fake resource + * tree when searching "System RAM". + * + * |-- "System RAM" --||-- "CXL Window 0a" --| + */ + covered = false; + ostart = max(res.start, p->start); + oend = min(res.end, p->end); + for_each_resource(p, dp, false) { + if (!resource_overlaps(dp, &res)) + continue; + is_type = (dp->flags & flags) == flags && + (desc == IORES_DESC_NONE || desc == dp->desc); + if (is_type) { + type++; + /* + * Range from 'ostart' to 'dp->start' + * isn't covered by matched resource. + */ + if (dp->start > ostart) + break; + if (dp->end >= oend) { + covered = true; + break; + } + /* Remove covered range */ + ostart = max(ostart, dp->end + 1); + } + } + if (!covered) + other++; } if (type == 0) _ Patches currently in -mm which might be from ying.huang(a)intel.com are resource-make-alloc_free_mem_region-works-for-iomem_resource.patch resource-kunit-add-test-case-for-region_intersects.patch

1 year, 3 months

1
0
0 0

[PATCH] fbcon: Fix a NULL pointer dereference issue in fbcon_putcs

by Qianqiang Liu

> I think this patch just hides the real problem. > How could putcs have become NULL ? > > Helge Oh, you are right! I will figure it out. Best, Qianqiang Liu

1 year, 3 months

1
0
0 0

[PATCH 1/1] RISC-V: Fix building rust when using GCC toolchain

by Jason Montleon

Clang does not support '-mno-riscv-attribute' resulting in the error error: unknown argument: '-mno-riscv-attribute' Not setting BINDGEN_TARGET_riscv results in the in the error error: unsupported argument 'medany' to option '-mcmodel=' for target \ 'unknown' error: unknown target triple 'unknown' Signed-off-by: Jason Montleon <jmontleo(a)redhat.com> Cc: stable(a)vger.kernel.org --- rust/Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/rust/Makefile b/rust/Makefile index f168d2c98a15..73eceaaae61e 100644 --- a/rust/Makefile +++ b/rust/Makefile @@ -228,11 +228,12 @@ bindgen_skip_c_flags := -mno-fp-ret-in-387 -mpreferred-stack-boundary=% \ -fzero-call-used-regs=% -fno-stack-clash-protection \ -fno-inline-functions-called-once -fsanitize=bounds-strict \ -fstrict-flex-arrays=% -fmin-function-alignment=% \ - --param=% --param asan-% + --param=% --param asan-% -mno-riscv-attribute # Derived from `scripts/Makefile.clang`. BINDGEN_TARGET_x86 := x86_64-linux-gnu BINDGEN_TARGET_arm64 := aarch64-linux-gnu +BINDGEN_TARGET_riscv := riscv64-linux-gnu BINDGEN_TARGET := $(BINDGEN_TARGET_$(SRCARCH)) # All warnings are inhibited since GCC builds are very experimental, -- 2.46.0

1 year, 3 months

1
0
0 0

[PATCH 2/3] arm64: dts: qcom: x1e80100: fix PCIe4 and PCIe6a PHY clocks

by Johan Hovold

Add the missing clkref enable and pipediv2 clocks to the PCIe4 and PCIe6a PHYs. Fixes: 5eb83fc10289 ("arm64: dts: qcom: x1e80100: Add PCIe nodes") Cc: stable(a)vger.kernel.org # 6.9 Cc: Abel Vesa <abel.vesa(a)linaro.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- arch/arm64/boot/dts/qcom/x1e80100.dtsi | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/arch/arm64/boot/dts/qcom/x1e80100.dtsi b/arch/arm64/boot/dts/qcom/x1e80100.dtsi index 0cf4f3c12428..53e7d1e603cb 100644 --- a/arch/arm64/boot/dts/qcom/x1e80100.dtsi +++ b/arch/arm64/boot/dts/qcom/x1e80100.dtsi @@ -2980,14 +2980,16 @@ pcie6a_phy: phy@1bfc000 { clocks = <&gcc GCC_PCIE_6A_PHY_AUX_CLK>, <&gcc GCC_PCIE_6A_CFG_AHB_CLK>, - <&rpmhcc RPMH_CXO_CLK>, + <&tcsr TCSR_PCIE_4L_CLKREF_EN>, <&gcc GCC_PCIE_6A_PHY_RCHNG_CLK>, - <&gcc GCC_PCIE_6A_PIPE_CLK>; + <&gcc GCC_PCIE_6A_PIPE_CLK>, + <&gcc GCC_PCIE_6A_PIPEDIV2_CLK>; clock-names = "aux", "cfg_ahb", "ref", "rchng", - "pipe"; + "pipe", + "pipediv2"; resets = <&gcc GCC_PCIE_6A_PHY_BCR>, <&gcc GCC_PCIE_6A_NOCSR_COM_PHY_BCR>; @@ -3232,14 +3234,16 @@ pcie4_phy: phy@1c0e000 { clocks = <&gcc GCC_PCIE_4_AUX_CLK>, <&gcc GCC_PCIE_4_CFG_AHB_CLK>, - <&rpmhcc RPMH_CXO_CLK>, + <&tcsr TCSR_PCIE_2L_4_CLKREF_EN>, <&gcc GCC_PCIE_4_PHY_RCHNG_CLK>, - <&gcc GCC_PCIE_4_PIPE_CLK>; + <&gcc GCC_PCIE_4_PIPE_CLK>, + <&gcc GCC_PCIE_4_PIPEDIV2_CLK>; clock-names = "aux", "cfg_ahb", "ref", "rchng", - "pipe"; + "pipe", + "pipediv2"; resets = <&gcc GCC_PCIE_4_PHY_BCR>; reset-names = "phy"; -- 2.44.2

1 year, 3 months

3
2
0 0

[PATCH] f2fs: fix to check atomic_file in f2fs ioctl interfaces

by Chao Yu

Some f2fs ioctl interfaces like f2fs_ioc_set_pin_file(), f2fs_move_file_range(), and f2fs_defragment_range() missed to check atomic_write status, which may cause potential race issue, fix it. Cc: stable(a)vger.kernel.org Signed-off-by: Chao Yu <chao(a)kernel.org> --- fs/f2fs/file.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c index a8d153eb0a95..99903eafa7fe 100644 --- a/fs/f2fs/file.c +++ b/fs/f2fs/file.c @@ -2710,7 +2710,8 @@ static int f2fs_defragment_range(struct f2fs_sb_info *sbi, (range->start + range->len) >> PAGE_SHIFT, DIV_ROUND_UP(i_size_read(inode), PAGE_SIZE)); - if (is_inode_flag_set(inode, FI_COMPRESS_RELEASED)) { + if (is_inode_flag_set(inode, FI_COMPRESS_RELEASED) || + f2fs_is_atomic_file(inode)) { err = -EINVAL; goto unlock_out; } @@ -2943,6 +2944,11 @@ static int f2fs_move_file_range(struct file *file_in, loff_t pos_in, goto out_unlock; } + if (f2fs_is_atomic_file(src) || f2fs_is_atomic_file(dst)) { + ret = -EINVAL; + goto out_unlock; + } + ret = -EINVAL; if (pos_in + len > src->i_size || pos_in + len < pos_in) goto out_unlock; @@ -3326,6 +3332,11 @@ static int f2fs_ioc_set_pin_file(struct file *filp, unsigned long arg) inode_lock(inode); + if (f2fs_is_atomic_file(inode)) { + ret = -EINVAL; + goto out; + } + if (!pin) { clear_inode_flag(inode, FI_PIN_FILE); f2fs_i_gc_failures_write(inode, 0); -- 2.40.1

1 year, 3 months

2
1
0 0

[PATCH v2] usb: dwc3: re-enable runtime PM after failed resume

by Roy Luo

When dwc3_resume_common() returns an error, runtime pm is left in suspended and disabled state in dwc3_resume(). Since the device is suspended, its parent devices (like the power domain or glue driver) could also be suspended and may have released resources that dwc requires. Consequently, calling dwc3_suspend_common() in this situation could result in attempts to access unclocked or unpowered registers. To prevent these problems, runtime PM should always be re-enabled, even after failed resume attempts. This ensures that dwc3_suspend_common() is skipped in such cases. Fixes: 68c26fe58182 ("usb: dwc3: set pm runtime active before resume common") Cc: stable(a)vger.kernel.org Signed-off-by: Roy Luo <royluo(a)google.com> --- drivers/usb/dwc3/core.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c index ccc3895dbd7f..4bd73b5fe41b 100644 --- a/drivers/usb/dwc3/core.c +++ b/drivers/usb/dwc3/core.c @@ -2537,7 +2537,7 @@ static int dwc3_suspend(struct device *dev) static int dwc3_resume(struct device *dev) { struct dwc3 *dwc = dev_get_drvdata(dev); - int ret; + int ret = 0; pinctrl_pm_select_default_state(dev); @@ -2545,14 +2545,12 @@ static int dwc3_resume(struct device *dev) pm_runtime_set_active(dev); ret = dwc3_resume_common(dwc, PMSG_RESUME); - if (ret) { + if (ret) pm_runtime_set_suspended(dev); - return ret; - } pm_runtime_enable(dev); - return 0; + return ret; } static void dwc3_complete(struct device *dev) base-commit: ad618736883b8970f66af799e34007475fe33a68 -- 2.46.0.662.g92d0881bb0-goog

1 year, 3 months

2
1
0 0

[PATCH v3] drm/xe/vram: fix ccs offset calculation

by Matthew Auld

Spec says SW is expected to round up to the nearest 128K, if not already aligned for the CC unit view of CCS. We are seeing the assert sometimes pop on BMG to tell us that there is a hole between GSM and CCS, as well as popping other asserts with having a vram size with strange alignment, which is likely caused by misaligned offset here. v2 (Shuicheng): - Do the round_up() on final SW address. BSpec: 68023 Fixes: b5c2ca0372dc ("drm/xe/xe2hpg: Determine flat ccs offset for vram") Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Cc: Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> Cc: Akshata Jahagirdar <akshata.jahagirdar(a)intel.com> Cc: Lucas De Marchi <lucas.demarchi(a)intel.com> Cc: Shuicheng Lin <shuicheng.lin(a)intel.com> Cc: Matt Roper <matthew.d.roper(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.10+ Reviewed-by: Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> Tested-by: Shuicheng Lin <shuicheng.lin(a)intel.com> --- drivers/gpu/drm/xe/xe_vram.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/xe/xe_vram.c b/drivers/gpu/drm/xe/xe_vram.c index 7e765b1499b1..2a623bfcda7e 100644 --- a/drivers/gpu/drm/xe/xe_vram.c +++ b/drivers/gpu/drm/xe/xe_vram.c @@ -182,6 +182,7 @@ static inline u64 get_flat_ccs_offset(struct xe_gt *gt, u64 tile_size) offset = offset_hi << 32; /* HW view bits 39:32 */ offset |= offset_lo << 6; /* HW view bits 31:6 */ offset *= num_enabled; /* convert to SW view */ + offset = round_up(offset, SZ_128K); /* SW must round up to nearest 128K */ /* We don't expect any holes */ xe_assert_msg(xe, offset == (xe_mmio_read64_2x32(&gt_to_tile(gt)->mmio, GSMBASE) - -- 2.46.0

1 year, 3 months

2
2
0 0

[PATCH] ALSA: hda/realtek: fix mute/micmute LED for HP mt645 G8

by nikolai.afanasenkov＠hp.com

From: Nikolai Afanasenkov <nikolai.afanasenkov(a)hp.com> The HP Elite mt645 G8 Mobile Thin Client uses an ALC236 codec and needs the ALC236_FIXUP_HP_MUTE_LED_MICMUTE_VREF quirk to enable the mute and micmute LED functionality. This patch adds the system ID of the HP Elite mt645 G8 to the `alc269_fixup_tbl` in `patch_realtek.c` to enable the required quirk. Cc: stable(a)vger.kernel.org Signed-off-by: Nikolai Afanasenkov <nikolai.afanasenkov(a)hp.com> --- sound/pci/hda/patch_realtek.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c index 452c6e7c20e2..5ad5a901f9b6 100644 --- a/sound/pci/hda/patch_realtek.c +++ b/sound/pci/hda/patch_realtek.c @@ -10396,6 +10396,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = { SND_PCI_QUIRK(0x103c, 0x8ca2, "HP ZBook Power", ALC236_FIXUP_HP_GPIO_LED), SND_PCI_QUIRK(0x103c, 0x8ca4, "HP ZBook Fury", ALC245_FIXUP_CS35L41_SPI_2_HP_GPIO_LED), SND_PCI_QUIRK(0x103c, 0x8ca7, "HP ZBook Fury", ALC245_FIXUP_CS35L41_SPI_2_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x8caf, "HP Elite mt645 G8 Mobile Thin Client", ALC236_FIXUP_HP_MUTE_LED_MICMUTE_VREF), SND_PCI_QUIRK(0x103c, 0x8cbd, "HP Pavilion Aero Laptop 13-bg0xxx", ALC245_FIXUP_HP_X360_MUTE_LEDS), SND_PCI_QUIRK(0x103c, 0x8cdd, "HP Spectre", ALC287_FIXUP_CS35L41_I2C_2), SND_PCI_QUIRK(0x103c, 0x8cde, "HP Spectre", ALC287_FIXUP_CS35L41_I2C_2), -- 2.34.1

1 year, 3 months

1
0
0 0

[PATCH net] net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL

by Thomas Weißschuh

The rpl sr tunnel code contains calls to dst_cache_*() which are only present when the dst cache is built. Select DST_CACHE to build the dst cache, similar to other kconfig options in the same file. Fixes: a7a29f9c361f ("net: ipv6: add rpl sr tunnel") Cc: stable(a)vger.kernel.org --- Signed-off-by: Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> --- net/ipv6/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/net/ipv6/Kconfig b/net/ipv6/Kconfig index 08d4b7132d4c..1c9c686d9522 100644 --- a/net/ipv6/Kconfig +++ b/net/ipv6/Kconfig @@ -323,6 +323,7 @@ config IPV6_RPL_LWTUNNEL bool "IPv6: RPL Source Routing Header support" depends on IPV6 select LWTUNNEL + select DST_CACHE help Support for RFC6554 RPL Source Routing Header using the lightweight tunnels mechanism. --- base-commit: ad060dbbcfcfcba624ef1a75e1d71365a98b86d8 change-id: 20240916-ipv6_rpl_lwtunnel-dst_cache-22561978f35f Best regards, -- Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>

1 year, 3 months

2
5
0 0

Mrs. Rosella Thomas

by Rosella Thomas

Good Morning. I am Mrs. Rosella Thomas. My dear, would you be able to handle a project for us? Please contact me by email for more details. My email is this rosellathomas4(a)gmail.com Thanks Mrs. Rosella Thomas

1 year, 3 months

1
0
0 0

[PATCH] RDMA/irdma: fix error message in irdma_modify_qp_roce()

by Vitaliy Shevtsov

Use a correct field max_dest_rd_atomic instead of max_rd_atomic for the error output. Found by Linux Verification Center (linuxtesting.org) with Svace. Fixes: b48c24c2d710 ("RDMA/irdma: Implement device supported verb APIs") Signed-off-by: Vitaliy Shevtsov <v.shevtsov(a)maxima.ru> --- drivers/infiniband/hw/irdma/verbs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/infiniband/hw/irdma/verbs.c b/drivers/infiniband/hw/irdma/verbs.c index 76c5f461faca..baa3dff6faab 100644 --- a/drivers/infiniband/hw/irdma/verbs.c +++ b/drivers/infiniband/hw/irdma/verbs.c @@ -1324,7 +1324,7 @@ int irdma_modify_qp_roce(struct ib_qp *ibqp, struct ib_qp_attr *attr, if (attr->max_dest_rd_atomic > dev->hw_attrs.max_hw_ird) { ibdev_err(&iwdev->ibdev, "rd_atomic = %d, above max_hw_ird=%d\n", - attr->max_rd_atomic, + attr->max_dest_rd_atomic, dev->hw_attrs.max_hw_ird); return -EINVAL; } -- 2.46.1

1 year, 3 months

3
2
0 0

[PATCH 1/3] serial: qcom-geni: fix premature receiver enable

by Johan Hovold

The receiver should no be enabled until the port is opened so drop the bogus call to start tx from the setup code which is shared with the console implementation. This was added for some confused implementation of hibernation support, but the receiver must not be started unconditionally as the port may not have been open when hibernating the system. Fixes: 35781d8356a2 ("tty: serial: qcom-geni-serial: Add support for Hibernation feature") Cc: stable(a)vger.kernel.org # 6.2 Cc: Aniket Randive <quic_arandive(a)quicinc.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/tty/serial/qcom_geni_serial.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index 6f0db310cf69..9ea6bd09e665 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -1152,7 +1152,6 @@ static int qcom_geni_serial_port_setup(struct uart_port *uport) false, true, true); geni_se_init(&port->se, UART_RX_WM, port->rx_fifo_depth - 2); geni_se_select_mode(&port->se, port->dev_data->mode); - qcom_geni_serial_start_rx(uport); port->setup = true; return 0; -- 2.44.2

1 year, 3 months

1
0
0 0

[failures] ocfs2-reserve-space-for-inline-xattr-before-attaching-reflink-tree.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: ocfs2: reserve space for inline xattr before attaching reflink tree has been removed from the -mm tree. Its filename was ocfs2-reserve-space-for-inline-xattr-before-attaching-reflink-tree.patch This patch was dropped because it had testing failures ------------------------------------------------------ From: Gautham Ananthakrishna <gautham.ananthakrishna(a)oracle.com> Subject: ocfs2: reserve space for inline xattr before attaching reflink tree Date: Thu, 12 Sep 2024 06:47:20 +0000 One of our customers reported a crash and a corrupted ocfs2 filesystem. The crash was due to the detection of corruption. Upon troubleshooting, the fsck -fn output showed the below corruption [EXTENT_LIST_FREE] Extent list in owner 33080590 claims 230 as the next free chain record, but fsck believes the largest valid value is 227. Clamp the next record value? n The stat output from the debugfs.ocfs2 showed the following corruption where the "Next Free Rec:" had overshot the "Count:" in the root metadata block. Inode: 33080590 Mode: 0640 Generation: 2619713622 (0x9c25a856) FS Generation: 904309833 (0x35e6ac49) CRC32: 00000000 ECC: 0000 Type: Regular Attr: 0x0 Flags: Valid Dynamic Features: (0x16) HasXattr InlineXattr Refcounted Extended Attributes Block: 0 Extended Attributes Inline Size: 256 User: 0 (root) Group: 0 (root) Size: 281320357888 Links: 1 Clusters: 141738 ctime: 0x66911b56 0x316edcb8 -- Fri Jul 12 06:02:30.829349048 2024 atime: 0x66911d6b 0x7f7a28d -- Fri Jul 12 06:11:23.133669517 2024 mtime: 0x66911b56 0x12ed75d7 -- Fri Jul 12 06:02:30.317552087 2024 dtime: 0x0 -- Wed Dec 31 17:00:00 1969 Refcount Block: 2777346 Last Extblk: 2886943 Orphan Slot: 0 Sub Alloc Slot: 0 Sub Alloc Bit: 14 Tree Depth: 1 Count: 227 Next Free Rec: 230 ## Offset Clusters Block# 0 0 2310 2776351 1 2310 2139 2777375 2 4449 1221 2778399 3 5670 731 2779423 4 6401 566 2780447 ....... .... ....... ....... .... ....... The issue was in the reflink workfow while reserving space for inline xattr. The problematic function is ocfs2_reflink_xattr_inline(). By the time this function is called the reflink tree is already recreated at the destination inode from the source inode. At this point, this function reserves space for inline xattrs at the destination inode without even checking if there is space at the root metadata block. It simply reduces the l_count from 243 to 227 thereby making space of 256 bytes for inline xattr whereas the inode already has extents beyond this index (in this case upto 230), thereby causing corruption. The fix for this is to reserve space for inline metadata at the destination inode before the reflink tree gets recreated. The customer has verified the fix. Link: https://lkml.kernel.org/r/20240912064720.898600-1-gautham.ananthakrishna@or… Fixes: ef962df057aa ("ocfs2: xattr: fix inlined xattr reflink") Signed-off-by: Gautham Ananthakrishna <gautham.ananthakrishna(a)oracle.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Gang He <ghe(a)suse.com> Cc: Jun Piao <piaojun(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/refcounttree.c | 26 ++++++++++++++++++++++++-- fs/ocfs2/xattr.c | 11 +---------- 2 files changed, 25 insertions(+), 12 deletions(-) --- a/fs/ocfs2/refcounttree.c~ocfs2-reserve-space-for-inline-xattr-before-attaching-reflink-tree +++ a/fs/ocfs2/refcounttree.c @@ -25,6 +25,7 @@ #include "namei.h" #include "ocfs2_trace.h" #include "file.h" +#include "symlink.h" #include <linux/bio.h> #include <linux/blkdev.h> @@ -4155,8 +4156,9 @@ static int __ocfs2_reflink(struct dentry int ret; struct inode *inode = d_inode(old_dentry); struct buffer_head *new_bh = NULL; + struct ocfs2_inode_info *oi = OCFS2_I(inode); - if (OCFS2_I(inode)->ip_flags & OCFS2_INODE_SYSTEM_FILE) { + if (oi->ip_flags & OCFS2_INODE_SYSTEM_FILE) { ret = -EINVAL; mlog_errno(ret); goto out; @@ -4182,6 +4184,26 @@ static int __ocfs2_reflink(struct dentry goto out_unlock; } + if ((oi->ip_dyn_features & OCFS2_HAS_XATTR_FL) && + (oi->ip_dyn_features & OCFS2_INLINE_XATTR_FL)) { + /* + * Adjust extent record count to reserve space for extended attribute. + * Inline data count had been adjusted in ocfs2_duplicate_inline_data(). + */ + struct ocfs2_inode_info *new_oi = OCFS2_I(new_inode); + + if (!(new_oi->ip_dyn_features & OCFS2_INLINE_DATA_FL) && + !(ocfs2_inode_is_fast_symlink(new_inode))) { + struct ocfs2_dinode *new_di = new_bh->b_data; + struct ocfs2_dinode *old_di = old_bh->b_data; + struct ocfs2_extent_list *el = &new_di->id2.i_list; + int inline_size = le16_to_cpu(old_di->i_xattr_inline_size); + + le16_add_cpu(&el->l_count, -(inline_size / + sizeof(struct ocfs2_extent_rec))); + } + } + ret = ocfs2_create_reflink_node(inode, old_bh, new_inode, new_bh, preserve); if (ret) { @@ -4189,7 +4211,7 @@ static int __ocfs2_reflink(struct dentry goto inode_unlock; } - if (OCFS2_I(inode)->ip_dyn_features & OCFS2_HAS_XATTR_FL) { + if (oi->ip_dyn_features & OCFS2_HAS_XATTR_FL) { ret = ocfs2_reflink_xattrs(inode, old_bh, new_inode, new_bh, preserve); --- a/fs/ocfs2/xattr.c~ocfs2-reserve-space-for-inline-xattr-before-attaching-reflink-tree +++ a/fs/ocfs2/xattr.c @@ -6520,16 +6520,7 @@ static int ocfs2_reflink_xattr_inline(st } new_oi = OCFS2_I(args->new_inode); - /* - * Adjust extent record count to reserve space for extended attribute. - * Inline data count had been adjusted in ocfs2_duplicate_inline_data(). - */ - if (!(new_oi->ip_dyn_features & OCFS2_INLINE_DATA_FL) && - !(ocfs2_inode_is_fast_symlink(args->new_inode))) { - struct ocfs2_extent_list *el = &new_di->id2.i_list; - le16_add_cpu(&el->l_count, -(inline_size / - sizeof(struct ocfs2_extent_rec))); - } + spin_lock(&new_oi->ip_lock); new_oi->ip_dyn_features |= OCFS2_HAS_XATTR_FL | OCFS2_INLINE_XATTR_FL; new_di->i_dyn_features = cpu_to_le16(new_oi->ip_dyn_features); _ Patches currently in -mm which might be from gautham.ananthakrishna(a)oracle.com are

1 year, 3 months

1
0
0 0

[PATCH RFC V4 1/1] ocfs2: reserve space for inline xattr before attaching reflink tree

by Gautham Ananthakrishna

One of our customers reported a crash and a corrupted ocfs2 filesystem. The crash was due to the detection of corruption. Upon troubleshooting, the fsck -fn output showed the below corruption [EXTENT_LIST_FREE] Extent list in owner 33080590 claims 230 as the next free chain record, but fsck believes the largest valid value is 227. Clamp the next record value? n The stat output from the debugfs.ocfs2 showed the following corruption where the "Next Free Rec:" had overshot the "Count:" in the root metadata block. Inode: 33080590 Mode: 0640 Generation: 2619713622 (0x9c25a856) FS Generation: 904309833 (0x35e6ac49) CRC32: 00000000 ECC: 0000 Type: Regular Attr: 0x0 Flags: Valid Dynamic Features: (0x16) HasXattr InlineXattr Refcounted Extended Attributes Block: 0 Extended Attributes Inline Size: 256 User: 0 (root) Group: 0 (root) Size: 281320357888 Links: 1 Clusters: 141738 ctime: 0x66911b56 0x316edcb8 -- Fri Jul 12 06:02:30.829349048 2024 atime: 0x66911d6b 0x7f7a28d -- Fri Jul 12 06:11:23.133669517 2024 mtime: 0x66911b56 0x12ed75d7 -- Fri Jul 12 06:02:30.317552087 2024 dtime: 0x0 -- Wed Dec 31 17:00:00 1969 Refcount Block: 2777346 Last Extblk: 2886943 Orphan Slot: 0 Sub Alloc Slot: 0 Sub Alloc Bit: 14 Tree Depth: 1 Count: 227 Next Free Rec: 230 ## Offset Clusters Block# 0 0 2310 2776351 1 2310 2139 2777375 2 4449 1221 2778399 3 5670 731 2779423 4 6401 566 2780447 ....... .... ....... ....... .... ....... The issue was in the reflink workfow while reserving space for inline xattr. The problematic function is ocfs2_reflink_xattr_inline(). By the time this function is called the reflink tree is already recreated at the destination inode from the source inode. At this point, this function reserves space for inline xattrs at the destination inode without even checking if there is space at the root metadata block. It simply reduces the l_count from 243 to 227 thereby making space of 256 bytes for inline xattr whereas the inode already has extents beyond this index (in this case upto 230), thereby causing corruption. The fix for this is to reserve space for inline metadata at the destination inode before the reflink tree gets recreated. The customer has verified the fix. Fixes: ef962df057aa ("ocfs2: xattr: fix inlined xattr reflink") Cc: stable(a)vger.kernel.org Signed-off-by: Gautham Ananthakrishna <gautham.ananthakrishna(a)oracle.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> --- fs/ocfs2/refcounttree.c | 26 ++++++++++++++++++++++++-- fs/ocfs2/xattr.c | 11 +---------- 2 files changed, 25 insertions(+), 12 deletions(-) diff --git a/fs/ocfs2/refcounttree.c b/fs/ocfs2/refcounttree.c index 3f80a56d0d60..05105d271fc8 100644 --- a/fs/ocfs2/refcounttree.c +++ b/fs/ocfs2/refcounttree.c @@ -25,6 +25,7 @@ #include "namei.h" #include "ocfs2_trace.h" #include "file.h" +#include "symlink.h" #include <linux/bio.h> #include <linux/blkdev.h> @@ -4155,8 +4156,9 @@ static int __ocfs2_reflink(struct dentry *old_dentry, int ret; struct inode *inode = d_inode(old_dentry); struct buffer_head *new_bh = NULL; + struct ocfs2_inode_info *oi = OCFS2_I(inode); - if (OCFS2_I(inode)->ip_flags & OCFS2_INODE_SYSTEM_FILE) { + if (oi->ip_flags & OCFS2_INODE_SYSTEM_FILE) { ret = -EINVAL; mlog_errno(ret); goto out; @@ -4182,6 +4184,26 @@ static int __ocfs2_reflink(struct dentry *old_dentry, goto out_unlock; } + if ((oi->ip_dyn_features & OCFS2_HAS_XATTR_FL) && + (oi->ip_dyn_features & OCFS2_INLINE_XATTR_FL)) { + /* + * Adjust extent record count to reserve space for extended attribute. + * Inline data count had been adjusted in ocfs2_duplicate_inline_data(). + */ + struct ocfs2_inode_info *new_oi = OCFS2_I(new_inode); + + if (!(new_oi->ip_dyn_features & OCFS2_INLINE_DATA_FL) && + !(ocfs2_inode_is_fast_symlink(new_inode))) { + struct ocfs2_dinode *new_di = new_bh->b_data; + struct ocfs2_dinode *old_di = old_bh->b_data; + struct ocfs2_extent_list *el = &new_di->id2.i_list; + int inline_size = le16_to_cpu(old_di->i_xattr_inline_size); + + le16_add_cpu(&el->l_count, -(inline_size / + sizeof(struct ocfs2_extent_rec))); + } + } + ret = ocfs2_create_reflink_node(inode, old_bh, new_inode, new_bh, preserve); if (ret) { @@ -4189,7 +4211,7 @@ static int __ocfs2_reflink(struct dentry *old_dentry, goto inode_unlock; } - if (OCFS2_I(inode)->ip_dyn_features & OCFS2_HAS_XATTR_FL) { + if (oi->ip_dyn_features & OCFS2_HAS_XATTR_FL) { ret = ocfs2_reflink_xattrs(inode, old_bh, new_inode, new_bh, preserve); diff --git a/fs/ocfs2/xattr.c b/fs/ocfs2/xattr.c index 3b81213ed7b8..a9f716ec89e2 100644 --- a/fs/ocfs2/xattr.c +++ b/fs/ocfs2/xattr.c @@ -6511,16 +6511,7 @@ static int ocfs2_reflink_xattr_inline(struct ocfs2_xattr_reflink *args) } new_oi = OCFS2_I(args->new_inode); - /* - * Adjust extent record count to reserve space for extended attribute. - * Inline data count had been adjusted in ocfs2_duplicate_inline_data(). - */ - if (!(new_oi->ip_dyn_features & OCFS2_INLINE_DATA_FL) && - !(ocfs2_inode_is_fast_symlink(args->new_inode))) { - struct ocfs2_extent_list *el = &new_di->id2.i_list; - le16_add_cpu(&el->l_count, -(inline_size / - sizeof(struct ocfs2_extent_rec))); - } + spin_lock(&new_oi->ip_lock); new_oi->ip_dyn_features |= OCFS2_HAS_XATTR_FL | OCFS2_INLINE_XATTR_FL; new_di->i_dyn_features = cpu_to_le16(new_oi->ip_dyn_features); -- 2.39.3

1 year, 3 months

2
1
0 0

FAILED: patch "[PATCH] selftests: mptcp: join: restrict fullmesh endp on 1st sf" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 49ac6f05ace5bb0070c68a0193aa05d3c25d4c83 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024091343-excusably-laborer-3bef@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 49ac6f05ace5 ("selftests: mptcp: join: restrict fullmesh endp on 1st sf") 4878f9f8421f ("selftests: mptcp: join: validate fullmesh endp on 1st sf") e571fb09c893 ("selftests: mptcp: add speed env var") 4aadde088a58 ("selftests: mptcp: add fullmesh env var") 080b7f5733fd ("selftests: mptcp: add fastclose env var") 662aa22d7dcd ("selftests: mptcp: set all env vars as local ones") 9e9d176df8e9 ("selftests: mptcp: add pm_nl_set_endpoint helper") 1534f87ee0dc ("selftests: mptcp: drop sflags parameter") 595ef566a2ef ("selftests: mptcp: drop addr_nr_ns1/2 parameters") 0c93af1f8907 ("selftests: mptcp: drop test_linkfail parameter") be7e9786c915 ("selftests: mptcp: set FAILING_LINKS in run_tests") 4369c198e599 ("selftests: mptcp: test userspace pm out of transfer") ae947bb2c253 ("selftests: mptcp: join: skip Fastclose tests if not supported") d4c81bbb8600 ("selftests: mptcp: join: support local endpoint being tracked or not") 4a0b866a3f7d ("selftests: mptcp: join: skip test if iptables/tc cmds fail") 0c4cd3f86a40 ("selftests: mptcp: join: use 'iptables-legacy' if available") 6c160b636c91 ("selftests: mptcp: update userspace pm subflow tests") 48d73f609dcc ("selftests: mptcp: update userspace pm addr tests") 8697a258ae24 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 49ac6f05ace5bb0070c68a0193aa05d3c25d4c83 Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Tue, 10 Sep 2024 21:06:36 +0200 Subject: [PATCH] selftests: mptcp: join: restrict fullmesh endp on 1st sf A new endpoint using the IP of the initial subflow has been recently added to increase the code coverage. But it breaks the test when using old kernels not having commit 86e39e04482b ("mptcp: keep track of local endpoint still available for each msk"), e.g. on v5.15. Similar to commit d4c81bbb8600 ("selftests: mptcp: join: support local endpoint being tracked or not"), it is possible to add the new endpoint conditionally, by checking if "mptcp_pm_subflow_check_next" is present in kallsyms: this is not directly linked to the commit introducing this symbol but for the parent one which is linked anyway. So we can know in advance what will be the expected behaviour, and add the new endpoint only when it makes sense to do so. Fixes: 4878f9f8421f ("selftests: mptcp: join: validate fullmesh endp on 1st sf") Cc: stable(a)vger.kernel.org Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20240910-net-selftests-mptcp-fix-install-v1-1-8f12… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index a4762c49a878..cde041c93906 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -3064,7 +3064,9 @@ fullmesh_tests() pm_nl_set_limits $ns1 1 3 pm_nl_set_limits $ns2 1 3 pm_nl_add_endpoint $ns1 10.0.2.1 flags signal - pm_nl_add_endpoint $ns2 10.0.1.2 flags subflow,fullmesh + if mptcp_lib_kallsyms_has "mptcp_pm_subflow_check_next$"; then + pm_nl_add_endpoint $ns2 10.0.1.2 flags subflow,fullmesh + fi fullmesh=1 speed=slow \ run_tests $ns1 $ns2 10.0.1.1 chk_join_nr 3 3 3

1 year, 3 months

2
1
0 0

[PATCH] rust: sync: fix incorrect Sync bounds for LockedBy

by Alice Ryhl

The `impl Sync for LockedBy` implementation has insufficient trait bounds, as it only requires `T: Send`. However, `T: Sync` is also required for soundness because the `LockedBy::access` method could be used to provide shared access to the inner value from several threads in parallel. Cc: stable(a)vger.kernel.org Fixes: 7b1f55e3a984 ("rust: sync: introduce `LockedBy`") Signed-off-by: Alice Ryhl <aliceryhl(a)google.com> --- rust/kernel/sync/locked_by.rs | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/rust/kernel/sync/locked_by.rs b/rust/kernel/sync/locked_by.rs index babc731bd5f6..153ba4edcb03 100644 --- a/rust/kernel/sync/locked_by.rs +++ b/rust/kernel/sync/locked_by.rs @@ -83,9 +83,10 @@ pub struct LockedBy<T: ?Sized, U: ?Sized> { // SAFETY: `LockedBy` can be transferred across thread boundaries iff the data it protects can. unsafe impl<T: ?Sized + Send, U: ?Sized> Send for LockedBy<T, U> {} -// SAFETY: `LockedBy` serialises the interior mutability it provides, so it is `Sync` as long as the -// data it protects is `Send`. -unsafe impl<T: ?Sized + Send, U: ?Sized> Sync for LockedBy<T, U> {} +// SAFETY: Shared access to the `LockedBy` can provide both `&mut T` references in a synchronized +// manner, or `&T` access in an unsynchronized manner. The `Send` trait is sufficient for the first +// case, and `Sync` is sufficient for the second case. +unsafe impl<T: ?Sized + Send + Sync, U: ?Sized> Sync for LockedBy<T, U> {} impl<T, U> LockedBy<T, U> { /// Constructs a new instance of [`LockedBy`]. @@ -127,7 +128,7 @@ pub fn access<'a>(&'a self, owner: &'a U) -> &'a T { panic!("mismatched owners"); } - // SAFETY: `owner` is evidence that the owner is locked. + // SAFETY: `owner` is evidence that there are only shared references to the owner. unsafe { &*self.data.get() } } --- base-commit: 93dc3be19450447a3a7090bd1dfb9f3daac3e8d2 change-id: 20240912-locked-by-sync-fix-07193df52f98 Best regards, -- Alice Ryhl <aliceryhl(a)google.com>

1 year, 3 months

4
6
0 0

+ zram-free-secondary-algorithms-names.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: zram: free secondary algorithms names has been added to the -mm mm-unstable branch. Its filename is zram-free-secondary-algorithms-names.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Sergey Senozhatsky <senozhatsky(a)chromium.org> Subject: zram: free secondary algorithms names Date: Wed, 11 Sep 2024 11:54:56 +0900 We need to kfree() secondary algorithms names when reset zram device that had multi-streams, otherwise we leak memory. Link: https://lkml.kernel.org/r/20240911025600.3681789-1-senozhatsky@chromium.org Fixes: 001d92735701 ("zram: add recompression algorithm sysfs knob") Signed-off-by: Sergey Senozhatsky <senozhatsky(a)chromium.org> Cc: Minchan Kim <minchan(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/block/zram/zram_drv.c | 7 +++++++ 1 file changed, 7 insertions(+) --- a/drivers/block/zram/zram_drv.c~zram-free-secondary-algorithms-names +++ a/drivers/block/zram/zram_drv.c @@ -2112,6 +2112,13 @@ static void zram_destroy_comps(struct zr zram->num_active_comps--; } + for (prio = ZRAM_SECONDARY_COMP; prio < ZRAM_MAX_COMPS; prio++) { + if (!zram->comp_algs[prio]) + continue; + kfree(zram->comp_algs[prio]); + zram->comp_algs[prio] = NULL; + } + zram_comp_params_reset(zram); } _ Patches currently in -mm which might be from senozhatsky(a)chromium.org are zsmalloc-use-unique-zsmalloc-caches-names.patch zram-free-secondary-algorithms-names.patch

1 year, 3 months

1
0
0 0

[PATCH v3] dt-bindings: serial: rs485: Fix rs485-rts-delay property

by Michal Simek

Code expects array only with 2 items which should be checked. But also item checking is not working as it should likely because of incorrect items description. Fixes: d50f974c4f7f ("dt-bindings: serial: Convert rs485 bindings to json-schema") Signed-off-by: Michal Simek <michal.simek(a)amd.com> Cc: <stable(a)vger.kernel.org> --- Changes in v3: - Remove incorrectly assigned value for the first item 50/100 because of my testing Changes in v2: - Remove maxItems properties which are not needed - Add stable ML to CC .../devicetree/bindings/serial/rs485.yaml | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/Documentation/devicetree/bindings/serial/rs485.yaml b/Documentation/devicetree/bindings/serial/rs485.yaml index 9418fd66a8e9..b93254ad2a28 100644 --- a/Documentation/devicetree/bindings/serial/rs485.yaml +++ b/Documentation/devicetree/bindings/serial/rs485.yaml @@ -18,16 +18,15 @@ properties: description: prop-encoded-array <a b> $ref: /schemas/types.yaml#/definitions/uint32-array items: - items: - - description: Delay between rts signal and beginning of data sent in - milliseconds. It corresponds to the delay before sending data. - default: 0 - maximum: 100 - - description: Delay between end of data sent and rts signal in milliseconds. - It corresponds to the delay after sending data and actual release - of the line. - default: 0 - maximum: 100 + - description: Delay between rts signal and beginning of data sent in + milliseconds. It corresponds to the delay before sending data. + default: 0 + maximum: 100 + - description: Delay between end of data sent and rts signal in milliseconds. + It corresponds to the delay after sending data and actual release + of the line. + default: 0 + maximum: 100 rs485-rts-active-high: description: drive RTS high when sending (this is the default). -- 2.43.0

1 year, 3 months

2
1
0 0

+ ocfs2-reserve-space-for-inline-xattr-before-attaching-reflink-tree.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: ocfs2: reserve space for inline xattr before attaching reflink tree has been added to the -mm mm-hotfixes-unstable branch. Its filename is ocfs2-reserve-space-for-inline-xattr-before-attaching-reflink-tree.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Gautham Ananthakrishna <gautham.ananthakrishna(a)oracle.com> Subject: ocfs2: reserve space for inline xattr before attaching reflink tree Date: Thu, 12 Sep 2024 06:47:20 +0000 One of our customers reported a crash and a corrupted ocfs2 filesystem. The crash was due to the detection of corruption. Upon troubleshooting, the fsck -fn output showed the below corruption [EXTENT_LIST_FREE] Extent list in owner 33080590 claims 230 as the next free chain record, but fsck believes the largest valid value is 227. Clamp the next record value? n The stat output from the debugfs.ocfs2 showed the following corruption where the "Next Free Rec:" had overshot the "Count:" in the root metadata block. Inode: 33080590 Mode: 0640 Generation: 2619713622 (0x9c25a856) FS Generation: 904309833 (0x35e6ac49) CRC32: 00000000 ECC: 0000 Type: Regular Attr: 0x0 Flags: Valid Dynamic Features: (0x16) HasXattr InlineXattr Refcounted Extended Attributes Block: 0 Extended Attributes Inline Size: 256 User: 0 (root) Group: 0 (root) Size: 281320357888 Links: 1 Clusters: 141738 ctime: 0x66911b56 0x316edcb8 -- Fri Jul 12 06:02:30.829349048 2024 atime: 0x66911d6b 0x7f7a28d -- Fri Jul 12 06:11:23.133669517 2024 mtime: 0x66911b56 0x12ed75d7 -- Fri Jul 12 06:02:30.317552087 2024 dtime: 0x0 -- Wed Dec 31 17:00:00 1969 Refcount Block: 2777346 Last Extblk: 2886943 Orphan Slot: 0 Sub Alloc Slot: 0 Sub Alloc Bit: 14 Tree Depth: 1 Count: 227 Next Free Rec: 230 ## Offset Clusters Block# 0 0 2310 2776351 1 2310 2139 2777375 2 4449 1221 2778399 3 5670 731 2779423 4 6401 566 2780447 ....... .... ....... ....... .... ....... The issue was in the reflink workfow while reserving space for inline xattr. The problematic function is ocfs2_reflink_xattr_inline(). By the time this function is called the reflink tree is already recreated at the destination inode from the source inode. At this point, this function reserves space for inline xattrs at the destination inode without even checking if there is space at the root metadata block. It simply reduces the l_count from 243 to 227 thereby making space of 256 bytes for inline xattr whereas the inode already has extents beyond this index (in this case upto 230), thereby causing corruption. The fix for this is to reserve space for inline metadata at the destination inode before the reflink tree gets recreated. The customer has verified the fix. Link: https://lkml.kernel.org/r/20240912064720.898600-1-gautham.ananthakrishna@or… Fixes: ef962df057aa ("ocfs2: xattr: fix inlined xattr reflink") Signed-off-by: Gautham Ananthakrishna <gautham.ananthakrishna(a)oracle.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Gang He <ghe(a)suse.com> Cc: Jun Piao <piaojun(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/refcounttree.c | 26 ++++++++++++++++++++++++-- fs/ocfs2/xattr.c | 11 +---------- 2 files changed, 25 insertions(+), 12 deletions(-) --- a/fs/ocfs2/refcounttree.c~ocfs2-reserve-space-for-inline-xattr-before-attaching-reflink-tree +++ a/fs/ocfs2/refcounttree.c @@ -25,6 +25,7 @@ #include "namei.h" #include "ocfs2_trace.h" #include "file.h" +#include "symlink.h" #include <linux/bio.h> #include <linux/blkdev.h> @@ -4155,8 +4156,9 @@ static int __ocfs2_reflink(struct dentry int ret; struct inode *inode = d_inode(old_dentry); struct buffer_head *new_bh = NULL; + struct ocfs2_inode_info *oi = OCFS2_I(inode); - if (OCFS2_I(inode)->ip_flags & OCFS2_INODE_SYSTEM_FILE) { + if (oi->ip_flags & OCFS2_INODE_SYSTEM_FILE) { ret = -EINVAL; mlog_errno(ret); goto out; @@ -4182,6 +4184,26 @@ static int __ocfs2_reflink(struct dentry goto out_unlock; } + if ((oi->ip_dyn_features & OCFS2_HAS_XATTR_FL) && + (oi->ip_dyn_features & OCFS2_INLINE_XATTR_FL)) { + /* + * Adjust extent record count to reserve space for extended attribute. + * Inline data count had been adjusted in ocfs2_duplicate_inline_data(). + */ + struct ocfs2_inode_info *new_oi = OCFS2_I(new_inode); + + if (!(new_oi->ip_dyn_features & OCFS2_INLINE_DATA_FL) && + !(ocfs2_inode_is_fast_symlink(new_inode))) { + struct ocfs2_dinode *new_di = new_bh->b_data; + struct ocfs2_dinode *old_di = old_bh->b_data; + struct ocfs2_extent_list *el = &new_di->id2.i_list; + int inline_size = le16_to_cpu(old_di->i_xattr_inline_size); + + le16_add_cpu(&el->l_count, -(inline_size / + sizeof(struct ocfs2_extent_rec))); + } + } + ret = ocfs2_create_reflink_node(inode, old_bh, new_inode, new_bh, preserve); if (ret) { @@ -4189,7 +4211,7 @@ static int __ocfs2_reflink(struct dentry goto inode_unlock; } - if (OCFS2_I(inode)->ip_dyn_features & OCFS2_HAS_XATTR_FL) { + if (oi->ip_dyn_features & OCFS2_HAS_XATTR_FL) { ret = ocfs2_reflink_xattrs(inode, old_bh, new_inode, new_bh, preserve); --- a/fs/ocfs2/xattr.c~ocfs2-reserve-space-for-inline-xattr-before-attaching-reflink-tree +++ a/fs/ocfs2/xattr.c @@ -6520,16 +6520,7 @@ static int ocfs2_reflink_xattr_inline(st } new_oi = OCFS2_I(args->new_inode); - /* - * Adjust extent record count to reserve space for extended attribute. - * Inline data count had been adjusted in ocfs2_duplicate_inline_data(). - */ - if (!(new_oi->ip_dyn_features & OCFS2_INLINE_DATA_FL) && - !(ocfs2_inode_is_fast_symlink(args->new_inode))) { - struct ocfs2_extent_list *el = &new_di->id2.i_list; - le16_add_cpu(&el->l_count, -(inline_size / - sizeof(struct ocfs2_extent_rec))); - } + spin_lock(&new_oi->ip_lock); new_oi->ip_dyn_features |= OCFS2_HAS_XATTR_FL | OCFS2_INLINE_XATTR_FL; new_di->i_dyn_features = cpu_to_le16(new_oi->ip_dyn_features); _ Patches currently in -mm which might be from gautham.ananthakrishna(a)oracle.com are ocfs2-reserve-space-for-inline-xattr-before-attaching-reflink-tree.patch

1 year, 3 months

1
0
0 0

[PATCH] crypto: Fix logical operator in _aead_recvmsg()

by George Rurikov

From: MrRurikov <grurikovsherbakov(a)yandex.ru> After having been compared to a NULL value at algif_aead.c:191, pointer 'tsgl_src' is passed as 2nd parameter in call to function 'crypto_aead_copy_sgl' at algif_aead.c:244, where it is dereferenced at algif_aead.c:85. Change logical operator from && to || because pointer 'tsgl_src' is NULL, then 'proccessed' will still be non-null Found by Linux Verification Center (linuxtesting.org) with SVACE. Cc: stable(a)vger.kernel.org Fixes: 2d97591ef43d ("crypto: af_alg - consolidation of duplicate code") Signed-off-by: MrRurikov <grurikovsherbakov(a)yandex.ru> --- crypto/algif_aead.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/algif_aead.c b/crypto/algif_aead.c index 7d58cbbce4af..135f09a4b3f8 100644 --- a/crypto/algif_aead.c +++ b/crypto/algif_aead.c @@ -191,7 +191,7 @@ static int _aead_recvmsg(struct socket *sock, struct msghdr *msg, if (tsgl_src) break; } - if (processed && !tsgl_src) { + if (processed || !tsgl_src) { err = -EFAULT; goto free; } -- 2.34.1 Заявление о конфиденциальности Данное электронное письмо и любые приложения к нему являются конфиденциальными и предназначены исключительно для адресата. Если Вы не являетесь адресатом данного письма, пожалуйста, уведомите немедленно отправителя, не раскрывайте содержание другим лицам, не используйте его в каких-либо целях, не храните и не копируйте информацию любым способом.

1 year, 3 months

4
3
0 0

[PATCH v5.4-v4.19] gpio: prevent potential speculation leaks in gpio_device_get_desc()

by hsimeliere.opensource＠witekio.com

From: Hagar Hemdan <hagarhem(a)amazon.com> commit d795848ecce24a75dfd46481aee066ae6fe39775 upstream. Userspace may trigger a speculative read of an address outside the gpio descriptor array. Users can do that by calling gpio_ioctl() with an offset out of range. Offset is copied from user and then used as an array index to get the gpio descriptor without sanitization in gpio_device_get_desc(). This change ensures that the offset is sanitized by using array_index_nospec() to mitigate any possibility of speculative information leaks. This bug was discovered and resolved using Coverity Static Analysis Security Testing (SAST) by Synopsys, Inc. Signed-off-by: Hagar Hemdan <hagarhem(a)amazon.com> Link: https://lore.kernel.org/r/20240523085332.1801-1-hagarhem@amazon.com Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource(a)witekio.com> --- drivers/gpio/gpiolib.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c index abdf448b11a3..f83b2214d704 100644 --- a/drivers/gpio/gpiolib.c +++ b/drivers/gpio/gpiolib.c @@ -4,6 +4,7 @@ #include <linux/module.h> #include <linux/interrupt.h> #include <linux/irq.h> +#include <linux/nospec.h> #include <linux/spinlock.h> #include <linux/list.h> #include <linux/device.h> @@ -147,7 +148,7 @@ struct gpio_desc *gpiochip_get_desc(struct gpio_chip *chip, if (hwnum >= gdev->ngpio) return ERR_PTR(-EINVAL); - return &gdev->descs[hwnum]; + return &gdev->descs[array_index_nospec(hwnum, gdev->ngpio)]; } /** -- 2.43.0

1 year, 3 months

1
0
0 0

[PATCH v6.1-v5.10] gpio: prevent potential speculation leaks in gpio_device_get_desc()

by hsimeliere.opensource＠witekio.com

From: Hagar Hemdan <hagarhem(a)amazon.com> commit d795848ecce24a75dfd46481aee066ae6fe39775 upstream. Userspace may trigger a speculative read of an address outside the gpio descriptor array. Users can do that by calling gpio_ioctl() with an offset out of range. Offset is copied from user and then used as an array index to get the gpio descriptor without sanitization in gpio_device_get_desc(). This change ensures that the offset is sanitized by using array_index_nospec() to mitigate any possibility of speculative information leaks. This bug was discovered and resolved using Coverity Static Analysis Security Testing (SAST) by Synopsys, Inc. Signed-off-by: Hagar Hemdan <hagarhem(a)amazon.com> Link: https://lore.kernel.org/r/20240523085332.1801-1-hagarhem@amazon.com Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource(a)witekio.com> --- drivers/gpio/gpiolib.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c index 9d8c78312403..a0c1dabd2939 100644 --- a/drivers/gpio/gpiolib.c +++ b/drivers/gpio/gpiolib.c @@ -5,6 +5,7 @@ #include <linux/module.h> #include <linux/interrupt.h> #include <linux/irq.h> +#include <linux/nospec.h> #include <linux/spinlock.h> #include <linux/list.h> #include <linux/device.h> @@ -146,7 +147,7 @@ struct gpio_desc *gpiochip_get_desc(struct gpio_chip *gc, if (hwnum >= gdev->ngpio) return ERR_PTR(-EINVAL); - return &gdev->descs[hwnum]; + return &gdev->descs[array_index_nospec(hwnum, gdev->ngpio)]; } EXPORT_SYMBOL_GPL(gpiochip_get_desc); -- 2.43.0

1 year, 3 months

1
0
0 0

Re: [PATCH 6.10 000/121] 6.10.11-rc1 review

by Ronald Warsow

Hi Greg no regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

1 year, 3 months

1
0
0 0

[PATCH 6.10] LoongArch: KVM: Remove unnecessary definition of KVM_PRIVATE_MEM_SLOTS

by WangYuli

From: Yuli Wang <wangyuli(a)uniontech.com> [ Upstream commit 296b03ce389b4f7b3d7ea5664e53d432fb17e745 ] 1. "KVM_PRIVATE_MEM_SLOTS" is renamed as "KVM_INTERNAL_MEM_SLOTS". 2. "KVM_INTERNAL_MEM_SLOTS" defaults to zero, so it is not necessary to define it in LoongArch's asm/kvm_host.h. Link: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… Link: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… Reviewed-by: Bibo Mao <maobibo(a)loongson.cn> Signed-off-by: Wentao Guan <guanwentao(a)uniontech.com> Signed-off-by: Yuli Wang <wangyuli(a)uniontech.com> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- arch/loongarch/include/asm/kvm_host.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/arch/loongarch/include/asm/kvm_host.h b/arch/loongarch/include/asm/kvm_host.h index c87b6ea0ec47..d348005d143e 100644 --- a/arch/loongarch/include/asm/kvm_host.h +++ b/arch/loongarch/include/asm/kvm_host.h @@ -26,8 +26,6 @@ #define KVM_MAX_VCPUS 256 #define KVM_MAX_CPUCFG_REGS 21 -/* memory slots that does not exposed to userspace */ -#define KVM_PRIVATE_MEM_SLOTS 0 #define KVM_HALT_POLL_NS_DEFAULT 500000 -- 2.43.0

1 year, 3 months

2
1
0 0

[PATCH v2 3/6] tpm: Return on tpm2_create_primary() failure in tpm2_load_null()

by Jarkko Sakkinen

tpm2_load_null() ignores the return value of tpm2_create_primary(). Further, it does not heal from the situation when memcmp() returns zero. Address this by returning on failure and saving the null key if there was no detected interference in the bus. Cc: stable(a)vger.kernel.org # v6.11+ Fixes: eb24c9788cd9 ("tpm: disable the TPM if NULL name changes") Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- v2: - Refined the commit message. - Reverted tpm2_create_primary() changes. They are not required if tmp_null_key is used as the parameter. --- drivers/char/tpm/tpm2-sessions.c | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c index d63510ad44ab..9c0356d7ce5e 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -850,22 +850,32 @@ static int tpm2_parse_start_auth_session(struct tpm2_auth *auth, static int tpm2_load_null(struct tpm_chip *chip, u32 *null_key) { - int rc; unsigned int offset = 0; /* dummy offset for null seed context */ u8 name[SHA256_DIGEST_SIZE + 2]; + u32 tmp_null_key; + int rc; rc = tpm2_load_context(chip, chip->null_key_context, &offset, - null_key); - if (rc != -EINVAL) + &tmp_null_key); + if (rc != -EINVAL) { + if (!rc) + *null_key = tmp_null_key; return rc; + } /* an integrity failure may mean the TPM has been reset */ dev_err(&chip->dev, "NULL key integrity failure!\n"); - /* check the null name against what we know */ - tpm2_create_primary(chip, TPM2_RH_NULL, NULL, name); - if (memcmp(name, chip->null_key_name, sizeof(name)) == 0) - /* name unchanged, assume transient integrity failure */ + + rc = tpm2_create_primary(chip, TPM2_RH_NULL, &tmp_null_key, name); + if (rc) return rc; + + /* Return the null key if the name has not been changed: */ + if (memcmp(name, chip->null_key_name, sizeof(name)) == 0) { + *null_key = tmp_null_key; + return 0; + } + /* * Fatal TPM failure: the NULL seed has actually changed, so * the TPM must have been illegally reset. All in-kernel TPM @@ -874,6 +884,7 @@ static int tpm2_load_null(struct tpm_chip *chip, u32 *null_key) * userspace programmes can't be compromised by it. */ dev_err(&chip->dev, "NULL name has changed, disabling TPM due to interference\n"); + tpm2_flush_context(chip, tmp_null_key); chip->flags |= TPM_CHIP_FLAG_DISABLE; return rc; -- 2.46.0

1 year, 3 months

1
0
0 0

[PATCH v2 2/6] tpm: Return on tpm2_create_null_primary() failure

by Jarkko Sakkinen

tpm2_sessions_init() ignores the return value of tpm2_create_null_primary(). Address this by returning on failure. Cc: stable(a)vger.kernel.org # v6.11+ Fixes: d2add27cf2b8 ("tpm: Add NULL primary creation") Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- v2: - Refined the commit message. --- drivers/char/tpm/tpm2-sessions.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c index 6cc1ea81c57c..d63510ad44ab 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -1288,8 +1288,10 @@ int tpm2_sessions_init(struct tpm_chip *chip) int rc; rc = tpm2_create_null_primary(chip); - if (rc) + if (rc) { dev_err(&chip->dev, "TPM: security failed (NULL seed derivation): %d\n", rc); + return rc; + } chip->auth = kmalloc(sizeof(*chip->auth), GFP_KERNEL); if (!chip->auth) -- 2.46.0

1 year, 3 months

1
0
0 0

[PATCH 6.6] drm/amd/display: Fix subvp+drr logic errors

by Murad Masimov

From: Alvin Lee <alvin.lee2(a)amd.com> commit 8a0f02b7beed7b2b768dbdf3b79960de68f460c5 upstream. [Why] There is some logic error where the wrong variable was used to check for OTG_MASTER and DPP_PIPE. [How] Add booleans to confirm that the expected pipes were found before validating schedulability. Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Acked-by: Rodrigo Siqueira <rodrigo.siqueira(a)amd.com> Reviewed-by: Samson Tam <samson.tam(a)amd.com> Reviewed-by: Chaitanya Dhere <chaitanya.dhere(a)amd.com> Signed-off-by: Alvin Lee <alvin.lee2(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Murad Masimov <m.masimov(a)maxima.ru> --- .../drm/amd/display/dc/dml/dcn32/dcn32_fpu.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c b/drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c index 3d82cbef1274..7160380d5690 100644 --- a/drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c +++ b/drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c @@ -879,6 +879,8 @@ static bool subvp_drr_schedulable(struct dc *dc, struct dc_state *context) int16_t stretched_drr_us = 0; int16_t drr_stretched_vblank_us = 0; int16_t max_vblank_mallregion = 0; + bool subvp_found = false; + bool drr_found = false; // Find SubVP pipe for (i = 0; i < dc->res_pool->pipe_count; i++) { @@ -891,8 +893,10 @@ static bool subvp_drr_schedulable(struct dc *dc, struct dc_state *context) continue; // Find the SubVP pipe - if (pipe->stream->mall_stream_config.type == SUBVP_MAIN) + if (pipe->stream->mall_stream_config.type == SUBVP_MAIN) { + subvp_found = true; break; + } } // Find the DRR pipe @@ -900,15 +904,20 @@ static bool subvp_drr_schedulable(struct dc *dc, struct dc_state *context) drr_pipe = &context->res_ctx.pipe_ctx[i]; // We check for master pipe only - if (!resource_is_pipe_type(pipe, OTG_MASTER) || - !resource_is_pipe_type(pipe, DPP_PIPE)) + if (!resource_is_pipe_type(drr_pipe, OTG_MASTER) || + !resource_is_pipe_type(drr_pipe, DPP_PIPE)) continue; if (drr_pipe->stream->mall_stream_config.type == SUBVP_NONE && drr_pipe->stream->ignore_msa_timing_param && - (drr_pipe->stream->allow_freesync || drr_pipe->stream->vrr_active_variable)) + (drr_pipe->stream->allow_freesync || drr_pipe->stream->vrr_active_variable)) { + drr_found = true; break; + } } + if (!subvp_found || !drr_found) + return false; + main_timing = &pipe->stream->timing; phantom_timing = &pipe->stream->mall_stream_config.paired_stream->timing; drr_timing = &drr_pipe->stream->timing; -- 2.39.2

1 year, 3 months

1
0
0 0

[PATCH 6.1] drm/amd/display: Fix subvp+drr logic errors

by Murad Masimov

From: Alvin Lee <alvin.lee2(a)amd.com> commit 8a0f02b7beed7b2b768dbdf3b79960de68f460c5 upstream. [Why] There is some logic error where the wrong variable was used to check for OTG_MASTER and DPP_PIPE. [How] Add booleans to confirm that the expected pipes were found before validating schedulability. Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Acked-by: Rodrigo Siqueira <rodrigo.siqueira(a)amd.com> Reviewed-by: Samson Tam <samson.tam(a)amd.com> Reviewed-by: Chaitanya Dhere <chaitanya.dhere(a)amd.com> Signed-off-by: Alvin Lee <alvin.lee2(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> [m.masimov(a)maxima.ru: In order to adapt this patch to branch 6.1 only changes related to finding the SubVP pipe were applied as in 6.1 drr_pipe is passed as a function argument.] Signed-off-by: Murad Masimov <m.masimov(a)maxima.ru> --- drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c b/drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c index 85e0d1c2a908..4b0719392d28 100644 --- a/drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c +++ b/drivers/gpu/drm/amd/display/dc/dml/dcn32/dcn32_fpu.c @@ -862,6 +862,7 @@ static bool subvp_drr_schedulable(struct dc *dc, struct dc_state *context, struc int16_t stretched_drr_us = 0; int16_t drr_stretched_vblank_us = 0; int16_t max_vblank_mallregion = 0; + bool subvp_found = false; // Find SubVP pipe for (i = 0; i < dc->res_pool->pipe_count; i++) { @@ -873,10 +874,15 @@ static bool subvp_drr_schedulable(struct dc *dc, struct dc_state *context, struc continue; // Find the SubVP pipe - if (pipe->stream->mall_stream_config.type == SUBVP_MAIN) + if (pipe->stream->mall_stream_config.type == SUBVP_MAIN) { + subvp_found = true; break; + } } + if (!subvp_found) + return false; + main_timing = &pipe->stream->timing; phantom_timing = &pipe->stream->mall_stream_config.paired_stream->timing; drr_timing = &drr_pipe->stream->timing; -- 2.39.2

1 year, 3 months

1
0
0 0

[PATCH 6.10] LoongArch: KVM: Remove undefined a6 argument comment for kvm_hypercall()

by WangYuli

From: Dandan Zhang <zhangdandan(a)uniontech.com> The kvm_hypercall() set for LoongArch is limited to a1-a5. So the mention of a6 in the comment is undefined that needs to be rectified. Reviewed-by: Bibo Mao <maobibo(a)loongson.cn> Signed-off-by: Wentao Guan <guanwentao(a)uniontech.com> Signed-off-by: Dandan Zhang <zhangdandan(a)uniontech.com> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> --- arch/loongarch/include/asm/kvm_para.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/loongarch/include/asm/kvm_para.h b/arch/loongarch/include/asm/kvm_para.h index 4ba2312e5f8c..6d5e9b6c5714 100644 --- a/arch/loongarch/include/asm/kvm_para.h +++ b/arch/loongarch/include/asm/kvm_para.h @@ -28,9 +28,9 @@ * Hypercall interface for KVM hypervisor * * a0: function identifier - * a1-a6: args + * a1-a5: args * Return value will be placed in a0. - * Up to 6 arguments are passed in a1, a2, a3, a4, a5, a6. + * Up to 5 arguments are passed in a1, a2, a3, a4, a5. */ static __always_inline long kvm_hypercall0(u64 fid) { -- 2.43.0

1 year, 3 months

2
2
0 0

[PATCH] HID: plantronics: Additional PID for double volume key presses quirk

by Wade Wang

Add the below headsets for double volume key presses quirk Plantronics EncorePro 500 Series (047f:431e) Plantronics Blackwire_3325 Series (047f:430c) Quote from previous patch by Maxim Mikityanskiy and Terry Junge 'commit f567d6ef8606 ("HID: plantronics: Workaround for double volume key presses")' 'commit 3d57f36c89d8 ("HID: plantronics: Additional PIDs for double volume key presses quirk")' These Plantronics Series headset sends an opposite volume key following each volume key press. This patch adds a quirk to hid-plantronics for this product ID, which will ignore the second opposite volume key press if it happens within 250 ms from the last one that was handled. Cc: stable(a)vger.kernel.org Signed-off-by: Wade Wang <wade.wang(a)hp.com> --- drivers/hid/hid-ids.h | 2 ++ drivers/hid/hid-plantronics.c | 11 +++++++++++ 2 files changed, 13 insertions(+) diff --git a/drivers/hid/hid-ids.h b/drivers/hid/hid-ids.h index 781c5aa29859..a0aaac98a891 100644 --- a/drivers/hid/hid-ids.h +++ b/drivers/hid/hid-ids.h @@ -1050,6 +1050,8 @@ #define USB_DEVICE_ID_PLANTRONICS_BLACKWIRE_3220_SERIES 0xc056 #define USB_DEVICE_ID_PLANTRONICS_BLACKWIRE_3215_SERIES 0xc057 #define USB_DEVICE_ID_PLANTRONICS_BLACKWIRE_3225_SERIES 0xc058 +#define USB_DEVICE_ID_PLANTRONICS_BLACKWIRE_3325_SERIES 0x430c +#define USB_DEVICE_ID_PLANTRONICS_ENCOREPRO_500_SERIES 0x431e #define USB_VENDOR_ID_PANASONIC 0x04da #define USB_DEVICE_ID_PANABOARD_UBT780 0x1044 diff --git a/drivers/hid/hid-plantronics.c b/drivers/hid/hid-plantronics.c index 3d414ae194ac..2a19f3646ecb 100644 --- a/drivers/hid/hid-plantronics.c +++ b/drivers/hid/hid-plantronics.c @@ -38,8 +38,10 @@ (usage->hid & HID_USAGE_PAGE) == HID_UP_CONSUMER) #define PLT_QUIRK_DOUBLE_VOLUME_KEYS BIT(0) +#define PLT_QUIRK_FOLLOWED_VOLUME_UP_DN_KEYS BIT(1) #define PLT_DOUBLE_KEY_TIMEOUT 5 /* ms */ +#define PLT_FOLLOWED_KEY_TIMEOUT 250 /* ms */ struct plt_drv_data { unsigned long device_type; @@ -134,6 +136,9 @@ static int plantronics_event(struct hid_device *hdev, struct hid_field *field, cur_ts = jiffies; if (jiffies_to_msecs(cur_ts - prev_ts) <= PLT_DOUBLE_KEY_TIMEOUT) return 1; /* Ignore the repeated key. */ + if ((drv_data->quirks & PLT_QUIRK_FOLLOWED_VOLUME_UP_DN_KEYS) + && jiffies_to_msecs(cur_ts - prev_ts) <= PLT_FOLLOWED_KEY_TIMEOUT) + return 1; /* Ignore the followed volume key. */ drv_data->last_volume_key_ts = cur_ts; } @@ -210,6 +215,12 @@ static const struct hid_device_id plantronics_devices[] = { { HID_USB_DEVICE(USB_VENDOR_ID_PLANTRONICS, USB_DEVICE_ID_PLANTRONICS_BLACKWIRE_3225_SERIES), .driver_data = PLT_QUIRK_DOUBLE_VOLUME_KEYS }, + { HID_USB_DEVICE(USB_VENDOR_ID_PLANTRONICS, + USB_DEVICE_ID_PLANTRONICS_BLACKWIRE_3325_SERIES), + .driver_data = PLT_QUIRK_DOUBLE_VOLUME_KEYS|PLT_QUIRK_FOLLOWED_VOLUME_UP_DN_KEYS }, + { HID_USB_DEVICE(USB_VENDOR_ID_PLANTRONICS, + USB_DEVICE_ID_PLANTRONICS_ENCOREPRO_500_SERIES), + .driver_data = PLT_QUIRK_DOUBLE_VOLUME_KEYS|PLT_QUIRK_FOLLOWED_VOLUME_UP_DN_KEYS }, { HID_USB_DEVICE(USB_VENDOR_ID_PLANTRONICS, HID_ANY_ID) }, { } }; -- 2.34.1

1 year, 3 months

4
5
0 0

[PATCH v2] drm/xe/vram: fix ccs offset calculation

by Matthew Auld

Spec says SW is expected to round up to the nearest 128K, if not already aligned for the CC unit view of CCS. We are seeing the assert sometimes pop on BMG to tell us that there is a hole between GSM and CCS, as well as popping other asserts with having a vram size with strange alignment, which is likely caused by misaligned offset here. BSpec: 68023 Fixes: b5c2ca0372dc ("drm/xe/xe2hpg: Determine flat ccs offset for vram") Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Cc: Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> Cc: Akshata Jahagirdar <akshata.jahagirdar(a)intel.com> Cc: Shuicheng Lin <shuicheng.lin(a)intel.com> Cc: Matt Roper <matthew.d.roper(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.10+ --- drivers/gpu/drm/xe/xe_vram.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/xe/xe_vram.c b/drivers/gpu/drm/xe/xe_vram.c index 7e765b1499b1..8e65cb4cc477 100644 --- a/drivers/gpu/drm/xe/xe_vram.c +++ b/drivers/gpu/drm/xe/xe_vram.c @@ -181,6 +181,7 @@ static inline u64 get_flat_ccs_offset(struct xe_gt *gt, u64 tile_size) offset = offset_hi << 32; /* HW view bits 39:32 */ offset |= offset_lo << 6; /* HW view bits 31:6 */ + offset = round_up(offset, SZ_128K); /* SW must round up to nearest 128K */ offset *= num_enabled; /* convert to SW view */ /* We don't expect any holes */ -- 2.46.0

1 year, 3 months

5
8
0 0

[PATCH stable-6.10 regression] Revert "soundwire: stream: fix programming slave ports for non-continous port maps"

by Peter Ujfalusi

The prop->src_dpn_prop and prop.sink_dpn_prop is allocated for the _number_ of ports and it is forced as 0 index based. The original code was correct while the change to walk the bits and use their position as index into the arrays is not correct. For exmple we can have the prop.source_ports=0x2, which means we have one port, but the prop.src_dpn_prop[1] is accessing outside of the allocated memory. This reverts commit 6fa78e9c41471fe43052cd6feba6eae1b0277ae3. Cc: stable(a)vger.kernel.org # 6.10.y Signed-off-by: Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> --- Hi, The reverted patch causes major regression on soundwire causing all audio to fail. Interestingly the patch is only in 6.10.8 and 6.10.9, not in mainline or linux-next. soundwire sdw-master-0-1: Program transport params failed: -22 soundwire sdw-master-0-1: Program params failed: -22 SDW1-Playback: ASoC: error at snd_soc_link_prepare on SDW1-Playback: -22 Regards, Peter drivers/soundwire/stream.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/soundwire/stream.c b/drivers/soundwire/stream.c index 00191b1d2260..4e9e7d2a942d 100644 --- a/drivers/soundwire/stream.c +++ b/drivers/soundwire/stream.c @@ -1286,18 +1286,18 @@ struct sdw_dpn_prop *sdw_get_slave_dpn_prop(struct sdw_slave *slave, unsigned int port_num) { struct sdw_dpn_prop *dpn_prop; - unsigned long mask; + u8 num_ports; int i; if (direction == SDW_DATA_DIR_TX) { - mask = slave->prop.source_ports; + num_ports = hweight32(slave->prop.source_ports); dpn_prop = slave->prop.src_dpn_prop; } else { - mask = slave->prop.sink_ports; + num_ports = hweight32(slave->prop.sink_ports); dpn_prop = slave->prop.sink_dpn_prop; } - for_each_set_bit(i, &mask, 32) { + for (i = 0; i < num_ports; i++) { if (dpn_prop[i].num == port_num) return &dpn_prop[i]; } -- 2.46.0

1 year, 3 months

5
8
0 0

[PATCH 5.10.y] dma-buf: heaps: Fix off-by-one in CMA heap fault handler

by T.J. Mercier

commit ea5ff5d351b520524019f7ff7f9ce418de2dad87 upstream. Until VM_DONTEXPAND was added in commit 1c1914d6e8c6 ("dma-buf: heaps: Don't track CMA dma-buf pages under RssFile") it was possible to obtain a mapping larger than the buffer size via mremap and bypass the overflow check in dma_buf_mmap_internal. When using such a mapping to attempt to fault past the end of the buffer, the CMA heap fault handler also checks the fault offset against the buffer size, but gets the boundary wrong by 1. Fix the boundary check so that we don't read off the end of the pages array and insert an arbitrary page in the mapping. Reported-by: Xingyu Jin <xingyuj(a)google.com> Fixes: a5d2d29e24be ("dma-buf: heaps: Move heap-helper logic into the cma_heap implementation") Cc: stable(a)vger.kernel.org # Applicable >= 5.10. Needs adjustments only for 5.10. Signed-off-by: T.J. Mercier <tjmercier(a)google.com> Acked-by: John Stultz <jstultz(a)google.com> Signed-off-by: Sumit Semwal <sumit.semwal(a)linaro.org> Link: https://patchwork.freedesktop.org/patch/msgid/20240830192627.2546033-1-tjme… [TJ: Backport to 5.10. On this kernel the bug is located in dma_heap_vm_fault which is used by both the CMA and system heaps.] Signed-off-by: T.J. Mercier <tjmercier(a)google.com> --- drivers/dma-buf/heaps/heap-helpers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/dma-buf/heaps/heap-helpers.c b/drivers/dma-buf/heaps/heap-helpers.c index d0696cf937af..a852b5e8122f 100644 --- a/drivers/dma-buf/heaps/heap-helpers.c +++ b/drivers/dma-buf/heaps/heap-helpers.c @@ -161,7 +161,7 @@ static vm_fault_t dma_heap_vm_fault(struct vm_fault *vmf) struct vm_area_struct *vma = vmf->vma; struct heap_helper_buffer *buffer = vma->vm_private_data; - if (vmf->pgoff > buffer->pagecount) + if (vmf->pgoff >= buffer->pagecount) return VM_FAULT_SIGBUS; vmf->page = buffer->pages[vmf->pgoff]; -- 2.46.0.662.g92d0881bb0-goog

1 year, 3 months

2
4
0 0

[PATCH 6.6 v3] riscv: dts: starfive: add assigned-clock* to limit frquency

by WangYuli

From: William Qiu <william.qiu(a)starfivetech.com> [ Upstream commit af571133f7ae028ec9b5fdab78f483af13bf28d3 ] In JH7110 SoC, we need to go by-pass mode, so we need add the assigned-clock* properties to limit clock frquency. Signed-off-by: William Qiu <william.qiu(a)starfivetech.com> Reviewed-by: Emil Renner Berthing <emil.renner.berthing(a)canonical.com> Signed-off-by: Conor Dooley <conor.dooley(a)microchip.com> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> --- .../riscv/boot/dts/starfive/jh7110-starfive-visionfive-2.dtsi | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/riscv/boot/dts/starfive/jh7110-starfive-visionfive-2.dtsi b/arch/riscv/boot/dts/starfive/jh7110-starfive-visionfive-2.dtsi index 062b97c6e7df..4874e3bb42ab 100644 --- a/arch/riscv/boot/dts/starfive/jh7110-starfive-visionfive-2.dtsi +++ b/arch/riscv/boot/dts/starfive/jh7110-starfive-visionfive-2.dtsi @@ -204,6 +204,8 @@ &i2c6 { &mmc0 { max-frequency = <100000000>; + assigned-clocks = <&syscrg JH7110_SYSCLK_SDIO0_SDCARD>; + assigned-clock-rates = <50000000>; bus-width = <8>; cap-mmc-highspeed; mmc-ddr-1_8v; @@ -220,6 +222,8 @@ &mmc0 { &mmc1 { max-frequency = <100000000>; + assigned-clocks = <&syscrg JH7110_SYSCLK_SDIO1_SDCARD>; + assigned-clock-rates = <50000000>; bus-width = <4>; no-sdio; no-mmc; -- 2.43.0

1 year, 3 months

2
1
0 0

+ mm-huge_memory-ensure-huge_zero_folio-wont-have-large_rmappable-flag-set.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/huge_memory: ensure huge_zero_folio won't have large_rmappable flag set has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-huge_memory-ensure-huge_zero_folio-wont-have-large_rmappable-flag-set.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Miaohe Lin <linmiaohe(a)huawei.com> Subject: mm/huge_memory: ensure huge_zero_folio won't have large_rmappable flag set Date: Sat, 14 Sep 2024 09:53:06 +0800 Ensure huge_zero_folio won't have large_rmappable flag set. So it can be reported as thp,zero correctly through stable_page_flags(). Link: https://lkml.kernel.org/r/20240914015306.3656791-1-linmiaohe@huawei.com Fixes: 5691753d73a2 ("mm: convert huge_zero_page to huge_zero_folio") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/huge_memory.c | 2 ++ 1 file changed, 2 insertions(+) --- a/mm/huge_memory.c~mm-huge_memory-ensure-huge_zero_folio-wont-have-large_rmappable-flag-set +++ a/mm/huge_memory.c @@ -220,6 +220,8 @@ retry: count_vm_event(THP_ZERO_PAGE_ALLOC_FAILED); return false; } + /* Ensure zero folio won't have large_rmappable flag set. */ + folio_clear_large_rmappable(zero_folio); preempt_disable(); if (cmpxchg(&huge_zero_folio, NULL, zero_folio)) { preempt_enable(); _ Patches currently in -mm which might be from linmiaohe(a)huawei.com are mm-huge_memory-ensure-huge_zero_folio-wont-have-large_rmappable-flag-set.patch mm-memory-failure-fix-vm_bug_on_pagepagepoisonedpage-when-unpoison-memory.patch

1 year, 3 months

1
0
0 0

+ mm-hugetlbc-fix-uaf-of-vma-in-hugetlb-fault-pathway.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/hugetlb.c: fix UAF of vma in hugetlb fault pathway has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-hugetlbc-fix-uaf-of-vma-in-hugetlb-fault-pathway.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: "Vishal Moola (Oracle)" <vishal.moola(a)gmail.com> Subject: mm/hugetlb.c: fix UAF of vma in hugetlb fault pathway Date: Sat, 14 Sep 2024 12:41:19 -0700 Syzbot reports a UAF in hugetlb_fault(). This happens because vmf_anon_prepare() could drop the per-VMA lock and allow the current VMA to be freed before hugetlb_vma_unlock_read() is called. We can fix this by using a modified version of vmf_anon_prepare() that doesn't release the VMA lock on failure, and then release it ourselves after hugetlb_vma_unlock_read(). Link: https://lkml.kernel.org/r/20240914194243.245-2-vishal.moola@gmail.com Fixes: 9acad7ba3e25 ("hugetlb: use vmf_anon_prepare() instead of anon_vma_prepare()") Reported-by: syzbot+2dab93857ee95f2eeb08(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/linux-mm/00000000000067c20b06219fbc26@google.com/ Signed-off-by: Vishal Moola (Oracle) <vishal.moola(a)gmail.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) --- a/mm/hugetlb.c~mm-hugetlbc-fix-uaf-of-vma-in-hugetlb-fault-pathway +++ a/mm/hugetlb.c @@ -6065,7 +6065,7 @@ retry_avoidcopy: * When the original hugepage is shared one, it does not have * anon_vma prepared. */ - ret = vmf_anon_prepare(vmf); + ret = __vmf_anon_prepare(vmf); if (unlikely(ret)) goto out_release_all; @@ -6264,7 +6264,7 @@ static vm_fault_t hugetlb_no_page(struct } if (!(vma->vm_flags & VM_MAYSHARE)) { - ret = vmf_anon_prepare(vmf); + ret = __vmf_anon_prepare(vmf); if (unlikely(ret)) goto out; } @@ -6395,6 +6395,14 @@ static vm_fault_t hugetlb_no_page(struct folio_unlock(folio); out: hugetlb_vma_unlock_read(vma); + + /* + * We must check to release the per-VMA lock. __vmf_anon_prepare() is + * the only way ret can be set to VM_FAULT_RETRY. + */ + if (unlikely(ret & VM_FAULT_RETRY)) + vma_end_read(vma); + mutex_unlock(&hugetlb_fault_mutex_table[hash]); return ret; @@ -6616,6 +6624,14 @@ out_ptl: } out_mutex: hugetlb_vma_unlock_read(vma); + + /* + * We must check to release the per-VMA lock. __vmf_anon_prepare() in + * hugetlb_wp() is the only way ret can be set to VM_FAULT_RETRY. + */ + if (unlikely(ret & VM_FAULT_RETRY)) + vma_end_read(vma); + mutex_unlock(&hugetlb_fault_mutex_table[hash]); /* * Generally it's safe to hold refcount during waiting page lock. But _ Patches currently in -mm which might be from vishal.moola(a)gmail.com are mm-change-vmf_anon_prepare-to-__vmf_anon_prepare.patch mm-hugetlbc-fix-uaf-of-vma-in-hugetlb-fault-pathway.patch

1 year, 3 months

1
0
0 0

+ mm-change-vmf_anon_prepare-to-__vmf_anon_prepare.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: change vmf_anon_prepare() to __vmf_anon_prepare() has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-change-vmf_anon_prepare-to-__vmf_anon_prepare.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: "Vishal Moola (Oracle)" <vishal.moola(a)gmail.com> Subject: mm: change vmf_anon_prepare() to __vmf_anon_prepare() Date: Sat, 14 Sep 2024 12:41:18 -0700 Some callers of vmf_anon_prepare() may not want us to release the per-VMA lock ourselves. Rename vmf_anon_prepare() to __vmf_anon_prepare() and let the callers drop the lock when desired. Also, make vmf_anon_prepare() a wrapper that releases the per-VMA lock itself for any callers that don't care. This is in preparation to fix this bug reported by syzbot: https://lore.kernel.org/linux-mm/00000000000067c20b06219fbc26@google.com/ Link: https://lkml.kernel.org/r/20240914194243.245-1-vishal.moola@gmail.com Fixes: 9acad7ba3e25 ("hugetlb: use vmf_anon_prepare() instead of anon_vma_prepare()") Reported-by: syzbot+2dab93857ee95f2eeb08(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/linux-mm/00000000000067c20b06219fbc26@google.com/ Signed-off-by: Vishal Moola (Oracle) <vishal.moola(a)gmail.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/internal.h | 11 ++++++++++- mm/memory.c | 8 +++----- 2 files changed, 13 insertions(+), 6 deletions(-) --- a/mm/internal.h~mm-change-vmf_anon_prepare-to-__vmf_anon_prepare +++ a/mm/internal.h @@ -310,7 +310,16 @@ static inline void wake_throttle_isolate wake_up(wqh); } -vm_fault_t vmf_anon_prepare(struct vm_fault *vmf); +vm_fault_t __vmf_anon_prepare(struct vm_fault *vmf); +static inline vm_fault_t vmf_anon_prepare(struct vm_fault *vmf) +{ + vm_fault_t ret = __vmf_anon_prepare(vmf); + + if (unlikely(ret & VM_FAULT_RETRY)) + vma_end_read(vmf->vma); + return ret; +} + vm_fault_t do_swap_page(struct vm_fault *vmf); void folio_rotate_reclaimable(struct folio *folio); bool __folio_end_writeback(struct folio *folio); --- a/mm/memory.c~mm-change-vmf_anon_prepare-to-__vmf_anon_prepare +++ a/mm/memory.c @@ -3259,7 +3259,7 @@ static inline vm_fault_t vmf_can_call_fa } /** - * vmf_anon_prepare - Prepare to handle an anonymous fault. + * __vmf_anon_prepare - Prepare to handle an anonymous fault. * @vmf: The vm_fault descriptor passed from the fault handler. * * When preparing to insert an anonymous page into a VMA from a @@ -3273,7 +3273,7 @@ static inline vm_fault_t vmf_can_call_fa * Return: 0 if fault handling can proceed. Any other value should be * returned to the caller. */ -vm_fault_t vmf_anon_prepare(struct vm_fault *vmf) +vm_fault_t __vmf_anon_prepare(struct vm_fault *vmf) { struct vm_area_struct *vma = vmf->vma; vm_fault_t ret = 0; @@ -3281,10 +3281,8 @@ vm_fault_t vmf_anon_prepare(struct vm_fa if (likely(vma->anon_vma)) return 0; if (vmf->flags & FAULT_FLAG_VMA_LOCK) { - if (!mmap_read_trylock(vma->vm_mm)) { - vma_end_read(vma); + if (!mmap_read_trylock(vma->vm_mm)) return VM_FAULT_RETRY; - } } if (__anon_vma_prepare(vma)) ret = VM_FAULT_OOM; _ Patches currently in -mm which might be from vishal.moola(a)gmail.com are mm-change-vmf_anon_prepare-to-__vmf_anon_prepare.patch mm-hugetlbc-fix-uaf-of-vma-in-hugetlb-fault-pathway.patch

1 year, 3 months

1
0
0 0

[PATCH v2] dt-bindings: serial: rs485: Fix rs485-rts-delay property

by Michal Simek

Code expects array only with 2 items which should be checked. But also item checking is not working as it should likely because of incorrect items description. Fixes: d50f974c4f7f ("dt-bindings: serial: Convert rs485 bindings to json-schema") Signed-off-by: Michal Simek <michal.simek(a)amd.com> Cc: <stable(a)vger.kernel.org> --- Changes in v2: - Remove maxItems properties which are not needed - Add stable ML to CC .../devicetree/bindings/serial/rs485.yaml | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/Documentation/devicetree/bindings/serial/rs485.yaml b/Documentation/devicetree/bindings/serial/rs485.yaml index 9418fd66a8e9..9665de41762e 100644 --- a/Documentation/devicetree/bindings/serial/rs485.yaml +++ b/Documentation/devicetree/bindings/serial/rs485.yaml @@ -18,16 +18,15 @@ properties: description: prop-encoded-array <a b> $ref: /schemas/types.yaml#/definitions/uint32-array items: - items: - - description: Delay between rts signal and beginning of data sent in - milliseconds. It corresponds to the delay before sending data. - default: 0 - maximum: 100 - - description: Delay between end of data sent and rts signal in milliseconds. - It corresponds to the delay after sending data and actual release - of the line. - default: 0 - maximum: 100 + - description: Delay between rts signal and beginning of data sent in + milliseconds. It corresponds to the delay before sending data. + default: 0 + maximum: 50 + - description: Delay between end of data sent and rts signal in milliseconds. + It corresponds to the delay after sending data and actual release + of the line. + default: 0 + maximum: 100 rs485-rts-active-high: description: drive RTS high when sending (this is the default). -- 2.43.0

1 year, 3 months

2
2
0 0

[PATCH] selftests: mm: Fix build errors on armhf

by Muhammad Usama Anjum

The __NR_mmap isn't found on armhf. The mmap() is commonly available system call and its wrapper is presnet on all architectures. So it should be used directly. It solves problem for armhf and doesn't create problem for architectures as well. Remove sys_mmap() functions as they aren't doing anything else other than calling mmap(). There is no need to set errno = 0 manually as glibc always resets it. For reference errors are as following: CC seal_elf seal_elf.c: In function 'sys_mmap': seal_elf.c:39:33: error: '__NR_mmap' undeclared (first use in this function) 39 | sret = (void *) syscall(__NR_mmap, addr, len, prot, | ^~~~~~~~~ mseal_test.c: In function 'sys_mmap': mseal_test.c:90:33: error: '__NR_mmap' undeclared (first use in this function) 90 | sret = (void *) syscall(__NR_mmap, addr, len, prot, | ^~~~~~~~~ Cc: stable(a)vger.kernel.org Fixes: 4926c7a52de7 ("selftest mm/mseal memory sealing") Signed-off-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> --- tools/testing/selftests/mm/mseal_test.c | 37 +++++++++---------------- tools/testing/selftests/mm/seal_elf.c | 13 +-------- 2 files changed, 14 insertions(+), 36 deletions(-) diff --git a/tools/testing/selftests/mm/mseal_test.c b/tools/testing/selftests/mm/mseal_test.c index a818f010de479..bfcea5cf9a484 100644 --- a/tools/testing/selftests/mm/mseal_test.c +++ b/tools/testing/selftests/mm/mseal_test.c @@ -81,17 +81,6 @@ static int sys_mprotect_pkey(void *ptr, size_t size, unsigned long orig_prot, return sret; } -static void *sys_mmap(void *addr, unsigned long len, unsigned long prot, - unsigned long flags, unsigned long fd, unsigned long offset) -{ - void *sret; - - errno = 0; - sret = (void *) syscall(__NR_mmap, addr, len, prot, - flags, fd, offset); - return sret; -} - static int sys_munmap(void *ptr, size_t size) { int sret; @@ -172,7 +161,7 @@ static void setup_single_address(int size, void **ptrOut) { void *ptr; - ptr = sys_mmap(NULL, size, PROT_READ, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); + ptr = mmap(NULL, size, PROT_READ, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); *ptrOut = ptr; } @@ -181,7 +170,7 @@ static void setup_single_address_rw(int size, void **ptrOut) void *ptr; unsigned long mapflags = MAP_ANONYMOUS | MAP_PRIVATE; - ptr = sys_mmap(NULL, size, PROT_READ | PROT_WRITE, mapflags, -1, 0); + ptr = mmap(NULL, size, PROT_READ | PROT_WRITE, mapflags, -1, 0); *ptrOut = ptr; } @@ -205,7 +194,7 @@ bool seal_support(void) void *ptr; unsigned long page_size = getpagesize(); - ptr = sys_mmap(NULL, page_size, PROT_READ, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); + ptr = mmap(NULL, page_size, PROT_READ, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); if (ptr == (void *) -1) return false; @@ -481,8 +470,8 @@ static void test_seal_zero_address(void) int prot; /* use mmap to change protection. */ - ptr = sys_mmap(0, size, PROT_NONE, - MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0); + ptr = mmap(0, size, PROT_NONE, + MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0); FAIL_TEST_IF_FALSE(ptr == 0); size = get_vma_size(ptr, &prot); @@ -1209,8 +1198,8 @@ static void test_seal_mmap_overwrite_prot(bool seal) } /* use mmap to change protection. */ - ret2 = sys_mmap(ptr, size, PROT_NONE, - MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0); + ret2 = mmap(ptr, size, PROT_NONE, + MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0); if (seal) { FAIL_TEST_IF_FALSE(ret2 == MAP_FAILED); FAIL_TEST_IF_FALSE(errno == EPERM); @@ -1240,8 +1229,8 @@ static void test_seal_mmap_expand(bool seal) } /* use mmap to expand. */ - ret2 = sys_mmap(ptr, size, PROT_READ, - MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0); + ret2 = mmap(ptr, size, PROT_READ, + MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0); if (seal) { FAIL_TEST_IF_FALSE(ret2 == MAP_FAILED); FAIL_TEST_IF_FALSE(errno == EPERM); @@ -1268,8 +1257,8 @@ static void test_seal_mmap_shrink(bool seal) } /* use mmap to shrink. */ - ret2 = sys_mmap(ptr, 8 * page_size, PROT_READ, - MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0); + ret2 = mmap(ptr, 8 * page_size, PROT_READ, + MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0); if (seal) { FAIL_TEST_IF_FALSE(ret2 == MAP_FAILED); FAIL_TEST_IF_FALSE(errno == EPERM); @@ -1650,7 +1639,7 @@ static void test_seal_discard_ro_anon_on_filebacked(bool seal) ret = fallocate(fd, 0, 0, size); FAIL_TEST_IF_FALSE(!ret); - ptr = sys_mmap(NULL, size, PROT_READ, mapflags, fd, 0); + ptr = mmap(NULL, size, PROT_READ, mapflags, fd, 0); FAIL_TEST_IF_FALSE(ptr != MAP_FAILED); if (seal) { @@ -1680,7 +1669,7 @@ static void test_seal_discard_ro_anon_on_shared(bool seal) int ret; unsigned long mapflags = MAP_ANONYMOUS | MAP_SHARED; - ptr = sys_mmap(NULL, size, PROT_READ, mapflags, -1, 0); + ptr = mmap(NULL, size, PROT_READ, mapflags, -1, 0); FAIL_TEST_IF_FALSE(ptr != (void *)-1); if (seal) { diff --git a/tools/testing/selftests/mm/seal_elf.c b/tools/testing/selftests/mm/seal_elf.c index 7aa1366063e4e..d9f8ba8d5050b 100644 --- a/tools/testing/selftests/mm/seal_elf.c +++ b/tools/testing/selftests/mm/seal_elf.c @@ -30,17 +30,6 @@ static int sys_mseal(void *start, size_t len) return sret; } -static void *sys_mmap(void *addr, unsigned long len, unsigned long prot, - unsigned long flags, unsigned long fd, unsigned long offset) -{ - void *sret; - - errno = 0; - sret = (void *) syscall(__NR_mmap, addr, len, prot, - flags, fd, offset); - return sret; -} - static inline int sys_mprotect(void *ptr, size_t size, unsigned long prot) { int sret; @@ -56,7 +45,7 @@ static bool seal_support(void) void *ptr; unsigned long page_size = getpagesize(); - ptr = sys_mmap(NULL, page_size, PROT_READ, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); + ptr = mmap(NULL, page_size, PROT_READ, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); if (ptr == (void *) -1) return false; -- 2.39.2

1 year, 3 months

4
6
0 0

[PATCH 6.6 v2 1/4] riscv: dts: starfive: add assigned-clock* to limit frquency

by WangYuli

From: William Qiu <william.qiu(a)starfivetech.com> [ Upstream commit af571133f7ae028ec9b5fdab78f483af13bf28d3 ] In JH7110 SoC, we need to go by-pass mode, so we need add the assigned-clock* properties to limit clock frquency. Signed-off-by: William Qiu <william.qiu(a)starfivetech.com> Reviewed-by: Emil Renner Berthing <emil.renner.berthing(a)canonical.com> Signed-off-by: Conor Dooley <conor.dooley(a)microchip.com> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> --- .../riscv/boot/dts/starfive/jh7110-starfive-visionfive-2.dtsi | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/riscv/boot/dts/starfive/jh7110-starfive-visionfive-2.dtsi b/arch/riscv/boot/dts/starfive/jh7110-starfive-visionfive-2.dtsi index 062b97c6e7df..4874e3bb42ab 100644 --- a/arch/riscv/boot/dts/starfive/jh7110-starfive-visionfive-2.dtsi +++ b/arch/riscv/boot/dts/starfive/jh7110-starfive-visionfive-2.dtsi @@ -204,6 +204,8 @@ &i2c6 { &mmc0 { max-frequency = <100000000>; + assigned-clocks = <&syscrg JH7110_SYSCLK_SDIO0_SDCARD>; + assigned-clock-rates = <50000000>; bus-width = <8>; cap-mmc-highspeed; mmc-ddr-1_8v; @@ -220,6 +222,8 @@ &mmc0 { &mmc1 { max-frequency = <100000000>; + assigned-clocks = <&syscrg JH7110_SYSCLK_SDIO1_SDCARD>; + assigned-clock-rates = <50000000>; bus-width = <4>; no-sdio; no-mmc; -- 2.43.4

1 year, 3 months

3
4
0 0

[PATCH 6.11 regression fix 1/2] power: supply: Drop use_cnt check from power_supply_property_is_writeable()

by Hans de Goede

power_supply_property_is_writeable() gets called from the is_visible() callback for the sysfs attributes of power_supply class devices and for the sysfs attributes of power_supply core instantiated hwmon class devices. These sysfs attributes get registered by the device_add() respectively power_supply_add_hwmon_sysfs() calls in power_supply_register(). use_cnt gets initialized to 0 and is incremented only after these calls. So when power_supply_property_is_writeable() gets called it always return -ENODEV because of use_cnt == 0. This causes all the attributes to have permissions of 444 even those which should be writable. This used to be a problem only for hwmon sysfs attributes but since commit be6299c6e55e ("power: supply: sysfs: use power_supply_property_is_writeable()") this now also impacts power_supply class sysfs attributes. Fixes: be6299c6e55e ("power: supply: sysfs: use power_supply_property_is_writeable()") Fixes: e67d4dfc9ff1 ("power: supply: Add HWMON compatibility layer") Cc: stable(a)vger.kernel.org Cc: Thomas Weißschuh <linux(a)weissschuh.net> Cc: Andrey Smirnov <andrew.smirnov(a)gmail.com> Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> --- The fixing of be6299c6e55e is a 6.11 regression fix, the fixing of e67d4dfc9ff1 hwmon attr never being writable is a stable series fix. This supersedes the "power: supply: sysfs: Revert use power_supply_property_is_writeable()" patch. --- drivers/power/supply/power_supply_core.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/drivers/power/supply/power_supply_core.c b/drivers/power/supply/power_supply_core.c index 0417fb34e846..49534458a9f7 100644 --- a/drivers/power/supply/power_supply_core.c +++ b/drivers/power/supply/power_supply_core.c @@ -1231,11 +1231,7 @@ EXPORT_SYMBOL_GPL(power_supply_set_property); int power_supply_property_is_writeable(struct power_supply *psy, enum power_supply_property psp) { - if (atomic_read(&psy->use_cnt) <= 0 || - !psy->desc->property_is_writeable) - return -ENODEV; - - return psy->desc->property_is_writeable(psy, psp); + return psy->desc->property_is_writeable && psy->desc->property_is_writeable(psy, psp); } EXPORT_SYMBOL_GPL(power_supply_property_is_writeable); -- 2.46.0

1 year, 3 months

3
3
0 0

FAILED: patch "[PATCH] ASoC: meson: axg-card: fix 'use-after-free'" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 4f9a71435953f941969a4f017e2357db62d85a86 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024091554-obtain-sibling-75bf@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 4f9a71435953 ("ASoC: meson: axg-card: fix 'use-after-free'") aa9c3b7273a5 ("ASoC: meson: axg: extract sound card utils") 9c29fd9bdf92 ("ASoC: meson: g12a: extract codec-to-codec utils") dd28d54c248f ("Merge branch 'asoc-5.3' into asoc-5.4") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4f9a71435953f941969a4f017e2357db62d85a86 Mon Sep 17 00:00:00 2001 From: Arseniy Krasnov <avkrasnov(a)salutedevices.com> Date: Wed, 11 Sep 2024 17:24:25 +0300 Subject: [PATCH] ASoC: meson: axg-card: fix 'use-after-free' Buffer 'card->dai_link' is reallocated in 'meson_card_reallocate_links()', so move 'pad' pointer initialization after this function when memory is already reallocated. Kasan bug report: ================================================================== BUG: KASAN: slab-use-after-free in axg_card_add_link+0x76c/0x9bc Read of size 8 at addr ffff000000e8b260 by task modprobe/356 CPU: 0 PID: 356 Comm: modprobe Tainted: G O 6.9.12-sdkernel #1 Call trace: dump_backtrace+0x94/0xec show_stack+0x18/0x24 dump_stack_lvl+0x78/0x90 print_report+0xfc/0x5c0 kasan_report+0xb8/0xfc __asan_load8+0x9c/0xb8 axg_card_add_link+0x76c/0x9bc [snd_soc_meson_axg_sound_card] meson_card_probe+0x344/0x3b8 [snd_soc_meson_card_utils] platform_probe+0x8c/0xf4 really_probe+0x110/0x39c __driver_probe_device+0xb8/0x18c driver_probe_device+0x108/0x1d8 __driver_attach+0xd0/0x25c bus_for_each_dev+0xe0/0x154 driver_attach+0x34/0x44 bus_add_driver+0x134/0x294 driver_register+0xa8/0x1e8 __platform_driver_register+0x44/0x54 axg_card_pdrv_init+0x20/0x1000 [snd_soc_meson_axg_sound_card] do_one_initcall+0xdc/0x25c do_init_module+0x10c/0x334 load_module+0x24c4/0x26cc init_module_from_file+0xd4/0x128 __arm64_sys_finit_module+0x1f4/0x41c invoke_syscall+0x60/0x188 el0_svc_common.constprop.0+0x78/0x13c do_el0_svc+0x30/0x40 el0_svc+0x38/0x78 el0t_64_sync_handler+0x100/0x12c el0t_64_sync+0x190/0x194 Fixes: 7864a79f37b5 ("ASoC: meson: add axg sound card support") Cc: Stable(a)vger.kernel.org Signed-off-by: Arseniy Krasnov <avkrasnov(a)salutedevices.com> Reviewed-by: Jerome Brunet <jbrunet(a)baylibre.com> Link: https://patch.msgid.link/20240911142425.598631-1-avkrasnov@salutedevices.com Signed-off-by: Mark Brown <broonie(a)kernel.org> diff --git a/sound/soc/meson/axg-card.c b/sound/soc/meson/axg-card.c index 8c5605c1e34e..eb0302f20740 100644 --- a/sound/soc/meson/axg-card.c +++ b/sound/soc/meson/axg-card.c @@ -104,7 +104,7 @@ static int axg_card_add_tdm_loopback(struct snd_soc_card *card, int *index) { struct meson_card *priv = snd_soc_card_get_drvdata(card); - struct snd_soc_dai_link *pad = &card->dai_link[*index]; + struct snd_soc_dai_link *pad; struct snd_soc_dai_link *lb; struct snd_soc_dai_link_component *dlc; int ret; @@ -114,6 +114,7 @@ static int axg_card_add_tdm_loopback(struct snd_soc_card *card, if (ret) return ret; + pad = &card->dai_link[*index]; lb = &card->dai_link[*index + 1]; lb->name = devm_kasprintf(card->dev, GFP_KERNEL, "%s-lb", pad->name);

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] ASoC: meson: axg-card: fix 'use-after-free'" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 4f9a71435953f941969a4f017e2357db62d85a86 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024091552-croak-destruct-a0ea@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 4f9a71435953 ("ASoC: meson: axg-card: fix 'use-after-free'") aa9c3b7273a5 ("ASoC: meson: axg: extract sound card utils") 9c29fd9bdf92 ("ASoC: meson: g12a: extract codec-to-codec utils") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4f9a71435953f941969a4f017e2357db62d85a86 Mon Sep 17 00:00:00 2001 From: Arseniy Krasnov <avkrasnov(a)salutedevices.com> Date: Wed, 11 Sep 2024 17:24:25 +0300 Subject: [PATCH] ASoC: meson: axg-card: fix 'use-after-free' Buffer 'card->dai_link' is reallocated in 'meson_card_reallocate_links()', so move 'pad' pointer initialization after this function when memory is already reallocated. Kasan bug report: ================================================================== BUG: KASAN: slab-use-after-free in axg_card_add_link+0x76c/0x9bc Read of size 8 at addr ffff000000e8b260 by task modprobe/356 CPU: 0 PID: 356 Comm: modprobe Tainted: G O 6.9.12-sdkernel #1 Call trace: dump_backtrace+0x94/0xec show_stack+0x18/0x24 dump_stack_lvl+0x78/0x90 print_report+0xfc/0x5c0 kasan_report+0xb8/0xfc __asan_load8+0x9c/0xb8 axg_card_add_link+0x76c/0x9bc [snd_soc_meson_axg_sound_card] meson_card_probe+0x344/0x3b8 [snd_soc_meson_card_utils] platform_probe+0x8c/0xf4 really_probe+0x110/0x39c __driver_probe_device+0xb8/0x18c driver_probe_device+0x108/0x1d8 __driver_attach+0xd0/0x25c bus_for_each_dev+0xe0/0x154 driver_attach+0x34/0x44 bus_add_driver+0x134/0x294 driver_register+0xa8/0x1e8 __platform_driver_register+0x44/0x54 axg_card_pdrv_init+0x20/0x1000 [snd_soc_meson_axg_sound_card] do_one_initcall+0xdc/0x25c do_init_module+0x10c/0x334 load_module+0x24c4/0x26cc init_module_from_file+0xd4/0x128 __arm64_sys_finit_module+0x1f4/0x41c invoke_syscall+0x60/0x188 el0_svc_common.constprop.0+0x78/0x13c do_el0_svc+0x30/0x40 el0_svc+0x38/0x78 el0t_64_sync_handler+0x100/0x12c el0t_64_sync+0x190/0x194 Fixes: 7864a79f37b5 ("ASoC: meson: add axg sound card support") Cc: Stable(a)vger.kernel.org Signed-off-by: Arseniy Krasnov <avkrasnov(a)salutedevices.com> Reviewed-by: Jerome Brunet <jbrunet(a)baylibre.com> Link: https://patch.msgid.link/20240911142425.598631-1-avkrasnov@salutedevices.com Signed-off-by: Mark Brown <broonie(a)kernel.org> diff --git a/sound/soc/meson/axg-card.c b/sound/soc/meson/axg-card.c index 8c5605c1e34e..eb0302f20740 100644 --- a/sound/soc/meson/axg-card.c +++ b/sound/soc/meson/axg-card.c @@ -104,7 +104,7 @@ static int axg_card_add_tdm_loopback(struct snd_soc_card *card, int *index) { struct meson_card *priv = snd_soc_card_get_drvdata(card); - struct snd_soc_dai_link *pad = &card->dai_link[*index]; + struct snd_soc_dai_link *pad; struct snd_soc_dai_link *lb; struct snd_soc_dai_link_component *dlc; int ret; @@ -114,6 +114,7 @@ static int axg_card_add_tdm_loopback(struct snd_soc_card *card, if (ret) return ret; + pad = &card->dai_link[*index]; lb = &card->dai_link[*index + 1]; lb->name = devm_kasprintf(card->dev, GFP_KERNEL, "%s-lb", pad->name);

1 year, 3 months

1
0
0 0

[PATCH 2/2] mm/hugetlb.c: Fix UAF of vma in hugetlb fault pathway

by Vishal Moola (Oracle)

Syzbot reports a UAF in hugetlb_fault(). This happens because vmf_anon_prepare() could drop the per-VMA lock and allow the current VMA to be freed before hugetlb_vma_unlock_read() is called. We can fix this by using a modified version of vmf_anon_prepare() that doesn't release the VMA lock on failure, and then release it ourselves after hugetlb_vma_unlock_read(). Reported-by: syzbot+2dab93857ee95f2eeb08(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/linux-mm/00000000000067c20b06219fbc26@google.com/ Fixes: 9acad7ba3e25 ("hugetlb: use vmf_anon_prepare() instead of anon_vma_prepare()") Signed-off-by: Vishal Moola (Oracle) <vishal.moola(a)gmail.com> Cc: <stable(a)vger.kernel.org> --- mm/hugetlb.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 5c77defad295..190fa05635f4 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -5915,7 +5915,7 @@ static vm_fault_t hugetlb_wp(struct folio *pagecache_folio, * When the original hugepage is shared one, it does not have * anon_vma prepared. */ - ret = vmf_anon_prepare(vmf); + ret = __vmf_anon_prepare(vmf); if (unlikely(ret)) goto out_release_all; @@ -6114,7 +6114,7 @@ static vm_fault_t hugetlb_no_page(struct address_space *mapping, } if (!(vma->vm_flags & VM_MAYSHARE)) { - ret = vmf_anon_prepare(vmf); + ret = __vmf_anon_prepare(vmf); if (unlikely(ret)) goto out; } @@ -6245,6 +6245,14 @@ static vm_fault_t hugetlb_no_page(struct address_space *mapping, folio_unlock(folio); out: hugetlb_vma_unlock_read(vma); + + /* + * We must check to release the per-VMA lock. __vmf_anon_prepare() is + * the only way ret can be set to VM_FAULT_RETRY. + */ + if (unlikely(ret & VM_FAULT_RETRY)) + vma_end_read(vma); + mutex_unlock(&hugetlb_fault_mutex_table[hash]); return ret; @@ -6466,6 +6474,14 @@ vm_fault_t hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, } out_mutex: hugetlb_vma_unlock_read(vma); + + /* + * We must check to release the per-VMA lock. __vmf_anon_prepare() in + * hugetlb_wp() is the only way ret can be set to VM_FAULT_RETRY. + */ + if (unlikely(ret & VM_FAULT_RETRY)) + vma_end_read(vma); + mutex_unlock(&hugetlb_fault_mutex_table[hash]); /* * Generally it's safe to hold refcount during waiting page lock. But -- 2.45.0

1 year, 3 months

1
0
0 0

[PATCH net] netkit: Ensure current->bpf_net_context is set in netkit_xmit()

by Jordan Rife

When operating Cilium in netkit mode with BPF-based host routing, calls to bpf_redirect() cause a kernel panic. [ 52.247646] BUG: kernel NULL pointer dereference, address: 0000000000000038 ... [ 52.247727] RIP: 0010:bpf_redirect+0x18/0x80 ... [ 52.247986] Call Trace: [ 52.247990] <TASK> [ 52.248002] ? show_regs+0x6c/0x80 [ 52.248024] ? __die+0x24/0x80 [ 52.248029] ? page_fault_oops+0x155/0x570 [ 52.248047] ? fib_rules_lookup+0x112/0x270 [ 52.248056] ? do_user_addr_fault+0x4b2/0x870 [ 52.248063] ? exc_page_fault+0x82/0x1b0 [ 52.248090] ? asm_exc_page_fault+0x27/0x30 [ 52.248103] ? bpf_redirect+0x18/0x80 [ 52.248109] bpf_prog_f0698aabaf44c832_tail_handle_ipv4+0x173f/0x2707 [ 52.248119] ? sbitmap_find_bit+0xe3/0x270 [ 52.248129] netkit_xmit+0x177/0x3c0 [ 52.248139] dev_hard_start_xmit+0x62/0x1d0 [ 52.248149] __dev_queue_xmit+0x241/0xf30 [ 52.248155] ? alloc_skb_with_frags+0x60/0x280 [ 52.248164] ? __check_object_size+0x2a2/0x310 [ 52.248173] ? ip_generic_getfrag+0x63/0x110 [ 52.248181] ip_finish_output2+0x2cf/0x560 [ 52.248187] __ip_finish_output+0xb6/0x180 [ 52.248193] ip_finish_output+0x29/0x120 [ 52.248198] ip_output+0x5f/0x100 [ 52.248204] ? __pfx_ip_finish_output+0x10/0x10 [ 52.248210] ip_send_skb+0x98/0xb0 [ 52.248215] udp_send_skb+0x146/0x370 Setting a breakpoint inside bpf_net_ctx_get_ri() confirms that current->bpf_net_context is NULL right before the panic. (gdb) p $lx_current().bpf_net_context $4 = (struct bpf_net_context *) 0x0 <fixed_percpu_data> (gdb) disassemble bpf_redirect Dump of assembler code for function bpf_redirect: 0xffffffff81f085e0 <+0>: nopl 0x0(%rax,%rax,1) 0xffffffff81f085e5 <+5>: mov %gs:0x7e12d593(%rip),%rax 0xffffffff81f085ed <+13>: push %rbp 0xffffffff81f085ee <+14>: mov 0x23d0(%rax),%rax => 0xffffffff81f085f5 <+21>: mov %rsp,%rbp 0xffffffff81f085f8 <+24>: mov 0x38(%rax),%edx ... (gdb) continue Continuing. Thread 1 hit Breakpoint 1, panic ... 288 { (gdb) commit 401cb7dae813 ("net: Reference bpf_redirect_info via task_struct on PREEMPT_RT.") recently moved bpf_redirect_info into bpf_net_context, a new member of task_struct. Currently, current->bpf_net_context is set and then cleared inside sch_handle_egress() where tcx_run() and tc_run() execute, but it looks like netkit_xmit() was missed leaving current->bpf_net_context uninitialized when it runs. This patch ensures that current->bpf_net_context is initialized while running netkit_xmit(). Signed-off-by: Jordan Rife <jrife(a)google.com> Fixes: 401cb7dae813 ("net: Reference bpf_redirect_info via task_struct on PREEMPT_RT.") Cc: stable(a)vger.kernel.org --- drivers/net/netkit.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/net/netkit.c b/drivers/net/netkit.c index d0036a856039..92ac0cb5a327 100644 --- a/drivers/net/netkit.c +++ b/drivers/net/netkit.c @@ -65,6 +65,7 @@ static struct netkit *netkit_priv(const struct net_device *dev) static netdev_tx_t netkit_xmit(struct sk_buff *skb, struct net_device *dev) { + struct bpf_net_context __bpf_net_ctx, *bpf_net_ctx; struct netkit *nk = netkit_priv(dev); enum netkit_action ret = READ_ONCE(nk->policy); netdev_tx_t ret_dev = NET_XMIT_SUCCESS; @@ -73,6 +74,7 @@ static netdev_tx_t netkit_xmit(struct sk_buff *skb, struct net_device *dev) int len = skb->len; rcu_read_lock(); + bpf_net_ctx = bpf_net_ctx_set(&__bpf_net_ctx); peer = rcu_dereference(nk->peer); if (unlikely(!peer || !(peer->flags & IFF_UP) || !pskb_may_pull(skb, ETH_HLEN) || @@ -109,6 +111,7 @@ static netdev_tx_t netkit_xmit(struct sk_buff *skb, struct net_device *dev) ret_dev = NET_XMIT_DROP; break; } + bpf_net_ctx_clear(bpf_net_ctx); rcu_read_unlock(); return ret_dev; } -- 2.46.0.662.g92d0881bb0-goog

1 year, 3 months

2
1
0 0

[PATCH v2] i3c: master: svc: Fix use after free vulnerability in svc_i3c_master Driver Due to Race Condition

by Kaixin Wang

In the svc_i3c_master_probe function, &master->hj_work is bound with svc_i3c_master_hj_work, &master->ibi_work is bound with svc_i3c_master_ibi_work. And svc_i3c_master_ibi_work can start the hj_work, svc_i3c_master_irq_handler can start the ibi_work. If we remove the module which will call svc_i3c_master_remove to make cleanup, it will free master->base through i3c_master_unregister while the work mentioned above will be used. The sequence of operations that may lead to a UAF bug is as follows: CPU0 CPU1 | svc_i3c_master_hj_work svc_i3c_master_remove | i3c_master_unregister(&master->base)| device_unregister(&master->dev) | device_release | //free master->base | | i3c_master_do_daa(&master->base) | //use master->base Fix it by ensuring that the work is canceled before proceeding with the cleanup in svc_i3c_master_remove. Fixes: 0f74f8b6675c ("i3c: Make i3c_master_unregister() return void") Signed-off-by: Kaixin Wang <kxwang23(a)m.fudan.edu.cn> Reviewed-by: Miquel Raynal <miquel.raynal(a)bootlin.com> --- v2: - add fixes tag and cc stable, suggested by Frank - add Reviewed-by label from Miquel - Link to v1: https://lore.kernel.org/r/20240911150135.839946-1-kxwang23@m.fudan.edu.cn --- drivers/i3c/master/svc-i3c-master.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/i3c/master/svc-i3c-master.c b/drivers/i3c/master/svc-i3c-master.c index 0a68fd1b81d4..e084ba648b4a 100644 --- a/drivers/i3c/master/svc-i3c-master.c +++ b/drivers/i3c/master/svc-i3c-master.c @@ -1775,6 +1775,7 @@ static void svc_i3c_master_remove(struct platform_device *pdev) { struct svc_i3c_master *master = platform_get_drvdata(pdev); + cancel_work_sync(&master->hj_work); i3c_master_unregister(&master->base); pm_runtime_dont_use_autosuspend(&pdev->dev); -- 2.39.1.windows.1

1 year, 3 months

2
1
0 0

[PATCH 0/7] iio: light: veml6030: fix issues and add support for veml6035

by Javier Carrasco

This series updates the driver for the veml6030 ALS and adds support for the veml6035, which shares most of its functionality with the former. The most relevant updates for the veml6030 are the resolution correction to meet the datasheet update that took place with Rev 1.7, 28-Nov-2023, and a fix to avoid a segmentation fault when reading the in_illuminance_period_available attribute. Vishay does not host the Product Information Notification where the resolution correction was introduced, but it can still be found online[1], and the corrected value is the one listed on the latest version of the datasheet[2] (Rev. 1.7, 28-Nov-2023) and application note[3] (Rev. 17-Jan-2024). Link: https://www.farnell.com/datasheets/4379688.pdf [1] Link: https://www.vishay.com/docs/84366/veml6030.pdf [2] Link: https://www.vishay.com/docs/84367/designingveml6030.pdf [3] Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> --- Javier Carrasco (7): dt-bindings: iio: light: veml6030: rename to add manufacturer dt-bindings: iio: light: veml6030: add veml6035 iio: light: veml6030: fix IIO device retrieval from embedded device iio: light: veml6030: make use of regmap_set_bits() iio: light: veml6030: update sensor resolution iio: light: veml6030: add set up delay after any power on sequence iio: light: veml6030: add support for veml6035 .../light/{veml6030.yaml => vishay,veml6030.yaml} | 42 ++- drivers/iio/light/veml6030.c | 323 ++++++++++++++++++--- 2 files changed, 319 insertions(+), 46 deletions(-) --- base-commit: 5acd9952f95fb4b7da6d09a3be39195a80845eb6 change-id: 20240903-veml6035-7a91bc088c6f Best regards, -- Javier Carrasco <javier.carrasco.cruz(a)gmail.com>

1 year, 3 months

2
2
0 0

[PATCH] power: supply: sysfs: enable is_writeable check during sysfs creation

by Andreas Kemnade

The files in sysfs are created during device_add(). psy->use_cnt is not incremented yet. So attributes are created readonly without checking desc->property_is_writeable() and writeable files are readonly. To fix this, revert back to calling desc->property_is_writeable() directly without using the helper. Fixes: be6299c6e55e ("power: supply: sysfs: use power_supply_property_is_writeable()") Signed-off-by: Andreas Kemnade <andreas(a)kemnade.info> Cc: stable(a)vger.kernel.org # 6.11 --- drivers/power/supply/power_supply_sysfs.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/power/supply/power_supply_sysfs.c b/drivers/power/supply/power_supply_sysfs.c index 3e63d165b2f70..b86e11bdc07ef 100644 --- a/drivers/power/supply/power_supply_sysfs.c +++ b/drivers/power/supply/power_supply_sysfs.c @@ -379,7 +379,8 @@ static umode_t power_supply_attr_is_visible(struct kobject *kobj, int property = psy->desc->properties[i]; if (property == attrno) { - if (power_supply_property_is_writeable(psy, property) > 0) + if (psy->desc->property_is_writeable && + psy->desc->property_is_writeable(psy, property) > 0) mode |= S_IWUSR; return mode; -- 2.39.2

1 year, 3 months

2
1
0 0

[PATCH v3 3/3] block: fix ordering between checking BLK_MQ_S_STOPPED and adding requests

by Muchun Song

Supposing first scenario with a virtio_blk driver. CPU0 CPU1 blk_mq_try_issue_directly() __blk_mq_issue_directly() q->mq_ops->queue_rq() virtio_queue_rq() blk_mq_stop_hw_queue() virtblk_done() blk_mq_request_bypass_insert() 1) store blk_mq_start_stopped_hw_queue() clear_bit(BLK_MQ_S_STOPPED) 3) store blk_mq_run_hw_queue() if (!blk_mq_hctx_has_pending()) 4) load return blk_mq_sched_dispatch_requests() blk_mq_run_hw_queue() if (!blk_mq_hctx_has_pending()) return blk_mq_sched_dispatch_requests() if (blk_mq_hctx_stopped()) 2) load return __blk_mq_sched_dispatch_requests() Supposing another scenario. CPU0 CPU1 blk_mq_requeue_work() blk_mq_insert_request() 1) store virtblk_done() blk_mq_start_stopped_hw_queue() blk_mq_run_hw_queues() clear_bit(BLK_MQ_S_STOPPED) 3) store blk_mq_run_hw_queue() if (!blk_mq_hctx_has_pending()) 4) load return blk_mq_sched_dispatch_requests() if (blk_mq_hctx_stopped()) 2) load continue blk_mq_run_hw_queue() Both scenarios are similar, the full memory barrier should be inserted between 1) and 2), as well as between 3) and 4) to make sure that either CPU0 sees BLK_MQ_S_STOPPED is cleared or CPU1 sees dispatch list. Otherwise, either CPU will not rerun the hardware queue causing starvation of the request. The easy way to fix it is to add the essential full memory barrier into helper of blk_mq_hctx_stopped(). In order to not affect the fast path (hardware queue is not stopped most of the time), we only insert the barrier into the slow path. Actually, only slow path needs to care about missing of dispatching the request to the low-level device driver. Fixes: 320ae51feed5 ("blk-mq: new multi-queue block IO queueing mechanism") Cc: stable(a)vger.kernel.org Cc: Muchun Song <muchun.song(a)linux.dev> Signed-off-by: Muchun Song <songmuchun(a)bytedance.com> Reviewed-by: Ming Lei <ming.lei(a)redhat.com> --- block/blk-mq.c | 6 ++++++ block/blk-mq.h | 13 +++++++++++++ 2 files changed, 19 insertions(+) diff --git a/block/blk-mq.c b/block/blk-mq.c index ff6df6c7eeb25..b90c1680cb780 100644 --- a/block/blk-mq.c +++ b/block/blk-mq.c @@ -2413,6 +2413,12 @@ void blk_mq_start_stopped_hw_queue(struct blk_mq_hw_ctx *hctx, bool async) return; clear_bit(BLK_MQ_S_STOPPED, &hctx->state); + /* + * Pairs with the smp_mb() in blk_mq_hctx_stopped() to order the + * clearing of BLK_MQ_S_STOPPED above and the checking of dispatch + * list in the subsequent routine. + */ + smp_mb__after_atomic(); blk_mq_run_hw_queue(hctx, async); } EXPORT_SYMBOL_GPL(blk_mq_start_stopped_hw_queue); diff --git a/block/blk-mq.h b/block/blk-mq.h index 260beea8e332c..f36f3bff70d86 100644 --- a/block/blk-mq.h +++ b/block/blk-mq.h @@ -228,6 +228,19 @@ static inline struct blk_mq_tags *blk_mq_tags_from_data(struct blk_mq_alloc_data static inline bool blk_mq_hctx_stopped(struct blk_mq_hw_ctx *hctx) { + /* Fast path: hardware queue is not stopped most of the time. */ + if (likely(!test_bit(BLK_MQ_S_STOPPED, &hctx->state))) + return false; + + /* + * This barrier is used to order adding of dispatch list before and + * the test of BLK_MQ_S_STOPPED below. Pairs with the memory barrier + * in blk_mq_start_stopped_hw_queue() so that dispatch code could + * either see BLK_MQ_S_STOPPED is cleared or dispatch list is not + * empty to avoid missing dispatching requests. + */ + smp_mb(); + return test_bit(BLK_MQ_S_STOPPED, &hctx->state); } -- 2.20.1

1 year, 3 months

1
0
0 0

[PATCH v3 2/3] block: fix ordering between checking QUEUE_FLAG_QUIESCED and adding requests

by Muchun Song

Supposing the following scenario. CPU0 CPU1 blk_mq_insert_request() 1) store blk_mq_unquiesce_queue() blk_queue_flag_clear() 3) store blk_mq_run_hw_queues() blk_mq_run_hw_queue() if (!blk_mq_hctx_has_pending()) 4) load return blk_mq_run_hw_queue() if (blk_queue_quiesced()) 2) load return blk_mq_sched_dispatch_requests() The full memory barrier should be inserted between 1) and 2), as well as between 3) and 4) to make sure that either CPU0 sees QUEUE_FLAG_QUIESCED is cleared or CPU1 sees dispatch list or setting of bitmap of software queue. Otherwise, either CPU will not rerun the hardware queue causing starvation. So the first solution is to 1) add a pair of memory barrier to fix the problem, another solution is to 2) use hctx->queue->queue_lock to synchronize QUEUE_FLAG_QUIESCED. Here, we chose 2) to fix it since memory barrier is not easy to be maintained. Fixes: f4560ffe8cec ("blk-mq: use QUEUE_FLAG_QUIESCED to quiesce queue") Cc: stable(a)vger.kernel.org Cc: Muchun Song <muchun.song(a)linux.dev> Signed-off-by: Muchun Song <songmuchun(a)bytedance.com> Reviewed-by: Ming Lei <ming.lei(a)redhat.com> --- block/blk-mq.c | 47 ++++++++++++++++++++++++++++++++++------------- 1 file changed, 34 insertions(+), 13 deletions(-) diff --git a/block/blk-mq.c b/block/blk-mq.c index b2d0f22de0c7f..ff6df6c7eeb25 100644 --- a/block/blk-mq.c +++ b/block/blk-mq.c @@ -2202,6 +2202,24 @@ void blk_mq_delay_run_hw_queue(struct blk_mq_hw_ctx *hctx, unsigned long msecs) } EXPORT_SYMBOL(blk_mq_delay_run_hw_queue); +static inline bool blk_mq_hw_queue_need_run(struct blk_mq_hw_ctx *hctx) +{ + bool need_run; + + /* + * When queue is quiesced, we may be switching io scheduler, or + * updating nr_hw_queues, or other things, and we can't run queue + * any more, even blk_mq_hctx_has_pending() can't be called safely. + * + * And queue will be rerun in blk_mq_unquiesce_queue() if it is + * quiesced. + */ + __blk_mq_run_dispatch_ops(hctx->queue, false, + need_run = !blk_queue_quiesced(hctx->queue) && + blk_mq_hctx_has_pending(hctx)); + return need_run; +} + /** * blk_mq_run_hw_queue - Start to run a hardware queue. * @hctx: Pointer to the hardware queue to run. @@ -2222,20 +2240,23 @@ void blk_mq_run_hw_queue(struct blk_mq_hw_ctx *hctx, bool async) might_sleep_if(!async && hctx->flags & BLK_MQ_F_BLOCKING); - /* - * When queue is quiesced, we may be switching io scheduler, or - * updating nr_hw_queues, or other things, and we can't run queue - * any more, even __blk_mq_hctx_has_pending() can't be called safely. - * - * And queue will be rerun in blk_mq_unquiesce_queue() if it is - * quiesced. - */ - __blk_mq_run_dispatch_ops(hctx->queue, false, - need_run = !blk_queue_quiesced(hctx->queue) && - blk_mq_hctx_has_pending(hctx)); + need_run = blk_mq_hw_queue_need_run(hctx); + if (!need_run) { + unsigned long flags; - if (!need_run) - return; + /* + * Synchronize with blk_mq_unquiesce_queue(), because we check + * if hw queue is quiesced locklessly above, we need the use + * ->queue_lock to make sure we see the up-to-date status to + * not miss rerunning the hw queue. + */ + spin_lock_irqsave(&hctx->queue->queue_lock, flags); + need_run = blk_mq_hw_queue_need_run(hctx); + spin_unlock_irqrestore(&hctx->queue->queue_lock, flags); + + if (!need_run) + return; + } if (async || !cpumask_test_cpu(raw_smp_processor_id(), hctx->cpumask)) { blk_mq_delay_run_hw_queue(hctx, 0); -- 2.20.1

1 year, 3 months

1
0
0 0

[PATCH v3 1/3] block: fix missing dispatching request when queue is started or unquiesced

by Muchun Song

Supposing the following scenario with a virtio_blk driver. CPU0 CPU1 CPU2 blk_mq_try_issue_directly() __blk_mq_issue_directly() q->mq_ops->queue_rq() virtio_queue_rq() blk_mq_stop_hw_queue() virtblk_done() blk_mq_try_issue_directly() if (blk_mq_hctx_stopped()) blk_mq_request_bypass_insert() blk_mq_run_hw_queue() blk_mq_run_hw_queue() blk_mq_run_hw_queue() blk_mq_insert_request() return After CPU0 has marked the queue as stopped, CPU1 will see the queue is stopped. But before CPU1 puts the request on the dispatch list, CPU2 receives the interrupt of completion of request, so it will run the hardware queue and marks the queue as non-stopped. Meanwhile, CPU1 also runs the same hardware queue. After both CPU1 and CPU2 complete blk_mq_run_hw_queue(), CPU1 just puts the request to the same hardware queue and returns. It misses dispatching a request. Fix it by running the hardware queue explicitly. And blk_mq_request_issue_directly() should handle a similar situation. Fix it as well. Fixes: d964f04a8fde ("blk-mq: fix direct issue") Cc: stable(a)vger.kernel.org Cc: Muchun Song <muchun.song(a)linux.dev> Signed-off-by: Muchun Song <songmuchun(a)bytedance.com> Reviewed-by: Ming Lei <ming.lei(a)redhat.com> --- block/blk-mq.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/block/blk-mq.c b/block/blk-mq.c index e3c3c0c21b553..b2d0f22de0c7f 100644 --- a/block/blk-mq.c +++ b/block/blk-mq.c @@ -2619,6 +2619,7 @@ static void blk_mq_try_issue_directly(struct blk_mq_hw_ctx *hctx, if (blk_mq_hctx_stopped(hctx) || blk_queue_quiesced(rq->q)) { blk_mq_insert_request(rq, 0); + blk_mq_run_hw_queue(hctx, false); return; } @@ -2649,6 +2650,7 @@ static blk_status_t blk_mq_request_issue_directly(struct request *rq, bool last) if (blk_mq_hctx_stopped(hctx) || blk_queue_quiesced(rq->q)) { blk_mq_insert_request(rq, 0); + blk_mq_run_hw_queue(hctx, false); return BLK_STS_OK; } -- 2.20.1

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] drm/amd/amdgpu: apply command submission parser for JPEG v1" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 8409fb50ce48d66cf9dc5391f03f05c56c430605 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024091428-baffling-wound-9fa1@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 8409fb50ce48 ("drm/amd/amdgpu: apply command submission parser for JPEG v1") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8409fb50ce48d66cf9dc5391f03f05c56c430605 Mon Sep 17 00:00:00 2001 From: "David (Ming Qiang) Wu" <David.Wu3(a)amd.com> Date: Thu, 5 Sep 2024 16:57:28 -0400 Subject: [PATCH] drm/amd/amdgpu: apply command submission parser for JPEG v1 Similar to jpeg_v2_dec_ring_parse_cs() but it has different register ranges and a few other registers access. Acked-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: David (Ming Qiang) Wu <David.Wu3(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 3d5adbdf1d01708777f2eda375227cbf7a98b9fe) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/amdgpu/jpeg_v1_0.c b/drivers/gpu/drm/amd/amdgpu/jpeg_v1_0.c index 71f43a5c7f72..6e0e88076224 100644 --- a/drivers/gpu/drm/amd/amdgpu/jpeg_v1_0.c +++ b/drivers/gpu/drm/amd/amdgpu/jpeg_v1_0.c @@ -23,6 +23,7 @@ #include "amdgpu.h" #include "amdgpu_jpeg.h" +#include "amdgpu_cs.h" #include "soc15.h" #include "soc15d.h" #include "vcn_v1_0.h" @@ -34,6 +35,9 @@ static void jpeg_v1_0_set_dec_ring_funcs(struct amdgpu_device *adev); static void jpeg_v1_0_set_irq_funcs(struct amdgpu_device *adev); static void jpeg_v1_0_ring_begin_use(struct amdgpu_ring *ring); +static int jpeg_v1_dec_ring_parse_cs(struct amdgpu_cs_parser *parser, + struct amdgpu_job *job, + struct amdgpu_ib *ib); static void jpeg_v1_0_decode_ring_patch_wreg(struct amdgpu_ring *ring, uint32_t *ptr, uint32_t reg_offset, uint32_t val) { @@ -300,7 +304,10 @@ static void jpeg_v1_0_decode_ring_emit_ib(struct amdgpu_ring *ring, amdgpu_ring_write(ring, PACKETJ(SOC15_REG_OFFSET(JPEG, 0, mmUVD_LMI_JRBC_IB_VMID), 0, 0, PACKETJ_TYPE0)); - amdgpu_ring_write(ring, (vmid | (vmid << 4))); + if (ring->funcs->parse_cs) + amdgpu_ring_write(ring, 0); + else + amdgpu_ring_write(ring, (vmid | (vmid << 4))); amdgpu_ring_write(ring, PACKETJ(SOC15_REG_OFFSET(JPEG, 0, mmUVD_LMI_JPEG_VMID), 0, 0, PACKETJ_TYPE0)); @@ -554,6 +561,7 @@ static const struct amdgpu_ring_funcs jpeg_v1_0_decode_ring_vm_funcs = { .get_rptr = jpeg_v1_0_decode_ring_get_rptr, .get_wptr = jpeg_v1_0_decode_ring_get_wptr, .set_wptr = jpeg_v1_0_decode_ring_set_wptr, + .parse_cs = jpeg_v1_dec_ring_parse_cs, .emit_frame_size = 6 + 6 + /* hdp invalidate / flush */ SOC15_FLUSH_GPU_TLB_NUM_WREG * 6 + @@ -611,3 +619,69 @@ static void jpeg_v1_0_ring_begin_use(struct amdgpu_ring *ring) vcn_v1_0_set_pg_for_begin_use(ring, set_clocks); } + +/** + * jpeg_v1_dec_ring_parse_cs - command submission parser + * + * @parser: Command submission parser context + * @job: the job to parse + * @ib: the IB to parse + * + * Parse the command stream, return -EINVAL for invalid packet, + * 0 otherwise + */ +static int jpeg_v1_dec_ring_parse_cs(struct amdgpu_cs_parser *parser, + struct amdgpu_job *job, + struct amdgpu_ib *ib) +{ + u32 i, reg, res, cond, type; + int ret = 0; + struct amdgpu_device *adev = parser->adev; + + for (i = 0; i < ib->length_dw ; i += 2) { + reg = CP_PACKETJ_GET_REG(ib->ptr[i]); + res = CP_PACKETJ_GET_RES(ib->ptr[i]); + cond = CP_PACKETJ_GET_COND(ib->ptr[i]); + type = CP_PACKETJ_GET_TYPE(ib->ptr[i]); + + if (res || cond != PACKETJ_CONDITION_CHECK0) /* only allow 0 for now */ + return -EINVAL; + + if (reg >= JPEG_V1_REG_RANGE_START && reg <= JPEG_V1_REG_RANGE_END) + continue; + + switch (type) { + case PACKETJ_TYPE0: + if (reg != JPEG_V1_LMI_JPEG_WRITE_64BIT_BAR_HIGH && + reg != JPEG_V1_LMI_JPEG_WRITE_64BIT_BAR_LOW && + reg != JPEG_V1_LMI_JPEG_READ_64BIT_BAR_HIGH && + reg != JPEG_V1_LMI_JPEG_READ_64BIT_BAR_LOW && + reg != JPEG_V1_REG_CTX_INDEX && + reg != JPEG_V1_REG_CTX_DATA) { + ret = -EINVAL; + } + break; + case PACKETJ_TYPE1: + if (reg != JPEG_V1_REG_CTX_DATA) + ret = -EINVAL; + break; + case PACKETJ_TYPE3: + if (reg != JPEG_V1_REG_SOFT_RESET) + ret = -EINVAL; + break; + case PACKETJ_TYPE6: + if (ib->ptr[i] != CP_PACKETJ_NOP) + ret = -EINVAL; + break; + default: + ret = -EINVAL; + } + + if (ret) { + dev_err(adev->dev, "Invalid packet [0x%08x]!\n", ib->ptr[i]); + break; + } + } + + return ret; +} diff --git a/drivers/gpu/drm/amd/amdgpu/jpeg_v1_0.h b/drivers/gpu/drm/amd/amdgpu/jpeg_v1_0.h index bbf33a6a3972..9654d22e0376 100644 --- a/drivers/gpu/drm/amd/amdgpu/jpeg_v1_0.h +++ b/drivers/gpu/drm/amd/amdgpu/jpeg_v1_0.h @@ -29,4 +29,15 @@ int jpeg_v1_0_sw_init(void *handle); void jpeg_v1_0_sw_fini(void *handle); void jpeg_v1_0_start(struct amdgpu_device *adev, int mode); +#define JPEG_V1_REG_RANGE_START 0x8000 +#define JPEG_V1_REG_RANGE_END 0x803f + +#define JPEG_V1_LMI_JPEG_WRITE_64BIT_BAR_HIGH 0x8238 +#define JPEG_V1_LMI_JPEG_WRITE_64BIT_BAR_LOW 0x8239 +#define JPEG_V1_LMI_JPEG_READ_64BIT_BAR_HIGH 0x825a +#define JPEG_V1_LMI_JPEG_READ_64BIT_BAR_LOW 0x825b +#define JPEG_V1_REG_CTX_INDEX 0x8328 +#define JPEG_V1_REG_CTX_DATA 0x8329 +#define JPEG_V1_REG_SOFT_RESET 0x83a0 + #endif /*__JPEG_V1_0_H__*/

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] drm/amd/amdgpu: apply command submission parser for JPEG v1" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 8409fb50ce48d66cf9dc5391f03f05c56c430605 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024091428-stagnant-sesame-feb3@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 8409fb50ce48 ("drm/amd/amdgpu: apply command submission parser for JPEG v1") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8409fb50ce48d66cf9dc5391f03f05c56c430605 Mon Sep 17 00:00:00 2001 From: "David (Ming Qiang) Wu" <David.Wu3(a)amd.com> Date: Thu, 5 Sep 2024 16:57:28 -0400 Subject: [PATCH] drm/amd/amdgpu: apply command submission parser for JPEG v1 Similar to jpeg_v2_dec_ring_parse_cs() but it has different register ranges and a few other registers access. Acked-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: David (Ming Qiang) Wu <David.Wu3(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 3d5adbdf1d01708777f2eda375227cbf7a98b9fe) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/amdgpu/jpeg_v1_0.c b/drivers/gpu/drm/amd/amdgpu/jpeg_v1_0.c index 71f43a5c7f72..6e0e88076224 100644 --- a/drivers/gpu/drm/amd/amdgpu/jpeg_v1_0.c +++ b/drivers/gpu/drm/amd/amdgpu/jpeg_v1_0.c @@ -23,6 +23,7 @@ #include "amdgpu.h" #include "amdgpu_jpeg.h" +#include "amdgpu_cs.h" #include "soc15.h" #include "soc15d.h" #include "vcn_v1_0.h" @@ -34,6 +35,9 @@ static void jpeg_v1_0_set_dec_ring_funcs(struct amdgpu_device *adev); static void jpeg_v1_0_set_irq_funcs(struct amdgpu_device *adev); static void jpeg_v1_0_ring_begin_use(struct amdgpu_ring *ring); +static int jpeg_v1_dec_ring_parse_cs(struct amdgpu_cs_parser *parser, + struct amdgpu_job *job, + struct amdgpu_ib *ib); static void jpeg_v1_0_decode_ring_patch_wreg(struct amdgpu_ring *ring, uint32_t *ptr, uint32_t reg_offset, uint32_t val) { @@ -300,7 +304,10 @@ static void jpeg_v1_0_decode_ring_emit_ib(struct amdgpu_ring *ring, amdgpu_ring_write(ring, PACKETJ(SOC15_REG_OFFSET(JPEG, 0, mmUVD_LMI_JRBC_IB_VMID), 0, 0, PACKETJ_TYPE0)); - amdgpu_ring_write(ring, (vmid | (vmid << 4))); + if (ring->funcs->parse_cs) + amdgpu_ring_write(ring, 0); + else + amdgpu_ring_write(ring, (vmid | (vmid << 4))); amdgpu_ring_write(ring, PACKETJ(SOC15_REG_OFFSET(JPEG, 0, mmUVD_LMI_JPEG_VMID), 0, 0, PACKETJ_TYPE0)); @@ -554,6 +561,7 @@ static const struct amdgpu_ring_funcs jpeg_v1_0_decode_ring_vm_funcs = { .get_rptr = jpeg_v1_0_decode_ring_get_rptr, .get_wptr = jpeg_v1_0_decode_ring_get_wptr, .set_wptr = jpeg_v1_0_decode_ring_set_wptr, + .parse_cs = jpeg_v1_dec_ring_parse_cs, .emit_frame_size = 6 + 6 + /* hdp invalidate / flush */ SOC15_FLUSH_GPU_TLB_NUM_WREG * 6 + @@ -611,3 +619,69 @@ static void jpeg_v1_0_ring_begin_use(struct amdgpu_ring *ring) vcn_v1_0_set_pg_for_begin_use(ring, set_clocks); } + +/** + * jpeg_v1_dec_ring_parse_cs - command submission parser + * + * @parser: Command submission parser context + * @job: the job to parse + * @ib: the IB to parse + * + * Parse the command stream, return -EINVAL for invalid packet, + * 0 otherwise + */ +static int jpeg_v1_dec_ring_parse_cs(struct amdgpu_cs_parser *parser, + struct amdgpu_job *job, + struct amdgpu_ib *ib) +{ + u32 i, reg, res, cond, type; + int ret = 0; + struct amdgpu_device *adev = parser->adev; + + for (i = 0; i < ib->length_dw ; i += 2) { + reg = CP_PACKETJ_GET_REG(ib->ptr[i]); + res = CP_PACKETJ_GET_RES(ib->ptr[i]); + cond = CP_PACKETJ_GET_COND(ib->ptr[i]); + type = CP_PACKETJ_GET_TYPE(ib->ptr[i]); + + if (res || cond != PACKETJ_CONDITION_CHECK0) /* only allow 0 for now */ + return -EINVAL; + + if (reg >= JPEG_V1_REG_RANGE_START && reg <= JPEG_V1_REG_RANGE_END) + continue; + + switch (type) { + case PACKETJ_TYPE0: + if (reg != JPEG_V1_LMI_JPEG_WRITE_64BIT_BAR_HIGH && + reg != JPEG_V1_LMI_JPEG_WRITE_64BIT_BAR_LOW && + reg != JPEG_V1_LMI_JPEG_READ_64BIT_BAR_HIGH && + reg != JPEG_V1_LMI_JPEG_READ_64BIT_BAR_LOW && + reg != JPEG_V1_REG_CTX_INDEX && + reg != JPEG_V1_REG_CTX_DATA) { + ret = -EINVAL; + } + break; + case PACKETJ_TYPE1: + if (reg != JPEG_V1_REG_CTX_DATA) + ret = -EINVAL; + break; + case PACKETJ_TYPE3: + if (reg != JPEG_V1_REG_SOFT_RESET) + ret = -EINVAL; + break; + case PACKETJ_TYPE6: + if (ib->ptr[i] != CP_PACKETJ_NOP) + ret = -EINVAL; + break; + default: + ret = -EINVAL; + } + + if (ret) { + dev_err(adev->dev, "Invalid packet [0x%08x]!\n", ib->ptr[i]); + break; + } + } + + return ret; +} diff --git a/drivers/gpu/drm/amd/amdgpu/jpeg_v1_0.h b/drivers/gpu/drm/amd/amdgpu/jpeg_v1_0.h index bbf33a6a3972..9654d22e0376 100644 --- a/drivers/gpu/drm/amd/amdgpu/jpeg_v1_0.h +++ b/drivers/gpu/drm/amd/amdgpu/jpeg_v1_0.h @@ -29,4 +29,15 @@ int jpeg_v1_0_sw_init(void *handle); void jpeg_v1_0_sw_fini(void *handle); void jpeg_v1_0_start(struct amdgpu_device *adev, int mode); +#define JPEG_V1_REG_RANGE_START 0x8000 +#define JPEG_V1_REG_RANGE_END 0x803f + +#define JPEG_V1_LMI_JPEG_WRITE_64BIT_BAR_HIGH 0x8238 +#define JPEG_V1_LMI_JPEG_WRITE_64BIT_BAR_LOW 0x8239 +#define JPEG_V1_LMI_JPEG_READ_64BIT_BAR_HIGH 0x825a +#define JPEG_V1_LMI_JPEG_READ_64BIT_BAR_LOW 0x825b +#define JPEG_V1_REG_CTX_INDEX 0x8328 +#define JPEG_V1_REG_CTX_DATA 0x8329 +#define JPEG_V1_REG_SOFT_RESET 0x83a0 + #endif /*__JPEG_V1_0_H__*/

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] drm/amd/amdgpu: apply command submission parser for JPEG v1" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 8409fb50ce48d66cf9dc5391f03f05c56c430605 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024091427-vanilla-breath-c5f2@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 8409fb50ce48 ("drm/amd/amdgpu: apply command submission parser for JPEG v1") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8409fb50ce48d66cf9dc5391f03f05c56c430605 Mon Sep 17 00:00:00 2001 From: "David (Ming Qiang) Wu" <David.Wu3(a)amd.com> Date: Thu, 5 Sep 2024 16:57:28 -0400 Subject: [PATCH] drm/amd/amdgpu: apply command submission parser for JPEG v1 Similar to jpeg_v2_dec_ring_parse_cs() but it has different register ranges and a few other registers access. Acked-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: David (Ming Qiang) Wu <David.Wu3(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 3d5adbdf1d01708777f2eda375227cbf7a98b9fe) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/amdgpu/jpeg_v1_0.c b/drivers/gpu/drm/amd/amdgpu/jpeg_v1_0.c index 71f43a5c7f72..6e0e88076224 100644 --- a/drivers/gpu/drm/amd/amdgpu/jpeg_v1_0.c +++ b/drivers/gpu/drm/amd/amdgpu/jpeg_v1_0.c @@ -23,6 +23,7 @@ #include "amdgpu.h" #include "amdgpu_jpeg.h" +#include "amdgpu_cs.h" #include "soc15.h" #include "soc15d.h" #include "vcn_v1_0.h" @@ -34,6 +35,9 @@ static void jpeg_v1_0_set_dec_ring_funcs(struct amdgpu_device *adev); static void jpeg_v1_0_set_irq_funcs(struct amdgpu_device *adev); static void jpeg_v1_0_ring_begin_use(struct amdgpu_ring *ring); +static int jpeg_v1_dec_ring_parse_cs(struct amdgpu_cs_parser *parser, + struct amdgpu_job *job, + struct amdgpu_ib *ib); static void jpeg_v1_0_decode_ring_patch_wreg(struct amdgpu_ring *ring, uint32_t *ptr, uint32_t reg_offset, uint32_t val) { @@ -300,7 +304,10 @@ static void jpeg_v1_0_decode_ring_emit_ib(struct amdgpu_ring *ring, amdgpu_ring_write(ring, PACKETJ(SOC15_REG_OFFSET(JPEG, 0, mmUVD_LMI_JRBC_IB_VMID), 0, 0, PACKETJ_TYPE0)); - amdgpu_ring_write(ring, (vmid | (vmid << 4))); + if (ring->funcs->parse_cs) + amdgpu_ring_write(ring, 0); + else + amdgpu_ring_write(ring, (vmid | (vmid << 4))); amdgpu_ring_write(ring, PACKETJ(SOC15_REG_OFFSET(JPEG, 0, mmUVD_LMI_JPEG_VMID), 0, 0, PACKETJ_TYPE0)); @@ -554,6 +561,7 @@ static const struct amdgpu_ring_funcs jpeg_v1_0_decode_ring_vm_funcs = { .get_rptr = jpeg_v1_0_decode_ring_get_rptr, .get_wptr = jpeg_v1_0_decode_ring_get_wptr, .set_wptr = jpeg_v1_0_decode_ring_set_wptr, + .parse_cs = jpeg_v1_dec_ring_parse_cs, .emit_frame_size = 6 + 6 + /* hdp invalidate / flush */ SOC15_FLUSH_GPU_TLB_NUM_WREG * 6 + @@ -611,3 +619,69 @@ static void jpeg_v1_0_ring_begin_use(struct amdgpu_ring *ring) vcn_v1_0_set_pg_for_begin_use(ring, set_clocks); } + +/** + * jpeg_v1_dec_ring_parse_cs - command submission parser + * + * @parser: Command submission parser context + * @job: the job to parse + * @ib: the IB to parse + * + * Parse the command stream, return -EINVAL for invalid packet, + * 0 otherwise + */ +static int jpeg_v1_dec_ring_parse_cs(struct amdgpu_cs_parser *parser, + struct amdgpu_job *job, + struct amdgpu_ib *ib) +{ + u32 i, reg, res, cond, type; + int ret = 0; + struct amdgpu_device *adev = parser->adev; + + for (i = 0; i < ib->length_dw ; i += 2) { + reg = CP_PACKETJ_GET_REG(ib->ptr[i]); + res = CP_PACKETJ_GET_RES(ib->ptr[i]); + cond = CP_PACKETJ_GET_COND(ib->ptr[i]); + type = CP_PACKETJ_GET_TYPE(ib->ptr[i]); + + if (res || cond != PACKETJ_CONDITION_CHECK0) /* only allow 0 for now */ + return -EINVAL; + + if (reg >= JPEG_V1_REG_RANGE_START && reg <= JPEG_V1_REG_RANGE_END) + continue; + + switch (type) { + case PACKETJ_TYPE0: + if (reg != JPEG_V1_LMI_JPEG_WRITE_64BIT_BAR_HIGH && + reg != JPEG_V1_LMI_JPEG_WRITE_64BIT_BAR_LOW && + reg != JPEG_V1_LMI_JPEG_READ_64BIT_BAR_HIGH && + reg != JPEG_V1_LMI_JPEG_READ_64BIT_BAR_LOW && + reg != JPEG_V1_REG_CTX_INDEX && + reg != JPEG_V1_REG_CTX_DATA) { + ret = -EINVAL; + } + break; + case PACKETJ_TYPE1: + if (reg != JPEG_V1_REG_CTX_DATA) + ret = -EINVAL; + break; + case PACKETJ_TYPE3: + if (reg != JPEG_V1_REG_SOFT_RESET) + ret = -EINVAL; + break; + case PACKETJ_TYPE6: + if (ib->ptr[i] != CP_PACKETJ_NOP) + ret = -EINVAL; + break; + default: + ret = -EINVAL; + } + + if (ret) { + dev_err(adev->dev, "Invalid packet [0x%08x]!\n", ib->ptr[i]); + break; + } + } + + return ret; +} diff --git a/drivers/gpu/drm/amd/amdgpu/jpeg_v1_0.h b/drivers/gpu/drm/amd/amdgpu/jpeg_v1_0.h index bbf33a6a3972..9654d22e0376 100644 --- a/drivers/gpu/drm/amd/amdgpu/jpeg_v1_0.h +++ b/drivers/gpu/drm/amd/amdgpu/jpeg_v1_0.h @@ -29,4 +29,15 @@ int jpeg_v1_0_sw_init(void *handle); void jpeg_v1_0_sw_fini(void *handle); void jpeg_v1_0_start(struct amdgpu_device *adev, int mode); +#define JPEG_V1_REG_RANGE_START 0x8000 +#define JPEG_V1_REG_RANGE_END 0x803f + +#define JPEG_V1_LMI_JPEG_WRITE_64BIT_BAR_HIGH 0x8238 +#define JPEG_V1_LMI_JPEG_WRITE_64BIT_BAR_LOW 0x8239 +#define JPEG_V1_LMI_JPEG_READ_64BIT_BAR_HIGH 0x825a +#define JPEG_V1_LMI_JPEG_READ_64BIT_BAR_LOW 0x825b +#define JPEG_V1_REG_CTX_INDEX 0x8328 +#define JPEG_V1_REG_CTX_DATA 0x8329 +#define JPEG_V1_REG_SOFT_RESET 0x83a0 + #endif /*__JPEG_V1_0_H__*/

1 year, 3 months

1
0
0 0

Bug 219269 - v6.10.10 kernel fails to build when CONFIG_MODULES is disabled

by Thorsten Leemhuis

Hi Greg! I noticed a bug report in bz: https://bugzilla.kernel.org/show_bug.cgi?id=219269 > Fair enough, you get a compiler warning: > > kernel/trace/trace_kprobe.c: In function ‘validate_probe_symbol’: > kernel/trace/trace_kprobe.c:810:23: error: implicit declaration of function ‘find_module’; did you mean init_module’? [-Wimplicit-function-declaration] > 810 | mod = find_module(modname); > | ^~~~~~~~~~~ > | init_module > kernel/trace/trace_kprobe.c:810:21: error: assignment to ‘struct module *’ from ‘int’ makes pointer from integer without a cast [-Wint-conversion] > 810 | mod = find_module(modname); > | > > but there is no find_module symbol when CONFIG_MODULES is disabled. I *very briefly* looked into this. I might be wrong, but looked a bit like "tracing/kprobes: Add symbol counting check when module loads" caused this and backporting b10545b6b86b7a ("tracing/kprobes: Fix build error when find_module() is not available") [v6.11-rc1] would fix this (which applies cleanly). Shall I ask the reporter to confirm or is that already enough for you? Ciao, Thorsten

1 year, 3 months

2
1
0 0

[PATCH net] fbnic: Set napi irq value after calling netif_napi_add

by Brett Creeley

The driver calls netif_napi_set_irq() and then calls netif_napi_add(), which calls netif_napi_add_weight(). At the end of netif_napi_add_weight() is a call to netif_napi_set_irq(napi, -1), which clears the previously set napi->irq value. Fix this by calling netif_napi_set_irq() after calling netif_napi_add(). This was found when reviewing another patch and I have no way to test this, but the fix seemed relatively straight forward. Cc: stable(a)vger.kernel.org Fixes: bc6107771bb4 ("eth: fbnic: Allocate a netdevice and napi vectors with queues") Signed-off-by: Brett Creeley <brett.creeley(a)amd.com> --- drivers/net/ethernet/meta/fbnic/fbnic_txrx.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/net/ethernet/meta/fbnic/fbnic_txrx.c b/drivers/net/ethernet/meta/fbnic/fbnic_txrx.c index 0ed4c9fff5d8..72f88ae7815f 100644 --- a/drivers/net/ethernet/meta/fbnic/fbnic_txrx.c +++ b/drivers/net/ethernet/meta/fbnic/fbnic_txrx.c @@ -1012,14 +1012,14 @@ static int fbnic_alloc_napi_vector(struct fbnic_dev *fbd, struct fbnic_net *fbn, nv->fbd = fbd; nv->v_idx = v_idx; - /* Record IRQ to NAPI struct */ - netif_napi_set_irq(&nv->napi, - pci_irq_vector(to_pci_dev(fbd->dev), nv->v_idx)); - /* Tie napi to netdev */ list_add(&nv->napis, &fbn->napis); netif_napi_add(fbn->netdev, &nv->napi, fbnic_poll); + /* Record IRQ to NAPI struct */ + netif_napi_set_irq(&nv->napi, + pci_irq_vector(to_pci_dev(fbd->dev), nv->v_idx)); + /* Tie nv back to PCIe dev */ nv->dev = fbd->dev; -- 2.17.1

1 year, 3 months

4
3
0 0

[PATCH] drm/amd/display: Skip dpp1_dscl_set_scaler_filter if filter is null

by Ma Ke

Callers can pass null in filter (i.e. from returned from the function dpp1_dscl_get_filter_coeffs_64p) and a null check is added to ensure that is not the case. Cc: stable(a)vger.kernel.org Fixes: 5e9a81b2c465 ("drm/amd/display: separate scl functions out from dcn10_dpp") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/gpu/drm/amd/display/dc/dpp/dcn10/dcn10_dpp_dscl.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/amd/display/dc/dpp/dcn10/dcn10_dpp_dscl.c b/drivers/gpu/drm/amd/display/dc/dpp/dcn10/dcn10_dpp_dscl.c index 808bca9fb804..bcafeb7b5b79 100644 --- a/drivers/gpu/drm/amd/display/dc/dpp/dcn10/dcn10_dpp_dscl.c +++ b/drivers/gpu/drm/amd/display/dc/dpp/dcn10/dcn10_dpp_dscl.c @@ -248,6 +248,9 @@ static void dpp1_dscl_set_scaler_filter( int pair; uint16_t odd_coef, even_coef; + if (!filter) + return; + REG_SET_3(SCL_COEF_RAM_TAP_SELECT, 0, SCL_COEF_RAM_TAP_PAIR_IDX, 0, SCL_COEF_RAM_PHASE, 0, -- 2.25.1

1 year, 3 months

1
0
0 0

[PATCH] sysctl: avoid spurious permanent empty tables

by Thomas Weißschuh

The test if a table is a permanently empty one, inspects the address of the registered ctl_table argument. However as sysctl_mount_point is an empty array and does not occupy and space it can end up sharing an address with another object in memory. If that other object itself is a "struct ctl_table" then registering that table will fail as it's incorrectly recognized as permanently empty. Avoid this issue by adding a dummy element to the array so that the array is not empty anymore and the potential address sharing is avoided. Explicitly register the table with zero elements as otherwise the dummy element would be recognized as a sentinel element which would lead to a runtime warning from the sysctl core. While the issue seems unlikely to be encountered at this time, this seems mostly be due to luck. Also a future change, constifying sysctl_mount_point and root_table, can reliably trigger this issue on clang 18. Given that empty arrays are non-standard in the first place, avoid them if possible. Reported-by: kernel test robot <oliver.sang(a)intel.com> Closes: https://lore.kernel.org/oe-lkp/202408051453.f638857e-lkp@intel.com Fixes: 4a7b29f65094 ("sysctl: move sysctl type to ctl_table_header") Fixes: a35dd3a786f5 ("sysctl: drop now unnecessary out-of-bounds check") Cc: stable(a)vger.kernel.org Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> --- This was originally part of a feature series [0], but is resubmitted on its own to make it into v6.11To. [0] https://lore.kernel.org/lkml/20240805-sysctl-const-api-v2-0-52c85f02ee5e@we… --- fs/proc/proc_sysctl.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c index 9553e77c9d31..d11ebc055ce0 100644 --- a/fs/proc/proc_sysctl.c +++ b/fs/proc/proc_sysctl.c @@ -29,8 +29,13 @@ static const struct inode_operations proc_sys_inode_operations; static const struct file_operations proc_sys_dir_file_operations; static const struct inode_operations proc_sys_dir_operations; -/* Support for permanently empty directories */ -static struct ctl_table sysctl_mount_point[] = { }; +/* + * Support for permanently empty directories. + * Must be non-empty to avoid sharing an address with other tables. + */ +static struct ctl_table sysctl_mount_point[] = { + { } +}; /** * register_sysctl_mount_point() - registers a sysctl mount point @@ -42,7 +47,7 @@ static struct ctl_table sysctl_mount_point[] = { }; */ struct ctl_table_header *register_sysctl_mount_point(const char *path) { - return register_sysctl(path, sysctl_mount_point); + return register_sysctl_sz(path, sysctl_mount_point, 0); } EXPORT_SYMBOL(register_sysctl_mount_point); --- base-commit: 3e9bff3bbe1355805de919f688bef4baefbfd436 change-id: 20240827-sysctl-const-shared-identity-9ab816e5fdfb Best regards, -- Thomas Weißschuh <linux(a)weissschuh.net>

1 year, 3 months

2
1
0 0

[PATCH v1] usb: dwc3: re-enable runtime PM after failed resume

by Roy Luo

When dwc3_resume_common() returns an error, runtime pm is left in disabled state in dwc3_resume(). The next dwc3_suspend_common() should be skipped as the device is already in suspended state but it's not because power.disable_depth is non-zero. Ensures runtime PM is always re-enabled even after failed resume attempts. Fixes: 68c26fe58182 ("usb: dwc3: set pm runtime active before resume common") Cc: stable(a)vger.kernel.org Signed-off-by: Roy Luo <royluo(a)google.com> --- drivers/usb/dwc3/core.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c index ccc3895dbd7f..1928b074b2df 100644 --- a/drivers/usb/dwc3/core.c +++ b/drivers/usb/dwc3/core.c @@ -2537,7 +2537,7 @@ static int dwc3_suspend(struct device *dev) static int dwc3_resume(struct device *dev) { struct dwc3 *dwc = dev_get_drvdata(dev); - int ret; + int ret = 0; pinctrl_pm_select_default_state(dev); @@ -2547,12 +2547,11 @@ static int dwc3_resume(struct device *dev) ret = dwc3_resume_common(dwc, PMSG_RESUME); if (ret) { pm_runtime_set_suspended(dev); - return ret; } pm_runtime_enable(dev); - return 0; + return ret; } static void dwc3_complete(struct device *dev) base-commit: ad618736883b8970f66af799e34007475fe33a68 -- 2.46.0.469.g59c65b2a67-goog

1 year, 3 months

2
4
0 0

[PATCH 0/2] Fixes for the PCI dra7xx driver

by Siddharth Vadapalli

Hello, This series is based on commit 3e9bff3bbe13 Merge tag 'vfs-6.11-rc6.fixes' of gitolite.kernel.org:pub/scm/linux/kernel/git/vfs/vfs of Mainline Linux. The first patch fixes conversion to "devm_request_threaded_irq()" where the IRQF_ONESHOT flag should have been added since the handler is NULL. The second patch fixes the error handling when IRQ request fails in the probe function. The existing error handling doesn't cleanup the changes performed prior to the IRQ request invocation. Regards, Siddharth. Siddharth Vadapalli (2): PCI: dra7xx: Fix threaded IRQ request for "dra7xx-pcie-main" IRQ PCI: dra7xx: Fix error handling when IRQ request fails in probe drivers/pci/controller/dwc/pci-dra7xx.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) -- 2.40.1

1 year, 3 months

5
7
0 0

[PATCH 4.19 0/2] kselftest fails to compile on 4.19

by Samasth Norway Ananda

In the linux-4.19.y kernel kcmp_test and compaction_test kselftest fails to compile. kcmp_test.c: In function ��main��: kcmp_test.c:92:17: warning: implicit declaration of function ��ksft_set_plan�� [-Wimplicit-function-declaration] 92 | ksft_set_plan(3); | ^~~~~~~~~~~~~ and compaction_test.c: In function ��main��: compaction_test.c:186:9: warning: implicit declaration of function ��ksft_set_plan�� [-Wimplicit-function-declaration] 186 | ksft_set_plan(1); | ^~~~~~~~~~~~~ The function definition for ksft_set_plan() is introduced by commit 5821ba969511 ("selftests: Add test plan API to kselftest.h and adjust callers") which is present from linux-5.2.y onwards. Samasth Norway Ananda (2): selftests/vm: remove call to ksft_set_plan() selftests/kcmp: remove call to ksft_set_plan() tools/testing/selftests/kcmp/kcmp_test.c | 1 - tools/testing/selftests/vm/compaction_test.c | 2 -- 2 files changed, 3 deletions(-) -- 2.45.2

1 year, 3 months

2
4
0 0

[REGRESSION] soft lockup on boot starting with kernel 6.10 / commit 5186ba33234c9a90833f7c93ce7de80e25fac6f5

by Hugues Bruant

Hi, I have discovered a 100% reliable soft lockup on boot on my laptop: Purism Librem 14, Intel Core i7-10710U, 48Gb RAM, Samsung Evo Plus 970 SSD, CoreBoot BIOS, grub bootloader, Arch Linux. The last working release is kernel 6.9.10, every release from 6.10 onwards reliably exhibit the issue, which, based on journalctl logs, seems to be triggered somewhere in systemd-udev: https://gitlab.archlinux.org/-/project/42594/uploads/04583baf22189a0a8bb2f8… Bisect points to commit 5186ba33234c9a90833f7c93ce7de80e25fac6f5 At a glance, I see two potentially problematic changes in this diff. Specifically, in the refactoring to move the call to rdt_ctrl_update inside the loop that walks over r->domains : 1. the change from on_each_cpu_mask to smp_call_function_any means that preemption is no longer disabled around the call to rdt_ctrl_update, which could plausibly be a problem 2. there's now a race condition on the msr_params struct: afaict there's no write barrier, so if the call to rdt_ctrl_update is executed on a different CPU, it could plausibly read an outdated value of the dom field, which prior to this series of patches wasn't passed as an explicit parameter, but derived inside rdt_ctrl_update For initial report to Arch Linux bugtracker and bisect log see: https://gitlab.archlinux.org/archlinux/packaging/packages/linux/-/issues/74 Best Hugues

1 year, 3 months

8
15
0 0

[PATCH net] net: dsa: lan9303: avoid dsa_switch_shutdown()

by A. Sverdlin

From: Alexander Sverdlin <alexander.sverdlin(a)siemens.com> dsa_switch_shutdown() doesn't bring down any ports, but only disconnects slaves from master. Packets still come afterwards into master port and the ports are being polled for link status. This leads to crashes: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 CPU: 0 PID: 442 Comm: kworker/0:3 Tainted: G O 6.1.99+ #1 Workqueue: events_power_efficient phy_state_machine pc : lan9303_mdio_phy_read lr : lan9303_phy_read Call trace: lan9303_mdio_phy_read lan9303_phy_read dsa_slave_phy_read __mdiobus_read mdiobus_read genphy_update_link genphy_read_status phy_check_link_status phy_state_machine process_one_work worker_thread Call lan9303_remove() instead to really unregister all ports before zeroing drvdata and dsa_ptr. Fixes: 0650bf52b31f ("net: dsa: be compatible with masters which unregister on shutdown") Cc: stable(a)vger.kernel.org Signed-off-by: Alexander Sverdlin <alexander.sverdlin(a)siemens.com> --- drivers/net/dsa/lan9303-core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/dsa/lan9303-core.c b/drivers/net/dsa/lan9303-core.c index 268949939636..ecd507355f51 100644 --- a/drivers/net/dsa/lan9303-core.c +++ b/drivers/net/dsa/lan9303-core.c @@ -1477,7 +1477,7 @@ EXPORT_SYMBOL(lan9303_remove); void lan9303_shutdown(struct lan9303 *chip) { - dsa_switch_shutdown(chip->ds); + lan9303_remove(chip); } EXPORT_SYMBOL(lan9303_shutdown); -- 2.46.0

1 year, 3 months

3
8
0 0

[PATCH v7 1/6] x86/tdx: Fix "in-kernel MMIO" check

by Alexey Gladkov

From: "Alexey Gladkov (Intel)" <legion(a)kernel.org> TDX only supports kernel-initiated MMIO operations. The handle_mmio() function checks if the #VE exception occurred in the kernel and rejects the operation if it did not. However, userspace can deceive the kernel into performing MMIO on its behalf. For example, if userspace can point a syscall to an MMIO address, syscall does get_user() or put_user() on it, triggering MMIO #VE. The kernel will treat the #VE as in-kernel MMIO. Ensure that the target MMIO address is within the kernel before decoding instruction. Cc: stable(a)vger.kernel.org Reviewed-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Signed-off-by: Alexey Gladkov (Intel) <legion(a)kernel.org> --- arch/x86/coco/tdx/tdx.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index 078e2bac2553..d6e6407e3999 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -16,6 +16,7 @@ #include <asm/insn-eval.h> #include <asm/pgtable.h> #include <asm/set_memory.h> +#include <asm/traps.h> /* MMIO direction */ #define EPT_READ 0 @@ -434,6 +435,11 @@ static int handle_mmio(struct pt_regs *regs, struct ve_info *ve) return -EINVAL; } + if (!fault_in_kernel_space(ve->gla)) { + WARN_ONCE(1, "Access to userspace address is not supported"); + return -EINVAL; + } + /* * Reject EPT violation #VEs that split pages. * -- 2.46.0

1 year, 3 months

2
2
0 0

[PATCH 2/8] drm/sched: Always wake up correct scheduler in drm_sched_entity_push_job

by Tvrtko Ursulin

From: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Since drm_sched_entity_modify_sched() can modify the entities run queue, lets make sure to only dereference the pointer once so both adding and waking up are guaranteed to be consistent. Alternative of moving the spin_unlock to after the wake up would for now be more problematic since the same lock is taken inside drm_sched_rq_update_fifo(). v2: * Improve commit message. (Philipp) * Cache the scheduler pointer directly. (Christian) Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Fixes: b37aced31eb0 ("drm/scheduler: implement a function to modify sched list") Cc: Christian König <christian.koenig(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: Luben Tuikov <ltuikov89(a)gmail.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: David Airlie <airlied(a)gmail.com> Cc: Daniel Vetter <daniel(a)ffwll.ch> Cc: Philipp Stanner <pstanner(a)redhat.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v5.7+ Reviewed-by: Christian König <christian.koenig(a)amd.com> --- drivers/gpu/drm/scheduler/sched_entity.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/scheduler/sched_entity.c b/drivers/gpu/drm/scheduler/sched_entity.c index ae8be30472cd..76e422548d40 100644 --- a/drivers/gpu/drm/scheduler/sched_entity.c +++ b/drivers/gpu/drm/scheduler/sched_entity.c @@ -599,6 +599,9 @@ void drm_sched_entity_push_job(struct drm_sched_job *sched_job) /* first job wakes up scheduler */ if (first) { + struct drm_gpu_scheduler *sched; + struct drm_sched_rq *rq; + /* Add the entity to the run queue */ spin_lock(&entity->rq_lock); if (entity->stopped) { @@ -608,13 +611,16 @@ void drm_sched_entity_push_job(struct drm_sched_job *sched_job) return; } - drm_sched_rq_add_entity(entity->rq, entity); + rq = entity->rq; + sched = rq->sched; + + drm_sched_rq_add_entity(rq, entity); spin_unlock(&entity->rq_lock); if (drm_sched_policy == DRM_SCHED_POLICY_FIFO) drm_sched_rq_update_fifo(entity, submit_ts); - drm_sched_wakeup(entity->rq->sched, entity); + drm_sched_wakeup(sched, entity); } } EXPORT_SYMBOL(drm_sched_entity_push_job); -- 2.46.0

1 year, 3 months

1
0
0 0

[PATCH 1/8] drm/sched: Add locking to drm_sched_entity_modify_sched

by Tvrtko Ursulin

From: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Without the locking amdgpu currently can race between amdgpu_ctx_set_entity_priority() (via drm_sched_entity_modify_sched()) and drm_sched_job_arm(), leading to the latter accesing potentially inconsitent entity->sched_list and entity->num_sched_list pair. v2: * Improve commit message. (Philipp) Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Fixes: b37aced31eb0 ("drm/scheduler: implement a function to modify sched list") Cc: Christian König <christian.koenig(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: Luben Tuikov <ltuikov89(a)gmail.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: David Airlie <airlied(a)gmail.com> Cc: Daniel Vetter <daniel(a)ffwll.ch> Cc: dri-devel(a)lists.freedesktop.org Cc: Philipp Stanner <pstanner(a)redhat.com> Cc: <stable(a)vger.kernel.org> # v5.7+ Reviewed-by: Christian König <christian.koenig(a)amd.com> --- drivers/gpu/drm/scheduler/sched_entity.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/gpu/drm/scheduler/sched_entity.c b/drivers/gpu/drm/scheduler/sched_entity.c index 58c8161289fe..ae8be30472cd 100644 --- a/drivers/gpu/drm/scheduler/sched_entity.c +++ b/drivers/gpu/drm/scheduler/sched_entity.c @@ -133,8 +133,10 @@ void drm_sched_entity_modify_sched(struct drm_sched_entity *entity, { WARN_ON(!num_sched_list || !sched_list); + spin_lock(&entity->rq_lock); entity->sched_list = sched_list; entity->num_sched_list = num_sched_list; + spin_unlock(&entity->rq_lock); } EXPORT_SYMBOL(drm_sched_entity_modify_sched); -- 2.46.0

1 year, 3 months

1
0
0 0

[PATCH v2] crypto: Removing CRYPTO_AES_GCM_P10.

by Danny Tsen

Disabling CRYPTO_AES_GCM_P10 in Kconfig first so that we can apply the subsequent patches to fix data mismatch over ipsec tunnel. Signed-off-by: Danny Tsen <dtsen(a)linux.ibm.com> --- arch/powerpc/crypto/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/powerpc/crypto/Kconfig b/arch/powerpc/crypto/Kconfig index 09ebcbdfb34f..46a4c85e85e2 100644 --- a/arch/powerpc/crypto/Kconfig +++ b/arch/powerpc/crypto/Kconfig @@ -107,6 +107,7 @@ config CRYPTO_AES_PPC_SPE config CRYPTO_AES_GCM_P10 tristate "Stitched AES/GCM acceleration support on P10 or later CPU (PPC)" + depends on BROKEN depends on PPC64 && CPU_LITTLE_ENDIAN && VSX select CRYPTO_LIB_AES select CRYPTO_ALGAPI -- 2.43.0

1 year, 3 months

2
1
0 0

[PATCH 6.6.y RESEND 2/2] LoongArch: Use accessors to page table entries instead of direct dereference

by He Lugang

From: Huacai Chen <chenhuacai(a)loongson.cn> commit 4574815abf43e2bf05643e1b3f7a2e5d6df894f0 upstream As very well explained in commit 20a004e7b017cce282 ("arm64: mm: Use READ_ONCE/WRITE_ONCE when accessing page tables"), an architecture whose page table walker can modify the PTE in parallel must use READ_ONCE()/ WRITE_ONCE() macro to avoid any compiler transformation. So apply that to LoongArch which is such an architecture, in order to avoid potential problems. Similar to commit edf955647269422e ("riscv: Use accessors to page table entries instead of direct dereference"). Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- arch/loongarch/include/asm/hugetlb.h | 4 +-- arch/loongarch/include/asm/kfence.h | 6 ++-- arch/loongarch/include/asm/pgtable.h | 48 +++++++++++++++++----------- arch/loongarch/kvm/mmu.c | 8 ++--- arch/loongarch/mm/hugetlbpage.c | 6 ++-- arch/loongarch/mm/init.c | 10 +++--- arch/loongarch/mm/kasan_init.c | 10 +++--- arch/loongarch/mm/pgtable.c | 2 +- 8 files changed, 52 insertions(+), 42 deletions(-) diff --git a/arch/loongarch/include/asm/hugetlb.h b/arch/loongarch/include/asm/hugetlb.h index aa44b3fe43dd..5da32c00d483 100644 --- a/arch/loongarch/include/asm/hugetlb.h +++ b/arch/loongarch/include/asm/hugetlb.h @@ -34,7 +34,7 @@ static inline pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, pte_t *ptep) { pte_t clear; - pte_t pte = *ptep; + pte_t pte = ptep_get(ptep); pte_val(clear) = (unsigned long)invalid_pte_table; set_pte_at(mm, addr, ptep, clear); @@ -65,7 +65,7 @@ static inline int huge_ptep_set_access_flags(struct vm_area_struct *vma, pte_t *ptep, pte_t pte, int dirty) { - int changed = !pte_same(*ptep, pte); + int changed = !pte_same(ptep_get(ptep), pte); if (changed) { set_pte_at(vma->vm_mm, addr, ptep, pte); diff --git a/arch/loongarch/include/asm/kfence.h b/arch/loongarch/include/asm/kfence.h index 6c82aea1c993..2835b41d2a84 100644 --- a/arch/loongarch/include/asm/kfence.h +++ b/arch/loongarch/include/asm/kfence.h @@ -43,13 +43,13 @@ static inline bool kfence_protect_page(unsigned long addr, bool protect) { pte_t *pte = virt_to_kpte(addr); - if (WARN_ON(!pte) || pte_none(*pte)) + if (WARN_ON(!pte) || pte_none(ptep_get(pte))) return false; if (protect) - set_pte(pte, __pte(pte_val(*pte) & ~(_PAGE_VALID | _PAGE_PRESENT))); + set_pte(pte, __pte(pte_val(ptep_get(pte)) & ~(_PAGE_VALID | _PAGE_PRESENT))); else - set_pte(pte, __pte(pte_val(*pte) | (_PAGE_VALID | _PAGE_PRESENT))); + set_pte(pte, __pte(pte_val(ptep_get(pte)) | (_PAGE_VALID | _PAGE_PRESENT))); preempt_disable(); local_flush_tlb_one(addr); diff --git a/arch/loongarch/include/asm/pgtable.h b/arch/loongarch/include/asm/pgtable.h index 29d9b12298bc..2df497d2f864 100644 --- a/arch/loongarch/include/asm/pgtable.h +++ b/arch/loongarch/include/asm/pgtable.h @@ -106,6 +106,9 @@ extern unsigned long empty_zero_page[PAGE_SIZE / sizeof(unsigned long)]; #define KFENCE_AREA_START (VMEMMAP_END + 1) #define KFENCE_AREA_END (KFENCE_AREA_START + KFENCE_AREA_SIZE - 1) +#define ptep_get(ptep) READ_ONCE(*(ptep)) +#define pmdp_get(pmdp) READ_ONCE(*(pmdp)) + #define pte_ERROR(e) \ pr_err("%s:%d: bad pte %016lx.\n", __FILE__, __LINE__, pte_val(e)) #ifndef __PAGETABLE_PMD_FOLDED @@ -147,11 +150,6 @@ static inline int p4d_present(p4d_t p4d) return p4d_val(p4d) != (unsigned long)invalid_pud_table; } -static inline void p4d_clear(p4d_t *p4dp) -{ - p4d_val(*p4dp) = (unsigned long)invalid_pud_table; -} - static inline pud_t *p4d_pgtable(p4d_t p4d) { return (pud_t *)p4d_val(p4d); @@ -159,7 +157,12 @@ static inline pud_t *p4d_pgtable(p4d_t p4d) static inline void set_p4d(p4d_t *p4d, p4d_t p4dval) { - *p4d = p4dval; + WRITE_ONCE(*p4d, p4dval); +} + +static inline void p4d_clear(p4d_t *p4dp) +{ + set_p4d(p4dp, __p4d((unsigned long)invalid_pud_table)); } #define p4d_phys(p4d) PHYSADDR(p4d_val(p4d)) @@ -193,17 +196,20 @@ static inline int pud_present(pud_t pud) return pud_val(pud) != (unsigned long)invalid_pmd_table; } -static inline void pud_clear(pud_t *pudp) +static inline pmd_t *pud_pgtable(pud_t pud) { - pud_val(*pudp) = ((unsigned long)invalid_pmd_table); + return (pmd_t *)pud_val(pud); } -static inline pmd_t *pud_pgtable(pud_t pud) +static inline void set_pud(pud_t *pud, pud_t pudval) { - return (pmd_t *)pud_val(pud); + WRITE_ONCE(*pud, pudval); } -#define set_pud(pudptr, pudval) do { *(pudptr) = (pudval); } while (0) +static inline void pud_clear(pud_t *pudp) +{ + set_pud(pudp, __pud((unsigned long)invalid_pmd_table)); +} #define pud_phys(pud) PHYSADDR(pud_val(pud)) #define pud_page(pud) (pfn_to_page(pud_phys(pud) >> PAGE_SHIFT)) @@ -231,12 +237,15 @@ static inline int pmd_present(pmd_t pmd) return pmd_val(pmd) != (unsigned long)invalid_pte_table; } -static inline void pmd_clear(pmd_t *pmdp) +static inline void set_pmd(pmd_t *pmd, pmd_t pmdval) { - pmd_val(*pmdp) = ((unsigned long)invalid_pte_table); + WRITE_ONCE(*pmd, pmdval); } -#define set_pmd(pmdptr, pmdval) do { *(pmdptr) = (pmdval); } while (0) +static inline void pmd_clear(pmd_t *pmdp) +{ + set_pmd(pmdp, __pmd((unsigned long)invalid_pte_table)); +} #define pmd_phys(pmd) PHYSADDR(pmd_val(pmd)) @@ -314,7 +323,8 @@ extern void paging_init(void); static inline void set_pte(pte_t *ptep, pte_t pteval) { - *ptep = pteval; + WRITE_ONCE(*ptep, pteval); + if (pte_val(pteval) & _PAGE_GLOBAL) { pte_t *buddy = ptep_buddy(ptep); /* @@ -341,8 +351,8 @@ static inline void set_pte(pte_t *ptep, pte_t pteval) : [buddy] "+m" (buddy->pte), [tmp] "=&r" (tmp) : [global] "r" (page_global)); #else /* !CONFIG_SMP */ - if (pte_none(*buddy)) - pte_val(*buddy) = pte_val(*buddy) | _PAGE_GLOBAL; + if (pte_none(ptep_get(buddy))) + WRITE_ONCE(*buddy, __pte(pte_val(ptep_get(buddy)) | _PAGE_GLOBAL)); #endif /* CONFIG_SMP */ } } @@ -350,7 +360,7 @@ static inline void set_pte(pte_t *ptep, pte_t pteval) static inline void pte_clear(struct mm_struct *mm, unsigned long addr, pte_t *ptep) { /* Preserve global status for the pair */ - if (pte_val(*ptep_buddy(ptep)) & _PAGE_GLOBAL) + if (pte_val(ptep_get(ptep_buddy(ptep))) & _PAGE_GLOBAL) set_pte(ptep, __pte(_PAGE_GLOBAL)); else set_pte(ptep, __pte(0)); @@ -591,7 +601,7 @@ static inline pmd_t pmd_mkinvalid(pmd_t pmd) static inline pmd_t pmdp_huge_get_and_clear(struct mm_struct *mm, unsigned long address, pmd_t *pmdp) { - pmd_t old = *pmdp; + pmd_t old = pmdp_get(pmdp); pmd_clear(pmdp); diff --git a/arch/loongarch/kvm/mmu.c b/arch/loongarch/kvm/mmu.c index 80480df5f550..545a824e38b1 100644 --- a/arch/loongarch/kvm/mmu.c +++ b/arch/loongarch/kvm/mmu.c @@ -679,19 +679,19 @@ static int host_pfn_mapping_level(struct kvm *kvm, gfn_t gfn, * value) and then p*d_offset() walks into the target huge page instead * of the old page table (sees the new value). */ - pgd = READ_ONCE(*pgd_offset(kvm->mm, hva)); + pgd = pgdp_get(pgd_offset(kvm->mm, hva)); if (pgd_none(pgd)) goto out; - p4d = READ_ONCE(*p4d_offset(&pgd, hva)); + p4d = p4dp_get(p4d_offset(&pgd, hva)); if (p4d_none(p4d) || !p4d_present(p4d)) goto out; - pud = READ_ONCE(*pud_offset(&p4d, hva)); + pud = pudp_get(pud_offset(&p4d, hva)); if (pud_none(pud) || !pud_present(pud)) goto out; - pmd = READ_ONCE(*pmd_offset(&pud, hva)); + pmd = pmdp_get(pmd_offset(&pud, hva)); if (pmd_none(pmd) || !pmd_present(pmd)) goto out; diff --git a/arch/loongarch/mm/hugetlbpage.c b/arch/loongarch/mm/hugetlbpage.c index 1e76fcb83093..62ddcea0aa14 100644 --- a/arch/loongarch/mm/hugetlbpage.c +++ b/arch/loongarch/mm/hugetlbpage.c @@ -39,11 +39,11 @@ pte_t *huge_pte_offset(struct mm_struct *mm, unsigned long addr, pmd_t *pmd = NULL; pgd = pgd_offset(mm, addr); - if (pgd_present(*pgd)) { + if (pgd_present(pgdp_get(pgd))) { p4d = p4d_offset(pgd, addr); - if (p4d_present(*p4d)) { + if (p4d_present(p4dp_get(p4d))) { pud = pud_offset(p4d, addr); - if (pud_present(*pud)) + if (pud_present(pudp_get(pud))) pmd = pmd_offset(pud, addr); } } diff --git a/arch/loongarch/mm/init.c b/arch/loongarch/mm/init.c index 4dd53427f657..71fa4b773eb3 100644 --- a/arch/loongarch/mm/init.c +++ b/arch/loongarch/mm/init.c @@ -140,7 +140,7 @@ void __meminit vmemmap_set_pmd(pmd_t *pmd, void *p, int node, int __meminit vmemmap_check_pmd(pmd_t *pmd, int node, unsigned long addr, unsigned long next) { - int huge = pmd_val(*pmd) & _PAGE_HUGE; + int huge = pmd_val(pmdp_get(pmd)) & _PAGE_HUGE; if (huge) vmemmap_verify((pte_t *)pmd, node, addr, next); @@ -172,7 +172,7 @@ pte_t * __init populate_kernel_pte(unsigned long addr) pud_t *pud; pmd_t *pmd; - if (p4d_none(*p4d)) { + if (p4d_none(p4dp_get(p4d))) { pud = memblock_alloc(PAGE_SIZE, PAGE_SIZE); if (!pud) panic("%s: Failed to allocate memory\n", __func__); @@ -183,7 +183,7 @@ pte_t * __init populate_kernel_pte(unsigned long addr) } pud = pud_offset(p4d, addr); - if (pud_none(*pud)) { + if (pud_none(pudp_get(pud))) { pmd = memblock_alloc(PAGE_SIZE, PAGE_SIZE); if (!pmd) panic("%s: Failed to allocate memory\n", __func__); @@ -194,7 +194,7 @@ pte_t * __init populate_kernel_pte(unsigned long addr) } pmd = pmd_offset(pud, addr); - if (!pmd_present(*pmd)) { + if (!pmd_present(pmdp_get(pmd))) { pte_t *pte; pte = memblock_alloc(PAGE_SIZE, PAGE_SIZE); @@ -215,7 +215,7 @@ void __init __set_fixmap(enum fixed_addresses idx, BUG_ON(idx <= FIX_HOLE || idx >= __end_of_fixed_addresses); ptep = populate_kernel_pte(addr); - if (!pte_none(*ptep)) { + if (!pte_none(ptep_get(ptep))) { pte_ERROR(*ptep); return; } diff --git a/arch/loongarch/mm/kasan_init.c b/arch/loongarch/mm/kasan_init.c index c608adc99845..427d6b1aec09 100644 --- a/arch/loongarch/mm/kasan_init.c +++ b/arch/loongarch/mm/kasan_init.c @@ -105,7 +105,7 @@ static phys_addr_t __init kasan_alloc_zeroed_page(int node) static pte_t *__init kasan_pte_offset(pmd_t *pmdp, unsigned long addr, int node, bool early) { - if (__pmd_none(early, READ_ONCE(*pmdp))) { + if (__pmd_none(early, pmdp_get(pmdp))) { phys_addr_t pte_phys = early ? __pa_symbol(kasan_early_shadow_pte) : kasan_alloc_zeroed_page(node); if (!early) @@ -118,7 +118,7 @@ static pte_t *__init kasan_pte_offset(pmd_t *pmdp, unsigned long addr, int node, static pmd_t *__init kasan_pmd_offset(pud_t *pudp, unsigned long addr, int node, bool early) { - if (__pud_none(early, READ_ONCE(*pudp))) { + if (__pud_none(early, pudp_get(pudp))) { phys_addr_t pmd_phys = early ? __pa_symbol(kasan_early_shadow_pmd) : kasan_alloc_zeroed_page(node); if (!early) @@ -131,7 +131,7 @@ static pmd_t *__init kasan_pmd_offset(pud_t *pudp, unsigned long addr, int node, static pud_t *__init kasan_pud_offset(p4d_t *p4dp, unsigned long addr, int node, bool early) { - if (__p4d_none(early, READ_ONCE(*p4dp))) { + if (__p4d_none(early, p4dp_get(p4dp))) { phys_addr_t pud_phys = early ? __pa_symbol(kasan_early_shadow_pud) : kasan_alloc_zeroed_page(node); if (!early) @@ -154,7 +154,7 @@ static void __init kasan_pte_populate(pmd_t *pmdp, unsigned long addr, : kasan_alloc_zeroed_page(node); next = addr + PAGE_SIZE; set_pte(ptep, pfn_pte(__phys_to_pfn(page_phys), PAGE_KERNEL)); - } while (ptep++, addr = next, addr != end && __pte_none(early, READ_ONCE(*ptep))); + } while (ptep++, addr = next, addr != end && __pte_none(early, ptep_get(ptep))); } static void __init kasan_pmd_populate(pud_t *pudp, unsigned long addr, @@ -166,7 +166,7 @@ static void __init kasan_pmd_populate(pud_t *pudp, unsigned long addr, do { next = pmd_addr_end(addr, end); kasan_pte_populate(pmdp, addr, next, node, early); - } while (pmdp++, addr = next, addr != end && __pmd_none(early, READ_ONCE(*pmdp))); + } while (pmdp++, addr = next, addr != end && __pmd_none(early, pmdp_get(pmdp))); } static void __init kasan_pud_populate(p4d_t *p4dp, unsigned long addr, diff --git a/arch/loongarch/mm/pgtable.c b/arch/loongarch/mm/pgtable.c index 2aae72e63871..6a038a27373a 100644 --- a/arch/loongarch/mm/pgtable.c +++ b/arch/loongarch/mm/pgtable.c @@ -128,7 +128,7 @@ pmd_t mk_pmd(struct page *page, pgprot_t prot) void set_pmd_at(struct mm_struct *mm, unsigned long addr, pmd_t *pmdp, pmd_t pmd) { - *pmdp = pmd; + WRITE_ONCE(*pmdp, pmd); flush_tlb_all(); } -- 2.45.2

1 year, 3 months

2
1
0 0

[PATCH 6.1] soc: ti: omap_prm: Add a null pointer check to the omap_prm_domain_init

by Xiangyu Chen

[ Upstream commit 5d7f58ee08434a33340f75ac7ac5071eea9673b3 ] devm_kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Ensure the allocation was successful by checking the pointer validity. Signed-off-by: Kunwu Chan <chentao(a)kylinos.cn> Link: https://lore.kernel.org/r/20240118054257.200814-1-chentao@kylinos.cn Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> [Xiangyu: Modified to apply on 6.1.y] Signed-off-by: Xiangyu Chen <xiangyu.chen(a)windriver.com> --- drivers/soc/ti/omap_prm.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/soc/ti/omap_prm.c b/drivers/soc/ti/omap_prm.c index 913b964374a4..33ef58195955 100644 --- a/drivers/soc/ti/omap_prm.c +++ b/drivers/soc/ti/omap_prm.c @@ -696,6 +696,8 @@ static int omap_prm_domain_init(struct device *dev, struct omap_prm *prm) data = prm->data; name = devm_kasprintf(dev, GFP_KERNEL, "prm_%s", data->name); + if (!name) + return -ENOMEM; prmd->dev = dev; prmd->prm = prm; -- 2.34.1

1 year, 3 months

2
1
0 0

[PATCH] net: xilinx: axienet: Fix race in axienet_stop

by Sean Anderson

[ Upstream commit 858430db28a5f5a11f8faa3a6fa805438e6f0851 ] axienet_dma_err_handler can race with axienet_stop in the following manner: CPU 1 CPU 2 ====================== ================== axienet_stop() napi_disable() axienet_dma_stop() axienet_dma_err_handler() napi_disable() axienet_dma_stop() axienet_dma_start() napi_enable() cancel_work_sync() free_irq() Fix this by setting a flag in axienet_stop telling axienet_dma_err_handler not to bother doing anything. I chose not to use disable_work_sync to allow for easier backporting. Signed-off-by: Sean Anderson <sean.anderson(a)linux.dev> Fixes: 8a3b7a252dca ("drivers/net/ethernet/xilinx: added Xilinx AXI Ethernet driver") Link: https://patch.msgid.link/20240903175141.4132898-1-sean.anderson@linux.dev Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> [ Adjusted to apply before dmaengine support ] Signed-off-by: Sean Anderson <sean.anderson(a)linux.dev> --- This patch is adjusted to apply to v6.6 kernels and earlier, which do not contain commit 6a91b846af85 ("net: axienet: Introduce dmaengine support"). drivers/net/ethernet/xilinx/xilinx_axienet.h | 3 +++ drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 8 ++++++++ 2 files changed, 11 insertions(+) diff --git a/drivers/net/ethernet/xilinx/xilinx_axienet.h b/drivers/net/ethernet/xilinx/xilinx_axienet.h index f09f10f17d7e..2facbdfbb319 100644 --- a/drivers/net/ethernet/xilinx/xilinx_axienet.h +++ b/drivers/net/ethernet/xilinx/xilinx_axienet.h @@ -419,6 +419,8 @@ struct axidma_bd { * @tx_bytes: TX byte count for statistics * @tx_stat_sync: Synchronization object for TX stats * @dma_err_task: Work structure to process Axi DMA errors + * @stopping: Set when @dma_err_task shouldn't do anything because we are + * about to stop the device. * @tx_irq: Axidma TX IRQ number * @rx_irq: Axidma RX IRQ number * @eth_irq: Ethernet core IRQ number @@ -481,6 +483,7 @@ struct axienet_local { struct u64_stats_sync tx_stat_sync; struct work_struct dma_err_task; + bool stopping; int tx_irq; int rx_irq; diff --git a/drivers/net/ethernet/xilinx/xilinx_axienet_main.c b/drivers/net/ethernet/xilinx/xilinx_axienet_main.c index 144feb7a2fda..65d7aaad43fe 100644 --- a/drivers/net/ethernet/xilinx/xilinx_axienet_main.c +++ b/drivers/net/ethernet/xilinx/xilinx_axienet_main.c @@ -1162,6 +1162,7 @@ static int axienet_open(struct net_device *ndev) phylink_start(lp->phylink); /* Enable worker thread for Axi DMA error handling */ + lp->stopping = false; INIT_WORK(&lp->dma_err_task, axienet_dma_err_handler); napi_enable(&lp->napi_rx); @@ -1217,6 +1218,9 @@ static int axienet_stop(struct net_device *ndev) dev_dbg(&ndev->dev, "axienet_close()\n"); + WRITE_ONCE(lp->stopping, true); + flush_work(&lp->dma_err_task); + napi_disable(&lp->napi_tx); napi_disable(&lp->napi_rx); @@ -1761,6 +1765,10 @@ static void axienet_dma_err_handler(struct work_struct *work) dma_err_task); struct net_device *ndev = lp->ndev; + /* Don't bother if we are going to stop anyway */ + if (READ_ONCE(lp->stopping)) + return; + napi_disable(&lp->napi_tx); napi_disable(&lp->napi_rx); -- 2.35.1.1320.gc452695387.dirty

1 year, 3 months

2
1
0 0

FAILED: patch "[PATCH] clocksource: hyper-v: Use lapic timer in a TDX VM without" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 7f828d5fff7d24752e1ecf6bebb6617a81f97b93 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024091354-stock-suspend-e1ee@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 7f828d5fff7d ("clocksource: hyper-v: Use lapic timer in a TDX VM without paravisor") b967df629351 ("hyperv-tlfs: Rename some HV_REGISTER_* defines for consistency") 0e3f7d120086 ("hyperv-tlfs: Change prefix of generic HV_REGISTER_* MSRs to HV_MSR_*") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7f828d5fff7d24752e1ecf6bebb6617a81f97b93 Mon Sep 17 00:00:00 2001 From: Dexuan Cui <decui(a)microsoft.com> Date: Thu, 20 Jun 2024 23:16:14 -0700 Subject: [PATCH] clocksource: hyper-v: Use lapic timer in a TDX VM without paravisor In a TDX VM without paravisor, currently the default timer is the Hyper-V timer, which depends on the slow VM Reference Counter MSR: the Hyper-V TSC page is not enabled in such a VM because the VM uses Invariant TSC as a better clocksource and it's challenging to mark the Hyper-V TSC page shared in very early boot. Lower the rating of the Hyper-V timer so the local APIC timer becomes the the default timer in such a VM, and print a warning in case Invariant TSC is unavailable in such a VM. This change should cause no perceivable performance difference. Cc: stable(a)vger.kernel.org # 6.6+ Reviewed-by: Roman Kisel <romank(a)linux.microsoft.com> Signed-off-by: Dexuan Cui <decui(a)microsoft.com> Reviewed-by: Michael Kelley <mhklinux(a)outlook.com> Link: https://lore.kernel.org/r/20240621061614.8339-1-decui@microsoft.com Signed-off-by: Wei Liu <wei.liu(a)kernel.org> Message-ID: <20240621061614.8339-1-decui(a)microsoft.com> diff --git a/arch/x86/kernel/cpu/mshyperv.c b/arch/x86/kernel/cpu/mshyperv.c index e0fd57a8ba84..954b7cbfa2f0 100644 --- a/arch/x86/kernel/cpu/mshyperv.c +++ b/arch/x86/kernel/cpu/mshyperv.c @@ -449,9 +449,23 @@ static void __init ms_hyperv_init_platform(void) ms_hyperv.hints &= ~HV_X64_APIC_ACCESS_RECOMMENDED; if (!ms_hyperv.paravisor_present) { - /* To be supported: more work is required. */ + /* + * Mark the Hyper-V TSC page feature as disabled + * in a TDX VM without paravisor so that the + * Invariant TSC, which is a better clocksource + * anyway, is used instead. + */ ms_hyperv.features &= ~HV_MSR_REFERENCE_TSC_AVAILABLE; + /* + * The Invariant TSC is expected to be available + * in a TDX VM without paravisor, but if not, + * print a warning message. The slower Hyper-V MSR-based + * Ref Counter should end up being the clocksource. + */ + if (!(ms_hyperv.features & HV_ACCESS_TSC_INVARIANT)) + pr_warn("Hyper-V: Invariant TSC is unavailable\n"); + /* HV_MSR_CRASH_CTL is unsupported. */ ms_hyperv.misc_features &= ~HV_FEATURE_GUEST_CRASH_MSR_AVAILABLE; diff --git a/drivers/clocksource/hyperv_timer.c b/drivers/clocksource/hyperv_timer.c index b2a080647e41..99177835cade 100644 --- a/drivers/clocksource/hyperv_timer.c +++ b/drivers/clocksource/hyperv_timer.c @@ -137,7 +137,21 @@ static int hv_stimer_init(unsigned int cpu) ce->name = "Hyper-V clockevent"; ce->features = CLOCK_EVT_FEAT_ONESHOT; ce->cpumask = cpumask_of(cpu); - ce->rating = 1000; + + /* + * Lower the rating of the Hyper-V timer in a TDX VM without paravisor, + * so the local APIC timer (lapic_clockevent) is the default timer in + * such a VM. The Hyper-V timer is not preferred in such a VM because + * it depends on the slow VM Reference Counter MSR (the Hyper-V TSC + * page is not enbled in such a VM because the VM uses Invariant TSC + * as a better clocksource and it's challenging to mark the Hyper-V + * TSC page shared in very early boot). + */ + if (!ms_hyperv.paravisor_present && hv_isolation_type_tdx()) + ce->rating = 90; + else + ce->rating = 1000; + ce->set_state_shutdown = hv_ce_shutdown; ce->set_state_oneshot = hv_ce_set_oneshot; ce->set_next_event = hv_ce_set_next_event;

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] virtio_net: disable premapped mode by default" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x 111fc9f517cb293c4213673733b980123c3b0209 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024091336-family-daffodil-541d@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: 111fc9f517cb ("virtio_net: disable premapped mode by default") dc4547fbba87 ("Revert "virtio_net: rx remove premapped failover code"") e9f3962441c0 ("virtio_net: xsk: rx: support fill with xsk buffer") 19a5a7710ee1 ("virtio_net: xsk: support wakeup") 09d2b3182c8e ("virtio_net: xsk: bind/unbind xsk for rx") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 111fc9f517cb293c4213673733b980123c3b0209 Mon Sep 17 00:00:00 2001 From: Xuan Zhuo <xuanzhuo(a)linux.alibaba.com> Date: Fri, 6 Sep 2024 20:31:37 +0800 Subject: [PATCH] virtio_net: disable premapped mode by default Now, the premapped mode encounters some problem. http://lore.kernel.org/all/8b20cc28-45a9-4643-8e87-ba164a540c0a@oracle.com So we disable the premapped mode by default. We can re-enable it in the future. Fixes: f9dac92ba908 ("virtio_ring: enable premapped mode whatever use_dma_api") Reported-by: "Si-Wei Liu" <si-wei.liu(a)oracle.com> Closes: http://lore.kernel.org/all/8b20cc28-45a9-4643-8e87-ba164a540c0a@oracle.com Signed-off-by: Xuan Zhuo <xuanzhuo(a)linux.alibaba.com> Acked-by: Michael S. Tsirkin <mst(a)redhat.com> Tested-by: Takero Funaki <flintglass(a)gmail.com> Link: https://patch.msgid.link/20240906123137.108741-4-xuanzhuo@linux.alibaba.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c index 1cf80648f82a..5a1c1ec5a64b 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -977,22 +977,6 @@ static void *virtnet_rq_alloc(struct receive_queue *rq, u32 size, gfp_t gfp) return buf; } -static void virtnet_rq_set_premapped(struct virtnet_info *vi) -{ - int i; - - /* disable for big mode */ - if (!vi->mergeable_rx_bufs && vi->big_packets) - return; - - for (i = 0; i < vi->max_queue_pairs; i++) { - if (virtqueue_set_dma_premapped(vi->rq[i].vq)) - continue; - - vi->rq[i].do_dma = true; - } -} - static void virtnet_rq_unmap_free_buf(struct virtqueue *vq, void *buf) { struct virtnet_info *vi = vq->vdev->priv; @@ -6105,8 +6089,6 @@ static int init_vqs(struct virtnet_info *vi) if (ret) goto err_free; - virtnet_rq_set_premapped(vi); - cpus_read_lock(); virtnet_set_affinity(vi); cpus_read_unlock();

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] Revert "virtio_net: big mode skip the unmap check"" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x 38eef112a8e547b8c207b2a521ad4b077d792100 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024091308-deceit-dingy-d575@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: 38eef112a8e5 ("Revert "virtio_net: big mode skip the unmap check"") 99c861b44eb1 ("virtio_net: xsk: rx: support recv merge mode") a4e7ba702701 ("virtio_net: xsk: rx: support recv small mode") e9f3962441c0 ("virtio_net: xsk: rx: support fill with xsk buffer") 19a5a7710ee1 ("virtio_net: xsk: support wakeup") 09d2b3182c8e ("virtio_net: xsk: bind/unbind xsk for rx") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 38eef112a8e547b8c207b2a521ad4b077d792100 Mon Sep 17 00:00:00 2001 From: Xuan Zhuo <xuanzhuo(a)linux.alibaba.com> Date: Fri, 6 Sep 2024 20:31:36 +0800 Subject: [PATCH] Revert "virtio_net: big mode skip the unmap check" This reverts commit a377ae542d8d0a20a3173da3bbba72e045bea7a9. Signed-off-by: Xuan Zhuo <xuanzhuo(a)linux.alibaba.com> Acked-by: Michael S. Tsirkin <mst(a)redhat.com> Tested-by: Takero Funaki <flintglass(a)gmail.com> Link: https://patch.msgid.link/20240906123137.108741-3-xuanzhuo@linux.alibaba.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c index 6fa8aab18484..1cf80648f82a 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -1006,7 +1006,7 @@ static void virtnet_rq_unmap_free_buf(struct virtqueue *vq, void *buf) return; } - if (!vi->big_packets || vi->mergeable_rx_bufs) + if (rq->do_dma) virtnet_rq_unmap(rq, buf, 0); virtnet_rq_free_buf(vi, rq, buf); @@ -2716,7 +2716,7 @@ static int virtnet_receive_packets(struct virtnet_info *vi, } } else { while (packets < budget && - (buf = virtqueue_get_buf(rq->vq, &len)) != NULL) { + (buf = virtnet_rq_get_buf(rq, &len, NULL)) != NULL) { receive_buf(vi, rq, buf, len, NULL, xdp_xmit, stats); packets++; }

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] Revert "virtio_net: rx remove premapped failover code"" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x dc4547fbba874718af76e5c28c815fcef5c13c6c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024091301-suitcase-hazard-0817@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: dc4547fbba87 ("Revert "virtio_net: rx remove premapped failover code"") e9f3962441c0 ("virtio_net: xsk: rx: support fill with xsk buffer") 19a5a7710ee1 ("virtio_net: xsk: support wakeup") 09d2b3182c8e ("virtio_net: xsk: bind/unbind xsk for rx") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From dc4547fbba874718af76e5c28c815fcef5c13c6c Mon Sep 17 00:00:00 2001 From: Xuan Zhuo <xuanzhuo(a)linux.alibaba.com> Date: Fri, 6 Sep 2024 20:31:35 +0800 Subject: [PATCH] Revert "virtio_net: rx remove premapped failover code" This reverts commit defd28aa5acb0fd7c15adc6bc40a8ac277d04dea. Recover the code to disable premapped mode. Signed-off-by: Xuan Zhuo <xuanzhuo(a)linux.alibaba.com> Acked-by: Michael S. Tsirkin <mst(a)redhat.com> Tested-by: Takero Funaki <flintglass(a)gmail.com> Link: https://patch.msgid.link/20240906123137.108741-2-xuanzhuo@linux.alibaba.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c index c6af18948092..6fa8aab18484 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -356,6 +356,9 @@ struct receive_queue { struct xdp_rxq_info xsk_rxq_info; struct xdp_buff **xsk_buffs; + + /* Do dma by self */ + bool do_dma; }; /* This structure can contain rss message with maximum settings for indirection table and keysize @@ -885,7 +888,7 @@ static void *virtnet_rq_get_buf(struct receive_queue *rq, u32 *len, void **ctx) void *buf; buf = virtqueue_get_buf_ctx(rq->vq, len, ctx); - if (buf) + if (buf && rq->do_dma) virtnet_rq_unmap(rq, buf, *len); return buf; @@ -898,6 +901,11 @@ static void virtnet_rq_init_one_sg(struct receive_queue *rq, void *buf, u32 len) u32 offset; void *head; + if (!rq->do_dma) { + sg_init_one(rq->sg, buf, len); + return; + } + head = page_address(rq->alloc_frag.page); offset = buf - head; @@ -923,42 +931,44 @@ static void *virtnet_rq_alloc(struct receive_queue *rq, u32 size, gfp_t gfp) head = page_address(alloc_frag->page); - dma = head; + if (rq->do_dma) { + dma = head; - /* new pages */ - if (!alloc_frag->offset) { - if (rq->last_dma) { - /* Now, the new page is allocated, the last dma - * will not be used. So the dma can be unmapped - * if the ref is 0. + /* new pages */ + if (!alloc_frag->offset) { + if (rq->last_dma) { + /* Now, the new page is allocated, the last dma + * will not be used. So the dma can be unmapped + * if the ref is 0. + */ + virtnet_rq_unmap(rq, rq->last_dma, 0); + rq->last_dma = NULL; + } + + dma->len = alloc_frag->size - sizeof(*dma); + + addr = virtqueue_dma_map_single_attrs(rq->vq, dma + 1, + dma->len, DMA_FROM_DEVICE, 0); + if (virtqueue_dma_mapping_error(rq->vq, addr)) + return NULL; + + dma->addr = addr; + dma->need_sync = virtqueue_dma_need_sync(rq->vq, addr); + + /* Add a reference to dma to prevent the entire dma from + * being released during error handling. This reference + * will be freed after the pages are no longer used. */ - virtnet_rq_unmap(rq, rq->last_dma, 0); - rq->last_dma = NULL; + get_page(alloc_frag->page); + dma->ref = 1; + alloc_frag->offset = sizeof(*dma); + + rq->last_dma = dma; } - dma->len = alloc_frag->size - sizeof(*dma); - - addr = virtqueue_dma_map_single_attrs(rq->vq, dma + 1, - dma->len, DMA_FROM_DEVICE, 0); - if (virtqueue_dma_mapping_error(rq->vq, addr)) - return NULL; - - dma->addr = addr; - dma->need_sync = virtqueue_dma_need_sync(rq->vq, addr); - - /* Add a reference to dma to prevent the entire dma from - * being released during error handling. This reference - * will be freed after the pages are no longer used. - */ - get_page(alloc_frag->page); - dma->ref = 1; - alloc_frag->offset = sizeof(*dma); - - rq->last_dma = dma; + ++dma->ref; } - ++dma->ref; - buf = head + alloc_frag->offset; get_page(alloc_frag->page); @@ -975,9 +985,12 @@ static void virtnet_rq_set_premapped(struct virtnet_info *vi) if (!vi->mergeable_rx_bufs && vi->big_packets) return; - for (i = 0; i < vi->max_queue_pairs; i++) - /* error should never happen */ - BUG_ON(virtqueue_set_dma_premapped(vi->rq[i].vq)); + for (i = 0; i < vi->max_queue_pairs; i++) { + if (virtqueue_set_dma_premapped(vi->rq[i].vq)) + continue; + + vi->rq[i].do_dma = true; + } } static void virtnet_rq_unmap_free_buf(struct virtqueue *vq, void *buf) @@ -2430,7 +2443,8 @@ static int add_recvbuf_small(struct virtnet_info *vi, struct receive_queue *rq, err = virtqueue_add_inbuf_ctx(rq->vq, rq->sg, 1, buf, ctx, gfp); if (err < 0) { - virtnet_rq_unmap(rq, buf, 0); + if (rq->do_dma) + virtnet_rq_unmap(rq, buf, 0); put_page(virt_to_head_page(buf)); } @@ -2544,7 +2558,8 @@ static int add_recvbuf_mergeable(struct virtnet_info *vi, ctx = mergeable_len_to_ctx(len + room, headroom); err = virtqueue_add_inbuf_ctx(rq->vq, rq->sg, 1, buf, ctx, gfp); if (err < 0) { - virtnet_rq_unmap(rq, buf, 0); + if (rq->do_dma) + virtnet_rq_unmap(rq, buf, 0); put_page(virt_to_head_page(buf)); } @@ -5892,7 +5907,7 @@ static void free_receive_page_frags(struct virtnet_info *vi) int i; for (i = 0; i < vi->max_queue_pairs; i++) if (vi->rq[i].alloc_frag.page) { - if (vi->rq[i].last_dma) + if (vi->rq[i].do_dma && vi->rq[i].last_dma) virtnet_rq_unmap(&vi->rq[i], vi->rq[i].last_dma, 0); put_page(vi->rq[i].alloc_frag.page); }

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] platform/x86: panasonic-laptop: Allocate 1 entry extra in the" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 33297cef3101d950cec0033a0dce0a2d2bd59999 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024091305-rephrase-pastime-be42@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 33297cef3101 ("platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array") f1aaf914654a ("platform/x86: panasonic-laptop: Replace ACPI prints with pr_*() macros") d5a81d8e864b ("platform/x86: panasonic-laptop: Add support for optical driver power in Y and W series") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 33297cef3101d950cec0033a0dce0a2d2bd59999 Mon Sep 17 00:00:00 2001 From: Hans de Goede <hdegoede(a)redhat.com> Date: Mon, 9 Sep 2024 13:32:26 +0200 Subject: [PATCH] platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Some DSDT-s have an off-by-one bug where the SINF package count is one higher than the SQTY reported value, allocate 1 entry extra. Also make the SQTY <-> SINF package count mismatch error more verbose to help debugging similar issues in the future. This fixes the panasonic-laptop driver failing to probe() on some devices with the following errors: [ 3.958887] SQTY reports bad SINF length SQTY: 37 SINF-pkg-count: 38 [ 3.958892] Couldn't retrieve BIOS data [ 3.983685] Panasonic Laptop Support - With Macros: probe of MAT0019:00 failed with error -5 Fixes: 709ee531c153 ("panasonic-laptop: add Panasonic Let's Note laptop extras driver v0.94") Cc: stable(a)vger.kernel.org Tested-by: James Harmison <jharmison(a)redhat.com> Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Link: https://lore.kernel.org/r/20240909113227.254470-2-hdegoede@redhat.com Reviewed-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> diff --git a/drivers/platform/x86/panasonic-laptop.c b/drivers/platform/x86/panasonic-laptop.c index 39044119d2a6..ebd81846e2d5 100644 --- a/drivers/platform/x86/panasonic-laptop.c +++ b/drivers/platform/x86/panasonic-laptop.c @@ -337,7 +337,8 @@ static int acpi_pcc_retrieve_biosdata(struct pcc_acpi *pcc) } if (pcc->num_sifr < hkey->package.count) { - pr_err("SQTY reports bad SINF length\n"); + pr_err("SQTY reports bad SINF length SQTY: %lu SINF-pkg-count: %u\n", + pcc->num_sifr, hkey->package.count); status = AE_ERROR; goto end; } @@ -994,6 +995,12 @@ static int acpi_pcc_hotkey_add(struct acpi_device *device) return -ENODEV; } + /* + * Some DSDT-s have an off-by-one bug where the SINF package count is + * one higher than the SQTY reported value, allocate 1 entry extra. + */ + num_sifr++; + pcc = kzalloc(sizeof(struct pcc_acpi), GFP_KERNEL); if (!pcc) { pr_err("Couldn't allocate mem for pcc");

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] platform/x86: panasonic-laptop: Allocate 1 entry extra in the" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 33297cef3101d950cec0033a0dce0a2d2bd59999 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024091304-unwary-translate-85c3@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 33297cef3101 ("platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array") f1aaf914654a ("platform/x86: panasonic-laptop: Replace ACPI prints with pr_*() macros") d5a81d8e864b ("platform/x86: panasonic-laptop: Add support for optical driver power in Y and W series") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 33297cef3101d950cec0033a0dce0a2d2bd59999 Mon Sep 17 00:00:00 2001 From: Hans de Goede <hdegoede(a)redhat.com> Date: Mon, 9 Sep 2024 13:32:26 +0200 Subject: [PATCH] platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Some DSDT-s have an off-by-one bug where the SINF package count is one higher than the SQTY reported value, allocate 1 entry extra. Also make the SQTY <-> SINF package count mismatch error more verbose to help debugging similar issues in the future. This fixes the panasonic-laptop driver failing to probe() on some devices with the following errors: [ 3.958887] SQTY reports bad SINF length SQTY: 37 SINF-pkg-count: 38 [ 3.958892] Couldn't retrieve BIOS data [ 3.983685] Panasonic Laptop Support - With Macros: probe of MAT0019:00 failed with error -5 Fixes: 709ee531c153 ("panasonic-laptop: add Panasonic Let's Note laptop extras driver v0.94") Cc: stable(a)vger.kernel.org Tested-by: James Harmison <jharmison(a)redhat.com> Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Link: https://lore.kernel.org/r/20240909113227.254470-2-hdegoede@redhat.com Reviewed-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> diff --git a/drivers/platform/x86/panasonic-laptop.c b/drivers/platform/x86/panasonic-laptop.c index 39044119d2a6..ebd81846e2d5 100644 --- a/drivers/platform/x86/panasonic-laptop.c +++ b/drivers/platform/x86/panasonic-laptop.c @@ -337,7 +337,8 @@ static int acpi_pcc_retrieve_biosdata(struct pcc_acpi *pcc) } if (pcc->num_sifr < hkey->package.count) { - pr_err("SQTY reports bad SINF length\n"); + pr_err("SQTY reports bad SINF length SQTY: %lu SINF-pkg-count: %u\n", + pcc->num_sifr, hkey->package.count); status = AE_ERROR; goto end; } @@ -994,6 +995,12 @@ static int acpi_pcc_hotkey_add(struct acpi_device *device) return -ENODEV; } + /* + * Some DSDT-s have an off-by-one bug where the SINF package count is + * one higher than the SQTY reported value, allocate 1 entry extra. + */ + num_sifr++; + pcc = kzalloc(sizeof(struct pcc_acpi), GFP_KERNEL); if (!pcc) { pr_err("Couldn't allocate mem for pcc");

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] platform/x86: panasonic-laptop: Allocate 1 entry extra in the" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 33297cef3101d950cec0033a0dce0a2d2bd59999 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024091303-dash-sensitive-4aee@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 33297cef3101 ("platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array") f1aaf914654a ("platform/x86: panasonic-laptop: Replace ACPI prints with pr_*() macros") d5a81d8e864b ("platform/x86: panasonic-laptop: Add support for optical driver power in Y and W series") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 33297cef3101d950cec0033a0dce0a2d2bd59999 Mon Sep 17 00:00:00 2001 From: Hans de Goede <hdegoede(a)redhat.com> Date: Mon, 9 Sep 2024 13:32:26 +0200 Subject: [PATCH] platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Some DSDT-s have an off-by-one bug where the SINF package count is one higher than the SQTY reported value, allocate 1 entry extra. Also make the SQTY <-> SINF package count mismatch error more verbose to help debugging similar issues in the future. This fixes the panasonic-laptop driver failing to probe() on some devices with the following errors: [ 3.958887] SQTY reports bad SINF length SQTY: 37 SINF-pkg-count: 38 [ 3.958892] Couldn't retrieve BIOS data [ 3.983685] Panasonic Laptop Support - With Macros: probe of MAT0019:00 failed with error -5 Fixes: 709ee531c153 ("panasonic-laptop: add Panasonic Let's Note laptop extras driver v0.94") Cc: stable(a)vger.kernel.org Tested-by: James Harmison <jharmison(a)redhat.com> Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Link: https://lore.kernel.org/r/20240909113227.254470-2-hdegoede@redhat.com Reviewed-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> diff --git a/drivers/platform/x86/panasonic-laptop.c b/drivers/platform/x86/panasonic-laptop.c index 39044119d2a6..ebd81846e2d5 100644 --- a/drivers/platform/x86/panasonic-laptop.c +++ b/drivers/platform/x86/panasonic-laptop.c @@ -337,7 +337,8 @@ static int acpi_pcc_retrieve_biosdata(struct pcc_acpi *pcc) } if (pcc->num_sifr < hkey->package.count) { - pr_err("SQTY reports bad SINF length\n"); + pr_err("SQTY reports bad SINF length SQTY: %lu SINF-pkg-count: %u\n", + pcc->num_sifr, hkey->package.count); status = AE_ERROR; goto end; } @@ -994,6 +995,12 @@ static int acpi_pcc_hotkey_add(struct acpi_device *device) return -ENODEV; } + /* + * Some DSDT-s have an off-by-one bug where the SINF package count is + * one higher than the SQTY reported value, allocate 1 entry extra. + */ + num_sifr++; + pcc = kzalloc(sizeof(struct pcc_acpi), GFP_KERNEL); if (!pcc) { pr_err("Couldn't allocate mem for pcc");

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] platform/x86: panasonic-laptop: Fix SINF array out of bounds" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x f52e98d16e9bd7dd2b3aef8e38db5cbc9899d6a4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024091346-football-rely-87b8@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: f52e98d16e9b ("platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses") f1fba0860962 ("platform/x86: panasonic-laptop: remove redundant assignment of variable result") 25dd390c6206 ("platform/x86: panasonic-laptop: Add sysfs attributes for firmware brightness registers") 468f96bfa3a0 ("platform/x86: panasonic-laptop: Add support for battery charging threshold (eco mode)") ed83c9171829 ("platform/x86: panasonic-laptop: Resolve hotkey double trigger bug") e3a9afbbc309 ("platform/x86: panasonic-laptop: Add write support to mute") 008563513348 ("platform/x86: panasonic-laptop: Fix sticky key init bug") 80373ad0edb5 ("platform/x86: panasonic-laptop: Fix naming of platform files for consistency with other modules") 0119fbc0215a ("platform/x86: panasonic-laptop: Split MODULE_AUTHOR() by one author per macro call") f1aaf914654a ("platform/x86: panasonic-laptop: Replace ACPI prints with pr_*() macros") d5a81d8e864b ("platform/x86: panasonic-laptop: Add support for optical driver power in Y and W series") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f52e98d16e9bd7dd2b3aef8e38db5cbc9899d6a4 Mon Sep 17 00:00:00 2001 From: Hans de Goede <hdegoede(a)redhat.com> Date: Mon, 9 Sep 2024 13:32:25 +0200 Subject: [PATCH] platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The panasonic laptop code in various places uses the SINF array with index values of 0 - SINF_CUR_BRIGHT(0x0d) without checking that the SINF array is big enough. Not all panasonic laptops have this many SINF array entries, for example the Toughbook CF-18 model only has 10 SINF array entries. So it only supports the AC+DC brightness entries and mute. Check that the SINF array has a minimum size which covers all AC+DC brightness entries and refuse to load if the SINF array is smaller. For higher SINF indexes hide the sysfs attributes when the SINF array does not contain an entry for that attribute, avoiding show()/store() accessing the array out of bounds and add bounds checking to the probe() and resume() code accessing these. Fixes: e424fb8cc4e6 ("panasonic-laptop: avoid overflow in acpi_pcc_hotkey_add()") Cc: stable(a)vger.kernel.org Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Link: https://lore.kernel.org/r/20240909113227.254470-1-hdegoede@redhat.com Reviewed-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> diff --git a/drivers/platform/x86/panasonic-laptop.c b/drivers/platform/x86/panasonic-laptop.c index cf845ee1c7b1..39044119d2a6 100644 --- a/drivers/platform/x86/panasonic-laptop.c +++ b/drivers/platform/x86/panasonic-laptop.c @@ -773,6 +773,24 @@ static DEVICE_ATTR_RW(dc_brightness); static DEVICE_ATTR_RW(current_brightness); static DEVICE_ATTR_RW(cdpower); +static umode_t pcc_sysfs_is_visible(struct kobject *kobj, struct attribute *attr, int idx) +{ + struct device *dev = kobj_to_dev(kobj); + struct acpi_device *acpi = to_acpi_device(dev); + struct pcc_acpi *pcc = acpi_driver_data(acpi); + + if (attr == &dev_attr_mute.attr) + return (pcc->num_sifr > SINF_MUTE) ? attr->mode : 0; + + if (attr == &dev_attr_eco_mode.attr) + return (pcc->num_sifr > SINF_ECO_MODE) ? attr->mode : 0; + + if (attr == &dev_attr_current_brightness.attr) + return (pcc->num_sifr > SINF_CUR_BRIGHT) ? attr->mode : 0; + + return attr->mode; +} + static struct attribute *pcc_sysfs_entries[] = { &dev_attr_numbatt.attr, &dev_attr_lcdtype.attr, @@ -787,8 +805,9 @@ static struct attribute *pcc_sysfs_entries[] = { }; static const struct attribute_group pcc_attr_group = { - .name = NULL, /* put in device directory */ - .attrs = pcc_sysfs_entries, + .name = NULL, /* put in device directory */ + .attrs = pcc_sysfs_entries, + .is_visible = pcc_sysfs_is_visible, }; @@ -941,12 +960,15 @@ static int acpi_pcc_hotkey_resume(struct device *dev) if (!pcc) return -EINVAL; - acpi_pcc_write_sset(pcc, SINF_MUTE, pcc->mute); - acpi_pcc_write_sset(pcc, SINF_ECO_MODE, pcc->eco_mode); + if (pcc->num_sifr > SINF_MUTE) + acpi_pcc_write_sset(pcc, SINF_MUTE, pcc->mute); + if (pcc->num_sifr > SINF_ECO_MODE) + acpi_pcc_write_sset(pcc, SINF_ECO_MODE, pcc->eco_mode); acpi_pcc_write_sset(pcc, SINF_STICKY_KEY, pcc->sticky_key); acpi_pcc_write_sset(pcc, SINF_AC_CUR_BRIGHT, pcc->ac_brightness); acpi_pcc_write_sset(pcc, SINF_DC_CUR_BRIGHT, pcc->dc_brightness); - acpi_pcc_write_sset(pcc, SINF_CUR_BRIGHT, pcc->current_brightness); + if (pcc->num_sifr > SINF_CUR_BRIGHT) + acpi_pcc_write_sset(pcc, SINF_CUR_BRIGHT, pcc->current_brightness); return 0; } @@ -963,8 +985,12 @@ static int acpi_pcc_hotkey_add(struct acpi_device *device) num_sifr = acpi_pcc_get_sqty(device); - if (num_sifr < 0 || num_sifr > 255) { - pr_err("num_sifr out of range"); + /* + * pcc->sinf is expected to at least have the AC+DC brightness entries. + * Accesses to higher SINF entries are checked against num_sifr. + */ + if (num_sifr <= SINF_DC_CUR_BRIGHT || num_sifr > 255) { + pr_err("num_sifr %d out of range %d - 255\n", num_sifr, SINF_DC_CUR_BRIGHT + 1); return -ENODEV; } @@ -1020,11 +1046,14 @@ static int acpi_pcc_hotkey_add(struct acpi_device *device) acpi_pcc_write_sset(pcc, SINF_STICKY_KEY, 0); pcc->sticky_key = 0; - pcc->eco_mode = pcc->sinf[SINF_ECO_MODE]; - pcc->mute = pcc->sinf[SINF_MUTE]; pcc->ac_brightness = pcc->sinf[SINF_AC_CUR_BRIGHT]; pcc->dc_brightness = pcc->sinf[SINF_DC_CUR_BRIGHT]; - pcc->current_brightness = pcc->sinf[SINF_CUR_BRIGHT]; + if (pcc->num_sifr > SINF_MUTE) + pcc->mute = pcc->sinf[SINF_MUTE]; + if (pcc->num_sifr > SINF_ECO_MODE) + pcc->eco_mode = pcc->sinf[SINF_ECO_MODE]; + if (pcc->num_sifr > SINF_CUR_BRIGHT) + pcc->current_brightness = pcc->sinf[SINF_CUR_BRIGHT]; /* add sysfs attributes */ result = sysfs_create_group(&device->dev.kobj, &pcc_attr_group);

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] platform/x86: panasonic-laptop: Fix SINF array out of bounds" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x f52e98d16e9bd7dd2b3aef8e38db5cbc9899d6a4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024091345-sweep-flashback-a85d@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: f52e98d16e9b ("platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses") f1fba0860962 ("platform/x86: panasonic-laptop: remove redundant assignment of variable result") 25dd390c6206 ("platform/x86: panasonic-laptop: Add sysfs attributes for firmware brightness registers") 468f96bfa3a0 ("platform/x86: panasonic-laptop: Add support for battery charging threshold (eco mode)") ed83c9171829 ("platform/x86: panasonic-laptop: Resolve hotkey double trigger bug") e3a9afbbc309 ("platform/x86: panasonic-laptop: Add write support to mute") 008563513348 ("platform/x86: panasonic-laptop: Fix sticky key init bug") 80373ad0edb5 ("platform/x86: panasonic-laptop: Fix naming of platform files for consistency with other modules") 0119fbc0215a ("platform/x86: panasonic-laptop: Split MODULE_AUTHOR() by one author per macro call") f1aaf914654a ("platform/x86: panasonic-laptop: Replace ACPI prints with pr_*() macros") d5a81d8e864b ("platform/x86: panasonic-laptop: Add support for optical driver power in Y and W series") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f52e98d16e9bd7dd2b3aef8e38db5cbc9899d6a4 Mon Sep 17 00:00:00 2001 From: Hans de Goede <hdegoede(a)redhat.com> Date: Mon, 9 Sep 2024 13:32:25 +0200 Subject: [PATCH] platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The panasonic laptop code in various places uses the SINF array with index values of 0 - SINF_CUR_BRIGHT(0x0d) without checking that the SINF array is big enough. Not all panasonic laptops have this many SINF array entries, for example the Toughbook CF-18 model only has 10 SINF array entries. So it only supports the AC+DC brightness entries and mute. Check that the SINF array has a minimum size which covers all AC+DC brightness entries and refuse to load if the SINF array is smaller. For higher SINF indexes hide the sysfs attributes when the SINF array does not contain an entry for that attribute, avoiding show()/store() accessing the array out of bounds and add bounds checking to the probe() and resume() code accessing these. Fixes: e424fb8cc4e6 ("panasonic-laptop: avoid overflow in acpi_pcc_hotkey_add()") Cc: stable(a)vger.kernel.org Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Link: https://lore.kernel.org/r/20240909113227.254470-1-hdegoede@redhat.com Reviewed-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> diff --git a/drivers/platform/x86/panasonic-laptop.c b/drivers/platform/x86/panasonic-laptop.c index cf845ee1c7b1..39044119d2a6 100644 --- a/drivers/platform/x86/panasonic-laptop.c +++ b/drivers/platform/x86/panasonic-laptop.c @@ -773,6 +773,24 @@ static DEVICE_ATTR_RW(dc_brightness); static DEVICE_ATTR_RW(current_brightness); static DEVICE_ATTR_RW(cdpower); +static umode_t pcc_sysfs_is_visible(struct kobject *kobj, struct attribute *attr, int idx) +{ + struct device *dev = kobj_to_dev(kobj); + struct acpi_device *acpi = to_acpi_device(dev); + struct pcc_acpi *pcc = acpi_driver_data(acpi); + + if (attr == &dev_attr_mute.attr) + return (pcc->num_sifr > SINF_MUTE) ? attr->mode : 0; + + if (attr == &dev_attr_eco_mode.attr) + return (pcc->num_sifr > SINF_ECO_MODE) ? attr->mode : 0; + + if (attr == &dev_attr_current_brightness.attr) + return (pcc->num_sifr > SINF_CUR_BRIGHT) ? attr->mode : 0; + + return attr->mode; +} + static struct attribute *pcc_sysfs_entries[] = { &dev_attr_numbatt.attr, &dev_attr_lcdtype.attr, @@ -787,8 +805,9 @@ static struct attribute *pcc_sysfs_entries[] = { }; static const struct attribute_group pcc_attr_group = { - .name = NULL, /* put in device directory */ - .attrs = pcc_sysfs_entries, + .name = NULL, /* put in device directory */ + .attrs = pcc_sysfs_entries, + .is_visible = pcc_sysfs_is_visible, }; @@ -941,12 +960,15 @@ static int acpi_pcc_hotkey_resume(struct device *dev) if (!pcc) return -EINVAL; - acpi_pcc_write_sset(pcc, SINF_MUTE, pcc->mute); - acpi_pcc_write_sset(pcc, SINF_ECO_MODE, pcc->eco_mode); + if (pcc->num_sifr > SINF_MUTE) + acpi_pcc_write_sset(pcc, SINF_MUTE, pcc->mute); + if (pcc->num_sifr > SINF_ECO_MODE) + acpi_pcc_write_sset(pcc, SINF_ECO_MODE, pcc->eco_mode); acpi_pcc_write_sset(pcc, SINF_STICKY_KEY, pcc->sticky_key); acpi_pcc_write_sset(pcc, SINF_AC_CUR_BRIGHT, pcc->ac_brightness); acpi_pcc_write_sset(pcc, SINF_DC_CUR_BRIGHT, pcc->dc_brightness); - acpi_pcc_write_sset(pcc, SINF_CUR_BRIGHT, pcc->current_brightness); + if (pcc->num_sifr > SINF_CUR_BRIGHT) + acpi_pcc_write_sset(pcc, SINF_CUR_BRIGHT, pcc->current_brightness); return 0; } @@ -963,8 +985,12 @@ static int acpi_pcc_hotkey_add(struct acpi_device *device) num_sifr = acpi_pcc_get_sqty(device); - if (num_sifr < 0 || num_sifr > 255) { - pr_err("num_sifr out of range"); + /* + * pcc->sinf is expected to at least have the AC+DC brightness entries. + * Accesses to higher SINF entries are checked against num_sifr. + */ + if (num_sifr <= SINF_DC_CUR_BRIGHT || num_sifr > 255) { + pr_err("num_sifr %d out of range %d - 255\n", num_sifr, SINF_DC_CUR_BRIGHT + 1); return -ENODEV; } @@ -1020,11 +1046,14 @@ static int acpi_pcc_hotkey_add(struct acpi_device *device) acpi_pcc_write_sset(pcc, SINF_STICKY_KEY, 0); pcc->sticky_key = 0; - pcc->eco_mode = pcc->sinf[SINF_ECO_MODE]; - pcc->mute = pcc->sinf[SINF_MUTE]; pcc->ac_brightness = pcc->sinf[SINF_AC_CUR_BRIGHT]; pcc->dc_brightness = pcc->sinf[SINF_DC_CUR_BRIGHT]; - pcc->current_brightness = pcc->sinf[SINF_CUR_BRIGHT]; + if (pcc->num_sifr > SINF_MUTE) + pcc->mute = pcc->sinf[SINF_MUTE]; + if (pcc->num_sifr > SINF_ECO_MODE) + pcc->eco_mode = pcc->sinf[SINF_ECO_MODE]; + if (pcc->num_sifr > SINF_CUR_BRIGHT) + pcc->current_brightness = pcc->sinf[SINF_CUR_BRIGHT]; /* add sysfs attributes */ result = sysfs_create_group(&device->dev.kobj, &pcc_attr_group);

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] platform/x86: panasonic-laptop: Fix SINF array out of bounds" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x f52e98d16e9bd7dd2b3aef8e38db5cbc9899d6a4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024091343-editor-sulfite-f306@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: f52e98d16e9b ("platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses") f1fba0860962 ("platform/x86: panasonic-laptop: remove redundant assignment of variable result") 25dd390c6206 ("platform/x86: panasonic-laptop: Add sysfs attributes for firmware brightness registers") 468f96bfa3a0 ("platform/x86: panasonic-laptop: Add support for battery charging threshold (eco mode)") ed83c9171829 ("platform/x86: panasonic-laptop: Resolve hotkey double trigger bug") e3a9afbbc309 ("platform/x86: panasonic-laptop: Add write support to mute") 008563513348 ("platform/x86: panasonic-laptop: Fix sticky key init bug") 80373ad0edb5 ("platform/x86: panasonic-laptop: Fix naming of platform files for consistency with other modules") 0119fbc0215a ("platform/x86: panasonic-laptop: Split MODULE_AUTHOR() by one author per macro call") f1aaf914654a ("platform/x86: panasonic-laptop: Replace ACPI prints with pr_*() macros") d5a81d8e864b ("platform/x86: panasonic-laptop: Add support for optical driver power in Y and W series") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f52e98d16e9bd7dd2b3aef8e38db5cbc9899d6a4 Mon Sep 17 00:00:00 2001 From: Hans de Goede <hdegoede(a)redhat.com> Date: Mon, 9 Sep 2024 13:32:25 +0200 Subject: [PATCH] platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The panasonic laptop code in various places uses the SINF array with index values of 0 - SINF_CUR_BRIGHT(0x0d) without checking that the SINF array is big enough. Not all panasonic laptops have this many SINF array entries, for example the Toughbook CF-18 model only has 10 SINF array entries. So it only supports the AC+DC brightness entries and mute. Check that the SINF array has a minimum size which covers all AC+DC brightness entries and refuse to load if the SINF array is smaller. For higher SINF indexes hide the sysfs attributes when the SINF array does not contain an entry for that attribute, avoiding show()/store() accessing the array out of bounds and add bounds checking to the probe() and resume() code accessing these. Fixes: e424fb8cc4e6 ("panasonic-laptop: avoid overflow in acpi_pcc_hotkey_add()") Cc: stable(a)vger.kernel.org Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Link: https://lore.kernel.org/r/20240909113227.254470-1-hdegoede@redhat.com Reviewed-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> diff --git a/drivers/platform/x86/panasonic-laptop.c b/drivers/platform/x86/panasonic-laptop.c index cf845ee1c7b1..39044119d2a6 100644 --- a/drivers/platform/x86/panasonic-laptop.c +++ b/drivers/platform/x86/panasonic-laptop.c @@ -773,6 +773,24 @@ static DEVICE_ATTR_RW(dc_brightness); static DEVICE_ATTR_RW(current_brightness); static DEVICE_ATTR_RW(cdpower); +static umode_t pcc_sysfs_is_visible(struct kobject *kobj, struct attribute *attr, int idx) +{ + struct device *dev = kobj_to_dev(kobj); + struct acpi_device *acpi = to_acpi_device(dev); + struct pcc_acpi *pcc = acpi_driver_data(acpi); + + if (attr == &dev_attr_mute.attr) + return (pcc->num_sifr > SINF_MUTE) ? attr->mode : 0; + + if (attr == &dev_attr_eco_mode.attr) + return (pcc->num_sifr > SINF_ECO_MODE) ? attr->mode : 0; + + if (attr == &dev_attr_current_brightness.attr) + return (pcc->num_sifr > SINF_CUR_BRIGHT) ? attr->mode : 0; + + return attr->mode; +} + static struct attribute *pcc_sysfs_entries[] = { &dev_attr_numbatt.attr, &dev_attr_lcdtype.attr, @@ -787,8 +805,9 @@ static struct attribute *pcc_sysfs_entries[] = { }; static const struct attribute_group pcc_attr_group = { - .name = NULL, /* put in device directory */ - .attrs = pcc_sysfs_entries, + .name = NULL, /* put in device directory */ + .attrs = pcc_sysfs_entries, + .is_visible = pcc_sysfs_is_visible, }; @@ -941,12 +960,15 @@ static int acpi_pcc_hotkey_resume(struct device *dev) if (!pcc) return -EINVAL; - acpi_pcc_write_sset(pcc, SINF_MUTE, pcc->mute); - acpi_pcc_write_sset(pcc, SINF_ECO_MODE, pcc->eco_mode); + if (pcc->num_sifr > SINF_MUTE) + acpi_pcc_write_sset(pcc, SINF_MUTE, pcc->mute); + if (pcc->num_sifr > SINF_ECO_MODE) + acpi_pcc_write_sset(pcc, SINF_ECO_MODE, pcc->eco_mode); acpi_pcc_write_sset(pcc, SINF_STICKY_KEY, pcc->sticky_key); acpi_pcc_write_sset(pcc, SINF_AC_CUR_BRIGHT, pcc->ac_brightness); acpi_pcc_write_sset(pcc, SINF_DC_CUR_BRIGHT, pcc->dc_brightness); - acpi_pcc_write_sset(pcc, SINF_CUR_BRIGHT, pcc->current_brightness); + if (pcc->num_sifr > SINF_CUR_BRIGHT) + acpi_pcc_write_sset(pcc, SINF_CUR_BRIGHT, pcc->current_brightness); return 0; } @@ -963,8 +985,12 @@ static int acpi_pcc_hotkey_add(struct acpi_device *device) num_sifr = acpi_pcc_get_sqty(device); - if (num_sifr < 0 || num_sifr > 255) { - pr_err("num_sifr out of range"); + /* + * pcc->sinf is expected to at least have the AC+DC brightness entries. + * Accesses to higher SINF entries are checked against num_sifr. + */ + if (num_sifr <= SINF_DC_CUR_BRIGHT || num_sifr > 255) { + pr_err("num_sifr %d out of range %d - 255\n", num_sifr, SINF_DC_CUR_BRIGHT + 1); return -ENODEV; } @@ -1020,11 +1046,14 @@ static int acpi_pcc_hotkey_add(struct acpi_device *device) acpi_pcc_write_sset(pcc, SINF_STICKY_KEY, 0); pcc->sticky_key = 0; - pcc->eco_mode = pcc->sinf[SINF_ECO_MODE]; - pcc->mute = pcc->sinf[SINF_MUTE]; pcc->ac_brightness = pcc->sinf[SINF_AC_CUR_BRIGHT]; pcc->dc_brightness = pcc->sinf[SINF_DC_CUR_BRIGHT]; - pcc->current_brightness = pcc->sinf[SINF_CUR_BRIGHT]; + if (pcc->num_sifr > SINF_MUTE) + pcc->mute = pcc->sinf[SINF_MUTE]; + if (pcc->num_sifr > SINF_ECO_MODE) + pcc->eco_mode = pcc->sinf[SINF_ECO_MODE]; + if (pcc->num_sifr > SINF_CUR_BRIGHT) + pcc->current_brightness = pcc->sinf[SINF_CUR_BRIGHT]; /* add sysfs attributes */ result = sysfs_create_group(&device->dev.kobj, &pcc_attr_group);

1 year, 3 months

1
0
0 0

[PATCH 4.19 00/95] 4.19.322-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.19.322 release. There are 95 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 12 Sep 2024 09:42:36 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.322-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.19.322-rc2 Li RongQing <lirongqing(a)baidu.com> netns: restore ops before calling ops_exit_list Zhang Changzhong <zhangchangzhong(a)huawei.com> cx82310_eth: fix error return code in cx82310_bind() Daniel Borkmann <daniel(a)iogearbox.net> net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket Roland Xu <mu001999(a)outlook.com> rtmutex: Drop rt_mutex::wait_lock before scheduling Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/i915/fence: Mark debug_fence_free() with __maybe_unused Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused Jonathan Cameron <Jonathan.Cameron(a)huawei.com> ACPI: processor: Fix memory leaks in error paths of processor_add() Jonathan Cameron <Jonathan.Cameron(a)huawei.com> ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() Eric Dumazet <edumazet(a)google.com> ila: call nf_unregister_net_hooks() sooner Eric Dumazet <edumazet(a)google.com> netns: add pre_exit method to struct pernet_operations Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: protect references to superblock parameters exposed in sysfs Qing Wang <wangqing(a)vivo.com> nilfs2: replace snprintf in show functions with sysfs_emit Zheng Yejian <zhengyejian(a)huaweicloud.com> tracing: Avoid possible softlockup in tracing_iter_reset() Steven Rostedt (VMware) <rostedt(a)goodmis.org> ring-buffer: Rename ring_buffer_read() to read_buffer_iter_advance() Sven Schnelle <svens(a)linux.ibm.com> uprobes: Use kzalloc to allocate xol area Jacky Bai <ping.bai(a)nxp.com> clocksource/drivers/imx-tpm: Fix next event not taking effect sometime Jacky Bai <ping.bai(a)nxp.com> clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX David Fernandez Gonzalez <david.fernandez.gonzalez(a)oracle.com> VMCI: Fix use-after-free when removing resource in vmci_resource_remove() Naman Jain <namjain(a)linux.microsoft.com> Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic Saurabh Sengar <ssengar(a)linux.microsoft.com> uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind Geert Uytterhoeven <geert+renesas(a)glider.be> nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc Matteo Martelli <matteomartelli3(a)gmail.com> iio: fix scale application in iio_convert_raw_to_processed_unlocked David Lechner <dlechner(a)baylibre.com> iio: buffer-dmaengine: fix releasing dma channel on error Michael Ellerman <mpe(a)ellerman.id.au> ata: pata_macio: Use WARN instead of BUG Stefan Wiehler <stefan.wiehler(a)nokia.com> of/irq: Prevent device address out-of-bounds read in interrupt map walk Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: sanity check symbolic link size Oliver Neukum <oneukum(a)suse.com> usbnet: ipheth: race between ipheth_close and error handling Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: uinput - reject requests with unreasonable number of slots Camila Alvarez <cam.alvarez.i(a)gmail.com> HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup David Sterba <dsterba(a)suse.com> btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry() Dan Williams <dan.j.williams(a)intel.com> PCI: Add missing bridge lock to pci_bus_lock() Josef Bacik <josef(a)toxicpanda.com> btrfs: clean up our handling of refs == 0 in snapshot delete Josef Bacik <josef(a)toxicpanda.com> btrfs: replace BUG_ON with ASSERT in walk_down_proc() Zqiang <qiang.zhang1211(a)gmail.com> smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu() Sascha Hauer <s.hauer(a)pengutronix.de> wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() Guenter Roeck <linux(a)roeck-us.net> hwmon: (w83627ehf) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (nct6775-core) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (lm95234) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (adc128d818) Fix underflows seen when writing limit attributes Krishna Kumar <krishnak(a)linux.ibm.com> pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv Zijun Hu <quic_zijuhu(a)quicinc.com> devres: Initialize an uninitialized struct member Johannes Berg <johannes.berg(a)intel.com> um: line: always fill *error_out in setup_one_line() Waiman Long <longman(a)redhat.com> cgroup: Protect css->cgroup write under css_set_lock Jacob Pan <jacob.jun.pan(a)linux.intel.com> iommu/vt-d: Handle volatile descriptor status read Pawel Dembicki <paweldembicki(a)gmail.com> net: dsa: vsc73xx: fix possible subblocks range of CAPT block Jonas Gorski <jonas.gorski(a)bisdn.de> net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> net: bridge: fdb: convert added_by_external_learn to use bitops Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> net: bridge: fdb: convert added_by_user to bitops Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> net: bridge: fdb: convert is_sticky to bitops Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> net: bridge: fdb: convert is_static to bitops Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> net: bridge: fdb: convert is_local to bitops Ido Schimmel <idosch(a)mellanox.com> bridge: switchdev: Allow clearing FDB entry offload indication Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> net: bridge: add support for sticky fdb entries Richard Guy Briggs <rgb(a)redhat.com> rfkill: fix spelling mistake contidion to condition Oliver Neukum <oneukum(a)suse.com> usbnet: modern method to get random MAC Jakub Kicinski <kuba(a)kernel.org> net: usb: don't write directly to netdev->dev_addr Len Baker <len.baker(a)gmx.com> drivers/net/usb: Remove all strcpy() uses Ondrej Zary <linux(a)zary.sk> cx82310_eth: re-enable ethernet mode after router reboot Aleksandr Mishin <amishin(a)t-argos.ru> platform/x86: dell-smbios: Fix error path in dell_smbios_init() Daiwei Li <daiweili(a)google.com> igb: Fix not clearing TimeSync interrupts for 82580 Kuniyuki Iwashima <kuniyu(a)amazon.com> can: bcm: Remove proc entry when dev is unregistered. Jules Irenge <jbi.octave(a)gmail.com> pcmcia: Use resource_size function on resource object Chen Ni <nichen(a)iscas.ac.cn> media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse Arend van Spriel <arend.vanspriel(a)broadcom.com> wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 Jan Kara <jack(a)suse.cz> udf: Avoid excessive partition lengths Yunjian Wang <wangyunjian(a)huawei.com> netfilter: nf_conncount: fix wrong variable type Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Remove put_pid()/put_cred() in copy_peercred(). Pali Rohár <pali(a)kernel.org> irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1 Konstantin Andreev <andreev(a)swemel.ru> smack: unix sockets: fix accept()ed socket label Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Add input value sanity checks to HDMI channel map controls Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix state management in error path of log writing function Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix missing cleanup on rollforward recovery error Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: clk-alpha-pll: Fix the pll post div mask Jann Horn <jannh(a)google.com> fuse: use unsigned type for getxattr/listxattr size truncation Sam Protsenko <semen.protsenko(a)linaro.org> mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K Zheng Qixing <zhengqixing(a)huawei.com> ata: libata: Fix memory leak for error path in ata_host_alloc() Christoffer Sandberg <cs(a)tuxedo.de> ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices Stephen Hemminger <stephen(a)networkplumber.org> sch/netem: fix use after free in netem_dequeue Hillf Danton <hdanton(a)sina.com> ALSA: usb-audio: Fix gpf in snd_usb_pipe_sanity_check Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Sanity checks for each pipe and EP types Jan Kara <jack(a)suse.cz> udf: Limit file size to 4TB Breno Leitao <leitao(a)debian.org> virtio_net: Fix napi_skb_cache_put warning Christoph Hellwig <hch(a)lst.de> block: initialize integrity buffer to zero before writing it to media Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Enforce alignment of frame and interval Casey Schaufler <casey(a)schaufler-ca.com> smack: tcp: ipv4, fix incorrect labeling Simon Holesch <simon(a)holesch.de> usbip: Don't submit special requests twice Leesoo Ahn <lsahn(a)ooseel.net> apparmor: fix possible NULL pointer dereference Michael Chen <michael.chen(a)amd.com> drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix mc_data out-of-bounds read warning Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix ucode out-of-bounds read warning Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix overflowed array index read warning Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> usb: dwc3: st: add missing depopulate in probe error path Nishka Dasgupta <nishkadg.linux(a)gmail.com> usb: dwc3: st: Add of_node_put() before return in probe function ZHANG Yuntian <yt(a)radxa.com> net: usb: qmi_wwan: add MeiG Smart SRM825L ------------- Diffstat: Makefile | 4 +- arch/um/drivers/line.c | 2 + block/bio-integrity.c | 11 +- drivers/acpi/acpi_processor.c | 15 +-- drivers/ata/libata-core.c | 4 +- drivers/ata/pata_macio.c | 7 +- drivers/base/devres.c | 1 + drivers/clk/qcom/clk-alpha-pll.c | 2 +- drivers/clocksource/timer-imx-tpm.c | 16 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_afmt.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_crat.h | 2 - drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_topology.h | 5 +- drivers/gpu/drm/i915/i915_sw_fence.c | 8 +- drivers/hid/hid-cougar.c | 2 +- drivers/hv/vmbus_drv.c | 1 + drivers/hwmon/adc128d818.c | 4 +- drivers/hwmon/lm95234.c | 9 +- drivers/hwmon/nct6775.c | 2 +- drivers/hwmon/w83627ehf.c | 4 +- drivers/iio/buffer/industrialio-buffer-dmaengine.c | 4 +- drivers/iio/inkern.c | 8 +- drivers/input/misc/uinput.c | 14 +++ drivers/iommu/dmar.c | 2 +- drivers/irqchip/irq-armada-370-xp.c | 4 + drivers/media/platform/qcom/camss/camss.c | 5 +- drivers/media/usb/uvc/uvc_driver.c | 18 ++- drivers/misc/vmw_vmci/vmci_resource.c | 3 +- drivers/mmc/host/dw_mmc.c | 4 +- drivers/net/dsa/vitesse-vsc73xx.c | 10 +- drivers/net/ethernet/intel/igb/igb_main.c | 10 ++ .../ethernet/mellanox/mlxsw/spectrum_switchdev.c | 9 +- drivers/net/ethernet/rocker/rocker_main.c | 1 + drivers/net/usb/ch9200.c | 4 +- drivers/net/usb/cx82310_eth.c | 56 +++++++-- drivers/net/usb/ipheth.c | 4 +- drivers/net/usb/kaweth.c | 3 +- drivers/net/usb/mcs7830.c | 4 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/usb/sierra_net.c | 6 +- drivers/net/usb/sr9700.c | 4 +- drivers/net/usb/sr9800.c | 5 +- drivers/net/usb/usbnet.c | 23 ++-- drivers/net/virtio_net.c | 8 +- .../broadcom/brcm80211/brcmsmac/mac80211_if.c | 1 + drivers/net/wireless/marvell/mwifiex/main.h | 3 + drivers/nvmem/core.c | 6 +- drivers/of/irq.c | 15 ++- drivers/pci/hotplug/pnv_php.c | 3 +- drivers/pci/pci.c | 35 +++--- drivers/pcmcia/yenta_socket.c | 6 +- drivers/platform/x86/dell-smbios-base.c | 5 +- drivers/uio/uio_hv_generic.c | 11 +- drivers/usb/dwc3/dwc3-st.c | 12 +- drivers/usb/usbip/stub_rx.c | 77 ++++++++----- fs/btrfs/extent-tree.c | 32 ++++-- fs/btrfs/inode.c | 2 +- fs/fuse/xattr.c | 4 +- fs/nilfs2/recovery.c | 35 +++++- fs/nilfs2/segment.c | 10 +- fs/nilfs2/sysfs.c | 117 +++++++++++-------- fs/squashfs/inode.c | 7 +- fs/udf/super.c | 24 +++- include/linux/ring_buffer.h | 3 +- include/net/net_namespace.h | 5 + include/net/switchdev.h | 3 +- include/uapi/linux/neighbour.h | 1 + kernel/cgroup/cgroup.c | 2 +- kernel/events/uprobes.c | 3 +- kernel/locking/rtmutex.c | 4 +- kernel/smp.c | 1 + kernel/trace/ring_buffer.c | 23 +--- kernel/trace/trace.c | 6 +- kernel/trace/trace_functions_graph.c | 2 +- net/bridge/br.c | 4 +- net/bridge/br_fdb.c | 128 ++++++++++++--------- net/bridge/br_input.c | 2 +- net/bridge/br_private.h | 18 ++- net/bridge/br_switchdev.c | 11 +- net/can/bcm.c | 4 + net/core/net_namespace.c | 28 +++++ net/dsa/slave.c | 1 + net/ipv6/ila/ila.h | 1 + net/ipv6/ila/ila_main.c | 6 + net/ipv6/ila/ila_xlat.c | 13 ++- net/netfilter/nf_conncount.c | 8 +- net/rfkill/core.c | 4 +- net/sched/sch_netem.c | 9 +- net/sunrpc/xprtsock.c | 7 ++ net/unix/af_unix.c | 9 +- security/apparmor/apparmorfs.c | 4 + security/smack/smack_lsm.c | 14 ++- sound/hda/hdmi_chmap.c | 18 +++ sound/pci/hda/patch_conexant.c | 11 ++ sound/usb/helper.c | 17 +++ sound/usb/helper.h | 1 + sound/usb/quirks.c | 14 ++- 100 files changed, 767 insertions(+), 344 deletions(-)

1 year, 3 months

6
6
0 0

[PATCH 5.15 000/214] 5.15.167-rc1 review

by Richard Narron

Slackware 15.0 64-bit compiles and runs fine. Slackware 15.0 32-bit fails to build and gives the "out of memory" error: cc1: out of memory allocating 180705472 bytes after a total of 284454912 bytes ... make[4]: *** [scripts/Makefile.build:289: drivers/staging/media/atomisp/pci/isp/kernels/ynr/ynr_1.0/ia_css_ynr.ho st.o] Error 1 Patching it with help from Lorenzo Stoakes allows the build to run: https://lore.kernel.org/lkml/5882b96e-1287-4390-8174-3316d39038ef@lucifer.l… And then 32-bit runs fine too. Richard Narron

1 year, 3 months

3
4
0 0

[PATCH] drm/xe/vram: fix ccs offset calculation

by Matthew Auld

Spec says SW is expected to round up to the nearest 128K, if not already aligned. We are seeing the assert sometimes pop on BMG to tell us that there is a hole between GSM and CCS, as well as popping other asserts with having a vram size with strange alignment, which is likely caused by misaligned offset here. BSpec: 68023 Fixes: b5c2ca0372dc ("drm/xe/xe2hpg: Determine flat ccs offset for vram") Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Cc: Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> Cc: Akshata Jahagirdar <akshata.jahagirdar(a)intel.com> Cc: Shuicheng Lin <shuicheng.lin(a)intel.com> Cc: Matt Roper <matthew.d.roper(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.10+ --- drivers/gpu/drm/xe/xe_vram.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/xe/xe_vram.c b/drivers/gpu/drm/xe/xe_vram.c index 7e765b1499b1..8e65cb4cc477 100644 --- a/drivers/gpu/drm/xe/xe_vram.c +++ b/drivers/gpu/drm/xe/xe_vram.c @@ -181,6 +181,7 @@ static inline u64 get_flat_ccs_offset(struct xe_gt *gt, u64 tile_size) offset = offset_hi << 32; /* HW view bits 39:32 */ offset |= offset_lo << 6; /* HW view bits 31:6 */ + offset = round_up(offset, SZ_128K); /* SW must round up to nearest 128K */ offset *= num_enabled; /* convert to SW view */ /* We don't expect any holes */ -- 2.46.0

1 year, 3 months

1
0
0 0

[PATCH v3] usb: gadget: core: force synchronous registration

by John Keeping

Registering a gadget driver is expected to complete synchronously and immediately after calling driver_register() this function checks that the driver has bound so as to return an error. Set PROBE_FORCE_SYNCHRONOUS to ensure this is the case even when asynchronous probing is set as the default. Fixes: fc274c1e99731 ("USB: gadget: Add a new bus for gadgets") Cc: stable(a)vger.kernel.org Signed-off-by: John Keeping <jkeeping(a)inmusicbrands.com> --- v3: - Add cc: stable v2: - Add "Fixes" trailer drivers/usb/gadget/udc/core.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/usb/gadget/udc/core.c b/drivers/usb/gadget/udc/core.c index cf6478f97f4a..a6f46364be65 100644 --- a/drivers/usb/gadget/udc/core.c +++ b/drivers/usb/gadget/udc/core.c @@ -1696,6 +1696,7 @@ int usb_gadget_register_driver_owner(struct usb_gadget_driver *driver, driver->driver.bus = &gadget_bus_type; driver->driver.owner = owner; driver->driver.mod_name = mod_name; + driver->driver.probe_type = PROBE_FORCE_SYNCHRONOUS; ret = driver_register(&driver->driver); if (ret) { pr_warn("%s: driver registration failed: %d\n", -- 2.46.0

1 year, 3 months

1
0
0 0

FW: [PATCH] usb: xhci: fix loss of data on Cadence xHC

by Pawel Laszczak

Streams should flush their TRB cache, re-read TRBs, and start executing TRBs from the beginning of the new dequeue pointer after a 'Set TR Dequeue Pointer' command. Cadence controllers may fail to start from the beginning of the dequeue TRB as it doesn't clear the Opaque 'RsvdO' field of the stream context during 'Set TR Dequeue' command. This stream context area is where xHC stores information about the last partially executed TD when a stream is stopped. xHC uses this information to resume the transfer where it left mid TD, when the stream is restarted. Patch fixes this by clearing out all RsvdO fields before initializing new Stream transfer using a 'Set TR Dequeue Pointer' command. Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") cc: <stable(a)vger.kernel.org> Signed-off-by: Pawel Laszczak <pawell(a)cadence.com> --- Changelog: v3: - changed patch to patch Cadence specific v2: - removed restoring of EDTLA field drivers/usb/cdns3/host.c | 4 +++- drivers/usb/host/xhci-pci.c | 7 +++++++ drivers/usb/host/xhci-ring.c | 14 ++++++++++++++ drivers/usb/host/xhci.h | 1 + 4 files changed, 25 insertions(+), 1 deletion(-) diff --git a/drivers/usb/cdns3/host.c b/drivers/usb/cdns3/host.c index ceca4d839dfd..7ba760ee62e3 100644 --- a/drivers/usb/cdns3/host.c +++ b/drivers/usb/cdns3/host.c @@ -62,7 +62,9 @@ static const struct xhci_plat_priv xhci_plat_cdns3_xhci = { .resume_quirk = xhci_cdns3_resume_quirk, }; -static const struct xhci_plat_priv xhci_plat_cdnsp_xhci; +static const struct xhci_plat_priv xhci_plat_cdnsp_xhci = { + .quirks = XHCI_CDNS_SCTX_QUIRK, +}; static int __cdns_host_init(struct cdns *cdns) { diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c index b9ae5c2a2527..9199dbfcea07 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -74,6 +74,9 @@ #define PCI_DEVICE_ID_ASMEDIA_2142_XHCI 0x2142 #define PCI_DEVICE_ID_ASMEDIA_3242_XHCI 0x3242 +#define PCI_DEVICE_ID_CADENCE 0x17CD +#define PCI_DEVICE_ID_CADENCE_SSP 0x0200 + static const char hcd_name[] = "xhci_hcd"; static struct hc_driver __read_mostly xhci_pci_hc_driver; @@ -532,6 +535,10 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) xhci->quirks |= XHCI_ZHAOXIN_TRB_FETCH; } + if (pdev->vendor == PCI_DEVICE_ID_CADENCE && + pdev->device == PCI_DEVICE_ID_CADENCE_SSP) + xhci->quirks |= XHCI_CDNS_SCTX_QUIRK; + /* xHC spec requires PCI devices to support D3hot and D3cold */ if (xhci->hci_version >= 0x120) xhci->quirks |= XHCI_DEFAULT_PM_RUNTIME_ALLOW; diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c index 1dde53f6eb31..a1ad2658c0c7 100644 --- a/drivers/usb/host/xhci-ring.c +++ b/drivers/usb/host/xhci-ring.c @@ -1386,6 +1386,20 @@ static void xhci_handle_cmd_set_deq(struct xhci_hcd *xhci, int slot_id, struct xhci_stream_ctx *ctx = &ep->stream_info->stream_ctx_array[stream_id]; deq = le64_to_cpu(ctx->stream_ring) & SCTX_DEQ_MASK; + + /* + * Cadence xHCI controllers store some endpoint state + * information within Rsvd0 fields of Stream Endpoint + * context. This field is not cleared during Set TR + * Dequeue Pointer command which causes XDMA to skip + * over transfer ring and leads to data loss on stream + * pipe. + * To fix this issue driver must clear Rsvd0 field. + */ + if (xhci->quirks & XHCI_CDNS_SCTX_QUIRK) { + ctx->reserved[0] = 0; + ctx->reserved[1] = 0; + } } else { deq = le64_to_cpu(ep_ctx->deq) & ~EP_CTX_CYCLE_MASK; } diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h index 101e74c9060f..4cbd58eed214 100644 --- a/drivers/usb/host/xhci.h +++ b/drivers/usb/host/xhci.h @@ -1907,6 +1907,7 @@ struct xhci_hcd { #define XHCI_ZHAOXIN_TRB_FETCH BIT_ULL(45) #define XHCI_ZHAOXIN_HOST BIT_ULL(46) #define XHCI_WRITE_64_HI_LO BIT_ULL(47) +#define XHCI_CDNS_SCTX_QUIRK BIT_ULL(48) unsigned int num_active_eps; unsigned int limit_active_eps; -- 2.43.0

1 year, 3 months

3
5
0 0

[PATCH RESEND] drm/sti: avoid potential dereference of error pointers

by Ma Ke

The return value of drm_atomic_get_crtc_state() needs to be checked. To avoid use of error pointer 'crtc_state' in case of the failure. Cc: stable(a)vger.kernel.org Fixes: dec92020671c ("drm: Use the state pointer directly in planes atomic_check") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/gpu/drm/sti/sti_cursor.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/gpu/drm/sti/sti_cursor.c b/drivers/gpu/drm/sti/sti_cursor.c index db0a1eb53532..e460f5ba2d87 100644 --- a/drivers/gpu/drm/sti/sti_cursor.c +++ b/drivers/gpu/drm/sti/sti_cursor.c @@ -200,6 +200,8 @@ static int sti_cursor_atomic_check(struct drm_plane *drm_plane, return 0; crtc_state = drm_atomic_get_crtc_state(state, crtc); + if (IS_ERR(crtc_state)) + return PTR_ERR(crtc_state); mode = &crtc_state->mode; dst_x = new_plane_state->crtc_x; dst_y = new_plane_state->crtc_y; -- 2.25.1

1 year, 3 months

3
4
0 0

[PATCH v3] PCI: pci_call_probe: call local_pci_probe() when selected cpu is offline

by Hongchen Zhang

Call work_on_cpu(cpu, fn, arg) in pci_call_probe() while the argument @cpu is a offline cpu would cause system stuck forever. This can be happen if a node is online while all its CPUs are offline (We can use "maxcpus=1" without "nr_cpus=1" to reproduce it). So, in the above case, let pci_call_probe() call local_pci_probe() instead of work_on_cpu() when the best selected cpu is offline. Fixes: 69a18b18699b ("PCI: Restrict probe functions to housekeeping CPUs") Cc: <stable(a)vger.kernel.org> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> Signed-off-by: Hongchen Zhang <zhanghongchen(a)loongson.cn> --- v2 -> v3: Modify commit message according to Markus's suggestion v1 -> v2: Add a method to reproduce the problem --- drivers/pci/pci-driver.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/pci/pci-driver.c b/drivers/pci/pci-driver.c index af2996d0d17f..32a99828e6a3 100644 --- a/drivers/pci/pci-driver.c +++ b/drivers/pci/pci-driver.c @@ -386,7 +386,7 @@ static int pci_call_probe(struct pci_driver *drv, struct pci_dev *dev, free_cpumask_var(wq_domain_mask); } - if (cpu < nr_cpu_ids) + if ((cpu < nr_cpu_ids) && cpu_online(cpu)) error = work_on_cpu(cpu, local_pci_probe, &ddi); else error = local_pci_probe(&ddi); -- 2.33.0

1 year, 3 months

3
8
0 0

[PATCH v6 2/2] ufs: core: requeue aborted request

by peter.wang＠mediatek.com

From: Peter Wang <peter.wang(a)mediatek.com> ufshcd_abort_all forcibly aborts all on-going commands and the host controller will automatically fill in the OCS field of the corresponding response with OCS_ABORTED based on different working modes. MCQ mode: aborts a command using SQ cleanup, The host controller will post a Completion Queue entry with OCS = ABORTED. SDB mode: aborts a command using UTRLCLR. Task Management response which means a Transfer Request was aborted. For these two cases, set a flag to notify SCSI to requeue the command after receiving response with OCS_ABORTED. Fixes: ab248643d3d6 ("scsi: ufs: core: Add error handling for MCQ mode") Cc: stable(a)vger.kernel.org Signed-off-by: Peter Wang <peter.wang(a)mediatek.com> --- drivers/ufs/core/ufshcd.c | 35 ++++++++++++++++++++--------------- include/ufs/ufshcd.h | 3 +++ 2 files changed, 23 insertions(+), 15 deletions(-) diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c index a6f818cdef0e..a0548a495f30 100644 --- a/drivers/ufs/core/ufshcd.c +++ b/drivers/ufs/core/ufshcd.c @@ -3006,6 +3006,7 @@ static int ufshcd_queuecommand(struct Scsi_Host *host, struct scsi_cmnd *cmd) ufshcd_prepare_lrbp_crypto(scsi_cmd_to_rq(cmd), lrbp); lrbp->req_abort_skip = false; + lrbp->abort_initiated_by_eh = false; ufshcd_comp_scsi_upiu(hba, lrbp); @@ -5404,7 +5405,10 @@ ufshcd_transfer_rsp_status(struct ufs_hba *hba, struct ufshcd_lrb *lrbp, } break; case OCS_ABORTED: - result |= DID_ABORT << 16; + if (lrbp->abort_initiated_by_eh) + result |= DID_REQUEUE << 16; + else + result |= DID_ABORT << 16; break; case OCS_INVALID_COMMAND_STATUS: result |= DID_REQUEUE << 16; @@ -6471,26 +6475,12 @@ static bool ufshcd_abort_one(struct request *rq, void *priv) struct scsi_device *sdev = cmd->device; struct Scsi_Host *shost = sdev->host; struct ufs_hba *hba = shost_priv(shost); - struct ufshcd_lrb *lrbp = &hba->lrb[tag]; - struct ufs_hw_queue *hwq; - unsigned long flags; *ret = ufshcd_try_to_abort_task(hba, tag); dev_err(hba->dev, "Aborting tag %d / CDB %#02x %s\n", tag, hba->lrb[tag].cmd ? hba->lrb[tag].cmd->cmnd[0] : -1, *ret ? "failed" : "succeeded"); - /* Release cmd in MCQ mode if abort succeeds */ - if (hba->mcq_enabled && (*ret == 0)) { - hwq = ufshcd_mcq_req_to_hwq(hba, scsi_cmd_to_rq(lrbp->cmd)); - if (!hwq) - return 0; - spin_lock_irqsave(&hwq->cq_lock, flags); - if (ufshcd_cmd_inflight(lrbp->cmd)) - ufshcd_release_scsi_cmd(hba, lrbp); - spin_unlock_irqrestore(&hwq->cq_lock, flags); - } - return *ret == 0; } @@ -7561,6 +7551,21 @@ int ufshcd_try_to_abort_task(struct ufs_hba *hba, int tag) goto out; } + /* + * When the host software receives a "FUNCTION COMPLETE", set flag + * to requeue command after receive response with OCS_ABORTED + * SDB mode: UTRLCLR Task Management response which means a Transfer + * Request was aborted. + * MCQ mode: Host will post to CQ with OCS_ABORTED after SQ cleanup + * + * This flag is set because error handler ufshcd_abort_all forcibly + * aborts all commands, and the host controller will automatically + * fill in the OCS field of the corresponding response with OCS_ABORTED. + * Therefore, upon receiving this response, it needs to be requeued. + */ + if (!err && ufshcd_eh_in_progress(hba)) + lrbp->abort_initiated_by_eh = true; + err = ufshcd_clear_cmd(hba, tag); if (err) dev_err(hba->dev, "%s: Failed clearing cmd at tag %d, err %d\n", diff --git a/include/ufs/ufshcd.h b/include/ufs/ufshcd.h index 0fd2aebac728..07b5e60e6c44 100644 --- a/include/ufs/ufshcd.h +++ b/include/ufs/ufshcd.h @@ -173,6 +173,8 @@ struct ufs_pm_lvl_states { * @crypto_key_slot: the key slot to use for inline crypto (-1 if none) * @data_unit_num: the data unit number for the first block for inline crypto * @req_abort_skip: skip request abort task flag + * @abort_initiated_by_eh: The flag is specifically used to handle + * ufshcd_err_handler forcibly aborts. */ struct ufshcd_lrb { struct utp_transfer_req_desc *utr_descriptor_ptr; @@ -202,6 +204,7 @@ struct ufshcd_lrb { #endif bool req_abort_skip; + bool abort_initiated_by_eh; }; /** -- 2.45.2

1 year, 3 months

3
4
0 0

[PATCH] HID: plantronics: Additional PID for double volume key presses quirk

by Wade Wang

Add the below headsets for double volume key presses quirk Plantronics EncorePro 500 Series (047f:431e) Plantronics Blackwire_3325 Series (047f:430c) Quote from previous patch by Maxim Mikityanskiy and Terry Junge 'commit f567d6ef8606 ("HID: plantronics: Workaround for double volume key presses")' 'commit 3d57f36c89d8 ("HID: plantronics: Additional PIDs for double volume key presses quirk")' These Plantronics Series headset sends an opposite volume key following each volume key press. This patch adds a quirk to hid-plantronics for this product ID, which will ignore the second opposite volume key press if it happens within 250 ms from the last one that was handled. Signed-off-by: Wade Wang <wade.wang(a)hp.com> --- drivers/hid/hid-ids.h | 2 ++ drivers/hid/hid-plantronics.c | 11 +++++++++++ 2 files changed, 13 insertions(+) diff --git a/drivers/hid/hid-ids.h b/drivers/hid/hid-ids.h index 781c5aa29859..a0aaac98a891 100644 --- a/drivers/hid/hid-ids.h +++ b/drivers/hid/hid-ids.h @@ -1050,6 +1050,8 @@ #define USB_DEVICE_ID_PLANTRONICS_BLACKWIRE_3220_SERIES 0xc056 #define USB_DEVICE_ID_PLANTRONICS_BLACKWIRE_3215_SERIES 0xc057 #define USB_DEVICE_ID_PLANTRONICS_BLACKWIRE_3225_SERIES 0xc058 +#define USB_DEVICE_ID_PLANTRONICS_BLACKWIRE_3325_SERIES 0x430c +#define USB_DEVICE_ID_PLANTRONICS_ENCOREPRO_500_SERIES 0x431e #define USB_VENDOR_ID_PANASONIC 0x04da #define USB_DEVICE_ID_PANABOARD_UBT780 0x1044 diff --git a/drivers/hid/hid-plantronics.c b/drivers/hid/hid-plantronics.c index 3d414ae194ac..2a19f3646ecb 100644 --- a/drivers/hid/hid-plantronics.c +++ b/drivers/hid/hid-plantronics.c @@ -38,8 +38,10 @@ (usage->hid & HID_USAGE_PAGE) == HID_UP_CONSUMER) #define PLT_QUIRK_DOUBLE_VOLUME_KEYS BIT(0) +#define PLT_QUIRK_FOLLOWED_VOLUME_UP_DN_KEYS BIT(1) #define PLT_DOUBLE_KEY_TIMEOUT 5 /* ms */ +#define PLT_FOLLOWED_KEY_TIMEOUT 250 /* ms */ struct plt_drv_data { unsigned long device_type; @@ -134,6 +136,9 @@ static int plantronics_event(struct hid_device *hdev, struct hid_field *field, cur_ts = jiffies; if (jiffies_to_msecs(cur_ts - prev_ts) <= PLT_DOUBLE_KEY_TIMEOUT) return 1; /* Ignore the repeated key. */ + if ((drv_data->quirks & PLT_QUIRK_FOLLOWED_VOLUME_UP_DN_KEYS) + && jiffies_to_msecs(cur_ts - prev_ts) <= PLT_FOLLOWED_KEY_TIMEOUT) + return 1; /* Ignore the followed volume key. */ drv_data->last_volume_key_ts = cur_ts; } @@ -210,6 +215,12 @@ static const struct hid_device_id plantronics_devices[] = { { HID_USB_DEVICE(USB_VENDOR_ID_PLANTRONICS, USB_DEVICE_ID_PLANTRONICS_BLACKWIRE_3225_SERIES), .driver_data = PLT_QUIRK_DOUBLE_VOLUME_KEYS }, + { HID_USB_DEVICE(USB_VENDOR_ID_PLANTRONICS, + USB_DEVICE_ID_PLANTRONICS_BLACKWIRE_3325_SERIES), + .driver_data = PLT_QUIRK_DOUBLE_VOLUME_KEYS|PLT_QUIRK_FOLLOWED_VOLUME_UP_DN_KEYS }, + { HID_USB_DEVICE(USB_VENDOR_ID_PLANTRONICS, + USB_DEVICE_ID_PLANTRONICS_ENCOREPRO_500_SERIES), + .driver_data = PLT_QUIRK_DOUBLE_VOLUME_KEYS|PLT_QUIRK_FOLLOWED_VOLUME_UP_DN_KEYS }, { HID_USB_DEVICE(USB_VENDOR_ID_PLANTRONICS, HID_ANY_ID) }, { } }; -- 2.34.1

1 year, 3 months

2
1
0 0

[PATCH] HID: plantronics: Update to map micmute controls

by Wade Wang

telephony page of Plantronics headset is ignored currently, it caused micmute button no function, Now follow native HID key mapping for telephony page map, telephony micmute key is enabled by default Signed-off-by: Wade Wang <wade.wang(a)hp.com> --- drivers/hid/hid-plantronics.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/hid/hid-plantronics.c b/drivers/hid/hid-plantronics.c index 2a19f3646ecb..2d17534fce61 100644 --- a/drivers/hid/hid-plantronics.c +++ b/drivers/hid/hid-plantronics.c @@ -77,10 +77,10 @@ static int plantronics_input_mapping(struct hid_device *hdev, } } /* handle standard types - plt_type is 0xffa0uuuu or 0xffa2uuuu */ - /* 'basic telephony compliant' - allow default consumer page map */ + /* 'basic telephony compliant' - allow default consumer & telephony page map */ else if ((plt_type & HID_USAGE) >= PLT_BASIC_TELEPHONY && (plt_type & HID_USAGE) != PLT_BASIC_EXCEPTION) { - if (PLT_ALLOW_CONSUMER) + if (PLT_ALLOW_CONSUMER || (usage->hid & HID_USAGE_PAGE) == HID_UP_TELEPHONY) goto defaulted; } /* not 'basic telephony' - apply legacy mapping */ -- 2.34.1

1 year, 3 months

2
1
0 0

[PATCH RESEND] pinctrl: check devm_kasprintf() returned value

by Ma Ke

devm_kasprintf() can return a NULL pointer on failure but this returned value is not checked. Fix this lack and check the returned value. Found by code review. Cc: stable(a)vger.kernel.org Fixes: a0f160ffcb83 ("pinctrl: add pinctrl/GPIO driver for Apple SoCs") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/pinctrl/pinctrl-apple-gpio.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/pinctrl/pinctrl-apple-gpio.c b/drivers/pinctrl/pinctrl-apple-gpio.c index 3751c7de37aa..f861e63f4115 100644 --- a/drivers/pinctrl/pinctrl-apple-gpio.c +++ b/drivers/pinctrl/pinctrl-apple-gpio.c @@ -474,6 +474,9 @@ static int apple_gpio_pinctrl_probe(struct platform_device *pdev) for (i = 0; i < npins; i++) { pins[i].number = i; pins[i].name = devm_kasprintf(&pdev->dev, GFP_KERNEL, "PIN%u", i); + if (!pins[i].name) + return -ENOMEM; + pins[i].drv_data = pctl; pin_names[i] = pins[i].name; pin_nums[i] = i; -- 2.25.1

1 year, 3 months

2
1
0 0

[PATCH 3/3] xhci: Don't perform Soft Retry for Etron xHCI host

by Kuangyi Chiang

Since commit f8f80be501aa ("xhci: Use soft retry to recover faster from transaction errors"), unplugging USB device while enumeration results in errors like this: [ 364.855321] xhci_hcd 0000:0b:00.0: ERROR Transfer event for disabled endpoint slot 5 ep 2 [ 364.864622] xhci_hcd 0000:0b:00.0: @0000002167656d70 67f03000 00000021 0c000000 05038001 [ 374.934793] xhci_hcd 0000:0b:00.0: Abort failed to stop command ring: -110 [ 374.958793] xhci_hcd 0000:0b:00.0: xHCI host controller not responding, assume dead [ 374.967590] xhci_hcd 0000:0b:00.0: HC died; cleaning up [ 374.973984] xhci_hcd 0000:0b:00.0: Timeout while waiting for configure endpoint command Seems that Etorn xHCI host can not perform Soft Retry correctly, apply XHCI_NO_SOFT_RETRY quirk to disable Soft Retry and then issue is gone. This patch depends on commit a4a251f8c235 ("usb: xhci: do not perform Soft Retry for some xHCI hosts"). Fixes: f8f80be501aa ("xhci: Use soft retry to recover faster from transaction errors") Cc: <stable(a)vger.kernel.org> Signed-off-by: Kuangyi Chiang <ki.chiang65(a)gmail.com> --- drivers/usb/host/xhci-pci.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c index dda873f3fee7..19f120ed8dd3 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -399,6 +399,7 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) xhci->quirks |= XHCI_BROKEN_STREAMS; xhci->quirks |= XHCI_NO_RESET_DEVICE; xhci->quirks |= XHCI_NO_BREAK_CTRL_TD; + xhci->quirks |= XHCI_NO_SOFT_RETRY; } if (pdev->vendor == PCI_VENDOR_ID_ETRON && pdev->device == PCI_DEVICE_ID_EJ188) { @@ -406,6 +407,7 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) xhci->quirks |= XHCI_BROKEN_STREAMS; xhci->quirks |= XHCI_NO_RESET_DEVICE; xhci->quirks |= XHCI_NO_BREAK_CTRL_TD; + xhci->quirks |= XHCI_NO_SOFT_RETRY; } if (pdev->vendor == PCI_VENDOR_ID_RENESAS && -- 2.25.1

1 year, 3 months

3
7
0 0

[PATCH V6] scsi: ufs: qcom: update MODE_MAX cfg_bw value

by Manish Pandey

Commit 8db8f6ce556a ("scsi: ufs: qcom: Add missing interconnect bandwidth values for Gear 5") updated the ufs_qcom_bw_table for Gear 5. However, it missed updating the cfg_bw value for the max mode. Hence update the cfg_bw value for the max mode for UFS 4.x devices. Fixes: 8db8f6ce556a ("scsi: ufs: qcom: Add missing interconnect bandwidth values for Gear 5") Cc: stable(a)vger.kernel.org Signed-off-by: Manish Pandey <quic_mapa(a)quicinc.com> Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> --- Changes from v5: - Updated commit message. - Added Reviewed-by tag. Changes from v4: - Updated commit message. Changes from v3: - Cced stable(a)vger.kernel.org. Changes from v2: - Addressed Mani comment, added fixes tag. Changes from v1: - Updated commit message. --- drivers/ufs/host/ufs-qcom.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/ufs/host/ufs-qcom.c b/drivers/ufs/host/ufs-qcom.c index c87fdc849c62..ecdfff2456e3 100644 --- a/drivers/ufs/host/ufs-qcom.c +++ b/drivers/ufs/host/ufs-qcom.c @@ -93,7 +93,7 @@ static const struct __ufs_qcom_bw_table { [MODE_HS_RB][UFS_HS_G3][UFS_LANE_2] = { 1492582, 204800 }, [MODE_HS_RB][UFS_HS_G4][UFS_LANE_2] = { 2915200, 409600 }, [MODE_HS_RB][UFS_HS_G5][UFS_LANE_2] = { 5836800, 819200 }, - [MODE_MAX][0][0] = { 7643136, 307200 }, + [MODE_MAX][0][0] = { 7643136, 819200 }, }; static void ufs_qcom_get_default_testbus_cfg(struct ufs_qcom_host *host); -- 2.17.1

1 year, 3 months

2
1
0 0

[PATCHv2 net] usbnet: fix cyclical race on disconnect with work queue

by Oliver Neukum

The work can submit URBs and the URBs can schedule the work. This cycle needs to be broken, when a device is to be stopped. Use a flag to do so. This is a design issue as old as the driver. Signed-off-by: Oliver Neukum <oneukum(a)suse.com> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") CC: stable(a)vger.kernel.org --- v2: fix PM reference issue drivers/net/usb/usbnet.c | 37 ++++++++++++++++++++++++++++--------- include/linux/usb/usbnet.h | 17 +++++++++++++++++ 2 files changed, 45 insertions(+), 9 deletions(-) diff --git a/drivers/net/usb/usbnet.c b/drivers/net/usb/usbnet.c index 18eb5ba436df..2506aa8c603e 100644 --- a/drivers/net/usb/usbnet.c +++ b/drivers/net/usb/usbnet.c @@ -464,10 +464,15 @@ static enum skb_state defer_bh(struct usbnet *dev, struct sk_buff *skb, void usbnet_defer_kevent (struct usbnet *dev, int work) { set_bit (work, &dev->flags); - if (!schedule_work (&dev->kevent)) - netdev_dbg(dev->net, "kevent %s may have been dropped\n", usbnet_event_names[work]); - else - netdev_dbg(dev->net, "kevent %s scheduled\n", usbnet_event_names[work]); + if (!usbnet_going_away(dev)) { + if (!schedule_work(&dev->kevent)) + netdev_dbg(dev->net, + "kevent %s may have been dropped\n", + usbnet_event_names[work]); + else + netdev_dbg(dev->net, + "kevent %s scheduled\n", usbnet_event_names[work]); + } } EXPORT_SYMBOL_GPL(usbnet_defer_kevent); @@ -535,7 +540,8 @@ static int rx_submit (struct usbnet *dev, struct urb *urb, gfp_t flags) tasklet_schedule (&dev->bh); break; case 0: - __usbnet_queue_skb(&dev->rxq, skb, rx_start); + if (!usbnet_going_away(dev)) + __usbnet_queue_skb(&dev->rxq, skb, rx_start); } } else { netif_dbg(dev, ifdown, dev->net, "rx: stopped\n"); @@ -843,9 +849,18 @@ int usbnet_stop (struct net_device *net) /* deferred work (timer, softirq, task) must also stop */ dev->flags = 0; - del_timer_sync (&dev->delay); - tasklet_kill (&dev->bh); + del_timer_sync(&dev->delay); + tasklet_kill(&dev->bh); cancel_work_sync(&dev->kevent); + + /* We have cyclic dependencies. Those calls are needed + * to break a cycle. We cannot fall into the gaps because + * we have a flag + */ + tasklet_kill(&dev->bh); + del_timer_sync(&dev->delay); + cancel_work_sync(&dev->kevent); + if (!pm) usb_autopm_put_interface(dev->intf); @@ -1171,7 +1186,8 @@ usbnet_deferred_kevent (struct work_struct *work) status); } else { clear_bit (EVENT_RX_HALT, &dev->flags); - tasklet_schedule (&dev->bh); + if (!usbnet_going_away(dev)) + tasklet_schedule(&dev->bh); } } @@ -1196,7 +1212,8 @@ usbnet_deferred_kevent (struct work_struct *work) usb_autopm_put_interface(dev->intf); fail_lowmem: if (resched) - tasklet_schedule (&dev->bh); + if (!usbnet_going_away(dev)) + tasklet_schedule(&dev->bh); } } @@ -1559,6 +1576,7 @@ static void usbnet_bh (struct timer_list *t) } else if (netif_running (dev->net) && netif_device_present (dev->net) && netif_carrier_ok(dev->net) && + !usbnet_going_away(dev) && !timer_pending(&dev->delay) && !test_bit(EVENT_RX_PAUSED, &dev->flags) && !test_bit(EVENT_RX_HALT, &dev->flags)) { @@ -1606,6 +1624,7 @@ void usbnet_disconnect (struct usb_interface *intf) usb_set_intfdata(intf, NULL); if (!dev) return; + usbnet_mark_going_away(dev); xdev = interface_to_usbdev (intf); diff --git a/include/linux/usb/usbnet.h b/include/linux/usb/usbnet.h index 9f08a584d707..d02d6f16da46 100644 --- a/include/linux/usb/usbnet.h +++ b/include/linux/usb/usbnet.h @@ -76,8 +76,25 @@ struct usbnet { # define EVENT_LINK_CHANGE 11 # define EVENT_SET_RX_MODE 12 # define EVENT_NO_IP_ALIGN 13 +/* This one is special, as it indicates that the device is going away + * there are cyclic dependencies between tasklet, timer and bh + * that must be broken + */ +# define EVENT_UNPLUG 31 }; +static inline bool usbnet_going_away(struct usbnet *ubn) +{ + smp_mb__before_atomic(); /* against usbnet_mark_going_away() */ + return test_bit(EVENT_UNPLUG, &ubn->flags); +} + +static inline void usbnet_mark_going_away(struct usbnet *ubn) +{ + set_bit(EVENT_UNPLUG, &ubn->flags); + smp_mb__after_atomic(); /* against usbnet_going_away() */ +} + static inline struct usb_driver *driver_of(struct usb_interface *intf) { return to_usb_driver(intf->dev.driver); -- 2.45.2

1 year, 3 months

3
5
0 0

[PATCH 3/8] lpfc: Restrict support for 32 byte CDBs to specific HBAs

by Justin Tee

An older generation of HBAs are failing FCP discovery due to usage of an outdated field in FCP command WQEs. Fix by checking the SLI Interface Type register for applicable support of 32 Byte CDB commands, and restore a setting for a WQE path using normal 16 byte CDBs. Fixes: af20bb73ac25 ("scsi: lpfc: Add support for 32 byte CDBs") Cc: <stable(a)vger.kernel.org> # v6.10+ Signed-off-by: Justin Tee <justin.tee(a)broadcom.com> --- drivers/scsi/lpfc/lpfc_hw4.h | 3 +++ drivers/scsi/lpfc/lpfc_init.c | 21 ++++++++++++++++++--- drivers/scsi/lpfc/lpfc_scsi.c | 2 +- 3 files changed, 22 insertions(+), 4 deletions(-) diff --git a/drivers/scsi/lpfc/lpfc_hw4.h b/drivers/scsi/lpfc/lpfc_hw4.h index 500253007b1d..26e1313ebb21 100644 --- a/drivers/scsi/lpfc/lpfc_hw4.h +++ b/drivers/scsi/lpfc/lpfc_hw4.h @@ -4847,6 +4847,7 @@ struct fcp_iwrite64_wqe { #define cmd_buff_len_SHIFT 16 #define cmd_buff_len_MASK 0x00000ffff #define cmd_buff_len_WORD word3 +/* Note: payload_offset_len field depends on ASIC support */ #define payload_offset_len_SHIFT 0 #define payload_offset_len_MASK 0x0000ffff #define payload_offset_len_WORD word3 @@ -4863,6 +4864,7 @@ struct fcp_iread64_wqe { #define cmd_buff_len_SHIFT 16 #define cmd_buff_len_MASK 0x00000ffff #define cmd_buff_len_WORD word3 +/* Note: payload_offset_len field depends on ASIC support */ #define payload_offset_len_SHIFT 0 #define payload_offset_len_MASK 0x0000ffff #define payload_offset_len_WORD word3 @@ -4879,6 +4881,7 @@ struct fcp_icmnd64_wqe { #define cmd_buff_len_SHIFT 16 #define cmd_buff_len_MASK 0x00000ffff #define cmd_buff_len_WORD word3 +/* Note: payload_offset_len field depends on ASIC support */ #define payload_offset_len_SHIFT 0 #define payload_offset_len_MASK 0x0000ffff #define payload_offset_len_WORD word3 diff --git a/drivers/scsi/lpfc/lpfc_init.c b/drivers/scsi/lpfc/lpfc_init.c index e1dfa96c2a55..0c1404dc5f3b 100644 --- a/drivers/scsi/lpfc/lpfc_init.c +++ b/drivers/scsi/lpfc/lpfc_init.c @@ -4699,6 +4699,7 @@ lpfc_create_port(struct lpfc_hba *phba, int instance, struct device *dev) uint64_t wwn; bool use_no_reset_hba = false; int rc; + u8 if_type; if (lpfc_no_hba_reset_cnt) { if (phba->sli_rev < LPFC_SLI_REV4 && @@ -4773,10 +4774,24 @@ lpfc_create_port(struct lpfc_hba *phba, int instance, struct device *dev) shost->max_id = LPFC_MAX_TARGET; shost->max_lun = vport->cfg_max_luns; shost->this_id = -1; - if (phba->sli_rev == LPFC_SLI_REV4) - shost->max_cmd_len = LPFC_FCP_CDB_LEN_32; - else + + /* Set max_cmd_len applicable to ASIC support */ + if (phba->sli_rev == LPFC_SLI_REV4) { + if_type = bf_get(lpfc_sli_intf_if_type, + &phba->sli4_hba.sli_intf); + switch (if_type) { + case LPFC_SLI_INTF_IF_TYPE_2: + fallthrough; + case LPFC_SLI_INTF_IF_TYPE_6: + shost->max_cmd_len = LPFC_FCP_CDB_LEN_32; + break; + default: + shost->max_cmd_len = LPFC_FCP_CDB_LEN; + break; + } + } else { shost->max_cmd_len = LPFC_FCP_CDB_LEN; + } if (phba->sli_rev == LPFC_SLI_REV4) { if (!phba->cfg_fcp_mq_threshold || diff --git a/drivers/scsi/lpfc/lpfc_scsi.c b/drivers/scsi/lpfc/lpfc_scsi.c index 60cd60ebff38..0eaede8275da 100644 --- a/drivers/scsi/lpfc/lpfc_scsi.c +++ b/drivers/scsi/lpfc/lpfc_scsi.c @@ -4760,7 +4760,7 @@ static int lpfc_scsi_prep_cmnd_buf_s4(struct lpfc_vport *vport, /* Word 3 */ bf_set(payload_offset_len, &wqe->fcp_icmd, - sizeof(struct fcp_cmnd32) + sizeof(struct fcp_rsp)); + sizeof(struct fcp_cmnd) + sizeof(struct fcp_rsp)); /* Word 6 */ bf_set(wqe_ctxt_tag, &wqe->generic.wqe_com, -- 2.38.0

1 year, 3 months

1
0
0 0

[PATCH 6.6 v2 3/4] riscv: dts: starfive: Add the nodes and pins of I2Srx/I2Stx0/I2Stx1

by WangYuli

From: Xingyu Wu <xingyu.wu(a)starfivetech.com> [ Upstream commit 92cfc35838b2a4006abb9e3bafc291b56f135d01 ] Add I2Srx/I2Stx0/I2Stx1 nodes and pins configuration for the StarFive JH7110 SoC. Signed-off-by: Xingyu Wu <xingyu.wu(a)starfivetech.com> Reviewed-by: Walker Chen <walker.chen(a)starfivetech.com> Signed-off-by: Conor Dooley <conor.dooley(a)microchip.com> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> --- .../jh7110-starfive-visionfive-2.dtsi | 58 +++++++++++++++++ arch/riscv/boot/dts/starfive/jh7110.dtsi | 65 +++++++++++++++++++ 2 files changed, 123 insertions(+) diff --git a/arch/riscv/boot/dts/starfive/jh7110-starfive-visionfive-2.dtsi b/arch/riscv/boot/dts/starfive/jh7110-starfive-visionfive-2.dtsi index 4874e3bb42ab..caa59b9b2f19 100644 --- a/arch/riscv/boot/dts/starfive/jh7110-starfive-visionfive-2.dtsi +++ b/arch/riscv/boot/dts/starfive/jh7110-starfive-visionfive-2.dtsi @@ -202,6 +202,24 @@ &i2c6 { status = "okay"; }; +&i2srx { + pinctrl-names = "default"; + pinctrl-0 = <&i2srx_pins>; + status = "okay"; +}; + +&i2stx0 { + pinctrl-names = "default"; + pinctrl-0 = <&mclk_ext_pins>; + status = "okay"; +}; + +&i2stx1 { + pinctrl-names = "default"; + pinctrl-0 = <&i2stx1_pins>; + status = "okay"; +}; + &mmc0 { max-frequency = <100000000>; assigned-clocks = <&syscrg JH7110_SYSCLK_SDIO0_SDCARD>; @@ -340,6 +358,46 @@ GPOEN_SYS_I2C6_DATA, }; }; + i2srx_pins: i2srx-0 { + clk-sd-pins { + pinmux = <GPIOMUX(38, GPOUT_LOW, + GPOEN_DISABLE, + GPI_SYS_I2SRX_BCLK)>, + <GPIOMUX(63, GPOUT_LOW, + GPOEN_DISABLE, + GPI_SYS_I2SRX_LRCK)>, + <GPIOMUX(38, GPOUT_LOW, + GPOEN_DISABLE, + GPI_SYS_I2STX1_BCLK)>, + <GPIOMUX(63, GPOUT_LOW, + GPOEN_DISABLE, + GPI_SYS_I2STX1_LRCK)>, + <GPIOMUX(61, GPOUT_LOW, + GPOEN_DISABLE, + GPI_SYS_I2SRX_SDIN0)>; + input-enable; + }; + }; + + i2stx1_pins: i2stx1-0 { + sd-pins { + pinmux = <GPIOMUX(44, GPOUT_SYS_I2STX1_SDO0, + GPOEN_ENABLE, + GPI_NONE)>; + bias-disable; + input-disable; + }; + }; + + mclk_ext_pins: mclk-ext-0 { + mclk-ext-pins { + pinmux = <GPIOMUX(4, GPOUT_LOW, + GPOEN_DISABLE, + GPI_SYS_MCLK_EXT)>; + input-enable; + }; + }; + mmc0_pins: mmc0-0 { rst-pins { pinmux = <GPIOMUX(62, GPOUT_SYS_SDIO0_RST, diff --git a/arch/riscv/boot/dts/starfive/jh7110.dtsi b/arch/riscv/boot/dts/starfive/jh7110.dtsi index e85464c328d0..621b68c02ea8 100644 --- a/arch/riscv/boot/dts/starfive/jh7110.dtsi +++ b/arch/riscv/boot/dts/starfive/jh7110.dtsi @@ -512,6 +512,30 @@ tdm: tdm@10090000 { status = "disabled"; }; + i2srx: i2s@100e0000 { + compatible = "starfive,jh7110-i2srx"; + reg = <0x0 0x100e0000 0x0 0x1000>; + clocks = <&syscrg JH7110_SYSCLK_I2SRX_BCLK_MST>, + <&syscrg JH7110_SYSCLK_I2SRX_APB>, + <&syscrg JH7110_SYSCLK_MCLK>, + <&syscrg JH7110_SYSCLK_MCLK_INNER>, + <&mclk_ext>, + <&syscrg JH7110_SYSCLK_I2SRX_BCLK>, + <&syscrg JH7110_SYSCLK_I2SRX_LRCK>, + <&i2srx_bclk_ext>, + <&i2srx_lrck_ext>; + clock-names = "i2sclk", "apb", "mclk", + "mclk_inner", "mclk_ext", "bclk", + "lrck", "bclk_ext", "lrck_ext"; + resets = <&syscrg JH7110_SYSRST_I2SRX_APB>, + <&syscrg JH7110_SYSRST_I2SRX_BCLK>; + dmas = <0>, <&dma 24>; + dma-names = "tx", "rx"; + starfive,syscon = <&sys_syscon 0x18 0x2>; + #sound-dai-cells = <0>; + status = "disabled"; + }; + usb0: usb@10100000 { compatible = "starfive,jh7110-usb"; ranges = <0x0 0x0 0x10100000 0x100000>; @@ -736,6 +760,47 @@ spi6: spi@120a0000 { status = "disabled"; }; + i2stx0: i2s@120b0000 { + compatible = "starfive,jh7110-i2stx0"; + reg = <0x0 0x120b0000 0x0 0x1000>; + clocks = <&syscrg JH7110_SYSCLK_I2STX0_BCLK_MST>, + <&syscrg JH7110_SYSCLK_I2STX0_APB>, + <&syscrg JH7110_SYSCLK_MCLK>, + <&syscrg JH7110_SYSCLK_MCLK_INNER>, + <&mclk_ext>; + clock-names = "i2sclk", "apb", "mclk", + "mclk_inner","mclk_ext"; + resets = <&syscrg JH7110_SYSRST_I2STX0_APB>, + <&syscrg JH7110_SYSRST_I2STX0_BCLK>; + dmas = <&dma 47>; + dma-names = "tx"; + #sound-dai-cells = <0>; + status = "disabled"; + }; + + i2stx1: i2s@120c0000 { + compatible = "starfive,jh7110-i2stx1"; + reg = <0x0 0x120c0000 0x0 0x1000>; + clocks = <&syscrg JH7110_SYSCLK_I2STX1_BCLK_MST>, + <&syscrg JH7110_SYSCLK_I2STX1_APB>, + <&syscrg JH7110_SYSCLK_MCLK>, + <&syscrg JH7110_SYSCLK_MCLK_INNER>, + <&mclk_ext>, + <&syscrg JH7110_SYSCLK_I2STX1_BCLK>, + <&syscrg JH7110_SYSCLK_I2STX1_LRCK>, + <&i2stx_bclk_ext>, + <&i2stx_lrck_ext>; + clock-names = "i2sclk", "apb", "mclk", + "mclk_inner", "mclk_ext", "bclk", + "lrck", "bclk_ext", "lrck_ext"; + resets = <&syscrg JH7110_SYSRST_I2STX1_APB>, + <&syscrg JH7110_SYSRST_I2STX1_BCLK>; + dmas = <&dma 48>; + dma-names = "tx"; + #sound-dai-cells = <0>; + status = "disabled"; + }; + sfctemp: temperature-sensor@120e0000 { compatible = "starfive,jh7110-temp"; reg = <0x0 0x120e0000 0x0 0x10000>; -- 2.43.4

1 year, 3 months

4
4
0 0

[PATCH 6.1] fs/ntfs3: Use kvfree to free memory allocated by kvmalloc

by Andrey Kalachev

Missed master:ddb17dc880ee backport cause 'kernel BUG in __phys_addr (2)' on 6.1.y. introduced by: 6.1.y:6fe32f79abea fs/ntfs3: Use kvmalloc instead of kmalloc(... __GFP_NOWARN) Link: https://syzkaller.appspot.com/bug?extid=3c339e6f719df0a7faac ------------------ From: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> Date: Tue, 16 Jan 2024 10:32:20 +0300 [ Upstream commit ddb17dc880eeaac37b5a6e984de07b882de7d78d ] Signed-off-by: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> Signed-off-by: Andrey Kalachev <kalachev(a)swemel.ru> --- fs/ntfs3/attrlist.c | 4 ++-- fs/ntfs3/bitmap.c | 4 ++-- fs/ntfs3/frecord.c | 4 ++-- fs/ntfs3/super.c | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/fs/ntfs3/attrlist.c b/fs/ntfs3/attrlist.c index 723e49ec83ce..82bd9b5d9bd8 100644 --- a/fs/ntfs3/attrlist.c +++ b/fs/ntfs3/attrlist.c @@ -29,7 +29,7 @@ static inline bool al_is_valid_le(const struct ntfs_inode *ni, void al_destroy(struct ntfs_inode *ni) { run_close(&ni->attr_list.run); - kfree(ni->attr_list.le); + kvfree(ni->attr_list.le); ni->attr_list.le = NULL; ni->attr_list.size = 0; ni->attr_list.dirty = false; @@ -318,7 +318,7 @@ int al_add_le(struct ntfs_inode *ni, enum ATTR_TYPE type, const __le16 *name, memcpy(ptr, al->le, off); memcpy(Add2Ptr(ptr, off + sz), le, old_size - off); le = Add2Ptr(ptr, off); - kfree(al->le); + kvfree(al->le); al->le = ptr; } else { memmove(Add2Ptr(le, sz), le, old_size - off); diff --git a/fs/ntfs3/bitmap.c b/fs/ntfs3/bitmap.c index 70d9d08fc61b..8dbd8e70c295 100644 --- a/fs/ntfs3/bitmap.c +++ b/fs/ntfs3/bitmap.c @@ -124,7 +124,7 @@ void wnd_close(struct wnd_bitmap *wnd) { struct rb_node *node, *next; - kfree(wnd->free_bits); + kvfree(wnd->free_bits); run_close(&wnd->run); node = rb_first(&wnd->start_tree); @@ -1333,7 +1333,7 @@ int wnd_extend(struct wnd_bitmap *wnd, size_t new_bits) memcpy(new_free, wnd->free_bits, wnd->nwnd * sizeof(short)); memset(new_free + wnd->nwnd, 0, (new_wnd - wnd->nwnd) * sizeof(short)); - kfree(wnd->free_bits); + kvfree(wnd->free_bits); wnd->free_bits = new_free; } diff --git a/fs/ntfs3/frecord.c b/fs/ntfs3/frecord.c index 6cce71cc750e..b460d1da9440 100644 --- a/fs/ntfs3/frecord.c +++ b/fs/ntfs3/frecord.c @@ -773,7 +773,7 @@ static int ni_try_remove_attr_list(struct ntfs_inode *ni) run_deallocate(sbi, &ni->attr_list.run, true); run_close(&ni->attr_list.run); ni->attr_list.size = 0; - kfree(ni->attr_list.le); + kvfree(ni->attr_list.le); ni->attr_list.le = NULL; ni->attr_list.dirty = false; @@ -924,7 +924,7 @@ int ni_create_attr_list(struct ntfs_inode *ni) goto out; out1: - kfree(ni->attr_list.le); + kvfree(ni->attr_list.le); ni->attr_list.le = NULL; ni->attr_list.size = 0; return err; diff --git a/fs/ntfs3/super.c b/fs/ntfs3/super.c index 667ff92f5afc..eee54214f4a3 100644 --- a/fs/ntfs3/super.c +++ b/fs/ntfs3/super.c @@ -441,7 +441,7 @@ static noinline void put_ntfs(struct ntfs_sb_info *sbi) { kfree(sbi->new_rec); kvfree(ntfs_put_shared(sbi->upcase)); - kfree(sbi->def_table); + kvfree(sbi->def_table); wnd_close(&sbi->mft.bitmap); wnd_close(&sbi->used.bitmap); -- 2.30.2 To: Cc: Bcc: Subject: Reply-To:

1 year, 3 months

1
0
0 0

[PATCH 5.15] fs/ntfs3: Use kvfree to free memory allocated by kvmalloc

by Andrey Kalachev

Missed master:ddb17dc880ee backport cause 'kernel BUG in __phys_addr' on 5.15.y. introduced by: 5.15.y:962a3d3d731c (fs/ntfs3: Use kvmalloc instead of kmalloc(... __GFP_NOWARN)) Link: https://syzkaller.appspot.com/bug?extid=2c00ffdada0b04c96497 ------------------ From: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> Date: Tue, 16 Jan 2024 10:32:20 +0300 Subject: [PATCH] fs/ntfs3: Use kvfree to free memory allocated by kvmalloc [ Upstream commit ddb17dc880eeaac37b5a6e984de07b882de7d78d ] Signed-off-by: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> Signed-off-by: Andrey Kalachev <kalachev(a)swemel.ru> --- fs/ntfs3/attrlist.c | 4 ++-- fs/ntfs3/bitmap.c | 4 ++-- fs/ntfs3/frecord.c | 4 ++-- fs/ntfs3/super.c | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/fs/ntfs3/attrlist.c b/fs/ntfs3/attrlist.c index 723e49ec83ce..82bd9b5d9bd8 100644 --- a/fs/ntfs3/attrlist.c +++ b/fs/ntfs3/attrlist.c @@ -29,7 +29,7 @@ static inline bool al_is_valid_le(const struct ntfs_inode *ni, void al_destroy(struct ntfs_inode *ni) { run_close(&ni->attr_list.run); - kfree(ni->attr_list.le); + kvfree(ni->attr_list.le); ni->attr_list.le = NULL; ni->attr_list.size = 0; ni->attr_list.dirty = false; @@ -318,7 +318,7 @@ int al_add_le(struct ntfs_inode *ni, enum ATTR_TYPE type, const __le16 *name, memcpy(ptr, al->le, off); memcpy(Add2Ptr(ptr, off + sz), le, old_size - off); le = Add2Ptr(ptr, off); - kfree(al->le); + kvfree(al->le); al->le = ptr; } else { memmove(Add2Ptr(le, sz), le, old_size - off); diff --git a/fs/ntfs3/bitmap.c b/fs/ntfs3/bitmap.c index 7dccff6c9983..2c29a3b386ba 100644 --- a/fs/ntfs3/bitmap.c +++ b/fs/ntfs3/bitmap.c @@ -129,7 +129,7 @@ void wnd_close(struct wnd_bitmap *wnd) { struct rb_node *node, *next; - kfree(wnd->free_bits); + kvfree(wnd->free_bits); run_close(&wnd->run); node = rb_first(&wnd->start_tree); @@ -1340,7 +1340,7 @@ int wnd_extend(struct wnd_bitmap *wnd, size_t new_bits) wnd->nwnd * sizeof(short)); memset(new_free + wnd->nwnd, 0, (new_wnd - wnd->nwnd) * sizeof(short)); - kfree(wnd->free_bits); + kvfree(wnd->free_bits); wnd->free_bits = new_free; } diff --git a/fs/ntfs3/frecord.c b/fs/ntfs3/frecord.c index da21a044d3f8..7a1f57dc58df 100644 --- a/fs/ntfs3/frecord.c +++ b/fs/ntfs3/frecord.c @@ -750,7 +750,7 @@ static int ni_try_remove_attr_list(struct ntfs_inode *ni) run_deallocate(sbi, &ni->attr_list.run, true); run_close(&ni->attr_list.run); ni->attr_list.size = 0; - kfree(ni->attr_list.le); + kvfree(ni->attr_list.le); ni->attr_list.le = NULL; ni->attr_list.dirty = false; @@ -899,7 +899,7 @@ int ni_create_attr_list(struct ntfs_inode *ni) goto out; out1: - kfree(ni->attr_list.le); + kvfree(ni->attr_list.le); ni->attr_list.le = NULL; ni->attr_list.size = 0; return err; diff --git a/fs/ntfs3/super.c b/fs/ntfs3/super.c index 2ce26062e55e..78b086527331 100644 --- a/fs/ntfs3/super.c +++ b/fs/ntfs3/super.c @@ -441,7 +441,7 @@ static noinline void put_ntfs(struct ntfs_sb_info *sbi) { kfree(sbi->new_rec); kvfree(ntfs_put_shared(sbi->upcase)); - kfree(sbi->def_table); + kvfree(sbi->def_table); wnd_close(&sbi->mft.bitmap); wnd_close(&sbi->used.bitmap); -- 2.30.2

1 year, 3 months

1
0
0 0

[PATCH v2] clocksource: hyper-v: Fix hv tsc page based sched_clock for hibernation

by Naman Jain

read_hv_sched_clock_tsc() assumes that the Hyper-V clock counter is bigger than the variable hv_sched_clock_offset, which is cached during early boot, but depending on the timing this assumption may be false when a hibernated VM starts again (the clock counter starts from 0 again) and is resuming back (Note: hv_init_tsc_clocksource() is not called during hibernation/resume); consequently, read_hv_sched_clock_tsc() may return a negative integer (which is interpreted as a huge positive integer since the return type is u64) and new kernel messages are prefixed with huge timestamps before read_hv_sched_clock_tsc() grows big enough (which typically takes several seconds). Fix the issue by saving the Hyper-V clock counter just before the suspend, and using it to correct the hv_sched_clock_offset in resume. Override x86_platform.save_sched_clock_state and x86_platform.restore_sched_clock_state. Note: if Invariant TSC is available, the issue doesn't happen because 1) we don't register read_hv_sched_clock_tsc() for sched clock: See commit e5313f1c5404 ("clocksource/drivers/hyper-v: Rework clocksource and sched clock setup"); 2) the common x86 code adjusts TSC similarly: see __restore_processor_state() -> tsc_verify_tsc_adjust(true) and x86_platform.restore_sched_clock_state(). Cc: stable(a)vger.kernel.org Fixes: 1349401ff1aa ("clocksource/drivers/hyper-v: Suspend/resume Hyper-V clocksource for hibernation") Co-developed-by: Dexuan Cui <decui(a)microsoft.com> Signed-off-by: Dexuan Cui <decui(a)microsoft.com> Signed-off-by: Naman Jain <namjain(a)linux.microsoft.com> --- Changes from v1: https://lore.kernel.org/all/20240909053923.8512-1-namjain@linux.microsoft.c… * Reorganized code as per Michael's comment, and moved the logic to x86 specific files, to keep hyperv_timer.c arch independent. --- arch/x86/kernel/cpu/mshyperv.c | 70 ++++++++++++++++++++++++++++++ drivers/clocksource/hyperv_timer.c | 8 +++- include/clocksource/hyperv_timer.h | 8 ++++ 3 files changed, 85 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/mshyperv.c b/arch/x86/kernel/cpu/mshyperv.c index e0fd57a8ba84..d83a694e387c 100644 --- a/arch/x86/kernel/cpu/mshyperv.c +++ b/arch/x86/kernel/cpu/mshyperv.c @@ -224,6 +224,75 @@ static void hv_machine_crash_shutdown(struct pt_regs *regs) hyperv_cleanup(); } #endif /* CONFIG_CRASH_DUMP */ + +static u64 hv_sched_clock_offset_saved; +static void (*old_save_sched_clock_state)(void); +static void (*old_restore_sched_clock_state)(void); + +/* + * Hyper-V clock counter resets during hibernation. Save and restore clock + * offset during suspend/resume, while also considering the time passed + * before suspend. This is to make sure that sched_clock using hv tsc page + * based clocksource, proceeds from where it left off during suspend and + * it shows correct time for the timestamps of kernel messages after resume. + */ +static void save_hv_clock_tsc_state(void) +{ + hv_sched_clock_offset_saved = hv_read_reference_counter(); +} + +static void restore_hv_clock_tsc_state(void) +{ + /* + * hv_sched_clock_offset = offset that is used by hyperv_timer clocksource driver + * to get time. + * Time passed before suspend = hv_sched_clock_offset_saved + * - hv_sched_clock_offset (old) + * + * After Hyper-V clock counter resets, hv_sched_clock_offset needs a correction. + * + * New time = hv_read_reference_counter() (future) - hv_sched_clock_offset (new) + * New time = Time passed before suspend + hv_read_reference_counter() (future) + * - hv_read_reference_counter() (now) + * + * Solving the above two equations gives: + * + * hv_sched_clock_offset (new) = hv_sched_clock_offset (old) + * - hv_sched_clock_offset_saved + * + hv_read_reference_counter() (now)) + */ + hv_adj_sched_clock_offset(hv_sched_clock_offset_saved - hv_read_reference_counter()); +} + +/* + * Functions to override save_sched_clock_state and restore_sched_clock_state + * functions of x86_platform. The Hyper-V clock counter is reset during + * suspend-resume and the offset used to measure time needs to be + * corrected, post resume. + */ +static void hv_save_sched_clock_state(void) +{ + old_save_sched_clock_state(); + save_hv_clock_tsc_state(); +} + +static void hv_restore_sched_clock_state(void) +{ + restore_hv_clock_tsc_state(); + old_restore_sched_clock_state(); +} + +static void __init x86_setup_ops_for_tsc_pg_clock(void) +{ + if (!(ms_hyperv.features & HV_MSR_REFERENCE_TSC_AVAILABLE)) + return; + + old_save_sched_clock_state = x86_platform.save_sched_clock_state; + x86_platform.save_sched_clock_state = hv_save_sched_clock_state; + + old_restore_sched_clock_state = x86_platform.restore_sched_clock_state; + x86_platform.restore_sched_clock_state = hv_restore_sched_clock_state; +} #endif /* CONFIG_HYPERV */ static uint32_t __init ms_hyperv_platform(void) @@ -575,6 +644,7 @@ static void __init ms_hyperv_init_platform(void) /* Register Hyper-V specific clocksource */ hv_init_clocksource(); + x86_setup_ops_for_tsc_pg_clock(); hv_vtl_init_platform(); #endif /* diff --git a/drivers/clocksource/hyperv_timer.c b/drivers/clocksource/hyperv_timer.c index b2a080647e41..e424892444ed 100644 --- a/drivers/clocksource/hyperv_timer.c +++ b/drivers/clocksource/hyperv_timer.c @@ -27,7 +27,8 @@ #include <asm/mshyperv.h> static struct clock_event_device __percpu *hv_clock_event; -static u64 hv_sched_clock_offset __ro_after_init; +/* Note: offset can hold negative values after hibernation. */ +static u64 hv_sched_clock_offset __read_mostly; /* * If false, we're using the old mechanism for stimer0 interrupts @@ -456,6 +457,11 @@ static void resume_hv_clock_tsc(struct clocksource *arg) hv_set_msr(HV_MSR_REFERENCE_TSC, tsc_msr.as_uint64); } +void hv_adj_sched_clock_offset(u64 offset) +{ + hv_sched_clock_offset -= offset; +} + #ifdef HAVE_VDSO_CLOCKMODE_HVCLOCK static int hv_cs_enable(struct clocksource *cs) { diff --git a/include/clocksource/hyperv_timer.h b/include/clocksource/hyperv_timer.h index 6cdc873ac907..62e2bad754c0 100644 --- a/include/clocksource/hyperv_timer.h +++ b/include/clocksource/hyperv_timer.h @@ -38,6 +38,14 @@ extern void hv_remap_tsc_clocksource(void); extern unsigned long hv_get_tsc_pfn(void); extern struct ms_hyperv_tsc_page *hv_get_tsc_page(void); +/* + * Called during resume from hibernation, from overridden + * x86_platform.restore_sched_clock_state routine. This is to adjust offsets + * used to calculate time for hv tsc page based sched_clock, to account for + * time spent before hibernation. + */ +extern void hv_adj_sched_clock_offset(u64 offset); + static __always_inline bool hv_read_tsc_page_tsc(const struct ms_hyperv_tsc_page *tsc_pg, u64 *cur_tsc, u64 *time) base-commit: da3ea35007d0af457a0afc87e84fddaebc4e0b63 -- 2.25.1

1 year, 3 months

2
4
0 0

[PATCH net v2] net: tighten bad gso csum offset check in virtio_net_hdr

by Willem de Bruijn

From: Willem de Bruijn <willemb(a)google.com> The referenced commit drops bad input, but has false positives. Tighten the check to avoid these. The check detects illegal checksum offload requests, which produce csum_start/csum_off beyond end of packet after segmentation. But it is based on two incorrect assumptions: 1. virtio_net_hdr_to_skb with VIRTIO_NET_HDR_GSO_TCP[46] implies GSO. True in callers that inject into the tx path, such as tap. But false in callers that inject into rx, like virtio-net. Here, the flags indicate GRO, and CHECKSUM_UNNECESSARY or CHECKSUM_NONE without VIRTIO_NET_HDR_F_NEEDS_CSUM is normal. 2. TSO requires checksum offload, i.e., ip_summed == CHECKSUM_PARTIAL. False, as tcp[46]_gso_segment will fix up csum_start and offset for all other ip_summed by calling __tcp_v4_send_check. Because of 2, we can limit the scope of the fix to virtio_net_hdr that do try to set these fields, with a bogus value. Link: https://lore.kernel.org/netdev/20240909094527.GA3048202@port70.net/ Fixes: 89add40066f9 ("net: drop bad gso csum_start and offset in virtio_net_hdr") Signed-off-by: Willem de Bruijn <willemb(a)google.com> Acked-by: Jason Wang <jasowang(a)redhat.com> Acked-by: Michael S. Tsirkin <mst(a)redhat.com> Cc: stable(a)vger.kernel.org --- Changes v1->v2: - Fix Cc: - Add Acks from v1 --- include/linux/virtio_net.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/linux/virtio_net.h b/include/linux/virtio_net.h index 6c395a2600e8d..276ca543ef44d 100644 --- a/include/linux/virtio_net.h +++ b/include/linux/virtio_net.h @@ -173,7 +173,8 @@ static inline int virtio_net_hdr_to_skb(struct sk_buff *skb, break; case SKB_GSO_TCPV4: case SKB_GSO_TCPV6: - if (skb->csum_offset != offsetof(struct tcphdr, check)) + if (skb->ip_summed == CHECKSUM_PARTIAL && + skb->csum_offset != offsetof(struct tcphdr, check)) return -EINVAL; break; } -- 2.46.0.598.g6f2099f65c-goog

1 year, 3 months

3
3
0 0

[PATCH] workqueue: Clear worker->pool in the worker thread context

by Lai Jiangshan

From: Lai Jiangshan <jiangshan.ljs(a)antgroup.com> Marc Hartmayer reported: [ 23.133876] Unable to handle kernel pointer dereference in virtual kernel address space [ 23.133950] Failing address: 0000000000000000 TEID: 0000000000000483 [ 23.133954] Fault in home space mode while using kernel ASCE. [ 23.133957] AS:000000001b8f0007 R3:0000000056cf4007 S:0000000056cf3800 P:000000000000003d [ 23.134207] Oops: 0004 ilc:2 [#1] SMP (snip) [ 23.134516] Call Trace: [ 23.134520] [<0000024e326caf28>] worker_thread+0x48/0x430 [ 23.134525] ([<0000024e326caf18>] worker_thread+0x38/0x430) [ 23.134528] [<0000024e326d3a3e>] kthread+0x11e/0x130 [ 23.134533] [<0000024e3264b0dc>] __ret_from_fork+0x3c/0x60 [ 23.134536] [<0000024e333fb37a>] ret_from_fork+0xa/0x38 [ 23.134552] Last Breaking-Event-Address: [ 23.134553] [<0000024e333f4c04>] mutex_unlock+0x24/0x30 [ 23.134562] Kernel panic - not syncing: Fatal exception: panic_on_oops With debuging and analysis, worker_thread() accesses to the nullified worker->pool when the newly created worker is destroyed before being waken-up, in which case worker_thread() can see the result detach_worker() reseting worker->pool to NULL at the begining. Move the code "worker->pool = NULL;" out from detach_worker() to fix the problem. worker->pool had been designed to be constant for regular workers and changeable for rescuer. To share attaching/detaching code for regular and rescuer workers and to avoid worker->pool being accessed inadvertently when the worker has been detached, worker->pool is reset to NULL when detached no matter the worker is rescuer or not. To maintain worker->pool being reset after detached, move the code "worker->pool = NULL;" in the worker thread context after detached. It is either be in the regular worker thread context after PF_WQ_WORKER is cleared or in rescuer worker thread context with wq_pool_attach_mutex held. So it is safe to do so. Cc: Marc Hartmayer <mhartmay(a)linux.ibm.com> Link: https://lore.kernel.org/lkml/87wmjj971b.fsf@linux.ibm.com/ Reported-by: Marc Hartmayer <mhartmay(a)linux.ibm.com> Fixes: f4b7b53c94af ("workqueue: Detach workers directly in idle_cull_fn()") Cc: stable(a)vger.kernel.org # v6.11+ Signed-off-by: Lai Jiangshan <jiangshan.ljs(a)antgroup.com> --- kernel/workqueue.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/kernel/workqueue.c b/kernel/workqueue.c index e7b005ff3750..6f2545037e57 100644 --- a/kernel/workqueue.c +++ b/kernel/workqueue.c @@ -2709,7 +2709,6 @@ static void detach_worker(struct worker *worker) unbind_worker(worker); list_del(&worker->node); - worker->pool = NULL; } /** @@ -2729,6 +2728,7 @@ static void worker_detach_from_pool(struct worker *worker) mutex_lock(&wq_pool_attach_mutex); detach_worker(worker); + worker->pool = NULL; mutex_unlock(&wq_pool_attach_mutex); /* clear leftover flags without pool->lock after it is detached */ @@ -3349,7 +3349,11 @@ static int worker_thread(void *__worker) if (unlikely(worker->flags & WORKER_DIE)) { raw_spin_unlock_irq(&pool->lock); set_pf_worker(false); - + /* + * The worker is dead and PF_WQ_WORKER is cleared, worker->pool + * shouldn't be accessed, reset it to NULL in case otherwise. + */ + worker->pool = NULL; ida_free(&pool->worker_ida, worker->id); return 0; } -- 2.19.1.6.gb485710b

1 year, 3 months

3
2
0 0

[PATCH] USB: misc: yurex: fix race between read and write

by Oliver Neukum

The write code path touches the bbu member in a non atomic manner without taking the spinlock. Fix it. The bug is as old as the driver. Signed-off-by: Oliver Neukum <oneukum(a)suse.com> CC: stable(a)vger.kernel.org --- drivers/usb/misc/yurex.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/drivers/usb/misc/yurex.c b/drivers/usb/misc/yurex.c index 4745a320eae4..4a9859e03f6b 100644 --- a/drivers/usb/misc/yurex.c +++ b/drivers/usb/misc/yurex.c @@ -404,7 +404,6 @@ static ssize_t yurex_read(struct file *file, char __user *buffer, size_t count, struct usb_yurex *dev; int len = 0; char in_buffer[MAX_S64_STRLEN]; - unsigned long flags; dev = file->private_data; @@ -419,9 +418,9 @@ static ssize_t yurex_read(struct file *file, char __user *buffer, size_t count, return -EIO; } - spin_lock_irqsave(&dev->lock, flags); + spin_lock_irq(&dev->lock); scnprintf(in_buffer, MAX_S64_STRLEN, "%lld\n", dev->bbu); - spin_unlock_irqrestore(&dev->lock, flags); + spin_unlock_irq(&dev->lock); mutex_unlock(&dev->io_mutex); return simple_read_from_buffer(buffer, count, ppos, in_buffer, len); @@ -511,8 +510,11 @@ static ssize_t yurex_write(struct file *file, const char __user *user_buffer, __func__, retval); goto error; } - if (set && timeout) + if (set && timeout) { + spin_lock_irq(&dev->lock); dev->bbu = c2; + spin_unlock_irq(&dev->lock); + } return timeout ? count : -EIO; error: -- 2.45.2

1 year, 3 months

1
0
0 0

[PATCH] brbd: Fix atomicity violation in drbd_uuid_set_bm()

by Qiu-ji Chen

The violation of atomicity occurs when the brbd_uuid_set_bm function is executed simultaneously with modifying the value of device->ldev->md.uuid[UI_BITMAP]. Consider a scenario where, while device->ldev->md.uuid[UI_BITMAP] passes the validity check when its value is not zero, the value of device->ldev->md.uuid[UI_BITMAP] is written to zero. In this case, the check in brbd_uuid_set_bm might refer to the old value of device->ldev->md.uuid[UI_BITMAP] (before locking), which allows an invalid value to pass the validity check, resulting in inconsistency. To address this issue, it is recommended to include the data validity check within the locked section of the function. This modification ensures that the value of device->ldev->md.uuid[UI_BITMAP] does not change during the validation process, thereby maintaining its integrity. This possible bug is found by an experimental static analysis tool developed by our team. This tool analyzes the locking APIs to extract function pairs that can be concurrently executed, and then analyzes the instructions in the paired functions to identify possible concurrency bugs including data races and atomicity violations. Fixes: 9f2247bb9b75 ("drbd: Protect accesses to the uuid set with a spinlock") Cc: stable(a)vger.kernel.org Signed-off-by: Qiu-ji Chen <chenqiuji666(a)gmail.com> --- drivers/block/drbd/drbd_main.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/block/drbd/drbd_main.c b/drivers/block/drbd/drbd_main.c index a9e49b212341..abafc4edf9ed 100644 --- a/drivers/block/drbd/drbd_main.c +++ b/drivers/block/drbd/drbd_main.c @@ -3399,10 +3399,12 @@ void drbd_uuid_new_current(struct drbd_device *device) __must_hold(local) void drbd_uuid_set_bm(struct drbd_device *device, u64 val) __must_hold(local) { unsigned long flags; - if (device->ldev->md.uuid[UI_BITMAP] == 0 && val == 0) + spin_lock_irqsave(&device->ldev->md.uuid_lock, flags); + if (device->ldev->md.uuid[UI_BITMAP] == 0 && val == 0) { + spin_unlock_irqrestore(&device->ldev->md.uuid_lock, flags); return; + } - spin_lock_irqsave(&device->ldev->md.uuid_lock, flags); if (val == 0) { drbd_uuid_move_history(device); device->ldev->md.uuid[UI_HISTORY_START] = device->ldev->md.uuid[UI_BITMAP]; -- 2.34.1

1 year, 3 months

2
1
0 0

[PATCH] USB: misc: cypress_cy7c63: check for short transfer

by Oliver Neukum

As we process the second byte of a control transfer, transfers of less than 2 bytes must be discarded. This bug is as old as the driver. SIgned-off-by: Oliver Neukum <oneukum(a)suse.com> CC: stable(a)vger.kernel.org --- drivers/usb/misc/cypress_cy7c63.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/usb/misc/cypress_cy7c63.c b/drivers/usb/misc/cypress_cy7c63.c index cecd7693b741..75f5a740cba3 100644 --- a/drivers/usb/misc/cypress_cy7c63.c +++ b/drivers/usb/misc/cypress_cy7c63.c @@ -88,6 +88,9 @@ static int vendor_command(struct cypress *dev, unsigned char request, USB_DIR_IN | USB_TYPE_VENDOR | USB_RECIP_OTHER, address, data, iobuf, CYPRESS_MAX_REQSIZE, USB_CTRL_GET_TIMEOUT); + /* we must not process garbage */ + if (retval < 2) + goto err_buf; /* store returned data (more READs to be added) */ switch (request) { @@ -107,6 +110,7 @@ static int vendor_command(struct cypress *dev, unsigned char request, break; } +err_buf: kfree(iobuf); error: return retval; -- 2.45.2

1 year, 3 months

1
0
0 0

[PATCH] appledisplay: close race between probe and completion handler

by Oliver Neukum

There is a small window during probing when IO is running but the backlight is not registered. Processing events during that time will crash. The completion handler needs to check for a backlight before scheduling work. The bug is as old as the driver. Signed-off-by: Oliver Neukum <oneukum(a)suse.com> CC: stable(a)vger.kernel.org --- drivers/usb/misc/appledisplay.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/drivers/usb/misc/appledisplay.c b/drivers/usb/misc/appledisplay.c index c8098e9b432e..62b5a30edc42 100644 --- a/drivers/usb/misc/appledisplay.c +++ b/drivers/usb/misc/appledisplay.c @@ -107,7 +107,12 @@ static void appledisplay_complete(struct urb *urb) case ACD_BTN_BRIGHT_UP: case ACD_BTN_BRIGHT_DOWN: pdata->button_pressed = 1; - schedule_delayed_work(&pdata->work, 0); + /* + * there is a window during which no device + * is registered + */ + if (pdata->bd ) + schedule_delayed_work(&pdata->work, 0); break; case ACD_BTN_NONE: default: @@ -202,6 +207,7 @@ static int appledisplay_probe(struct usb_interface *iface, const struct usb_device_id *id) { struct backlight_properties props; + struct backlight_device *backlight; struct appledisplay *pdata; struct usb_device *udev = interface_to_usbdev(iface); struct usb_endpoint_descriptor *endpoint; @@ -272,13 +278,14 @@ static int appledisplay_probe(struct usb_interface *iface, memset(&props, 0, sizeof(struct backlight_properties)); props.type = BACKLIGHT_RAW; props.max_brightness = 0xff; - pdata->bd = backlight_device_register(bl_name, NULL, pdata, + backlight = backlight_device_register(bl_name, NULL, pdata, &appledisplay_bl_data, &props); - if (IS_ERR(pdata->bd)) { + if (IS_ERR(backlight)) { dev_err(&iface->dev, "Backlight registration failed\n"); - retval = PTR_ERR(pdata->bd); + retval = PTR_ERR(backlight); goto error; } + pdata->bd = backlight; /* Try to get brightness */ brightness = appledisplay_bl_get_brightness(pdata->bd); -- 2.45.2

1 year, 3 months

1
0
0 0

Linux 6.10.10

by Greg Kroah-Hartman

I'm announcing the release of the 6.10.10 kernel. All users of the 6.10 kernel series must upgrade. The updated 6.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/cgroup-v2.rst | 15 Documentation/devicetree/bindings/nvmem/xlnx,zynqmp-nvmem.yaml | 2 Makefile | 2 arch/arm64/include/asm/acpi.h | 12 arch/arm64/kernel/acpi_numa.c | 11 arch/loongarch/include/asm/hugetlb.h | 4 arch/loongarch/include/asm/kfence.h | 6 arch/loongarch/include/asm/pgtable.h | 48 - arch/loongarch/kernel/relocate.c | 4 arch/loongarch/kvm/mmu.c | 8 arch/loongarch/mm/hugetlbpage.c | 6 arch/loongarch/mm/init.c | 10 arch/loongarch/mm/kasan_init.c | 10 arch/loongarch/mm/pgtable.c | 2 arch/mips/kernel/cevt-r4k.c | 15 arch/parisc/mm/init.c | 16 arch/powerpc/include/asm/nohash/mmu-e500.h | 3 arch/powerpc/kernel/rtas.c | 4 arch/powerpc/kernel/vdso/vdso32.lds.S | 4 arch/powerpc/kernel/vdso/vdso64.lds.S | 4 arch/powerpc/lib/qspinlock.c | 10 arch/powerpc/mm/nohash/Makefile | 2 arch/powerpc/mm/nohash/tlb.c | 398 ---------- arch/powerpc/mm/nohash/tlb_64e.c | 361 +++++++++ arch/powerpc/mm/nohash/tlb_low_64e.S | 195 ---- arch/riscv/Kconfig | 4 arch/riscv/include/asm/processor.h | 26 arch/riscv/include/asm/sbi.h | 30 arch/riscv/include/asm/trace.h | 54 + arch/riscv/kernel/Makefile | 6 arch/riscv/kernel/head.S | 3 arch/riscv/kernel/probes/kprobes.c | 5 arch/riscv/kernel/sbi.c | 56 - arch/riscv/kernel/sbi_ecall.c | 48 + arch/riscv/kernel/traps_misaligned.c | 4 arch/riscv/mm/init.c | 2 arch/s390/boot/startup.c | 8 arch/s390/kernel/vmlinux.lds.S | 17 arch/um/drivers/line.c | 2 arch/x86/coco/tdx/tdx.c | 1 arch/x86/events/intel/core.c | 57 + arch/x86/include/asm/fpu/types.h | 7 arch/x86/include/asm/page_64.h | 1 arch/x86/include/asm/pgtable_64_types.h | 4 arch/x86/kernel/apic/apic.c | 11 arch/x86/kernel/fpu/xstate.c | 3 arch/x86/kernel/fpu/xstate.h | 4 arch/x86/kvm/svm/svm.c | 15 arch/x86/kvm/x86.c | 2 arch/x86/lib/iomem.c | 5 arch/x86/mm/init_64.c | 4 arch/x86/mm/kaslr.c | 32 arch/x86/mm/pti.c | 45 - block/bio.c | 14 drivers/accel/habanalabs/gaudi2/gaudi2_security.c | 1 drivers/acpi/acpi_processor.c | 15 drivers/android/binder.c | 1 drivers/ata/libata-core.c | 4 drivers/ata/libata-scsi.c | 24 drivers/ata/pata_macio.c | 7 drivers/base/devres.c | 1 drivers/base/regmap/regcache-maple.c | 3 drivers/block/ublk_drv.c | 2 drivers/bluetooth/btnxpuart.c | 12 drivers/bluetooth/hci_qca.c | 1 drivers/clk/qcom/clk-alpha-pll.c | 6 drivers/clk/qcom/clk-rcg.h | 1 drivers/clk/qcom/clk-rcg2.c | 30 drivers/clk/qcom/gcc-ipq9574.c | 12 drivers/clk/qcom/gcc-sm8550.c | 54 - drivers/clk/qcom/gcc-x1e80100.c | 52 - drivers/clk/starfive/clk-starfive-jh7110-sys.c | 31 drivers/clk/starfive/clk-starfive-jh71x0.h | 2 drivers/clocksource/timer-imx-tpm.c | 16 drivers/clocksource/timer-of.c | 17 drivers/clocksource/timer-of.h | 1 drivers/crypto/intel/qat/qat_common/adf_gen2_pfvf.c | 4 drivers/crypto/intel/qat/qat_common/adf_rl.c | 1 drivers/crypto/intel/qat/qat_dh895xcc/adf_dh895xcc_hw_data.c | 8 drivers/crypto/starfive/jh7110-cryp.h | 4 drivers/crypto/starfive/jh7110-rsa.c | 15 drivers/cxl/core/region.c | 24 drivers/firmware/cirrus/cs_dsp.c | 3 drivers/gpio/gpio-rockchip.c | 1 drivers/gpio/gpio-zynqmp-modepin.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 15 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 79 + drivers/gpu/drm/amd/amdgpu/amdgpu_display.c | 30 drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c | 6 drivers/gpu/drm/amd/amdgpu/amdgpu_ids.c | 15 drivers/gpu/drm/amd/amdgpu/amdgpu_ids.h | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 123 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_psp.h | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_reset.h | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 6 drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 8 drivers/gpu/drm/amd/amdgpu/gfxhub_v1_2.c | 8 drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c | 3 drivers/gpu/drm/amd/amdgpu/ih_v6_0.c | 28 drivers/gpu/drm/amd/amdgpu/mmhub_v1_8.c | 8 drivers/gpu/drm/amd/amdgpu/mxgpu_ai.c | 3 drivers/gpu/drm/amd/amdgpu/mxgpu_nv.c | 3 drivers/gpu/drm/amd/amdgpu/mxgpu_vi.c | 3 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 15 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c | 47 - drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c | 7 drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hubbub.c | 3 drivers/gpu/drm/amd/display/dc/dml2/display_mode_core.c | 2 drivers/gpu/drm/amd/display/dc/link/link_factory.c | 6 drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_training.c | 3 drivers/gpu/drm/amd/display/dc/resource/dcn315/dcn315_resource.c | 2 drivers/gpu/drm/amd/display/modules/hdcp/hdcp1_execution.c | 15 drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 6 drivers/gpu/drm/i915/display/intel_display_types.h | 4 drivers/gpu/drm/i915/display/intel_dp.c | 4 drivers/gpu/drm/i915/display/intel_dp_aux.c | 16 drivers/gpu/drm/i915/display/intel_dp_aux.h | 2 drivers/gpu/drm/i915/display/intel_psr.c | 2 drivers/gpu/drm/i915/display/intel_quirks.c | 68 + drivers/gpu/drm/i915/display/intel_quirks.h | 6 drivers/gpu/drm/i915/gt/uc/intel_gsc_uc.c | 2 drivers/gpu/drm/i915/gt/uc/intel_uc_fw.h | 5 drivers/gpu/drm/i915/i915_sw_fence.c | 8 drivers/gpu/drm/imagination/pvr_vm.c | 4 drivers/gpu/drm/nouveau/nvkm/subdev/gsp/fwsec.c | 2 drivers/gpu/drm/panthor/panthor_drv.c | 23 drivers/gpu/drm/panthor/panthor_fw.c | 8 drivers/gpu/drm/panthor/panthor_mmu.c | 21 drivers/gpu/drm/panthor/panthor_mmu.h | 1 drivers/gpu/drm/panthor/panthor_sched.c | 2 drivers/gpu/drm/xe/regs/xe_gt_regs.h | 1 drivers/gpu/drm/xe/xe_gsc.c | 12 drivers/gpu/drm/xe/xe_uc_fw.h | 9 drivers/gpu/drm/xe/xe_wa.c | 8 drivers/hid/amd-sfh-hid/amd_sfh_hid.c | 4 drivers/hid/bpf/Kconfig | 2 drivers/hid/hid-cougar.c | 2 drivers/hv/vmbus_drv.c | 1 drivers/hwmon/adc128d818.c | 4 drivers/hwmon/hp-wmi-sensors.c | 2 drivers/hwmon/lm95234.c | 9 drivers/hwmon/ltc2991.c | 6 drivers/hwmon/nct6775-core.c | 2 drivers/hwmon/w83627ehf.c | 4 drivers/i3c/master/mipi-i3c-hci/dma.c | 5 drivers/i3c/master/svc-i3c-master.c | 58 + drivers/iio/adc/ad7124.c | 30 drivers/iio/adc/ad7606.c | 28 drivers/iio/adc/ad7606.h | 2 drivers/iio/adc/ad7606_par.c | 48 + drivers/iio/adc/ad_sigma_delta.c | 2 drivers/iio/buffer/industrialio-buffer-dmaengine.c | 4 drivers/iio/imu/inv_mpu6050/inv_mpu_trigger.c | 13 drivers/iio/inkern.c | 8 drivers/input/misc/uinput.c | 14 drivers/input/touchscreen/ili210x.c | 6 drivers/iommu/intel/dmar.c | 2 drivers/iommu/intel/iommu.c | 4 drivers/iommu/intel/iommu.h | 6 drivers/iommu/intel/pasid.c | 1 drivers/iommu/intel/pasid.h | 10 drivers/iommu/iommufd/hw_pagetable.c | 3 drivers/iommu/sun50i-iommu.c | 1 drivers/irqchip/irq-armada-370-xp.c | 4 drivers/irqchip/irq-gic-v2m.c | 6 drivers/irqchip/irq-renesas-rzg2l.c | 2 drivers/irqchip/irq-riscv-aplic-main.c | 4 drivers/irqchip/irq-sifive-plic.c | 115 +- drivers/leds/leds-spi-byte.c | 6 drivers/md/dm-init.c | 4 drivers/media/platform/qcom/camss/camss.c | 5 drivers/media/test-drivers/vivid/vivid-vid-cap.c | 17 drivers/media/test-drivers/vivid/vivid-vid-out.c | 16 drivers/media/usb/b2c2/flexcop-usb.c | 7 drivers/misc/fastrpc.c | 5 drivers/misc/vmw_vmci/vmci_resource.c | 3 drivers/mmc/core/quirks.h | 22 drivers/mmc/core/sd.c | 4 drivers/mmc/host/cqhci-core.c | 2 drivers/mmc/host/dw_mmc.c | 4 drivers/mmc/host/sdhci-of-aspeed.c | 1 drivers/net/bareudp.c | 22 drivers/net/can/kvaser_pciefd.c | 43 - drivers/net/can/m_can/m_can.c | 100 +- drivers/net/can/spi/mcp251x.c | 2 drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c | 28 drivers/net/can/spi/mcp251xfd/mcp251xfd-ram.c | 11 drivers/net/can/spi/mcp251xfd/mcp251xfd-ring.c | 23 drivers/net/can/spi/mcp251xfd/mcp251xfd-rx.c | 165 ++-- drivers/net/can/spi/mcp251xfd/mcp251xfd-tef.c | 2 drivers/net/can/spi/mcp251xfd/mcp251xfd-timestamp.c | 22 drivers/net/can/spi/mcp251xfd/mcp251xfd.h | 42 - drivers/net/dsa/vitesse-vsc73xx-core.c | 10 drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 20 drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 10 drivers/net/ethernet/google/gve/gve.h | 1 drivers/net/ethernet/google/gve/gve_adminq.c | 22 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_err.c | 6 drivers/net/ethernet/intel/ice/ice.h | 2 drivers/net/ethernet/intel/ice/ice_base.c | 11 drivers/net/ethernet/intel/ice/ice_lib.c | 175 +--- drivers/net/ethernet/intel/ice/ice_lib.h | 10 drivers/net/ethernet/intel/ice/ice_main.c | 63 + drivers/net/ethernet/intel/ice/ice_xsk.c | 12 drivers/net/ethernet/intel/igb/igb_main.c | 10 drivers/net/ethernet/intel/igc/igc_main.c | 1 drivers/net/ethernet/mellanox/mlx5/core/en.h | 20 drivers/net/ethernet/mellanox/mlx5/core/en/params.c | 12 drivers/net/ethernet/mellanox/mlx5/core/en/txrx.h | 19 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 21 drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 66 - drivers/net/ethernet/microchip/vcap/vcap_api_kunit.c | 14 drivers/net/ethernet/microsoft/mana/mana_en.c | 22 drivers/net/ethernet/ti/am65-cpsw-nuss.c | 82 +- drivers/net/ethernet/xilinx/xilinx_axienet.h | 3 drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 8 drivers/net/mctp/mctp-serial.c | 4 drivers/net/phy/phy_device.c | 2 drivers/net/usb/ipheth.c | 2 drivers/net/usb/r8152.c | 17 drivers/net/usb/usbnet.c | 11 drivers/net/wireless/ath/ath11k/ahb.c | 4 drivers/net/wireless/ath/ath11k/core.c | 115 -- drivers/net/wireless/ath/ath11k/core.h | 4 drivers/net/wireless/ath/ath11k/hif.h | 12 drivers/net/wireless/ath/ath11k/mhi.c | 12 drivers/net/wireless/ath/ath11k/mhi.h | 3 drivers/net/wireless/ath/ath11k/pci.c | 44 - drivers/net/wireless/ath/ath11k/qmi.c | 2 drivers/net/wireless/ath/ath12k/mac.c | 9 drivers/net/wireless/broadcom/brcm80211/brcmsmac/mac80211_if.c | 1 drivers/net/wireless/intel/iwlwifi/mvm/mvm.h | 3 drivers/net/wireless/marvell/mwifiex/main.h | 3 drivers/net/wireless/realtek/rtw88/usb.c | 13 drivers/net/wireless/realtek/rtw89/core.c | 3 drivers/nvme/host/constants.c | 2 drivers/nvme/host/core.c | 40 - drivers/nvme/host/fabrics.c | 10 drivers/nvme/host/fault_inject.c | 2 drivers/nvme/host/fc.c | 6 drivers/nvme/host/multipath.c | 2 drivers/nvme/host/nvme.h | 6 drivers/nvme/host/pci.c | 17 drivers/nvme/host/pr.c | 10 drivers/nvme/target/admin-cmd.c | 34 drivers/nvme/target/core.c | 46 - drivers/nvme/target/discovery.c | 14 drivers/nvme/target/fabrics-cmd-auth.c | 16 drivers/nvme/target/fabrics-cmd.c | 36 drivers/nvme/target/io-cmd-bdev.c | 12 drivers/nvme/target/passthru.c | 10 drivers/nvme/target/rdma.c | 10 drivers/nvme/target/tcp.c | 8 drivers/nvme/target/zns.c | 30 drivers/nvmem/core.c | 6 drivers/nvmem/u-boot-env.c | 7 drivers/of/irq.c | 15 drivers/pci/controller/dwc/pci-keystone.c | 44 + drivers/pci/controller/dwc/pcie-qcom.c | 25 drivers/pci/hotplug/pnv_php.c | 3 drivers/pci/pci.c | 35 drivers/pcmcia/yenta_socket.c | 6 drivers/phy/xilinx/phy-zynqmp.c | 1 drivers/pinctrl/qcom/pinctrl-x1e80100.c | 4 drivers/platform/x86/dell/dell-smbios-base.c | 5 drivers/ptp/ptp_ocp.c | 168 ++-- drivers/scsi/lpfc/lpfc_els.c | 17 drivers/scsi/pm8001/pm8001_sas.c | 4 drivers/spi/spi-fsl-lpspi.c | 31 drivers/spi/spi-hisi-kunpeng.c | 3 drivers/spi/spi-intel.c | 3 drivers/spi/spi-rockchip.c | 23 drivers/staging/iio/frequency/ad9834.c | 2 drivers/staging/vc04_services/interface/vchiq_arm/vchiq_core.c | 31 drivers/ufs/core/ufshcd.c | 7 drivers/uio/uio_hv_generic.c | 11 drivers/usb/dwc3/core.c | 15 drivers/usb/dwc3/core.h | 2 drivers/usb/dwc3/gadget.c | 41 - drivers/usb/gadget/udc/aspeed_udc.c | 2 drivers/usb/gadget/udc/cdns2/cdns2-gadget.c | 12 drivers/usb/gadget/udc/cdns2/cdns2-gadget.h | 9 drivers/usb/storage/uas.c | 1 drivers/usb/typec/ucsi/ucsi.c | 50 - drivers/vfio/vfio_iommu_spapr_tce.c | 13 drivers/virt/coco/sev-guest/sev-guest.c | 7 drivers/virtio/virtio_ring.c | 4 drivers/watchdog/imx7ulp_wdt.c | 5 drivers/xen/privcmd.c | 10 fs/binfmt_elf.c | 5 fs/btrfs/ctree.c | 12 fs/btrfs/ctree.h | 1 fs/btrfs/extent-tree.c | 62 + fs/btrfs/file.c | 25 fs/btrfs/inode.c | 2 fs/btrfs/qgroup.c | 90 ++ fs/btrfs/transaction.h | 6 fs/btrfs/zoned.c | 30 fs/cachefiles/io.c | 2 fs/ext4/fast_commit.c | 8 fs/fuse/dev.c | 14 fs/fuse/dir.c | 2 fs/fuse/file.c | 8 fs/fuse/inode.c | 7 fs/fuse/xattr.c | 4 fs/jbd2/recovery.c | 30 fs/libfs.c | 6 fs/namespace.c | 93 +- fs/netfs/fscache_main.c | 1 fs/netfs/io.c | 19 fs/nfs/super.c | 2 fs/nilfs2/recovery.c | 35 fs/nilfs2/segment.c | 10 fs/nilfs2/sysfs.c | 43 - fs/ntfs3/dir.c | 52 - fs/ntfs3/frecord.c | 4 fs/smb/client/cifsfs.c | 21 fs/smb/client/cifsglob.h | 1 fs/smb/client/cifssmb.c | 54 + fs/smb/client/file.c | 37 fs/smb/client/inode.c | 2 fs/smb/client/smb2inode.c | 3 fs/smb/client/smb2ops.c | 18 fs/smb/client/smb2pdu.c | 41 - fs/smb/client/trace.h | 1 fs/smb/server/oplock.c | 2 fs/smb/server/smb2pdu.c | 14 fs/smb/server/transport_tcp.c | 4 fs/squashfs/inode.c | 7 fs/tracefs/event_inode.c | 2 fs/udf/super.c | 15 fs/xattr.c | 91 +- fs/xfs/libxfs/xfs_ialloc_btree.c | 2 include/linux/bpf-cgroup.h | 9 include/linux/mlx5/device.h | 1 include/linux/mm.h | 4 include/linux/netfs.h | 1 include/linux/nvme.h | 16 include/linux/path.h | 9 include/linux/regulator/consumer.h | 8 include/linux/zswap.h | 4 include/net/bluetooth/hci_core.h | 5 include/net/bluetooth/hci_sync.h | 4 include/net/mana/mana.h | 2 include/uapi/drm/drm_fourcc.h | 18 include/uapi/drm/panthor_drm.h | 6 kernel/bpf/btf.c | 4 kernel/bpf/verifier.c | 4 kernel/cgroup/cgroup.c | 2 kernel/cgroup/cpuset.c | 36 kernel/dma/map_benchmark.c | 16 kernel/events/core.c | 18 kernel/events/internal.h | 1 kernel/events/ring_buffer.c | 2 kernel/events/uprobes.c | 3 kernel/exit.c | 3 kernel/kexec_file.c | 2 kernel/locking/rtmutex.c | 9 kernel/resource.c | 6 kernel/seccomp.c | 23 kernel/smp.c | 1 kernel/trace/trace.c | 2 kernel/trace/trace_kprobe.c | 125 ++- kernel/trace/trace_osnoise.c | 50 - kernel/workqueue.c | 12 lib/codetag.c | 17 lib/generic-radix-tree.c | 2 lib/maple_tree.c | 7 lib/overflow_kunit.c | 3 mm/memcontrol.c | 12 mm/memory_hotplug.c | 2 mm/page_alloc.c | 7 mm/slub.c | 4 mm/sparse.c | 2 mm/userfaultfd.c | 29 mm/vmalloc.c | 7 mm/vmscan.c | 24 mm/zswap.c | 2 net/bluetooth/hci_conn.c | 6 net/bluetooth/hci_sync.c | 42 + net/bluetooth/mgmt.c | 144 +-- net/bluetooth/smp.c | 7 net/bridge/br_fdb.c | 6 net/can/bcm.c | 4 net/core/filter.c | 1 net/core/net-sysfs.c | 2 net/ethtool/channels.c | 6 net/ethtool/common.c | 26 net/ethtool/common.h | 2 net/ethtool/ioctl.c | 4 net/ipv4/fou_core.c | 29 net/ipv4/tcp_bpf.c | 2 net/ipv4/tcp_input.c | 6 net/ipv6/ila/ila.h | 1 net/ipv6/ila/ila_main.c | 6 net/ipv6/ila/ila_xlat.c | 13 net/netfilter/nf_conncount.c | 8 net/sched/sch_cake.c | 11 net/sched/sch_netem.c | 9 net/socket.c | 4 net/unix/af_unix.c | 9 rust/Makefile | 2 rust/macros/module.rs | 6 scripts/gfp-translate | 66 + security/smack/smack_lsm.c | 12 sound/core/control.c | 6 sound/hda/hdmi_chmap.c | 18 sound/pci/hda/patch_conexant.c | 11 sound/pci/hda/patch_realtek.c | 22 sound/soc/codecs/tas2781-fmwlib.c | 71 - sound/soc/intel/boards/bxt_rt298.c | 2 sound/soc/intel/boards/bytcht_cx2072x.c | 2 sound/soc/intel/boards/bytcht_da7213.c | 2 sound/soc/intel/boards/bytcht_es8316.c | 2 sound/soc/intel/boards/bytcr_rt5640.c | 2 sound/soc/intel/boards/bytcr_rt5651.c | 2 sound/soc/intel/boards/bytcr_wm5102.c | 2 sound/soc/intel/boards/cht_bsw_rt5645.c | 2 sound/soc/intel/boards/cht_bsw_rt5672.c | 2 sound/soc/soc-dapm.c | 1 sound/soc/soc-topology.c | 2 sound/soc/sof/topology.c | 2 sound/soc/sunxi/sun4i-i2s.c | 143 +-- sound/soc/tegra/tegra210_ahub.c | 10 tools/lib/bpf/libbpf.c | 4 tools/net/ynl/lib/ynl.py | 7 tools/perf/util/bpf_lock_contention.c | 3 tools/testing/selftests/dmabuf-heaps/dmabuf-heap.c | 4 tools/testing/selftests/mm/mseal_test.c | 37 tools/testing/selftests/mm/seal_elf.c | 13 tools/testing/selftests/net/Makefile | 3 tools/testing/selftests/riscv/mm/mmap_bottomup.c | 2 tools/testing/selftests/riscv/mm/mmap_default.c | 2 tools/testing/selftests/riscv/mm/mmap_test.h | 67 - 436 files changed, 4628 insertions(+), 3085 deletions(-) Aaradhana Sahu (1): wifi: ath12k: fix uninitialize symbol error on ath12k_peer_assoc_h_he() Abel Vesa (1): clk: qcom: gcc-x1e80100: Fix USB 0 and 1 PHY GDSC pwrsts flags Adam Queler (1): ALSA: hda/realtek: Enable Mute Led for HP Victus 15-fb1xxx Adrian Huang (1): mm: vmalloc: optimize vmap_lazy_nr arithmetic when purging each vmap_area Adrián Larumbe (1): drm/panthor: flush FW AS caches in slow reset path Ajith C (1): wifi: ath12k: fix firmware crash due to invalid peer nss Aleksandr Mishin (2): platform/x86: dell-smbios: Fix error path in dell_smbios_init() staging: iio: frequency: ad9834: Validate frequency parameter value Alex Deucher (2): Revert "drm/amdgpu: align pp_power_profile_mode with kernel docs" drm/amdgpu: always allocate cleared VRAM for GEM allocations Alex Hung (6): drm/amd/display: Check UnboundedRequestEnabled's value drm/amd/display: Run DC_LOG_DC after checking link->link_enc drm/amd/display: Check HDCP returned status drm/amd/display: Validate function returns drm/amd/display: Check denominator pbn_div before used drm/amd/display: Check denominator crb_pipes before used Alexander Gordeev (1): s390/boot: Do not assume the decompressor range is reserved Alexandre Ghiti (3): riscv: Do not restrict memory size because of linear mapping on nommu riscv: Improve sbi_ecall() code generation by reordering arguments riscv: Fix RISCV_ALTERNATIVE_EARLY Alexey Dobriyan (1): ELF: fix kernel.randomize_va_space double read Alison Schofield (1): cxl/region: Verify target positions using the ordered target list Amadeusz Sławiński (1): ASoC: topology: Properly initialize soc_enum values Andreas Hindborg (1): rust: kbuild: fix export of bss symbols Andreas Ziegler (1): libbpf: Add NULL checks to bpf_object__{prev_map,next_map} Andrei Vagin (1): seccomp: release task filters when the task exits Andy Shevchenko (3): leds: spi-byte: Call of_node_put() on error path drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused drm/i915/fence: Mark debug_fence_free() with __maybe_unused Anton Blanchard (1): riscv: Fix toolchain vector detection Anup Patel (1): irqchip/sifive-plic: Probe plic driver early for Allwinner D1 platform Arend van Spriel (1): wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 Arkadiusz Kubalewski (1): tools/net/ynl: fix cli.py --subscribe feature Armin Wolf (1): hwmon: (hp-wmi-sensors) Check if WMI event data exists Arnd Bergmann (2): regmap: maple: work around gcc-14.1 false-positive warning hid: bpf: add BPF_JIT dependency Aurabindo Pillai (1): drm/amd: Add gfx12 swizzle mode defs Baochen Qiang (2): Revert "wifi: ath11k: restore country code during resume" Revert "wifi: ath11k: support hibernation" Baokun Li (1): fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF Benjamin Marzinski (1): dm init: Handle minors larger than 255 Bernd Schubert (1): fuse: disable the combination of passthrough and writeback cache Bob Zhou (1): drm/amdgpu: add missing error handling in function amdgpu_gmc_flush_gpu_tlb_pasid Bommu Krishnaiah (2): drm/xe/xe2: Add workaround 14021402888 drm/xe/xe2lpg: Extend workaround 14021402888 Boqun Feng (1): rust: macros: provide correct provenance when constructing THIS_MODULE Breno Leitao (1): net: dqs: Do not use extern for unused dql_group Brian Johannesmeyer (1): x86/kmsan: Fix hook for unaligned accesses Brian Norris (1): spi: rockchip: Resolve unbalanced runtime PM / system PM handling Bryan O'Donoghue (1): clk: qcom: gcc-x1e80100: Don't use parking clk_ops for QUPs Camila Alvarez (1): HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup Carlos Llamas (1): binder: fix UAF caused by offsets overwrite Carlos Song (1): spi: spi-fsl-lpspi: limit PRESCALE bit in TCR register Charles Han (1): spi: intel: Add check devm_kasprintf() returned value Charlie Jenkins (2): riscv: selftests: Remove mmap hint address checks riscv: mm: Do not restrict mmap address based on hint Chen Ni (1): media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse Chen-Yu Tsai (1): ASoc: SOF: topology: Clear SOF link platform name upon unload ChenXiaoSong (1): smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open() Chih-Kang Chang (1): wifi: rtw89: wow: prevent to send unexpected H2C during download Firmware Christian Brauner (7): libfs: fix get_stashed_dentry() fs: don't copy to userspace under namespace semaphore fs: relax permissions for statmount() fs: only copy to userspace on success in listmount() path: add cleanup helper fs: simplify error handling fs: relax permissions for listmount() Christian König (1): drm/amdgpu: reject gang submit on reserved VMIDs Christoffer Sandberg (1): ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices Christoph Hellwig (1): block: don't call bio_uninit from bio_endio Christophe Leroy (2): powerpc/64e: Define mmu_pte_psize static powerpc/vdso: Don't discard rela sections Cong Wang (1): tcp_bpf: fix return value of tcp_bpf_sendmsg() Daiwei Li (1): igb: Fix not clearing TimeSync interrupts for 82580 Dan Carpenter (3): ksmbd: Unlock on in ksmbd_tcp_set_interfaces() irqchip/riscv-aplic: Fix an IS_ERR() vs NULL bug in probe() igc: Unlock on error in igc_io_resume() Dan Williams (1): PCI: Add missing bridge lock to pci_bus_lock() Daniel Lezcano (1): clocksource/drivers/timer-of: Remove percpu irq related code Daniele Ceraolo Spurio (2): drm/xe/gsc: Do not attempt to load the GSC multiple times drm/i915: Do not attempt to load the GSC multiple times Danijel Slivka (1): drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts Dave Airlie (1): nouveau: fix the fwsec sb verification register. Dave Chinner (1): xfs: xfs_finobt_count_blocks() walks the wrong btree David Fernandez Gonzalez (1): VMCI: Fix use-after-free when removing resource in vmci_resource_remove() David Howells (8): cifs: Fix lack of credit renegotiation on read retry netfs, cifs: Fix handling of short DIO read cifs: Fix copy offload to flush destination region cifs: Fix FALLOC_FL_ZERO_RANGE to preflush buffered part of target region cachefiles: Set the max subreq size for cache writes to MAX_RW_COUNT vfs: Fix potential circular locking through setxattr() and removexattr() cifs: Fix zero_point init on inode initialisation cifs: Fix SMB1 readv/writev callback in the same way as SMB2/3 David Lechner (1): iio: buffer-dmaengine: fix releasing dma channel on error David Sterba (1): btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry() Dawid Osuchowski (1): ice: Add netif_device_attach/detach into PF reset flow Devyn Liu (1): spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware Dmitry Torokhov (2): Input: ili210x - use kvmalloc() to allocate buffer for firmware update Input: uinput - reject requests with unreasonable number of slots Douglas Anderson (2): regulator: core: Stub devm_regulator_bulk_get_const() if !CONFIG_REGULATOR Bluetooth: qca: If memdump doesn't work, re-enable IBS Dragos Tatulea (1): net/mlx5e: SHAMPO, Fix page leak Dumitru Ceclan (3): iio: adc: ad7124: fix config comparison iio: adc: ad7124: fix chip ID mismatch iio: adc: ad7124: fix DT configuration parsing Eric Dumazet (1): ila: call nf_unregister_net_hooks() sooner Eric Joyner (1): ice: Check all ice_vsi_rebuild() errors in function Faisal Hassan (1): usb: dwc3: core: update LC timer as per USB Spec V3.2 Fedor Pchelkin (1): btrfs: qgroup: don't use extent changeset when not needed Filipe Manana (3): btrfs: replace BUG_ON() with error handling at update_ref_for_cow() btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info() btrfs: fix race between direct IO write and fsync when using same fd Frank Li (1): i3c: master: svc: resend target address when get NACK Geert Uytterhoeven (1): nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc Georg Gottleuber (1): nvme-pci: Add sleep quirk for Samsung 990 Evo Greg Kroah-Hartman (1): Linux 6.10.10 Guenter Roeck (4): hwmon: (adc128d818) Fix underflows seen when writing limit attributes hwmon: (lm95234) Fix underflows seen when writing limit attributes hwmon: (nct6775-core) Fix underflows seen when writing limit attributes hwmon: (w83627ehf) Fix underflows seen when writing limit attributes Guillaume Nault (1): bareudp: Fix device stats updates. Guillaume Stols (1): iio: adc: ad7606: remove frstdata check for serial mode Hans Verkuil (3): media: b2c2: flexcop-usb: fix flexcop_usb_memory_req media: vivid: fix wrong sizeimage value for mplane media: vivid: don't set HDMI TX controls if there are no HDMI outputs Hans de Goede (1): ASoC: Intel: Boards: Fix NULL pointer deref in BYT/CHT boards harder Hao Ge (2): codetag: debug: mark codetags for poisoned page as empty mm/slub: add check for s->flags in the alloc_tagging_slab_free_hook Hareshx Sankar Raj (1): crypto: qat - fix unintentional re-enabling of error interrupts Hawking Zhang (3): drm/amdgpu: Fix register access violation drm/amdgpu: Fix smatch static checker warning drm/amdgpu: Correct register used to clear fault status Hayes Wang (1): r8152: fix the firmware doesn't work Heikki Krogerus (1): usb: typec: ucsi: Fix the partner PD revision Heiko Carstens (1): s390/vmlinux.lds.S: Move ro_after_init section behind rodata section Helge Deller (1): parisc: Delay write-protection until mark_rodata_ro() call Huacai Chen (2): LoongArch: Use correct API to map cmdline in relocate_kernel() LoongArch: Use accessors to page table entries instead of direct dereference Huang Ying (1): cxl/region: Fix a race condition in memory hotplug notifier Igor Pylypiv (3): scsi: pm80xx: Set phy->enable_completion only when we wait for it ata: libata-scsi: Remove redundant sense_buffer memsets ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf Ivan Orlov (1): kunit/overflow: Fix UB in overflow_allocation_test Jacky Bai (2): clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX clocksource/drivers/imx-tpm: Fix next event not taking effect sometime Jacob Pan (1): iommu/vt-d: Handle volatile descriptor status read Jakub Kicinski (1): ethtool: fail closed if we can't get max channel used in indirection tables James Morse (1): arm64: acpi: Move get_cpu_for_acpi_id() to a header Jamie Bainbridge (1): selftests: net: enable bind tests Jan Kara (1): udf: Avoid excessive partition lengths Jann Horn (3): fuse: use unsigned type for getxattr/listxattr size truncation userfaultfd: don't BUG_ON() if khugepaged yanks our page table userfaultfd: fix checks for huge PMDs Jarkko Nikula (1): i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup Jason Gunthorpe (1): iommufd: Require drivers to supply the cache_invalidate_user ops Jean-Baptiste Maneyrol (1): iio: imu: inv_mpu6050: fix interrupt status read for old buggy chips Jens Emil Schulz Østergaard (1): net: microchip: vcap: Fix use-after-free error in kunit test Jeongjun Park (1): bpf: add check for invalid name in btf_name_valid_section() Jernej Skrabec (1): iommu: sun50i: clear bypass register Jia Jie Ho (2): crypto: starfive - Align rsa input data to 32-bit crypto: starfive - Fix nent assignment in rsa dec Jiaxun Yang (1): MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed Jinjie Ruan (1): net: phy: Fix missing of_node_put() for leds Jiwei Sun (1): crypto: qat - initialize user_input.lock for rate_limiting Joanne Koong (2): fuse: update stats for pages in dropped aux writeback list fuse: check aborted connection before adding requests to pending list for resending Johannes Berg (2): wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check um: line: always fill *error_out in setup_one_line() John Thomson (1): nvmem: u-boot-env: error if NVMEM device is too small Jonas Gorski (1): net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN Jonathan Bell (1): mmc: core: apply SD quirks earlier during probe Jonathan Cameron (3): ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() ACPI: processor: Fix memory leaks in error paths of processor_add() arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry Josef Bacik (4): btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() btrfs: replace BUG_ON with ASSERT in walk_down_proc() btrfs: clean up our handling of refs == 0 in snapshot delete btrfs: handle errors from btrfs_dec_ref() properly Jouni Högander (2): drm/i915/display: Add mechanism to use sink model when applying quirk drm/i915/display: Increase Fast Wake Sync length as a quirk Jules Irenge (1): pcmcia: Use resource_size function on resource object Justin Tee (1): scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info Kan Liang (2): perf/x86/intel: Limit the period on Haswell perf/x86/intel: Hide Topdown metrics events if the feature is not enumerated Keith Busch (1): nvme-pci: allocate tagset on reset if necessary Kent Overstreet (1): lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() Kirill A. Shutemov (1): x86/tdx: Fix data leak in mmio_read() Kishon Vijay Abraham I (1): PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) Konstantin Andreev (1): smack: unix sockets: fix accept()ed socket label Konstantin Komarov (2): fs/ntfs3: One more reason to mark inode bad fs/ntfs3: Check more cases when directory is corrupted Krishna Kumar (1): pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv Krzysztof Kozlowski (1): gpio: rockchip: fix OF node leak in probe() Kuniyuki Iwashima (4): af_unix: Remove put_pid()/put_cred() in copy_peercred(). can: bcm: Remove proc entry when dev is unregistered. fou: Fix null-ptr-deref in GRO. tcp: Don't drop SYN+ACK for simultaneous connect(). Kyoungrul Kim (1): scsi: ufs: core: Remove SCSI host only if added Lad Prabhakar (1): irqchip/renesas-rzg2l: Reorder function calls in rzg2l_irqc_irq_disable() Larysa Zaremba (5): ice: move netif_queue_set_napi to rtnl-protected sections ice: protect XDP configuration with a mutex ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset ice: remove ICE_CFG_BUSY locking from AF_XDP code ice: do not bring the VSI up, if it was down before the XDP setup Leo Li (1): drm/amd/display: Lock DC and exit IPS when changing backlight Leon Hwang (1): bpf, verifier: Correct tail_call_reachable for bpf prog Li Nan (1): ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery() Liam R. Howlett (1): maple_tree: remove rcu_read_lock() from mt_validate() Liao Chen (2): mmc: sdhci-of-aspeed: fix module autoloading gpio: modepin: Enable module autoloading Lu Baolu (1): iommu/vt-d: Remove control over Execute-Requested requests Luis Henriques (SUSE) (1): ext4: fix possible tid_t sequence overflows Luiz Augusto von Dentz (4): Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE" Bluetooth: MGMT: Ignore keys being loaded with invalid type Bluetooth: hci_sync: Introduce hci_cmd_sync_run/hci_cmd_sync_run_once Bluetooth: MGMT: Fix not generating command complete for MGMT_OP_DISCONNECT Ma Ke (2): irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init() usb: gadget: aspeed_udc: validate endpoint index for ast udc Marc Kleine-Budde (5): can: mcp251xfd: fix ring configuration when switching from CAN-CC to CAN-FD mode can: mcp251xfd: mcp251xfd_handle_rxif_ring_uinc(): factor out in separate function can: mcp251xfd: rx: prepare to workaround broken RX FIFO head index erratum can: mcp251xfd: clarify the meaning of timestamp can: mcp251xfd: rx: add workaround for erratum DS80000789E 6 of mcp2518fd Marc Zyngier (1): scripts: fix gfp-translate after ___GFP_*_BITS conversion to an enum Marcin Ślusarz (1): wifi: rtw88: usb: schedule rx work after everything is set up Marek Marczykowski-Górecki (1): ALSA: hda/realtek: extend quirks for Clevo V5[46]0 Marek Olšák (3): drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6 drm/amdgpu/display: handle gfx12 in amdgpu_dm_plane_format_mod_supported drm/amdgpu: handle gfx12 in amdgpu_display_verify_sizes Markus Schneider-Pargmann (6): can: m_can: Reset coalescing during suspend/resume can: m_can: Remove coalesing disable in isr during suspend can: m_can: Remove m_can_rx_peripheral indirection can: m_can: Do not cancel timer from within timer can: m_can: disable_all_interrupts, not clear active_interrupts can: m_can: Reset cached active_interrupts on start Martin Jocic (5): can: kvaser_pciefd: Skip redundant NULL pointer check in ISR can: kvaser_pciefd: Remove unnecessary comment can: kvaser_pciefd: Rename board_irq to pci_irq can: kvaser_pciefd: Move reset of DMA RX buffers to the end of the ISR can: kvaser_pciefd: Use a single write when releasing RX buffers Mary Guillemard (1): drm/panthor: Restrict high priorities on group_create Masami Hiramatsu (Google) (1): tracing/kprobes: Add symbol counting check when module loads Matt Coster (1): drm/imagination: Free pvr_vm_gpuva after unlink Matt Johnston (1): net: mctp-serial: Fix missing escapes on transmit Matteo Martelli (2): iio: fix scale application in iio_convert_raw_to_processed_unlocked ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode Matthieu Baerts (NGI0) (1): tcp: process the 3rd ACK with sk_socket for TFO/MPTCP Maurizio Lombardi (2): nvmet-tcp: fix kernel crash if commands allocation fails nvmet: Identify-Active Namespace ID List command should reject invalid nsid Maxim Levitsky (1): KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE Maximilien Perreault (1): ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx Michael Ellerman (3): ata: pata_macio: Use WARN instead of BUG powerpc/64e: remove unused IBM HTW code powerpc/64e: split out nohash Book3E 64-bit code Michal Simek (1): dt-bindings: nvmem: Use soc-nvmem node name instead of nvmem Mike Yuan (1): mm/memcontrol: respect zswap.writeback setting from parent cg too Miklos Szeredi (1): fuse: clear PG_uptodate when using a stolen page Mitchell Levy (1): x86/fpu: Avoid writing LBR bit to IA32_XSS unless supported Mohan Kumar (1): ASoC: tegra: Fix CBB error during probe() Mrinmay Sarkar (1): PCI: qcom: Override NO_SNOOP attribute for SA8775P RC Muhammad Usama Anjum (1): selftests: mm: fix build errors on armhf Naman Jain (1): Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic Namhyung Kim (1): perf lock contention: Fix spinlock and rwlock accounting Namjae Jeon (1): ksmbd: unset the binding mark of a reused connection Naohiro Aota (1): btrfs: zoned: handle broken write pointer on zones Nathan Lynch (1): powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() Neeraj Sanjay Kale (1): Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush() Nicholas Piggin (2): workqueue: wq_watchdog_touch is always called with valid CPU workqueue: Improve scalability of workqueue watchdog touch Nuno Sa (1): iio: adc: ad_sigma_delta: fix irq_flags on irq request Nysal Jan K.A. (1): powerpc/qspinlock: Fix deadlock in MCS queue Oliver Neukum (2): usbnet: modern method to get random MAC usbnet: ipheth: race between ipheth_close and error handling Olivier Sobrie (1): HID: amd_sfh: free driver_data after destroying hid device Pali Rohár (1): irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1 Paulo Alcantara (2): smb: client: fix double put of @cfile in smb2_set_path_size() smb: client: fix double put of @cfile in smb2_rename_path() Pawel Dembicki (2): hwmon: ltc2991: fix register bits defines net: dsa: vsc73xx: fix possible subblocks range of CAPT block Pawel Laszczak (1): usb: cdns2: Fix controller reset issue Peiyang Wang (1): net: hns3: void array out of bound when loop tnl_num Peter Zijlstra (1): perf/aux: Fix AUX buffer serialization Petr Tesarik (1): kexec_file: fix elfcorehdr digest exclusion when CONFIG_CRASH_HOTPLUG=y Phillip Lougher (1): Squashfs: sanity check symbolic link size Prashanth K (1): usb: dwc3: Avoid waking up gadget during startxfer Qu Wenruo (1): btrfs: slightly loosen the requirement for qgroup removal Rakesh Ughreja (1): accel/habanalabs/gaudi2: unsecure edma max outstanding register Ravi Bangoria (1): KVM: SVM: Don't advertise Bus Lock Detect to guest if SVM support is missing Richard Fitzgerald (1): firmware: cs_dsp: Don't allow writes to read-only controls Roger Quadros (3): net: ethernet: ti: am65-cpsw: Fix NULL dereference on XDP_TX net: ethernet: ti: am65-cpsw: fix XDP_DROP, XDP_TX and XDP_REDIRECT net: ethernet: ti: am65-cpsw: Fix RX statistics for XDP_TX and XDP_REDIRECT Roland Xu (1): rtmutex: Drop rt_mutex::wait_lock before scheduling Ryusuke Konishi (3): nilfs2: fix missing cleanup on rollforward recovery error nilfs2: protect references to superblock parameters exposed in sysfs nilfs2: fix state management in error path of log writing function Sam Protsenko (1): mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K Samuel Holland (3): riscv: misaligned: Restrict user access to kernel memory riscv: kprobes: Use patch_text_nosync() for insn slots riscv: Add tracepoints for SBI calls and returns Sascha Hauer (2): wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() watchdog: imx7ulp_wdt: keep already running watchdog enabled Satya Priya Kakitapalli (2): clk: qcom: clk-alpha-pll: Fix the pll post div mask clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API Saurabh Sengar (1): uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind Sean Anderson (2): net: xilinx: axienet: Fix race in axienet_stop phy: zynqmp: Take the phy mutex in xlate Sean Christopherson (1): KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS Sebastian Andrzej Siewior (1): bpf: Remove tst_run from lwt_seg6local_prog_ops. Seunghwan Baek (1): mmc: cqhci: Fix checking of CQHCI_HALT state Shantanu Goel (1): usb: uas: set host status byte on data completion error Shenghao Ding (1): ASoc: TAS2781: replace beXX_to_cpup with get_unaligned_beXX for potentially broken alignment Shivaprasad G Bhat (1): vfio/spapr: Always clear TCEs before unsetting the window Simon Arlott (1): can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open Simon Horman (1): can: m_can: Release irq on error in m_can_open Souradeep Chakrabarti (1): net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup Stefan Wahren (1): spi: spi-fsl-lpspi: Fix off-by-one in prescale max Stefan Wiehler (1): of/irq: Prevent device address out-of-bounds read in interrupt map walk Stephan Gerhold (1): pinctrl: qcom: x1e80100: Bypass PDC wakeup parent for now Stephen Boyd (2): clk: qcom: gcc-sm8550: Don't use parking clk_ops for QUPs clk: qcom: gcc-sm8550: Don't park the USB RCG at registration time Stephen Hemminger (1): sch/netem: fix use after free in netem_dequeue Steven Rostedt (4): tracing/osnoise: Use a cpumask to know what threads are kthreads tracing/timerlat: Only clear timer if a kthread exists tracing/timerlat: Add interface_lock around clearing of kthread in stop_kthread() eventfs: Use list_del_rcu() for SRCU protected list variable Sukrut Bellary (1): misc: fastrpc: Fix double free of 'buf' in error path Suren Baghdasaryan (1): alloc_tag: fix allocation tag reporting when CONFIG_MODULES=n Sven Schnelle (1): uprobes: Use kzalloc to allocate xol area Takashi Iwai (2): ALSA: control: Apply sanity check of input values for user elements ALSA: hda: Add input value sanity checks to HDMI channel map controls Terry Cheong (1): ALSA: hda/realtek: add patch for internal mic in Lenovo V145 Thomas Gleixner (2): x86/kaslr: Expose and use the end of the physical memory address space x86/mm: Fix PTI for i386 some more Toke Høiland-Jørgensen (1): sched: sch_cake: fix bulk flow accounting logic for host fairness Trond Myklebust (1): NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations Tze-nan Wu (1): bpf, net: Fix a potential race in do_sock_getsockopt() Umang Jain (1): staging: vchiq_core: Bubble up wait_event_interruptible() return value Usama Arif (1): Revert "mm: skip CMA pages when they are not available" Uwe Kleine-König (1): virt: sev-guest: Mark driver struct with __refdata to prevent section mismatch Vadim Fedorenko (2): ptp: ocp: convert serial ports to array ptp: ocp: adjust sysfs entries to expose tty information Vasiliy Kovalev (1): ALSA: hda/realtek - Fix inactive headset mic jack for ASUS Vivobook 15 X1504VAP Viresh Kumar (1): xen: privcmd: Fix possible access to a freed kirqfd instance Vladimir Oltean (1): net: dpaa: avoid on-stack arrays of NR_CPUS elements Waiman Long (2): cgroup/cpuset: Delay setting of CS_CPU_EXCLUSIVE until valid partition cgroup: Protect css->cgroup write under css_set_lock Weiwen Hu (3): nvme: rename nvme_sc_to_pr_err to nvme_status_to_pr_err nvme: fix status magic numbers nvme: rename CDR/MORE/DNR to NVME_STATUS_* Will Deacon (1): mm: vmalloc: ensure vmap_block is initialised before adding to queue Xingyu Wu (1): clk: starfive: jh7110-sys: Add notifier for PLL0 clock Xuan Zhuo (1): virtio_ring: fix KMSAN error for premapped mode Ye Bin (1): jbd2: avoid mount failed when commit block is partial submitted YiPeng Chai (1): drm/amdgpu: add mutex to protect ras shared memory Yicong Yang (1): dma-mapping: benchmark: Don't starve others when doing the test Yifan Zha (1): drm/amdgpu: Set no_hw_access when VF request full GPU fails Yoray Zack (1): net/mlx5e: SHAMPO, Use KSMs instead of KLMs Yosry Ahmed (1): mm: zswap: rename is_zswap_enabled() to zswap_is_enabled() Yunjian Wang (1): netfilter: nf_conncount: fix wrong variable type Yuntao Wang (1): x86/apic: Make x2apic_disable() work correctly Yunxiang Li (3): drm/amdgpu: Fix two reset triggered in a row drm/amdgpu: Add reset_context flag for host FLR drm/amdgpu: Fix amdgpu_device_reset_sriov retry logic Zenghui Yu (1): kselftests: dmabuf-heaps: Ensure the driver name is null-terminated Zheng Qixing (1): ata: libata: Fix memory leak for error path in ata_host_alloc() Zheng Yejian (1): tracing: Avoid possible softlockup in tracing_iter_reset() Zijun Hu (1): devres: Initialize an uninitialized struct member Ziwei Xiao (1): gve: Add adminq mutex lock Zqiang (1): smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu() devi priya (1): clk: qcom: ipq9574: Update the alpha PLL type for GPLLs robelin (1): ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object yang.zhang (1): riscv: set trap vector earlier yangyun (1): fuse: fix memory leak in fuse_create_open

1 year, 3 months

1
1
0 0

Linux 6.6.51

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.51 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ MAINTAINERS | 2 Makefile | 2 arch/arm/include/asm/pgtable.h | 2 arch/arm64/include/asm/acpi.h | 12 arch/arm64/kernel/acpi_numa.c | 11 arch/loongarch/kernel/relocate.c | 4 arch/mips/kernel/cevt-r4k.c | 15 arch/powerpc/include/asm/nohash/mmu-e500.h | 3 arch/powerpc/kernel/vdso/vdso32.lds.S | 4 arch/powerpc/kernel/vdso/vdso64.lds.S | 4 arch/powerpc/lib/qspinlock.c | 10 arch/powerpc/mm/nohash/Makefile | 2 arch/powerpc/mm/nohash/tlb.c | 398 ---------- arch/powerpc/mm/nohash/tlb_64e.c | 361 +++++++++ arch/powerpc/mm/nohash/tlb_low_64e.S | 195 ---- arch/riscv/Kconfig | 5 arch/riscv/include/asm/kfence.h | 4 arch/riscv/include/asm/membarrier.h | 31 arch/riscv/include/asm/pgtable-64.h | 22 arch/riscv/include/asm/pgtable.h | 33 arch/riscv/kernel/efi.c | 2 arch/riscv/kernel/head.S | 3 arch/riscv/kernel/probes/kprobes.c | 5 arch/riscv/kvm/mmu.c | 22 arch/riscv/mm/Makefile | 3 arch/riscv/mm/context.c | 2 arch/riscv/mm/fault.c | 16 arch/riscv/mm/hugetlbpage.c | 12 arch/riscv/mm/init.c | 2 arch/riscv/mm/kasan_init.c | 45 - arch/riscv/mm/pageattr.c | 44 - arch/riscv/mm/pgtable.c | 51 + arch/s390/kernel/vmlinux.lds.S | 9 arch/um/drivers/line.c | 2 arch/x86/coco/tdx/tdx.c | 1 arch/x86/events/intel/core.c | 23 arch/x86/include/asm/fpu/types.h | 7 arch/x86/include/asm/page_64.h | 1 arch/x86/include/asm/pgtable_64_types.h | 4 arch/x86/kernel/apic/apic.c | 11 arch/x86/kernel/fpu/xstate.c | 3 arch/x86/kernel/fpu/xstate.h | 4 arch/x86/kvm/svm/svm.c | 15 arch/x86/kvm/x86.c | 2 arch/x86/lib/iomem.c | 5 arch/x86/mm/init_64.c | 4 arch/x86/mm/kaslr.c | 32 arch/x86/mm/pti.c | 45 - drivers/accel/habanalabs/gaudi2/gaudi2_security.c | 1 drivers/acpi/acpi_processor.c | 15 drivers/acpi/cppc_acpi.c | 13 drivers/android/binder.c | 1 drivers/ata/libata-core.c | 4 drivers/ata/libata-scsi.c | 24 drivers/ata/pata_macio.c | 7 drivers/base/devres.c | 1 drivers/base/regmap/regcache-maple.c | 3 drivers/block/ublk_drv.c | 2 drivers/bluetooth/btnxpuart.c | 12 drivers/bluetooth/hci_qca.c | 1 drivers/clk/qcom/clk-alpha-pll.c | 6 drivers/clk/qcom/clk-rcg.h | 1 drivers/clk/qcom/clk-rcg2.c | 30 drivers/clk/qcom/gcc-ipq9574.c | 12 drivers/clk/qcom/gcc-sm8550.c | 54 - drivers/clk/starfive/clk-starfive-jh7110-sys.c | 31 drivers/clk/starfive/clk-starfive-jh71x0.h | 2 drivers/clocksource/timer-imx-tpm.c | 16 drivers/clocksource/timer-of.c | 17 drivers/clocksource/timer-of.h | 1 drivers/cpufreq/amd-pstate.c | 147 +++ drivers/crypto/intel/qat/qat_common/adf_gen2_pfvf.c | 4 drivers/crypto/intel/qat/qat_dh895xcc/adf_dh895xcc_hw_data.c | 8 drivers/crypto/starfive/jh7110-cryp.h | 4 drivers/crypto/starfive/jh7110-rsa.c | 15 drivers/cxl/core/region.c | 5 drivers/firmware/cirrus/cs_dsp.c | 3 drivers/gpio/gpio-rockchip.c | 1 drivers/gpio/gpio-zynqmp-modepin.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 15 drivers/gpu/drm/amd/amdgpu/amdgpu_display.c | 30 drivers/gpu/drm/amd/amdgpu/amdgpu_ids.c | 15 drivers/gpu/drm/amd/amdgpu/amdgpu_ids.h | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 4 drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 8 drivers/gpu/drm/amd/amdgpu/ih_v6_0.c | 28 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 2 drivers/gpu/drm/amd/display/dc/link/link_factory.c | 6 drivers/gpu/drm/amd/display/modules/hdcp/hdcp1_execution.c | 15 drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 6 drivers/gpu/drm/i915/gt/uc/intel_gsc_uc.c | 2 drivers/gpu/drm/i915/gt/uc/intel_uc_fw.h | 5 drivers/gpu/drm/i915/i915_sw_fence.c | 8 drivers/hid/amd-sfh-hid/amd_sfh_hid.c | 4 drivers/hid/hid-cougar.c | 2 drivers/hv/vmbus_drv.c | 1 drivers/hwmon/adc128d818.c | 4 drivers/hwmon/hp-wmi-sensors.c | 2 drivers/hwmon/lm95234.c | 9 drivers/hwmon/nct6775-core.c | 2 drivers/hwmon/w83627ehf.c | 4 drivers/i3c/master/mipi-i3c-hci/dma.c | 5 drivers/i3c/master/svc-i3c-master.c | 58 + drivers/iio/adc/ad7124.c | 27 drivers/iio/adc/ad7606.c | 28 drivers/iio/adc/ad7606.h | 2 drivers/iio/adc/ad7606_par.c | 48 + drivers/iio/buffer/industrialio-buffer-dmaengine.c | 4 drivers/iio/inkern.c | 8 drivers/input/misc/uinput.c | 14 drivers/input/touchscreen/ili210x.c | 6 drivers/iommu/intel/dmar.c | 2 drivers/iommu/sun50i-iommu.c | 1 drivers/irqchip/irq-armada-370-xp.c | 4 drivers/irqchip/irq-gic-v2m.c | 6 drivers/leds/leds-spi-byte.c | 6 drivers/md/dm-init.c | 4 drivers/media/platform/qcom/camss/camss.c | 5 drivers/media/test-drivers/vivid/vivid-vid-cap.c | 17 drivers/media/test-drivers/vivid/vivid-vid-out.c | 16 drivers/misc/fastrpc.c | 5 drivers/misc/vmw_vmci/vmci_resource.c | 3 drivers/mmc/core/quirks.h | 22 drivers/mmc/core/sd.c | 4 drivers/mmc/host/cqhci-core.c | 2 drivers/mmc/host/dw_mmc.c | 4 drivers/mmc/host/sdhci-of-aspeed.c | 1 drivers/net/bareudp.c | 22 drivers/net/can/kvaser_pciefd.c | 43 - drivers/net/can/m_can/m_can.c | 5 drivers/net/can/spi/mcp251x.c | 2 drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c | 28 drivers/net/can/spi/mcp251xfd/mcp251xfd-ram.c | 11 drivers/net/can/spi/mcp251xfd/mcp251xfd-ring.c | 23 drivers/net/can/spi/mcp251xfd/mcp251xfd-rx.c | 165 ++-- drivers/net/can/spi/mcp251xfd/mcp251xfd-tef.c | 2 drivers/net/can/spi/mcp251xfd/mcp251xfd-timestamp.c | 22 drivers/net/can/spi/mcp251xfd/mcp251xfd.h | 42 - drivers/net/dsa/vitesse-vsc73xx-core.c | 10 drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 20 drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 10 drivers/net/ethernet/intel/e1000e/ich8lan.c | 2 drivers/net/ethernet/intel/ice/ice.h | 2 drivers/net/ethernet/intel/ice/ice_lib.c | 34 drivers/net/ethernet/intel/ice/ice_main.c | 46 - drivers/net/ethernet/intel/ice/ice_xsk.c | 3 drivers/net/ethernet/intel/igb/igb_main.c | 10 drivers/net/ethernet/intel/igc/igc_main.c | 1 drivers/net/ethernet/microchip/vcap/vcap_api_kunit.c | 14 drivers/net/ethernet/microsoft/mana/mana_en.c | 22 drivers/net/mctp/mctp-serial.c | 4 drivers/net/phy/phy_device.c | 2 drivers/net/usb/ipheth.c | 2 drivers/net/usb/r8152.c | 17 drivers/net/usb/usbnet.c | 11 drivers/net/wireless/ath/ath12k/mac.c | 9 drivers/net/wireless/broadcom/brcm80211/brcmsmac/mac80211_if.c | 1 drivers/net/wireless/intel/iwlwifi/mvm/mvm.h | 3 drivers/net/wireless/marvell/mwifiex/main.h | 3 drivers/net/wireless/realtek/rtw88/usb.c | 13 drivers/nvme/host/pci.c | 17 drivers/nvme/target/tcp.c | 4 drivers/nvmem/core.c | 6 drivers/of/irq.c | 15 drivers/pci/controller/dwc/pci-keystone.c | 44 + drivers/pci/hotplug/pnv_php.c | 3 drivers/pci/pci.c | 35 drivers/pcmcia/yenta_socket.c | 6 drivers/phy/xilinx/phy-zynqmp.c | 1 drivers/platform/x86/dell/dell-smbios-base.c | 5 drivers/scsi/pm8001/pm8001_sas.c | 4 drivers/spi/spi-fsl-lpspi.c | 31 drivers/spi/spi-hisi-kunpeng.c | 3 drivers/spi/spi-rockchip.c | 23 drivers/staging/iio/frequency/ad9834.c | 2 drivers/ufs/core/ufshcd.c | 7 drivers/uio/uio_hv_generic.c | 11 drivers/usb/dwc3/core.c | 15 drivers/usb/dwc3/core.h | 2 drivers/usb/dwc3/gadget.c | 41 - drivers/usb/gadget/udc/aspeed_udc.c | 2 drivers/usb/gadget/udc/cdns2/cdns2-gadget.c | 12 drivers/usb/gadget/udc/cdns2/cdns2-gadget.h | 9 drivers/usb/storage/uas.c | 1 drivers/vfio/vfio_iommu_spapr_tce.c | 13 drivers/virtio/virtio_ring.c | 4 drivers/xen/privcmd.c | 10 fs/binfmt_elf.c | 5 fs/btrfs/ctree.c | 12 fs/btrfs/ctree.h | 1 fs/btrfs/extent-tree.c | 32 fs/btrfs/file.c | 25 fs/btrfs/inode.c | 2 fs/btrfs/transaction.h | 6 fs/ext4/fast_commit.c | 8 fs/fscache/main.c | 1 fs/fuse/dir.c | 2 fs/fuse/file.c | 8 fs/fuse/xattr.c | 4 fs/jbd2/recovery.c | 30 fs/nfs/super.c | 2 fs/nilfs2/recovery.c | 35 fs/nilfs2/segment.c | 10 fs/nilfs2/sysfs.c | 43 - fs/ntfs3/dir.c | 52 - fs/ntfs3/frecord.c | 4 fs/smb/client/smb2inode.c | 3 fs/smb/client/smb2ops.c | 16 fs/smb/server/oplock.c | 2 fs/smb/server/smb2pdu.c | 14 fs/smb/server/transport_tcp.c | 4 fs/squashfs/inode.c | 7 fs/tracefs/event_inode.c | 2 fs/udf/super.c | 15 fs/xattr.c | 91 +- include/acpi/cppc_acpi.h | 5 include/linux/amd-pstate.h | 4 include/linux/bpf-cgroup.h | 16 include/linux/mm.h | 4 include/linux/pgtable.h | 21 include/linux/regulator/consumer.h | 8 include/net/bluetooth/hci.h | 3 include/net/bluetooth/hci_core.h | 25 include/net/bluetooth/hci_sync.h | 24 include/net/mana/mana.h | 2 include/net/sock.h | 6 include/uapi/drm/drm_fourcc.h | 18 kernel/bpf/cgroup.c | 25 kernel/bpf/verifier.c | 4 kernel/cgroup/cgroup.c | 2 kernel/dma/map_benchmark.c | 16 kernel/events/core.c | 18 kernel/events/internal.h | 1 kernel/events/ring_buffer.c | 2 kernel/events/uprobes.c | 3 kernel/kexec_file.c | 2 kernel/locking/rtmutex.c | 9 kernel/resource.c | 6 kernel/sched/core.c | 5 kernel/smp.c | 1 kernel/trace/trace.c | 2 kernel/trace/trace_osnoise.c | 50 - kernel/workqueue.c | 12 lib/generic-radix-tree.c | 2 mm/memory_hotplug.c | 2 mm/sparse.c | 2 mm/userfaultfd.c | 29 mm/vmalloc.c | 2 mm/vmscan.c | 24 net/bluetooth/hci_conn.c | 158 --- net/bluetooth/hci_event.c | 27 net/bluetooth/hci_sync.c | 307 +++++++ net/bluetooth/mgmt.c | 144 +-- net/bluetooth/smp.c | 7 net/bridge/br_fdb.c | 6 net/can/bcm.c | 4 net/core/sock.c | 8 net/ipv4/fou_core.c | 29 net/ipv4/tcp_bpf.c | 2 net/ipv4/tcp_input.c | 6 net/ipv6/ila/ila.h | 1 net/ipv6/ila/ila_main.c | 6 net/ipv6/ila/ila_xlat.c | 13 net/netfilter/nf_conncount.c | 8 net/sched/sch_cake.c | 11 net/sched/sch_netem.c | 9 net/socket.c | 104 +- net/unix/af_unix.c | 9 rust/Makefile | 4 rust/kernel/types.rs | 2 rust/macros/module.rs | 6 security/smack/smack_lsm.c | 12 sound/core/control.c | 6 sound/hda/hdmi_chmap.c | 18 sound/pci/hda/patch_conexant.c | 11 sound/pci/hda/patch_realtek.c | 10 sound/soc/codecs/tas2781-fmwlib.c | 71 - sound/soc/soc-dapm.c | 1 sound/soc/soc-topology.c | 2 sound/soc/sof/topology.c | 2 sound/soc/sunxi/sun4i-i2s.c | 143 +-- sound/soc/tegra/tegra210_ahub.c | 10 tools/lib/bpf/libbpf.c | 4 tools/testing/selftests/dmabuf-heaps/dmabuf-heap.c | 4 tools/testing/selftests/net/Makefile | 3 285 files changed, 3297 insertions(+), 2004 deletions(-) Aaradhana Sahu (1): wifi: ath12k: fix uninitialize symbol error on ath12k_peer_assoc_h_he() Ajith C (1): wifi: ath12k: fix firmware crash due to invalid peer nss Aleksandr Mishin (2): platform/x86: dell-smbios: Fix error path in dell_smbios_init() staging: iio: frequency: ad9834: Validate frequency parameter value Alex Deucher (1): Revert "drm/amdgpu: align pp_power_profile_mode with kernel docs" Alex Hung (3): drm/amd/display: Run DC_LOG_DC after checking link->link_enc drm/amd/display: Check HDCP returned status drm/amd/display: Check denominator pbn_div before used Alexandre Ghiti (5): riscv: Use WRITE_ONCE() when setting page table entries mm: Introduce pudp/p4dp/pgdp_get() functions riscv: mm: Only compile pgtable.c if MMU riscv: Use accessors to page table entries instead of direct dereference riscv: Do not restrict memory size because of linear mapping on nommu Alexey Dobriyan (1): ELF: fix kernel.randomize_va_space double read Alison Schofield (1): cxl/region: Verify target positions using the ordered target list Amadeusz Sławiński (1): ASoC: topology: Properly initialize soc_enum values Andrea Parri (1): membarrier: riscv: Add full memory barrier in switch_mm() Andreas Hindborg (1): rust: kbuild: fix export of bss symbols Andreas Ziegler (1): libbpf: Add NULL checks to bpf_object__{prev_map,next_map} Andy Shevchenko (3): leds: spi-byte: Call of_node_put() on error path drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused drm/i915/fence: Mark debug_fence_free() with __maybe_unused Anton Blanchard (1): riscv: Fix toolchain vector detection Arend van Spriel (1): wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 Armin Wolf (1): hwmon: (hp-wmi-sensors) Check if WMI event data exists Arnd Bergmann (1): regmap: maple: work around gcc-14.1 false-positive warning Aurabindo Pillai (1): drm/amd: Add gfx12 swizzle mode defs Baokun Li (1): fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF Benjamin Marzinski (1): dm init: Handle minors larger than 255 Boqun Feng (2): rust: types: Make Opaque::get const rust: macros: provide correct provenance when constructing THIS_MODULE Breno Leitao (4): bpf: Add sockptr support for getsockopt bpf: Add sockptr support for setsockopt net/socket: Break down __sys_setsockopt net/socket: Break down __sys_getsockopt Brian Johannesmeyer (1): x86/kmsan: Fix hook for unaligned accesses Brian Norris (1): spi: rockchip: Resolve unbalanced runtime PM / system PM handling Camila Alvarez (1): HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup Carlos Llamas (1): binder: fix UAF caused by offsets overwrite Carlos Song (1): spi: spi-fsl-lpspi: limit PRESCALE bit in TCR register Chen Ni (1): media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse Chen-Yu Tsai (1): ASoc: SOF: topology: Clear SOF link platform name upon unload ChenXiaoSong (1): smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open() Christian König (1): drm/amdgpu: reject gang submit on reserved VMIDs Christoffer Sandberg (1): ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices Christophe Leroy (2): powerpc/64e: Define mmu_pte_psize static powerpc/vdso: Don't discard rela sections Cong Wang (1): tcp_bpf: fix return value of tcp_bpf_sendmsg() Daiwei Li (1): igb: Fix not clearing TimeSync interrupts for 82580 Dan Carpenter (2): ksmbd: Unlock on in ksmbd_tcp_set_interfaces() igc: Unlock on error in igc_io_resume() Dan Williams (1): PCI: Add missing bridge lock to pci_bus_lock() Daniel Lezcano (1): clocksource/drivers/timer-of: Remove percpu irq related code Daniele Ceraolo Spurio (1): drm/i915: Do not attempt to load the GSC multiple times Danijel Slivka (1): drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts David Fernandez Gonzalez (1): VMCI: Fix use-after-free when removing resource in vmci_resource_remove() David Howells (2): cifs: Fix FALLOC_FL_ZERO_RANGE to preflush buffered part of target region vfs: Fix potential circular locking through setxattr() and removexattr() David Lechner (1): iio: buffer-dmaengine: fix releasing dma channel on error David Sterba (1): btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry() Dawid Osuchowski (1): ice: Add netif_device_attach/detach into PF reset flow Devyn Liu (1): spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware Dmitry Torokhov (2): Input: ili210x - use kvmalloc() to allocate buffer for firmware update Input: uinput - reject requests with unreasonable number of slots Douglas Anderson (2): regulator: core: Stub devm_regulator_bulk_get_const() if !CONFIG_REGULATOR Bluetooth: qca: If memdump doesn't work, re-enable IBS Dumitru Ceclan (2): iio: adc: ad7124: fix config comparison iio: adc: ad7124: fix chip ID mismatch Eric Dumazet (1): ila: call nf_unregister_net_hooks() sooner Eric Joyner (1): ice: Check all ice_vsi_rebuild() errors in function Faisal Hassan (1): usb: dwc3: core: update LC timer as per USB Spec V3.2 Filipe Manana (2): btrfs: replace BUG_ON() with error handling at update_ref_for_cow() btrfs: fix race between direct IO write and fsync when using same fd Frank Li (1): i3c: master: svc: resend target address when get NACK Geert Uytterhoeven (1): nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc Georg Gottleuber (1): nvme-pci: Add sleep quirk for Samsung 990 Evo Greg Kroah-Hartman (1): Linux 6.6.51 Guenter Roeck (4): hwmon: (adc128d818) Fix underflows seen when writing limit attributes hwmon: (lm95234) Fix underflows seen when writing limit attributes hwmon: (nct6775-core) Fix underflows seen when writing limit attributes hwmon: (w83627ehf) Fix underflows seen when writing limit attributes Guillaume Nault (1): bareudp: Fix device stats updates. Guillaume Stols (1): iio: adc: ad7606: remove frstdata check for serial mode Hans Verkuil (2): media: vivid: fix wrong sizeimage value for mplane media: vivid: don't set HDMI TX controls if there are no HDMI outputs Hareshx Sankar Raj (1): crypto: qat - fix unintentional re-enabling of error interrupts Hawking Zhang (1): drm/amdgpu: Fix smatch static checker warning Hayes Wang (1): r8152: fix the firmware doesn't work Heiko Carstens (1): s390/vmlinux.lds.S: Move ro_after_init section behind rodata section Huacai Chen (1): LoongArch: Use correct API to map cmdline in relocate_kernel() Igor Pylypiv (3): scsi: pm80xx: Set phy->enable_completion only when we wait for it ata: libata-scsi: Remove redundant sense_buffer memsets ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf Jacky Bai (2): clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX clocksource/drivers/imx-tpm: Fix next event not taking effect sometime Jacob Pan (1): iommu/vt-d: Handle volatile descriptor status read James Morse (1): arm64: acpi: Move get_cpu_for_acpi_id() to a header Jamie Bainbridge (1): selftests: net: enable bind tests Jan Kara (1): udf: Avoid excessive partition lengths Jann Horn (3): fuse: use unsigned type for getxattr/listxattr size truncation userfaultfd: don't BUG_ON() if khugepaged yanks our page table userfaultfd: fix checks for huge PMDs Jarkko Nikula (1): i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup Jens Emil Schulz Østergaard (1): net: microchip: vcap: Fix use-after-free error in kunit test Jernej Skrabec (1): iommu: sun50i: clear bypass register Jia Jie Ho (2): crypto: starfive - Align rsa input data to 32-bit crypto: starfive - Fix nent assignment in rsa dec Jiaxun Yang (1): MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed Jinjie Ruan (1): net: phy: Fix missing of_node_put() for leds Joanne Koong (1): fuse: update stats for pages in dropped aux writeback list Johannes Berg (2): wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check um: line: always fill *error_out in setup_one_line() Jonas Dreßler (3): Bluetooth: hci_event: Use HCI error defines instead of magic values Bluetooth: hci_conn: Only do ACL connections sequentially Bluetooth: Remove pending ACL connection attempts Jonas Gorski (1): net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN Jonathan Bell (1): mmc: core: apply SD quirks earlier during probe Jonathan Cameron (3): ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() ACPI: processor: Fix memory leaks in error paths of processor_add() arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry Josef Bacik (2): btrfs: replace BUG_ON with ASSERT in walk_down_proc() btrfs: clean up our handling of refs == 0 in snapshot delete Jules Irenge (1): pcmcia: Use resource_size function on resource object Kan Liang (1): perf/x86/intel: Limit the period on Haswell Keith Busch (1): nvme-pci: allocate tagset on reset if necessary Kent Overstreet (1): lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() Kirill A. Shutemov (1): x86/tdx: Fix data leak in mmio_read() Kishon Vijay Abraham I (1): PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) Konstantin Andreev (1): smack: unix sockets: fix accept()ed socket label Konstantin Komarov (2): fs/ntfs3: One more reason to mark inode bad fs/ntfs3: Check more cases when directory is corrupted Krishna Kumar (1): pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv Krzysztof Kozlowski (1): gpio: rockchip: fix OF node leak in probe() Kuniyuki Iwashima (4): af_unix: Remove put_pid()/put_cred() in copy_peercred(). can: bcm: Remove proc entry when dev is unregistered. fou: Fix null-ptr-deref in GRO. tcp: Don't drop SYN+ACK for simultaneous connect(). Kyoungrul Kim (1): scsi: ufs: core: Remove SCSI host only if added Larysa Zaremba (2): ice: protect XDP configuration with a mutex ice: do not bring the VSI up, if it was down before the XDP setup Leon Hwang (1): bpf, verifier: Correct tail_call_reachable for bpf prog Li Nan (1): ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery() Liao Chen (2): mmc: sdhci-of-aspeed: fix module autoloading gpio: modepin: Enable module autoloading Luis Henriques (SUSE) (1): ext4: fix possible tid_t sequence overflows Luiz Augusto von Dentz (10): Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE" Bluetooth: MGMT: Ignore keys being loaded with invalid type Bluetooth: hci_conn: Fix UAF Write in __hci_acl_create_connection_sync Bluetooth: hci_sync: Add helper functions to manipulate cmd_sync queue Bluetooth: hci_sync: Attempt to dequeue connection attempt Bluetooth: hci_sync: Introduce hci_cmd_sync_run/hci_cmd_sync_run_once Bluetooth: MGMT: Fix not generating command complete for MGMT_OP_DISCONNECT Bluetooth: hci_sync: Fix UAF in hci_acl_create_conn_sync Bluetooth: hci_sync: Fix UAF on create_le_conn_complete Bluetooth: hci_sync: Fix UAF on hci_abort_conn_sync Ma Ke (2): irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init() usb: gadget: aspeed_udc: validate endpoint index for ast udc Marc Kleine-Budde (5): can: mcp251xfd: fix ring configuration when switching from CAN-CC to CAN-FD mode can: mcp251xfd: mcp251xfd_handle_rxif_ring_uinc(): factor out in separate function can: mcp251xfd: rx: prepare to workaround broken RX FIFO head index erratum can: mcp251xfd: clarify the meaning of timestamp can: mcp251xfd: rx: add workaround for erratum DS80000789E 6 of mcp2518fd Marcin Ślusarz (1): wifi: rtw88: usb: schedule rx work after everything is set up Marek Olšák (2): drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6 drm/amdgpu: handle gfx12 in amdgpu_display_verify_sizes Martin Jocic (5): can: kvaser_pciefd: Skip redundant NULL pointer check in ISR can: kvaser_pciefd: Remove unnecessary comment can: kvaser_pciefd: Rename board_irq to pci_irq can: kvaser_pciefd: Move reset of DMA RX buffers to the end of the ISR can: kvaser_pciefd: Use a single write when releasing RX buffers Matt Johnston (1): net: mctp-serial: Fix missing escapes on transmit Matteo Martelli (2): iio: fix scale application in iio_convert_raw_to_processed_unlocked ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode Matthew Maurer (1): rust: Use awk instead of recent xargs Matthieu Baerts (NGI0) (1): tcp: process the 3rd ACK with sk_socket for TFO/MPTCP Maurizio Lombardi (1): nvmet-tcp: fix kernel crash if commands allocation fails Maxim Levitsky (1): KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE Maximilien Perreault (1): ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx Meng Li (2): ACPI: CPPC: Add helper to get the highest performance value cpufreq: amd-pstate: Enable amd-pstate preferred core support Michael Ellerman (3): ata: pata_macio: Use WARN instead of BUG powerpc/64e: remove unused IBM HTW code powerpc/64e: split out nohash Book3E 64-bit code Mitchell Levy (1): x86/fpu: Avoid writing LBR bit to IA32_XSS unless supported Mohan Kumar (1): ASoC: tegra: Fix CBB error during probe() Naman Jain (1): Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic Namjae Jeon (1): ksmbd: unset the binding mark of a reused connection Neeraj Sanjay Kale (1): Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush() Nicholas Piggin (2): workqueue: wq_watchdog_touch is always called with valid CPU workqueue: Improve scalability of workqueue watchdog touch Nysal Jan K.A. (1): powerpc/qspinlock: Fix deadlock in MCS queue Oliver Neukum (2): usbnet: modern method to get random MAC usbnet: ipheth: race between ipheth_close and error handling Olivier Sobrie (1): HID: amd_sfh: free driver_data after destroying hid device Pali Rohár (1): irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1 Paulo Alcantara (2): smb: client: fix double put of @cfile in smb2_set_path_size() smb: client: fix double put of @cfile in smb2_rename_path() Pawel Dembicki (1): net: dsa: vsc73xx: fix possible subblocks range of CAPT block Pawel Laszczak (1): usb: cdns2: Fix controller reset issue Perry Yuan (1): cpufreq: amd-pstate: fix the highest frequency issue which limits performance Peter Zijlstra (1): perf/aux: Fix AUX buffer serialization Petr Tesarik (1): kexec_file: fix elfcorehdr digest exclusion when CONFIG_CRASH_HOTPLUG=y Phillip Lougher (1): Squashfs: sanity check symbolic link size Prashanth K (1): usb: dwc3: Avoid waking up gadget during startxfer Rakesh Ughreja (1): accel/habanalabs/gaudi2: unsecure edma max outstanding register Ravi Bangoria (1): KVM: SVM: Don't advertise Bus Lock Detect to guest if SVM support is missing Richard Fitzgerald (1): firmware: cs_dsp: Don't allow writes to read-only controls Roland Xu (1): rtmutex: Drop rt_mutex::wait_lock before scheduling Ryusuke Konishi (3): nilfs2: fix missing cleanup on rollforward recovery error nilfs2: protect references to superblock parameters exposed in sysfs nilfs2: fix state management in error path of log writing function Sam Protsenko (1): mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K Samuel Holland (1): riscv: kprobes: Use patch_text_nosync() for insn slots Sascha Hauer (1): wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() Sasha Neftin (1): intel: legacy: Partial revert of field get conversion Satya Priya Kakitapalli (2): clk: qcom: clk-alpha-pll: Fix the pll post div mask clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API Saurabh Sengar (1): uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind Sean Anderson (1): phy: zynqmp: Take the phy mutex in xlate Sean Christopherson (1): KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS Seunghwan Baek (1): mmc: cqhci: Fix checking of CQHCI_HALT state Shantanu Goel (1): usb: uas: set host status byte on data completion error Shenghao Ding (1): ASoc: TAS2781: replace beXX_to_cpup with get_unaligned_beXX for potentially broken alignment Shivaprasad G Bhat (1): vfio/spapr: Always clear TCEs before unsetting the window Simon Arlott (1): can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open Simon Horman (1): can: m_can: Release irq on error in m_can_open Souradeep Chakrabarti (1): net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup Stefan Wahren (1): spi: spi-fsl-lpspi: Fix off-by-one in prescale max Stefan Wiehler (1): of/irq: Prevent device address out-of-bounds read in interrupt map walk Stephen Boyd (2): clk: qcom: gcc-sm8550: Don't use parking clk_ops for QUPs clk: qcom: gcc-sm8550: Don't park the USB RCG at registration time Stephen Hemminger (1): sch/netem: fix use after free in netem_dequeue Steven Rostedt (4): tracing/osnoise: Use a cpumask to know what threads are kthreads tracing/timerlat: Only clear timer if a kthread exists tracing/timerlat: Add interface_lock around clearing of kthread in stop_kthread() eventfs: Use list_del_rcu() for SRCU protected list variable Sukrut Bellary (1): misc: fastrpc: Fix double free of 'buf' in error path Sven Schnelle (1): uprobes: Use kzalloc to allocate xol area Takashi Iwai (2): ALSA: control: Apply sanity check of input values for user elements ALSA: hda: Add input value sanity checks to HDMI channel map controls Terry Cheong (1): ALSA: hda/realtek: add patch for internal mic in Lenovo V145 Thomas Gleixner (2): x86/kaslr: Expose and use the end of the physical memory address space x86/mm: Fix PTI for i386 some more Toke Høiland-Jørgensen (1): sched: sch_cake: fix bulk flow accounting logic for host fairness Trond Myklebust (1): NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations Tze-nan Wu (1): bpf, net: Fix a potential race in do_sock_getsockopt() Usama Arif (1): Revert "mm: skip CMA pages when they are not available" Vern Hao (1): mm/vmscan: use folio_migratetype() instead of get_pageblock_migratetype() Viresh Kumar (1): xen: privcmd: Fix possible access to a freed kirqfd instance Vladimir Oltean (1): net: dpaa: avoid on-stack arrays of NR_CPUS elements Waiman Long (1): cgroup: Protect css->cgroup write under css_set_lock Will Deacon (1): mm: vmalloc: ensure vmap_block is initialised before adding to queue Xingyu Wu (1): clk: starfive: jh7110-sys: Add notifier for PLL0 clock Xuan Zhuo (1): virtio_ring: fix KMSAN error for premapped mode Ye Bin (1): jbd2: avoid mount failed when commit block is partial submitted Yicong Yang (1): dma-mapping: benchmark: Don't starve others when doing the test Yifan Zha (1): drm/amdgpu: Set no_hw_access when VF request full GPU fails Yunjian Wang (1): netfilter: nf_conncount: fix wrong variable type Yuntao Wang (1): x86/apic: Make x2apic_disable() work correctly Zenghui Yu (1): kselftests: dmabuf-heaps: Ensure the driver name is null-terminated Zheng Qixing (1): ata: libata: Fix memory leak for error path in ata_host_alloc() Zheng Yejian (1): tracing: Avoid possible softlockup in tracing_iter_reset() Zijun Hu (1): devres: Initialize an uninitialized struct member Zqiang (1): smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu() devi priya (1): clk: qcom: ipq9574: Update the alpha PLL type for GPLLs robelin (1): ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object yang.zhang (1): riscv: set trap vector earlier yangyun (1): fuse: fix memory leak in fuse_create_open

1 year, 3 months

1
1
0 0

Linux 6.1.110

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.110 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm64/include/asm/acpi.h | 12 arch/arm64/kernel/acpi_numa.c | 11 arch/mips/kernel/cevt-r4k.c | 15 arch/powerpc/include/asm/nohash/mmu-e500.h | 3 arch/powerpc/mm/nohash/Makefile | 2 arch/powerpc/mm/nohash/tlb.c | 398 ---------- arch/powerpc/mm/nohash/tlb_64e.c | 361 +++++++++ arch/powerpc/mm/nohash/tlb_low_64e.S | 195 ---- arch/riscv/kernel/head.S | 3 arch/s390/kernel/vmlinux.lds.S | 9 arch/um/drivers/line.c | 2 arch/x86/coco/tdx/tdx.c | 1 arch/x86/events/intel/core.c | 23 arch/x86/include/asm/fpu/types.h | 7 arch/x86/include/asm/page_64.h | 1 arch/x86/include/asm/pgtable_64_types.h | 4 arch/x86/kernel/fpu/xstate.c | 3 arch/x86/kernel/fpu/xstate.h | 4 arch/x86/kvm/svm/svm.c | 15 arch/x86/kvm/x86.c | 2 arch/x86/lib/iomem.c | 5 arch/x86/mm/init_64.c | 4 arch/x86/mm/kaslr.c | 32 arch/x86/mm/pti.c | 45 - drivers/acpi/acpi_processor.c | 15 drivers/android/binder.c | 1 drivers/ata/libata-core.c | 4 drivers/ata/pata_macio.c | 7 drivers/base/devres.c | 1 drivers/block/ublk_drv.c | 2 drivers/clk/qcom/clk-alpha-pll.c | 6 drivers/clocksource/timer-imx-tpm.c | 16 drivers/clocksource/timer-of.c | 17 drivers/clocksource/timer-of.h | 1 drivers/crypto/qat/qat_common/adf_gen2_pfvf.c | 4 drivers/crypto/qat/qat_dh895xcc/adf_dh895xcc_hw_data.c | 8 drivers/firmware/cirrus/cs_dsp.c | 3 drivers/gpio/gpio-rockchip.c | 1 drivers/gpio/gpio-zynqmp-modepin.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_display.c | 30 drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 4 drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 8 drivers/gpu/drm/amd/amdgpu/ih_v6_0.c | 28 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 2 drivers/gpu/drm/amd/display/modules/hdcp/hdcp1_execution.c | 15 drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 6 drivers/gpu/drm/i915/i915_sw_fence.c | 8 drivers/hid/amd-sfh-hid/amd_sfh_hid.c | 4 drivers/hid/hid-cougar.c | 2 drivers/hv/vmbus_drv.c | 1 drivers/hwmon/adc128d818.c | 4 drivers/hwmon/lm95234.c | 9 drivers/hwmon/nct6775-core.c | 2 drivers/hwmon/w83627ehf.c | 4 drivers/i3c/master/mipi-i3c-hci/dma.c | 5 drivers/iio/adc/ad7124.c | 27 drivers/iio/adc/ad7606.c | 28 drivers/iio/adc/ad7606.h | 2 drivers/iio/adc/ad7606_par.c | 48 + drivers/iio/buffer/industrialio-buffer-dmaengine.c | 4 drivers/iio/inkern.c | 8 drivers/input/misc/uinput.c | 14 drivers/input/touchscreen/ili210x.c | 6 drivers/iommu/intel/dmar.c | 2 drivers/iommu/sun50i-iommu.c | 1 drivers/irqchip/irq-armada-370-xp.c | 4 drivers/irqchip/irq-gic-v2m.c | 6 drivers/leds/leds-spi-byte.c | 6 drivers/md/dm-init.c | 4 drivers/media/platform/qcom/camss/camss.c | 5 drivers/media/test-drivers/vivid/vivid-vid-cap.c | 17 drivers/media/test-drivers/vivid/vivid-vid-out.c | 16 drivers/misc/vmw_vmci/vmci_resource.c | 3 drivers/mmc/core/quirks.h | 22 drivers/mmc/core/sd.c | 4 drivers/mmc/host/cqhci-core.c | 2 drivers/mmc/host/dw_mmc.c | 4 drivers/mmc/host/sdhci-of-aspeed.c | 1 drivers/net/bareudp.c | 22 drivers/net/can/m_can/m_can.c | 5 drivers/net/can/spi/mcp251x.c | 2 drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c | 28 drivers/net/can/spi/mcp251xfd/mcp251xfd-ram.c | 11 drivers/net/can/spi/mcp251xfd/mcp251xfd-ring.c | 23 drivers/net/can/spi/mcp251xfd/mcp251xfd-rx.c | 165 ++-- drivers/net/can/spi/mcp251xfd/mcp251xfd-tef.c | 2 drivers/net/can/spi/mcp251xfd/mcp251xfd-timestamp.c | 22 drivers/net/can/spi/mcp251xfd/mcp251xfd.h | 42 - drivers/net/dsa/vitesse-vsc73xx-core.c | 10 drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 20 drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 10 drivers/net/ethernet/intel/ice/ice_main.c | 61 - drivers/net/ethernet/intel/igb/igb_main.c | 10 drivers/net/ethernet/intel/igc/igc_main.c | 1 drivers/net/ethernet/microsoft/mana/mana.h | 2 drivers/net/ethernet/microsoft/mana/mana_en.c | 22 drivers/net/mctp/mctp-serial.c | 4 drivers/net/usb/ipheth.c | 2 drivers/net/usb/usbnet.c | 11 drivers/net/wireless/broadcom/brcm80211/brcmsmac/mac80211_if.c | 1 drivers/net/wireless/marvell/mwifiex/main.h | 3 drivers/nvme/host/pci.c | 11 drivers/nvme/target/tcp.c | 4 drivers/nvmem/core.c | 6 drivers/of/irq.c | 15 drivers/pci/controller/dwc/pci-keystone.c | 44 + drivers/pci/hotplug/pnv_php.c | 3 drivers/pci/pci.c | 35 drivers/pcmcia/yenta_socket.c | 6 drivers/phy/xilinx/phy-zynqmp.c | 1 drivers/platform/x86/dell/dell-smbios-base.c | 5 drivers/regulator/of_regulator.c | 92 ++ drivers/spi/spi-rockchip.c | 23 drivers/staging/iio/frequency/ad9834.c | 2 drivers/uio/uio_hv_generic.c | 11 drivers/usb/dwc3/core.c | 15 drivers/usb/dwc3/core.h | 2 drivers/usb/gadget/udc/aspeed_udc.c | 2 drivers/usb/storage/uas.c | 1 fs/binfmt_elf.c | 5 fs/btrfs/ctree.c | 12 fs/btrfs/ctree.h | 1 fs/btrfs/extent-tree.c | 32 fs/btrfs/file.c | 25 fs/btrfs/inode.c | 2 fs/btrfs/transaction.h | 6 fs/ext4/fast_commit.c | 8 fs/fuse/dev.c | 6 fs/fuse/dir.c | 72 + fs/fuse/file.c | 51 + fs/fuse/fuse_i.h | 8 fs/fuse/inode.c | 3 fs/fuse/xattr.c | 4 fs/nfs/super.c | 2 fs/nilfs2/recovery.c | 35 fs/nilfs2/segment.c | 10 fs/nilfs2/sysfs.c | 43 - fs/ntfs3/dir.c | 52 - fs/ntfs3/frecord.c | 4 fs/smb/client/smb2ops.c | 16 fs/smb/server/smb2pdu.c | 4 fs/smb/server/transport_tcp.c | 4 fs/squashfs/inode.c | 7 fs/udf/super.c | 15 include/linux/mm.h | 4 include/linux/regulator/consumer.h | 16 include/net/bluetooth/hci_core.h | 5 include/uapi/drm/drm_fourcc.h | 18 include/uapi/linux/fuse.h | 46 + io_uring/io-wq.c | 16 io_uring/sqpoll.c | 1 kernel/bpf/btf.c | 13 kernel/cgroup/cgroup.c | 2 kernel/dma/map_benchmark.c | 16 kernel/events/core.c | 18 kernel/events/internal.h | 1 kernel/events/ring_buffer.c | 2 kernel/events/uprobes.c | 3 kernel/locking/rtmutex.c | 9 kernel/resource.c | 6 kernel/smp.c | 1 kernel/trace/trace.c | 2 kernel/workqueue.c | 12 lib/generic-radix-tree.c | 2 mm/memcontrol.c | 22 mm/memory_hotplug.c | 2 mm/sparse.c | 2 net/bluetooth/mgmt.c | 60 - net/bluetooth/smp.c | 7 net/bridge/br_fdb.c | 6 net/can/bcm.c | 4 net/ipv4/fou.c | 29 net/ipv4/tcp_bpf.c | 2 net/ipv4/tcp_input.c | 6 net/ipv6/ila/ila.h | 1 net/ipv6/ila/ila_main.c | 6 net/ipv6/ila/ila_xlat.c | 13 net/netfilter/nf_conncount.c | 8 net/sched/sch_cake.c | 11 net/sched/sch_netem.c | 9 net/unix/af_unix.c | 9 rust/Makefile | 4 security/smack/smack_lsm.c | 12 sound/core/control.c | 6 sound/hda/hdmi_chmap.c | 18 sound/pci/hda/patch_conexant.c | 11 sound/pci/hda/patch_realtek.c | 10 sound/soc/soc-dapm.c | 1 sound/soc/soc-topology.c | 2 sound/soc/sof/topology.c | 2 sound/soc/sunxi/sun4i-i2s.c | 143 +-- sound/soc/tegra/tegra210_ahub.c | 10 tools/lib/bpf/libbpf.c | 4 tools/testing/selftests/dmabuf-heaps/dmabuf-heap.c | 4 tools/testing/selftests/net/mptcp/mptcp_join.sh | 234 ++++- tools/testing/selftests/net/mptcp/mptcp_lib.sh | 15 197 files changed, 2263 insertions(+), 1399 deletions(-) Aleksandr Mishin (2): platform/x86: dell-smbios: Fix error path in dell_smbios_init() staging: iio: frequency: ad9834: Validate frequency parameter value Alex Deucher (1): Revert "drm/amdgpu: align pp_power_profile_mode with kernel docs" Alex Hung (2): drm/amd/display: Check HDCP returned status drm/amd/display: Check denominator pbn_div before used Alexey Dobriyan (1): ELF: fix kernel.randomize_va_space double read Amadeusz Sławiński (1): ASoC: topology: Properly initialize soc_enum values Andreas Hindborg (1): rust: kbuild: fix export of bss symbols Andreas Ziegler (1): libbpf: Add NULL checks to bpf_object__{prev_map,next_map} Andy Shevchenko (3): leds: spi-byte: Call of_node_put() on error path drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused drm/i915/fence: Mark debug_fence_free() with __maybe_unused Arend van Spriel (1): wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 Aurabindo Pillai (1): drm/amd: Add gfx12 swizzle mode defs Benjamin Marzinski (1): dm init: Handle minors larger than 255 Brian Johannesmeyer (1): x86/kmsan: Fix hook for unaligned accesses Brian Norris (1): spi: rockchip: Resolve unbalanced runtime PM / system PM handling Camila Alvarez (1): HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup Carlos Llamas (1): binder: fix UAF caused by offsets overwrite Chen Ni (1): media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse Chen-Yu Tsai (1): ASoc: SOF: topology: Clear SOF link platform name upon unload Christoffer Sandberg (1): ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices Christophe Leroy (1): powerpc/64e: Define mmu_pte_psize static Cong Wang (1): tcp_bpf: fix return value of tcp_bpf_sendmsg() Corentin Labbe (1): regulator: Add of_regulator_bulk_get_all Daiwei Li (1): igb: Fix not clearing TimeSync interrupts for 82580 Dan Carpenter (2): ksmbd: Unlock on in ksmbd_tcp_set_interfaces() igc: Unlock on error in igc_io_resume() Dan Williams (1): PCI: Add missing bridge lock to pci_bus_lock() Daniel Lezcano (1): clocksource/drivers/timer-of: Remove percpu irq related code Danijel Slivka (1): drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts David Fernandez Gonzalez (1): VMCI: Fix use-after-free when removing resource in vmci_resource_remove() David Howells (1): cifs: Fix FALLOC_FL_ZERO_RANGE to preflush buffered part of target region David Lechner (1): iio: buffer-dmaengine: fix releasing dma channel on error David Sterba (1): btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry() Dawid Osuchowski (1): ice: Add netif_device_attach/detach into PF reset flow Dharmendra Singh (1): fuse: allow non-extending parallel direct writes on the same file Dmitry Torokhov (2): Input: ili210x - use kvmalloc() to allocate buffer for firmware update Input: uinput - reject requests with unreasonable number of slots Douglas Anderson (1): regulator: core: Stub devm_regulator_bulk_get_const() if !CONFIG_REGULATOR Dumitru Ceclan (2): iio: adc: ad7124: fix config comparison iio: adc: ad7124: fix chip ID mismatch Eric Dumazet (1): ila: call nf_unregister_net_hooks() sooner Faisal Hassan (1): usb: dwc3: core: update LC timer as per USB Spec V3.2 Filipe Manana (2): btrfs: replace BUG_ON() with error handling at update_ref_for_cow() btrfs: fix race between direct IO write and fsync when using same fd Geert Uytterhoeven (1): nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc Georg Gottleuber (1): nvme-pci: Add sleep quirk for Samsung 990 Evo Greg Kroah-Hartman (1): Linux 6.1.110 Guenter Roeck (4): hwmon: (adc128d818) Fix underflows seen when writing limit attributes hwmon: (lm95234) Fix underflows seen when writing limit attributes hwmon: (nct6775-core) Fix underflows seen when writing limit attributes hwmon: (w83627ehf) Fix underflows seen when writing limit attributes Guillaume Nault (1): bareudp: Fix device stats updates. Guillaume Stols (1): iio: adc: ad7606: remove frstdata check for serial mode Hans Verkuil (2): media: vivid: fix wrong sizeimage value for mplane media: vivid: don't set HDMI TX controls if there are no HDMI outputs Hareshx Sankar Raj (1): crypto: qat - fix unintentional re-enabling of error interrupts Hawking Zhang (1): drm/amdgpu: Fix smatch static checker warning Heiko Carstens (1): s390/vmlinux.lds.S: Move ro_after_init section behind rodata section Jacky Bai (2): clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX clocksource/drivers/imx-tpm: Fix next event not taking effect sometime Jacob Pan (1): iommu/vt-d: Handle volatile descriptor status read James Morse (1): arm64: acpi: Move get_cpu_for_acpi_id() to a header Jan Kara (1): udf: Avoid excessive partition lengths Jann Horn (1): fuse: use unsigned type for getxattr/listxattr size truncation Jarkko Nikula (1): i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup Jens Axboe (1): io_uring/io-wq: stop setting PF_NO_SETAFFINITY on io-wq workers Jernej Skrabec (1): iommu: sun50i: clear bypass register Jiaxun Yang (1): MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed Joanne Koong (1): fuse: update stats for pages in dropped aux writeback list Johannes Berg (1): um: line: always fill *error_out in setup_one_line() Jonas Gorski (1): net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN Jonathan Bell (1): mmc: core: apply SD quirks earlier during probe Jonathan Cameron (3): ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() ACPI: processor: Fix memory leaks in error paths of processor_add() arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry Josef Bacik (2): btrfs: replace BUG_ON with ASSERT in walk_down_proc() btrfs: clean up our handling of refs == 0 in snapshot delete Jules Irenge (1): pcmcia: Use resource_size function on resource object Kan Liang (1): perf/x86/intel: Limit the period on Haswell Kent Overstreet (1): lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() Kirill A. Shutemov (1): x86/tdx: Fix data leak in mmio_read() Kishon Vijay Abraham I (1): PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) Konstantin Andreev (1): smack: unix sockets: fix accept()ed socket label Konstantin Komarov (2): fs/ntfs3: One more reason to mark inode bad fs/ntfs3: Check more cases when directory is corrupted Krishna Kumar (1): pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv Krzysztof Kozlowski (1): gpio: rockchip: fix OF node leak in probe() Kuniyuki Iwashima (4): af_unix: Remove put_pid()/put_cred() in copy_peercred(). can: bcm: Remove proc entry when dev is unregistered. fou: Fix null-ptr-deref in GRO. tcp: Don't drop SYN+ACK for simultaneous connect(). Larysa Zaremba (1): ice: do not bring the VSI up, if it was down before the XDP setup Li Nan (1): ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery() Liao Chen (2): mmc: sdhci-of-aspeed: fix module autoloading gpio: modepin: Enable module autoloading Luis Henriques (SUSE) (1): ext4: fix possible tid_t sequence overflows Luiz Augusto von Dentz (2): Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE" Bluetooth: MGMT: Ignore keys being loaded with invalid type Ma Ke (2): irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init() usb: gadget: aspeed_udc: validate endpoint index for ast udc Maciej Fijalkowski (2): ice: Use ice_max_xdp_frame_size() in ice_xdp_setup_prog() ice: allow hot-swapping XDP programs Marc Kleine-Budde (5): can: mcp251xfd: fix ring configuration when switching from CAN-CC to CAN-FD mode can: mcp251xfd: mcp251xfd_handle_rxif_ring_uinc(): factor out in separate function can: mcp251xfd: rx: prepare to workaround broken RX FIFO head index erratum can: mcp251xfd: clarify the meaning of timestamp can: mcp251xfd: rx: add workaround for erratum DS80000789E 6 of mcp2518fd Marek Olšák (2): drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6 drm/amdgpu: handle gfx12 in amdgpu_display_verify_sizes Matt Johnston (1): net: mctp-serial: Fix missing escapes on transmit Matteo Martelli (2): iio: fix scale application in iio_convert_raw_to_processed_unlocked ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode Matthew Maurer (1): rust: Use awk instead of recent xargs Matthieu Baerts (NGI0) (4): selftests: mptcp: fix backport issues selftests: mptcp: join: validate event numbers selftests: mptcp: join: check re-re-adding ID 0 signal tcp: process the 3rd ACK with sk_socket for TFO/MPTCP Maurizio Lombardi (1): nvmet-tcp: fix kernel crash if commands allocation fails Maxim Levitsky (1): KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE Maximilien Perreault (1): ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx Michael Ellerman (3): ata: pata_macio: Use WARN instead of BUG powerpc/64e: remove unused IBM HTW code powerpc/64e: split out nohash Book3E 64-bit code Michal Koutný (1): io_uring/sqpoll: Do not set PF_NO_SETAFFINITY on sqpoll threads Miklos Szeredi (3): fuse: add "expire only" mode to FUSE_NOTIFY_INVAL_ENTRY fuse: add request extension fuse: add feature flag for expire-only Mitchell Levy (1): x86/fpu: Avoid writing LBR bit to IA32_XSS unless supported Mohan Kumar (1): ASoC: tegra: Fix CBB error during probe() Naman Jain (1): Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic Namjae Jeon (1): ksmbd: unset the binding mark of a reused connection Nicholas Piggin (2): workqueue: wq_watchdog_touch is always called with valid CPU workqueue: Improve scalability of workqueue watchdog touch Oliver Neukum (2): usbnet: modern method to get random MAC usbnet: ipheth: race between ipheth_close and error handling Olivier Sobrie (1): HID: amd_sfh: free driver_data after destroying hid device Pali Rohár (1): irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1 Pawel Dembicki (1): net: dsa: vsc73xx: fix possible subblocks range of CAPT block Peng Wu (1): regulator: of: fix a NULL vs IS_ERR() check in of_regulator_bulk_get_all() Peter Zijlstra (1): perf/aux: Fix AUX buffer serialization Phillip Lougher (1): Squashfs: sanity check symbolic link size Ravi Bangoria (1): KVM: SVM: Don't advertise Bus Lock Detect to guest if SVM support is missing Richard Fitzgerald (1): firmware: cs_dsp: Don't allow writes to read-only controls Roland Xu (1): rtmutex: Drop rt_mutex::wait_lock before scheduling Ryusuke Konishi (3): nilfs2: fix missing cleanup on rollforward recovery error nilfs2: protect references to superblock parameters exposed in sysfs nilfs2: fix state management in error path of log writing function Sam Protsenko (1): mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K Sascha Hauer (1): wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() Satya Priya Kakitapalli (2): clk: qcom: clk-alpha-pll: Fix the pll post div mask clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API Saurabh Sengar (1): uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind Sean Anderson (1): phy: zynqmp: Take the phy mutex in xlate Sean Christopherson (1): KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS Seunghwan Baek (1): mmc: cqhci: Fix checking of CQHCI_HALT state Shakeel Butt (1): memcg: protect concurrent access to mem_cgroup_idr Shantanu Goel (1): usb: uas: set host status byte on data completion error Simon Arlott (1): can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open Simon Horman (1): can: m_can: Release irq on error in m_can_open Souradeep Chakrabarti (1): net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup Stefan Wiehler (1): of/irq: Prevent device address out-of-bounds read in interrupt map walk Stephen Hemminger (1): sch/netem: fix use after free in netem_dequeue Sven Schnelle (1): uprobes: Use kzalloc to allocate xol area Takashi Iwai (2): ALSA: control: Apply sanity check of input values for user elements ALSA: hda: Add input value sanity checks to HDMI channel map controls Terry Cheong (1): ALSA: hda/realtek: add patch for internal mic in Lenovo V145 Thomas Gleixner (2): x86/kaslr: Expose and use the end of the physical memory address space x86/mm: Fix PTI for i386 some more Toke Høiland-Jørgensen (1): sched: sch_cake: fix bulk flow accounting logic for host fairness Trond Myklebust (1): NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations Vladimir Oltean (1): net: dpaa: avoid on-stack arrays of NR_CPUS elements Waiman Long (1): cgroup: Protect css->cgroup write under css_set_lock Yicong Yang (1): dma-mapping: benchmark: Don't starve others when doing the test Yifan Zha (1): drm/amdgpu: Set no_hw_access when VF request full GPU fails Yonghong Song (1): bpf: Silence a warning in btf_type_id_size() Yunjian Wang (1): netfilter: nf_conncount: fix wrong variable type Zenghui Yu (1): kselftests: dmabuf-heaps: Ensure the driver name is null-terminated Zheng Qixing (1): ata: libata: Fix memory leak for error path in ata_host_alloc() Zheng Yejian (1): tracing: Avoid possible softlockup in tracing_iter_reset() Zijun Hu (1): devres: Initialize an uninitialized struct member Zqiang (1): smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu() robelin (1): ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object yang.zhang (1): riscv: set trap vector earlier yangyun (1): fuse: fix memory leak in fuse_create_open

1 year, 3 months

1
1
0 0

Linux 5.15.167

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.167 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/locking/hwspinlock.rst | 11 Makefile | 2 arch/arm64/include/asm/acpi.h | 12 arch/arm64/kernel/acpi_numa.c | 11 arch/mips/kernel/cevt-r4k.c | 15 arch/riscv/kernel/head.S | 3 arch/s390/kernel/vmlinux.lds.S | 9 arch/um/drivers/line.c | 2 arch/x86/kvm/svm/svm.c | 15 arch/x86/mm/pti.c | 45 +- block/blk-integrity.c | 2 drivers/acpi/acpi_processor.c | 15 drivers/android/binder.c | 1 drivers/ata/libata-core.c | 4 drivers/ata/pata_macio.c | 7 drivers/base/devres.c | 1 drivers/clk/qcom/clk-alpha-pll.c | 6 drivers/clocksource/timer-imx-tpm.c | 16 drivers/clocksource/timer-of.c | 17 drivers/clocksource/timer-of.h | 1 drivers/cpufreq/scmi-cpufreq.c | 4 drivers/gpio/gpio-rockchip.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_afmt.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_display.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_eeprom.c | 6 drivers/gpu/drm/amd/amdgpu/amdgpu_eeprom.h | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 8 drivers/gpu/drm/amd/amdgpu/df_v1_7.c | 2 drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_crat.h | 2 drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 3 drivers/gpu/drm/amd/amdkfd/kfd_topology.h | 5 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 5 drivers/gpu/drm/amd/display/dc/clk_mgr/dcn21/rn_clk_mgr.c | 3 drivers/gpu/drm/amd/display/dc/core/dc.c | 1 drivers/gpu/drm/amd/display/dc/dcn20/dcn20_dwb_scl.c | 3 drivers/gpu/drm/amd/display/dc/gpio/gpio_service.c | 17 drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c | 17 drivers/gpu/drm/amd/display/modules/hdcp/hdcp1_execution.c | 15 drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c | 28 + drivers/gpu/drm/amd/pm/powerplay/hwmgr/pp_psm.c | 13 drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 5 drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu10_hwmgr.c | 29 + drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 2 drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu8_hwmgr.c | 15 drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c | 90 ++++- drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega12_hwmgr.c | 20 - drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega20_hwmgr.c | 31 + drivers/gpu/drm/amd/pm/powerplay/smumgr/vega10_smumgr.c | 6 drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 3 drivers/gpu/drm/bridge/tc358767.c | 2 drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 drivers/gpu/drm/i915/i915_sw_fence.c | 8 drivers/gpu/drm/meson/meson_plane.c | 17 drivers/hid/amd-sfh-hid/amd_sfh_hid.c | 4 drivers/hid/hid-cougar.c | 2 drivers/hv/vmbus_drv.c | 1 drivers/hwmon/adc128d818.c | 4 drivers/hwmon/lm95234.c | 9 drivers/hwmon/nct6775.c | 2 drivers/hwmon/w83627ehf.c | 4 drivers/hwspinlock/hwspinlock_core.c | 28 + drivers/hwspinlock/hwspinlock_internal.h | 3 drivers/i3c/master/mipi-i3c-hci/dma.c | 5 drivers/iio/adc/ad7124.c | 27 - drivers/iio/buffer/industrialio-buffer-dmaengine.c | 4 drivers/iio/inkern.c | 8 drivers/infiniband/hw/efa/efa_com.c | 30 - drivers/input/misc/uinput.c | 14 drivers/iommu/intel/dmar.c | 2 drivers/iommu/sun50i-iommu.c | 1 drivers/irqchip/irq-armada-370-xp.c | 4 drivers/irqchip/irq-gic-v2m.c | 6 drivers/leds/leds-spi-byte.c | 6 drivers/md/dm-init.c | 4 drivers/media/platform/qcom/camss/camss.c | 5 drivers/media/test-drivers/vivid/vivid-vid-cap.c | 17 drivers/media/test-drivers/vivid/vivid-vid-out.c | 16 drivers/media/usb/uvc/uvc_driver.c | 18 - drivers/misc/vmw_vmci/vmci_resource.c | 3 drivers/mmc/host/cqhci-core.c | 2 drivers/mmc/host/dw_mmc.c | 4 drivers/mmc/host/sdhci-of-aspeed.c | 1 drivers/net/bareudp.c | 22 - drivers/net/can/m_can/m_can.c | 5 drivers/net/can/spi/mcp251x.c | 2 drivers/net/dsa/vitesse-vsc73xx-core.c | 10 drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 20 - drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 10 drivers/net/ethernet/intel/ice/ice_lib.c | 12 drivers/net/ethernet/intel/igb/igb_main.c | 10 drivers/net/ethernet/intel/igc/igc_main.c | 1 drivers/net/ethernet/pensando/ionic/ionic_lif.c | 2 drivers/net/geneve.c | 8 drivers/net/usb/ch9200.c | 4 drivers/net/usb/cx82310_eth.c | 5 drivers/net/usb/ipheth.c | 2 drivers/net/usb/kaweth.c | 3 drivers/net/usb/mcs7830.c | 4 drivers/net/usb/qmi_wwan.c | 1 drivers/net/usb/sierra_net.c | 6 drivers/net/usb/sr9700.c | 4 drivers/net/usb/sr9800.c | 5 drivers/net/usb/usbnet.c | 15 drivers/net/virtio_net.c | 8 drivers/net/wireless/broadcom/brcm80211/brcmsmac/mac80211_if.c | 1 drivers/net/wireless/intel/iwlwifi/fw/debugfs.c | 3 drivers/net/wireless/intel/iwlwifi/fw/runtime.h | 1 drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 6 drivers/net/wireless/marvell/mwifiex/main.h | 3 drivers/nvme/host/pci.c | 11 drivers/nvme/target/tcp.c | 4 drivers/nvmem/core.c | 6 drivers/of/irq.c | 15 drivers/pci/controller/dwc/pci-keystone.c | 44 ++ drivers/pci/controller/dwc/pcie-al.c | 16 drivers/pci/hotplug/pnv_php.c | 3 drivers/pci/pci.c | 35 +- drivers/pcmcia/yenta_socket.c | 6 drivers/platform/x86/dell/dell-smbios-base.c | 5 drivers/staging/iio/frequency/ad9834.c | 2 drivers/uio/uio_hv_generic.c | 11 drivers/usb/dwc3/core.c | 15 drivers/usb/dwc3/core.h | 2 drivers/usb/storage/uas.c | 1 drivers/usb/typec/ucsi/ucsi.h | 2 drivers/usb/usbip/stub_rx.c | 77 ++-- fs/btrfs/ctree.c | 12 fs/btrfs/ctree.h | 1 fs/btrfs/extent-tree.c | 32 + fs/btrfs/file.c | 25 - fs/btrfs/inode.c | 2 fs/btrfs/transaction.h | 6 fs/cifs/smb2ops.c | 24 - fs/ext4/fast_commit.c | 8 fs/ext4/inode.c | 5 fs/ext4/page-io.c | 14 fs/fuse/file.c | 8 fs/fuse/xattr.c | 4 fs/ksmbd/smb2pdu.c | 4 fs/ksmbd/transport_tcp.c | 4 fs/nfs/super.c | 2 fs/nilfs2/recovery.c | 35 +- fs/nilfs2/segment.c | 10 fs/nilfs2/sysfs.c | 117 ++++-- fs/notify/fsnotify.c | 31 + fs/notify/fsnotify.h | 2 fs/notify/mark.c | 32 + fs/ntfs3/dir.c | 52 +- fs/squashfs/inode.c | 7 fs/udf/super.c | 24 + include/linux/fsnotify_backend.h | 8 include/linux/hwspinlock.h | 6 include/linux/i2c.h | 2 include/linux/udp.h | 2 include/linux/virtio_net.h | 35 +- include/net/bluetooth/hci_core.h | 5 kernel/cgroup/cgroup.c | 2 kernel/dma/debug.c | 5 kernel/dma/map_benchmark.c | 16 kernel/events/core.c | 18 - kernel/events/internal.h | 1 kernel/events/ring_buffer.c | 2 kernel/events/uprobes.c | 3 kernel/locking/rtmutex.c | 9 kernel/rcu/tasks.h | 2 kernel/rcu/tree.h | 1 kernel/rcu/tree_nocb.h | 32 - kernel/smp.c | 1 kernel/trace/trace.c | 2 kernel/workqueue.c | 12 lib/generic-radix-tree.c | 2 mm/memcontrol.c | 23 + net/8021q/vlan_core.c | 7 net/bluetooth/mgmt.c | 60 +-- net/bluetooth/smp.c | 7 net/bridge/br_fdb.c | 6 net/can/bcm.c | 4 net/ethernet/eth.c | 7 net/ipv4/af_inet.c | 19 - net/ipv4/fou.c | 54 +-- net/ipv4/gre_offload.c | 12 net/ipv4/tcp_bpf.c | 2 net/ipv4/tcp_offload.c | 3 net/ipv4/udp_offload.c | 22 - net/ipv6/ila/ila.h | 1 net/ipv6/ila/ila_main.c | 6 net/ipv6/ila/ila_xlat.c | 13 net/ipv6/ip6_offload.c | 14 net/ipv6/udp_offload.c | 2 net/mptcp/options.c | 44 +- net/mptcp/pm.c | 36 +- net/mptcp/pm_netlink.c | 174 ++++++---- net/mptcp/protocol.c | 61 ++- net/mptcp/protocol.h | 28 - net/mptcp/sockopt.c | 4 net/mptcp/subflow.c | 56 +-- net/netfilter/nf_conncount.c | 8 net/sched/sch_cake.c | 11 net/sched/sch_netem.c | 9 net/sunrpc/xprtsock.c | 7 net/unix/af_unix.c | 9 net/wireless/scan.c | 46 +- security/apparmor/apparmorfs.c | 4 security/smack/smack_lsm.c | 14 sound/hda/hdmi_chmap.c | 18 + sound/pci/hda/hda_generic.c | 63 +++ sound/pci/hda/hda_generic.h | 1 sound/pci/hda/patch_conexant.c | 13 sound/pci/hda/patch_realtek.c | 10 sound/soc/soc-dapm.c | 1 sound/soc/soc-topology.c | 2 sound/soc/sunxi/sun4i-i2s.c | 143 ++++---- tools/lib/bpf/libbpf.c | 4 tools/testing/selftests/dmabuf-heaps/dmabuf-heap.c | 4 tools/testing/selftests/net/udpgso.c | 2 221 files changed, 1925 insertions(+), 986 deletions(-) Abhishek Pandit-Subedi (1): usb: typec: ucsi: Fix null pointer dereference in trace Aleksandr Mishin (3): PCI: al: Check IORESOURCE_BUS existence during probe platform/x86: dell-smbios: Fix error path in dell_smbios_init() staging: iio: frequency: ad9834: Validate frequency parameter value Alex Hung (5): drm/amd/display: Check gpio_id before used as array index drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] drm/amd/display: Check msg_id before processing transcation drm/amd/display: Skip wbscl_set_scaler_filter if filter is null drm/amd/display: Check HDCP returned status Alvin Lee (1): drm/amd/display: Assign linear_pitch_alignment even for VM Amadeusz Sławiński (1): ASoC: topology: Properly initialize soc_enum values Amir Goldstein (1): fsnotify: clear PARENT_WATCHED flags lazily Andreas Ziegler (1): libbpf: Add NULL checks to bpf_object__{prev_map,next_map} Andy Shevchenko (3): leds: spi-byte: Call of_node_put() on error path drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused drm/i915/fence: Mark debug_fence_free() with __maybe_unused Arend van Spriel (1): wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 Asad Kamal (1): drm/amd/amdgpu: Check tbo resource pointer Benjamin Marzinski (1): dm init: Handle minors larger than 255 Bob Zhou (1): drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr Breno Leitao (1): virtio_net: Fix napi_skb_cache_put warning Camila Alvarez (1): HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup Carlos Llamas (1): binder: fix UAF caused by offsets overwrite Casey Schaufler (1): smack: tcp: ipv4, fix incorrect labeling Chen Ni (1): media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse Christoffer Sandberg (1): ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices Christoph Hellwig (1): block: remove the blk_flush_integrity call in blk_integrity_unregister Cong Wang (1): tcp_bpf: fix return value of tcp_bpf_sendmsg() Daiwei Li (1): igb: Fix not clearing TimeSync interrupts for 82580 Dan Carpenter (2): igc: Unlock on error in igc_io_resume() ksmbd: Unlock on in ksmbd_tcp_set_interfaces() Dan Williams (1): PCI: Add missing bridge lock to pci_bus_lock() Daniel Borkmann (1): net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket Daniel Lezcano (1): clocksource/drivers/timer-of: Remove percpu irq related code David Fernandez Gonzalez (1): VMCI: Fix use-after-free when removing resource in vmci_resource_remove() David Lechner (1): iio: buffer-dmaengine: fix releasing dma channel on error David Sterba (1): btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry() Dmitry Torokhov (1): Input: uinput - reject requests with unreasonable number of slots Dumitru Ceclan (2): iio: adc: ad7124: fix config comparison iio: adc: ad7124: fix chip ID mismatch Eric Biggers (1): ext4: reject casefold inode flag without casefold feature Eric Dumazet (3): ila: call nf_unregister_net_hooks() sooner gro: remove rcu_read_lock/rcu_read_unlock from gro_receive handlers gro: remove rcu_read_lock/rcu_read_unlock from gro_complete handlers Faisal Hassan (1): usb: dwc3: core: update LC timer as per USB Spec V3.2 Felix Fietkau (1): udp: fix receiving fraglist GSO packets Filipe Manana (2): btrfs: replace BUG_ON() with error handling at update_ref_for_cow() btrfs: fix race between direct IO write and fsync when using same fd Frederic Weisbecker (1): rcu/nocb: Remove buggy bypass lock contention mitigation Geert Uytterhoeven (1): nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc Georg Gottleuber (1): nvme-pci: Add sleep quirk for Samsung 990 Evo Greg Kroah-Hartman (1): Linux 5.15.167 Guenter Roeck (4): hwmon: (adc128d818) Fix underflows seen when writing limit attributes hwmon: (lm95234) Fix underflows seen when writing limit attributes hwmon: (nct6775-core) Fix underflows seen when writing limit attributes hwmon: (w83627ehf) Fix underflows seen when writing limit attributes Guillaume Nault (1): bareudp: Fix device stats updates. Hans Verkuil (2): media: vivid: fix wrong sizeimage value for mplane media: vivid: don't set HDMI TX controls if there are no HDMI outputs Haoran Liu (1): drm/meson: plane: Add error handling Heiko Carstens (1): s390/vmlinux.lds.S: Move ro_after_init section behind rodata section Hersen Wu (3): drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 drm/amd/display: Add array index check for hdcp ddc access drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create Jacky Bai (2): clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX clocksource/drivers/imx-tpm: Fix next event not taking effect sometime Jacob Pan (1): iommu/vt-d: Handle volatile descriptor status read Jagadeesh Kona (1): cpufreq: scmi: Avoid overflow of target_freq in fast switch Jakub Kicinski (1): net: usb: don't write directly to netdev->dev_addr James Morse (1): arm64: acpi: Move get_cpu_for_acpi_id() to a header Jan Kara (3): udf: Limit file size to 4TB ext4: handle redirtying in ext4_bio_write_page() udf: Avoid excessive partition lengths Jann Horn (1): fuse: use unsigned type for getxattr/listxattr size truncation Jarkko Nikula (1): i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup Jernej Skrabec (1): iommu: sun50i: clear bypass register Jesse Zhang (6): drm/amd/pm: fix warning using uninitialized value of max_vid_step drm/amd/pm: fix the Out-of-bounds read warning drm/amdgpu: fix the waring dereferencing hive drm/amd/pm: check specific index for aldebaran drm/amdgpu: the warning dereferencing obj for nbio_v7_4 drm/amd/pm: check negtive return for table entries Jiaxun Yang (1): MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed Joanne Koong (1): fuse: update stats for pages in dropped aux writeback list Johannes Berg (2): wifi: cfg80211: make hash table duplicates more survivable um: line: always fill *error_out in setup_one_line() Jonas Gorski (1): net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN Jonathan Cameron (3): ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() ACPI: processor: Fix memory leaks in error paths of processor_add() arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry Josef Bacik (2): btrfs: replace BUG_ON with ASSERT in walk_down_proc() btrfs: clean up our handling of refs == 0 in snapshot delete Jules Irenge (1): pcmcia: Use resource_size function on resource object Kent Overstreet (1): lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() Kishon Vijay Abraham I (1): PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) Konstantin Andreev (1): smack: unix sockets: fix accept()ed socket label Konstantin Komarov (1): fs/ntfs3: Check more cases when directory is corrupted Krishna Kumar (1): pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv Krzysztof Kozlowski (1): gpio: rockchip: fix OF node leak in probe() Kuniyuki Iwashima (3): af_unix: Remove put_pid()/put_cred() in copy_peercred(). can: bcm: Remove proc entry when dev is unregistered. fou: Fix null-ptr-deref in GRO. Larysa Zaremba (1): ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset Leesoo Ahn (1): apparmor: fix possible NULL pointer dereference Liao Chen (1): mmc: sdhci-of-aspeed: fix module autoloading Luis Henriques (SUSE) (1): ext4: fix possible tid_t sequence overflows Luiz Augusto von Dentz (2): Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE" Bluetooth: MGMT: Ignore keys being loaded with invalid type Ma Jun (7): drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc drm/amdgpu/pm: Fix uninitialized variable warning for smu10 drm/amdgpu/pm: Fix uninitialized variable agc_btc_response drm/amdgpu: Fix out-of-bounds write warning drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs Ma Ke (1): irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init() Marek Olšák (1): drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6 Marek Vasut (1): drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ Matteo Martelli (2): iio: fix scale application in iio_convert_raw_to_processed_unlocked ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode Matthieu Baerts (NGI0) (12): mptcp: pm: re-using ID of unused flushed subflows mptcp: pm: only decrement add_addr_accepted for MPJ req mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR mptcp: pm: fullmesh: select the right ID later mptcp: pm: avoid possible UaF when selecting endp mptcp: avoid duplicated SUB_CLOSED events mptcp: close subflow when receiving TCP+FIN mptcp: pm: ADD_ADDR 0 is not a new address mptcp: pm: do not remove already closed subflows mptcp: pm: skip connecting to already established sf mptcp: pr_debug: add missing \n at the end mptcp: pm: send ACK on an active subflow Maurizio Lombardi (1): nvmet-tcp: fix kernel crash if commands allocation fails Maxim Levitsky (1): KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE Maximilien Perreault (1): ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx Michael Chen (1): drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device Michael Ellerman (1): ata: pata_macio: Use WARN instead of BUG Michael Margolin (1): RDMA/efa: Properly handle unexpected AQ completions Naman Jain (1): Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic Namjae Jeon (1): ksmbd: unset the binding mark of a reused connection Nicholas Piggin (2): workqueue: wq_watchdog_touch is always called with valid CPU workqueue: Improve scalability of workqueue watchdog touch Nikita Kiryushin (1): rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow Oliver Neukum (2): usbnet: modern method to get random MAC usbnet: ipheth: race between ipheth_close and error handling Olivier Sobrie (1): HID: amd_sfh: free driver_data after destroying hid device Pali Rohár (1): irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1 Paolo Abeni (1): mptcp: constify a bunch of of helpers Pawel Dembicki (1): net: dsa: vsc73xx: fix possible subblocks range of CAPT block Peter Zijlstra (1): perf/aux: Fix AUX buffer serialization Philip Mueller (1): drm: panel-orientation-quirks: Add quirk for OrangePi Neo Phillip Lougher (1): Squashfs: sanity check symbolic link size Qing Wang (1): nilfs2: replace snprintf in show functions with sysfs_emit Ravi Bangoria (1): KVM: SVM: Don't advertise Bus Lock Detect to guest if SVM support is missing Ricardo Ribalda (1): media: uvcvideo: Enforce alignment of frame and interval Richard Fitzgerald (2): i2c: Fix conditional for substituting empty ACPI functions i2c: Use IS_REACHABLE() for substituting empty ACPI functions Richard Maina (1): hwspinlock: Introduce hwspin_lock_bust() Rik van Riel (1): dma-debug: avoid deadlock between dma debug vs printk and netconsole Roland Xu (1): rtmutex: Drop rt_mutex::wait_lock before scheduling Ronnie Sahlberg (1): cifs: Check the lease context if we actually got a lease Ryusuke Konishi (3): nilfs2: fix missing cleanup on rollforward recovery error nilfs2: fix state management in error path of log writing function nilfs2: protect references to superblock parameters exposed in sysfs Sam Protsenko (1): mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K Sascha Hauer (1): wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() Satya Priya Kakitapalli (2): clk: qcom: clk-alpha-pll: Fix the pll post div mask clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API Saurabh Sengar (1): uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind Seunghwan Baek (1): mmc: cqhci: Fix checking of CQHCI_HALT state Shahar S Matityahu (1): wifi: iwlwifi: remove fw_running op Shakeel Butt (1): memcg: protect concurrent access to mem_cgroup_idr Shannon Nelson (1): ionic: fix potential irq name truncation Shantanu Goel (1): usb: uas: set host status byte on data completion error Simon Arlott (1): can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open Simon Holesch (1): usbip: Don't submit special requests twice Simon Horman (1): can: m_can: Release irq on error in m_can_open Stefan Wiehler (1): of/irq: Prevent device address out-of-bounds read in interrupt map walk Stephen Hemminger (1): sch/netem: fix use after free in netem_dequeue Sven Schnelle (1): uprobes: Use kzalloc to allocate xol area Takashi Iwai (3): ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown ALSA: hda/conexant: Mute speakers at suspend / shutdown ALSA: hda: Add input value sanity checks to HDMI channel map controls Tao Zhou (1): drm/amdgpu: update type of buf size to u32 for eeprom functions Terry Cheong (1): ALSA: hda/realtek: add patch for internal mic in Lenovo V145 Thomas Gleixner (1): x86/mm: Fix PTI for i386 some more Tim Huang (6): drm/amdgpu: fix overflowed array index read warning drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr drm/amdgpu: fix uninitialized scalar variable warning drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr drm/amdgpu: fix ucode out-of-bounds read warning drm/amdgpu: fix mc_data out-of-bounds read warning Toke Høiland-Jørgensen (1): sched: sch_cake: fix bulk flow accounting logic for host fairness Trond Myklebust (1): NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations Vladimir Oltean (1): net: dpaa: avoid on-stack arrays of NR_CPUS elements Waiman Long (1): cgroup: Protect css->cgroup write under css_set_lock Willem de Bruijn (2): net: more strict VIRTIO_NET_HDR_GSO_UDP_L4 validation net: drop bad gso csum_start and offset in virtio_net_hdr Yan Zhai (1): gso: fix dodgy bit handling for GSO_UDP_L4 Yicong Yang (1): dma-mapping: benchmark: Don't starve others when doing the test Yifan Zha (1): drm/amdgpu: Set no_hw_access when VF request full GPU fails Yunjian Wang (1): netfilter: nf_conncount: fix wrong variable type Yuri Benditovich (1): net: change maximum number of UDP segments to 128 ZHANG Yuntian (1): net: usb: qmi_wwan: add MeiG Smart SRM825L Zenghui Yu (1): kselftests: dmabuf-heaps: Ensure the driver name is null-terminated Zheng Qixing (1): ata: libata: Fix memory leak for error path in ata_host_alloc() Zheng Yejian (1): tracing: Avoid possible softlockup in tracing_iter_reset() Zhigang Luo (1): drm/amdgpu: avoid reading vf2pf info size from FB Zijun Hu (1): devres: Initialize an uninitialized struct member Zqiang (1): smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu() robelin (1): ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object yang.zhang (1): riscv: set trap vector earlier

1 year, 3 months

1
1
0 0

Linux 5.10.226

by Greg Kroah-Hartman

I'm announcing the release of the 5.10.226 kernel. All users of the 5.10 kernel series must upgrade. The updated 5.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/locking/hwspinlock.rst | 11 Makefile | 2 arch/arm64/include/asm/acpi.h | 12 arch/arm64/kernel/acpi_numa.c | 11 arch/mips/kernel/cevt-r4k.c | 15 arch/s390/kernel/vmlinux.lds.S | 9 arch/um/drivers/line.c | 2 arch/x86/mm/pti.c | 45 +- block/bio-integrity.c | 11 block/blk-integrity.c | 2 drivers/acpi/acpi_processor.c | 15 drivers/android/binder.c | 1 drivers/ata/libata-core.c | 4 drivers/ata/pata_macio.c | 7 drivers/base/devres.c | 1 drivers/clk/qcom/clk-alpha-pll.c | 6 drivers/clocksource/timer-imx-tpm.c | 16 drivers/clocksource/timer-of.c | 17 drivers/clocksource/timer-of.h | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_afmt.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 4 drivers/gpu/drm/amd/amdgpu/df_v1_7.c | 2 drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_crat.h | 2 drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 3 drivers/gpu/drm/amd/amdkfd/kfd_topology.h | 5 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 5 drivers/gpu/drm/amd/display/dc/clk_mgr/dcn21/rn_clk_mgr.c | 3 drivers/gpu/drm/amd/display/dc/dcn20/dcn20_dwb_scl.c | 3 drivers/gpu/drm/amd/display/dc/gpio/gpio_service.c | 17 drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c | 17 drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c | 28 + drivers/gpu/drm/amd/pm/powerplay/hwmgr/pp_psm.c | 13 drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 5 drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 2 drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu8_hwmgr.c | 15 drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c | 90 +++- drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega20_hwmgr.c | 8 drivers/gpu/drm/amd/pm/powerplay/smumgr/vega10_smumgr.c | 6 drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 drivers/gpu/drm/i915/i915_sw_fence.c | 8 drivers/gpu/drm/meson/meson_plane.c | 17 drivers/hid/hid-cougar.c | 2 drivers/hv/vmbus_drv.c | 1 drivers/hwmon/adc128d818.c | 4 drivers/hwmon/lm95234.c | 9 drivers/hwmon/nct6775.c | 2 drivers/hwmon/w83627ehf.c | 4 drivers/hwspinlock/hwspinlock_core.c | 28 + drivers/hwspinlock/hwspinlock_internal.h | 3 drivers/iio/adc/ad7124.c | 1 drivers/iio/buffer/industrialio-buffer-dmaengine.c | 4 drivers/iio/inkern.c | 8 drivers/input/misc/uinput.c | 14 drivers/iommu/intel/dmar.c | 2 drivers/iommu/sun50i-iommu.c | 1 drivers/irqchip/irq-armada-370-xp.c | 4 drivers/irqchip/irq-gic-v2m.c | 6 drivers/leds/leds-spi-byte.c | 6 drivers/md/dm-init.c | 4 drivers/media/platform/qcom/camss/camss.c | 5 drivers/media/test-drivers/vivid/vivid-vid-cap.c | 17 drivers/media/test-drivers/vivid/vivid-vid-out.c | 16 drivers/media/usb/uvc/uvc_driver.c | 18 drivers/misc/vmw_vmci/vmci_resource.c | 3 drivers/mmc/host/cqhci.c | 2 drivers/mmc/host/dw_mmc.c | 4 drivers/mmc/host/sdhci-of-aspeed.c | 1 drivers/net/bareudp.c | 22 - drivers/net/can/spi/mcp251x.c | 2 drivers/net/dsa/vitesse-vsc73xx-core.c | 10 drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 20 - drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 10 drivers/net/ethernet/intel/igb/igb_main.c | 10 drivers/net/ethernet/intel/igc/igc_main.c | 1 drivers/net/ethernet/pensando/ionic/ionic_lif.c | 2 drivers/net/geneve.c | 8 drivers/net/usb/ch9200.c | 4 drivers/net/usb/cx82310_eth.c | 5 drivers/net/usb/ipheth.c | 4 drivers/net/usb/kaweth.c | 3 drivers/net/usb/mcs7830.c | 4 drivers/net/usb/qmi_wwan.c | 1 drivers/net/usb/sierra_net.c | 6 drivers/net/usb/sr9700.c | 4 drivers/net/usb/sr9800.c | 5 drivers/net/usb/usbnet.c | 23 - drivers/net/virtio_net.c | 8 drivers/net/wireless/broadcom/brcm80211/brcmsmac/mac80211_if.c | 1 drivers/net/wireless/intel/iwlwifi/fw/debugfs.c | 3 drivers/net/wireless/intel/iwlwifi/fw/runtime.h | 1 drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 6 drivers/net/wireless/marvell/mwifiex/main.h | 3 drivers/nvme/target/tcp.c | 4 drivers/nvmem/core.c | 6 drivers/of/irq.c | 15 drivers/pci/controller/dwc/pci-keystone.c | 44 ++ drivers/pci/controller/dwc/pcie-al.c | 16 drivers/pci/hotplug/pnv_php.c | 3 drivers/pci/pci.c | 35 + drivers/pcmcia/yenta_socket.c | 6 drivers/platform/x86/dell-smbios-base.c | 5 drivers/staging/iio/frequency/ad9834.c | 2 drivers/uio/uio_hv_generic.c | 11 drivers/usb/storage/uas.c | 1 drivers/usb/typec/ucsi/ucsi.h | 2 drivers/usb/usbip/stub_rx.c | 77 ++- fs/btrfs/extent-tree.c | 32 + fs/btrfs/inode.c | 2 fs/btrfs/ioctl.c | 5 fs/btrfs/transaction.c | 24 + fs/btrfs/transaction.h | 2 fs/ext4/page-io.c | 14 fs/fuse/file.c | 8 fs/fuse/xattr.c | 4 fs/lockd/svc.c | 3 fs/nfs/callback.c | 3 fs/nfs/super.c | 2 fs/nfsd/export.c | 32 + fs/nfsd/export.h | 4 fs/nfsd/netns.h | 25 + fs/nfsd/nfs4proc.c | 6 fs/nfsd/nfscache.c | 200 +++++----- fs/nfsd/nfsctl.c | 24 - fs/nfsd/nfsd.h | 1 fs/nfsd/nfsfh.c | 3 fs/nfsd/nfssvc.c | 38 - fs/nfsd/stats.c | 52 +- fs/nfsd/stats.h | 85 +--- fs/nfsd/trace.h | 22 + fs/nfsd/vfs.c | 6 fs/nilfs2/recovery.c | 35 + fs/nilfs2/segment.c | 10 fs/nilfs2/sysfs.c | 117 +++-- fs/notify/fsnotify.c | 31 + fs/notify/fsnotify.h | 2 fs/notify/mark.c | 32 + fs/squashfs/inode.c | 7 fs/udf/super.c | 24 + include/linux/cgroup-defs.h | 107 +---- include/linux/cgroup.h | 22 - include/linux/fsnotify_backend.h | 8 include/linux/hwspinlock.h | 6 include/linux/i2c.h | 2 include/linux/sunrpc/svc.h | 5 include/net/bluetooth/hci_core.h | 5 kernel/cgroup/cgroup.c | 65 +-- kernel/dma/debug.c | 5 kernel/events/core.c | 18 kernel/events/internal.h | 1 kernel/events/ring_buffer.c | 2 kernel/events/uprobes.c | 3 kernel/locking/rtmutex.c | 4 kernel/rcu/tasks.h | 2 kernel/smp.c | 1 kernel/trace/trace.c | 2 lib/generic-radix-tree.c | 2 mm/memcontrol.c | 23 + net/8021q/vlan_core.c | 7 net/bluetooth/mgmt.c | 60 +-- net/bluetooth/smp.c | 7 net/bridge/br_fdb.c | 6 net/can/bcm.c | 4 net/core/netclassid_cgroup.c | 7 net/core/netprio_cgroup.c | 10 net/ethernet/eth.c | 7 net/ipv4/af_inet.c | 19 net/ipv4/fou.c | 62 +-- net/ipv4/gre_offload.c | 12 net/ipv4/inet_hashtables.c | 2 net/ipv4/tcp_bpf.c | 2 net/ipv4/udp_offload.c | 6 net/ipv6/ila/ila.h | 1 net/ipv6/ila/ila_main.c | 6 net/ipv6/ila/ila_xlat.c | 13 net/ipv6/ip6_offload.c | 14 net/ipv6/udp_offload.c | 2 net/mptcp/options.c | 34 - net/mptcp/pm.c | 24 - net/mptcp/pm_netlink.c | 59 +- net/mptcp/protocol.c | 54 +- net/mptcp/protocol.h | 4 net/mptcp/subflow.c | 50 +- net/netfilter/nf_conncount.c | 8 net/sched/sch_cake.c | 11 net/sched/sch_netem.c | 9 net/sunrpc/stats.c | 2 net/sunrpc/svc.c | 36 + net/sunrpc/xprtrdma/svc_rdma_rw.c | 2 net/sunrpc/xprtsock.c | 7 net/unix/af_unix.c | 9 net/wireless/scan.c | 46 +- security/apparmor/apparmorfs.c | 4 security/smack/smack_lsm.c | 14 sound/hda/hdmi_chmap.c | 18 sound/pci/hda/hda_generic.c | 63 +++ sound/pci/hda/hda_generic.h | 1 sound/pci/hda/patch_conexant.c | 13 sound/pci/hda/patch_realtek.c | 10 sound/soc/soc-dapm.c | 1 sound/soc/soc-topology.c | 2 tools/lib/bpf/libbpf.c | 4 tools/testing/selftests/dmabuf-heaps/dmabuf-heap.c | 4 206 files changed, 1799 insertions(+), 1097 deletions(-) Abhishek Pandit-Subedi (1): usb: typec: ucsi: Fix null pointer dereference in trace Aleksandr Mishin (3): PCI: al: Check IORESOURCE_BUS existence during probe platform/x86: dell-smbios: Fix error path in dell_smbios_init() staging: iio: frequency: ad9834: Validate frequency parameter value Alex Hung (4): drm/amd/display: Check gpio_id before used as array index drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] drm/amd/display: Check msg_id before processing transcation drm/amd/display: Skip wbscl_set_scaler_filter if filter is null Amadeusz Sławiński (1): ASoC: topology: Properly initialize soc_enum values Amir Goldstein (1): fsnotify: clear PARENT_WATCHED flags lazily Andreas Ziegler (1): libbpf: Add NULL checks to bpf_object__{prev_map,next_map} Andy Shevchenko (3): leds: spi-byte: Call of_node_put() on error path drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused drm/i915/fence: Mark debug_fence_free() with __maybe_unused Arend van Spriel (1): wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 Benjamin Marzinski (1): dm init: Handle minors larger than 255 Bob Zhou (1): drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr Breno Leitao (1): virtio_net: Fix napi_skb_cache_put warning Camila Alvarez (1): HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup Carlos Llamas (1): binder: fix UAF caused by offsets overwrite Casey Schaufler (1): smack: tcp: ipv4, fix incorrect labeling Chen Ni (1): media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse Christoffer Sandberg (1): ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices Christoph Hellwig (2): block: remove the blk_flush_integrity call in blk_integrity_unregister block: initialize integrity buffer to zero before writing it to media Chuck Lever (7): NFSD: Refactor nfsd_reply_cache_free_locked() NFSD: Rename nfsd_reply_cache_alloc() NFSD: Replace nfsd_prune_bucket() NFSD: Refactor the duplicate reply cache shrinker NFSD: Rewrite synopsis of nfsd_percpu_counters_init() NFSD: Fix frame size warning in svc_export_parse() svcrdma: Catch another Reply chunk overflow case Cong Wang (1): tcp_bpf: fix return value of tcp_bpf_sendmsg() Connor O'Brien (2): bpf, cgroups: Fix cgroup v2 fallback on v1/v2 mixed mode bpf, cgroup: Assign cgroup in cgroup_sk_alloc when called from interrupt Daiwei Li (1): igb: Fix not clearing TimeSync interrupts for 82580 Dan Carpenter (1): igc: Unlock on error in igc_io_resume() Dan Williams (1): PCI: Add missing bridge lock to pci_bus_lock() Daniel Borkmann (1): net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket Daniel Lezcano (1): clocksource/drivers/timer-of: Remove percpu irq related code David Fernandez Gonzalez (1): VMCI: Fix use-after-free when removing resource in vmci_resource_remove() David Lechner (1): iio: buffer-dmaengine: fix releasing dma channel on error David Sterba (1): btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry() Dmitry Torokhov (1): Input: uinput - reject requests with unreasonable number of slots Dumitru Ceclan (1): iio: adc: ad7124: fix chip ID mismatch Eric Dumazet (4): ila: call nf_unregister_net_hooks() sooner fou: remove sparse errors gro: remove rcu_read_lock/rcu_read_unlock from gro_receive handlers gro: remove rcu_read_lock/rcu_read_unlock from gro_complete handlers Filipe Manana (1): btrfs: fix use-after-free after failure to create a snapshot Geert Uytterhoeven (1): nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc Greg Kroah-Hartman (1): Linux 5.10.226 Guenter Roeck (4): hwmon: (adc128d818) Fix underflows seen when writing limit attributes hwmon: (lm95234) Fix underflows seen when writing limit attributes hwmon: (nct6775-core) Fix underflows seen when writing limit attributes hwmon: (w83627ehf) Fix underflows seen when writing limit attributes Guillaume Nault (1): bareudp: Fix device stats updates. Hans Verkuil (2): media: vivid: fix wrong sizeimage value for mplane media: vivid: don't set HDMI TX controls if there are no HDMI outputs Haoran Liu (1): drm/meson: plane: Add error handling Heiko Carstens (1): s390/vmlinux.lds.S: Move ro_after_init section behind rodata section Hersen Wu (3): drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 drm/amd/display: Add array index check for hdcp ddc access drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create Jacky Bai (2): clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX clocksource/drivers/imx-tpm: Fix next event not taking effect sometime Jacob Pan (1): iommu/vt-d: Handle volatile descriptor status read Jakub Kicinski (1): net: usb: don't write directly to netdev->dev_addr James Morse (1): arm64: acpi: Move get_cpu_for_acpi_id() to a header Jan Kara (3): udf: Limit file size to 4TB ext4: handle redirtying in ext4_bio_write_page() udf: Avoid excessive partition lengths Jann Horn (1): fuse: use unsigned type for getxattr/listxattr size truncation Jeff Layton (2): nfsd: move reply cache initialization into nfsd startup nfsd: move init of percpu reply_cache_stats counters back to nfsd_init_net Jernej Skrabec (1): iommu: sun50i: clear bypass register Jesse Zhang (4): drm/amd/pm: fix warning using uninitialized value of max_vid_step drm/amd/pm: fix the Out-of-bounds read warning drm/amdgpu: the warning dereferencing obj for nbio_v7_4 drm/amd/pm: check negtive return for table entries Jiaxun Yang (1): MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed Joanne Koong (1): fuse: update stats for pages in dropped aux writeback list Johannes Berg (2): wifi: cfg80211: make hash table duplicates more survivable um: line: always fill *error_out in setup_one_line() Jonas Gorski (1): net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN Jonathan Cameron (3): ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() ACPI: processor: Fix memory leaks in error paths of processor_add() arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry Josef Bacik (12): sunrpc: don't change ->sv_stats if it doesn't exist nfsd: stop setting ->pg_stats for unused stats sunrpc: pass in the sv_stats struct through svc_create_pooled sunrpc: remove ->pg_stats from svc_program sunrpc: use the struct net as the svc proc private nfsd: rename NFSD_NET_* to NFSD_STATS_* nfsd: expose /proc/net/sunrpc/nfsd in net namespaces nfsd: make all of the nfsd stats per-network namespace nfsd: remove nfsd_stats, make th_cnt a global counter nfsd: make svc_stat per-network namespace instead of global btrfs: replace BUG_ON with ASSERT in walk_down_proc() btrfs: clean up our handling of refs == 0 in snapshot delete Jules Irenge (1): pcmcia: Use resource_size function on resource object Kent Overstreet (1): lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() Kishon Vijay Abraham I (1): PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) Konstantin Andreev (1): smack: unix sockets: fix accept()ed socket label Krishna Kumar (1): pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv Kuniyuki Iwashima (3): af_unix: Remove put_pid()/put_cred() in copy_peercred(). can: bcm: Remove proc entry when dev is unregistered. fou: Fix null-ptr-deref in GRO. Leesoo Ahn (1): apparmor: fix possible NULL pointer dereference Len Baker (1): drivers/net/usb: Remove all strcpy() uses Liao Chen (1): mmc: sdhci-of-aspeed: fix module autoloading Luiz Augusto von Dentz (2): Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE" Bluetooth: MGMT: Ignore keys being loaded with invalid type Ma Jun (5): drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr drm/amdgpu/pm: Fix uninitialized variable agc_btc_response drm/amdgpu: Fix out-of-bounds write warning drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs Ma Ke (1): irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init() Matteo Martelli (1): iio: fix scale application in iio_convert_raw_to_processed_unlocked Matthieu Baerts (NGI0) (2): mptcp: pr_debug: add missing \n at the end mptcp: pm: avoid possible UaF when selecting endp Maurizio Lombardi (1): nvmet-tcp: fix kernel crash if commands allocation fails Maximilien Perreault (1): ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx Michael Chen (1): drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device Michael Ellerman (1): ata: pata_macio: Use WARN instead of BUG Naman Jain (1): Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic NeilBrown (1): NFSD: simplify error paths in nfsd_svc() Nikita Kiryushin (1): rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow Oliver Neukum (2): usbnet: modern method to get random MAC usbnet: ipheth: race between ipheth_close and error handling Pali Rohár (1): irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1 Pawel Dembicki (1): net: dsa: vsc73xx: fix possible subblocks range of CAPT block Peter Zijlstra (1): perf/aux: Fix AUX buffer serialization Philip Mueller (1): drm: panel-orientation-quirks: Add quirk for OrangePi Neo Phillip Lougher (1): Squashfs: sanity check symbolic link size Qing Wang (1): nilfs2: replace snprintf in show functions with sysfs_emit Ricardo Ribalda (1): media: uvcvideo: Enforce alignment of frame and interval Richard Fitzgerald (2): i2c: Fix conditional for substituting empty ACPI functions i2c: Use IS_REACHABLE() for substituting empty ACPI functions Richard Maina (1): hwspinlock: Introduce hwspin_lock_bust() Rik van Riel (1): dma-debug: avoid deadlock between dma debug vs printk and netconsole Roland Xu (1): rtmutex: Drop rt_mutex::wait_lock before scheduling Ryusuke Konishi (3): nilfs2: fix missing cleanup on rollforward recovery error nilfs2: fix state management in error path of log writing function nilfs2: protect references to superblock parameters exposed in sysfs Sam Protsenko (1): mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K Sascha Hauer (1): wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() Satya Priya Kakitapalli (2): clk: qcom: clk-alpha-pll: Fix the pll post div mask clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API Saurabh Sengar (1): uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind Seunghwan Baek (1): mmc: cqhci: Fix checking of CQHCI_HALT state Shahar S Matityahu (1): wifi: iwlwifi: remove fw_running op Shakeel Butt (1): memcg: protect concurrent access to mem_cgroup_idr Shannon Nelson (1): ionic: fix potential irq name truncation Shantanu Goel (1): usb: uas: set host status byte on data completion error Simon Arlott (1): can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open Simon Holesch (1): usbip: Don't submit special requests twice Stanislav Fomichev (1): net: set SOCK_RCU_FREE before inserting socket into hashtable Stefan Wiehler (1): of/irq: Prevent device address out-of-bounds read in interrupt map walk Stephen Hemminger (1): sch/netem: fix use after free in netem_dequeue Sven Schnelle (1): uprobes: Use kzalloc to allocate xol area Takashi Iwai (3): ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown ALSA: hda/conexant: Mute speakers at suspend / shutdown ALSA: hda: Add input value sanity checks to HDMI channel map controls Terry Cheong (1): ALSA: hda/realtek: add patch for internal mic in Lenovo V145 Thomas Gleixner (1): x86/mm: Fix PTI for i386 some more Tim Huang (6): drm/amdgpu: fix overflowed array index read warning drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr drm/amdgpu: fix uninitialized scalar variable warning drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr drm/amdgpu: fix ucode out-of-bounds read warning drm/amdgpu: fix mc_data out-of-bounds read warning Toke Høiland-Jørgensen (1): sched: sch_cake: fix bulk flow accounting logic for host fairness Trond Myklebust (1): NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations Vladimir Oltean (1): net: dpaa: avoid on-stack arrays of NR_CPUS elements Waiman Long (1): cgroup: Protect css->cgroup write under css_set_lock Yunjian Wang (1): netfilter: nf_conncount: fix wrong variable type ZHANG Yuntian (1): net: usb: qmi_wwan: add MeiG Smart SRM825L Zenghui Yu (1): kselftests: dmabuf-heaps: Ensure the driver name is null-terminated Zheng Qixing (1): ata: libata: Fix memory leak for error path in ata_host_alloc() Zheng Yejian (1): tracing: Avoid possible softlockup in tracing_iter_reset() Zhigang Luo (1): drm/amdgpu: avoid reading vf2pf info size from FB Zijun Hu (1): devres: Initialize an uninitialized struct member Zqiang (1): smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu() robelin (1): ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object

1 year, 3 months

1
1
0 0

Linux 5.4.284

by Greg Kroah-Hartman

I'm announcing the release of the 5.4.284 kernel. All users of the 5.4 kernel series must upgrade. The updated 5.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.4.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm64/include/asm/acpi.h | 12 + arch/arm64/kernel/acpi_numa.c | 11 arch/parisc/kernel/irq.c | 4 arch/um/drivers/line.c | 2 block/bio-integrity.c | 11 drivers/acpi/acpi_processor.c | 15 - drivers/android/binder.c | 1 drivers/ata/libata-core.c | 4 drivers/ata/pata_macio.c | 7 drivers/base/devres.c | 1 drivers/clk/hisilicon/clk-hi6220.c | 3 drivers/clk/qcom/clk-alpha-pll.c | 6 drivers/clocksource/timer-imx-tpm.c | 16 + drivers/clocksource/timer-of.c | 17 - drivers/clocksource/timer-of.h | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_afmt.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 3 drivers/gpu/drm/amd/amdkfd/kfd_crat.h | 2 drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 3 drivers/gpu/drm/amd/amdkfd/kfd_topology.h | 5 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 5 drivers/gpu/drm/amd/display/dc/clk_mgr/dcn21/rn_clk_mgr.c | 3 drivers/gpu/drm/amd/display/dc/dcn20/dcn20_dwb_scl.c | 3 drivers/gpu/drm/amd/display/dc/gpio/gpio_service.c | 17 + drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 drivers/gpu/drm/i915/i915_sw_fence.c | 8 drivers/hid/hid-cougar.c | 2 drivers/hv/vmbus_drv.c | 1 drivers/hwmon/adc128d818.c | 4 drivers/hwmon/lm95234.c | 9 drivers/hwmon/nct6775.c | 2 drivers/hwmon/w83627ehf.c | 4 drivers/iio/buffer/industrialio-buffer-dmaengine.c | 4 drivers/iio/inkern.c | 8 drivers/input/misc/uinput.c | 14 + drivers/iommu/dmar.c | 2 drivers/irqchip/irq-armada-370-xp.c | 4 drivers/irqchip/irq-gic-v2m.c | 6 drivers/md/dm-init.c | 4 drivers/media/platform/qcom/camss/camss.c | 5 drivers/media/usb/uvc/uvc_driver.c | 18 + drivers/misc/vmw_vmci/vmci_resource.c | 3 drivers/mmc/host/dw_mmc.c | 4 drivers/mmc/host/sdhci-of-aspeed.c | 1 drivers/net/dsa/vitesse-vsc73xx-core.c | 10 drivers/net/ethernet/intel/igb/igb_main.c | 10 drivers/net/ethernet/pensando/ionic/ionic_lif.c | 2 drivers/net/usb/ch9200.c | 4 drivers/net/usb/cx82310_eth.c | 56 ++++ drivers/net/usb/ipheth.c | 4 drivers/net/usb/kaweth.c | 3 drivers/net/usb/mcs7830.c | 4 drivers/net/usb/qmi_wwan.c | 1 drivers/net/usb/sierra_net.c | 6 drivers/net/usb/sr9700.c | 4 drivers/net/usb/sr9800.c | 5 drivers/net/usb/usbnet.c | 23 - drivers/net/virtio_net.c | 8 drivers/net/wireless/broadcom/brcm80211/brcmsmac/mac80211_if.c | 1 drivers/net/wireless/marvell/mwifiex/main.h | 3 drivers/nvme/target/tcp.c | 4 drivers/nvmem/core.c | 6 drivers/of/irq.c | 15 - drivers/pci/controller/dwc/pci-keystone.c | 44 +++ drivers/pci/hotplug/pnv_php.c | 3 drivers/pci/pci.c | 35 +- drivers/pcmcia/yenta_socket.c | 6 drivers/platform/x86/dell-smbios-base.c | 5 drivers/reset/hisilicon/hi6220_reset.c | 69 +++++ drivers/staging/iio/frequency/ad9834.c | 2 drivers/uio/uio_hv_generic.c | 11 drivers/usb/storage/uas.c | 1 drivers/usb/typec/ucsi/ucsi.h | 2 drivers/usb/usbip/stub_rx.c | 77 ++++-- fs/btrfs/extent-tree.c | 32 ++ fs/btrfs/inode.c | 2 fs/fuse/file.c | 8 fs/fuse/xattr.c | 4 fs/nfs/super.c | 2 fs/nilfs2/recovery.c | 35 ++ fs/nilfs2/segment.c | 10 fs/nilfs2/sysfs.c | 117 +++++----- fs/squashfs/inode.c | 7 fs/udf/super.c | 24 +- include/linux/i2c.h | 2 include/linux/ring_buffer.h | 3 kernel/cgroup/cgroup.c | 2 kernel/events/uprobes.c | 3 kernel/locking/rtmutex.c | 4 kernel/smp.c | 1 kernel/trace/ring_buffer.c | 23 - kernel/trace/trace.c | 6 kernel/trace/trace_functions_graph.c | 2 lib/generic-radix-tree.c | 2 net/bridge/br_fdb.c | 116 ++++----- net/bridge/br_input.c | 2 net/bridge/br_private.h | 17 - net/bridge/br_switchdev.c | 6 net/can/bcm.c | 4 net/ipv4/inet_hashtables.c | 2 net/ipv4/tcp_bpf.c | 2 net/ipv6/ila/ila.h | 1 net/ipv6/ila/ila_main.c | 6 net/ipv6/ila/ila_xlat.c | 13 - net/netfilter/nf_conncount.c | 8 net/sched/sch_cake.c | 11 net/sched/sch_netem.c | 9 net/sunrpc/xprtsock.c | 7 net/unix/af_unix.c | 9 net/wireless/scan.c | 46 ++- security/apparmor/apparmorfs.c | 4 security/smack/smack_lsm.c | 14 - sound/hda/hdmi_chmap.c | 18 + sound/pci/hda/patch_conexant.c | 11 sound/soc/soc-dapm.c | 1 sound/soc/soc-topology.c | 2 tools/lib/bpf/libbpf.c | 4 120 files changed, 899 insertions(+), 396 deletions(-) Abhishek Pandit-Subedi (1): usb: typec: ucsi: Fix null pointer dereference in trace Aleksandr Mishin (2): platform/x86: dell-smbios: Fix error path in dell_smbios_init() staging: iio: frequency: ad9834: Validate frequency parameter value Alex Hung (3): drm/amd/display: Check gpio_id before used as array index drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] drm/amd/display: Skip wbscl_set_scaler_filter if filter is null Amadeusz Sławiński (1): ASoC: topology: Properly initialize soc_enum values Andreas Ziegler (1): libbpf: Add NULL checks to bpf_object__{prev_map,next_map} Andy Shevchenko (2): drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused drm/i915/fence: Mark debug_fence_free() with __maybe_unused Arend van Spriel (1): wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 Benjamin Marzinski (1): dm init: Handle minors larger than 255 Breno Leitao (1): virtio_net: Fix napi_skb_cache_put warning Camila Alvarez (1): HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup Carlos Llamas (1): binder: fix UAF caused by offsets overwrite Casey Schaufler (1): smack: tcp: ipv4, fix incorrect labeling Chen Ni (1): media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse Christoffer Sandberg (1): ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices Christoph Hellwig (1): block: initialize integrity buffer to zero before writing it to media Cong Wang (1): tcp_bpf: fix return value of tcp_bpf_sendmsg() Daiwei Li (1): igb: Fix not clearing TimeSync interrupts for 82580 Dan Williams (1): PCI: Add missing bridge lock to pci_bus_lock() Daniel Borkmann (1): net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket Daniel Lezcano (1): clocksource/drivers/timer-of: Remove percpu irq related code David Fernandez Gonzalez (1): VMCI: Fix use-after-free when removing resource in vmci_resource_remove() David Lechner (1): iio: buffer-dmaengine: fix releasing dma channel on error David Sterba (1): btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry() Dmitry Torokhov (1): Input: uinput - reject requests with unreasonable number of slots Eric Dumazet (1): ila: call nf_unregister_net_hooks() sooner Geert Uytterhoeven (1): nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc Greg Kroah-Hartman (2): Revert "parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367" Linux 5.4.284 Guenter Roeck (4): hwmon: (adc128d818) Fix underflows seen when writing limit attributes hwmon: (lm95234) Fix underflows seen when writing limit attributes hwmon: (nct6775-core) Fix underflows seen when writing limit attributes hwmon: (w83627ehf) Fix underflows seen when writing limit attributes Hersen Wu (2): drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create Jacky Bai (2): clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX clocksource/drivers/imx-tpm: Fix next event not taking effect sometime Jacob Pan (1): iommu/vt-d: Handle volatile descriptor status read Jakub Kicinski (1): net: usb: don't write directly to netdev->dev_addr James Morse (1): arm64: acpi: Move get_cpu_for_acpi_id() to a header Jan Kara (2): udf: Limit file size to 4TB udf: Avoid excessive partition lengths Jann Horn (1): fuse: use unsigned type for getxattr/listxattr size truncation Joanne Koong (1): fuse: update stats for pages in dropped aux writeback list Johannes Berg (2): wifi: cfg80211: make hash table duplicates more survivable um: line: always fill *error_out in setup_one_line() Jonas Gorski (1): net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN Jonathan Cameron (3): ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() ACPI: processor: Fix memory leaks in error paths of processor_add() arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry Josef Bacik (2): btrfs: replace BUG_ON with ASSERT in walk_down_proc() btrfs: clean up our handling of refs == 0 in snapshot delete Jules Irenge (1): pcmcia: Use resource_size function on resource object Kent Overstreet (1): lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() Kishon Vijay Abraham I (1): PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) Konstantin Andreev (1): smack: unix sockets: fix accept()ed socket label Krishna Kumar (1): pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv Kuniyuki Iwashima (2): af_unix: Remove put_pid()/put_cred() in copy_peercred(). can: bcm: Remove proc entry when dev is unregistered. Leesoo Ahn (1): apparmor: fix possible NULL pointer dereference Len Baker (1): drivers/net/usb: Remove all strcpy() uses Liao Chen (1): mmc: sdhci-of-aspeed: fix module autoloading Ma Jun (1): drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr Ma Ke (1): irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init() Matteo Martelli (1): iio: fix scale application in iio_convert_raw_to_processed_unlocked Maurizio Lombardi (1): nvmet-tcp: fix kernel crash if commands allocation fails Michael Chen (1): drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device Michael Ellerman (1): ata: pata_macio: Use WARN instead of BUG Naman Jain (1): Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic Nikolay Aleksandrov (5): net: bridge: fdb: convert is_local to bitops net: bridge: fdb: convert is_static to bitops net: bridge: fdb: convert is_sticky to bitops net: bridge: fdb: convert added_by_user to bitops net: bridge: fdb: convert added_by_external_learn to use bitops Oliver Neukum (2): usbnet: modern method to get random MAC usbnet: ipheth: race between ipheth_close and error handling Ondrej Zary (1): cx82310_eth: re-enable ethernet mode after router reboot Pali Rohár (1): irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1 Pawel Dembicki (1): net: dsa: vsc73xx: fix possible subblocks range of CAPT block Peter Griffin (2): reset: hi6220: Add support for AO reset controller clk: hi6220: use CLK_OF_DECLARE_DRIVER Philip Mueller (1): drm: panel-orientation-quirks: Add quirk for OrangePi Neo Phillip Lougher (1): Squashfs: sanity check symbolic link size Qing Wang (1): nilfs2: replace snprintf in show functions with sysfs_emit Ricardo Ribalda (1): media: uvcvideo: Enforce alignment of frame and interval Richard Fitzgerald (2): i2c: Fix conditional for substituting empty ACPI functions i2c: Use IS_REACHABLE() for substituting empty ACPI functions Roland Xu (1): rtmutex: Drop rt_mutex::wait_lock before scheduling Ryusuke Konishi (3): nilfs2: fix missing cleanup on rollforward recovery error nilfs2: fix state management in error path of log writing function nilfs2: protect references to superblock parameters exposed in sysfs Sam Protsenko (1): mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K Sascha Hauer (1): wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() Satya Priya Kakitapalli (2): clk: qcom: clk-alpha-pll: Fix the pll post div mask clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API Saurabh Sengar (1): uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind Shannon Nelson (1): ionic: fix potential irq name truncation Shantanu Goel (1): usb: uas: set host status byte on data completion error Simon Holesch (1): usbip: Don't submit special requests twice Stanislav Fomichev (1): net: set SOCK_RCU_FREE before inserting socket into hashtable Stefan Wiehler (1): of/irq: Prevent device address out-of-bounds read in interrupt map walk Stephen Hemminger (1): sch/netem: fix use after free in netem_dequeue Steven Rostedt (VMware) (1): ring-buffer: Rename ring_buffer_read() to read_buffer_iter_advance() Sven Schnelle (1): uprobes: Use kzalloc to allocate xol area Takashi Iwai (1): ALSA: hda: Add input value sanity checks to HDMI channel map controls Tim Huang (3): drm/amdgpu: fix overflowed array index read warning drm/amdgpu: fix ucode out-of-bounds read warning drm/amdgpu: fix mc_data out-of-bounds read warning Toke Høiland-Jørgensen (1): sched: sch_cake: fix bulk flow accounting logic for host fairness Trond Myklebust (1): NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations Waiman Long (1): cgroup: Protect css->cgroup write under css_set_lock Yunjian Wang (1): netfilter: nf_conncount: fix wrong variable type ZHANG Yuntian (1): net: usb: qmi_wwan: add MeiG Smart SRM825L Zhang Changzhong (1): cx82310_eth: fix error return code in cx82310_bind() Zheng Qixing (1): ata: libata: Fix memory leak for error path in ata_host_alloc() Zheng Yejian (1): tracing: Avoid possible softlockup in tracing_iter_reset() Zijun Hu (1): devres: Initialize an uninitialized struct member Zqiang (1): smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu() robelin (1): ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object

1 year, 3 months

1
1
0 0

Linux 4.19.322

by Greg Kroah-Hartman

I'm announcing the release of the 4.19.322 kernel. All users of the 4.19 kernel series must upgrade. The updated 4.19.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.19.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/parisc/kernel/irq.c | 4 arch/um/drivers/line.c | 2 block/bio-integrity.c | 11 drivers/acpi/acpi_processor.c | 15 - drivers/ata/libata-core.c | 4 drivers/ata/pata_macio.c | 7 drivers/base/devres.c | 1 drivers/clk/qcom/clk-alpha-pll.c | 2 drivers/clocksource/timer-imx-tpm.c | 16 - drivers/gpu/drm/amd/amdgpu/amdgpu_afmt.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 3 drivers/gpu/drm/amd/amdkfd/kfd_crat.h | 2 drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 3 drivers/gpu/drm/amd/amdkfd/kfd_topology.h | 5 drivers/gpu/drm/i915/i915_sw_fence.c | 8 drivers/hid/hid-cougar.c | 2 drivers/hv/vmbus_drv.c | 1 drivers/hwmon/adc128d818.c | 4 drivers/hwmon/lm95234.c | 9 drivers/hwmon/nct6775.c | 2 drivers/hwmon/w83627ehf.c | 4 drivers/iio/buffer/industrialio-buffer-dmaengine.c | 4 drivers/iio/inkern.c | 8 drivers/input/misc/uinput.c | 14 + drivers/iommu/dmar.c | 2 drivers/irqchip/irq-armada-370-xp.c | 4 drivers/media/platform/qcom/camss/camss.c | 5 drivers/media/usb/uvc/uvc_driver.c | 18 + drivers/misc/vmw_vmci/vmci_resource.c | 3 drivers/mmc/host/dw_mmc.c | 4 drivers/net/dsa/vitesse-vsc73xx.c | 10 drivers/net/ethernet/intel/igb/igb_main.c | 10 drivers/net/ethernet/mellanox/mlxsw/spectrum_switchdev.c | 9 drivers/net/ethernet/rocker/rocker_main.c | 1 drivers/net/usb/ch9200.c | 4 drivers/net/usb/cx82310_eth.c | 56 +++- drivers/net/usb/ipheth.c | 4 drivers/net/usb/kaweth.c | 3 drivers/net/usb/mcs7830.c | 4 drivers/net/usb/qmi_wwan.c | 1 drivers/net/usb/sierra_net.c | 6 drivers/net/usb/sr9700.c | 4 drivers/net/usb/sr9800.c | 5 drivers/net/usb/usbnet.c | 23 - drivers/net/virtio_net.c | 8 drivers/net/wireless/broadcom/brcm80211/brcmsmac/mac80211_if.c | 1 drivers/net/wireless/marvell/mwifiex/main.h | 3 drivers/nvmem/core.c | 6 drivers/of/irq.c | 15 - drivers/pci/hotplug/pnv_php.c | 3 drivers/pci/pci.c | 35 +- drivers/pcmcia/yenta_socket.c | 6 drivers/platform/x86/dell-smbios-base.c | 5 drivers/uio/uio_hv_generic.c | 11 drivers/usb/dwc3/dwc3-st.c | 12 drivers/usb/usbip/stub_rx.c | 77 +++--- fs/btrfs/extent-tree.c | 32 +- fs/btrfs/inode.c | 2 fs/fuse/xattr.c | 4 fs/nilfs2/recovery.c | 35 ++ fs/nilfs2/segment.c | 10 fs/nilfs2/sysfs.c | 117 +++++---- fs/squashfs/inode.c | 7 fs/udf/super.c | 24 + include/linux/ring_buffer.h | 3 include/net/net_namespace.h | 5 include/net/switchdev.h | 3 include/uapi/linux/neighbour.h | 1 kernel/cgroup/cgroup.c | 2 kernel/events/uprobes.c | 3 kernel/locking/rtmutex.c | 4 kernel/smp.c | 1 kernel/trace/ring_buffer.c | 23 - kernel/trace/trace.c | 6 kernel/trace/trace_functions_graph.c | 2 net/bridge/br.c | 4 net/bridge/br_fdb.c | 128 +++++----- net/bridge/br_input.c | 2 net/bridge/br_private.h | 18 - net/bridge/br_switchdev.c | 11 net/can/bcm.c | 4 net/core/net_namespace.c | 28 ++ net/dsa/slave.c | 1 net/ipv6/ila/ila.h | 1 net/ipv6/ila/ila_main.c | 6 net/ipv6/ila/ila_xlat.c | 13 - net/netfilter/nf_conncount.c | 8 net/rfkill/core.c | 4 net/sched/sch_netem.c | 9 net/sunrpc/xprtsock.c | 7 net/unix/af_unix.c | 9 security/apparmor/apparmorfs.c | 4 security/smack/smack_lsm.c | 14 - sound/hda/hdmi_chmap.c | 18 + sound/pci/hda/patch_conexant.c | 11 sound/usb/helper.c | 17 + sound/usb/helper.h | 1 sound/usb/quirks.c | 14 - 101 files changed, 768 insertions(+), 345 deletions(-) Aleksandr Mishin (1): platform/x86: dell-smbios: Fix error path in dell_smbios_init() Andy Shevchenko (2): drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused drm/i915/fence: Mark debug_fence_free() with __maybe_unused Arend van Spriel (1): wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 Breno Leitao (1): virtio_net: Fix napi_skb_cache_put warning Camila Alvarez (1): HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup Casey Schaufler (1): smack: tcp: ipv4, fix incorrect labeling Chen Ni (1): media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse Christoffer Sandberg (1): ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices Christoph Hellwig (1): block: initialize integrity buffer to zero before writing it to media Daiwei Li (1): igb: Fix not clearing TimeSync interrupts for 82580 Dan Williams (1): PCI: Add missing bridge lock to pci_bus_lock() Daniel Borkmann (1): net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket David Fernandez Gonzalez (1): VMCI: Fix use-after-free when removing resource in vmci_resource_remove() David Lechner (1): iio: buffer-dmaengine: fix releasing dma channel on error David Sterba (1): btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry() Dmitry Torokhov (1): Input: uinput - reject requests with unreasonable number of slots Eric Dumazet (2): netns: add pre_exit method to struct pernet_operations ila: call nf_unregister_net_hooks() sooner Geert Uytterhoeven (1): nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc Greg Kroah-Hartman (2): Revert "parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367" Linux 4.19.322 Guenter Roeck (4): hwmon: (adc128d818) Fix underflows seen when writing limit attributes hwmon: (lm95234) Fix underflows seen when writing limit attributes hwmon: (nct6775-core) Fix underflows seen when writing limit attributes hwmon: (w83627ehf) Fix underflows seen when writing limit attributes Hillf Danton (1): ALSA: usb-audio: Fix gpf in snd_usb_pipe_sanity_check Ido Schimmel (1): bridge: switchdev: Allow clearing FDB entry offload indication Jacky Bai (2): clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX clocksource/drivers/imx-tpm: Fix next event not taking effect sometime Jacob Pan (1): iommu/vt-d: Handle volatile descriptor status read Jakub Kicinski (1): net: usb: don't write directly to netdev->dev_addr Jan Kara (2): udf: Limit file size to 4TB udf: Avoid excessive partition lengths Jann Horn (1): fuse: use unsigned type for getxattr/listxattr size truncation Johannes Berg (1): um: line: always fill *error_out in setup_one_line() Jonas Gorski (1): net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN Jonathan Cameron (2): ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() ACPI: processor: Fix memory leaks in error paths of processor_add() Josef Bacik (2): btrfs: replace BUG_ON with ASSERT in walk_down_proc() btrfs: clean up our handling of refs == 0 in snapshot delete Jules Irenge (1): pcmcia: Use resource_size function on resource object Konstantin Andreev (1): smack: unix sockets: fix accept()ed socket label Krishna Kumar (1): pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv Krzysztof Kozlowski (1): usb: dwc3: st: add missing depopulate in probe error path Kuniyuki Iwashima (2): af_unix: Remove put_pid()/put_cred() in copy_peercred(). can: bcm: Remove proc entry when dev is unregistered. Leesoo Ahn (1): apparmor: fix possible NULL pointer dereference Len Baker (1): drivers/net/usb: Remove all strcpy() uses Li RongQing (1): netns: restore ops before calling ops_exit_list Ma Jun (1): drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr Matteo Martelli (1): iio: fix scale application in iio_convert_raw_to_processed_unlocked Michael Chen (1): drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device Michael Ellerman (1): ata: pata_macio: Use WARN instead of BUG Naman Jain (1): Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic Nikolay Aleksandrov (6): net: bridge: add support for sticky fdb entries net: bridge: fdb: convert is_local to bitops net: bridge: fdb: convert is_static to bitops net: bridge: fdb: convert is_sticky to bitops net: bridge: fdb: convert added_by_user to bitops net: bridge: fdb: convert added_by_external_learn to use bitops Nishka Dasgupta (1): usb: dwc3: st: Add of_node_put() before return in probe function Oliver Neukum (2): usbnet: modern method to get random MAC usbnet: ipheth: race between ipheth_close and error handling Ondrej Zary (1): cx82310_eth: re-enable ethernet mode after router reboot Pali Rohár (1): irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1 Pawel Dembicki (1): net: dsa: vsc73xx: fix possible subblocks range of CAPT block Phillip Lougher (1): Squashfs: sanity check symbolic link size Qing Wang (1): nilfs2: replace snprintf in show functions with sysfs_emit Ricardo Ribalda (1): media: uvcvideo: Enforce alignment of frame and interval Richard Guy Briggs (1): rfkill: fix spelling mistake contidion to condition Roland Xu (1): rtmutex: Drop rt_mutex::wait_lock before scheduling Ryusuke Konishi (3): nilfs2: fix missing cleanup on rollforward recovery error nilfs2: fix state management in error path of log writing function nilfs2: protect references to superblock parameters exposed in sysfs Sam Protsenko (1): mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K Sascha Hauer (1): wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() Satya Priya Kakitapalli (1): clk: qcom: clk-alpha-pll: Fix the pll post div mask Saurabh Sengar (1): uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind Simon Holesch (1): usbip: Don't submit special requests twice Stefan Wiehler (1): of/irq: Prevent device address out-of-bounds read in interrupt map walk Stephen Hemminger (1): sch/netem: fix use after free in netem_dequeue Steven Rostedt (VMware) (1): ring-buffer: Rename ring_buffer_read() to read_buffer_iter_advance() Sven Schnelle (1): uprobes: Use kzalloc to allocate xol area Takashi Iwai (2): ALSA: usb-audio: Sanity checks for each pipe and EP types ALSA: hda: Add input value sanity checks to HDMI channel map controls Tim Huang (3): drm/amdgpu: fix overflowed array index read warning drm/amdgpu: fix ucode out-of-bounds read warning drm/amdgpu: fix mc_data out-of-bounds read warning Waiman Long (1): cgroup: Protect css->cgroup write under css_set_lock Yunjian Wang (1): netfilter: nf_conncount: fix wrong variable type ZHANG Yuntian (1): net: usb: qmi_wwan: add MeiG Smart SRM825L Zhang Changzhong (1): cx82310_eth: fix error return code in cx82310_bind() Zheng Qixing (1): ata: libata: Fix memory leak for error path in ata_host_alloc() Zheng Yejian (1): tracing: Avoid possible softlockup in tracing_iter_reset() Zijun Hu (1): devres: Initialize an uninitialized struct member Zqiang (1): smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu()

1 year, 3 months

1
1
0 0

[PATCH 5.4 000/121] 5.4.284-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.284 release. There are 121 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 13 Sep 2024 13:05:00 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.284-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.284-rc2 Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367" Zhang Changzhong <zhangchangzhong(a)huawei.com> cx82310_eth: fix error return code in cx82310_bind() Daniel Borkmann <daniel(a)iogearbox.net> net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket Roland Xu <mu001999(a)outlook.com> rtmutex: Drop rt_mutex::wait_lock before scheduling Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/i915/fence: Mark debug_fence_free() with __maybe_unused Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused Maurizio Lombardi <mlombard(a)redhat.com> nvmet-tcp: fix kernel crash if commands allocation fails Jonathan Cameron <Jonathan.Cameron(a)huawei.com> arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry James Morse <james.morse(a)arm.com> arm64: acpi: Move get_cpu_for_acpi_id() to a header Jonathan Cameron <Jonathan.Cameron(a)huawei.com> ACPI: processor: Fix memory leaks in error paths of processor_add() Jonathan Cameron <Jonathan.Cameron(a)huawei.com> ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: protect references to superblock parameters exposed in sysfs Qing Wang <wangqing(a)vivo.com> nilfs2: replace snprintf in show functions with sysfs_emit Zheng Yejian <zhengyejian(a)huaweicloud.com> tracing: Avoid possible softlockup in tracing_iter_reset() Steven Rostedt (VMware) <rostedt(a)goodmis.org> ring-buffer: Rename ring_buffer_read() to read_buffer_iter_advance() Sven Schnelle <svens(a)linux.ibm.com> uprobes: Use kzalloc to allocate xol area Daniel Lezcano <daniel.lezcano(a)linaro.org> clocksource/drivers/timer-of: Remove percpu irq related code Jacky Bai <ping.bai(a)nxp.com> clocksource/drivers/imx-tpm: Fix next event not taking effect sometime Jacky Bai <ping.bai(a)nxp.com> clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX David Fernandez Gonzalez <david.fernandez.gonzalez(a)oracle.com> VMCI: Fix use-after-free when removing resource in vmci_resource_remove() Naman Jain <namjain(a)linux.microsoft.com> Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic Saurabh Sengar <ssengar(a)linux.microsoft.com> uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind Geert Uytterhoeven <geert+renesas(a)glider.be> nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc Carlos Llamas <cmllamas(a)google.com> binder: fix UAF caused by offsets overwrite Matteo Martelli <matteomartelli3(a)gmail.com> iio: fix scale application in iio_convert_raw_to_processed_unlocked David Lechner <dlechner(a)baylibre.com> iio: buffer-dmaengine: fix releasing dma channel on error Aleksandr Mishin <amishin(a)t-argos.ru> staging: iio: frequency: ad9834: Validate frequency parameter value Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations Michael Ellerman <mpe(a)ellerman.id.au> ata: pata_macio: Use WARN instead of BUG Kent Overstreet <kent.overstreet(a)linux.dev> lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() Stefan Wiehler <stefan.wiehler(a)nokia.com> of/irq: Prevent device address out-of-bounds read in interrupt map walk Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: sanity check symbolic link size Oliver Neukum <oneukum(a)suse.com> usbnet: ipheth: race between ipheth_close and error handling Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: uinput - reject requests with unreasonable number of slots Camila Alvarez <cam.alvarez.i(a)gmail.com> HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup David Sterba <dsterba(a)suse.com> btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry() Dan Williams <dan.j.williams(a)intel.com> PCI: Add missing bridge lock to pci_bus_lock() Josef Bacik <josef(a)toxicpanda.com> btrfs: clean up our handling of refs == 0 in snapshot delete Josef Bacik <josef(a)toxicpanda.com> btrfs: replace BUG_ON with ASSERT in walk_down_proc() Zqiang <qiang.zhang1211(a)gmail.com> smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu() Sascha Hauer <s.hauer(a)pengutronix.de> wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() Andreas Ziegler <ziegler.andreas(a)siemens.com> libbpf: Add NULL checks to bpf_object__{prev_map,next_map} Guenter Roeck <linux(a)roeck-us.net> hwmon: (w83627ehf) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (nct6775-core) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (lm95234) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (adc128d818) Fix underflows seen when writing limit attributes Krishna Kumar <krishnak(a)linux.ibm.com> pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv Zijun Hu <quic_zijuhu(a)quicinc.com> devres: Initialize an uninitialized struct member Johannes Berg <johannes.berg(a)intel.com> um: line: always fill *error_out in setup_one_line() Waiman Long <longman(a)redhat.com> cgroup: Protect css->cgroup write under css_set_lock Jacob Pan <jacob.jun.pan(a)linux.intel.com> iommu/vt-d: Handle volatile descriptor status read Benjamin Marzinski <bmarzins(a)redhat.com> dm init: Handle minors larger than 255 Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: topology: Properly initialize soc_enum values Pawel Dembicki <paweldembicki(a)gmail.com> net: dsa: vsc73xx: fix possible subblocks range of CAPT block Jonas Gorski <jonas.gorski(a)bisdn.de> net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> net: bridge: fdb: convert added_by_external_learn to use bitops Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> net: bridge: fdb: convert added_by_user to bitops Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> net: bridge: fdb: convert is_sticky to bitops Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> net: bridge: fdb: convert is_static to bitops Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> net: bridge: fdb: convert is_local to bitops Oliver Neukum <oneukum(a)suse.com> usbnet: modern method to get random MAC Jakub Kicinski <kuba(a)kernel.org> net: usb: don't write directly to netdev->dev_addr Len Baker <len.baker(a)gmx.com> drivers/net/usb: Remove all strcpy() uses Ondrej Zary <linux(a)zary.sk> cx82310_eth: re-enable ethernet mode after router reboot Cong Wang <cong.wang(a)bytedance.com> tcp_bpf: fix return value of tcp_bpf_sendmsg() Aleksandr Mishin <amishin(a)t-argos.ru> platform/x86: dell-smbios: Fix error path in dell_smbios_init() Daiwei Li <daiweili(a)google.com> igb: Fix not clearing TimeSync interrupts for 82580 Kuniyuki Iwashima <kuniyu(a)amazon.com> can: bcm: Remove proc entry when dev is unregistered. Jules Irenge <jbi.octave(a)gmail.com> pcmcia: Use resource_size function on resource object Chen Ni <nichen(a)iscas.ac.cn> media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse Kishon Vijay Abraham I <kishon(a)ti.com> PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) Shantanu Goel <sgoel01(a)yahoo.com> usb: uas: set host status byte on data completion error Arend van Spriel <arend.vanspriel(a)broadcom.com> wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 Jan Kara <jack(a)suse.cz> udf: Avoid excessive partition lengths Yunjian Wang <wangyunjian(a)huawei.com> netfilter: nf_conncount: fix wrong variable type Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Remove put_pid()/put_cred() in copy_peercred(). Pali Rohár <pali(a)kernel.org> irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1 Konstantin Andreev <andreev(a)swemel.ru> smack: unix sockets: fix accept()ed socket label Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Add input value sanity checks to HDMI channel map controls Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix state management in error path of log writing function Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix missing cleanup on rollforward recovery error Toke Høiland-Jørgensen <toke(a)redhat.com> sched: sch_cake: fix bulk flow accounting logic for host fairness Eric Dumazet <edumazet(a)google.com> ila: call nf_unregister_net_hooks() sooner Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: clk-alpha-pll: Fix the pll post div mask Peter Griffin <peter.griffin(a)linaro.org> clk: hi6220: use CLK_OF_DECLARE_DRIVER Peter Griffin <peter.griffin(a)linaro.org> reset: hi6220: Add support for AO reset controller Jann Horn <jannh(a)google.com> fuse: use unsigned type for getxattr/listxattr size truncation Joanne Koong <joannelkoong(a)gmail.com> fuse: update stats for pages in dropped aux writeback list Liao Chen <liaochen4(a)huawei.com> mmc: sdhci-of-aspeed: fix module autoloading Sam Protsenko <semen.protsenko(a)linaro.org> mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K Ma Ke <make24(a)iscas.ac.cn> irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init() Zheng Qixing <zhengqixing(a)huawei.com> ata: libata: Fix memory leak for error path in ata_host_alloc() Christoffer Sandberg <cs(a)tuxedo.de> ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices robelin <robelin(a)nvidia.com> ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object Stephen Hemminger <stephen(a)networkplumber.org> sch/netem: fix use after free in netem_dequeue Richard Fitzgerald <rf(a)opensource.cirrus.com> i2c: Use IS_REACHABLE() for substituting empty ACPI functions Jan Kara <jack(a)suse.cz> udf: Limit file size to 4TB Breno Leitao <leitao(a)debian.org> virtio_net: Fix napi_skb_cache_put warning Stanislav Fomichev <sdf(a)google.com> net: set SOCK_RCU_FREE before inserting socket into hashtable Christoph Hellwig <hch(a)lst.de> block: initialize integrity buffer to zero before writing it to media Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Enforce alignment of frame and interval Alex Hung <alex.hung(a)amd.com> drm/amd/display: Skip wbscl_set_scaler_filter if filter is null Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: make hash table duplicates more survivable Casey Schaufler <casey(a)schaufler-ca.com> smack: tcp: ipv4, fix incorrect labeling Abhishek Pandit-Subedi <abhishekpandit(a)chromium.org> usb: typec: ucsi: Fix null pointer dereference in trace Simon Holesch <simon(a)holesch.de> usbip: Don't submit special requests twice Shannon Nelson <shannon.nelson(a)amd.com> ionic: fix potential irq name truncation Leesoo Ahn <lsahn(a)ooseel.net> apparmor: fix possible NULL pointer dereference Michael Chen <michael.chen(a)amd.com> drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix mc_data out-of-bounds read warning Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix ucode out-of-bounds read warning Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check gpio_id before used as array index Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix overflowed array index read warning Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr ZHANG Yuntian <yt(a)radxa.com> net: usb: qmi_wwan: add MeiG Smart SRM825L Richard Fitzgerald <rf(a)opensource.cirrus.com> i2c: Fix conditional for substituting empty ACPI functions Philip Mueller <philm(a)manjaro.org> drm: panel-orientation-quirks: Add quirk for OrangePi Neo ------------- Diffstat: Makefile | 4 +- arch/arm64/include/asm/acpi.h | 12 +++ arch/arm64/kernel/acpi_numa.c | 11 -- arch/parisc/kernel/irq.c | 4 +- arch/um/drivers/line.c | 2 + block/bio-integrity.c | 11 +- drivers/acpi/acpi_processor.c | 15 +-- drivers/android/binder.c | 1 + drivers/ata/libata-core.c | 4 +- drivers/ata/pata_macio.c | 7 +- drivers/base/devres.c | 1 + drivers/clk/hisilicon/clk-hi6220.c | 3 +- drivers/clk/qcom/clk-alpha-pll.c | 6 +- drivers/clocksource/timer-imx-tpm.c | 16 ++- drivers/clocksource/timer-of.c | 17 +-- drivers/clocksource/timer-of.h | 1 - drivers/gpu/drm/amd/amdgpu/amdgpu_afmt.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_crat.h | 2 - drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_topology.h | 5 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 5 +- .../drm/amd/display/dc/clk_mgr/dcn21/rn_clk_mgr.c | 3 +- .../gpu/drm/amd/display/dc/dcn20/dcn20_dwb_scl.c | 3 + drivers/gpu/drm/amd/display/dc/gpio/gpio_service.c | 17 ++- drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 ++ drivers/gpu/drm/i915/i915_sw_fence.c | 8 +- drivers/hid/hid-cougar.c | 2 +- drivers/hv/vmbus_drv.c | 1 + drivers/hwmon/adc128d818.c | 4 +- drivers/hwmon/lm95234.c | 9 +- drivers/hwmon/nct6775.c | 2 +- drivers/hwmon/w83627ehf.c | 4 +- drivers/iio/buffer/industrialio-buffer-dmaengine.c | 4 +- drivers/iio/inkern.c | 8 +- drivers/input/misc/uinput.c | 14 +++ drivers/iommu/dmar.c | 2 +- drivers/irqchip/irq-armada-370-xp.c | 4 + drivers/irqchip/irq-gic-v2m.c | 6 +- drivers/md/dm-init.c | 4 +- drivers/media/platform/qcom/camss/camss.c | 5 +- drivers/media/usb/uvc/uvc_driver.c | 18 +++- drivers/misc/vmw_vmci/vmci_resource.c | 3 +- drivers/mmc/host/dw_mmc.c | 4 +- drivers/mmc/host/sdhci-of-aspeed.c | 1 + drivers/net/dsa/vitesse-vsc73xx-core.c | 10 +- drivers/net/ethernet/intel/igb/igb_main.c | 10 ++ drivers/net/ethernet/pensando/ionic/ionic_lif.c | 2 +- drivers/net/usb/ch9200.c | 4 +- drivers/net/usb/cx82310_eth.c | 56 ++++++++-- drivers/net/usb/ipheth.c | 4 +- drivers/net/usb/kaweth.c | 3 +- drivers/net/usb/mcs7830.c | 4 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/usb/sierra_net.c | 6 +- drivers/net/usb/sr9700.c | 4 +- drivers/net/usb/sr9800.c | 5 +- drivers/net/usb/usbnet.c | 23 ++-- drivers/net/virtio_net.c | 8 +- .../broadcom/brcm80211/brcmsmac/mac80211_if.c | 1 + drivers/net/wireless/marvell/mwifiex/main.h | 3 + drivers/nvme/target/tcp.c | 4 +- drivers/nvmem/core.c | 6 +- drivers/of/irq.c | 15 ++- drivers/pci/controller/dwc/pci-keystone.c | 44 +++++++- drivers/pci/hotplug/pnv_php.c | 3 +- drivers/pci/pci.c | 35 +++--- drivers/pcmcia/yenta_socket.c | 6 +- drivers/platform/x86/dell-smbios-base.c | 5 +- drivers/reset/hisilicon/hi6220_reset.c | 69 +++++++++++- drivers/staging/iio/frequency/ad9834.c | 2 +- drivers/uio/uio_hv_generic.c | 11 +- drivers/usb/storage/uas.c | 1 + drivers/usb/typec/ucsi/ucsi.h | 2 +- drivers/usb/usbip/stub_rx.c | 77 +++++++++----- fs/btrfs/extent-tree.c | 32 ++++-- fs/btrfs/inode.c | 2 +- fs/fuse/file.c | 8 +- fs/fuse/xattr.c | 4 +- fs/nfs/super.c | 2 + fs/nilfs2/recovery.c | 35 +++++- fs/nilfs2/segment.c | 10 +- fs/nilfs2/sysfs.c | 117 ++++++++++++--------- fs/squashfs/inode.c | 7 +- fs/udf/super.c | 24 ++++- include/linux/i2c.h | 2 +- include/linux/ring_buffer.h | 3 +- kernel/cgroup/cgroup.c | 2 +- kernel/events/uprobes.c | 3 +- kernel/locking/rtmutex.c | 4 +- kernel/smp.c | 1 + kernel/trace/ring_buffer.c | 23 ++-- kernel/trace/trace.c | 6 +- kernel/trace/trace_functions_graph.c | 2 +- lib/generic-radix-tree.c | 2 + net/bridge/br_fdb.c | 116 ++++++++++---------- net/bridge/br_input.c | 2 +- net/bridge/br_private.h | 17 +-- net/bridge/br_switchdev.c | 6 +- net/can/bcm.c | 4 + net/ipv4/inet_hashtables.c | 2 +- net/ipv4/tcp_bpf.c | 2 +- net/ipv6/ila/ila.h | 1 + net/ipv6/ila/ila_main.c | 6 ++ net/ipv6/ila/ila_xlat.c | 13 ++- net/netfilter/nf_conncount.c | 8 +- net/sched/sch_cake.c | 11 +- net/sched/sch_netem.c | 9 +- net/sunrpc/xprtsock.c | 7 ++ net/unix/af_unix.c | 9 +- net/wireless/scan.c | 46 +++++--- security/apparmor/apparmorfs.c | 4 + security/smack/smack_lsm.c | 14 ++- sound/hda/hdmi_chmap.c | 18 ++++ sound/pci/hda/patch_conexant.c | 11 ++ sound/soc/soc-dapm.c | 1 + sound/soc/soc-topology.c | 2 + tools/lib/bpf/libbpf.c | 4 +- 120 files changed, 900 insertions(+), 397 deletions(-)

1 year, 3 months

5
4
0 0

[PATCH 5.10 000/185] 5.10.226-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.226 release. There are 185 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 13 Sep 2024 13:05:03 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.226-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.226-rc2 Shakeel Butt <shakeel.butt(a)linux.dev> memcg: protect concurrent access to mem_cgroup_idr Daniel Borkmann <daniel(a)iogearbox.net> net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket Thomas Gleixner <tglx(a)linutronix.de> x86/mm: Fix PTI for i386 some more Roland Xu <mu001999(a)outlook.com> rtmutex: Drop rt_mutex::wait_lock before scheduling Seunghwan Baek <sh8267.baek(a)samsung.com> mmc: cqhci: Fix checking of CQHCI_HALT state Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/i915/fence: Mark debug_fence_free() with __maybe_unused Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused Maurizio Lombardi <mlombard(a)redhat.com> nvmet-tcp: fix kernel crash if commands allocation fails Jonathan Cameron <Jonathan.Cameron(a)huawei.com> arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry James Morse <james.morse(a)arm.com> arm64: acpi: Move get_cpu_for_acpi_id() to a header Jonathan Cameron <Jonathan.Cameron(a)huawei.com> ACPI: processor: Fix memory leaks in error paths of processor_add() Jonathan Cameron <Jonathan.Cameron(a)huawei.com> ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: protect references to superblock parameters exposed in sysfs Qing Wang <wangqing(a)vivo.com> nilfs2: replace snprintf in show functions with sysfs_emit Peter Zijlstra <peterz(a)infradead.org> perf/aux: Fix AUX buffer serialization Sven Schnelle <svens(a)linux.ibm.com> uprobes: Use kzalloc to allocate xol area Daniel Lezcano <daniel.lezcano(a)linaro.org> clocksource/drivers/timer-of: Remove percpu irq related code Jacky Bai <ping.bai(a)nxp.com> clocksource/drivers/imx-tpm: Fix next event not taking effect sometime Jacky Bai <ping.bai(a)nxp.com> clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX David Fernandez Gonzalez <david.fernandez.gonzalez(a)oracle.com> VMCI: Fix use-after-free when removing resource in vmci_resource_remove() Naman Jain <namjain(a)linux.microsoft.com> Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic Saurabh Sengar <ssengar(a)linux.microsoft.com> uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind Geert Uytterhoeven <geert+renesas(a)glider.be> nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc Carlos Llamas <cmllamas(a)google.com> binder: fix UAF caused by offsets overwrite Dumitru Ceclan <mitrutzceclan(a)gmail.com> iio: adc: ad7124: fix chip ID mismatch Matteo Martelli <matteomartelli3(a)gmail.com> iio: fix scale application in iio_convert_raw_to_processed_unlocked David Lechner <dlechner(a)baylibre.com> iio: buffer-dmaengine: fix releasing dma channel on error Aleksandr Mishin <amishin(a)t-argos.ru> staging: iio: frequency: ad9834: Validate frequency parameter value Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations Michael Ellerman <mpe(a)ellerman.id.au> ata: pata_macio: Use WARN instead of BUG Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed Kent Overstreet <kent.overstreet(a)linux.dev> lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() Stefan Wiehler <stefan.wiehler(a)nokia.com> of/irq: Prevent device address out-of-bounds read in interrupt map walk Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: sanity check symbolic link size Oliver Neukum <oneukum(a)suse.com> usbnet: ipheth: race between ipheth_close and error handling Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: uinput - reject requests with unreasonable number of slots Camila Alvarez <cam.alvarez.i(a)gmail.com> HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup Heiko Carstens <hca(a)linux.ibm.com> s390/vmlinux.lds.S: Move ro_after_init section behind rodata section David Sterba <dsterba(a)suse.com> btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry() Zenghui Yu <yuzenghui(a)huawei.com> kselftests: dmabuf-heaps: Ensure the driver name is null-terminated Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dpaa: avoid on-stack arrays of NR_CPUS elements Dan Williams <dan.j.williams(a)intel.com> PCI: Add missing bridge lock to pci_bus_lock() Josef Bacik <josef(a)toxicpanda.com> btrfs: clean up our handling of refs == 0 in snapshot delete Josef Bacik <josef(a)toxicpanda.com> btrfs: replace BUG_ON with ASSERT in walk_down_proc() Zqiang <qiang.zhang1211(a)gmail.com> smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu() Sascha Hauer <s.hauer(a)pengutronix.de> wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() Andreas Ziegler <ziegler.andreas(a)siemens.com> libbpf: Add NULL checks to bpf_object__{prev_map,next_map} Guenter Roeck <linux(a)roeck-us.net> hwmon: (w83627ehf) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (nct6775-core) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (lm95234) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (adc128d818) Fix underflows seen when writing limit attributes Krishna Kumar <krishnak(a)linux.ibm.com> pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv Zijun Hu <quic_zijuhu(a)quicinc.com> devres: Initialize an uninitialized struct member Johannes Berg <johannes.berg(a)intel.com> um: line: always fill *error_out in setup_one_line() Waiman Long <longman(a)redhat.com> cgroup: Protect css->cgroup write under css_set_lock Jacob Pan <jacob.jun.pan(a)linux.intel.com> iommu/vt-d: Handle volatile descriptor status read Benjamin Marzinski <bmarzins(a)redhat.com> dm init: Handle minors larger than 255 Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: topology: Properly initialize soc_enum values Pawel Dembicki <paweldembicki(a)gmail.com> net: dsa: vsc73xx: fix possible subblocks range of CAPT block Jonas Gorski <jonas.gorski(a)bisdn.de> net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN Kuniyuki Iwashima <kuniyu(a)amazon.com> fou: Fix null-ptr-deref in GRO. Eric Dumazet <edumazet(a)google.com> gro: remove rcu_read_lock/rcu_read_unlock from gro_complete handlers Eric Dumazet <edumazet(a)google.com> gro: remove rcu_read_lock/rcu_read_unlock from gro_receive handlers Eric Dumazet <edumazet(a)google.com> fou: remove sparse errors Guillaume Nault <gnault(a)redhat.com> bareudp: Fix device stats updates. Oliver Neukum <oneukum(a)suse.com> usbnet: modern method to get random MAC Jakub Kicinski <kuba(a)kernel.org> net: usb: don't write directly to netdev->dev_addr Len Baker <len.baker(a)gmx.com> drivers/net/usb: Remove all strcpy() uses Dan Carpenter <dan.carpenter(a)linaro.org> igc: Unlock on error in igc_io_resume() Cong Wang <cong.wang(a)bytedance.com> tcp_bpf: fix return value of tcp_bpf_sendmsg() Aleksandr Mishin <amishin(a)t-argos.ru> platform/x86: dell-smbios: Fix error path in dell_smbios_init() Chuck Lever <chuck.lever(a)oracle.com> svcrdma: Catch another Reply chunk overflow case Daiwei Li <daiweili(a)google.com> igb: Fix not clearing TimeSync interrupts for 82580 Kuniyuki Iwashima <kuniyu(a)amazon.com> can: bcm: Remove proc entry when dev is unregistered. Jules Irenge <jbi.octave(a)gmail.com> pcmcia: Use resource_size function on resource object Chen Ni <nichen(a)iscas.ac.cn> media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse Kishon Vijay Abraham I <kishon(a)ti.com> PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: vivid: don't set HDMI TX controls if there are no HDMI outputs Shantanu Goel <sgoel01(a)yahoo.com> usb: uas: set host status byte on data completion error Arend van Spriel <arend.vanspriel(a)broadcom.com> wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> leds: spi-byte: Call of_node_put() on error path Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: vivid: fix wrong sizeimage value for mplane Jan Kara <jack(a)suse.cz> udf: Avoid excessive partition lengths Yunjian Wang <wangyunjian(a)huawei.com> netfilter: nf_conncount: fix wrong variable type Jernej Skrabec <jernej.skrabec(a)gmail.com> iommu: sun50i: clear bypass register Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Remove put_pid()/put_cred() in copy_peercred(). Pali Rohár <pali(a)kernel.org> irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1 Konstantin Andreev <andreev(a)swemel.ru> smack: unix sockets: fix accept()ed socket label Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Add input value sanity checks to HDMI channel map controls Josef Bacik <josef(a)toxicpanda.com> nfsd: make svc_stat per-network namespace instead of global Josef Bacik <josef(a)toxicpanda.com> nfsd: remove nfsd_stats, make th_cnt a global counter Josef Bacik <josef(a)toxicpanda.com> nfsd: make all of the nfsd stats per-network namespace Josef Bacik <josef(a)toxicpanda.com> nfsd: expose /proc/net/sunrpc/nfsd in net namespaces Josef Bacik <josef(a)toxicpanda.com> nfsd: rename NFSD_NET_* to NFSD_STATS_* Josef Bacik <josef(a)toxicpanda.com> sunrpc: use the struct net as the svc proc private Josef Bacik <josef(a)toxicpanda.com> sunrpc: remove ->pg_stats from svc_program Josef Bacik <josef(a)toxicpanda.com> sunrpc: pass in the sv_stats struct through svc_create_pooled Josef Bacik <josef(a)toxicpanda.com> nfsd: stop setting ->pg_stats for unused stats Josef Bacik <josef(a)toxicpanda.com> sunrpc: don't change ->sv_stats if it doesn't exist Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix frame size warning in svc_export_parse() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Rewrite synopsis of nfsd_percpu_counters_init() NeilBrown <neilb(a)suse.de> NFSD: simplify error paths in nfsd_svc() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor the duplicate reply cache shrinker Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace nfsd_prune_bucket() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Rename nfsd_reply_cache_alloc() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd_reply_cache_free_locked() Jeff Layton <jlayton(a)kernel.org> nfsd: move init of percpu reply_cache_stats counters back to nfsd_init_net Jeff Layton <jlayton(a)kernel.org> nfsd: move reply cache initialization into nfsd startup Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: avoid possible UaF when selecting endp Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pr_debug: add missing \n at the end Filipe Manana <fdmanana(a)suse.com> btrfs: fix use-after-free after failure to create a snapshot Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix state management in error path of log writing function Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix missing cleanup on rollforward recovery error Toke Høiland-Jørgensen <toke(a)redhat.com> sched: sch_cake: fix bulk flow accounting logic for host fairness Eric Dumazet <edumazet(a)google.com> ila: call nf_unregister_net_hooks() sooner Zheng Yejian <zhengyejian(a)huaweicloud.com> tracing: Avoid possible softlockup in tracing_iter_reset() Simon Arlott <simon(a)octiron.net> can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: clk-alpha-pll: Fix the pll post div mask Jann Horn <jannh(a)google.com> fuse: use unsigned type for getxattr/listxattr size truncation Joanne Koong <joannelkoong(a)gmail.com> fuse: update stats for pages in dropped aux writeback list Liao Chen <liaochen4(a)huawei.com> mmc: sdhci-of-aspeed: fix module autoloading Sam Protsenko <semen.protsenko(a)linaro.org> mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Ignore keys being loaded with invalid type Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE" Ma Ke <make24(a)iscas.ac.cn> irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init() Zheng Qixing <zhengqixing(a)huawei.com> ata: libata: Fix memory leak for error path in ata_host_alloc() Maximilien Perreault <maximilienperreault(a)gmail.com> ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx Terry Cheong <htcheong(a)chromium.org> ALSA: hda/realtek: add patch for internal mic in Lenovo V145 Christoffer Sandberg <cs(a)tuxedo.de> ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices robelin <robelin(a)nvidia.com> ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object Stephen Hemminger <stephen(a)networkplumber.org> sch/netem: fix use after free in netem_dequeue Connor O'Brien <connor.obrien(a)crowdstrike.com> bpf, cgroup: Assign cgroup in cgroup_sk_alloc when called from interrupt Richard Fitzgerald <rf(a)opensource.cirrus.com> i2c: Use IS_REACHABLE() for substituting empty ACPI functions Jan Kara <jack(a)suse.cz> ext4: handle redirtying in ext4_bio_write_page() Jan Kara <jack(a)suse.cz> udf: Limit file size to 4TB Nikita Kiryushin <kiryushin(a)ancud.ru> rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow Breno Leitao <leitao(a)debian.org> virtio_net: Fix napi_skb_cache_put warning Stanislav Fomichev <sdf(a)google.com> net: set SOCK_RCU_FREE before inserting socket into hashtable Connor O'Brien <connor.obrien(a)crowdstrike.com> bpf, cgroups: Fix cgroup v2 fallback on v1/v2 mixed mode Bob Zhou <bob.zhou(a)amd.com> drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr Christoph Hellwig <hch(a)lst.de> block: initialize integrity buffer to zero before writing it to media Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Enforce alignment of frame and interval Alex Hung <alex.hung(a)amd.com> drm/amd/display: Skip wbscl_set_scaler_filter if filter is null Christoph Hellwig <hch(a)lst.de> block: remove the blk_flush_integrity call in blk_integrity_unregister Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: make hash table duplicates more survivable Haoran Liu <liuhaoran14(a)163.com> drm/meson: plane: Add error handling Casey Schaufler <casey(a)schaufler-ca.com> smack: tcp: ipv4, fix incorrect labeling Amir Goldstein <amir73il(a)gmail.com> fsnotify: clear PARENT_WATCHED flags lazily Abhishek Pandit-Subedi <abhishekpandit(a)chromium.org> usb: typec: ucsi: Fix null pointer dereference in trace Simon Holesch <simon(a)holesch.de> usbip: Don't submit special requests twice Shannon Nelson <shannon.nelson(a)amd.com> ionic: fix potential irq name truncation Richard Maina <quic_rmaina(a)quicinc.com> hwspinlock: Introduce hwspin_lock_bust() Aleksandr Mishin <amishin(a)t-argos.ru> PCI: al: Check IORESOURCE_BUS existence during probe Shahar S Matityahu <shahar.s.matityahu(a)intel.com> wifi: iwlwifi: remove fw_running op Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: check negtive return for table entries Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: the warning dereferencing obj for nbio_v7_4 Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs Leesoo Ahn <lsahn(a)ooseel.net> apparmor: fix possible NULL pointer dereference Michael Chen <michael.chen(a)amd.com> drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix mc_data out-of-bounds read warning Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix ucode out-of-bounds read warning Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix out-of-bounds write warning Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Fix uninitialized variable agc_btc_response Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check msg_id before processing transcation Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Add array index check for hdcp ddc access Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check gpio_id before used as array index Zhigang Luo <Zhigang.Luo(a)amd.com> drm/amdgpu: avoid reading vf2pf info size from FB Tim Huang <Tim.Huang(a)amd.com> drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix uninitialized scalar variable warning Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: fix the Out-of-bounds read warning Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: fix warning using uninitialized value of max_vid_step Tim Huang <Tim.Huang(a)amd.com> drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix overflowed array index read warning Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr ZHANG Yuntian <yt(a)radxa.com> net: usb: qmi_wwan: add MeiG Smart SRM825L Rik van Riel <riel(a)surriel.com> dma-debug: avoid deadlock between dma debug vs printk and netconsole Richard Fitzgerald <rf(a)opensource.cirrus.com> i2c: Fix conditional for substituting empty ACPI functions Takashi Iwai <tiwai(a)suse.de> ALSA: hda/conexant: Mute speakers at suspend / shutdown Takashi Iwai <tiwai(a)suse.de> ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown Philip Mueller <philm(a)manjaro.org> drm: panel-orientation-quirks: Add quirk for OrangePi Neo ------------- Diffstat: Documentation/locking/hwspinlock.rst | 11 ++ Makefile | 4 +- arch/arm64/include/asm/acpi.h | 12 ++ arch/arm64/kernel/acpi_numa.c | 11 -- arch/mips/kernel/cevt-r4k.c | 15 +- arch/s390/kernel/vmlinux.lds.S | 9 + arch/um/drivers/line.c | 2 + arch/x86/mm/pti.c | 45 +++-- block/bio-integrity.c | 11 +- block/blk-integrity.c | 2 - drivers/acpi/acpi_processor.c | 15 +- drivers/android/binder.c | 1 + drivers/ata/libata-core.c | 4 +- drivers/ata/pata_macio.c | 7 +- drivers/base/devres.c | 1 + drivers/clk/qcom/clk-alpha-pll.c | 6 +- drivers/clocksource/timer-imx-tpm.c | 16 +- drivers/clocksource/timer-of.c | 17 +- drivers/clocksource/timer-of.h | 1 - drivers/gpu/drm/amd/amdgpu/amdgpu_afmt.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 4 +- drivers/gpu/drm/amd/amdgpu/df_v1_7.c | 2 + drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_crat.h | 2 - drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_topology.h | 5 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 5 +- .../drm/amd/display/dc/clk_mgr/dcn21/rn_clk_mgr.c | 3 +- .../gpu/drm/amd/display/dc/dcn20/dcn20_dwb_scl.c | 3 + drivers/gpu/drm/amd/display/dc/gpio/gpio_service.c | 17 +- drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c | 17 +- .../gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c | 28 ++- drivers/gpu/drm/amd/pm/powerplay/hwmgr/pp_psm.c | 13 +- .../gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 5 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 2 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu8_hwmgr.c | 15 +- .../gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c | 90 +++++++-- .../gpu/drm/amd/pm/powerplay/hwmgr/vega20_hwmgr.c | 8 +- .../drm/amd/pm/powerplay/smumgr/vega10_smumgr.c | 6 +- drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 + drivers/gpu/drm/i915/i915_sw_fence.c | 8 +- drivers/gpu/drm/meson/meson_plane.c | 17 +- drivers/hid/hid-cougar.c | 2 +- drivers/hv/vmbus_drv.c | 1 + drivers/hwmon/adc128d818.c | 4 +- drivers/hwmon/lm95234.c | 9 +- drivers/hwmon/nct6775.c | 2 +- drivers/hwmon/w83627ehf.c | 4 +- drivers/hwspinlock/hwspinlock_core.c | 28 +++ drivers/hwspinlock/hwspinlock_internal.h | 3 + drivers/iio/adc/ad7124.c | 1 + drivers/iio/buffer/industrialio-buffer-dmaengine.c | 4 +- drivers/iio/inkern.c | 8 +- drivers/input/misc/uinput.c | 14 ++ drivers/iommu/intel/dmar.c | 2 +- drivers/iommu/sun50i-iommu.c | 1 + drivers/irqchip/irq-armada-370-xp.c | 4 + drivers/irqchip/irq-gic-v2m.c | 6 +- drivers/leds/leds-spi-byte.c | 6 +- drivers/md/dm-init.c | 4 +- drivers/media/platform/qcom/camss/camss.c | 5 +- drivers/media/test-drivers/vivid/vivid-vid-cap.c | 17 +- drivers/media/test-drivers/vivid/vivid-vid-out.c | 16 +- drivers/media/usb/uvc/uvc_driver.c | 18 +- drivers/misc/vmw_vmci/vmci_resource.c | 3 +- drivers/mmc/host/cqhci.c | 2 +- drivers/mmc/host/dw_mmc.c | 4 +- drivers/mmc/host/sdhci-of-aspeed.c | 1 + drivers/net/bareudp.c | 22 +-- drivers/net/can/spi/mcp251x.c | 2 +- drivers/net/dsa/vitesse-vsc73xx-core.c | 10 +- drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 20 +- drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 10 +- drivers/net/ethernet/intel/igb/igb_main.c | 10 + drivers/net/ethernet/intel/igc/igc_main.c | 1 + drivers/net/ethernet/pensando/ionic/ionic_lif.c | 2 +- drivers/net/geneve.c | 8 +- drivers/net/usb/ch9200.c | 4 +- drivers/net/usb/cx82310_eth.c | 5 +- drivers/net/usb/ipheth.c | 4 +- drivers/net/usb/kaweth.c | 3 +- drivers/net/usb/mcs7830.c | 4 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/usb/sierra_net.c | 6 +- drivers/net/usb/sr9700.c | 4 +- drivers/net/usb/sr9800.c | 5 +- drivers/net/usb/usbnet.c | 23 +-- drivers/net/virtio_net.c | 8 +- .../broadcom/brcm80211/brcmsmac/mac80211_if.c | 1 + drivers/net/wireless/intel/iwlwifi/fw/debugfs.c | 3 +- drivers/net/wireless/intel/iwlwifi/fw/runtime.h | 1 - drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 6 - drivers/net/wireless/marvell/mwifiex/main.h | 3 + drivers/nvme/target/tcp.c | 4 +- drivers/nvmem/core.c | 6 +- drivers/of/irq.c | 15 +- drivers/pci/controller/dwc/pci-keystone.c | 44 ++++- drivers/pci/controller/dwc/pcie-al.c | 16 +- drivers/pci/hotplug/pnv_php.c | 3 +- drivers/pci/pci.c | 35 ++-- drivers/pcmcia/yenta_socket.c | 6 +- drivers/platform/x86/dell-smbios-base.c | 5 +- drivers/staging/iio/frequency/ad9834.c | 2 +- drivers/uio/uio_hv_generic.c | 11 +- drivers/usb/storage/uas.c | 1 + drivers/usb/typec/ucsi/ucsi.h | 2 +- drivers/usb/usbip/stub_rx.c | 77 +++++--- fs/btrfs/extent-tree.c | 32 +++- fs/btrfs/inode.c | 2 +- fs/btrfs/ioctl.c | 5 +- fs/btrfs/transaction.c | 24 +++ fs/btrfs/transaction.h | 2 + fs/ext4/page-io.c | 14 +- fs/fuse/file.c | 8 +- fs/fuse/xattr.c | 4 +- fs/lockd/svc.c | 3 - fs/nfs/callback.c | 3 - fs/nfs/super.c | 2 + fs/nfsd/export.c | 32 +++- fs/nfsd/export.h | 4 +- fs/nfsd/netns.h | 25 ++- fs/nfsd/nfs4proc.c | 6 +- fs/nfsd/nfscache.c | 202 ++++++++++++--------- fs/nfsd/nfsctl.c | 24 ++- fs/nfsd/nfsd.h | 1 + fs/nfsd/nfsfh.c | 3 +- fs/nfsd/nfssvc.c | 38 ++-- fs/nfsd/stats.c | 52 +++--- fs/nfsd/stats.h | 83 ++++----- fs/nfsd/trace.h | 22 +++ fs/nfsd/vfs.c | 6 +- fs/nilfs2/recovery.c | 35 +++- fs/nilfs2/segment.c | 10 +- fs/nilfs2/sysfs.c | 117 +++++++----- fs/notify/fsnotify.c | 31 +++- fs/notify/fsnotify.h | 2 +- fs/notify/mark.c | 32 +++- fs/squashfs/inode.c | 7 +- fs/udf/super.c | 24 ++- include/linux/cgroup-defs.h | 107 +++-------- include/linux/cgroup.h | 22 +-- include/linux/fsnotify_backend.h | 8 +- include/linux/hwspinlock.h | 6 + include/linux/i2c.h | 2 +- include/linux/sunrpc/svc.h | 5 +- include/net/bluetooth/hci_core.h | 5 - kernel/cgroup/cgroup.c | 65 +++---- kernel/dma/debug.c | 5 +- kernel/events/core.c | 18 +- kernel/events/internal.h | 1 + kernel/events/ring_buffer.c | 2 + kernel/events/uprobes.c | 3 +- kernel/locking/rtmutex.c | 4 +- kernel/rcu/tasks.h | 2 +- kernel/smp.c | 1 + kernel/trace/trace.c | 2 + lib/generic-radix-tree.c | 2 + mm/memcontrol.c | 23 ++- net/8021q/vlan_core.c | 7 +- net/bluetooth/mgmt.c | 60 +++--- net/bluetooth/smp.c | 7 - net/bridge/br_fdb.c | 6 +- net/can/bcm.c | 4 + net/core/netclassid_cgroup.c | 7 +- net/core/netprio_cgroup.c | 10 +- net/ethernet/eth.c | 7 +- net/ipv4/af_inet.c | 19 +- net/ipv4/fou.c | 62 ++++--- net/ipv4/gre_offload.c | 12 +- net/ipv4/inet_hashtables.c | 2 +- net/ipv4/tcp_bpf.c | 2 +- net/ipv4/udp_offload.c | 6 +- net/ipv6/ila/ila.h | 1 + net/ipv6/ila/ila_main.c | 6 + net/ipv6/ila/ila_xlat.c | 13 +- net/ipv6/ip6_offload.c | 14 +- net/ipv6/udp_offload.c | 2 - net/mptcp/options.c | 34 ++-- net/mptcp/pm.c | 24 +-- net/mptcp/pm_netlink.c | 59 +++--- net/mptcp/protocol.c | 54 +++--- net/mptcp/protocol.h | 4 +- net/mptcp/subflow.c | 50 ++--- net/netfilter/nf_conncount.c | 8 +- net/sched/sch_cake.c | 11 +- net/sched/sch_netem.c | 9 +- net/sunrpc/stats.c | 2 +- net/sunrpc/svc.c | 36 ++-- net/sunrpc/xprtrdma/svc_rdma_rw.c | 2 + net/sunrpc/xprtsock.c | 7 + net/unix/af_unix.c | 9 +- net/wireless/scan.c | 46 +++-- security/apparmor/apparmorfs.c | 4 + security/smack/smack_lsm.c | 14 +- sound/hda/hdmi_chmap.c | 18 ++ sound/pci/hda/hda_generic.c | 63 +++++++ sound/pci/hda/hda_generic.h | 1 + sound/pci/hda/patch_conexant.c | 13 ++ sound/pci/hda/patch_realtek.c | 10 + sound/soc/soc-dapm.c | 1 + sound/soc/soc-topology.c | 2 + tools/lib/bpf/libbpf.c | 4 +- tools/testing/selftests/dmabuf-heaps/dmabuf-heap.c | 4 +- 206 files changed, 1800 insertions(+), 1098 deletions(-)

1 year, 3 months

7
6
0 0

[PATCH 1/1] x86: SMP broken on Xen PV DomU since 6.9

by Niels Dettenbach

Virtual machines under Xen Hypervisor (DomU) running in Xen PV mode use a special, nonstandard synthetized CPU topology which "just works" under kernels 6.9.x while newer kernels wrongly assuming a "crash kernel" and disable SMP (reducing to one CPU core) because the newer topology implementation produces a wrong error "[Firmware Bug]: APIC enumeration order not specification compliant" after new topology checks which are improper for Xen PV platform. As a result, the kernel disables SMT and activates just one CPU core within the VM (DomU). The patch disables the regarding checks if it is running in Xen PV mode (only) and bring back SMP / all CPUs as in the past to such DomU VMs. Signed-off-by: Niels Dettenbach <nd(a)syndicat.com> --- The current behaviour leads all of our production Xen Host platforms (amd64 - HPE proliant) unusable after updating to newer linux kernels (with just one CPU available/activated per VM) while older kernels and other OS (current NetBSD PV DomU) still work fully (and stable since many years on the platform). Xen PV mode is still provided by current Xen and widely used - even if less wide as the newer Xen PVH mode today. So a solution probably will be required. So we assume that bug affects stable(a)vger.kernel.org as well. dmesg from affected kernel: -- snip -- [ 0.640364] CPU topo: Enumerated BSP APIC 0 is not marked in APICBASE MSR [ 0.640367] CPU topo: Assuming crash kernel. Limiting to one CPU to prevent machine INIT [ 0.640368] CPU topo: [Firmware Bug]: APIC enumeration order not specification compliant [ 0.640376] CPU topo: Max. logical packages: 1 [ 0.640378] CPU topo: Max. logical dies: 1 [ 0.640379] CPU topo: Max. dies per package: 1 [ 0.640386] CPU topo: Max. threads per core: 1 [ 0.640388] CPU topo: Num. cores per package: 1 [ 0.640389] CPU topo: Num. threads per package: 1 [ 0.640390] CPU topo: Allowing 1 present CPUs plus 0 hotplug CPUs [ 0.640402] Cannot find an available gap in the 32-bit address range -- snap -- after patch applied: -- snip -- [ 0.369439] CPU topo: Max. logical packages: 1 [ 0.369441] CPU topo: Max. logical dies: 1 [ 0.369442] CPU topo: Max. dies per package: 1 [ 0.369450] CPU topo: Max. threads per core: 2 [ 0.369452] CPU topo: Num. cores per package: 3 [ 0.369453] CPU topo: Num. threads per package: 6 [ 0.369453] CPU topo: Allowing 6 present CPUs plus 0 hotplug CPUs -- snap -- We tested the patch intensely under productive / high load since 2 days now with no issues. references: arch/x86/kernel/cpu/topology.c [line 448] -- snip -- /* * XEN PV is special as it does not advertise the local APIC * properly, but provides a fake topology for it so that the * infrastructure works. So don't apply the restrictions vs. APIC * here. */ --snap -- --- linux/arch/x86/kernel/cpu/topology.c 2024-09-11 17:42:42.699278317 +0200 +++ linux/arch/x86/kernel/cpu/topology.c.orig 2024-09-11 09:53:16.194095250 +0200 @@ -132,14 +132,6 @@ u64 msr; /* - * assume Xen PV has a working (special) topology - */ - if (xen_pv_domain()) { - topo_info.real_bsp_apic_id = topo_info.boot_cpu_apic_id; - return false; - } - - /* * There is no real good way to detect whether this a kdump() * kernel, but except on the Voyager SMP monstrosity which is not * longer supported, the real BSP APIC ID is the first one which is

1 year, 3 months

2
1
0 0

[PATCH 5.15 000/212] 5.15.167-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.167 release. There are 212 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 13 Sep 2024 13:05:05 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.167-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.167-rc2 Felix Fietkau <nbd(a)nbd.name> udp: fix receiving fraglist GSO packets Shakeel Butt <shakeel.butt(a)linux.dev> memcg: protect concurrent access to mem_cgroup_idr Filipe Manana <fdmanana(a)suse.com> btrfs: fix race between direct IO write and fsync when using same fd Daniel Borkmann <daniel(a)iogearbox.net> net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket Thomas Gleixner <tglx(a)linutronix.de> x86/mm: Fix PTI for i386 some more Willem de Bruijn <willemb(a)google.com> net: drop bad gso csum_start and offset in virtio_net_hdr Yan Zhai <yan(a)cloudflare.com> gso: fix dodgy bit handling for GSO_UDP_L4 Yuri Benditovich <yuri.benditovich(a)daynix.com> net: change maximum number of UDP segments to 128 Willem de Bruijn <willemb(a)google.com> net: more strict VIRTIO_NET_HDR_GSO_UDP_L4 validation Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> gpio: rockchip: fix OF node leak in probe() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/i915/fence: Mark debug_fence_free() with __maybe_unused Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused Matteo Martelli <matteomartelli3(a)gmail.com> ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode Maurizio Lombardi <mlombard(a)redhat.com> nvmet-tcp: fix kernel crash if commands allocation fails Jonathan Cameron <Jonathan.Cameron(a)huawei.com> arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry James Morse <james.morse(a)arm.com> arm64: acpi: Move get_cpu_for_acpi_id() to a header Jonathan Cameron <Jonathan.Cameron(a)huawei.com> ACPI: processor: Fix memory leaks in error paths of processor_add() Jonathan Cameron <Jonathan.Cameron(a)huawei.com> ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() Nicholas Piggin <npiggin(a)gmail.com> workqueue: Improve scalability of workqueue watchdog touch Nicholas Piggin <npiggin(a)gmail.com> workqueue: wq_watchdog_touch is always called with valid CPU Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: protect references to superblock parameters exposed in sysfs Qing Wang <wangqing(a)vivo.com> nilfs2: replace snprintf in show functions with sysfs_emit Dan Carpenter <dan.carpenter(a)linaro.org> ksmbd: Unlock on in ksmbd_tcp_set_interfaces() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: unset the binding mark of a reused connection Peter Zijlstra <peterz(a)infradead.org> perf/aux: Fix AUX buffer serialization Sven Schnelle <svens(a)linux.ibm.com> uprobes: Use kzalloc to allocate xol area Daniel Lezcano <daniel.lezcano(a)linaro.org> clocksource/drivers/timer-of: Remove percpu irq related code Jacky Bai <ping.bai(a)nxp.com> clocksource/drivers/imx-tpm: Fix next event not taking effect sometime Jacky Bai <ping.bai(a)nxp.com> clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX David Fernandez Gonzalez <david.fernandez.gonzalez(a)oracle.com> VMCI: Fix use-after-free when removing resource in vmci_resource_remove() Naman Jain <namjain(a)linux.microsoft.com> Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic Saurabh Sengar <ssengar(a)linux.microsoft.com> uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind Geert Uytterhoeven <geert+renesas(a)glider.be> nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc Carlos Llamas <cmllamas(a)google.com> binder: fix UAF caused by offsets overwrite Faisal Hassan <quic_faisalh(a)quicinc.com> usb: dwc3: core: update LC timer as per USB Spec V3.2 Dumitru Ceclan <mitrutzceclan(a)gmail.com> iio: adc: ad7124: fix chip ID mismatch Dumitru Ceclan <mitrutzceclan(a)gmail.com> iio: adc: ad7124: fix config comparison Matteo Martelli <matteomartelli3(a)gmail.com> iio: fix scale application in iio_convert_raw_to_processed_unlocked David Lechner <dlechner(a)baylibre.com> iio: buffer-dmaengine: fix releasing dma channel on error Aleksandr Mishin <amishin(a)t-argos.ru> staging: iio: frequency: ad9834: Validate frequency parameter value Ronnie Sahlberg <lsahlber(a)redhat.com> cifs: Check the lease context if we actually got a lease Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations Michael Ellerman <mpe(a)ellerman.id.au> ata: pata_macio: Use WARN instead of BUG Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed Kent Overstreet <kent.overstreet(a)linux.dev> lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() Stefan Wiehler <stefan.wiehler(a)nokia.com> of/irq: Prevent device address out-of-bounds read in interrupt map walk Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: sanity check symbolic link size Oliver Neukum <oneukum(a)suse.com> usbnet: ipheth: race between ipheth_close and error handling Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: uinput - reject requests with unreasonable number of slots Olivier Sobrie <olivier(a)sobrie.be> HID: amd_sfh: free driver_data after destroying hid device Camila Alvarez <cam.alvarez.i(a)gmail.com> HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup Heiko Carstens <hca(a)linux.ibm.com> s390/vmlinux.lds.S: Move ro_after_init section behind rodata section David Sterba <dsterba(a)suse.com> btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry() Zenghui Yu <yuzenghui(a)huawei.com> kselftests: dmabuf-heaps: Ensure the driver name is null-terminated Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dpaa: avoid on-stack arrays of NR_CPUS elements Dan Williams <dan.j.williams(a)intel.com> PCI: Add missing bridge lock to pci_bus_lock() yang.zhang <yang.zhang(a)hexintek.com> riscv: set trap vector earlier Filipe Manana <fdmanana(a)suse.com> btrfs: replace BUG_ON() with error handling at update_ref_for_cow() Josef Bacik <josef(a)toxicpanda.com> btrfs: clean up our handling of refs == 0 in snapshot delete Josef Bacik <josef(a)toxicpanda.com> btrfs: replace BUG_ON with ASSERT in walk_down_proc() Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Check more cases when directory is corrupted Zqiang <qiang.zhang1211(a)gmail.com> smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu() Sascha Hauer <s.hauer(a)pengutronix.de> wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() Yicong Yang <yangyicong(a)hisilicon.com> dma-mapping: benchmark: Don't starve others when doing the test Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: fix possible tid_t sequence overflows Yifan Zha <Yifan.Zha(a)amd.com> drm/amdgpu: Set no_hw_access when VF request full GPU fails Andreas Ziegler <ziegler.andreas(a)siemens.com> libbpf: Add NULL checks to bpf_object__{prev_map,next_map} Guenter Roeck <linux(a)roeck-us.net> hwmon: (w83627ehf) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (nct6775-core) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (lm95234) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (adc128d818) Fix underflows seen when writing limit attributes Krishna Kumar <krishnak(a)linux.ibm.com> pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv Zijun Hu <quic_zijuhu(a)quicinc.com> devres: Initialize an uninitialized struct member Johannes Berg <johannes.berg(a)intel.com> um: line: always fill *error_out in setup_one_line() Waiman Long <longman(a)redhat.com> cgroup: Protect css->cgroup write under css_set_lock Jacob Pan <jacob.jun.pan(a)linux.intel.com> iommu/vt-d: Handle volatile descriptor status read Benjamin Marzinski <bmarzins(a)redhat.com> dm init: Handle minors larger than 255 Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: topology: Properly initialize soc_enum values Pawel Dembicki <paweldembicki(a)gmail.com> net: dsa: vsc73xx: fix possible subblocks range of CAPT block Jonas Gorski <jonas.gorski(a)bisdn.de> net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN Kuniyuki Iwashima <kuniyu(a)amazon.com> fou: Fix null-ptr-deref in GRO. Eric Dumazet <edumazet(a)google.com> gro: remove rcu_read_lock/rcu_read_unlock from gro_complete handlers Eric Dumazet <edumazet(a)google.com> gro: remove rcu_read_lock/rcu_read_unlock from gro_receive handlers Guillaume Nault <gnault(a)redhat.com> bareudp: Fix device stats updates. Oliver Neukum <oneukum(a)suse.com> usbnet: modern method to get random MAC Jakub Kicinski <kuba(a)kernel.org> net: usb: don't write directly to netdev->dev_addr Larysa Zaremba <larysa.zaremba(a)intel.com> ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset Dan Carpenter <dan.carpenter(a)linaro.org> igc: Unlock on error in igc_io_resume() Cong Wang <cong.wang(a)bytedance.com> tcp_bpf: fix return value of tcp_bpf_sendmsg() Aleksandr Mishin <amishin(a)t-argos.ru> platform/x86: dell-smbios: Fix error path in dell_smbios_init() Daiwei Li <daiweili(a)google.com> igb: Fix not clearing TimeSync interrupts for 82580 Simon Horman <horms(a)kernel.org> can: m_can: Release irq on error in m_can_open Kuniyuki Iwashima <kuniyu(a)amazon.com> can: bcm: Remove proc entry when dev is unregistered. Marek Olšák <marek.olsak(a)amd.com> drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6 Jules Irenge <jbi.octave(a)gmail.com> pcmcia: Use resource_size function on resource object Chen Ni <nichen(a)iscas.ac.cn> media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse Kishon Vijay Abraham I <kishon(a)ti.com> PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: vivid: don't set HDMI TX controls if there are no HDMI outputs Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check HDCP returned status Shantanu Goel <sgoel01(a)yahoo.com> usb: uas: set host status byte on data completion error Arend van Spriel <arend.vanspriel(a)broadcom.com> wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> leds: spi-byte: Call of_node_put() on error path Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: vivid: fix wrong sizeimage value for mplane Jan Kara <jack(a)suse.cz> udf: Avoid excessive partition lengths Yunjian Wang <wangyunjian(a)huawei.com> netfilter: nf_conncount: fix wrong variable type Jernej Skrabec <jernej.skrabec(a)gmail.com> iommu: sun50i: clear bypass register Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Remove put_pid()/put_cred() in copy_peercred(). Pali Rohár <pali(a)kernel.org> irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1 Konstantin Andreev <andreev(a)swemel.ru> smack: unix sockets: fix accept()ed socket label Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Add input value sanity checks to HDMI channel map controls Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: send ACK on an active subflow Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pr_debug: add missing \n at the end Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: skip connecting to already established sf Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: do not remove already closed subflows Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: ADD_ADDR 0 is not a new address Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: close subflow when receiving TCP+FIN Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: avoid duplicated SUB_CLOSED events Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: avoid possible UaF when selecting endp Paolo Abeni <pabeni(a)redhat.com> mptcp: constify a bunch of of helpers Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: fullmesh: select the right ID later Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: only decrement add_addr_accepted for MPJ req Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: re-using ID of unused flushed subflows Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix state management in error path of log writing function Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix missing cleanup on rollforward recovery error Toke Høiland-Jørgensen <toke(a)redhat.com> sched: sch_cake: fix bulk flow accounting logic for host fairness Eric Dumazet <edumazet(a)google.com> ila: call nf_unregister_net_hooks() sooner Zheng Yejian <zhengyejian(a)huaweicloud.com> tracing: Avoid possible softlockup in tracing_iter_reset() Simon Arlott <simon(a)octiron.net> can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: clk-alpha-pll: Fix zonda set_rate failure when PLL is disabled Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: clk-alpha-pll: Fix the pll post div mask Jann Horn <jannh(a)google.com> fuse: use unsigned type for getxattr/listxattr size truncation Joanne Koong <joannelkoong(a)gmail.com> fuse: update stats for pages in dropped aux writeback list Seunghwan Baek <sh8267.baek(a)samsung.com> mmc: cqhci: Fix checking of CQHCI_HALT state Liao Chen <liaochen4(a)huawei.com> mmc: sdhci-of-aspeed: fix module autoloading Sam Protsenko <semen.protsenko(a)linaro.org> mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Ignore keys being loaded with invalid type Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE" Georg Gottleuber <ggo(a)tuxedocomputers.com> nvme-pci: Add sleep quirk for Samsung 990 Evo Roland Xu <mu001999(a)outlook.com> rtmutex: Drop rt_mutex::wait_lock before scheduling Ma Ke <make24(a)iscas.ac.cn> irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init() Zheng Qixing <zhengqixing(a)huawei.com> ata: libata: Fix memory leak for error path in ata_host_alloc() Maximilien Perreault <maximilienperreault(a)gmail.com> ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx Terry Cheong <htcheong(a)chromium.org> ALSA: hda/realtek: add patch for internal mic in Lenovo V145 Christoffer Sandberg <cs(a)tuxedo.de> ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices Ravi Bangoria <ravi.bangoria(a)amd.com> KVM: SVM: Don't advertise Bus Lock Detect to guest if SVM support is missing Maxim Levitsky <mlevitsk(a)redhat.com> KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE robelin <robelin(a)nvidia.com> ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object Stephen Hemminger <stephen(a)networkplumber.org> sch/netem: fix use after free in netem_dequeue Richard Fitzgerald <rf(a)opensource.cirrus.com> i2c: Use IS_REACHABLE() for substituting empty ACPI functions Jan Kara <jack(a)suse.cz> ext4: handle redirtying in ext4_bio_write_page() Jan Kara <jack(a)suse.cz> udf: Limit file size to 4TB Eric Biggers <ebiggers(a)google.com> ext4: reject casefold inode flag without casefold feature Nikita Kiryushin <kiryushin(a)ancud.ru> rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow Breno Leitao <leitao(a)debian.org> virtio_net: Fix napi_skb_cache_put warning Bob Zhou <bob.zhou(a)amd.com> drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Enforce alignment of frame and interval Alex Hung <alex.hung(a)amd.com> drm/amd/display: Skip wbscl_set_scaler_filter if filter is null Christoph Hellwig <hch(a)lst.de> block: remove the blk_flush_integrity call in blk_integrity_unregister Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: make hash table duplicates more survivable Marek Vasut <marex(a)denx.de> drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ Haoran Liu <liuhaoran14(a)163.com> drm/meson: plane: Add error handling Casey Schaufler <casey(a)schaufler-ca.com> smack: tcp: ipv4, fix incorrect labeling Amir Goldstein <amir73il(a)gmail.com> fsnotify: clear PARENT_WATCHED flags lazily Abhishek Pandit-Subedi <abhishekpandit(a)chromium.org> usb: typec: ucsi: Fix null pointer dereference in trace Simon Holesch <simon(a)holesch.de> usbip: Don't submit special requests twice Frederic Weisbecker <frederic(a)kernel.org> rcu/nocb: Remove buggy bypass lock contention mitigation Shannon Nelson <shannon.nelson(a)amd.com> ionic: fix potential irq name truncation Michael Margolin <mrgolin(a)amazon.com> RDMA/efa: Properly handle unexpected AQ completions Richard Maina <quic_rmaina(a)quicinc.com> hwspinlock: Introduce hwspin_lock_bust() Aleksandr Mishin <amishin(a)t-argos.ru> PCI: al: Check IORESOURCE_BUS existence during probe Jagadeesh Kona <quic_jkona(a)quicinc.com> cpufreq: scmi: Avoid overflow of target_freq in fast switch Shahar S Matityahu <shahar.s.matityahu(a)intel.com> wifi: iwlwifi: remove fw_running op Tao Zhou <tao.zhou1(a)amd.com> drm/amdgpu: update type of buf size to u32 for eeprom functions Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: check negtive return for table entries Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: the warning dereferencing obj for nbio_v7_4 Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: check specific index for aldebaran Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: fix the waring dereferencing hive Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs Leesoo Ahn <lsahn(a)ooseel.net> apparmor: fix possible NULL pointer dereference Michael Chen <michael.chen(a)amd.com> drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix mc_data out-of-bounds read warning Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix ucode out-of-bounds read warning Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix out-of-bounds write warning Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Fix uninitialized variable agc_btc_response Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Fix uninitialized variable warning for smu10 Asad Kamal <asad.kamal(a)amd.com> drm/amd/amdgpu: Check tbo resource pointer Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check msg_id before processing transcation Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Add array index check for hdcp ddc access Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check gpio_id before used as array index Zhigang Luo <Zhigang.Luo(a)amd.com> drm/amdgpu: avoid reading vf2pf info size from FB Tim Huang <Tim.Huang(a)amd.com> drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix uninitialized scalar variable warning Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: fix the Out-of-bounds read warning Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: fix warning using uninitialized value of max_vid_step Tim Huang <Tim.Huang(a)amd.com> drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix overflowed array index read warning Alvin Lee <alvin.lee2(a)amd.com> drm/amd/display: Assign linear_pitch_alignment even for VM Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr ZHANG Yuntian <yt(a)radxa.com> net: usb: qmi_wwan: add MeiG Smart SRM825L Rik van Riel <riel(a)surriel.com> dma-debug: avoid deadlock between dma debug vs printk and netconsole Richard Fitzgerald <rf(a)opensource.cirrus.com> i2c: Fix conditional for substituting empty ACPI functions Takashi Iwai <tiwai(a)suse.de> ALSA: hda/conexant: Mute speakers at suspend / shutdown Takashi Iwai <tiwai(a)suse.de> ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown Philip Mueller <philm(a)manjaro.org> drm: panel-orientation-quirks: Add quirk for OrangePi Neo ------------- Diffstat: Documentation/locking/hwspinlock.rst | 11 ++ Makefile | 4 +- arch/arm64/include/asm/acpi.h | 12 ++ arch/arm64/kernel/acpi_numa.c | 11 -- arch/mips/kernel/cevt-r4k.c | 15 +- arch/riscv/kernel/head.S | 3 + arch/s390/kernel/vmlinux.lds.S | 9 ++ arch/um/drivers/line.c | 2 + arch/x86/kvm/svm/svm.c | 15 ++ arch/x86/mm/pti.c | 45 ++++-- block/blk-integrity.c | 2 - drivers/acpi/acpi_processor.c | 15 +- drivers/android/binder.c | 1 + drivers/ata/libata-core.c | 4 +- drivers/ata/pata_macio.c | 7 +- drivers/base/devres.c | 1 + drivers/clk/qcom/clk-alpha-pll.c | 9 +- drivers/clocksource/timer-imx-tpm.c | 16 +- drivers/clocksource/timer-of.c | 17 +- drivers/clocksource/timer-of.h | 1 - drivers/cpufreq/scmi-cpufreq.c | 4 +- drivers/gpio/gpio-rockchip.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_afmt.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_display.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_eeprom.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu_eeprom.h | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 8 +- drivers/gpu/drm/amd/amdgpu/df_v1_7.c | 2 + drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_crat.h | 2 - drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_topology.h | 5 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 5 +- .../drm/amd/display/dc/clk_mgr/dcn21/rn_clk_mgr.c | 3 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 1 + .../gpu/drm/amd/display/dc/dcn20/dcn20_dwb_scl.c | 3 + drivers/gpu/drm/amd/display/dc/gpio/gpio_service.c | 17 +- drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c | 17 +- .../drm/amd/display/modules/hdcp/hdcp1_execution.c | 15 +- .../gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c | 28 +++- drivers/gpu/drm/amd/pm/powerplay/hwmgr/pp_psm.c | 13 +- .../gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 5 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu10_hwmgr.c | 29 +++- .../gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 2 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu8_hwmgr.c | 15 +- .../gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c | 90 ++++++++--- .../gpu/drm/amd/pm/powerplay/hwmgr/vega12_hwmgr.c | 20 ++- .../gpu/drm/amd/pm/powerplay/hwmgr/vega20_hwmgr.c | 31 +++- .../drm/amd/pm/powerplay/smumgr/vega10_smumgr.c | 6 +- drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 3 +- drivers/gpu/drm/bridge/tc358767.c | 2 +- drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 + drivers/gpu/drm/i915/i915_sw_fence.c | 8 +- drivers/gpu/drm/meson/meson_plane.c | 17 +- drivers/hid/amd-sfh-hid/amd_sfh_hid.c | 4 +- drivers/hid/hid-cougar.c | 2 +- drivers/hv/vmbus_drv.c | 1 + drivers/hwmon/adc128d818.c | 4 +- drivers/hwmon/lm95234.c | 9 +- drivers/hwmon/nct6775.c | 2 +- drivers/hwmon/w83627ehf.c | 4 +- drivers/hwspinlock/hwspinlock_core.c | 28 ++++ drivers/hwspinlock/hwspinlock_internal.h | 3 + drivers/i3c/master/mipi-i3c-hci/dma.c | 5 +- drivers/iio/adc/ad7124.c | 27 ++-- drivers/iio/buffer/industrialio-buffer-dmaengine.c | 4 +- drivers/iio/inkern.c | 8 +- drivers/infiniband/hw/efa/efa_com.c | 30 ++-- drivers/input/misc/uinput.c | 14 ++ drivers/iommu/intel/dmar.c | 2 +- drivers/iommu/sun50i-iommu.c | 1 + drivers/irqchip/irq-armada-370-xp.c | 4 + drivers/irqchip/irq-gic-v2m.c | 6 +- drivers/leds/leds-spi-byte.c | 6 +- drivers/md/dm-init.c | 4 +- drivers/media/platform/qcom/camss/camss.c | 5 +- drivers/media/test-drivers/vivid/vivid-vid-cap.c | 17 +- drivers/media/test-drivers/vivid/vivid-vid-out.c | 16 +- drivers/media/usb/uvc/uvc_driver.c | 18 ++- drivers/misc/vmw_vmci/vmci_resource.c | 3 +- drivers/mmc/host/cqhci-core.c | 2 +- drivers/mmc/host/dw_mmc.c | 4 +- drivers/mmc/host/sdhci-of-aspeed.c | 1 + drivers/net/bareudp.c | 22 +-- drivers/net/can/m_can/m_can.c | 5 +- drivers/net/can/spi/mcp251x.c | 2 +- drivers/net/dsa/vitesse-vsc73xx-core.c | 10 +- drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 20 ++- drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 10 +- drivers/net/ethernet/intel/ice/ice_lib.c | 12 +- drivers/net/ethernet/intel/igb/igb_main.c | 10 ++ drivers/net/ethernet/intel/igc/igc_main.c | 1 + drivers/net/ethernet/pensando/ionic/ionic_lif.c | 2 +- drivers/net/geneve.c | 8 +- drivers/net/usb/ch9200.c | 4 +- drivers/net/usb/cx82310_eth.c | 5 +- drivers/net/usb/ipheth.c | 2 +- drivers/net/usb/kaweth.c | 3 +- drivers/net/usb/mcs7830.c | 4 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/usb/sierra_net.c | 6 +- drivers/net/usb/sr9700.c | 4 +- drivers/net/usb/sr9800.c | 5 +- drivers/net/usb/usbnet.c | 15 +- drivers/net/virtio_net.c | 8 +- .../broadcom/brcm80211/brcmsmac/mac80211_if.c | 1 + drivers/net/wireless/intel/iwlwifi/fw/debugfs.c | 3 +- drivers/net/wireless/intel/iwlwifi/fw/runtime.h | 1 - drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 6 - drivers/net/wireless/marvell/mwifiex/main.h | 3 + drivers/nvme/host/pci.c | 11 ++ drivers/nvme/target/tcp.c | 4 +- drivers/nvmem/core.c | 6 +- drivers/of/irq.c | 15 +- drivers/pci/controller/dwc/pci-keystone.c | 44 +++++- drivers/pci/controller/dwc/pcie-al.c | 16 +- drivers/pci/hotplug/pnv_php.c | 3 +- drivers/pci/pci.c | 35 +++-- drivers/pcmcia/yenta_socket.c | 6 +- drivers/platform/x86/dell/dell-smbios-base.c | 5 +- drivers/staging/iio/frequency/ad9834.c | 2 +- drivers/uio/uio_hv_generic.c | 11 +- drivers/usb/dwc3/core.c | 15 ++ drivers/usb/dwc3/core.h | 2 + drivers/usb/storage/uas.c | 1 + drivers/usb/typec/ucsi/ucsi.h | 2 +- drivers/usb/usbip/stub_rx.c | 77 +++++---- fs/btrfs/ctree.c | 12 +- fs/btrfs/ctree.h | 1 - fs/btrfs/extent-tree.c | 32 +++- fs/btrfs/file.c | 25 ++- fs/btrfs/inode.c | 2 +- fs/btrfs/transaction.h | 6 + fs/cifs/smb2ops.c | 24 ++- fs/ext4/fast_commit.c | 8 +- fs/ext4/inode.c | 5 +- fs/ext4/page-io.c | 14 +- fs/fuse/file.c | 8 +- fs/fuse/xattr.c | 4 +- fs/ksmbd/smb2pdu.c | 4 + fs/ksmbd/transport_tcp.c | 4 +- fs/nfs/super.c | 2 + fs/nilfs2/recovery.c | 35 ++++- fs/nilfs2/segment.c | 10 +- fs/nilfs2/sysfs.c | 117 ++++++++------ fs/notify/fsnotify.c | 31 ++-- fs/notify/fsnotify.h | 2 +- fs/notify/mark.c | 32 +++- fs/ntfs3/dir.c | 52 +++--- fs/squashfs/inode.c | 7 +- fs/udf/super.c | 24 ++- include/linux/fsnotify_backend.h | 8 +- include/linux/hwspinlock.h | 6 + include/linux/i2c.h | 2 +- include/linux/udp.h | 2 +- include/linux/virtio_net.h | 35 +++-- include/net/bluetooth/hci_core.h | 5 - kernel/cgroup/cgroup.c | 2 +- kernel/dma/debug.c | 5 +- kernel/dma/map_benchmark.c | 16 ++ kernel/events/core.c | 18 ++- kernel/events/internal.h | 1 + kernel/events/ring_buffer.c | 2 + kernel/events/uprobes.c | 3 +- kernel/locking/rtmutex.c | 9 +- kernel/rcu/tasks.h | 2 +- kernel/rcu/tree.h | 1 - kernel/rcu/tree_nocb.h | 32 +--- kernel/smp.c | 1 + kernel/trace/trace.c | 2 + kernel/workqueue.c | 14 +- lib/generic-radix-tree.c | 2 + mm/memcontrol.c | 23 ++- net/8021q/vlan_core.c | 7 +- net/bluetooth/mgmt.c | 60 +++---- net/bluetooth/smp.c | 7 - net/bridge/br_fdb.c | 6 +- net/can/bcm.c | 4 + net/ethernet/eth.c | 7 +- net/ipv4/af_inet.c | 19 +-- net/ipv4/fou.c | 54 ++++--- net/ipv4/gre_offload.c | 12 +- net/ipv4/tcp_bpf.c | 2 +- net/ipv4/tcp_offload.c | 3 + net/ipv4/udp_offload.c | 22 ++- net/ipv6/ila/ila.h | 1 + net/ipv6/ila/ila_main.c | 6 + net/ipv6/ila/ila_xlat.c | 13 +- net/ipv6/ip6_offload.c | 14 +- net/ipv6/udp_offload.c | 2 - net/mptcp/options.c | 44 +++--- net/mptcp/pm.c | 36 +++-- net/mptcp/pm_netlink.c | 174 +++++++++++++-------- net/mptcp/protocol.c | 61 +++++--- net/mptcp/protocol.h | 28 ++-- net/mptcp/sockopt.c | 4 +- net/mptcp/subflow.c | 56 ++++--- net/netfilter/nf_conncount.c | 8 +- net/sched/sch_cake.c | 11 +- net/sched/sch_netem.c | 9 +- net/sunrpc/xprtsock.c | 7 + net/unix/af_unix.c | 9 +- net/wireless/scan.c | 46 ++++-- security/apparmor/apparmorfs.c | 4 + security/smack/smack_lsm.c | 14 +- sound/hda/hdmi_chmap.c | 18 +++ sound/pci/hda/hda_generic.c | 63 ++++++++ sound/pci/hda/hda_generic.h | 1 + sound/pci/hda/patch_conexant.c | 13 ++ sound/pci/hda/patch_realtek.c | 10 ++ sound/soc/soc-dapm.c | 1 + sound/soc/soc-topology.c | 2 + sound/soc/sunxi/sun4i-i2s.c | 143 ++++++++--------- tools/lib/bpf/libbpf.c | 4 +- tools/testing/selftests/dmabuf-heaps/dmabuf-heap.c | 4 +- tools/testing/selftests/net/udpgso.c | 2 +- 221 files changed, 1930 insertions(+), 988 deletions(-)

1 year, 3 months

7
7
0 0

[PATCH net 2/5] can: esd_usb: Remove CAN_CTRLMODE_3_SAMPLES for CAN-USB/3-FD

by Marc Kleine-Budde

From: Stefan Mätje <stefan.maetje(a)esd.eu> Remove the CAN_CTRLMODE_3_SAMPLES announcement for CAN-USB/3-FD devices because these devices don't support it. The hardware has a Microchip SAM E70 microcontroller that uses a Bosch MCAN IP core as CAN FD controller. But this MCAN core doesn't support triple sampling. Fixes: 80662d943075 ("can: esd_usb: Add support for esd CAN-USB/3") Cc: stable(a)vger.kernel.org Signed-off-by: Stefan Mätje <stefan.maetje(a)esd.eu> Reviewed-by: Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> Link: https://patch.msgid.link/20240904222740.2985864-2-stefan.maetje@esd.eu Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- drivers/net/can/usb/esd_usb.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/drivers/net/can/usb/esd_usb.c b/drivers/net/can/usb/esd_usb.c index 41a0e4261d15..03ad10b01867 100644 --- a/drivers/net/can/usb/esd_usb.c +++ b/drivers/net/can/usb/esd_usb.c @@ -3,7 +3,7 @@ * CAN driver for esd electronics gmbh CAN-USB/2, CAN-USB/3 and CAN-USB/Micro * * Copyright (C) 2010-2012 esd electronic system design gmbh, Matthias Fuchs <socketcan(a)esd.eu> - * Copyright (C) 2022-2023 esd electronics gmbh, Frank Jungclaus <frank.jungclaus(a)esd.eu> + * Copyright (C) 2022-2024 esd electronics gmbh, Frank Jungclaus <frank.jungclaus(a)esd.eu> */ #include <linux/can.h> @@ -1116,9 +1116,6 @@ static int esd_usb_3_set_bittiming(struct net_device *netdev) if (priv->can.ctrlmode & CAN_CTRLMODE_LISTENONLY) flags |= ESD_USB_3_BAUDRATE_FLAG_LOM; - if (priv->can.ctrlmode & CAN_CTRLMODE_3_SAMPLES) - flags |= ESD_USB_3_BAUDRATE_FLAG_TRS; - baud_x->nom.brp = cpu_to_le16(nom_bt->brp & (nom_btc->brp_max - 1)); baud_x->nom.sjw = cpu_to_le16(nom_bt->sjw & (nom_btc->sjw_max - 1)); baud_x->nom.tseg1 = cpu_to_le16((nom_bt->prop_seg + nom_bt->phase_seg1) @@ -1219,7 +1216,6 @@ static int esd_usb_probe_one_net(struct usb_interface *intf, int index) switch (le16_to_cpu(dev->udev->descriptor.idProduct)) { case ESD_USB_CANUSB3_PRODUCT_ID: priv->can.clock.freq = ESD_USB_3_CAN_CLOCK; - priv->can.ctrlmode_supported |= CAN_CTRLMODE_3_SAMPLES; priv->can.ctrlmode_supported |= CAN_CTRLMODE_FD; priv->can.bittiming_const = &esd_usb_3_nom_bittiming_const; priv->can.data_bittiming_const = &esd_usb_3_data_bittiming_const; -- 2.45.2

1 year, 3 months

1
0
0 0

Potwierdzenie przelewu

by Szymon Jankowski

Witam, Pomagamy pozyskiwać nowych klientów B2B. Czy interesuje Państwa dotarcie do nowych potencjalnych partnerów oraz uruchomienie z nimi rozmów handlowch ? Pozdrawiam Szymon Jankowski

1 year, 3 months

1
0
0 0

[PATCH 6.6 000/269] 6.6.51-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.51 release. There are 269 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 12 Sep 2024 09:25:22 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.51-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.51-rc1 Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix UAF on hci_abort_conn_sync Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix UAF on create_le_conn_complete Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix UAF in hci_acl_create_conn_sync Stefan Wahren <wahrenst(a)gmx.net> spi: spi-fsl-lpspi: Fix off-by-one in prescale max Filipe Manana <fdmanana(a)suse.com> btrfs: fix race between direct IO write and fsync when using same fd Thomas Gleixner <tglx(a)linutronix.de> x86/mm: Fix PTI for i386 some more Andrea Parri <parri.andrea(a)gmail.com> membarrier: riscv: Add full memory barrier in switch_mm() Li Nan <linan122(a)huawei.com> ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery() Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Do not restrict memory size because of linear mapping on nommu Anton Blanchard <antonb(a)tenstorrent.com> riscv: Fix toolchain vector detection Paulo Alcantara <pc(a)manguebit.com> smb: client: fix double put of @cfile in smb2_rename_path() Liao Chen <liaochen4(a)huawei.com> gpio: modepin: Enable module autoloading Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> gpio: rockchip: fix OF node leak in probe() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/i915/fence: Mark debug_fence_free() with __maybe_unused Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused Stephen Boyd <swboyd(a)chromium.org> clk: qcom: gcc-sm8550: Don't park the USB RCG at registration time Stephen Boyd <swboyd(a)chromium.org> clk: qcom: gcc-sm8550: Don't use parking clk_ops for QUPs Matteo Martelli <matteomartelli3(a)gmail.com> ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode Chen-Yu Tsai <wenst(a)chromium.org> ASoc: SOF: topology: Clear SOF link platform name upon unload Keith Busch <kbusch(a)kernel.org> nvme-pci: allocate tagset on reset if necessary Maurizio Lombardi <mlombard(a)redhat.com> nvmet-tcp: fix kernel crash if commands allocation fails Mohan Kumar <mkumard(a)nvidia.com> ASoC: tegra: Fix CBB error during probe() Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/vdso: Don't discard rela sections Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/64e: Define mmu_pte_psize static Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64e: split out nohash Book3E 64-bit code Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64e: remove unused IBM HTW code devi priya <quic_devipriy(a)quicinc.com> clk: qcom: ipq9574: Update the alpha PLL type for GPLLs Jia Jie Ho <jiajie.ho(a)starfivetech.com> crypto: starfive - Fix nent assignment in rsa dec Jia Jie Ho <jiajie.ho(a)starfivetech.com> crypto: starfive - Align rsa input data to 32-bit Igor Pylypiv <ipylypiv(a)google.com> ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf Igor Pylypiv <ipylypiv(a)google.com> ata: libata-scsi: Remove redundant sense_buffer memsets Marek Olšák <marek.olsak(a)amd.com> drm/amdgpu: handle gfx12 in amdgpu_display_verify_sizes Aurabindo Pillai <aurabindo.pillai(a)amd.com> drm/amd: Add gfx12 swizzle mode defs Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: rx: add workaround for erratum DS80000789E 6 of mcp2518fd Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: clarify the meaning of timestamp Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: rx: prepare to workaround broken RX FIFO head index erratum Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: mcp251xfd_handle_rxif_ring_uinc(): factor out in separate function Jonathan Cameron <Jonathan.Cameron(a)huawei.com> arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry James Morse <james.morse(a)arm.com> arm64: acpi: Move get_cpu_for_acpi_id() to a header Jonathan Cameron <Jonathan.Cameron(a)huawei.com> ACPI: processor: Fix memory leaks in error paths of processor_add() Jonathan Cameron <Jonathan.Cameron(a)huawei.com> ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() Nicholas Piggin <npiggin(a)gmail.com> workqueue: Improve scalability of workqueue watchdog touch Nicholas Piggin <npiggin(a)gmail.com> workqueue: wq_watchdog_touch is always called with valid CPU Usama Arif <usamaarif642(a)gmail.com> Revert "mm: skip CMA pages when they are not available" Vern Hao <vernhao(a)tencent.com> mm/vmscan: use folio_migratetype() instead of get_pageblock_migratetype() Peter Zijlstra <peterz(a)infradead.org> perf/aux: Fix AUX buffer serialization Sven Schnelle <svens(a)linux.ibm.com> uprobes: Use kzalloc to allocate xol area Daniel Lezcano <daniel.lezcano(a)linaro.org> clocksource/drivers/timer-of: Remove percpu irq related code Jacky Bai <ping.bai(a)nxp.com> clocksource/drivers/imx-tpm: Fix next event not taking effect sometime Jacky Bai <ping.bai(a)nxp.com> clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX David Fernandez Gonzalez <david.fernandez.gonzalez(a)oracle.com> VMCI: Fix use-after-free when removing resource in vmci_resource_remove() Naman Jain <namjain(a)linux.microsoft.com> Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic Saurabh Sengar <ssengar(a)linux.microsoft.com> uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind Geert Uytterhoeven <geert+renesas(a)glider.be> nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc Carlos Llamas <cmllamas(a)google.com> binder: fix UAF caused by offsets overwrite Sukrut Bellary <sukrut.bellary(a)linux.com> misc: fastrpc: Fix double free of 'buf' in error path Prashanth K <quic_prashk(a)quicinc.com> usb: dwc3: Avoid waking up gadget during startxfer Pawel Laszczak <pawell(a)cadence.com> usb: cdns2: Fix controller reset issue Faisal Hassan <quic_faisalh(a)quicinc.com> usb: dwc3: core: update LC timer as per USB Spec V3.2 Dumitru Ceclan <mitrutzceclan(a)gmail.com> iio: adc: ad7124: fix chip ID mismatch Guillaume Stols <gstols(a)baylibre.com> iio: adc: ad7606: remove frstdata check for serial mode Dumitru Ceclan <mitrutzceclan(a)gmail.com> iio: adc: ad7124: fix config comparison Matteo Martelli <matteomartelli3(a)gmail.com> iio: fix scale application in iio_convert_raw_to_processed_unlocked David Lechner <dlechner(a)baylibre.com> iio: buffer-dmaengine: fix releasing dma channel on error Aleksandr Mishin <amishin(a)t-argos.ru> staging: iio: frequency: ad9834: Validate frequency parameter value Sasha Neftin <sasha.neftin(a)intel.com> intel: legacy: Partial revert of field get conversion Matthieu Baerts (NGI0) <matttbe(a)kernel.org> tcp: process the 3rd ACK with sk_socket for TFO/MPTCP Perry Yuan <perry.yuan(a)amd.com> cpufreq: amd-pstate: fix the highest frequency issue which limits performance Meng Li <li.meng(a)amd.com> cpufreq: amd-pstate: Enable amd-pstate preferred core support Meng Li <li.meng(a)amd.com> ACPI: CPPC: Add helper to get the highest performance value Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Use accessors to page table entries instead of direct dereference Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: mm: Only compile pgtable.c if MMU Alexandre Ghiti <alexghiti(a)rivosinc.com> mm: Introduce pudp/p4dp/pgdp_get() functions Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Use WRITE_ONCE() when setting page table entries Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations ChenXiaoSong <chenxiaosong(a)kylinos.cn> smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open() Michael Ellerman <mpe(a)ellerman.id.au> ata: pata_macio: Use WARN instead of BUG Carlos Song <carlos.song(a)nxp.com> spi: spi-fsl-lpspi: limit PRESCALE bit in TCR register Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed Kent Overstreet <kent.overstreet(a)linux.dev> lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() Stefan Wiehler <stefan.wiehler(a)nokia.com> of/irq: Prevent device address out-of-bounds read in interrupt map walk Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: sanity check symbolic link size Oliver Neukum <oneukum(a)suse.com> usbnet: ipheth: race between ipheth_close and error handling Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: uinput - reject requests with unreasonable number of slots Olivier Sobrie <olivier(a)sobrie.be> HID: amd_sfh: free driver_data after destroying hid device Camila Alvarez <cam.alvarez.i(a)gmail.com> HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup Heiko Carstens <hca(a)linux.ibm.com> s390/vmlinux.lds.S: Move ro_after_init section behind rodata section David Sterba <dsterba(a)suse.com> btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry() Devyn Liu <liudingyuan(a)huawei.com> spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware Zenghui Yu <yuzenghui(a)huawei.com> kselftests: dmabuf-heaps: Ensure the driver name is null-terminated Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup Frank Li <Frank.Li(a)nxp.com> i3c: master: svc: resend target address when get NACK David Howells <dhowells(a)redhat.com> vfs: Fix potential circular locking through setxattr() and removexattr() Arnd Bergmann <arnd(a)arndb.de> regmap: maple: work around gcc-14.1 false-positive warning Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Use correct API to map cmdline in relocate_kernel() Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dpaa: avoid on-stack arrays of NR_CPUS elements Neeraj Sanjay Kale <neeraj.sanjaykale(a)nxp.com> Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush() Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Don't drop SYN+ACK for simultaneous connect(). Dan Williams <dan.j.williams(a)intel.com> PCI: Add missing bridge lock to pci_bus_lock() yang.zhang <yang.zhang(a)hexintek.com> riscv: set trap vector earlier Alison Schofield <alison.schofield(a)intel.com> cxl/region: Verify target positions using the ordered target list Filipe Manana <fdmanana(a)suse.com> btrfs: replace BUG_ON() with error handling at update_ref_for_cow() Josef Bacik <josef(a)toxicpanda.com> btrfs: clean up our handling of refs == 0 in snapshot delete Josef Bacik <josef(a)toxicpanda.com> btrfs: replace BUG_ON with ASSERT in walk_down_proc() Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Check more cases when directory is corrupted Zqiang <qiang.zhang1211(a)gmail.com> smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu() Christian König <christian.koenig(a)amd.com> drm/amdgpu: reject gang submit on reserved VMIDs Sascha Hauer <s.hauer(a)pengutronix.de> wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() Yicong Yang <yangyicong(a)hisilicon.com> dma-mapping: benchmark: Don't starve others when doing the test Ye Bin <yebin10(a)huawei.com> jbd2: avoid mount failed when commit block is partial submitted Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: fix possible tid_t sequence overflows Yifan Zha <Yifan.Zha(a)amd.com> drm/amdgpu: Set no_hw_access when VF request full GPU fails Andreas Ziegler <ziegler.andreas(a)siemens.com> libbpf: Add NULL checks to bpf_object__{prev_map,next_map} Shenghao Ding <shenghao-ding(a)ti.com> ASoc: TAS2781: replace beXX_to_cpup with get_unaligned_beXX for potentially broken alignment Guenter Roeck <linux(a)roeck-us.net> hwmon: (w83627ehf) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (nct6775-core) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (lm95234) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (adc128d818) Fix underflows seen when writing limit attributes Hareshx Sankar Raj <hareshx.sankar.raj(a)intel.com> crypto: qat - fix unintentional re-enabling of error interrupts Igor Pylypiv <ipylypiv(a)google.com> scsi: pm80xx: Set phy->enable_completion only when we wait for it Kyoungrul Kim <k831.kim(a)samsung.com> scsi: ufs: core: Remove SCSI host only if added Marcin Ślusarz <mslusarz(a)renau.com> wifi: rtw88: usb: schedule rx work after everything is set up Xuan Zhuo <xuanzhuo(a)linux.alibaba.com> virtio_ring: fix KMSAN error for premapped mode Krishna Kumar <krishnak(a)linux.ibm.com> pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv Zijun Hu <quic_zijuhu(a)quicinc.com> devres: Initialize an uninitialized struct member Johannes Berg <johannes.berg(a)intel.com> um: line: always fill *error_out in setup_one_line() Waiman Long <longman(a)redhat.com> cgroup: Protect css->cgroup write under css_set_lock Jacob Pan <jacob.jun.pan(a)linux.intel.com> iommu/vt-d: Handle volatile descriptor status read Benjamin Marzinski <bmarzins(a)redhat.com> dm init: Handle minors larger than 255 Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: topology: Properly initialize soc_enum values Sean Anderson <sean.anderson(a)linux.dev> phy: zynqmp: Take the phy mutex in xlate Richard Fitzgerald <rf(a)opensource.cirrus.com> firmware: cs_dsp: Don't allow writes to read-only controls Viresh Kumar <viresh.kumar(a)linaro.org> xen: privcmd: Fix possible access to a freed kirqfd instance Jamie Bainbridge <jamie.bainbridge(a)gmail.com> selftests: net: enable bind tests Pawel Dembicki <paweldembicki(a)gmail.com> net: dsa: vsc73xx: fix possible subblocks range of CAPT block Jonas Gorski <jonas.gorski(a)bisdn.de> net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN Hayes Wang <hayeswang(a)realtek.com> r8152: fix the firmware doesn't work Kuniyuki Iwashima <kuniyu(a)amazon.com> fou: Fix null-ptr-deref in GRO. Guillaume Nault <gnault(a)redhat.com> bareudp: Fix device stats updates. Tze-nan Wu <Tze-nan.Wu(a)mediatek.com> bpf, net: Fix a potential race in do_sock_getsockopt() Breno Leitao <leitao(a)debian.org> net/socket: Break down __sys_getsockopt Breno Leitao <leitao(a)debian.org> net/socket: Break down __sys_setsockopt Breno Leitao <leitao(a)debian.org> bpf: Add sockptr support for setsockopt Breno Leitao <leitao(a)debian.org> bpf: Add sockptr support for getsockopt Oliver Neukum <oneukum(a)suse.com> usbnet: modern method to get random MAC Larysa Zaremba <larysa.zaremba(a)intel.com> ice: do not bring the VSI up, if it was down before the XDP setup Larysa Zaremba <larysa.zaremba(a)intel.com> ice: protect XDP configuration with a mutex Jinjie Ruan <ruanjinjie(a)huawei.com> net: phy: Fix missing of_node_put() for leds Armin Wolf <W_Armin(a)gmx.de> hwmon: (hp-wmi-sensors) Check if WMI event data exists Dan Carpenter <dan.carpenter(a)linaro.org> igc: Unlock on error in igc_io_resume() Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Fix not generating command complete for MGMT_OP_DISCONNECT Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Introduce hci_cmd_sync_run/hci_cmd_sync_run_once Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Attempt to dequeue connection attempt Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Add helper functions to manipulate cmd_sync queue Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_conn: Fix UAF Write in __hci_acl_create_connection_sync Jonas Dreßler <verdre(a)v0yd.nl> Bluetooth: Remove pending ACL connection attempts Jonas Dreßler <verdre(a)v0yd.nl> Bluetooth: hci_conn: Only do ACL connections sequentially Jonas Dreßler <verdre(a)v0yd.nl> Bluetooth: hci_event: Use HCI error defines instead of magic values Douglas Anderson <dianders(a)chromium.org> Bluetooth: qca: If memdump doesn't work, re-enable IBS Martin Jocic <martin.jocic(a)kvaser.com> can: kvaser_pciefd: Use a single write when releasing RX buffers Martin Jocic <martin.jocic(a)kvaser.com> can: kvaser_pciefd: Move reset of DMA RX buffers to the end of the ISR Martin Jocic <martin.jocic(a)kvaser.com> can: kvaser_pciefd: Rename board_irq to pci_irq Martin Jocic <martin.jocic(a)kvaser.com> can: kvaser_pciefd: Remove unnecessary comment Martin Jocic <martin.jocic(a)kvaser.com> can: kvaser_pciefd: Skip redundant NULL pointer check in ISR Douglas Anderson <dianders(a)chromium.org> regulator: core: Stub devm_regulator_bulk_get_const() if !CONFIG_REGULATOR Aleksandr Mishin <amishin(a)t-argos.ru> platform/x86: dell-smbios: Fix error path in dell_smbios_init() Dawid Osuchowski <dawid.osuchowski(a)linux.intel.com> ice: Add netif_device_attach/detach into PF reset flow Daiwei Li <daiweili(a)google.com> igb: Fix not clearing TimeSync interrupts for 82580 David Howells <dhowells(a)redhat.com> cifs: Fix FALLOC_FL_ZERO_RANGE to preflush buffered part of target region Andreas Hindborg <a.hindborg(a)samsung.com> rust: kbuild: fix export of bss symbols Matthew Maurer <mmaurer(a)google.com> rust: Use awk instead of recent xargs Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: fix ring configuration when switching from CAN-CC to CAN-FD mode Simon Horman <horms(a)kernel.org> can: m_can: Release irq on error in m_can_open Kuniyuki Iwashima <kuniyu(a)amazon.com> can: bcm: Remove proc entry when dev is unregistered. Marek Olšák <marek.olsak(a)amd.com> drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6 Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check denominator pbn_div before used Jules Irenge <jbi.octave(a)gmail.com> pcmcia: Use resource_size function on resource object Chen Ni <nichen(a)iscas.ac.cn> media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: ili210x - use kvmalloc() to allocate buffer for firmware update Kishon Vijay Abraham I <kishon(a)ti.com> PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) Eric Joyner <eric.joyner(a)intel.com> ice: Check all ice_vsi_rebuild() errors in function Shivaprasad G Bhat <sbhat(a)linux.ibm.com> vfio/spapr: Always clear TCEs before unsetting the window Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: vivid: don't set HDMI TX controls if there are no HDMI outputs Danijel Slivka <danijel.slivka(a)amd.com> drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts Hawking Zhang <Hawking.Zhang(a)amd.com> drm/amdgpu: Fix smatch static checker warning Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check HDCP returned status Alex Hung <alex.hung(a)amd.com> drm/amd/display: Run DC_LOG_DC after checking link->link_enc Ma Ke <make24(a)iscas.ac.cn> usb: gadget: aspeed_udc: validate endpoint index for ast udc Shantanu Goel <sgoel01(a)yahoo.com> usb: uas: set host status byte on data completion error Arend van Spriel <arend.vanspriel(a)broadcom.com> wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> leds: spi-byte: Call of_node_put() on error path Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: vivid: fix wrong sizeimage value for mplane Samuel Holland <samuel.holland(a)sifive.com> riscv: kprobes: Use patch_text_nosync() for insn slots Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: One more reason to mark inode bad Jan Kara <jack(a)suse.cz> udf: Avoid excessive partition lengths Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check Yunjian Wang <wangyunjian(a)huawei.com> netfilter: nf_conncount: fix wrong variable type Jernej Skrabec <jernej.skrabec(a)gmail.com> iommu: sun50i: clear bypass register Brian Johannesmeyer <bjohannesmeyer(a)gmail.com> x86/kmsan: Fix hook for unaligned accesses Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Remove put_pid()/put_cred() in copy_peercred(). Pali Rohár <pali(a)kernel.org> irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1 Rakesh Ughreja <rughreja(a)habana.ai> accel/habanalabs/gaudi2: unsecure edma max outstanding register Alexey Dobriyan <adobriyan(a)gmail.com> ELF: fix kernel.randomize_va_space double read Leon Hwang <hffilwlqm(a)gmail.com> bpf, verifier: Correct tail_call_reachable for bpf prog Konstantin Andreev <andreev(a)swemel.ru> smack: unix sockets: fix accept()ed socket label Ajith C <quic_ajithc(a)quicinc.com> wifi: ath12k: fix firmware crash due to invalid peer nss Aaradhana Sahu <quic_aarasahu(a)quicinc.com> wifi: ath12k: fix uninitialize symbol error on ath12k_peer_assoc_h_he() Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Add input value sanity checks to HDMI channel map controls Takashi Iwai <tiwai(a)suse.de> ALSA: control: Apply sanity check of input values for user elements Daniele Ceraolo Spurio <daniele.ceraolospurio(a)intel.com> drm/i915: Do not attempt to load the GSC multiple times Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix state management in error path of log writing function Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: protect references to superblock parameters exposed in sysfs Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix missing cleanup on rollforward recovery error Toke Høiland-Jørgensen <toke(a)redhat.com> sched: sch_cake: fix bulk flow accounting logic for host fairness Eric Dumazet <edumazet(a)google.com> ila: call nf_unregister_net_hooks() sooner Cong Wang <cong.wang(a)bytedance.com> tcp_bpf: fix return value of tcp_bpf_sendmsg() Alex Deucher <alexander.deucher(a)amd.com> Revert "drm/amdgpu: align pp_power_profile_mode with kernel docs" Yuntao Wang <yuntao.wang(a)linux.dev> x86/apic: Make x2apic_disable() work correctly Mitchell Levy <levymitchell0(a)gmail.com> x86/fpu: Avoid writing LBR bit to IA32_XSS unless supported Matt Johnston <matt(a)codeconstruct.com.au> net: mctp-serial: Fix missing escapes on transmit Souradeep Chakrabarti <schakrabarti(a)linux.microsoft.com> net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup Steven Rostedt <rostedt(a)goodmis.org> eventfs: Use list_del_rcu() for SRCU protected list variable Baokun Li <libaokun1(a)huawei.com> fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF Jann Horn <jannh(a)google.com> userfaultfd: fix checks for huge PMDs Jann Horn <jannh(a)google.com> userfaultfd: don't BUG_ON() if khugepaged yanks our page table Steven Rostedt <rostedt(a)goodmis.org> tracing/timerlat: Add interface_lock around clearing of kthread in stop_kthread() Zheng Yejian <zhengyejian(a)huaweicloud.com> tracing: Avoid possible softlockup in tracing_iter_reset() Steven Rostedt <rostedt(a)goodmis.org> tracing/timerlat: Only clear timer if a kthread exists Steven Rostedt <rostedt(a)goodmis.org> tracing/osnoise: Use a cpumask to know what threads are kthreads Brian Norris <briannorris(a)chromium.org> spi: rockchip: Resolve unbalanced runtime PM / system PM handling Will Deacon <will(a)kernel.org> mm: vmalloc: ensure vmap_block is initialised before adding to queue Petr Tesarik <ptesarik(a)suse.com> kexec_file: fix elfcorehdr digest exclusion when CONFIG_CRASH_HOTPLUG=y Simon Arlott <simon(a)octiron.net> can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: clk-alpha-pll: Update set_rate for Zonda PLL Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: clk-alpha-pll: Fix zonda set_rate failure when PLL is disabled Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: clk-alpha-pll: Fix the pll post div mask Xingyu Wu <xingyu.wu(a)starfivetech.com> clk: starfive: jh7110-sys: Add notifier for PLL0 clock yangyun <yangyun50(a)huawei.com> fuse: fix memory leak in fuse_create_open Jann Horn <jannh(a)google.com> fuse: use unsigned type for getxattr/listxattr size truncation Joanne Koong <joannelkoong(a)gmail.com> fuse: update stats for pages in dropped aux writeback list Seunghwan Baek <sh8267.baek(a)samsung.com> mmc: cqhci: Fix checking of CQHCI_HALT state Liao Chen <liaochen4(a)huawei.com> mmc: sdhci-of-aspeed: fix module autoloading Sam Protsenko <semen.protsenko(a)linaro.org> mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K Jonathan Bell <jonathan(a)raspberrypi.com> mmc: core: apply SD quirks earlier during probe Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Ignore keys being loaded with invalid type Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE" Boqun Feng <boqun.feng(a)gmail.com> rust: macros: provide correct provenance when constructing THIS_MODULE Boqun Feng <boqun.feng(a)gmail.com> rust: types: Make Opaque::get const Georg Gottleuber <ggo(a)tuxedocomputers.com> nvme-pci: Add sleep quirk for Samsung 990 Evo Roland Xu <mu001999(a)outlook.com> rtmutex: Drop rt_mutex::wait_lock before scheduling Thomas Gleixner <tglx(a)linutronix.de> x86/kaslr: Expose and use the end of the physical memory address space Ma Ke <make24(a)iscas.ac.cn> irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init() Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Limit the period on Haswell Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/tdx: Fix data leak in mmio_read() Zheng Qixing <zhengqixing(a)huawei.com> ata: libata: Fix memory leak for error path in ata_host_alloc() Dan Carpenter <dan.carpenter(a)linaro.org> ksmbd: Unlock on in ksmbd_tcp_set_interfaces() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: unset the binding mark of a reused connection Paulo Alcantara <pc(a)manguebit.com> smb: client: fix double put of @cfile in smb2_set_path_size() Nysal Jan K.A. <nysal(a)linux.ibm.com> powerpc/qspinlock: Fix deadlock in MCS queue Maximilien Perreault <maximilienperreault(a)gmail.com> ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx Terry Cheong <htcheong(a)chromium.org> ALSA: hda/realtek: add patch for internal mic in Lenovo V145 Christoffer Sandberg <cs(a)tuxedo.de> ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices Ravi Bangoria <ravi.bangoria(a)amd.com> KVM: SVM: Don't advertise Bus Lock Detect to guest if SVM support is missing Maxim Levitsky <mlevitsk(a)redhat.com> KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE Sean Christopherson <seanjc(a)google.com> KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS robelin <robelin(a)nvidia.com> ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object Jens Emil Schulz Østergaard <jensemil.schulzostergaard(a)microchip.com> net: microchip: vcap: Fix use-after-free error in kunit test Stephen Hemminger <stephen(a)networkplumber.org> sch/netem: fix use after free in netem_dequeue ------------- Diffstat: MAINTAINERS | 2 +- Makefile | 4 +- arch/arm/include/asm/pgtable.h | 2 + arch/arm64/include/asm/acpi.h | 12 + arch/arm64/kernel/acpi_numa.c | 11 - arch/loongarch/kernel/relocate.c | 4 +- arch/mips/kernel/cevt-r4k.c | 15 +- arch/powerpc/include/asm/nohash/mmu-e500.h | 3 +- arch/powerpc/kernel/vdso/vdso32.lds.S | 4 +- arch/powerpc/kernel/vdso/vdso64.lds.S | 4 +- arch/powerpc/lib/qspinlock.c | 10 +- arch/powerpc/mm/nohash/Makefile | 2 +- arch/powerpc/mm/nohash/tlb.c | 398 +-------------------- arch/powerpc/mm/nohash/tlb_64e.c | 361 +++++++++++++++++++ arch/powerpc/mm/nohash/tlb_low_64e.S | 195 ---------- arch/riscv/Kconfig | 5 +- arch/riscv/include/asm/kfence.h | 4 +- arch/riscv/include/asm/membarrier.h | 31 ++ arch/riscv/include/asm/pgtable-64.h | 22 +- arch/riscv/include/asm/pgtable.h | 33 +- arch/riscv/kernel/efi.c | 2 +- arch/riscv/kernel/head.S | 3 + arch/riscv/kernel/probes/kprobes.c | 5 +- arch/riscv/kvm/mmu.c | 22 +- arch/riscv/mm/Makefile | 3 +- arch/riscv/mm/context.c | 2 + arch/riscv/mm/fault.c | 16 +- arch/riscv/mm/hugetlbpage.c | 12 +- arch/riscv/mm/init.c | 2 +- arch/riscv/mm/kasan_init.c | 45 +-- arch/riscv/mm/pageattr.c | 44 +-- arch/riscv/mm/pgtable.c | 51 ++- arch/s390/kernel/vmlinux.lds.S | 9 + arch/um/drivers/line.c | 2 + arch/x86/coco/tdx/tdx.c | 1 - arch/x86/events/intel/core.c | 23 +- arch/x86/include/asm/fpu/types.h | 7 + arch/x86/include/asm/page_64.h | 1 + arch/x86/include/asm/pgtable_64_types.h | 4 + arch/x86/kernel/apic/apic.c | 11 +- arch/x86/kernel/fpu/xstate.c | 3 + arch/x86/kernel/fpu/xstate.h | 4 +- arch/x86/kvm/svm/svm.c | 15 + arch/x86/kvm/x86.c | 2 + arch/x86/lib/iomem.c | 5 +- arch/x86/mm/init_64.c | 4 + arch/x86/mm/kaslr.c | 34 +- arch/x86/mm/pti.c | 45 ++- drivers/accel/habanalabs/gaudi2/gaudi2_security.c | 1 + drivers/acpi/acpi_processor.c | 15 +- drivers/acpi/cppc_acpi.c | 13 + drivers/android/binder.c | 1 + drivers/ata/libata-core.c | 4 +- drivers/ata/libata-scsi.c | 24 +- drivers/ata/pata_macio.c | 7 +- drivers/base/devres.c | 1 + drivers/base/regmap/regcache-maple.c | 3 +- drivers/block/ublk_drv.c | 2 + drivers/bluetooth/btnxpuart.c | 12 +- drivers/bluetooth/hci_qca.c | 1 + drivers/clk/qcom/clk-alpha-pll.c | 25 +- drivers/clk/qcom/clk-rcg.h | 1 + drivers/clk/qcom/clk-rcg2.c | 30 ++ drivers/clk/qcom/gcc-ipq9574.c | 12 +- drivers/clk/qcom/gcc-sm8550.c | 54 +-- drivers/clk/starfive/clk-starfive-jh7110-sys.c | 31 +- drivers/clk/starfive/clk-starfive-jh71x0.h | 2 + drivers/clocksource/timer-imx-tpm.c | 16 +- drivers/clocksource/timer-of.c | 17 +- drivers/clocksource/timer-of.h | 1 - drivers/cpufreq/amd-pstate.c | 147 +++++++- .../crypto/intel/qat/qat_common/adf_gen2_pfvf.c | 4 +- .../intel/qat/qat_dh895xcc/adf_dh895xcc_hw_data.c | 8 +- drivers/crypto/starfive/jh7110-cryp.h | 4 +- drivers/crypto/starfive/jh7110-rsa.c | 15 +- drivers/cxl/core/region.c | 5 +- drivers/firmware/cirrus/cs_dsp.c | 3 + drivers/gpio/gpio-rockchip.c | 1 + drivers/gpio/gpio-zynqmp-modepin.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 15 + drivers/gpu/drm/amd/amdgpu/amdgpu_display.c | 30 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ids.c | 15 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ids.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 4 +- drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 8 +- drivers/gpu/drm/amd/amdgpu/ih_v6_0.c | 28 ++ drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 2 +- drivers/gpu/drm/amd/display/dc/link/link_factory.c | 6 +- .../drm/amd/display/modules/hdcp/hdcp1_execution.c | 15 +- drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 6 +- drivers/gpu/drm/i915/gt/uc/intel_gsc_uc.c | 2 +- drivers/gpu/drm/i915/gt/uc/intel_uc_fw.h | 5 + drivers/gpu/drm/i915/i915_sw_fence.c | 8 +- drivers/hid/amd-sfh-hid/amd_sfh_hid.c | 4 +- drivers/hid/hid-cougar.c | 2 +- drivers/hv/vmbus_drv.c | 1 + drivers/hwmon/adc128d818.c | 4 +- drivers/hwmon/hp-wmi-sensors.c | 2 + drivers/hwmon/lm95234.c | 9 +- drivers/hwmon/nct6775-core.c | 2 +- drivers/hwmon/w83627ehf.c | 4 +- drivers/i3c/master/mipi-i3c-hci/dma.c | 5 +- drivers/i3c/master/svc-i3c-master.c | 58 ++- drivers/iio/adc/ad7124.c | 27 +- drivers/iio/adc/ad7606.c | 28 +- drivers/iio/adc/ad7606.h | 2 + drivers/iio/adc/ad7606_par.c | 46 ++- drivers/iio/buffer/industrialio-buffer-dmaengine.c | 4 +- drivers/iio/inkern.c | 8 +- drivers/input/misc/uinput.c | 14 + drivers/input/touchscreen/ili210x.c | 6 +- drivers/iommu/intel/dmar.c | 2 +- drivers/iommu/sun50i-iommu.c | 1 + drivers/irqchip/irq-armada-370-xp.c | 4 + drivers/irqchip/irq-gic-v2m.c | 6 +- drivers/leds/leds-spi-byte.c | 6 +- drivers/md/dm-init.c | 4 +- drivers/media/platform/qcom/camss/camss.c | 5 +- drivers/media/test-drivers/vivid/vivid-vid-cap.c | 17 +- drivers/media/test-drivers/vivid/vivid-vid-out.c | 16 +- drivers/misc/fastrpc.c | 5 +- drivers/misc/vmw_vmci/vmci_resource.c | 3 +- drivers/mmc/core/quirks.h | 22 +- drivers/mmc/core/sd.c | 4 + drivers/mmc/host/cqhci-core.c | 2 +- drivers/mmc/host/dw_mmc.c | 4 +- drivers/mmc/host/sdhci-of-aspeed.c | 1 + drivers/net/bareudp.c | 22 +- drivers/net/can/kvaser_pciefd.c | 43 ++- drivers/net/can/m_can/m_can.c | 5 +- drivers/net/can/spi/mcp251x.c | 2 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c | 28 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-ram.c | 11 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-ring.c | 23 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-rx.c | 165 ++++++--- drivers/net/can/spi/mcp251xfd/mcp251xfd-tef.c | 2 +- .../net/can/spi/mcp251xfd/mcp251xfd-timestamp.c | 22 +- drivers/net/can/spi/mcp251xfd/mcp251xfd.h | 42 ++- drivers/net/dsa/vitesse-vsc73xx-core.c | 10 +- drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 20 +- drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 10 +- drivers/net/ethernet/intel/e1000e/ich8lan.c | 2 +- drivers/net/ethernet/intel/ice/ice.h | 2 + drivers/net/ethernet/intel/ice/ice_lib.c | 34 +- drivers/net/ethernet/intel/ice/ice_main.c | 46 ++- drivers/net/ethernet/intel/ice/ice_xsk.c | 3 +- drivers/net/ethernet/intel/igb/igb_main.c | 10 + drivers/net/ethernet/intel/igc/igc_main.c | 1 + .../net/ethernet/microchip/vcap/vcap_api_kunit.c | 14 +- drivers/net/ethernet/microsoft/mana/mana_en.c | 22 +- drivers/net/mctp/mctp-serial.c | 4 +- drivers/net/phy/phy_device.c | 2 + drivers/net/usb/ipheth.c | 2 +- drivers/net/usb/r8152.c | 17 +- drivers/net/usb/usbnet.c | 11 +- drivers/net/wireless/ath/ath12k/mac.c | 9 +- .../broadcom/brcm80211/brcmsmac/mac80211_if.c | 1 + drivers/net/wireless/intel/iwlwifi/mvm/mvm.h | 3 +- drivers/net/wireless/marvell/mwifiex/main.h | 3 + drivers/net/wireless/realtek/rtw88/usb.c | 13 +- drivers/nvme/host/pci.c | 17 + drivers/nvme/target/tcp.c | 4 +- drivers/nvmem/core.c | 6 +- drivers/of/irq.c | 15 +- drivers/pci/controller/dwc/pci-keystone.c | 44 ++- drivers/pci/hotplug/pnv_php.c | 3 +- drivers/pci/pci.c | 35 +- drivers/pcmcia/yenta_socket.c | 6 +- drivers/phy/xilinx/phy-zynqmp.c | 1 + drivers/platform/x86/dell/dell-smbios-base.c | 5 +- drivers/scsi/pm8001/pm8001_sas.c | 4 +- drivers/spi/spi-fsl-lpspi.c | 31 +- drivers/spi/spi-hisi-kunpeng.c | 3 + drivers/spi/spi-rockchip.c | 23 +- drivers/staging/iio/frequency/ad9834.c | 2 +- drivers/ufs/core/ufshcd.c | 7 +- drivers/uio/uio_hv_generic.c | 11 +- drivers/usb/dwc3/core.c | 15 + drivers/usb/dwc3/core.h | 2 + drivers/usb/dwc3/gadget.c | 41 +-- drivers/usb/gadget/udc/aspeed_udc.c | 2 + drivers/usb/gadget/udc/cdns2/cdns2-gadget.c | 12 +- drivers/usb/gadget/udc/cdns2/cdns2-gadget.h | 9 + drivers/usb/storage/uas.c | 1 + drivers/vfio/vfio_iommu_spapr_tce.c | 13 +- drivers/virtio/virtio_ring.c | 4 +- drivers/xen/privcmd.c | 10 +- fs/binfmt_elf.c | 5 +- fs/btrfs/ctree.c | 12 +- fs/btrfs/ctree.h | 1 - fs/btrfs/extent-tree.c | 32 +- fs/btrfs/file.c | 25 +- fs/btrfs/inode.c | 2 +- fs/btrfs/transaction.h | 6 + fs/ext4/fast_commit.c | 8 +- fs/fscache/main.c | 1 + fs/fuse/dir.c | 2 +- fs/fuse/file.c | 8 +- fs/fuse/xattr.c | 4 +- fs/jbd2/recovery.c | 30 ++ fs/nfs/super.c | 2 + fs/nilfs2/recovery.c | 35 +- fs/nilfs2/segment.c | 10 +- fs/nilfs2/sysfs.c | 43 ++- fs/ntfs3/dir.c | 52 +-- fs/ntfs3/frecord.c | 4 +- fs/smb/client/smb2inode.c | 3 + fs/smb/client/smb2ops.c | 16 +- fs/smb/server/oplock.c | 2 +- fs/smb/server/smb2pdu.c | 14 +- fs/smb/server/transport_tcp.c | 4 +- fs/squashfs/inode.c | 7 +- fs/tracefs/event_inode.c | 2 +- fs/udf/super.c | 15 + fs/xattr.c | 91 ++--- include/acpi/cppc_acpi.h | 5 + include/linux/amd-pstate.h | 4 + include/linux/bpf-cgroup.h | 16 +- include/linux/mm.h | 4 + include/linux/pgtable.h | 21 ++ include/linux/regulator/consumer.h | 8 + include/net/bluetooth/hci.h | 3 + include/net/bluetooth/hci_core.h | 25 +- include/net/bluetooth/hci_sync.h | 24 +- include/net/mana/mana.h | 2 + include/net/sock.h | 6 +- include/uapi/drm/drm_fourcc.h | 18 + kernel/bpf/cgroup.c | 25 +- kernel/bpf/verifier.c | 4 +- kernel/cgroup/cgroup.c | 2 +- kernel/dma/map_benchmark.c | 16 + kernel/events/core.c | 18 +- kernel/events/internal.h | 1 + kernel/events/ring_buffer.c | 2 + kernel/events/uprobes.c | 3 +- kernel/kexec_file.c | 2 +- kernel/locking/rtmutex.c | 9 +- kernel/resource.c | 6 +- kernel/sched/core.c | 5 +- kernel/smp.c | 1 + kernel/trace/trace.c | 2 + kernel/trace/trace_osnoise.c | 50 ++- kernel/workqueue.c | 14 +- lib/generic-radix-tree.c | 2 + mm/memory_hotplug.c | 2 +- mm/sparse.c | 2 +- mm/userfaultfd.c | 29 +- mm/vmalloc.c | 2 +- mm/vmscan.c | 24 +- net/bluetooth/hci_conn.c | 158 ++------ net/bluetooth/hci_event.c | 27 +- net/bluetooth/hci_sync.c | 307 +++++++++++++++- net/bluetooth/mgmt.c | 144 ++++---- net/bluetooth/smp.c | 7 - net/bridge/br_fdb.c | 6 +- net/can/bcm.c | 4 + net/core/sock.c | 8 - net/ipv4/fou_core.c | 29 +- net/ipv4/tcp_bpf.c | 2 +- net/ipv4/tcp_input.c | 6 + net/ipv6/ila/ila.h | 1 + net/ipv6/ila/ila_main.c | 6 + net/ipv6/ila/ila_xlat.c | 13 +- net/netfilter/nf_conncount.c | 8 +- net/sched/sch_cake.c | 11 +- net/sched/sch_netem.c | 9 +- net/socket.c | 104 ++++-- net/unix/af_unix.c | 9 +- rust/Makefile | 4 +- rust/kernel/types.rs | 2 +- rust/macros/module.rs | 6 +- security/smack/smack_lsm.c | 12 +- sound/core/control.c | 6 +- sound/hda/hdmi_chmap.c | 18 + sound/pci/hda/patch_conexant.c | 11 + sound/pci/hda/patch_realtek.c | 10 + sound/soc/codecs/tas2781-fmwlib.c | 71 ++-- sound/soc/soc-dapm.c | 1 + sound/soc/soc-topology.c | 2 + sound/soc/sof/topology.c | 2 + sound/soc/sunxi/sun4i-i2s.c | 143 ++++---- sound/soc/tegra/tegra210_ahub.c | 12 +- tools/lib/bpf/libbpf.c | 4 +- tools/testing/selftests/dmabuf-heaps/dmabuf-heap.c | 4 +- tools/testing/selftests/net/Makefile | 3 +- 285 files changed, 3319 insertions(+), 2007 deletions(-)

1 year, 3 months

10
280
0 0

[PATCH 6.6 1/4] riscv: dts: starfive: add assigned-clock* to limit frquency

by WangYuli

From: William Qiu <william.qiu(a)starfivetech.com> In JH7110 SoC, we need to go by-pass mode, so we need add the assigned-clock* properties to limit clock frquency. Signed-off-by: William Qiu <william.qiu(a)starfivetech.com> Reviewed-by: Emil Renner Berthing <emil.renner.berthing(a)canonical.com> Signed-off-by: Conor Dooley <conor.dooley(a)microchip.com> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> --- .../riscv/boot/dts/starfive/jh7110-starfive-visionfive-2.dtsi | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/riscv/boot/dts/starfive/jh7110-starfive-visionfive-2.dtsi b/arch/riscv/boot/dts/starfive/jh7110-starfive-visionfive-2.dtsi index 062b97c6e7df..4874e3bb42ab 100644 --- a/arch/riscv/boot/dts/starfive/jh7110-starfive-visionfive-2.dtsi +++ b/arch/riscv/boot/dts/starfive/jh7110-starfive-visionfive-2.dtsi @@ -204,6 +204,8 @@ &i2c6 { &mmc0 { max-frequency = <100000000>; + assigned-clocks = <&syscrg JH7110_SYSCLK_SDIO0_SDCARD>; + assigned-clock-rates = <50000000>; bus-width = <8>; cap-mmc-highspeed; mmc-ddr-1_8v; @@ -220,6 +222,8 @@ &mmc0 { &mmc1 { max-frequency = <100000000>; + assigned-clocks = <&syscrg JH7110_SYSCLK_SDIO1_SDCARD>; + assigned-clock-rates = <50000000>; bus-width = <4>; no-sdio; no-mmc; -- 2.43.4

1 year, 3 months

5
7
0 0

[PATCH rc] iommu/amd: Fix argument order in amd_iommu_dev_flush_pasid_all()

by Jason Gunthorpe

From: Eliav Bar-ilan <eliavb(a)nvidia.com> An incorrect argument order calling amd_iommu_dev_flush_pasid_pages() causes improper flushing of the IOMMU, leaving the old value of GCR3 from a previous process attached to the same PASID. The function has the signature: void amd_iommu_dev_flush_pasid_pages(struct iommu_dev_data *dev_data, ioasid_t pasid, u64 address, size_t size) Correct the argument order. Cc: stable(a)vger.kernel.org Fixes: 474bf01ed9f0 ("iommu/amd: Add support for device based TLB invalidation") Signed-off-by: Eliav Bar-ilan <eliavb(a)nvidia.com> Signed-off-by: Jason Gunthorpe <jgg(a)nvidia.com> --- drivers/iommu/amd/iommu.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) This was discovered while testing SVA, but I suppose it is probably a bigger issue. diff --git a/drivers/iommu/amd/iommu.c b/drivers/iommu/amd/iommu.c index b19e8c0f48fa25..6bc4030a6ba8ed 100644 --- a/drivers/iommu/amd/iommu.c +++ b/drivers/iommu/amd/iommu.c @@ -1552,8 +1552,8 @@ void amd_iommu_dev_flush_pasid_pages(struct iommu_dev_data *dev_data, void amd_iommu_dev_flush_pasid_all(struct iommu_dev_data *dev_data, ioasid_t pasid) { - amd_iommu_dev_flush_pasid_pages(dev_data, 0, - CMD_INV_IOMMU_ALL_PAGES_ADDRESS, pasid); + amd_iommu_dev_flush_pasid_pages(dev_data, pasid, 0, + CMD_INV_IOMMU_ALL_PAGES_ADDRESS); } void amd_iommu_domain_flush_complete(struct protection_domain *domain) base-commit: cf2840f59119f41de3d9641a8b18a5da1b2cf6bf -- 2.46.0

1 year, 3 months

3
2
0 0

[PATCH 6.1 000/186] 6.1.110-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.110 release. There are 186 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 13 Sep 2024 13:05:08 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.110-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.110-rc2 Miklos Szeredi <mszeredi(a)redhat.com> fuse: add feature flag for expire-only Peng Wu <wupeng58(a)huawei.com> regulator: of: fix a NULL vs IS_ERR() check in of_regulator_bulk_get_all() Shakeel Butt <shakeel.butt(a)linux.dev> memcg: protect concurrent access to mem_cgroup_idr Yonghong Song <yhs(a)fb.com> bpf: Silence a warning in btf_type_id_size() Filipe Manana <fdmanana(a)suse.com> btrfs: fix race between direct IO write and fsync when using same fd Thomas Gleixner <tglx(a)linutronix.de> x86/mm: Fix PTI for i386 some more Li Nan <linan122(a)huawei.com> ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery() Liao Chen <liaochen4(a)huawei.com> gpio: modepin: Enable module autoloading Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> gpio: rockchip: fix OF node leak in probe() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/i915/fence: Mark debug_fence_free() with __maybe_unused Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused Matteo Martelli <matteomartelli3(a)gmail.com> ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode Chen-Yu Tsai <wenst(a)chromium.org> ASoc: SOF: topology: Clear SOF link platform name upon unload Maurizio Lombardi <mlombard(a)redhat.com> nvmet-tcp: fix kernel crash if commands allocation fails Mohan Kumar <mkumard(a)nvidia.com> ASoC: tegra: Fix CBB error during probe() Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/64e: Define mmu_pte_psize static Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64e: split out nohash Book3E 64-bit code Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64e: remove unused IBM HTW code Marek Olšák <marek.olsak(a)amd.com> drm/amdgpu: handle gfx12 in amdgpu_display_verify_sizes Aurabindo Pillai <aurabindo.pillai(a)amd.com> drm/amd: Add gfx12 swizzle mode defs Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: rx: add workaround for erratum DS80000789E 6 of mcp2518fd Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: clarify the meaning of timestamp Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: rx: prepare to workaround broken RX FIFO head index erratum Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: mcp251xfd_handle_rxif_ring_uinc(): factor out in separate function Jonathan Cameron <Jonathan.Cameron(a)huawei.com> arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry James Morse <james.morse(a)arm.com> arm64: acpi: Move get_cpu_for_acpi_id() to a header Jonathan Cameron <Jonathan.Cameron(a)huawei.com> ACPI: processor: Fix memory leaks in error paths of processor_add() Jonathan Cameron <Jonathan.Cameron(a)huawei.com> ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() Nicholas Piggin <npiggin(a)gmail.com> workqueue: Improve scalability of workqueue watchdog touch Nicholas Piggin <npiggin(a)gmail.com> workqueue: wq_watchdog_touch is always called with valid CPU Souradeep Chakrabarti <schakrabarti(a)linux.microsoft.com> net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup yangyun <yangyun50(a)huawei.com> fuse: fix memory leak in fuse_create_open Miklos Szeredi <mszeredi(a)redhat.com> fuse: add request extension Dharmendra Singh <dsingh(a)ddn.com> fuse: allow non-extending parallel direct writes on the same file Miklos Szeredi <mszeredi(a)redhat.com> fuse: add "expire only" mode to FUSE_NOTIFY_INVAL_ENTRY Peter Zijlstra <peterz(a)infradead.org> perf/aux: Fix AUX buffer serialization Sven Schnelle <svens(a)linux.ibm.com> uprobes: Use kzalloc to allocate xol area Daniel Lezcano <daniel.lezcano(a)linaro.org> clocksource/drivers/timer-of: Remove percpu irq related code Jacky Bai <ping.bai(a)nxp.com> clocksource/drivers/imx-tpm: Fix next event not taking effect sometime Jacky Bai <ping.bai(a)nxp.com> clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX David Fernandez Gonzalez <david.fernandez.gonzalez(a)oracle.com> VMCI: Fix use-after-free when removing resource in vmci_resource_remove() Naman Jain <namjain(a)linux.microsoft.com> Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic Saurabh Sengar <ssengar(a)linux.microsoft.com> uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind Geert Uytterhoeven <geert+renesas(a)glider.be> nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc Carlos Llamas <cmllamas(a)google.com> binder: fix UAF caused by offsets overwrite Faisal Hassan <quic_faisalh(a)quicinc.com> usb: dwc3: core: update LC timer as per USB Spec V3.2 Dumitru Ceclan <mitrutzceclan(a)gmail.com> iio: adc: ad7124: fix chip ID mismatch Guillaume Stols <gstols(a)baylibre.com> iio: adc: ad7606: remove frstdata check for serial mode Dumitru Ceclan <mitrutzceclan(a)gmail.com> iio: adc: ad7124: fix config comparison Matteo Martelli <matteomartelli3(a)gmail.com> iio: fix scale application in iio_convert_raw_to_processed_unlocked David Lechner <dlechner(a)baylibre.com> iio: buffer-dmaengine: fix releasing dma channel on error Aleksandr Mishin <amishin(a)t-argos.ru> staging: iio: frequency: ad9834: Validate frequency parameter value Matthieu Baerts (NGI0) <matttbe(a)kernel.org> tcp: process the 3rd ACK with sk_socket for TFO/MPTCP Michal Koutný <mkoutny(a)suse.com> io_uring/sqpoll: Do not set PF_NO_SETAFFINITY on sqpoll threads Jens Axboe <axboe(a)kernel.dk> io_uring/io-wq: stop setting PF_NO_SETAFFINITY on io-wq workers Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: check re-re-adding ID 0 signal Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: validate event numbers Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: fix backport issues Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations Michael Ellerman <mpe(a)ellerman.id.au> ata: pata_macio: Use WARN instead of BUG Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed Kent Overstreet <kent.overstreet(a)linux.dev> lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() Stefan Wiehler <stefan.wiehler(a)nokia.com> of/irq: Prevent device address out-of-bounds read in interrupt map walk Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: sanity check symbolic link size Oliver Neukum <oneukum(a)suse.com> usbnet: ipheth: race between ipheth_close and error handling Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: uinput - reject requests with unreasonable number of slots Olivier Sobrie <olivier(a)sobrie.be> HID: amd_sfh: free driver_data after destroying hid device Camila Alvarez <cam.alvarez.i(a)gmail.com> HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup Heiko Carstens <hca(a)linux.ibm.com> s390/vmlinux.lds.S: Move ro_after_init section behind rodata section David Sterba <dsterba(a)suse.com> btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry() Zenghui Yu <yuzenghui(a)huawei.com> kselftests: dmabuf-heaps: Ensure the driver name is null-terminated Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dpaa: avoid on-stack arrays of NR_CPUS elements Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Don't drop SYN+ACK for simultaneous connect(). Dan Williams <dan.j.williams(a)intel.com> PCI: Add missing bridge lock to pci_bus_lock() yang.zhang <yang.zhang(a)hexintek.com> riscv: set trap vector earlier Filipe Manana <fdmanana(a)suse.com> btrfs: replace BUG_ON() with error handling at update_ref_for_cow() Josef Bacik <josef(a)toxicpanda.com> btrfs: clean up our handling of refs == 0 in snapshot delete Josef Bacik <josef(a)toxicpanda.com> btrfs: replace BUG_ON with ASSERT in walk_down_proc() Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Check more cases when directory is corrupted Zqiang <qiang.zhang1211(a)gmail.com> smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu() Sascha Hauer <s.hauer(a)pengutronix.de> wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() Yicong Yang <yangyicong(a)hisilicon.com> dma-mapping: benchmark: Don't starve others when doing the test Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: fix possible tid_t sequence overflows Yifan Zha <Yifan.Zha(a)amd.com> drm/amdgpu: Set no_hw_access when VF request full GPU fails Andreas Ziegler <ziegler.andreas(a)siemens.com> libbpf: Add NULL checks to bpf_object__{prev_map,next_map} Guenter Roeck <linux(a)roeck-us.net> hwmon: (w83627ehf) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (nct6775-core) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (lm95234) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (adc128d818) Fix underflows seen when writing limit attributes Hareshx Sankar Raj <hareshx.sankar.raj(a)intel.com> crypto: qat - fix unintentional re-enabling of error interrupts Krishna Kumar <krishnak(a)linux.ibm.com> pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv Zijun Hu <quic_zijuhu(a)quicinc.com> devres: Initialize an uninitialized struct member Johannes Berg <johannes.berg(a)intel.com> um: line: always fill *error_out in setup_one_line() Waiman Long <longman(a)redhat.com> cgroup: Protect css->cgroup write under css_set_lock Jacob Pan <jacob.jun.pan(a)linux.intel.com> iommu/vt-d: Handle volatile descriptor status read Benjamin Marzinski <bmarzins(a)redhat.com> dm init: Handle minors larger than 255 Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: topology: Properly initialize soc_enum values Sean Anderson <sean.anderson(a)linux.dev> phy: zynqmp: Take the phy mutex in xlate Richard Fitzgerald <rf(a)opensource.cirrus.com> firmware: cs_dsp: Don't allow writes to read-only controls Pawel Dembicki <paweldembicki(a)gmail.com> net: dsa: vsc73xx: fix possible subblocks range of CAPT block Jonas Gorski <jonas.gorski(a)bisdn.de> net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN Kuniyuki Iwashima <kuniyu(a)amazon.com> fou: Fix null-ptr-deref in GRO. Guillaume Nault <gnault(a)redhat.com> bareudp: Fix device stats updates. Oliver Neukum <oneukum(a)suse.com> usbnet: modern method to get random MAC Larysa Zaremba <larysa.zaremba(a)intel.com> ice: do not bring the VSI up, if it was down before the XDP setup Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: allow hot-swapping XDP programs Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: Use ice_max_xdp_frame_size() in ice_xdp_setup_prog() Dan Carpenter <dan.carpenter(a)linaro.org> igc: Unlock on error in igc_io_resume() Douglas Anderson <dianders(a)chromium.org> regulator: core: Stub devm_regulator_bulk_get_const() if !CONFIG_REGULATOR Corentin Labbe <clabbe(a)baylibre.com> regulator: Add of_regulator_bulk_get_all Aleksandr Mishin <amishin(a)t-argos.ru> platform/x86: dell-smbios: Fix error path in dell_smbios_init() Dawid Osuchowski <dawid.osuchowski(a)linux.intel.com> ice: Add netif_device_attach/detach into PF reset flow Daiwei Li <daiweili(a)google.com> igb: Fix not clearing TimeSync interrupts for 82580 David Howells <dhowells(a)redhat.com> cifs: Fix FALLOC_FL_ZERO_RANGE to preflush buffered part of target region Andreas Hindborg <a.hindborg(a)samsung.com> rust: kbuild: fix export of bss symbols Matthew Maurer <mmaurer(a)google.com> rust: Use awk instead of recent xargs Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: fix ring configuration when switching from CAN-CC to CAN-FD mode Simon Horman <horms(a)kernel.org> can: m_can: Release irq on error in m_can_open Kuniyuki Iwashima <kuniyu(a)amazon.com> can: bcm: Remove proc entry when dev is unregistered. Marek Olšák <marek.olsak(a)amd.com> drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6 Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check denominator pbn_div before used Jules Irenge <jbi.octave(a)gmail.com> pcmcia: Use resource_size function on resource object Chen Ni <nichen(a)iscas.ac.cn> media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: ili210x - use kvmalloc() to allocate buffer for firmware update Kishon Vijay Abraham I <kishon(a)ti.com> PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: vivid: don't set HDMI TX controls if there are no HDMI outputs Danijel Slivka <danijel.slivka(a)amd.com> drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts Hawking Zhang <Hawking.Zhang(a)amd.com> drm/amdgpu: Fix smatch static checker warning Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check HDCP returned status Ma Ke <make24(a)iscas.ac.cn> usb: gadget: aspeed_udc: validate endpoint index for ast udc Shantanu Goel <sgoel01(a)yahoo.com> usb: uas: set host status byte on data completion error Arend van Spriel <arend.vanspriel(a)broadcom.com> wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> leds: spi-byte: Call of_node_put() on error path Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: vivid: fix wrong sizeimage value for mplane Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: One more reason to mark inode bad Jan Kara <jack(a)suse.cz> udf: Avoid excessive partition lengths Yunjian Wang <wangyunjian(a)huawei.com> netfilter: nf_conncount: fix wrong variable type Jernej Skrabec <jernej.skrabec(a)gmail.com> iommu: sun50i: clear bypass register Brian Johannesmeyer <bjohannesmeyer(a)gmail.com> x86/kmsan: Fix hook for unaligned accesses Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Remove put_pid()/put_cred() in copy_peercred(). Pali Rohár <pali(a)kernel.org> irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1 Alexey Dobriyan <adobriyan(a)gmail.com> ELF: fix kernel.randomize_va_space double read Konstantin Andreev <andreev(a)swemel.ru> smack: unix sockets: fix accept()ed socket label Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Add input value sanity checks to HDMI channel map controls Takashi Iwai <tiwai(a)suse.de> ALSA: control: Apply sanity check of input values for user elements Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix state management in error path of log writing function Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: protect references to superblock parameters exposed in sysfs Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix missing cleanup on rollforward recovery error Toke Høiland-Jørgensen <toke(a)redhat.com> sched: sch_cake: fix bulk flow accounting logic for host fairness Eric Dumazet <edumazet(a)google.com> ila: call nf_unregister_net_hooks() sooner Cong Wang <cong.wang(a)bytedance.com> tcp_bpf: fix return value of tcp_bpf_sendmsg() Alex Deucher <alexander.deucher(a)amd.com> Revert "drm/amdgpu: align pp_power_profile_mode with kernel docs" Mitchell Levy <levymitchell0(a)gmail.com> x86/fpu: Avoid writing LBR bit to IA32_XSS unless supported Matt Johnston <matt(a)codeconstruct.com.au> net: mctp-serial: Fix missing escapes on transmit Zheng Yejian <zhengyejian(a)huaweicloud.com> tracing: Avoid possible softlockup in tracing_iter_reset() Brian Norris <briannorris(a)chromium.org> spi: rockchip: Resolve unbalanced runtime PM / system PM handling Simon Arlott <simon(a)octiron.net> can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: clk-alpha-pll: Fix zonda set_rate failure when PLL is disabled Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: clk-alpha-pll: Fix the pll post div mask Jann Horn <jannh(a)google.com> fuse: use unsigned type for getxattr/listxattr size truncation Joanne Koong <joannelkoong(a)gmail.com> fuse: update stats for pages in dropped aux writeback list Seunghwan Baek <sh8267.baek(a)samsung.com> mmc: cqhci: Fix checking of CQHCI_HALT state Liao Chen <liaochen4(a)huawei.com> mmc: sdhci-of-aspeed: fix module autoloading Sam Protsenko <semen.protsenko(a)linaro.org> mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K Jonathan Bell <jonathan(a)raspberrypi.com> mmc: core: apply SD quirks earlier during probe Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Ignore keys being loaded with invalid type Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE" Georg Gottleuber <ggo(a)tuxedocomputers.com> nvme-pci: Add sleep quirk for Samsung 990 Evo Roland Xu <mu001999(a)outlook.com> rtmutex: Drop rt_mutex::wait_lock before scheduling Thomas Gleixner <tglx(a)linutronix.de> x86/kaslr: Expose and use the end of the physical memory address space Ma Ke <make24(a)iscas.ac.cn> irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init() Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Limit the period on Haswell Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/tdx: Fix data leak in mmio_read() Zheng Qixing <zhengqixing(a)huawei.com> ata: libata: Fix memory leak for error path in ata_host_alloc() Dan Carpenter <dan.carpenter(a)linaro.org> ksmbd: Unlock on in ksmbd_tcp_set_interfaces() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: unset the binding mark of a reused connection Maximilien Perreault <maximilienperreault(a)gmail.com> ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx Terry Cheong <htcheong(a)chromium.org> ALSA: hda/realtek: add patch for internal mic in Lenovo V145 Christoffer Sandberg <cs(a)tuxedo.de> ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices Ravi Bangoria <ravi.bangoria(a)amd.com> KVM: SVM: Don't advertise Bus Lock Detect to guest if SVM support is missing Maxim Levitsky <mlevitsk(a)redhat.com> KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE Sean Christopherson <seanjc(a)google.com> KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS robelin <robelin(a)nvidia.com> ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object Stephen Hemminger <stephen(a)networkplumber.org> sch/netem: fix use after free in netem_dequeue ------------- Diffstat: Makefile | 4 +- arch/arm64/include/asm/acpi.h | 12 + arch/arm64/kernel/acpi_numa.c | 11 - arch/mips/kernel/cevt-r4k.c | 15 +- arch/powerpc/include/asm/nohash/mmu-e500.h | 3 +- arch/powerpc/mm/nohash/Makefile | 2 +- arch/powerpc/mm/nohash/tlb.c | 398 +-------------------- arch/powerpc/mm/nohash/tlb_64e.c | 361 +++++++++++++++++++ arch/powerpc/mm/nohash/tlb_low_64e.S | 195 ---------- arch/riscv/kernel/head.S | 3 + arch/s390/kernel/vmlinux.lds.S | 9 + arch/um/drivers/line.c | 2 + arch/x86/coco/tdx/tdx.c | 1 - arch/x86/events/intel/core.c | 23 +- arch/x86/include/asm/fpu/types.h | 7 + arch/x86/include/asm/page_64.h | 1 + arch/x86/include/asm/pgtable_64_types.h | 4 + arch/x86/kernel/fpu/xstate.c | 3 + arch/x86/kernel/fpu/xstate.h | 4 +- arch/x86/kvm/svm/svm.c | 15 + arch/x86/kvm/x86.c | 2 + arch/x86/lib/iomem.c | 5 +- arch/x86/mm/init_64.c | 4 + arch/x86/mm/kaslr.c | 34 +- arch/x86/mm/pti.c | 45 ++- drivers/acpi/acpi_processor.c | 15 +- drivers/android/binder.c | 1 + drivers/ata/libata-core.c | 4 +- drivers/ata/pata_macio.c | 7 +- drivers/base/devres.c | 1 + drivers/block/ublk_drv.c | 2 + drivers/clk/qcom/clk-alpha-pll.c | 9 +- drivers/clocksource/timer-imx-tpm.c | 16 +- drivers/clocksource/timer-of.c | 17 +- drivers/clocksource/timer-of.h | 1 - drivers/crypto/qat/qat_common/adf_gen2_pfvf.c | 4 +- .../crypto/qat/qat_dh895xcc/adf_dh895xcc_hw_data.c | 8 +- drivers/firmware/cirrus/cs_dsp.c | 3 + drivers/gpio/gpio-rockchip.c | 1 + drivers/gpio/gpio-zynqmp-modepin.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_display.c | 30 +- drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 4 +- drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 8 +- drivers/gpu/drm/amd/amdgpu/ih_v6_0.c | 28 ++ drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 2 +- .../drm/amd/display/modules/hdcp/hdcp1_execution.c | 15 +- drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 6 +- drivers/gpu/drm/i915/i915_sw_fence.c | 8 +- drivers/hid/amd-sfh-hid/amd_sfh_hid.c | 4 +- drivers/hid/hid-cougar.c | 2 +- drivers/hv/vmbus_drv.c | 1 + drivers/hwmon/adc128d818.c | 4 +- drivers/hwmon/lm95234.c | 9 +- drivers/hwmon/nct6775-core.c | 2 +- drivers/hwmon/w83627ehf.c | 4 +- drivers/i3c/master/mipi-i3c-hci/dma.c | 5 +- drivers/iio/adc/ad7124.c | 27 +- drivers/iio/adc/ad7606.c | 28 +- drivers/iio/adc/ad7606.h | 2 + drivers/iio/adc/ad7606_par.c | 46 ++- drivers/iio/buffer/industrialio-buffer-dmaengine.c | 4 +- drivers/iio/inkern.c | 8 +- drivers/input/misc/uinput.c | 14 + drivers/input/touchscreen/ili210x.c | 6 +- drivers/iommu/intel/dmar.c | 2 +- drivers/iommu/sun50i-iommu.c | 1 + drivers/irqchip/irq-armada-370-xp.c | 4 + drivers/irqchip/irq-gic-v2m.c | 6 +- drivers/leds/leds-spi-byte.c | 6 +- drivers/md/dm-init.c | 4 +- drivers/media/platform/qcom/camss/camss.c | 5 +- drivers/media/test-drivers/vivid/vivid-vid-cap.c | 17 +- drivers/media/test-drivers/vivid/vivid-vid-out.c | 16 +- drivers/misc/vmw_vmci/vmci_resource.c | 3 +- drivers/mmc/core/quirks.h | 22 +- drivers/mmc/core/sd.c | 4 + drivers/mmc/host/cqhci-core.c | 2 +- drivers/mmc/host/dw_mmc.c | 4 +- drivers/mmc/host/sdhci-of-aspeed.c | 1 + drivers/net/bareudp.c | 22 +- drivers/net/can/m_can/m_can.c | 5 +- drivers/net/can/spi/mcp251x.c | 2 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c | 28 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-ram.c | 11 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-ring.c | 23 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-rx.c | 165 ++++++--- drivers/net/can/spi/mcp251xfd/mcp251xfd-tef.c | 2 +- .../net/can/spi/mcp251xfd/mcp251xfd-timestamp.c | 22 +- drivers/net/can/spi/mcp251xfd/mcp251xfd.h | 42 ++- drivers/net/dsa/vitesse-vsc73xx-core.c | 10 +- drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 20 +- drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 10 +- drivers/net/ethernet/intel/ice/ice_main.c | 61 ++-- drivers/net/ethernet/intel/igb/igb_main.c | 10 + drivers/net/ethernet/intel/igc/igc_main.c | 1 + drivers/net/ethernet/microsoft/mana/mana.h | 2 + drivers/net/ethernet/microsoft/mana/mana_en.c | 22 +- drivers/net/mctp/mctp-serial.c | 4 +- drivers/net/usb/ipheth.c | 2 +- drivers/net/usb/usbnet.c | 11 +- .../broadcom/brcm80211/brcmsmac/mac80211_if.c | 1 + drivers/net/wireless/marvell/mwifiex/main.h | 3 + drivers/nvme/host/pci.c | 11 + drivers/nvme/target/tcp.c | 4 +- drivers/nvmem/core.c | 6 +- drivers/of/irq.c | 15 +- drivers/pci/controller/dwc/pci-keystone.c | 44 ++- drivers/pci/hotplug/pnv_php.c | 3 +- drivers/pci/pci.c | 35 +- drivers/pcmcia/yenta_socket.c | 6 +- drivers/phy/xilinx/phy-zynqmp.c | 1 + drivers/platform/x86/dell/dell-smbios-base.c | 5 +- drivers/regulator/of_regulator.c | 92 +++++ drivers/spi/spi-rockchip.c | 23 +- drivers/staging/iio/frequency/ad9834.c | 2 +- drivers/uio/uio_hv_generic.c | 11 +- drivers/usb/dwc3/core.c | 15 + drivers/usb/dwc3/core.h | 2 + drivers/usb/gadget/udc/aspeed_udc.c | 2 + drivers/usb/storage/uas.c | 1 + fs/binfmt_elf.c | 5 +- fs/btrfs/ctree.c | 12 +- fs/btrfs/ctree.h | 1 - fs/btrfs/extent-tree.c | 32 +- fs/btrfs/file.c | 25 +- fs/btrfs/inode.c | 2 +- fs/btrfs/transaction.h | 6 + fs/ext4/fast_commit.c | 8 +- fs/fuse/dev.c | 6 +- fs/fuse/dir.c | 72 ++-- fs/fuse/file.c | 51 ++- fs/fuse/fuse_i.h | 8 +- fs/fuse/inode.c | 3 +- fs/fuse/xattr.c | 4 +- fs/nfs/super.c | 2 + fs/nilfs2/recovery.c | 35 +- fs/nilfs2/segment.c | 10 +- fs/nilfs2/sysfs.c | 43 ++- fs/ntfs3/dir.c | 52 +-- fs/ntfs3/frecord.c | 4 +- fs/smb/client/smb2ops.c | 16 +- fs/smb/server/smb2pdu.c | 4 + fs/smb/server/transport_tcp.c | 4 +- fs/squashfs/inode.c | 7 +- fs/udf/super.c | 15 + include/linux/mm.h | 4 + include/linux/regulator/consumer.h | 16 + include/net/bluetooth/hci_core.h | 5 - include/uapi/drm/drm_fourcc.h | 18 + include/uapi/linux/fuse.h | 46 ++- io_uring/io-wq.c | 16 +- io_uring/sqpoll.c | 1 - kernel/bpf/btf.c | 13 +- kernel/cgroup/cgroup.c | 2 +- kernel/dma/map_benchmark.c | 16 + kernel/events/core.c | 18 +- kernel/events/internal.h | 1 + kernel/events/ring_buffer.c | 2 + kernel/events/uprobes.c | 3 +- kernel/locking/rtmutex.c | 9 +- kernel/resource.c | 6 +- kernel/smp.c | 1 + kernel/trace/trace.c | 2 + kernel/workqueue.c | 14 +- lib/generic-radix-tree.c | 2 + mm/memcontrol.c | 22 +- mm/memory_hotplug.c | 2 +- mm/sparse.c | 2 +- net/bluetooth/mgmt.c | 60 ++-- net/bluetooth/smp.c | 7 - net/bridge/br_fdb.c | 6 +- net/can/bcm.c | 4 + net/ipv4/fou.c | 29 +- net/ipv4/tcp_bpf.c | 2 +- net/ipv4/tcp_input.c | 6 + net/ipv6/ila/ila.h | 1 + net/ipv6/ila/ila_main.c | 6 + net/ipv6/ila/ila_xlat.c | 13 +- net/netfilter/nf_conncount.c | 8 +- net/sched/sch_cake.c | 11 +- net/sched/sch_netem.c | 9 +- net/unix/af_unix.c | 9 +- rust/Makefile | 4 +- security/smack/smack_lsm.c | 12 +- sound/core/control.c | 6 +- sound/hda/hdmi_chmap.c | 18 + sound/pci/hda/patch_conexant.c | 11 + sound/pci/hda/patch_realtek.c | 10 + sound/soc/soc-dapm.c | 1 + sound/soc/soc-topology.c | 2 + sound/soc/sof/topology.c | 2 + sound/soc/sunxi/sun4i-i2s.c | 143 ++++---- sound/soc/tegra/tegra210_ahub.c | 12 +- tools/lib/bpf/libbpf.c | 4 +- tools/testing/selftests/dmabuf-heaps/dmabuf-heap.c | 4 +- tools/testing/selftests/net/mptcp/mptcp_join.sh | 234 ++++++++---- tools/testing/selftests/net/mptcp/mptcp_lib.sh | 15 + 197 files changed, 2269 insertions(+), 1402 deletions(-)

1 year, 3 months

7
6
0 0

[PATCH 6.10 000/375] 6.10.10-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.10.10 release. There are 375 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 12 Sep 2024 09:25:22 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.10.10-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.10.10-rc1 Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Use accessors to page table entries instead of direct dereference Stefan Wahren <wahrenst(a)gmx.net> spi: spi-fsl-lpspi: Fix off-by-one in prescale max Filipe Manana <fdmanana(a)suse.com> btrfs: fix race between direct IO write and fsync when using same fd Jouni Högander <jouni.hogander(a)intel.com> drm/i915/display: Increase Fast Wake Sync length as a quirk Jouni Högander <jouni.hogander(a)intel.com> drm/i915/display: Add mechanism to use sink model when applying quirk Thomas Gleixner <tglx(a)linutronix.de> x86/mm: Fix PTI for i386 some more Li Nan <linan122(a)huawei.com> ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery() Maurizio Lombardi <mlombard(a)redhat.com> nvmet: Identify-Active Namespace ID List command should reject invalid nsid Weiwen Hu <huweiwen(a)linux.alibaba.com> nvme: rename CDR/MORE/DNR to NVME_STATUS_* Weiwen Hu <huweiwen(a)linux.alibaba.com> nvme: fix status magic numbers Weiwen Hu <huweiwen(a)linux.alibaba.com> nvme: rename nvme_sc_to_pr_err to nvme_status_to_pr_err David Howells <dhowells(a)redhat.com> cifs: Fix SMB1 readv/writev callback in the same way as SMB2/3 David Howells <dhowells(a)redhat.com> cifs: Fix zero_point init on inode initialisation Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Fix RISCV_ALTERNATIVE_EARLY Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Improve sbi_ecall() code generation by reordering arguments Samuel Holland <samuel.holland(a)sifive.com> riscv: Add tracepoints for SBI calls and returns Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: Do not restrict memory size because of linear mapping on nommu Anton Blanchard <antonb(a)tenstorrent.com> riscv: Fix toolchain vector detection Paulo Alcantara <pc(a)manguebit.com> smb: client: fix double put of @cfile in smb2_rename_path() Liao Chen <liaochen4(a)huawei.com> gpio: modepin: Enable module autoloading Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> gpio: rockchip: fix OF node leak in probe() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/i915/fence: Mark debug_fence_free() with __maybe_unused Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused Dave Airlie <airlied(a)redhat.com> nouveau: fix the fwsec sb verification register. Stephen Boyd <swboyd(a)chromium.org> clk: qcom: gcc-sm8550: Don't park the USB RCG at registration time Stephen Boyd <swboyd(a)chromium.org> clk: qcom: gcc-sm8550: Don't use parking clk_ops for QUPs Matteo Martelli <matteomartelli3(a)gmail.com> ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode Charlie Jenkins <charlie(a)rivosinc.com> riscv: mm: Do not restrict mmap address based on hint Charlie Jenkins <charlie(a)rivosinc.com> riscv: selftests: Remove mmap hint address checks Chen-Yu Tsai <wenst(a)chromium.org> ASoc: SOF: topology: Clear SOF link platform name upon unload Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> clk: qcom: gcc-x1e80100: Don't use parking clk_ops for QUPs Keith Busch <kbusch(a)kernel.org> nvme-pci: allocate tagset on reset if necessary Maurizio Lombardi <mlombard(a)redhat.com> nvmet-tcp: fix kernel crash if commands allocation fails Mohan Kumar <mkumard(a)nvidia.com> ASoC: tegra: Fix CBB error during probe() Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/vdso: Don't discard rela sections Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/64e: Define mmu_pte_psize static Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64e: split out nohash Book3E 64-bit code Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64e: remove unused IBM HTW code devi priya <quic_devipriy(a)quicinc.com> clk: qcom: ipq9574: Update the alpha PLL type for GPLLs Abel Vesa <abel.vesa(a)linaro.org> clk: qcom: gcc-x1e80100: Fix USB 0 and 1 PHY GDSC pwrsts flags Bommu Krishnaiah <krishnaiah.bommu(a)intel.com> drm/xe/xe2lpg: Extend workaround 14021402888 Bommu Krishnaiah <krishnaiah.bommu(a)intel.com> drm/xe/xe2: Add workaround 14021402888 Dragos Tatulea <dtatulea(a)nvidia.com> net/mlx5e: SHAMPO, Fix page leak Yoray Zack <yorayz(a)nvidia.com> net/mlx5e: SHAMPO, Use KSMs instead of KLMs Arnd Bergmann <arnd(a)arndb.de> hid: bpf: add BPF_JIT dependency Jia Jie Ho <jiajie.ho(a)starfivetech.com> crypto: starfive - Fix nent assignment in rsa dec Jia Jie Ho <jiajie.ho(a)starfivetech.com> crypto: starfive - Align rsa input data to 32-bit Igor Pylypiv <ipylypiv(a)google.com> ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf Igor Pylypiv <ipylypiv(a)google.com> ata: libata-scsi: Remove redundant sense_buffer memsets Marek Olšák <marek.olsak(a)amd.com> drm/amdgpu: handle gfx12 in amdgpu_display_verify_sizes Aurabindo Pillai <aurabindo.pillai(a)amd.com> drm/amd: Add gfx12 swizzle mode defs Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: rx: add workaround for erratum DS80000789E 6 of mcp2518fd Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: clarify the meaning of timestamp Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: rx: prepare to workaround broken RX FIFO head index erratum Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: mcp251xfd_handle_rxif_ring_uinc(): factor out in separate function Jonathan Cameron <Jonathan.Cameron(a)huawei.com> arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry James Morse <james.morse(a)arm.com> arm64: acpi: Move get_cpu_for_acpi_id() to a header Jonathan Cameron <Jonathan.Cameron(a)huawei.com> ACPI: processor: Fix memory leaks in error paths of processor_add() Jonathan Cameron <Jonathan.Cameron(a)huawei.com> ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() Christian Brauner <brauner(a)kernel.org> fs: relax permissions for listmount() Christian Brauner <brauner(a)kernel.org> fs: simplify error handling Christian Brauner <brauner(a)kernel.org> path: add cleanup helper Nicholas Piggin <npiggin(a)gmail.com> workqueue: Improve scalability of workqueue watchdog touch Nicholas Piggin <npiggin(a)gmail.com> workqueue: wq_watchdog_touch is always called with valid CPU Mike Yuan <me(a)yhndnzj.com> mm/memcontrol: respect zswap.writeback setting from parent cg too Yosry Ahmed <yosryahmed(a)google.com> mm: zswap: rename is_zswap_enabled() to zswap_is_enabled() Peter Zijlstra <peterz(a)infradead.org> perf/aux: Fix AUX buffer serialization Sven Schnelle <svens(a)linux.ibm.com> uprobes: Use kzalloc to allocate xol area Daniel Lezcano <daniel.lezcano(a)linaro.org> clocksource/drivers/timer-of: Remove percpu irq related code Jacky Bai <ping.bai(a)nxp.com> clocksource/drivers/imx-tpm: Fix next event not taking effect sometime Jacky Bai <ping.bai(a)nxp.com> clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX David Fernandez Gonzalez <david.fernandez.gonzalez(a)oracle.com> VMCI: Fix use-after-free when removing resource in vmci_resource_remove() Naman Jain <namjain(a)linux.microsoft.com> Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic Saurabh Sengar <ssengar(a)linux.microsoft.com> uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind Geert Uytterhoeven <geert+renesas(a)glider.be> nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc John Thomson <git(a)johnthomson.fastmail.com.au> nvmem: u-boot-env: error if NVMEM device is too small Michal Simek <michal.simek(a)amd.com> dt-bindings: nvmem: Use soc-nvmem node name instead of nvmem Carlos Llamas <cmllamas(a)google.com> binder: fix UAF caused by offsets overwrite Sukrut Bellary <sukrut.bellary(a)linux.com> misc: fastrpc: Fix double free of 'buf' in error path Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: typec: ucsi: Fix the partner PD revision Prashanth K <quic_prashk(a)quicinc.com> usb: dwc3: Avoid waking up gadget during startxfer Pawel Laszczak <pawell(a)cadence.com> usb: cdns2: Fix controller reset issue Faisal Hassan <quic_faisalh(a)quicinc.com> usb: dwc3: core: update LC timer as per USB Spec V3.2 Dumitru Ceclan <mitrutzceclan(a)gmail.com> iio: adc: ad7124: fix DT configuration parsing Dumitru Ceclan <mitrutzceclan(a)gmail.com> iio: adc: ad7124: fix chip ID mismatch Nuno Sa <nuno.sa(a)analog.com> iio: adc: ad_sigma_delta: fix irq_flags on irq request Guillaume Stols <gstols(a)baylibre.com> iio: adc: ad7606: remove frstdata check for serial mode Dumitru Ceclan <mitrutzceclan(a)gmail.com> iio: adc: ad7124: fix config comparison Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> iio: imu: inv_mpu6050: fix interrupt status read for old buggy chips Matteo Martelli <matteomartelli3(a)gmail.com> iio: fix scale application in iio_convert_raw_to_processed_unlocked David Lechner <dlechner(a)baylibre.com> iio: buffer-dmaengine: fix releasing dma channel on error Aleksandr Mishin <amishin(a)t-argos.ru> staging: iio: frequency: ad9834: Validate frequency parameter value Matthieu Baerts (NGI0) <matttbe(a)kernel.org> tcp: process the 3rd ACK with sk_socket for TFO/MPTCP Christian Brauner <brauner(a)kernel.org> fs: only copy to userspace on success in listmount() Yunxiang Li <Yunxiang.Li(a)amd.com> drm/amdgpu: Fix amdgpu_device_reset_sriov retry logic Yunxiang Li <Yunxiang.Li(a)amd.com> drm/amdgpu: Add reset_context flag for host FLR Yunxiang Li <Yunxiang.Li(a)amd.com> drm/amdgpu: Fix two reset triggered in a row Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations ChenXiaoSong <chenxiaosong(a)kylinos.cn> smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open() Michael Ellerman <mpe(a)ellerman.id.au> ata: pata_macio: Use WARN instead of BUG Carlos Song <carlos.song(a)nxp.com> spi: spi-fsl-lpspi: limit PRESCALE bit in TCR register Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed Ivan Orlov <ivan.orlov0322(a)gmail.com> kunit/overflow: Fix UB in overflow_allocation_test Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: void array out of bound when loop tnl_num Kent Overstreet <kent.overstreet(a)linux.dev> lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() Stefan Wiehler <stefan.wiehler(a)nokia.com> of/irq: Prevent device address out-of-bounds read in interrupt map walk Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: sanity check symbolic link size Oliver Neukum <oneukum(a)suse.com> usbnet: ipheth: race between ipheth_close and error handling Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: uinput - reject requests with unreasonable number of slots Olivier Sobrie <olivier(a)sobrie.be> HID: amd_sfh: free driver_data after destroying hid device Camila Alvarez <cam.alvarez.i(a)gmail.com> HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup Heiko Carstens <hca(a)linux.ibm.com> s390/vmlinux.lds.S: Move ro_after_init section behind rodata section David Sterba <dsterba(a)suse.com> btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry() Devyn Liu <liudingyuan(a)huawei.com> spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware Zenghui Yu <yuzenghui(a)huawei.com> kselftests: dmabuf-heaps: Ensure the driver name is null-terminated Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup Frank Li <Frank.Li(a)nxp.com> i3c: master: svc: resend target address when get NACK David Howells <dhowells(a)redhat.com> vfs: Fix potential circular locking through setxattr() and removexattr() David Howells <dhowells(a)redhat.com> cachefiles: Set the max subreq size for cache writes to MAX_RW_COUNT Alexander Gordeev <agordeev(a)linux.ibm.com> s390/boot: Do not assume the decompressor range is reserved Arnd Bergmann <arnd(a)arndb.de> regmap: maple: work around gcc-14.1 false-positive warning Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Use correct API to map cmdline in relocate_kernel() YiPeng Chai <YiPeng.Chai(a)amd.com> drm/amdgpu: add mutex to protect ras shared memory Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dpaa: avoid on-stack arrays of NR_CPUS elements Neeraj Sanjay Kale <neeraj.sanjaykale(a)nxp.com> Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush() Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Don't drop SYN+ACK for simultaneous connect(). Dan Williams <dan.j.williams(a)intel.com> PCI: Add missing bridge lock to pci_bus_lock() yang.zhang <yang.zhang(a)hexintek.com> riscv: set trap vector earlier Alison Schofield <alison.schofield(a)intel.com> cxl/region: Verify target positions using the ordered target list Jakub Kicinski <kuba(a)kernel.org> ethtool: fail closed if we can't get max channel used in indirection tables Filipe Manana <fdmanana(a)suse.com> btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info() Filipe Manana <fdmanana(a)suse.com> btrfs: replace BUG_ON() with error handling at update_ref_for_cow() Josef Bacik <josef(a)toxicpanda.com> btrfs: handle errors from btrfs_dec_ref() properly Josef Bacik <josef(a)toxicpanda.com> btrfs: clean up our handling of refs == 0 in snapshot delete Josef Bacik <josef(a)toxicpanda.com> btrfs: replace BUG_ON with ASSERT in walk_down_proc() Josef Bacik <josef(a)toxicpanda.com> btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() Qu Wenruo <wqu(a)suse.com> btrfs: slightly loosen the requirement for qgroup removal Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Check more cases when directory is corrupted Zqiang <qiang.zhang1211(a)gmail.com> smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu() Christian König <christian.koenig(a)amd.com> drm/amdgpu: reject gang submit on reserved VMIDs Sascha Hauer <s.hauer(a)pengutronix.de> watchdog: imx7ulp_wdt: keep already running watchdog enabled Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> bpf: Remove tst_run from lwt_seg6local_prog_ops. Jason Gunthorpe <jgg(a)ziepe.ca> iommufd: Require drivers to supply the cache_invalidate_user ops Umang Jain <umang.jain(a)ideasonboard.com> staging: vchiq_core: Bubble up wait_event_interruptible() return value Mrinmay Sarkar <quic_msarkar(a)quicinc.com> PCI: qcom: Override NO_SNOOP attribute for SA8775P RC Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Hide Topdown metrics events if the feature is not enumerated Sascha Hauer <s.hauer(a)pengutronix.de> wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() Yicong Yang <yangyicong(a)hisilicon.com> dma-mapping: benchmark: Don't starve others when doing the test Ye Bin <yebin10(a)huawei.com> jbd2: avoid mount failed when commit block is partial submitted Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: fix possible tid_t sequence overflows Yifan Zha <Yifan.Zha(a)amd.com> drm/amdgpu: Set no_hw_access when VF request full GPU fails Andreas Ziegler <ziegler.andreas(a)siemens.com> libbpf: Add NULL checks to bpf_object__{prev_map,next_map} Shenghao Ding <shenghao-ding(a)ti.com> ASoc: TAS2781: replace beXX_to_cpup with get_unaligned_beXX for potentially broken alignment Guenter Roeck <linux(a)roeck-us.net> hwmon: (w83627ehf) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (nct6775-core) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (lm95234) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (adc128d818) Fix underflows seen when writing limit attributes Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing/kprobes: Add symbol counting check when module loads Hareshx Sankar Raj <hareshx.sankar.raj(a)intel.com> crypto: qat - fix unintentional re-enabling of error interrupts Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info Igor Pylypiv <ipylypiv(a)google.com> scsi: pm80xx: Set phy->enable_completion only when we wait for it Kyoungrul Kim <k831.kim(a)samsung.com> scsi: ufs: core: Remove SCSI host only if added Marcin Ślusarz <mslusarz(a)renau.com> wifi: rtw88: usb: schedule rx work after everything is set up Xuan Zhuo <xuanzhuo(a)linux.alibaba.com> virtio_ring: fix KMSAN error for premapped mode Krishna Kumar <krishnak(a)linux.ibm.com> pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv Zijun Hu <quic_zijuhu(a)quicinc.com> devres: Initialize an uninitialized struct member Johannes Berg <johannes.berg(a)intel.com> um: line: always fill *error_out in setup_one_line() Waiman Long <longman(a)redhat.com> cgroup: Protect css->cgroup write under css_set_lock Christoph Hellwig <hch(a)lst.de> block: don't call bio_uninit from bio_endio Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Remove control over Execute-Requested requests Jacob Pan <jacob.jun.pan(a)linux.intel.com> iommu/vt-d: Handle volatile descriptor status read Huang Ying <ying.huang(a)intel.com> cxl/region: Fix a race condition in memory hotplug notifier Benjamin Marzinski <bmarzins(a)redhat.com> dm init: Handle minors larger than 255 Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: topology: Properly initialize soc_enum values Sean Anderson <sean.anderson(a)linux.dev> phy: zynqmp: Take the phy mutex in xlate Richard Fitzgerald <rf(a)opensource.cirrus.com> firmware: cs_dsp: Don't allow writes to read-only controls Viresh Kumar <viresh.kumar(a)linaro.org> xen: privcmd: Fix possible access to a freed kirqfd instance Arkadiusz Kubalewski <arkadiusz.kubalewski(a)intel.com> tools/net/ynl: fix cli.py --subscribe feature Jamie Bainbridge <jamie.bainbridge(a)gmail.com> selftests: net: enable bind tests Pawel Dembicki <paweldembicki(a)gmail.com> net: dsa: vsc73xx: fix possible subblocks range of CAPT block Sean Anderson <sean.anderson(a)linux.dev> net: xilinx: axienet: Fix race in axienet_stop Jonas Gorski <jonas.gorski(a)bisdn.de> net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN Hayes Wang <hayeswang(a)realtek.com> r8152: fix the firmware doesn't work Kuniyuki Iwashima <kuniyu(a)amazon.com> fou: Fix null-ptr-deref in GRO. Guillaume Nault <gnault(a)redhat.com> bareudp: Fix device stats updates. Jeongjun Park <aha310510(a)gmail.com> bpf: add check for invalid name in btf_name_valid_section() Tze-nan Wu <Tze-nan.Wu(a)mediatek.com> bpf, net: Fix a potential race in do_sock_getsockopt() Breno Leitao <leitao(a)debian.org> net: dqs: Do not use extern for unused dql_group Oliver Neukum <oneukum(a)suse.com> usbnet: modern method to get random MAC Larysa Zaremba <larysa.zaremba(a)intel.com> ice: do not bring the VSI up, if it was down before the XDP setup Larysa Zaremba <larysa.zaremba(a)intel.com> ice: remove ICE_CFG_BUSY locking from AF_XDP code Larysa Zaremba <larysa.zaremba(a)intel.com> ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset Larysa Zaremba <larysa.zaremba(a)intel.com> ice: protect XDP configuration with a mutex Larysa Zaremba <larysa.zaremba(a)intel.com> ice: move netif_queue_set_napi to rtnl-protected sections Vadim Fedorenko <vadim.fedorenko(a)linux.dev> ptp: ocp: adjust sysfs entries to expose tty information Vadim Fedorenko <vadim.fedorenko(a)linux.dev> ptp: ocp: convert serial ports to array Jinjie Ruan <ruanjinjie(a)huawei.com> net: phy: Fix missing of_node_put() for leds Roger Quadros <rogerq(a)kernel.org> net: ethernet: ti: am65-cpsw: Fix RX statistics for XDP_TX and XDP_REDIRECT Namhyung Kim <namhyung(a)kernel.org> perf lock contention: Fix spinlock and rwlock accounting Armin Wolf <W_Armin(a)gmx.de> hwmon: (hp-wmi-sensors) Check if WMI event data exists Dan Carpenter <dan.carpenter(a)linaro.org> igc: Unlock on error in igc_io_resume() Marc Zyngier <maz(a)kernel.org> scripts: fix gfp-translate after ___GFP_*_BITS conversion to an enum Pawel Dembicki <paweldembicki(a)gmail.com> hwmon: ltc2991: fix register bits defines Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Fix not generating command complete for MGMT_OP_DISCONNECT Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Introduce hci_cmd_sync_run/hci_cmd_sync_run_once Douglas Anderson <dianders(a)chromium.org> Bluetooth: qca: If memdump doesn't work, re-enable IBS Martin Jocic <martin.jocic(a)kvaser.com> can: kvaser_pciefd: Use a single write when releasing RX buffers Martin Jocic <martin.jocic(a)kvaser.com> can: kvaser_pciefd: Move reset of DMA RX buffers to the end of the ISR Martin Jocic <martin.jocic(a)kvaser.com> can: kvaser_pciefd: Rename board_irq to pci_irq Martin Jocic <martin.jocic(a)kvaser.com> can: kvaser_pciefd: Remove unnecessary comment Martin Jocic <martin.jocic(a)kvaser.com> can: kvaser_pciefd: Skip redundant NULL pointer check in ISR Douglas Anderson <dianders(a)chromium.org> regulator: core: Stub devm_regulator_bulk_get_const() if !CONFIG_REGULATOR Charles Han <hanchunchao(a)inspur.com> spi: intel: Add check devm_kasprintf() returned value Aleksandr Mishin <amishin(a)t-argos.ru> platform/x86: dell-smbios: Fix error path in dell_smbios_init() Dawid Osuchowski <dawid.osuchowski(a)linux.intel.com> ice: Add netif_device_attach/detach into PF reset flow Daiwei Li <daiweili(a)google.com> igb: Fix not clearing TimeSync interrupts for 82580 David Howells <dhowells(a)redhat.com> cifs: Fix FALLOC_FL_ZERO_RANGE to preflush buffered part of target region David Howells <dhowells(a)redhat.com> cifs: Fix copy offload to flush destination region David Howells <dhowells(a)redhat.com> netfs, cifs: Fix handling of short DIO read David Howells <dhowells(a)redhat.com> cifs: Fix lack of credit renegotiation on read retry Andreas Hindborg <a.hindborg(a)samsung.com> rust: kbuild: fix export of bss symbols Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: fix ring configuration when switching from CAN-CC to CAN-FD mode Markus Schneider-Pargmann <msp(a)baylibre.com> can: m_can: Reset cached active_interrupts on start Markus Schneider-Pargmann <msp(a)baylibre.com> can: m_can: disable_all_interrupts, not clear active_interrupts Markus Schneider-Pargmann <msp(a)baylibre.com> can: m_can: Do not cancel timer from within timer Markus Schneider-Pargmann <msp(a)baylibre.com> can: m_can: Remove m_can_rx_peripheral indirection Markus Schneider-Pargmann <msp(a)baylibre.com> can: m_can: Remove coalesing disable in isr during suspend Markus Schneider-Pargmann <msp(a)baylibre.com> can: m_can: Reset coalescing during suspend/resume Simon Horman <horms(a)kernel.org> can: m_can: Release irq on error in m_can_open Kuniyuki Iwashima <kuniyu(a)amazon.com> can: bcm: Remove proc entry when dev is unregistered. Marek Olšák <marek.olsak(a)amd.com> drm/amdgpu/display: handle gfx12 in amdgpu_dm_plane_format_mod_supported Hawking Zhang <Hawking.Zhang(a)amd.com> drm/amdgpu: Correct register used to clear fault status Marek Olšák <marek.olsak(a)amd.com> drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6 Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check denominator crb_pipes before used Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check denominator pbn_div before used Jules Irenge <jbi.octave(a)gmail.com> pcmcia: Use resource_size function on resource object Chen Ni <nichen(a)iscas.ac.cn> media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: ili210x - use kvmalloc() to allocate buffer for firmware update Kishon Vijay Abraham I <kishon(a)kernel.org> PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) Eric Joyner <eric.joyner(a)intel.com> ice: Check all ice_vsi_rebuild() errors in function Andrei Vagin <avagin(a)google.com> seccomp: release task filters when the task exits Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() Christian Brauner <brauner(a)kernel.org> fs: relax permissions for statmount() Christian Brauner <brauner(a)kernel.org> fs: don't copy to userspace under namespace semaphore Shivaprasad G Bhat <sbhat(a)linux.ibm.com> vfio/spapr: Always clear TCEs before unsetting the window Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: vivid: don't set HDMI TX controls if there are no HDMI outputs Jiwei Sun <sunjw10(a)lenovo.com> crypto: qat - initialize user_input.lock for rate_limiting Danijel Slivka <danijel.slivka(a)amd.com> drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts Hawking Zhang <Hawking.Zhang(a)amd.com> drm/amdgpu: Fix smatch static checker warning Bob Zhou <bob.zhou(a)amd.com> drm/amdgpu: add missing error handling in function amdgpu_gmc_flush_gpu_tlb_pasid Alex Hung <alex.hung(a)amd.com> drm/amd/display: Validate function returns Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check HDCP returned status Alex Hung <alex.hung(a)amd.com> drm/amd/display: Run DC_LOG_DC after checking link->link_enc Hawking Zhang <Hawking.Zhang(a)amd.com> drm/amdgpu: Fix register access violation Ma Ke <make24(a)iscas.ac.cn> usb: gadget: aspeed_udc: validate endpoint index for ast udc Shantanu Goel <sgoel01(a)yahoo.com> usb: uas: set host status byte on data completion error Chih-Kang Chang <gary.chang(a)realtek.com> wifi: rtw89: wow: prevent to send unexpected H2C during download Firmware Arend van Spriel <arend.vanspriel(a)broadcom.com> wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> leds: spi-byte: Call of_node_put() on error path Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: vivid: fix wrong sizeimage value for mplane Samuel Holland <samuel.holland(a)sifive.com> riscv: kprobes: Use patch_text_nosync() for insn slots Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: One more reason to mark inode bad Jan Kara <jack(a)suse.cz> udf: Avoid excessive partition lengths Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check Ziwei Xiao <ziweixiao(a)google.com> gve: Add adminq mutex lock Yunjian Wang <wangyunjian(a)huawei.com> netfilter: nf_conncount: fix wrong variable type Jernej Skrabec <jernej.skrabec(a)gmail.com> iommu: sun50i: clear bypass register Brian Johannesmeyer <bjohannesmeyer(a)gmail.com> x86/kmsan: Fix hook for unaligned accesses Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Remove put_pid()/put_cred() in copy_peercred(). Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: b2c2: flexcop-usb: fix flexcop_usb_memory_req Pali Rohár <pali(a)kernel.org> irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1 Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> irqchip/renesas-rzg2l: Reorder function calls in rzg2l_irqc_irq_disable() Rakesh Ughreja <rughreja(a)habana.ai> accel/habanalabs/gaudi2: unsecure edma max outstanding register Alexey Dobriyan <adobriyan(a)gmail.com> ELF: fix kernel.randomize_va_space double read Leon Hwang <hffilwlqm(a)gmail.com> bpf, verifier: Correct tail_call_reachable for bpf prog Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> virt: sev-guest: Mark driver struct with __refdata to prevent section mismatch Waiman Long <longman(a)redhat.com> cgroup/cpuset: Delay setting of CS_CPU_EXCLUSIVE until valid partition Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check UnboundedRequestEnabled's value Konstantin Andreev <andreev(a)swemel.ru> smack: unix sockets: fix accept()ed socket label Ajith C <quic_ajithc(a)quicinc.com> wifi: ath12k: fix firmware crash due to invalid peer nss Aaradhana Sahu <quic_aarasahu(a)quicinc.com> wifi: ath12k: fix uninitialize symbol error on ath12k_peer_assoc_h_he() Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Add input value sanity checks to HDMI channel map controls Takashi Iwai <tiwai(a)suse.de> ALSA: control: Apply sanity check of input values for user elements Marek Marczykowski-Górecki <marmarek(a)invisiblethingslab.com> ALSA: hda/realtek: extend quirks for Clevo V5[46]0 Leo Li <sunpeng.li(a)amd.com> drm/amd/display: Lock DC and exit IPS when changing backlight Daniele Ceraolo Spurio <daniele.ceraolospurio(a)intel.com> drm/i915: Do not attempt to load the GSC multiple times Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: always allocate cleared VRAM for GEM allocations Matt Coster <matt.coster(a)imgtec.com> drm/imagination: Free pvr_vm_gpuva after unlink Mary Guillemard <mary.guillemard(a)collabora.com> drm/panthor: Restrict high priorities on group_create Adrián Larumbe <adrian.larumbe(a)collabora.com> drm/panthor: flush FW AS caches in slow reset path Daniele Ceraolo Spurio <daniele.ceraolospurio(a)intel.com> drm/xe/gsc: Do not attempt to load the GSC multiple times Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: handle broken write pointer on zones Fedor Pchelkin <pchelkin(a)ispras.ru> btrfs: qgroup: don't use extent changeset when not needed Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix state management in error path of log writing function Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: protect references to superblock parameters exposed in sysfs Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix missing cleanup on rollforward recovery error Toke Høiland-Jørgensen <toke(a)redhat.com> sched: sch_cake: fix bulk flow accounting logic for host fairness Eric Dumazet <edumazet(a)google.com> ila: call nf_unregister_net_hooks() sooner Cong Wang <cong.wang(a)bytedance.com> tcp_bpf: fix return value of tcp_bpf_sendmsg() Baochen Qiang <quic_bqiang(a)quicinc.com> Revert "wifi: ath11k: support hibernation" Baochen Qiang <quic_bqiang(a)quicinc.com> Revert "wifi: ath11k: restore country code during resume" Alex Deucher <alexander.deucher(a)amd.com> Revert "drm/amdgpu: align pp_power_profile_mode with kernel docs" Yuntao Wang <yuntao.wang(a)linux.dev> x86/apic: Make x2apic_disable() work correctly Mitchell Levy <levymitchell0(a)gmail.com> x86/fpu: Avoid writing LBR bit to IA32_XSS unless supported Matt Johnston <matt(a)codeconstruct.com.au> net: mctp-serial: Fix missing escapes on transmit Souradeep Chakrabarti <schakrabarti(a)linux.microsoft.com> net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup Steven Rostedt <rostedt(a)goodmis.org> eventfs: Use list_del_rcu() for SRCU protected list variable Baokun Li <libaokun1(a)huawei.com> fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF Jann Horn <jannh(a)google.com> userfaultfd: fix checks for huge PMDs Jann Horn <jannh(a)google.com> userfaultfd: don't BUG_ON() if khugepaged yanks our page table Steven Rostedt <rostedt(a)goodmis.org> tracing/timerlat: Add interface_lock around clearing of kthread in stop_kthread() Zheng Yejian <zhengyejian(a)huaweicloud.com> tracing: Avoid possible softlockup in tracing_iter_reset() Steven Rostedt <rostedt(a)goodmis.org> tracing/timerlat: Only clear timer if a kthread exists Steven Rostedt <rostedt(a)goodmis.org> tracing/osnoise: Use a cpumask to know what threads are kthreads Brian Norris <briannorris(a)chromium.org> spi: rockchip: Resolve unbalanced runtime PM / system PM handling Usama Arif <usamaarif642(a)gmail.com> Revert "mm: skip CMA pages when they are not available" Hao Ge <gehao(a)kylinos.cn> mm/slub: add check for s->flags in the alloc_tagging_slab_free_hook Will Deacon <will(a)kernel.org> mm: vmalloc: ensure vmap_block is initialised before adding to queue Petr Tesarik <ptesarik(a)suse.com> kexec_file: fix elfcorehdr digest exclusion when CONFIG_CRASH_HOTPLUG=y Liam R. Howlett <Liam.Howlett(a)Oracle.com> maple_tree: remove rcu_read_lock() from mt_validate() Hao Ge <gehao(a)kylinos.cn> codetag: debug: mark codetags for poisoned page as empty Suren Baghdasaryan <surenb(a)google.com> alloc_tag: fix allocation tag reporting when CONFIG_MODULES=n Adrian Huang <ahuang12(a)lenovo.com> mm: vmalloc: optimize vmap_lazy_nr arithmetic when purging each vmap_area Simon Arlott <simon(a)octiron.net> can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open Stephan Gerhold <stephan.gerhold(a)linaro.org> pinctrl: qcom: x1e80100: Bypass PDC wakeup parent for now Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: clk-alpha-pll: Update set_rate for Zonda PLL Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: clk-alpha-pll: Fix zonda set_rate failure when PLL is disabled Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: clk-alpha-pll: Fix the pll post div mask Xingyu Wu <xingyu.wu(a)starfivetech.com> clk: starfive: jh7110-sys: Add notifier for PLL0 clock Helge Deller <deller(a)gmx.de> parisc: Delay write-protection until mark_rodata_ro() call Samuel Holland <samuel.holland(a)sifive.com> riscv: misaligned: Restrict user access to kernel memory Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: Boards: Fix NULL pointer deref in BYT/CHT boards harder Miklos Szeredi <mszeredi(a)redhat.com> fuse: clear PG_uptodate when using a stolen page yangyun <yangyun50(a)huawei.com> fuse: fix memory leak in fuse_create_open Jann Horn <jannh(a)google.com> fuse: use unsigned type for getxattr/listxattr size truncation Joanne Koong <joannelkoong(a)gmail.com> fuse: check aborted connection before adding requests to pending list for resending Bernd Schubert <bschubert(a)ddn.com> fuse: disable the combination of passthrough and writeback cache Joanne Koong <joannelkoong(a)gmail.com> fuse: update stats for pages in dropped aux writeback list Seunghwan Baek <sh8267.baek(a)samsung.com> mmc: cqhci: Fix checking of CQHCI_HALT state Liao Chen <liaochen4(a)huawei.com> mmc: sdhci-of-aspeed: fix module autoloading Sam Protsenko <semen.protsenko(a)linaro.org> mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K Jonathan Bell <jonathan(a)raspberrypi.com> mmc: core: apply SD quirks earlier during probe Muhammad Usama Anjum <usama.anjum(a)collabora.com> selftests: mm: fix build errors on armhf Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Ignore keys being loaded with invalid type Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE" Boqun Feng <boqun.feng(a)gmail.com> rust: macros: provide correct provenance when constructing THIS_MODULE Georg Gottleuber <ggo(a)tuxedocomputers.com> nvme-pci: Add sleep quirk for Samsung 990 Evo Dan Carpenter <dan.carpenter(a)linaro.org> irqchip/riscv-aplic: Fix an IS_ERR() vs NULL bug in probe() Roland Xu <mu001999(a)outlook.com> rtmutex: Drop rt_mutex::wait_lock before scheduling Thomas Gleixner <tglx(a)linutronix.de> x86/kaslr: Expose and use the end of the physical memory address space Anup Patel <apatel(a)ventanamicro.com> irqchip/sifive-plic: Probe plic driver early for Allwinner D1 platform Ma Ke <make24(a)iscas.ac.cn> irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init() Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Limit the period on Haswell Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/tdx: Fix data leak in mmio_read() Zheng Qixing <zhengqixing(a)huawei.com> ata: libata: Fix memory leak for error path in ata_host_alloc() Dan Carpenter <dan.carpenter(a)linaro.org> ksmbd: Unlock on in ksmbd_tcp_set_interfaces() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: unset the binding mark of a reused connection Paulo Alcantara <pc(a)manguebit.com> smb: client: fix double put of @cfile in smb2_set_path_size() Nysal Jan K.A. <nysal(a)linux.ibm.com> powerpc/qspinlock: Fix deadlock in MCS queue Maximilien Perreault <maximilienperreault(a)gmail.com> ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx Vasiliy Kovalev <kovalev(a)altlinux.org> ALSA: hda/realtek - Fix inactive headset mic jack for ASUS Vivobook 15 X1504VAP Adam Queler <queler+k(a)gmail.com> ALSA: hda/realtek: Enable Mute Led for HP Victus 15-fb1xxx Terry Cheong <htcheong(a)chromium.org> ALSA: hda/realtek: add patch for internal mic in Lenovo V145 Christoffer Sandberg <cs(a)tuxedo.de> ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices Ravi Bangoria <ravi.bangoria(a)amd.com> KVM: SVM: Don't advertise Bus Lock Detect to guest if SVM support is missing Maxim Levitsky <mlevitsk(a)redhat.com> KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE Sean Christopherson <seanjc(a)google.com> KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS robelin <robelin(a)nvidia.com> ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object Roger Quadros <rogerq(a)kernel.org> net: ethernet: ti: am65-cpsw: fix XDP_DROP, XDP_TX and XDP_REDIRECT Jens Emil Schulz Østergaard <jensemil.schulzostergaard(a)microchip.com> net: microchip: vcap: Fix use-after-free error in kunit test Roger Quadros <rogerq(a)kernel.org> net: ethernet: ti: am65-cpsw: Fix NULL dereference on XDP_TX Dave Chinner <dchinner(a)redhat.com> xfs: xfs_finobt_count_blocks() walks the wrong btree Stephen Hemminger <stephen(a)networkplumber.org> sch/netem: fix use after free in netem_dequeue Christian Brauner <brauner(a)kernel.org> libfs: fix get_stashed_dentry() ------------- Diffstat: Documentation/admin-guide/cgroup-v2.rst | 15 +- .../bindings/nvmem/xlnx,zynqmp-nvmem.yaml | 2 +- Makefile | 4 +- arch/arm64/include/asm/acpi.h | 12 + arch/arm64/kernel/acpi_numa.c | 11 - arch/loongarch/include/asm/hugetlb.h | 4 +- arch/loongarch/include/asm/kfence.h | 6 +- arch/loongarch/include/asm/pgtable.h | 50 +-- arch/loongarch/kernel/relocate.c | 4 +- arch/loongarch/kvm/mmu.c | 8 +- arch/loongarch/mm/hugetlbpage.c | 6 +- arch/loongarch/mm/init.c | 10 +- arch/loongarch/mm/kasan_init.c | 10 +- arch/loongarch/mm/pgtable.c | 2 +- arch/mips/kernel/cevt-r4k.c | 15 +- arch/parisc/mm/init.c | 16 +- arch/powerpc/include/asm/nohash/mmu-e500.h | 3 +- arch/powerpc/kernel/rtas.c | 4 + arch/powerpc/kernel/vdso/vdso32.lds.S | 4 +- arch/powerpc/kernel/vdso/vdso64.lds.S | 4 +- arch/powerpc/lib/qspinlock.c | 10 +- arch/powerpc/mm/nohash/Makefile | 2 +- arch/powerpc/mm/nohash/tlb.c | 398 +-------------------- arch/powerpc/mm/nohash/tlb_64e.c | 361 +++++++++++++++++++ arch/powerpc/mm/nohash/tlb_low_64e.S | 195 ---------- arch/riscv/Kconfig | 4 +- arch/riscv/include/asm/processor.h | 26 +- arch/riscv/include/asm/sbi.h | 30 +- arch/riscv/include/asm/trace.h | 54 +++ arch/riscv/kernel/Makefile | 6 +- arch/riscv/kernel/head.S | 3 + arch/riscv/kernel/probes/kprobes.c | 5 +- arch/riscv/kernel/sbi.c | 56 --- arch/riscv/kernel/sbi_ecall.c | 48 +++ arch/riscv/kernel/traps_misaligned.c | 4 +- arch/riscv/mm/init.c | 2 +- arch/s390/boot/startup.c | 8 +- arch/s390/kernel/vmlinux.lds.S | 17 +- arch/um/drivers/line.c | 2 + arch/x86/coco/tdx/tdx.c | 1 - arch/x86/events/intel/core.c | 57 ++- arch/x86/include/asm/fpu/types.h | 7 + arch/x86/include/asm/page_64.h | 1 + arch/x86/include/asm/pgtable_64_types.h | 4 + arch/x86/kernel/apic/apic.c | 11 +- arch/x86/kernel/fpu/xstate.c | 3 + arch/x86/kernel/fpu/xstate.h | 4 +- arch/x86/kvm/svm/svm.c | 15 + arch/x86/kvm/x86.c | 2 + arch/x86/lib/iomem.c | 5 +- arch/x86/mm/init_64.c | 4 + arch/x86/mm/kaslr.c | 34 +- arch/x86/mm/pti.c | 45 ++- block/bio.c | 14 +- drivers/accel/habanalabs/gaudi2/gaudi2_security.c | 1 + drivers/acpi/acpi_processor.c | 15 +- drivers/android/binder.c | 1 + drivers/ata/libata-core.c | 4 +- drivers/ata/libata-scsi.c | 24 +- drivers/ata/pata_macio.c | 7 +- drivers/base/devres.c | 1 + drivers/base/regmap/regcache-maple.c | 3 +- drivers/block/ublk_drv.c | 2 + drivers/bluetooth/btnxpuart.c | 12 +- drivers/bluetooth/hci_qca.c | 1 + drivers/clk/qcom/clk-alpha-pll.c | 25 +- drivers/clk/qcom/clk-rcg.h | 1 + drivers/clk/qcom/clk-rcg2.c | 30 ++ drivers/clk/qcom/gcc-ipq9574.c | 12 +- drivers/clk/qcom/gcc-sm8550.c | 54 +-- drivers/clk/qcom/gcc-x1e80100.c | 52 +-- drivers/clk/starfive/clk-starfive-jh7110-sys.c | 31 +- drivers/clk/starfive/clk-starfive-jh71x0.h | 2 + drivers/clocksource/timer-imx-tpm.c | 16 +- drivers/clocksource/timer-of.c | 17 +- drivers/clocksource/timer-of.h | 1 - .../crypto/intel/qat/qat_common/adf_gen2_pfvf.c | 4 +- drivers/crypto/intel/qat/qat_common/adf_rl.c | 1 + .../intel/qat/qat_dh895xcc/adf_dh895xcc_hw_data.c | 8 +- drivers/crypto/starfive/jh7110-cryp.h | 4 +- drivers/crypto/starfive/jh7110-rsa.c | 15 +- drivers/cxl/core/region.c | 24 +- drivers/firmware/cirrus/cs_dsp.c | 3 + drivers/gpio/gpio-rockchip.c | 1 + drivers/gpio/gpio-zynqmp-modepin.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 15 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 79 ++-- drivers/gpu/drm/amd/amdgpu/amdgpu_display.c | 30 +- drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ids.c | 15 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ids.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 123 ++++--- drivers/gpu/drm/amd/amdgpu/amdgpu_psp.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_reset.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 6 +- drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 8 +- drivers/gpu/drm/amd/amdgpu/gfxhub_v1_2.c | 8 +- drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c | 3 +- drivers/gpu/drm/amd/amdgpu/ih_v6_0.c | 28 ++ drivers/gpu/drm/amd/amdgpu/mmhub_v1_8.c | 8 +- drivers/gpu/drm/amd/amdgpu/mxgpu_ai.c | 3 +- drivers/gpu/drm/amd/amdgpu/mxgpu_nv.c | 3 +- drivers/gpu/drm/amd/amdgpu/mxgpu_vi.c | 3 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 15 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c | 47 +-- drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c | 7 +- .../gpu/drm/amd/display/dc/dcn20/dcn20_hubbub.c | 3 +- .../drm/amd/display/dc/dml2/display_mode_core.c | 2 +- drivers/gpu/drm/amd/display/dc/link/link_factory.c | 6 +- .../display/dc/link/protocols/link_dp_training.c | 3 +- .../display/dc/resource/dcn315/dcn315_resource.c | 2 +- .../drm/amd/display/modules/hdcp/hdcp1_execution.c | 15 +- drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 6 +- drivers/gpu/drm/i915/display/intel_display_types.h | 4 + drivers/gpu/drm/i915/display/intel_dp.c | 4 + drivers/gpu/drm/i915/display/intel_dp_aux.c | 16 +- drivers/gpu/drm/i915/display/intel_dp_aux.h | 2 +- drivers/gpu/drm/i915/display/intel_psr.c | 2 +- drivers/gpu/drm/i915/display/intel_quirks.c | 68 ++++ drivers/gpu/drm/i915/display/intel_quirks.h | 6 + drivers/gpu/drm/i915/gt/uc/intel_gsc_uc.c | 2 +- drivers/gpu/drm/i915/gt/uc/intel_uc_fw.h | 5 + drivers/gpu/drm/i915/i915_sw_fence.c | 8 +- drivers/gpu/drm/imagination/pvr_vm.c | 4 + drivers/gpu/drm/nouveau/nvkm/subdev/gsp/fwsec.c | 2 +- drivers/gpu/drm/panthor/panthor_drv.c | 23 ++ drivers/gpu/drm/panthor/panthor_fw.c | 8 +- drivers/gpu/drm/panthor/panthor_mmu.c | 21 +- drivers/gpu/drm/panthor/panthor_mmu.h | 1 + drivers/gpu/drm/panthor/panthor_sched.c | 2 +- drivers/gpu/drm/xe/regs/xe_gt_regs.h | 1 + drivers/gpu/drm/xe/xe_gsc.c | 12 + drivers/gpu/drm/xe/xe_uc_fw.h | 9 +- drivers/gpu/drm/xe/xe_wa.c | 8 + drivers/hid/amd-sfh-hid/amd_sfh_hid.c | 4 +- drivers/hid/bpf/Kconfig | 2 +- drivers/hid/hid-cougar.c | 2 +- drivers/hv/vmbus_drv.c | 1 + drivers/hwmon/adc128d818.c | 4 +- drivers/hwmon/hp-wmi-sensors.c | 2 + drivers/hwmon/lm95234.c | 9 +- drivers/hwmon/ltc2991.c | 6 +- drivers/hwmon/nct6775-core.c | 2 +- drivers/hwmon/w83627ehf.c | 4 +- drivers/i3c/master/mipi-i3c-hci/dma.c | 5 +- drivers/i3c/master/svc-i3c-master.c | 58 ++- drivers/iio/adc/ad7124.c | 30 +- drivers/iio/adc/ad7606.c | 28 +- drivers/iio/adc/ad7606.h | 2 + drivers/iio/adc/ad7606_par.c | 46 ++- drivers/iio/adc/ad_sigma_delta.c | 2 +- drivers/iio/buffer/industrialio-buffer-dmaengine.c | 4 +- drivers/iio/imu/inv_mpu6050/inv_mpu_trigger.c | 13 +- drivers/iio/inkern.c | 8 +- drivers/input/misc/uinput.c | 14 + drivers/input/touchscreen/ili210x.c | 6 +- drivers/iommu/intel/dmar.c | 2 +- drivers/iommu/intel/iommu.c | 4 +- drivers/iommu/intel/iommu.h | 6 +- drivers/iommu/intel/pasid.c | 1 - drivers/iommu/intel/pasid.h | 10 - drivers/iommu/iommufd/hw_pagetable.c | 3 +- drivers/iommu/sun50i-iommu.c | 1 + drivers/irqchip/irq-armada-370-xp.c | 4 + drivers/irqchip/irq-gic-v2m.c | 6 +- drivers/irqchip/irq-renesas-rzg2l.c | 2 +- drivers/irqchip/irq-riscv-aplic-main.c | 4 +- drivers/irqchip/irq-sifive-plic.c | 115 +++--- drivers/leds/leds-spi-byte.c | 6 +- drivers/md/dm-init.c | 4 +- drivers/media/platform/qcom/camss/camss.c | 5 +- drivers/media/test-drivers/vivid/vivid-vid-cap.c | 17 +- drivers/media/test-drivers/vivid/vivid-vid-out.c | 16 +- drivers/media/usb/b2c2/flexcop-usb.c | 7 +- drivers/misc/fastrpc.c | 5 +- drivers/misc/vmw_vmci/vmci_resource.c | 3 +- drivers/mmc/core/quirks.h | 22 +- drivers/mmc/core/sd.c | 4 + drivers/mmc/host/cqhci-core.c | 2 +- drivers/mmc/host/dw_mmc.c | 4 +- drivers/mmc/host/sdhci-of-aspeed.c | 1 + drivers/net/bareudp.c | 22 +- drivers/net/can/kvaser_pciefd.c | 43 ++- drivers/net/can/m_can/m_can.c | 100 ++++-- drivers/net/can/spi/mcp251x.c | 2 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c | 28 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-ram.c | 11 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-ring.c | 23 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-rx.c | 165 ++++++--- drivers/net/can/spi/mcp251xfd/mcp251xfd-tef.c | 2 +- .../net/can/spi/mcp251xfd/mcp251xfd-timestamp.c | 22 +- drivers/net/can/spi/mcp251xfd/mcp251xfd.h | 42 ++- drivers/net/dsa/vitesse-vsc73xx-core.c | 10 +- drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 20 +- drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 10 +- drivers/net/ethernet/google/gve/gve.h | 1 + drivers/net/ethernet/google/gve/gve_adminq.c | 22 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_err.c | 6 +- drivers/net/ethernet/intel/ice/ice.h | 2 + drivers/net/ethernet/intel/ice/ice_base.c | 11 +- drivers/net/ethernet/intel/ice/ice_lib.c | 197 ++++------ drivers/net/ethernet/intel/ice/ice_lib.h | 10 +- drivers/net/ethernet/intel/ice/ice_main.c | 63 +++- drivers/net/ethernet/intel/ice/ice_xsk.c | 12 +- drivers/net/ethernet/intel/igb/igb_main.c | 10 + drivers/net/ethernet/intel/igc/igc_main.c | 1 + drivers/net/ethernet/mellanox/mlx5/core/en.h | 20 +- .../net/ethernet/mellanox/mlx5/core/en/params.c | 12 +- drivers/net/ethernet/mellanox/mlx5/core/en/txrx.h | 19 + drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 21 +- drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 66 ++-- .../net/ethernet/microchip/vcap/vcap_api_kunit.c | 14 +- drivers/net/ethernet/microsoft/mana/mana_en.c | 22 +- drivers/net/ethernet/ti/am65-cpsw-nuss.c | 82 +++-- drivers/net/ethernet/xilinx/xilinx_axienet.h | 3 + drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 8 + drivers/net/mctp/mctp-serial.c | 4 +- drivers/net/phy/phy_device.c | 2 + drivers/net/usb/ipheth.c | 2 +- drivers/net/usb/r8152.c | 17 +- drivers/net/usb/usbnet.c | 11 +- drivers/net/wireless/ath/ath11k/ahb.c | 4 +- drivers/net/wireless/ath/ath11k/core.c | 119 ++---- drivers/net/wireless/ath/ath11k/core.h | 4 - drivers/net/wireless/ath/ath11k/hif.h | 12 +- drivers/net/wireless/ath/ath11k/mhi.c | 12 +- drivers/net/wireless/ath/ath11k/mhi.h | 3 +- drivers/net/wireless/ath/ath11k/pci.c | 44 +-- drivers/net/wireless/ath/ath11k/qmi.c | 2 +- drivers/net/wireless/ath/ath12k/mac.c | 9 +- .../broadcom/brcm80211/brcmsmac/mac80211_if.c | 1 + drivers/net/wireless/intel/iwlwifi/mvm/mvm.h | 3 +- drivers/net/wireless/marvell/mwifiex/main.h | 3 + drivers/net/wireless/realtek/rtw88/usb.c | 13 +- drivers/net/wireless/realtek/rtw89/core.c | 3 +- drivers/nvme/host/constants.c | 2 +- drivers/nvme/host/core.c | 40 +-- drivers/nvme/host/fabrics.c | 10 +- drivers/nvme/host/fault_inject.c | 2 +- drivers/nvme/host/fc.c | 6 +- drivers/nvme/host/multipath.c | 2 +- drivers/nvme/host/nvme.h | 6 +- drivers/nvme/host/pci.c | 17 + drivers/nvme/host/pr.c | 10 +- drivers/nvme/target/admin-cmd.c | 34 +- drivers/nvme/target/core.c | 46 +-- drivers/nvme/target/discovery.c | 14 +- drivers/nvme/target/fabrics-cmd-auth.c | 16 +- drivers/nvme/target/fabrics-cmd.c | 36 +- drivers/nvme/target/io-cmd-bdev.c | 12 +- drivers/nvme/target/passthru.c | 10 +- drivers/nvme/target/rdma.c | 10 +- drivers/nvme/target/tcp.c | 8 +- drivers/nvme/target/zns.c | 30 +- drivers/nvmem/core.c | 6 +- drivers/nvmem/u-boot-env.c | 7 + drivers/of/irq.c | 15 +- drivers/pci/controller/dwc/pci-keystone.c | 44 ++- drivers/pci/controller/dwc/pcie-qcom.c | 25 +- drivers/pci/hotplug/pnv_php.c | 3 +- drivers/pci/pci.c | 35 +- drivers/pcmcia/yenta_socket.c | 6 +- drivers/phy/xilinx/phy-zynqmp.c | 1 + drivers/pinctrl/qcom/pinctrl-x1e80100.c | 4 +- drivers/platform/x86/dell/dell-smbios-base.c | 5 +- drivers/ptp/ptp_ocp.c | 168 +++++---- drivers/scsi/lpfc/lpfc_els.c | 17 +- drivers/scsi/pm8001/pm8001_sas.c | 4 +- drivers/spi/spi-fsl-lpspi.c | 31 +- drivers/spi/spi-hisi-kunpeng.c | 3 + drivers/spi/spi-intel.c | 3 + drivers/spi/spi-rockchip.c | 23 +- drivers/staging/iio/frequency/ad9834.c | 2 +- .../vc04_services/interface/vchiq_arm/vchiq_core.c | 31 +- drivers/ufs/core/ufshcd.c | 7 +- drivers/uio/uio_hv_generic.c | 11 +- drivers/usb/dwc3/core.c | 15 + drivers/usb/dwc3/core.h | 2 + drivers/usb/dwc3/gadget.c | 41 +-- drivers/usb/gadget/udc/aspeed_udc.c | 2 + drivers/usb/gadget/udc/cdns2/cdns2-gadget.c | 12 +- drivers/usb/gadget/udc/cdns2/cdns2-gadget.h | 9 + drivers/usb/storage/uas.c | 1 + drivers/usb/typec/ucsi/ucsi.c | 50 +-- drivers/vfio/vfio_iommu_spapr_tce.c | 13 +- drivers/virt/coco/sev-guest/sev-guest.c | 7 +- drivers/virtio/virtio_ring.c | 4 +- drivers/watchdog/imx7ulp_wdt.c | 5 + drivers/xen/privcmd.c | 10 +- fs/binfmt_elf.c | 5 +- fs/btrfs/ctree.c | 12 +- fs/btrfs/ctree.h | 1 - fs/btrfs/extent-tree.c | 62 +++- fs/btrfs/file.c | 25 +- fs/btrfs/inode.c | 2 +- fs/btrfs/qgroup.c | 90 ++++- fs/btrfs/transaction.h | 6 + fs/btrfs/zoned.c | 30 +- fs/cachefiles/io.c | 2 +- fs/ext4/fast_commit.c | 8 +- fs/fuse/dev.c | 14 +- fs/fuse/dir.c | 2 +- fs/fuse/file.c | 8 +- fs/fuse/inode.c | 7 +- fs/fuse/xattr.c | 4 +- fs/jbd2/recovery.c | 30 ++ fs/libfs.c | 6 +- fs/namespace.c | 93 ++--- fs/netfs/fscache_main.c | 1 + fs/netfs/io.c | 19 +- fs/nfs/super.c | 2 + fs/nilfs2/recovery.c | 35 +- fs/nilfs2/segment.c | 10 +- fs/nilfs2/sysfs.c | 43 ++- fs/ntfs3/dir.c | 52 +-- fs/ntfs3/frecord.c | 4 +- fs/smb/client/cifsfs.c | 21 +- fs/smb/client/cifsglob.h | 1 + fs/smb/client/cifssmb.c | 54 ++- fs/smb/client/file.c | 37 +- fs/smb/client/inode.c | 2 + fs/smb/client/smb2inode.c | 3 + fs/smb/client/smb2ops.c | 18 +- fs/smb/client/smb2pdu.c | 41 ++- fs/smb/client/trace.h | 1 + fs/smb/server/oplock.c | 2 +- fs/smb/server/smb2pdu.c | 14 +- fs/smb/server/transport_tcp.c | 4 +- fs/squashfs/inode.c | 7 +- fs/tracefs/event_inode.c | 2 +- fs/udf/super.c | 15 + fs/xattr.c | 91 ++--- fs/xfs/libxfs/xfs_ialloc_btree.c | 2 +- include/linux/bpf-cgroup.h | 9 - include/linux/mlx5/device.h | 1 + include/linux/mm.h | 4 + include/linux/netfs.h | 1 + include/linux/nvme.h | 16 +- include/linux/path.h | 9 + include/linux/regulator/consumer.h | 8 + include/linux/zswap.h | 4 +- include/net/bluetooth/hci_core.h | 5 - include/net/bluetooth/hci_sync.h | 4 + include/net/mana/mana.h | 2 + include/uapi/drm/drm_fourcc.h | 18 + include/uapi/drm/panthor_drm.h | 6 +- kernel/bpf/btf.c | 4 +- kernel/bpf/verifier.c | 4 +- kernel/cgroup/cgroup.c | 2 +- kernel/cgroup/cpuset.c | 36 +- kernel/dma/map_benchmark.c | 16 + kernel/events/core.c | 18 +- kernel/events/internal.h | 1 + kernel/events/ring_buffer.c | 2 + kernel/events/uprobes.c | 3 +- kernel/exit.c | 3 +- kernel/kexec_file.c | 2 +- kernel/locking/rtmutex.c | 9 +- kernel/resource.c | 6 +- kernel/seccomp.c | 23 +- kernel/smp.c | 1 + kernel/trace/trace.c | 2 + kernel/trace/trace_kprobe.c | 125 ++++--- kernel/trace/trace_osnoise.c | 50 ++- kernel/workqueue.c | 14 +- lib/codetag.c | 17 +- lib/generic-radix-tree.c | 2 + lib/maple_tree.c | 7 +- lib/overflow_kunit.c | 3 +- mm/memcontrol.c | 12 +- mm/memory_hotplug.c | 2 +- mm/page_alloc.c | 7 + mm/slub.c | 4 + mm/sparse.c | 2 +- mm/userfaultfd.c | 29 +- mm/vmalloc.c | 7 +- mm/vmscan.c | 24 +- mm/zswap.c | 2 +- net/bluetooth/hci_conn.c | 6 +- net/bluetooth/hci_sync.c | 42 ++- net/bluetooth/mgmt.c | 144 ++++---- net/bluetooth/smp.c | 7 - net/bridge/br_fdb.c | 6 +- net/can/bcm.c | 4 + net/core/filter.c | 1 - net/core/net-sysfs.c | 2 +- net/ethtool/channels.c | 6 +- net/ethtool/common.c | 26 +- net/ethtool/common.h | 2 +- net/ethtool/ioctl.c | 4 +- net/ipv4/fou_core.c | 29 +- net/ipv4/tcp_bpf.c | 2 +- net/ipv4/tcp_input.c | 6 + net/ipv6/ila/ila.h | 1 + net/ipv6/ila/ila_main.c | 6 + net/ipv6/ila/ila_xlat.c | 13 +- net/netfilter/nf_conncount.c | 8 +- net/sched/sch_cake.c | 11 +- net/sched/sch_netem.c | 9 +- net/socket.c | 4 +- net/unix/af_unix.c | 9 +- rust/Makefile | 2 +- rust/macros/module.rs | 6 +- scripts/gfp-translate | 66 +++- security/smack/smack_lsm.c | 12 +- sound/core/control.c | 6 +- sound/hda/hdmi_chmap.c | 18 + sound/pci/hda/patch_conexant.c | 11 + sound/pci/hda/patch_realtek.c | 22 +- sound/soc/codecs/tas2781-fmwlib.c | 71 ++-- sound/soc/intel/boards/bxt_rt298.c | 2 +- sound/soc/intel/boards/bytcht_cx2072x.c | 2 +- sound/soc/intel/boards/bytcht_da7213.c | 2 +- sound/soc/intel/boards/bytcht_es8316.c | 2 +- sound/soc/intel/boards/bytcr_rt5640.c | 2 +- sound/soc/intel/boards/bytcr_rt5651.c | 2 +- sound/soc/intel/boards/bytcr_wm5102.c | 2 +- sound/soc/intel/boards/cht_bsw_rt5645.c | 2 +- sound/soc/intel/boards/cht_bsw_rt5672.c | 2 +- sound/soc/soc-dapm.c | 1 + sound/soc/soc-topology.c | 2 + sound/soc/sof/topology.c | 2 + sound/soc/sunxi/sun4i-i2s.c | 143 ++++---- sound/soc/tegra/tegra210_ahub.c | 12 +- tools/lib/bpf/libbpf.c | 4 +- tools/net/ynl/lib/ynl.py | 7 +- tools/perf/util/bpf_lock_contention.c | 3 + tools/testing/selftests/dmabuf-heaps/dmabuf-heap.c | 4 +- tools/testing/selftests/mm/mseal_test.c | 37 +- tools/testing/selftests/mm/seal_elf.c | 13 +- tools/testing/selftests/net/Makefile | 3 +- tools/testing/selftests/riscv/mm/mmap_bottomup.c | 2 - tools/testing/selftests/riscv/mm/mmap_default.c | 2 - tools/testing/selftests/riscv/mm/mmap_test.h | 67 ---- 436 files changed, 4664 insertions(+), 3102 deletions(-)

1 year, 3 months

15
391
0 0

[PATCH RFC V3 1/1] ocfs2: reserve space for inline xattr before attaching reflink tree

by Gautham Ananthakrishna

One of our customers reported a crash and a corrupted ocfs2 filesystem. The crash was due to the detection of corruption. Upon troubleshooting, the fsck -fn output showed the below corruption [EXTENT_LIST_FREE] Extent list in owner 33080590 claims 230 as the next free chain record, but fsck believes the largest valid value is 227. Clamp the next record value? n The stat output from the debugfs.ocfs2 showed the following corruption where the "Next Free Rec:" had overshot the "Count:" in the root metadata block. Inode: 33080590 Mode: 0640 Generation: 2619713622 (0x9c25a856) FS Generation: 904309833 (0x35e6ac49) CRC32: 00000000 ECC: 0000 Type: Regular Attr: 0x0 Flags: Valid Dynamic Features: (0x16) HasXattr InlineXattr Refcounted Extended Attributes Block: 0 Extended Attributes Inline Size: 256 User: 0 (root) Group: 0 (root) Size: 281320357888 Links: 1 Clusters: 141738 ctime: 0x66911b56 0x316edcb8 -- Fri Jul 12 06:02:30.829349048 2024 atime: 0x66911d6b 0x7f7a28d -- Fri Jul 12 06:11:23.133669517 2024 mtime: 0x66911b56 0x12ed75d7 -- Fri Jul 12 06:02:30.317552087 2024 dtime: 0x0 -- Wed Dec 31 17:00:00 1969 Refcount Block: 2777346 Last Extblk: 2886943 Orphan Slot: 0 Sub Alloc Slot: 0 Sub Alloc Bit: 14 Tree Depth: 1 Count: 227 Next Free Rec: 230 ## Offset Clusters Block# 0 0 2310 2776351 1 2310 2139 2777375 2 4449 1221 2778399 3 5670 731 2779423 4 6401 566 2780447 ....... .... ....... ....... .... ....... The issue was in the reflink workfow while reserving space for inline xattr. The problematic function is ocfs2_reflink_xattr_inline(). By the time this function is called the reflink tree is already recreated at the destination inode from the source inode. At this point, this function reserves space space inline xattrs at the destination inode without even checking if there is space at the root metadata block. It simply reduces the l_count from 243 to 227 thereby making space of 256 bytes for inline xattr whereas the inode already has extents beyond this index (in this case upto 230), thereby causing corruption. The fix for this is to reserve space for inline metadata before the at the destination inode before the reflink tree gets recreated. The customer has verified the fix. Fixes: ef962df057aa ("ocfs2: xattr: fix inlined xattr reflink") Cc: stable(a)vger.kernel.org Signed-off-by: Gautham Ananthakrishna <gautham.ananthakrishna(a)oracle.com> --- fs/ocfs2/refcounttree.c | 26 ++++++++++++++++++++++++-- fs/ocfs2/xattr.c | 11 +---------- 2 files changed, 25 insertions(+), 12 deletions(-) diff --git a/fs/ocfs2/refcounttree.c b/fs/ocfs2/refcounttree.c index 3f80a56d0d60..05105d271fc8 100644 --- a/fs/ocfs2/refcounttree.c +++ b/fs/ocfs2/refcounttree.c @@ -25,6 +25,7 @@ #include "namei.h" #include "ocfs2_trace.h" #include "file.h" +#include "symlink.h" #include <linux/bio.h> #include <linux/blkdev.h> @@ -4155,8 +4156,9 @@ static int __ocfs2_reflink(struct dentry *old_dentry, int ret; struct inode *inode = d_inode(old_dentry); struct buffer_head *new_bh = NULL; + struct ocfs2_inode_info *oi = OCFS2_I(inode); - if (OCFS2_I(inode)->ip_flags & OCFS2_INODE_SYSTEM_FILE) { + if (oi->ip_flags & OCFS2_INODE_SYSTEM_FILE) { ret = -EINVAL; mlog_errno(ret); goto out; @@ -4182,6 +4184,26 @@ static int __ocfs2_reflink(struct dentry *old_dentry, goto out_unlock; } + if ((oi->ip_dyn_features & OCFS2_HAS_XATTR_FL) && + (oi->ip_dyn_features & OCFS2_INLINE_XATTR_FL)) { + /* + * Adjust extent record count to reserve space for extended attribute. + * Inline data count had been adjusted in ocfs2_duplicate_inline_data(). + */ + struct ocfs2_inode_info *new_oi = OCFS2_I(new_inode); + + if (!(new_oi->ip_dyn_features & OCFS2_INLINE_DATA_FL) && + !(ocfs2_inode_is_fast_symlink(new_inode))) { + struct ocfs2_dinode *new_di = new_bh->b_data; + struct ocfs2_dinode *old_di = old_bh->b_data; + struct ocfs2_extent_list *el = &new_di->id2.i_list; + int inline_size = le16_to_cpu(old_di->i_xattr_inline_size); + + le16_add_cpu(&el->l_count, -(inline_size / + sizeof(struct ocfs2_extent_rec))); + } + } + ret = ocfs2_create_reflink_node(inode, old_bh, new_inode, new_bh, preserve); if (ret) { @@ -4189,7 +4211,7 @@ static int __ocfs2_reflink(struct dentry *old_dentry, goto inode_unlock; } - if (OCFS2_I(inode)->ip_dyn_features & OCFS2_HAS_XATTR_FL) { + if (oi->ip_dyn_features & OCFS2_HAS_XATTR_FL) { ret = ocfs2_reflink_xattrs(inode, old_bh, new_inode, new_bh, preserve); diff --git a/fs/ocfs2/xattr.c b/fs/ocfs2/xattr.c index 3b81213ed7b8..a9f716ec89e2 100644 --- a/fs/ocfs2/xattr.c +++ b/fs/ocfs2/xattr.c @@ -6511,16 +6511,7 @@ static int ocfs2_reflink_xattr_inline(struct ocfs2_xattr_reflink *args) } new_oi = OCFS2_I(args->new_inode); - /* - * Adjust extent record count to reserve space for extended attribute. - * Inline data count had been adjusted in ocfs2_duplicate_inline_data(). - */ - if (!(new_oi->ip_dyn_features & OCFS2_INLINE_DATA_FL) && - !(ocfs2_inode_is_fast_symlink(args->new_inode))) { - struct ocfs2_extent_list *el = &new_di->id2.i_list; - le16_add_cpu(&el->l_count, -(inline_size / - sizeof(struct ocfs2_extent_rec))); - } + spin_lock(&new_oi->ip_lock); new_oi->ip_dyn_features |= OCFS2_HAS_XATTR_FL | OCFS2_INLINE_XATTR_FL; new_di->i_dyn_features = cpu_to_le16(new_oi->ip_dyn_features); -- 2.39.3

1 year, 3 months

2
2
0 0

[PATCH v2 2/3] block: fix ordering between checking QUEUE_FLAG_QUIESCED and adding requests

by Muchun Song

Supposing the following scenario. CPU0 CPU1 blk_mq_insert_request() 1) store blk_mq_unquiesce_queue() blk_mq_run_hw_queue() blk_queue_flag_clear(QUEUE_FLAG_QUIESCED) 3) store if (blk_queue_quiesced()) 2) load blk_mq_run_hw_queues() return blk_mq_run_hw_queue() blk_mq_sched_dispatch_requests() if (!blk_mq_hctx_has_pending()) 4) load return The full memory barrier should be inserted between 1) and 2), as well as between 3) and 4) to make sure that either CPU0 sees QUEUE_FLAG_QUIESCED is cleared or CPU1 sees dispatch list or setting of bitmap of software queue. Otherwise, either CPU will not re-run the hardware queue causing starvation. So the first solution is to 1) add a pair of memory barrier to fix the problem, another solution is to 2) use hctx->queue->queue_lock to synchronize QUEUE_FLAG_QUIESCED. Here, we chose 2) to fix it since memory barrier is not easy to be maintained. Fixes: f4560ffe8cec1 ("blk-mq: use QUEUE_FLAG_QUIESCED to quiesce queue") Cc: stable(a)vger.kernel.org Cc: Muchun Song <muchun.song(a)linux.dev> Signed-off-by: Muchun Song <songmuchun(a)bytedance.com> --- block/blk-mq.c | 47 ++++++++++++++++++++++++++++++++++------------- 1 file changed, 34 insertions(+), 13 deletions(-) diff --git a/block/blk-mq.c b/block/blk-mq.c index b2d0f22de0c7f..ac39f2a346a52 100644 --- a/block/blk-mq.c +++ b/block/blk-mq.c @@ -2202,6 +2202,24 @@ void blk_mq_delay_run_hw_queue(struct blk_mq_hw_ctx *hctx, unsigned long msecs) } EXPORT_SYMBOL(blk_mq_delay_run_hw_queue); +static inline bool blk_mq_hw_queue_need_run(struct blk_mq_hw_ctx *hctx) +{ + bool need_run; + + /* + * When queue is quiesced, we may be switching io scheduler, or + * updating nr_hw_queues, or other things, and we can't run queue + * any more, even blk_mq_hctx_has_pending() can't be called safely. + * + * And queue will be rerun in blk_mq_unquiesce_queue() if it is + * quiesced. + */ + __blk_mq_run_dispatch_ops(hctx->queue, false, + need_run = !blk_queue_quiesced(hctx->queue) && + blk_mq_hctx_has_pending(hctx)); + return need_run; +} + /** * blk_mq_run_hw_queue - Start to run a hardware queue. * @hctx: Pointer to the hardware queue to run. @@ -2222,20 +2240,23 @@ void blk_mq_run_hw_queue(struct blk_mq_hw_ctx *hctx, bool async) might_sleep_if(!async && hctx->flags & BLK_MQ_F_BLOCKING); - /* - * When queue is quiesced, we may be switching io scheduler, or - * updating nr_hw_queues, or other things, and we can't run queue - * any more, even __blk_mq_hctx_has_pending() can't be called safely. - * - * And queue will be rerun in blk_mq_unquiesce_queue() if it is - * quiesced. - */ - __blk_mq_run_dispatch_ops(hctx->queue, false, - need_run = !blk_queue_quiesced(hctx->queue) && - blk_mq_hctx_has_pending(hctx)); + need_run = blk_mq_hw_queue_need_run(hctx); + if (!need_run) { + unsigned long flags; - if (!need_run) - return; + /* + * Synchronize with blk_mq_unquiesce_queue(), becuase we check + * if hw queue is quiesced locklessly above, we need the use + * ->queue_lock to make sure we see the up-to-date status to + * not miss rerunning the hw queue. + */ + spin_lock_irqsave(&hctx->queue->queue_lock, flags); + need_run = blk_mq_hw_queue_need_run(hctx); + spin_unlock_irqrestore(&hctx->queue->queue_lock, flags); + + if (!need_run) + return; + } if (async || !cpumask_test_cpu(raw_smp_processor_id(), hctx->cpumask)) { blk_mq_delay_run_hw_queue(hctx, 0); -- 2.20.1

1 year, 3 months

4
8
0 0

[PATCH 1/1] x86: SMT broken on Xen PV DomU since 6.9

by Niels Dettenbach

virtual machines under Xen Hypervisor (DomU) running in Xen PV mode use a special, nonstandard synthetized CPU topology which "just works" under kernels 6.9.x while newer kernels assuming a "crash kernel" and disable SMT (reducing to one CPU core) because the newer topology implementation produces a wrong error "[Firmware Bug]: APIC enumeration order not specification compliant" after new topology checks which are improper for Xen PV platform. As a result, the kernel disables SMT and activates just one CPU core within the VM (DomU). The patch disables the regarding checks if it is running in Xen PV mode (only) and bring back SMT / all CPUs as in the past to such DomU VMs. Signed-off-by: Niels Dettenbach <nd(a)syndicat.com> --- The current behaviour leads all of our production Xen Host platforms unusable after updating to newer linux kernels (with just one CPU available/activated per VM) while older kernels other OS still work fully (and stable since many years on the platform). Xen PV mode is still provided by current Xen and widely used - even if less wide as the newer Xen PVH mode today. So a solution probably will be required. So we assume that bug affects stable(a)vger.kernel.org as well. dmesg from affected kernel: -- snip -- Sep 10 14:35:50 ffm1 kernel: [ 0.640364] CPU topo: Enumerated BSP APIC 0 is not marked in APICBASE MSR Sep 10 14:35:50 ffm1 kernel: [ 0.640367] CPU topo: Assuming crash kernel. Limiting to one CPU to prevent machine INIT Sep 10 14:35:50 ffm1 kernel: [ 0.640368] CPU topo: [Firmware Bug]: APIC enumeration order not specification compliant Sep 10 14:35:50 ffm1 kernel: [ 0.640376] CPU topo: Max. logical packages: 1 Sep 10 14:35:50 ffm1 kernel: [ 0.640378] CPU topo: Max. logical dies: 1 Sep 10 14:35:50 ffm1 kernel: [ 0.640379] CPU topo: Max. dies per package: 1 Sep 10 14:35:50 ffm1 kernel: [ 0.640386] CPU topo: Max. threads per core: 1 Sep 10 14:35:50 ffm1 kernel: [ 0.640388] CPU topo: Num. cores per package: 1 Sep 10 14:35:50 ffm1 kernel: [ 0.640389] CPU topo: Num. threads per package: 1 Sep 10 14:35:50 ffm1 kernel: [ 0.640390] CPU topo: Allowing 1 present CPUs plus 0 hotplug CPUs Sep 10 14:35:50 ffm1 kernel: [ 0.640402] Cannot find an available gap in the 32-bit address range -- snap -- We tested the patch intensely under productive / high load since 2 days now with no issues. references: arch/x86/kernel/cpu/topology.c [line 448] --- snip --- /* * XEN PV is special as it does not advertise the local APIC * properly, but provides a fake topology for it so that the * infrastructure works. So don't apply the restrictions vs. APIC * here. */ ---snap --- Related errors / tickets: https://forum.qubes-os.org/t/fedora-sees-only-1-cpu-core-after-updating-the… --- linux/arch/x86/kernel/cpu/topology.c.orig 2024-09-11 09:53:16.194095250 +0200 +++ linux/arch/x86/kernel/cpu/topology.c 2024-09-11 09:55:17.338448094 +0200 @@ -158,7 +158,7 @@ static __init bool check_for_real_bsp(u3 is_bsp = !!(msr & MSR_IA32_APICBASE_BSP); } - if (apic_id == topo_info.boot_cpu_apic_id) { + if (!xen_pv_domain() && apic_id == topo_info.boot_cpu_apic_id) { /* * If the boot CPU has the APIC BSP bit set then the * firmware enumeration is agreeing. If the CPU does not @@ -185,7 +185,7 @@ static __init bool check_for_real_bsp(u3 pr_warn("Boot CPU APIC ID not the first enumerated APIC ID: %x != %x\n", topo_info.boot_cpu_apic_id, apic_id); - if (is_bsp) { + if (!xen_pv_domain() && is_bsp) { /* * The boot CPU has the APIC BSP bit set. Use it and complain * about the broken firmware enumeration.

1 year, 3 months

2
2
0 0

[PATCH RFC V2 1/1] ocfs2: reserve space for inline xattr before attaching reflink tree

by Gautham Ananthakrishna

One of our customers reported a crash and a corrupted ocfs2 filesystem. The crash was due to the detection of corruption. Upon troubleshooting, the fsck -fn output showed the below corruption [EXTENT_LIST_FREE] Extent list in owner 33080590 claims 230 as the next free chain record, but fsck believes the largest valid value is 227. Clamp the next record value? n The stat output from the debugfs.ocfs2 showed the following corruption where the "Next Free Rec:" had overshot the "Count:" in the root metadata block. Inode: 33080590 Mode: 0640 Generation: 2619713622 (0x9c25a856) FS Generation: 904309833 (0x35e6ac49) CRC32: 00000000 ECC: 0000 Type: Regular Attr: 0x0 Flags: Valid Dynamic Features: (0x16) HasXattr InlineXattr Refcounted Extended Attributes Block: 0 Extended Attributes Inline Size: 256 User: 0 (root) Group: 0 (root) Size: 281320357888 Links: 1 Clusters: 141738 ctime: 0x66911b56 0x316edcb8 -- Fri Jul 12 06:02:30.829349048 2024 atime: 0x66911d6b 0x7f7a28d -- Fri Jul 12 06:11:23.133669517 2024 mtime: 0x66911b56 0x12ed75d7 -- Fri Jul 12 06:02:30.317552087 2024 dtime: 0x0 -- Wed Dec 31 17:00:00 1969 Refcount Block: 2777346 Last Extblk: 2886943 Orphan Slot: 0 Sub Alloc Slot: 0 Sub Alloc Bit: 14 Tree Depth: 1 Count: 227 Next Free Rec: 230 ## Offset Clusters Block# 0 0 2310 2776351 1 2310 2139 2777375 2 4449 1221 2778399 3 5670 731 2779423 4 6401 566 2780447 ....... .... ....... ....... .... ....... The issue was in the reflink workfow while reserving space for inline xattr. The problematic function is ocfs2_reflink_xattr_inline(). By the time this function is called the reflink tree is already recreated at the destination inode from the source inode. At this point, this function reserves space space inline xattrs at the destination inode without even checking if there is space at the root metadata block. It simply reduces the l_count from 243 to 227 thereby making space of 256 bytes for inline xattr whereas the inode already has extents beyond this index (in this case upto 230), thereby causing corruption. The fix for this is to reserve space for inline metadata before the at the destination inode before the reflink tree gets recreated. The customer has verified the fix. Fixes: ef962df057aa ("ocfs2: xattr: fix inlined xattr reflink") Cc: stable(a)vger.kernel.org Signed-off-by: Gautham Ananthakrishna <gautham.ananthakrishna(a)oracle.com> --- fs/ocfs2/refcounttree.c | 26 ++++++++++++++++++++++++-- fs/ocfs2/xattr.c | 11 +---------- 2 files changed, 25 insertions(+), 12 deletions(-) diff --git a/fs/ocfs2/refcounttree.c b/fs/ocfs2/refcounttree.c index 3f80a56d0d60..1d427da06bee 100644 --- a/fs/ocfs2/refcounttree.c +++ b/fs/ocfs2/refcounttree.c @@ -25,6 +25,7 @@ #include "namei.h" #include "ocfs2_trace.h" #include "file.h" +#include "symlink.h" #include <linux/bio.h> #include <linux/blkdev.h> @@ -4155,8 +4156,9 @@ static int __ocfs2_reflink(struct dentry *old_dentry, int ret; struct inode *inode = d_inode(old_dentry); struct buffer_head *new_bh = NULL; + struct ocfs2_inode_info *oi = OCFS2_I(inode); - if (OCFS2_I(inode)->ip_flags & OCFS2_INODE_SYSTEM_FILE) { + if (oi->ip_flags & OCFS2_INODE_SYSTEM_FILE) { ret = -EINVAL; mlog_errno(ret); goto out; @@ -4182,6 +4184,26 @@ static int __ocfs2_reflink(struct dentry *old_dentry, goto out_unlock; } + if ((oi->ip_dyn_features & OCFS2_HAS_XATTR_FL) && + (oi->ip_dyn_features & OCFS2_INLINE_XATTR_FL)) { + /* + * Adjust extent record count to reserve space for extended attribute. + * Inline data count had been adjusted in ocfs2_duplicate_inline_data(). + */ + struct ocfs2_inode_info *ni = OCFS2_I(new_inode); + + if (!(ni->ip_dyn_features & OCFS2_INLINE_DATA_FL) && + !(ocfs2_inode_is_fast_symlink(new_inode))) { + struct ocfs2_dinode *new_di = new_bh->b_data; + struct ocfs2_dinode *old_di = old_bh->b_data; + struct ocfs2_extent_list *el = &new_di->id2.i_list; + int inline_size = le16_to_cpu(old_di->i_xattr_inline_size); + + le16_add_cpu(&el->l_count, -(inline_size / + sizeof(struct ocfs2_extent_rec))); + } + } + ret = ocfs2_create_reflink_node(inode, old_bh, new_inode, new_bh, preserve); if (ret) { @@ -4189,7 +4211,7 @@ static int __ocfs2_reflink(struct dentry *old_dentry, goto inode_unlock; } - if (OCFS2_I(inode)->ip_dyn_features & OCFS2_HAS_XATTR_FL) { + if (oi->ip_dyn_features & OCFS2_HAS_XATTR_FL) { ret = ocfs2_reflink_xattrs(inode, old_bh, new_inode, new_bh, preserve); diff --git a/fs/ocfs2/xattr.c b/fs/ocfs2/xattr.c index 3b81213ed7b8..a9f716ec89e2 100644 --- a/fs/ocfs2/xattr.c +++ b/fs/ocfs2/xattr.c @@ -6511,16 +6511,7 @@ static int ocfs2_reflink_xattr_inline(struct ocfs2_xattr_reflink *args) } new_oi = OCFS2_I(args->new_inode); - /* - * Adjust extent record count to reserve space for extended attribute. - * Inline data count had been adjusted in ocfs2_duplicate_inline_data(). - */ - if (!(new_oi->ip_dyn_features & OCFS2_INLINE_DATA_FL) && - !(ocfs2_inode_is_fast_symlink(args->new_inode))) { - struct ocfs2_extent_list *el = &new_di->id2.i_list; - le16_add_cpu(&el->l_count, -(inline_size / - sizeof(struct ocfs2_extent_rec))); - } + spin_lock(&new_oi->ip_lock); new_oi->ip_dyn_features |= OCFS2_HAS_XATTR_FL | OCFS2_INLINE_XATTR_FL; new_di->i_dyn_features = cpu_to_le16(new_oi->ip_dyn_features); -- 2.39.3

1 year, 3 months

2
2
0 0

[PATCH RFC V1 1/1] ocfs2: reserve space for inline xattr before attaching reflink tree

by Gautham Ananthakrishna

One of our customers reported a crash and a corrupted ocfs2 filesystem. The crash was due to the detection of corruption. Upon troubleshooting, the fsck -fn output showed the below corruption [EXTENT_LIST_FREE] Extent list in owner 33080590 claims 230 as the next free chain record, but fsck believes the largest valid value is 227. Clamp the next record value? n The stat output from the debugfs.ocfs2 showed the following corruption where the "Next Free Rec:" had overshot the "Count:" in the root metadata block. Inode: 33080590 Mode: 0640 Generation: 2619713622 (0x9c25a856) FS Generation: 904309833 (0x35e6ac49) CRC32: 00000000 ECC: 0000 Type: Regular Attr: 0x0 Flags: Valid Dynamic Features: (0x16) HasXattr InlineXattr Refcounted Extended Attributes Block: 0 Extended Attributes Inline Size: 256 User: 0 (root) Group: 0 (root) Size: 281320357888 Links: 1 Clusters: 141738 ctime: 0x66911b56 0x316edcb8 -- Fri Jul 12 06:02:30.829349048 2024 atime: 0x66911d6b 0x7f7a28d -- Fri Jul 12 06:11:23.133669517 2024 mtime: 0x66911b56 0x12ed75d7 -- Fri Jul 12 06:02:30.317552087 2024 dtime: 0x0 -- Wed Dec 31 17:00:00 1969 Refcount Block: 2777346 Last Extblk: 2886943 Orphan Slot: 0 Sub Alloc Slot: 0 Sub Alloc Bit: 14 Tree Depth: 1 Count: 227 Next Free Rec: 230 ## Offset Clusters Block# 0 0 2310 2776351 1 2310 2139 2777375 2 4449 1221 2778399 3 5670 731 2779423 4 6401 566 2780447 ....... .... ....... ....... .... ....... The issue was in the reflink workfow while reserving space for inline xattr. The problematic function is ocfs2_reflink_xattr_inline(). By the time this function is called the reflink tree is already recreated at the destination inode from the source inode. At this point, this function reserves space space inline xattrs at the destination inode without even checking if there is space at the root metadata block. It simply reduces the l_count from 243 to 227 thereby making space of 256 bytes for inline xattr whereas the inode already has extents beyond this index (in this case upto 230), thereby causing corruption. The fix for this is to reserve space for inline metadata before the at the destination inode before the reflink tree gets recreated. The customer has verified the fix. Fixes: ef962df057aa ("ocfs2: xattr: fix inlined xattr reflink") Signed-off-by: Gautham Ananthakrishna <gautham.ananthakrishna(a)oracle.com> --- fs/ocfs2/refcounttree.c | 26 ++++++++++++++++++++++++-- fs/ocfs2/xattr.c | 11 +---------- 2 files changed, 25 insertions(+), 12 deletions(-) diff --git a/fs/ocfs2/refcounttree.c b/fs/ocfs2/refcounttree.c index 3f80a56d0d60..1d427da06bee 100644 --- a/fs/ocfs2/refcounttree.c +++ b/fs/ocfs2/refcounttree.c @@ -25,6 +25,7 @@ #include "namei.h" #include "ocfs2_trace.h" #include "file.h" +#include "symlink.h" #include <linux/bio.h> #include <linux/blkdev.h> @@ -4155,8 +4156,9 @@ static int __ocfs2_reflink(struct dentry *old_dentry, int ret; struct inode *inode = d_inode(old_dentry); struct buffer_head *new_bh = NULL; + struct ocfs2_inode_info *oi = OCFS2_I(inode); - if (OCFS2_I(inode)->ip_flags & OCFS2_INODE_SYSTEM_FILE) { + if (oi->ip_flags & OCFS2_INODE_SYSTEM_FILE) { ret = -EINVAL; mlog_errno(ret); goto out; @@ -4182,6 +4184,26 @@ static int __ocfs2_reflink(struct dentry *old_dentry, goto out_unlock; } + if ((oi->ip_dyn_features & OCFS2_HAS_XATTR_FL) && + (oi->ip_dyn_features & OCFS2_INLINE_XATTR_FL)) { + /* + * Adjust extent record count to reserve space for extended attribute. + * Inline data count had been adjusted in ocfs2_duplicate_inline_data(). + */ + struct ocfs2_inode_info *ni = OCFS2_I(new_inode); + + if (!(ni->ip_dyn_features & OCFS2_INLINE_DATA_FL) && + !(ocfs2_inode_is_fast_symlink(new_inode))) { + struct ocfs2_dinode *new_di = new_bh->b_data; + struct ocfs2_dinode *old_di = old_bh->b_data; + struct ocfs2_extent_list *el = &new_di->id2.i_list; + int inline_size = le16_to_cpu(old_di->i_xattr_inline_size); + + le16_add_cpu(&el->l_count, -(inline_size / + sizeof(struct ocfs2_extent_rec))); + } + } + ret = ocfs2_create_reflink_node(inode, old_bh, new_inode, new_bh, preserve); if (ret) { @@ -4189,7 +4211,7 @@ static int __ocfs2_reflink(struct dentry *old_dentry, goto inode_unlock; } - if (OCFS2_I(inode)->ip_dyn_features & OCFS2_HAS_XATTR_FL) { + if (oi->ip_dyn_features & OCFS2_HAS_XATTR_FL) { ret = ocfs2_reflink_xattrs(inode, old_bh, new_inode, new_bh, preserve); diff --git a/fs/ocfs2/xattr.c b/fs/ocfs2/xattr.c index 3b81213ed7b8..a9f716ec89e2 100644 --- a/fs/ocfs2/xattr.c +++ b/fs/ocfs2/xattr.c @@ -6511,16 +6511,7 @@ static int ocfs2_reflink_xattr_inline(struct ocfs2_xattr_reflink *args) } new_oi = OCFS2_I(args->new_inode); - /* - * Adjust extent record count to reserve space for extended attribute. - * Inline data count had been adjusted in ocfs2_duplicate_inline_data(). - */ - if (!(new_oi->ip_dyn_features & OCFS2_INLINE_DATA_FL) && - !(ocfs2_inode_is_fast_symlink(args->new_inode))) { - struct ocfs2_extent_list *el = &new_di->id2.i_list; - le16_add_cpu(&el->l_count, -(inline_size / - sizeof(struct ocfs2_extent_rec))); - } + spin_lock(&new_oi->ip_lock); new_oi->ip_dyn_features |= OCFS2_HAS_XATTR_FL | OCFS2_INLINE_XATTR_FL; new_di->i_dyn_features = cpu_to_le16(new_oi->ip_dyn_features); -- 2.39.3

1 year, 3 months

2
1
0 0

[PATCH 6.6 v2 4/4] riscv: dts: starfive: Add JH7110 PWM-DAC support

by WangYuli

From: Hal Feng <hal.feng(a)starfivetech.com> [ Upstream commit be326bee09374a2ebd18cb5af8fcd6f1e7825260 ] Add PWM-DAC support for StarFive JH7110 SoC. Reviewed-by: Walker Chen <walker.chen(a)starfivetech.com> Signed-off-by: Hal Feng <hal.feng(a)starfivetech.com> Signed-off-by: Conor Dooley <conor.dooley(a)microchip.com> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> --- .../jh7110-starfive-visionfive-2.dtsi | 49 +++++++++++++++++++ arch/riscv/boot/dts/starfive/jh7110.dtsi | 13 +++++ 2 files changed, 62 insertions(+) diff --git a/arch/riscv/boot/dts/starfive/jh7110-starfive-visionfive-2.dtsi b/arch/riscv/boot/dts/starfive/jh7110-starfive-visionfive-2.dtsi index caa59b9b2f19..0e077f2f02d1 100644 --- a/arch/riscv/boot/dts/starfive/jh7110-starfive-visionfive-2.dtsi +++ b/arch/riscv/boot/dts/starfive/jh7110-starfive-visionfive-2.dtsi @@ -40,6 +40,33 @@ gpio-restart { gpios = <&sysgpio 35 GPIO_ACTIVE_HIGH>; priority = <224>; }; + + pwmdac_codec: pwmdac-codec { + compatible = "linux,spdif-dit"; + #sound-dai-cells = <0>; + }; + + sound-pwmdac { + compatible = "simple-audio-card"; + simple-audio-card,name = "StarFive-PWMDAC-Sound-Card"; + #address-cells = <1>; + #size-cells = <0>; + + simple-audio-card,dai-link@0 { + reg = <0>; + format = "left_j"; + bitclock-master = <&sndcpu0>; + frame-master = <&sndcpu0>; + + sndcpu0: cpu { + sound-dai = <&pwmdac>; + }; + + codec { + sound-dai = <&pwmdac_codec>; + }; + }; + }; }; &dvp_clk { @@ -253,6 +280,12 @@ &mmc1 { status = "okay"; }; +&pwmdac { + pinctrl-names = "default"; + pinctrl-0 = <&pwmdac_pins>; + status = "okay"; +}; + &qspi { #address-cells = <1>; #size-cells = <0>; @@ -463,6 +496,22 @@ GPOEN_SYS_SDIO1_DATA3, }; }; + pwmdac_pins: pwmdac-0 { + pwmdac-pins { + pinmux = <GPIOMUX(33, GPOUT_SYS_PWMDAC_LEFT, + GPOEN_ENABLE, + GPI_NONE)>, + <GPIOMUX(34, GPOUT_SYS_PWMDAC_RIGHT, + GPOEN_ENABLE, + GPI_NONE)>; + bias-disable; + drive-strength = <2>; + input-disable; + input-schmitt-disable; + slew-rate = <0>; + }; + }; + spi0_pins: spi0-0 { mosi-pins { pinmux = <GPIOMUX(52, GPOUT_SYS_SPI0_TXD, diff --git a/arch/riscv/boot/dts/starfive/jh7110.dtsi b/arch/riscv/boot/dts/starfive/jh7110.dtsi index 621b68c02ea8..9f31dec57c0d 100644 --- a/arch/riscv/boot/dts/starfive/jh7110.dtsi +++ b/arch/riscv/boot/dts/starfive/jh7110.dtsi @@ -536,6 +536,19 @@ i2srx: i2s@100e0000 { status = "disabled"; }; + pwmdac: pwmdac@100b0000 { + compatible = "starfive,jh7110-pwmdac"; + reg = <0x0 0x100b0000 0x0 0x1000>; + clocks = <&syscrg JH7110_SYSCLK_PWMDAC_APB>, + <&syscrg JH7110_SYSCLK_PWMDAC_CORE>; + clock-names = "apb", "core"; + resets = <&syscrg JH7110_SYSRST_PWMDAC_APB>; + dmas = <&dma 22>; + dma-names = "tx"; + #sound-dai-cells = <0>; + status = "disabled"; + }; + usb0: usb@10100000 { compatible = "starfive,jh7110-usb"; ranges = <0x0 0x0 0x10100000 0x100000>; -- 2.43.4

1 year, 3 months

1
0
0 0

[PATCH 6.6 v2 2/4] riscv: dts: starfive: pinfunc: Fix the pins name of I2STX1

by WangYuli

From: Xingyu Wu <xingyu.wu(a)starfivetech.com> [ Upstream commit 4e1abae5688aae9dd8345dbd4ea92a4b9adf340d ] These pins are actually I2STX1 clock input, not I2STX0, so their names should be changed. Signed-off-by: Xingyu Wu <xingyu.wu(a)starfivetech.com> Reviewed-by: Walker Chen <walker.chen(a)starfivetech.com> Acked-by: Rob Herring <robh(a)kernel.org> Signed-off-by: Conor Dooley <conor.dooley(a)microchip.com> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> --- arch/riscv/boot/dts/starfive/jh7110-pinfunc.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/riscv/boot/dts/starfive/jh7110-pinfunc.h b/arch/riscv/boot/dts/starfive/jh7110-pinfunc.h index fb0139b56723..256de17f5261 100644 --- a/arch/riscv/boot/dts/starfive/jh7110-pinfunc.h +++ b/arch/riscv/boot/dts/starfive/jh7110-pinfunc.h @@ -240,8 +240,8 @@ #define GPI_SYS_MCLK_EXT 30 #define GPI_SYS_I2SRX_BCLK 31 #define GPI_SYS_I2SRX_LRCK 32 -#define GPI_SYS_I2STX0_BCLK 33 -#define GPI_SYS_I2STX0_LRCK 34 +#define GPI_SYS_I2STX1_BCLK 33 +#define GPI_SYS_I2STX1_LRCK 34 #define GPI_SYS_TDM_CLK 35 #define GPI_SYS_TDM_RXD 36 #define GPI_SYS_TDM_SYNC 37 -- 2.43.4

1 year, 3 months

1
0
0 0

[PATCH 6.6.y RESEND 2/2] iio: adc: ad7124: fix DT configuration parsing

by He Lugang

From: Dumitru Ceclan <mitrutzceclan(a)gmail.com> commit 61cbfb5368dd50ed0d65ce21d305aa923581db2b upstream The cfg pointer is set before reading the channel number that the configuration should point to. This causes configurations to be shifted by one channel. For example setting bipolar to the first channel defined in the DT will cause bipolar mode to be active on the second defined channel. Fix by moving the cfg pointer setting after reading the channel number. Fixes: 7b8d045e497a ("iio: adc: ad7124: allow more than 8 channels") Signed-off-by: Dumitru Ceclan <dumitru.ceclan(a)analog.com> Reviewed-by: Nuno Sa <nuno.sa(a)analog.com> Link: https://patch.msgid.link/20240806085133.114547-1-dumitru.ceclan@analog.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Signed-off-by: He Lugang <helugang(a)uniontech.com> --- drivers/iio/adc/ad7124.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/iio/adc/ad7124.c b/drivers/iio/adc/ad7124.c index e7b1d517d3de..089398a7664a 100644 --- a/drivers/iio/adc/ad7124.c +++ b/drivers/iio/adc/ad7124.c @@ -837,8 +837,6 @@ static int ad7124_parse_channel_config(struct iio_dev *indio_dev, st->channels = channels; device_for_each_child_node_scoped(dev, child) { - cfg = &st->channels[channel].cfg; - ret = fwnode_property_read_u32(child, "reg", &channel); if (ret) return ret; @@ -856,6 +854,7 @@ static int ad7124_parse_channel_config(struct iio_dev *indio_dev, st->channels[channel].ain = AD7124_CHANNEL_AINP(ain[0]) | AD7124_CHANNEL_AINM(ain[1]); + cfg = &st->channels[channel].cfg; cfg->bipolar = fwnode_property_read_bool(child, "bipolar"); ret = fwnode_property_read_u32(child, "adi,reference-select", &tmp); -- 2.45.2

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] iio: adc: ad7124: fix DT configuration parsing" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 61cbfb5368dd50ed0d65ce21d305aa923581db2b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024090914-province-underdone-1eea@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 61cbfb5368dd ("iio: adc: ad7124: fix DT configuration parsing") a6eaf02b8274 ("iio: adc: ad7124: Switch from of specific to fwnode based property handling") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 61cbfb5368dd50ed0d65ce21d305aa923581db2b Mon Sep 17 00:00:00 2001 From: Dumitru Ceclan <mitrutzceclan(a)gmail.com> Date: Tue, 6 Aug 2024 11:51:33 +0300 Subject: [PATCH] iio: adc: ad7124: fix DT configuration parsing The cfg pointer is set before reading the channel number that the configuration should point to. This causes configurations to be shifted by one channel. For example setting bipolar to the first channel defined in the DT will cause bipolar mode to be active on the second defined channel. Fix by moving the cfg pointer setting after reading the channel number. Fixes: 7b8d045e497a ("iio: adc: ad7124: allow more than 8 channels") Signed-off-by: Dumitru Ceclan <dumitru.ceclan(a)analog.com> Reviewed-by: Nuno Sa <nuno.sa(a)analog.com> Link: https://patch.msgid.link/20240806085133.114547-1-dumitru.ceclan@analog.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/adc/ad7124.c b/drivers/iio/adc/ad7124.c index afb5f4d741e6..108e9ccab1ef 100644 --- a/drivers/iio/adc/ad7124.c +++ b/drivers/iio/adc/ad7124.c @@ -844,8 +844,6 @@ static int ad7124_parse_channel_config(struct iio_dev *indio_dev, st->channels = channels; device_for_each_child_node_scoped(dev, child) { - cfg = &st->channels[channel].cfg; - ret = fwnode_property_read_u32(child, "reg", &channel); if (ret) return ret; @@ -863,6 +861,7 @@ static int ad7124_parse_channel_config(struct iio_dev *indio_dev, st->channels[channel].ain = AD7124_CHANNEL_AINP(ain[0]) | AD7124_CHANNEL_AINM(ain[1]); + cfg = &st->channels[channel].cfg; cfg->bipolar = fwnode_property_read_bool(child, "bipolar"); ret = fwnode_property_read_u32(child, "adi,reference-select", &tmp);

1 year, 3 months

2
3
0 0

[PATCH 6.6.y 2/2] iio: adc: ad7124: fix DT configuration parsing

by He Lugang

From: Dumitru Ceclan <mitrutzceclan(a)gmail.com> From: Dumitru Ceclan <dumitru.ceclan(a)analog.com> [ Upstream commit 61cbfb5368dd50ed0d65ce21d305aa923581db2b ] The cfg pointer is set before reading the channel number that the configuration should point to. This causes configurations to be shifted by one channel. For example setting bipolar to the first channel defined in the DT will cause bipolar mode to be active on the second defined channel. Fix by moving the cfg pointer setting after reading the channel number. Fixes: 7b8d045e497a ("iio: adc: ad7124: allow more than 8 channels") Signed-off-by: Dumitru Ceclan <dumitru.ceclan(a)analog.com> Reviewed-by: Nuno Sa <nuno.sa(a)analog.com> Link: https://patch.msgid.link/20240806085133.114547-1-dumitru.ceclan@analog.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Signed-off-by: He Lugang <helugang(a)uniontech.com> --- drivers/iio/adc/ad7124.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/iio/adc/ad7124.c b/drivers/iio/adc/ad7124.c index e7b1d517d3de..089398a7664a 100644 --- a/drivers/iio/adc/ad7124.c +++ b/drivers/iio/adc/ad7124.c @@ -837,8 +837,6 @@ static int ad7124_parse_channel_config(struct iio_dev *indio_dev, st->channels = channels; device_for_each_child_node_scoped(dev, child) { - cfg = &st->channels[channel].cfg; - ret = fwnode_property_read_u32(child, "reg", &channel); if (ret) return ret; @@ -856,6 +854,7 @@ static int ad7124_parse_channel_config(struct iio_dev *indio_dev, st->channels[channel].ain = AD7124_CHANNEL_AINP(ain[0]) | AD7124_CHANNEL_AINM(ain[1]); + cfg = &st->channels[channel].cfg; cfg->bipolar = fwnode_property_read_bool(child, "bipolar"); ret = fwnode_property_read_u32(child, "adi,reference-select", &tmp); -- 2.45.2

1 year, 3 months

3
4
0 0

[PATCH net] net: libwx: fix number of Rx and Tx descriptors

by Jiawen Wu

The number of transmit and receive descriptors must be a multiple of 128 due to the hardware limitation. If it is set to a multiple of 8 instead of a multiple 128, the queues will easily be hung. Cc: stable(a)vger.kernel.org Fixes: 883b5984a5d2 ("net: wangxun: add ethtool_ops for ring parameters") Signed-off-by: Jiawen Wu <jiawenwu(a)trustnetic.com> --- drivers/net/ethernet/wangxun/libwx/wx_type.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/net/ethernet/wangxun/libwx/wx_type.h b/drivers/net/ethernet/wangxun/libwx/wx_type.h index 1d57b047817b..b54bffda027b 100644 --- a/drivers/net/ethernet/wangxun/libwx/wx_type.h +++ b/drivers/net/ethernet/wangxun/libwx/wx_type.h @@ -426,9 +426,9 @@ enum WX_MSCA_CMD_value { #define WX_MIN_RXD 128 #define WX_MIN_TXD 128 -/* Number of Transmit and Receive Descriptors must be a multiple of 8 */ -#define WX_REQ_RX_DESCRIPTOR_MULTIPLE 8 -#define WX_REQ_TX_DESCRIPTOR_MULTIPLE 8 +/* Number of Transmit and Receive Descriptors must be a multiple of 128 */ +#define WX_REQ_RX_DESCRIPTOR_MULTIPLE 128 +#define WX_REQ_TX_DESCRIPTOR_MULTIPLE 128 #define WX_MAX_JUMBO_FRAME_SIZE 9432 /* max payload 9414 */ #define VMDQ_P(p) p -- 2.27.0

1 year, 3 months

3
2
0 0

[PATCH net 0/3] selftests: mptcp: misc. small fixes

by Matthieu Baerts (NGI0)

Here are some various fixes for the MPTCP selftests. Patch 1 fixes a recently modified test to continue to work as expected on older kernels. This is a fix for a recent fix that can be backported up to v5.15. Patch 2 and 3 include dependences when exporting or installing the tests. Two fixes for v6.11-rc1. Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> --- Matthieu Baerts (NGI0) (3): selftests: mptcp: join: restrict fullmesh endp on 1st sf selftests: mptcp: include lib.sh file selftests: mptcp: include net_helper.sh file tools/testing/selftests/net/mptcp/Makefile | 2 ++ tools/testing/selftests/net/mptcp/mptcp_join.sh | 4 +++- 2 files changed, 5 insertions(+), 1 deletion(-) --- base-commit: 48aa361c5db0b380c2b75c24984c0d3e7c1e8c09 change-id: 20240910-net-selftests-mptcp-fix-install-2b82ae5a99c8 Best regards, -- Matthieu Baerts (NGI0) <matttbe(a)kernel.org>

1 year, 3 months

2
2
0 0

[PATCH] rtc: at91sam9: fix OF node leak in probe() error path

by Krzysztof Kozlowski

Driver is leaking an OF node reference obtained from of_parse_phandle_with_fixed_args(). Fixes: 43e112bb3dea ("rtc: at91sam9: make use of syscon/regmap to access GPBR registers") Cc: <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> --- drivers/rtc/rtc-at91sam9.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/rtc/rtc-at91sam9.c b/drivers/rtc/rtc-at91sam9.c index f93bee96e362..993c0878fb66 100644 --- a/drivers/rtc/rtc-at91sam9.c +++ b/drivers/rtc/rtc-at91sam9.c @@ -368,6 +368,7 @@ static int at91_rtc_probe(struct platform_device *pdev) return ret; rtc->gpbr = syscon_node_to_regmap(args.np); + of_node_put(args.np); rtc->gpbr_offset = args.args[0]; if (IS_ERR(rtc->gpbr)) { dev_err(&pdev->dev, "failed to retrieve gpbr regmap, aborting.\n"); -- 2.43.0

1 year, 3 months

4
5
0 0

[PATCH] usb: dwc3: Runtime get and put usb power_supply handle

by Kyle Tso

It is possible that the usb power_supply is registered after the probe of dwc3. In this case, trying to get the usb power_supply during the probe will fail and there is no chance to try again. Also the usb power_supply might be unregistered at anytime so that the handle of it in dwc3 would become invalid. To fix this, get the handle right before calling to power_supply functions and put it afterward. Fixes: 6f0764b5adea ("usb: dwc3: add a power supply for current control") Cc: stable(a)vger.kernel.org Signed-off-by: Kyle Tso <kyletso(a)google.com> --- drivers/usb/dwc3/core.c | 25 +++++-------------------- drivers/usb/dwc3/core.h | 4 ++-- drivers/usb/dwc3/gadget.c | 19 ++++++++++++++----- 3 files changed, 21 insertions(+), 27 deletions(-) diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c index 734de2a8bd21..ab563edd9b4c 100644 --- a/drivers/usb/dwc3/core.c +++ b/drivers/usb/dwc3/core.c @@ -1631,8 +1631,6 @@ static void dwc3_get_properties(struct dwc3 *dwc) u8 tx_thr_num_pkt_prd = 0; u8 tx_max_burst_prd = 0; u8 tx_fifo_resize_max_num; - const char *usb_psy_name; - int ret; /* default to highest possible threshold */ lpm_nyet_threshold = 0xf; @@ -1667,12 +1665,7 @@ static void dwc3_get_properties(struct dwc3 *dwc) dwc->sys_wakeup = device_may_wakeup(dwc->sysdev); - ret = device_property_read_string(dev, "usb-psy-name", &usb_psy_name); - if (ret >= 0) { - dwc->usb_psy = power_supply_get_by_name(usb_psy_name); - if (!dwc->usb_psy) - dev_err(dev, "couldn't get usb power supply\n"); - } + device_property_read_string(dev, "usb-psy-name", &dwc->usb_psy_name); dwc->has_lpm_erratum = device_property_read_bool(dev, "snps,has-lpm-erratum"); @@ -2133,18 +2126,16 @@ static int dwc3_probe(struct platform_device *pdev) dwc3_get_software_properties(dwc); dwc->reset = devm_reset_control_array_get_optional_shared(dev); - if (IS_ERR(dwc->reset)) { - ret = PTR_ERR(dwc->reset); - goto err_put_psy; - } + if (IS_ERR(dwc->reset)) + return PTR_ERR(dwc->reset); ret = dwc3_get_clocks(dwc); if (ret) - goto err_put_psy; + return ret; ret = reset_control_deassert(dwc->reset); if (ret) - goto err_put_psy; + return ret; ret = dwc3_clk_enable(dwc); if (ret) @@ -2245,9 +2236,6 @@ static int dwc3_probe(struct platform_device *pdev) dwc3_clk_disable(dwc); err_assert_reset: reset_control_assert(dwc->reset); -err_put_psy: - if (dwc->usb_psy) - power_supply_put(dwc->usb_psy); return ret; } @@ -2276,9 +2264,6 @@ static void dwc3_remove(struct platform_device *pdev) pm_runtime_set_suspended(&pdev->dev); dwc3_free_event_buffers(dwc); - - if (dwc->usb_psy) - power_supply_put(dwc->usb_psy); } #ifdef CONFIG_PM diff --git a/drivers/usb/dwc3/core.h b/drivers/usb/dwc3/core.h index 1e561fd8b86e..ecfe2cc224f7 100644 --- a/drivers/usb/dwc3/core.h +++ b/drivers/usb/dwc3/core.h @@ -1045,7 +1045,7 @@ struct dwc3_scratchpad_array { * @role_sw: usb_role_switch handle * @role_switch_default_mode: default operation mode of controller while * usb role is USB_ROLE_NONE. - * @usb_psy: pointer to power supply interface. + * @usb_psy_name: name of the usb power supply interface. * @usb2_phy: pointer to USB2 PHY * @usb3_phy: pointer to USB3 PHY * @usb2_generic_phy: pointer to array of USB2 PHYs @@ -1223,7 +1223,7 @@ struct dwc3 { struct usb_role_switch *role_sw; enum usb_dr_mode role_switch_default_mode; - struct power_supply *usb_psy; + const char *usb_psy_name; u32 fladj; u32 ref_clk_per; diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 89fc690fdf34..c89b5b5a64cf 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -3049,20 +3049,29 @@ static void dwc3_gadget_set_ssp_rate(struct usb_gadget *g, static int dwc3_gadget_vbus_draw(struct usb_gadget *g, unsigned int mA) { - struct dwc3 *dwc = gadget_to_dwc(g); + struct dwc3 *dwc = gadget_to_dwc(g); + struct power_supply *usb_psy; union power_supply_propval val = {0}; int ret; if (dwc->usb2_phy) return usb_phy_set_power(dwc->usb2_phy, mA); - if (!dwc->usb_psy) + if (!dwc->usb_psy_name) return -EOPNOTSUPP; - val.intval = 1000 * mA; - ret = power_supply_set_property(dwc->usb_psy, POWER_SUPPLY_PROP_INPUT_CURRENT_LIMIT, &val); + usb_psy = power_supply_get_by_name(dwc->usb_psy_name); + if (usb_psy) { + val.intval = 1000 * mA; + ret = power_supply_set_property(usb_psy, POWER_SUPPLY_PROP_INPUT_CURRENT_LIMIT, + &val); + power_supply_put(usb_psy); + return ret; + } - return ret; + dev_err(dwc->dev, "couldn't get usb power supply\n"); + + return -EOPNOTSUPP; } /** -- 2.45.2.993.g49e7a77208-goog

1 year, 3 months

3
2
0 0

[PATCH v2 1/8] serial: qcom-geni: fix fifo polling timeout

by Johan Hovold

The qcom_geni_serial_poll_bit() can be used to wait for events like command completion and is supposed to wait for the time it takes to clear a full fifo before timing out. As noted by Doug, the current implementation does not account for start, stop and parity bits when determining the timeout. The helper also does not currently account for the shift register and the two-word intermediate transfer register. A too short timeout can specifically lead to lost characters when waiting for a transfer to complete as the transfer is cancelled on timeout. Instead of determining the poll timeout on every call, store the fifo timeout when updating it in set_termios() and make sure to take the shift and intermediate registers into account. Note that serial core has already added a 20 ms margin to the fifo timeout. Also note that the current uart_fifo_timeout() interface does unnecessary calculations on every call and did not exist in earlier kernels so only store its result once. This facilitates backports too as earlier kernels can derive the timeout from uport->timeout, which has since been removed. Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Cc: stable(a)vger.kernel.org # 4.17 Reported-by: Douglas Anderson <dianders(a)chromium.org> Tested-by: Nícolas F. R. A. Prado <nfraprado(a)collabora.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/tty/serial/qcom_geni_serial.c | 31 +++++++++++++++------------ 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index 69a632fefc41..309c0bddf26a 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -124,7 +124,7 @@ struct qcom_geni_serial_port { dma_addr_t tx_dma_addr; dma_addr_t rx_dma_addr; bool setup; - unsigned int baud; + unsigned long poll_timeout_us; unsigned long clk_rate; void *rx_buf; u32 loopback; @@ -270,22 +270,13 @@ static bool qcom_geni_serial_poll_bit(struct uart_port *uport, { u32 reg; struct qcom_geni_serial_port *port; - unsigned int baud; - unsigned int fifo_bits; unsigned long timeout_us = 20000; struct qcom_geni_private_data *private_data = uport->private_data; if (private_data->drv) { port = to_dev_port(uport); - baud = port->baud; - if (!baud) - baud = 115200; - fifo_bits = port->tx_fifo_depth * port->tx_fifo_width; - /* - * Total polling iterations based on FIFO worth of bytes to be - * sent at current baud. Add a little fluff to the wait. - */ - timeout_us = ((fifo_bits * USEC_PER_SEC) / baud) + 500; + if (port->poll_timeout_us) + timeout_us = port->poll_timeout_us; } /* @@ -1244,11 +1235,11 @@ static void qcom_geni_serial_set_termios(struct uart_port *uport, unsigned long clk_rate; u32 ver, sampling_rate; unsigned int avg_bw_core; + unsigned long timeout; qcom_geni_serial_stop_rx(uport); /* baud rate */ baud = uart_get_baud_rate(uport, termios, old, 300, 4000000); - port->baud = baud; sampling_rate = UART_OVERSAMPLING; /* Sampling rate is halved for IP versions >= 2.5 */ @@ -1326,9 +1317,21 @@ static void qcom_geni_serial_set_termios(struct uart_port *uport, else tx_trans_cfg |= UART_CTS_MASK; - if (baud) + if (baud) { uart_update_timeout(uport, termios->c_cflag, baud); + /* + * Make sure that qcom_geni_serial_poll_bitfield() waits for + * the FIFO, two-word intermediate transfer register and shift + * register to clear. + * + * Note that uart_fifo_timeout() also adds a 20 ms margin. + */ + timeout = jiffies_to_usecs(uart_fifo_timeout(uport)); + timeout += 3 * timeout / port->tx_fifo_depth; + WRITE_ONCE(port->poll_timeout_us, timeout); + } + if (!uart_console(uport)) writel(port->loopback, uport->membase + SE_UART_LOOPBACK_CFG); -- 2.44.2

1 year, 3 months

2
1
0 0

[PATCH hotfix 6.11 v2 3/3] minmax: reduce min/max macro expansion in atomisp driver

by Lorenzo Stoakes

Avoid unnecessary nested min()/max() which results in egregious macro expansion. Use clamp_t() as this introduces the least possible expansion. Not doing so results in an impact on build times. This resolves an issue with slackware 15.0 32-bit compilation as reported by Richard Narron. Presumably the min/max fixups would be difficult to backport, this patch should be easier and fix's Richard's problem in 5.15. Reported-by: Richard Narron <richard(a)aaazen.com> Closes: https://lore.kernel.org/all/4a5321bd-b1f-1832-f0c-cea8694dc5aa@aaazen.com/ Fixes: 867046cc7027 ("minmax: relax check to allow comparison between unsigned arguments and signed constants") Cc: stable(a)vger.kernel.org Signed-off-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> --- .../staging/media/atomisp/pci/sh_css_frac.h | 26 ++++++++++++++----- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/drivers/staging/media/atomisp/pci/sh_css_frac.h b/drivers/staging/media/atomisp/pci/sh_css_frac.h index b90b5b330dfa..8ba65161f7a9 100644 --- a/drivers/staging/media/atomisp/pci/sh_css_frac.h +++ b/drivers/staging/media/atomisp/pci/sh_css_frac.h @@ -32,12 +32,24 @@ #define uISP_VAL_MAX ((unsigned int)((1 << uISP_REG_BIT) - 1)) /* a:fraction bits for 16bit precision, b:fraction bits for ISP precision */ -#define sDIGIT_FITTING(v, a, b) \ - min_t(int, max_t(int, (((v) >> sSHIFT) >> max(sFRACTION_BITS_FITTING(a) - (b), 0)), \ - sISP_VAL_MIN), sISP_VAL_MAX) -#define uDIGIT_FITTING(v, a, b) \ - min((unsigned int)max((unsigned)(((v) >> uSHIFT) \ - >> max((int)(uFRACTION_BITS_FITTING(a) - (b)), 0)), \ - uISP_VAL_MIN), uISP_VAL_MAX) +static inline int sDIGIT_FITTING(int v, int a, int b) +{ + int fit_shift = sFRACTION_BITS_FITTING(a) - b; + + v >>= sSHIFT; + v >>= fit_shift > 0 ? fit_shift : 0; + + return clamp_t(int, v, sISP_VAL_MIN, sISP_VAL_MAX); +} + +static inline unsigned int uDIGIT_FITTING(unsigned int v, int a, int b) +{ + int fit_shift = uFRACTION_BITS_FITTING(a) - b; + + v >>= uSHIFT; + v >>= fit_shift > 0 ? fit_shift : 0; + + return clamp_t(unsigned int, v, uISP_VAL_MIN, uISP_VAL_MAX); +} #endif /* __SH_CSS_FRAC_H */ -- 2.46.0

1 year, 3 months

3
2
0 0

[PATCH v1] ASoC: meson: axg-card: fix 'use-after-free'

by Arseniy Krasnov

Buffer 'card->dai_link' is reallocated in 'meson_card_reallocate_links()', so move 'pad' pointer initialization after this function when memory is already reallocated. Kasan bug report: ================================================================== BUG: KASAN: slab-use-after-free in axg_card_add_link+0x76c/0x9bc Read of size 8 at addr ffff000000e8b260 by task modprobe/356 CPU: 0 PID: 356 Comm: modprobe Tainted: G O 6.9.12-sdkernel #1 Call trace: dump_backtrace+0x94/0xec show_stack+0x18/0x24 dump_stack_lvl+0x78/0x90 print_report+0xfc/0x5c0 kasan_report+0xb8/0xfc __asan_load8+0x9c/0xb8 axg_card_add_link+0x76c/0x9bc [snd_soc_meson_axg_sound_card] meson_card_probe+0x344/0x3b8 [snd_soc_meson_card_utils] platform_probe+0x8c/0xf4 really_probe+0x110/0x39c __driver_probe_device+0xb8/0x18c driver_probe_device+0x108/0x1d8 __driver_attach+0xd0/0x25c bus_for_each_dev+0xe0/0x154 driver_attach+0x34/0x44 bus_add_driver+0x134/0x294 driver_register+0xa8/0x1e8 __platform_driver_register+0x44/0x54 axg_card_pdrv_init+0x20/0x1000 [snd_soc_meson_axg_sound_card] do_one_initcall+0xdc/0x25c do_init_module+0x10c/0x334 load_module+0x24c4/0x26cc init_module_from_file+0xd4/0x128 __arm64_sys_finit_module+0x1f4/0x41c invoke_syscall+0x60/0x188 el0_svc_common.constprop.0+0x78/0x13c do_el0_svc+0x30/0x40 el0_svc+0x38/0x78 el0t_64_sync_handler+0x100/0x12c el0t_64_sync+0x190/0x194 Fixes: 7864a79f37b5 ("ASoC: meson: add axg sound card support") Cc: <Stable(a)vger.kernel.org> Signed-off-by: Arseniy Krasnov <avkrasnov(a)salutedevices.com> --- sound/soc/meson/axg-card.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sound/soc/meson/axg-card.c b/sound/soc/meson/axg-card.c index 8c5605c1e34e8..eb0302f207407 100644 --- a/sound/soc/meson/axg-card.c +++ b/sound/soc/meson/axg-card.c @@ -104,7 +104,7 @@ static int axg_card_add_tdm_loopback(struct snd_soc_card *card, int *index) { struct meson_card *priv = snd_soc_card_get_drvdata(card); - struct snd_soc_dai_link *pad = &card->dai_link[*index]; + struct snd_soc_dai_link *pad; struct snd_soc_dai_link *lb; struct snd_soc_dai_link_component *dlc; int ret; @@ -114,6 +114,7 @@ static int axg_card_add_tdm_loopback(struct snd_soc_card *card, if (ret) return ret; + pad = &card->dai_link[*index]; lb = &card->dai_link[*index + 1]; lb->name = devm_kasprintf(card->dev, GFP_KERNEL, "%s-lb", pad->name); -- 2.30.1

1 year, 3 months

3
2
0 0

[PATCH hotfix 6.11 v2 2/3] minmax: reduce min/max macro expansion in skbuff

by Lorenzo Stoakes

Avoid unnecessary nested min()/max() which reults in egregious macro expansion. The nesting occurs when NET_SKB_PAD is used in a min() or max() invocation, for instance, various ethernet drivers wrap it in a max(). Not doing so results in an impact on build times. Cc: stable(a)vger.kernel.org Fixes: 867046cc7027 ("minmax: relax check to allow comparison between unsigned arguments and signed constants") Signed-off-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> --- include/linux/skbuff.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h index 29c3ea5b6e93..d53b296df504 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h @@ -3164,7 +3164,11 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len) * NET_IP_ALIGN(2) + ethernet_header(14) + IP_header(20/40) + ports(8) */ #ifndef NET_SKB_PAD -#define NET_SKB_PAD max(32, L1_CACHE_BYTES) +#if L1_CACHE_BYTES < 32 +#define NET_SKB_PAD 32 +#else +#define NET_SKB_PAD L1_CACHE_BYTES +#endif #endif int ___pskb_trim(struct sk_buff *skb, unsigned int len); -- 2.46.0

1 year, 3 months

2
1
0 0

[PATCH hotfix 6.11 v2 1/3] minmax: reduce min/max macro expansion in mvpp2 driver

by Lorenzo Stoakes

Avoid unnecessary nested min()/max() which reults in egregious macro expansion. Use clamp_t() as this introduces the least possible expansion. Not doing so results in an impact on build times. Cc: stable(a)vger.kernel.org Fixes: 867046cc7027 ("minmax: relax check to allow comparison between unsigned arguments and signed constants") Reviewed-by: Andrew Lunn <andrew(a)lunn.ch> Signed-off-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> --- drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/ethernet/marvell/mvpp2/mvpp2.h b/drivers/net/ethernet/marvell/mvpp2/mvpp2.h index e809f91c08fb..8b431f90efc3 100644 --- a/drivers/net/ethernet/marvell/mvpp2/mvpp2.h +++ b/drivers/net/ethernet/marvell/mvpp2/mvpp2.h @@ -23,7 +23,7 @@ /* The PacketOffset field is measured in units of 32 bytes and is 3 bits wide, * so the maximum offset is 7 * 32 = 224 */ -#define MVPP2_SKB_HEADROOM min(max(XDP_PACKET_HEADROOM, NET_SKB_PAD), 224) +#define MVPP2_SKB_HEADROOM clamp_t(int, XDP_PACKET_HEADROOM, NET_SKB_PAD, 224) #define MVPP2_XDP_PASS 0 #define MVPP2_XDP_DROPPED BIT(0) -- 2.46.0

1 year, 3 months

1
0
0 0

[PATCH hotfix 6.11] minmax: reduce egregious min/max macro expansion

by Lorenzo Stoakes

Avoid nested min()/max() which results in egregious macro expansion. This issue was introduced by commit 867046cc7027 ("minmax: relax check to allow comparison between unsigned arguments and signed constants") [2]. Work has been done to address the issue of egregious min()/max() macro expansion in commit 22f546873149 ("minmax: improve macro expansion and type checking") and related, however it appears that some issues remain on more tightly constrained systems. Adjust a few known-bad cases of deeply nested macros to avoid doing so to mitigate this. Porting the patch first proposed in [1] to Linus's tree. Running an allmodconfig build using the methodology described in [2] we observe a 35 MiB reduction in generated code. The difference is much more significant prior to recent minmax fixes which were not backported. As per [1] prior these the reduction is more like 200 MiB. This resolves an issue with slackware 15.0 32-bit compilation as reported by Richard Narron. Presumably the min/max fixups would be difficult to backport, this patch should be easier and fix's Richard's problem in 5.15. [0]:https://lore.kernel.org/all/b97faef60ad24922b530241c5d7c933c@AcuMS.acula… [1]:https://lore.kernel.org/lkml/5882b96e-1287-4390-8174-3316d39038ef@lucife… [2]:https://lore.kernel.org/linux-mm/36aa2cad-1db1-4abf-8dd2-fb20484aabc3@lu… Reported-by: Richard Narron <richard(a)aaazen.com> Closes: https://lore.kernel.org/all/4a5321bd-b1f-1832-f0c-cea8694dc5aa@aaazen.com/ Fixes: 867046cc7027 ("minmax: relax check to allow comparison between unsigned arguments and signed constants") Cc: stable(a)vger.kernel.org Signed-off-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> --- drivers/net/ethernet/marvell/mvpp2/mvpp2.h | 2 +- .../staging/media/atomisp/pci/sh_css_frac.h | 26 ++++++++++++++----- include/linux/skbuff.h | 6 ++++- 3 files changed, 25 insertions(+), 9 deletions(-) diff --git a/drivers/net/ethernet/marvell/mvpp2/mvpp2.h b/drivers/net/ethernet/marvell/mvpp2/mvpp2.h index e809f91c08fb..8b431f90efc3 100644 --- a/drivers/net/ethernet/marvell/mvpp2/mvpp2.h +++ b/drivers/net/ethernet/marvell/mvpp2/mvpp2.h @@ -23,7 +23,7 @@ /* The PacketOffset field is measured in units of 32 bytes and is 3 bits wide, * so the maximum offset is 7 * 32 = 224 */ -#define MVPP2_SKB_HEADROOM min(max(XDP_PACKET_HEADROOM, NET_SKB_PAD), 224) +#define MVPP2_SKB_HEADROOM clamp_t(int, XDP_PACKET_HEADROOM, NET_SKB_PAD, 224) #define MVPP2_XDP_PASS 0 #define MVPP2_XDP_DROPPED BIT(0) diff --git a/drivers/staging/media/atomisp/pci/sh_css_frac.h b/drivers/staging/media/atomisp/pci/sh_css_frac.h index b90b5b330dfa..a973394c5bc0 100644 --- a/drivers/staging/media/atomisp/pci/sh_css_frac.h +++ b/drivers/staging/media/atomisp/pci/sh_css_frac.h @@ -32,12 +32,24 @@ #define uISP_VAL_MAX ((unsigned int)((1 << uISP_REG_BIT) - 1)) /* a:fraction bits for 16bit precision, b:fraction bits for ISP precision */ -#define sDIGIT_FITTING(v, a, b) \ - min_t(int, max_t(int, (((v) >> sSHIFT) >> max(sFRACTION_BITS_FITTING(a) - (b), 0)), \ - sISP_VAL_MIN), sISP_VAL_MAX) -#define uDIGIT_FITTING(v, a, b) \ - min((unsigned int)max((unsigned)(((v) >> uSHIFT) \ - >> max((int)(uFRACTION_BITS_FITTING(a) - (b)), 0)), \ - uISP_VAL_MIN), uISP_VAL_MAX) +static inline int sDIGIT_FITTING(short v, int a, int b) +{ + int fit_shift = sFRACTION_BITS_FITTING(a) - b; + + v >>= sSHIFT; + v >>= fit_shift > 0 ? fit_shift : 0; + + return clamp_t(int, v, sISP_VAL_MIN, sISP_VAL_MAX); +} + +static inline unsigned int uDIGIT_FITTING(unsigned int v, int a, int b) +{ + int fit_shift = uFRACTION_BITS_FITTING(a) - b; + + v >>= uSHIFT; + v >>= fit_shift > 0 ? fit_shift : 0; + + return clamp_t(unsigned int, v, uISP_VAL_MIN, uISP_VAL_MAX); +} #endif /* __SH_CSS_FRAC_H */ diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h index 29c3ea5b6e93..d53b296df504 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h @@ -3164,7 +3164,11 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len) * NET_IP_ALIGN(2) + ethernet_header(14) + IP_header(20/40) + ports(8) */ #ifndef NET_SKB_PAD -#define NET_SKB_PAD max(32, L1_CACHE_BYTES) +#if L1_CACHE_BYTES < 32 +#define NET_SKB_PAD 32 +#else +#define NET_SKB_PAD L1_CACHE_BYTES +#endif #endif int ___pskb_trim(struct sk_buff *skb, unsigned int len); -- 2.46.0

1 year, 3 months

4
8
0 0

[PATCH bpf-next] bpf: lsm: Set bpf_lsm_blob_sizes.lbs_task to 0

by Song Liu

bpf task local storage is now using task_struct->bpf_storage, so bpf_lsm_blob_sizes.lbs_task is no longer needed. Remove it to save some memory. Fixes: a10787e6d58c ("bpf: Enable task local storage for tracing programs") Cc: stable(a)vger.kernel.org Cc: KP Singh <kpsingh(a)kernel.org> Cc: Matt Bobrowski <mattbobrowski(a)google.com> Signed-off-by: Song Liu <song(a)kernel.org> --- security/bpf/hooks.c | 1 - 1 file changed, 1 deletion(-) diff --git a/security/bpf/hooks.c b/security/bpf/hooks.c index 57b9ffd53c98..3663aec7bcbd 100644 --- a/security/bpf/hooks.c +++ b/security/bpf/hooks.c @@ -31,7 +31,6 @@ static int __init bpf_lsm_init(void) struct lsm_blob_sizes bpf_lsm_blob_sizes __ro_after_init = { .lbs_inode = sizeof(struct bpf_storage_blob), - .lbs_task = sizeof(struct bpf_storage_blob), }; DEFINE_LSM(bpf) = { -- 2.43.5

1 year, 3 months

3
2
0 0

[PATCH v2] ice: Fix improper handling of refcount in ice_dpll_init_rclk_pins()

by Gui-Dong Han

This patch addresses a reference count handling issue in the ice_dpll_init_rclk_pins() function. The function calls ice_dpll_get_pins(), which increments the reference count of the relevant resources. However, if the condition WARN_ON((!vsi || !vsi->netdev)) is met, the function currently returns an error without properly releasing the resources acquired by ice_dpll_get_pins(), leading to a reference count leak. To resolve this, the check has been moved to the top of the function. This ensures that the function verifies the state before any resources are acquired, avoiding the need for additional resource management in the error path. This bug was identified by an experimental static analysis tool developed by our team. The tool specializes in analyzing reference count operations and detecting potential issues where resources are not properly managed. In this case, the tool flagged the missing release operation as a potential problem, which led to the development of this patch. Fixes: d7999f5ea64b ("ice: implement dpll interface to control cgu") Cc: stable(a)vger.kernel.org Signed-off-by: Gui-Dong Han <hanguidong02(a)outlook.com> --- v2: * In this patch v2, the check for vsi and vsi->netdev has been moved to the top of the function to simplify error handling and avoid the need for resource unwinding. Thanks to Simon Horman for suggesting this improvement. --- drivers/net/ethernet/intel/ice/ice_dpll.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/ethernet/intel/ice/ice_dpll.c b/drivers/net/ethernet/intel/ice/ice_dpll.c index e92be6f130a3..b403d55303b8 100644 --- a/drivers/net/ethernet/intel/ice/ice_dpll.c +++ b/drivers/net/ethernet/intel/ice/ice_dpll.c @@ -1626,6 +1626,8 @@ ice_dpll_init_rclk_pins(struct ice_pf *pf, struct ice_dpll_pin *pin, struct dpll_pin *parent; int ret, i; + if (WARN_ON((!vsi || !vsi->netdev))) + return -EINVAL; ret = ice_dpll_get_pins(pf, pin, start_idx, ICE_DPLL_RCLK_NUM_PER_PF, pf->dplls.clock_id); if (ret) @@ -1641,8 +1643,6 @@ ice_dpll_init_rclk_pins(struct ice_pf *pf, struct ice_dpll_pin *pin, if (ret) goto unregister_pins; } - if (WARN_ON((!vsi || !vsi->netdev))) - return -EINVAL; dpll_netdev_pin_set(vsi->netdev, pf->dplls.rclk.pin); return 0; -- 2.25.1

1 year, 3 months

3
2
0 0

[PATCH 21/23] drm/amd/display: Update IPS default mode for DCN35/DCN351

by Alex Hung

From: Roman Li <Roman.Li(a)amd.com> [WHY] RCG state of IPX in idle is more stable for DCN351 and some variants of DCN35 than IPS2. [HOW] Rework dm_get_default_ips_mode() to specify default per ASIC and update DCN35/DCN351 defaults accordingly. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Sun peng Li <sunpeng.li(a)amd.com> Signed-off-by: Roman Li <Roman.Li(a)amd.com> Signed-off-by: Alex Hung <alex.hung(a)amd.com> --- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 50 ++++++++++++------- 1 file changed, 33 insertions(+), 17 deletions(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index c77982245f60..c50880422502 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -1771,25 +1771,41 @@ static struct dml2_soc_bb *dm_dmub_get_vbios_bounding_box(struct amdgpu_device * static enum dmub_ips_disable_type dm_get_default_ips_mode( struct amdgpu_device *adev) { - /* - * On DCN35 systems with Z8 enabled, it's possible for IPS2 + Z8 to - * cause a hard hang. A fix exists for newer PMFW. - * - * As a workaround, for non-fixed PMFW, force IPS1+RCG as the deepest - * IPS state in all cases, except for s0ix and all displays off (DPMS), - * where IPS2 is allowed. - * - * When checking pmfw version, use the major and minor only. - */ - if (amdgpu_ip_version(adev, DCE_HWIP, 0) == IP_VERSION(3, 5, 0) && - (adev->pm.fw_version & 0x00FFFF00) < 0x005D6300) - return DMUB_IPS_RCG_IN_ACTIVE_IPS2_IN_OFF; + enum dmub_ips_disable_type ret = DMUB_IPS_ENABLE; - if (amdgpu_ip_version(adev, DCE_HWIP, 0) >= IP_VERSION(3, 5, 0)) - return DMUB_IPS_ENABLE; + switch (amdgpu_ip_version(adev, DCE_HWIP, 0)) { + case IP_VERSION(3, 5, 0): + /* + * On DCN35 systems with Z8 enabled, it's possible for IPS2 + Z8 to + * cause a hard hang. A fix exists for newer PMFW. + * + * As a workaround, for non-fixed PMFW, force IPS1+RCG as the deepest + * IPS state in all cases, except for s0ix and all displays off (DPMS), + * where IPS2 is allowed. + * + * When checking pmfw version, use the major and minor only. + */ + if ((adev->pm.fw_version & 0x00FFFF00) < 0x005D6300) + ret = DMUB_IPS_RCG_IN_ACTIVE_IPS2_IN_OFF; + else if (amdgpu_ip_version(adev, GC_HWIP, 0) > IP_VERSION(11, 5, 0)) + /* + * Other ASICs with DCN35 that have residency issues with + * IPS2 in idle. + * We want them to use IPS2 only in display off cases. + */ + ret = DMUB_IPS_RCG_IN_ACTIVE_IPS2_IN_OFF; + break; + case IP_VERSION(3, 5, 1): + ret = DMUB_IPS_RCG_IN_ACTIVE_IPS2_IN_OFF; + break; + default: + /* ASICs older than DCN35 do not have IPSs */ + if (amdgpu_ip_version(adev, DCE_HWIP, 0) < IP_VERSION(3, 5, 0)) + ret = DMUB_IPS_DISABLE_ALL; + break; + } - /* ASICs older than DCN35 do not have IPSs */ - return DMUB_IPS_DISABLE_ALL; + return ret; } static int amdgpu_dm_init(struct amdgpu_device *adev) -- 2.34.1

1 year, 3 months

1
0
0 0

[PATCH 20/23] drm/amd/display: Use full update for swizzle mode change

by Alex Hung

From: Charlene Liu <Charlene.Liu(a)amd.com> [WHY & HOW] 1) We did linear/non linear transition properly long ago 2) We used that path to handle SystemDisplayEnable 3) We fixed a SystemDisplayEnable inability to fallback to passive by impacting the transition flow generically 4) AFMF later relied on the generic transition behavior Separating the two flows to make (3) non-generic is the best immediate coarse of action. DC can discern SSAMPO3 very easily from SDE. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Chris Park <chris.park(a)amd.com> Signed-off-by: Charlene Liu <Charlene.Liu(a)amd.com> Signed-off-by: Alex Hung <alex.hung(a)amd.com> --- drivers/gpu/drm/amd/display/dc/core/dc.c | 6 +++--- drivers/gpu/drm/amd/display/dc/dc.h | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/core/dc.c b/drivers/gpu/drm/amd/display/dc/core/dc.c index 67812fbbb006..a1652130e4be 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc.c @@ -2376,7 +2376,7 @@ static bool is_surface_in_context( return false; } -static enum surface_update_type get_plane_info_update_type(const struct dc_surface_update *u) +static enum surface_update_type get_plane_info_update_type(const struct dc *dc, const struct dc_surface_update *u) { union surface_update_flags *update_flags = &u->surface->update_flags; enum surface_update_type update_type = UPDATE_TYPE_FAST; @@ -2455,7 +2455,7 @@ static enum surface_update_type get_plane_info_update_type(const struct dc_surfa /* todo: below are HW dependent, we should add a hook to * DCE/N resource and validated there. */ - if (u->plane_info->tiling_info.gfx9.swizzle != DC_SW_LINEAR) { + if (!dc->debug.skip_full_updated_if_possible) { /* swizzled mode requires RQ to be setup properly, * thus need to run DML to calculate RQ settings */ @@ -2547,7 +2547,7 @@ static enum surface_update_type det_surface_update(const struct dc *dc, update_flags->raw = 0; // Reset all flags - type = get_plane_info_update_type(u); + type = get_plane_info_update_type(dc, u); elevate_update_type(&overall_type, type); type = get_scaling_info_update_type(dc, u); diff --git a/drivers/gpu/drm/amd/display/dc/dc.h b/drivers/gpu/drm/amd/display/dc/dc.h index e659f4fed19f..78ebe636389e 100644 --- a/drivers/gpu/drm/amd/display/dc/dc.h +++ b/drivers/gpu/drm/amd/display/dc/dc.h @@ -1060,6 +1060,7 @@ struct dc_debug_options { bool enable_ips_visual_confirm; unsigned int sharpen_policy; unsigned int scale_to_sharpness_policy; + bool skip_full_updated_if_possible; }; -- 2.34.1

1 year, 3 months

1
0
0 0

[PATCH 19/23] drm/amd/display: Skip to enable dsc if it has been off

by Alex Hung

From: Zhikai Zhai <zhikai.zhai(a)amd.com> [WHY] It makes DSC enable when we commit the stream which need keep power off, and then it will skip to disable DSC if pipe reset at this situation as power has been off. It may cause the DSC unexpected enable on the pipe with the next new stream which doesn't support DSC. [HOW] Check the DSC used on current pipe status when update stream. Skip to enable if it has been off. The operation enable DSC should happen when set power on. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Wenjing Liu <wenjing.liu(a)amd.com> Signed-off-by: Zhikai Zhai <zhikai.zhai(a)amd.com> Signed-off-by: Alex Hung <alex.hung(a)amd.com> --- .../drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c | 14 ++++++++++++++ .../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 13 +++++++++++++ 2 files changed, 27 insertions(+) diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c index a36e11606f90..2e8c9f738259 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c @@ -1032,6 +1032,20 @@ void dcn32_update_dsc_on_stream(struct pipe_ctx *pipe_ctx, bool enable) struct dsc_config dsc_cfg; struct dsc_optc_config dsc_optc_cfg = {0}; enum optc_dsc_mode optc_dsc_mode; + struct dcn_dsc_state dsc_state = {0}; + + if (!dsc) { + DC_LOG_DSC("DSC is NULL for tg instance %d:", pipe_ctx->stream_res.tg->inst); + return; + } + + if (dsc->funcs->dsc_read_state) { + dsc->funcs->dsc_read_state(dsc, &dsc_state); + if (!dsc_state.dsc_fw_en) { + DC_LOG_DSC("DSC has been disabled for tg instance %d:", pipe_ctx->stream_res.tg->inst); + return; + } + } /* Enable DSC hw block */ dsc_cfg.pic_width = (stream->timing.h_addressable + stream->timing.h_border_left + stream->timing.h_border_right) / opp_cnt; diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c index 479fd3e89e5a..bd309dbdf7b2 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c @@ -334,7 +334,20 @@ static void update_dsc_on_stream(struct pipe_ctx *pipe_ctx, bool enable) struct dsc_config dsc_cfg; struct dsc_optc_config dsc_optc_cfg = {0}; enum optc_dsc_mode optc_dsc_mode; + struct dcn_dsc_state dsc_state = {0}; + if (!dsc) { + DC_LOG_DSC("DSC is NULL for tg instance %d:", pipe_ctx->stream_res.tg->inst); + return; + } + + if (dsc->funcs->dsc_read_state) { + dsc->funcs->dsc_read_state(dsc, &dsc_state); + if (!dsc_state.dsc_fw_en) { + DC_LOG_DSC("DSC has been disabled for tg instance %d:", pipe_ctx->stream_res.tg->inst); + return; + } + } /* Enable DSC hw block */ dsc_cfg.pic_width = (stream->timing.h_addressable + stream->timing.h_border_left + stream->timing.h_border_right) / opp_cnt; dsc_cfg.pic_height = stream->timing.v_addressable + stream->timing.v_border_top + stream->timing.v_border_bottom; -- 2.34.1

1 year, 3 months

1
0
0 0

[PATCH 18/23] drm/amd/display: Fix underflow when setting underscan on DCN401

by Alex Hung

From: Aurabindo Pillai <aurabindo.pillai(a)amd.com> [WHY & HOW] When underscan is set through xrandr, it causes the stream destination rect to change in a way it becomes complicated to handle the calculations for subvp. Since this is a corner case, disable subvp when underscan is set. Fix the existing check that is supposed to catch this corner case by adding a check based on the parameters in the stream Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Dillon Varone <dillon.varone(a)amd.com> Reviewed-by: Rodrigo Siqueira <rodrigo.siqueira(a)amd.com> Signed-off-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Signed-off-by: Alex Hung <alex.hung(a)amd.com> --- .../drm/amd/display/dc/dml2/dml21/dml21_translation_helper.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/display/dc/dml2/dml21/dml21_translation_helper.c b/drivers/gpu/drm/amd/display/dc/dml2/dml21/dml21_translation_helper.c index b0d9aed0f265..8697eac1e1f7 100644 --- a/drivers/gpu/drm/amd/display/dc/dml2/dml21/dml21_translation_helper.c +++ b/drivers/gpu/drm/amd/display/dc/dml2/dml21/dml21_translation_helper.c @@ -858,7 +858,9 @@ static void populate_dml21_plane_config_from_plane_state(struct dml2_context *dm plane->immediate_flip = plane_state->flip_immediate; - plane->composition.rect_out_height_spans_vactive = plane_state->dst_rect.height >= stream->timing.v_addressable; + plane->composition.rect_out_height_spans_vactive = + plane_state->dst_rect.height >= stream->timing.v_addressable && + stream->dst.height >= stream->timing.v_addressable; } //TODO : Could be possibly moved to a common helper layer. -- 2.34.1

1 year, 3 months

1
0
0 0

[PATCH 14/23] drm/amd/display: Add HDMI DSC native YCbCr422 support

by Alex Hung

From: Leo Ma <hanghong.ma(a)amd.com> [WHY && HOW] For some HDMI OVT timing, YCbCr422 encoding fails at the DSC bandwidth check. The root cause is our DSC policy for timing doesn't account for HDMI YCbCr422 native support. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Chris Park <chris.park(a)amd.com> Signed-off-by: Leo Ma <hanghong.ma(a)amd.com> Signed-off-by: Alex Hung <alex.hung(a)amd.com> --- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 4 ++-- drivers/gpu/drm/amd/display/dc/dc_dsc.h | 3 ++- drivers/gpu/drm/amd/display/dc/dsc/dc_dsc.c | 5 +++-- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c index 658584819d6e..358c4bff1c40 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c @@ -1146,7 +1146,7 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state, params[count].num_slices_v = aconnector->dsc_settings.dsc_num_slices_v; params[count].bpp_overwrite = aconnector->dsc_settings.dsc_bits_per_pixel; params[count].compression_possible = stream->sink->dsc_caps.dsc_dec_caps.is_dsc_supported; - dc_dsc_get_policy_for_timing(params[count].timing, 0, &dsc_policy); + dc_dsc_get_policy_for_timing(params[count].timing, 0, &dsc_policy, dc_link_get_highest_encoding_format(stream->link)); if (!dc_dsc_compute_bandwidth_range( stream->sink->ctx->dc->res_pool->dscs[0], stream->sink->ctx->dc->debug.dsc_min_slice_height_override, @@ -1680,7 +1680,7 @@ static bool is_dsc_common_config_possible(struct dc_stream_state *stream, { struct dc_dsc_policy dsc_policy = {0}; - dc_dsc_get_policy_for_timing(&stream->timing, 0, &dsc_policy); + dc_dsc_get_policy_for_timing(&stream->timing, 0, &dsc_policy, dc_link_get_highest_encoding_format(stream->link)); dc_dsc_compute_bandwidth_range(stream->sink->ctx->dc->res_pool->dscs[0], stream->sink->ctx->dc->debug.dsc_min_slice_height_override, dsc_policy.min_target_bpp * 16, diff --git a/drivers/gpu/drm/amd/display/dc/dc_dsc.h b/drivers/gpu/drm/amd/display/dc/dc_dsc.h index 2a5120ecf48b..9014c2409817 100644 --- a/drivers/gpu/drm/amd/display/dc/dc_dsc.h +++ b/drivers/gpu/drm/amd/display/dc/dc_dsc.h @@ -101,7 +101,8 @@ uint32_t dc_dsc_stream_bandwidth_overhead_in_kbps( */ void dc_dsc_get_policy_for_timing(const struct dc_crtc_timing *timing, uint32_t max_target_bpp_limit_override_x16, - struct dc_dsc_policy *policy); + struct dc_dsc_policy *policy, + const enum dc_link_encoding_format link_encoding); void dc_dsc_policy_set_max_target_bpp_limit(uint32_t limit); diff --git a/drivers/gpu/drm/amd/display/dc/dsc/dc_dsc.c b/drivers/gpu/drm/amd/display/dc/dsc/dc_dsc.c index 79c426425911..ebd5df1a36e8 100644 --- a/drivers/gpu/drm/amd/display/dc/dsc/dc_dsc.c +++ b/drivers/gpu/drm/amd/display/dc/dsc/dc_dsc.c @@ -883,7 +883,7 @@ static bool setup_dsc_config( memset(dsc_cfg, 0, sizeof(struct dc_dsc_config)); - dc_dsc_get_policy_for_timing(timing, options->max_target_bpp_limit_override_x16, &policy); + dc_dsc_get_policy_for_timing(timing, options->max_target_bpp_limit_override_x16, &policy, link_encoding); pic_width = timing->h_addressable + timing->h_border_left + timing->h_border_right; pic_height = timing->v_addressable + timing->v_border_top + timing->v_border_bottom; @@ -1173,7 +1173,8 @@ uint32_t dc_dsc_stream_bandwidth_overhead_in_kbps( void dc_dsc_get_policy_for_timing(const struct dc_crtc_timing *timing, uint32_t max_target_bpp_limit_override_x16, - struct dc_dsc_policy *policy) + struct dc_dsc_policy *policy, + const enum dc_link_encoding_format link_encoding) { uint32_t bpc = 0; -- 2.34.1

1 year, 3 months

1
0
0 0

[PATCH 11/23] drm/amd/display: Disable SYMCLK32_LE root clock gating

by Alex Hung

From: Sung Joon Kim <Sungjoon.Kim(a)amd.com> [WHY & HOW] On display on sequence, enabling SYMCLK32_LE root clock gating causes issue in link training so disabling it is needed. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> Signed-off-by: Sung Joon Kim <Sungjoon.Kim(a)amd.com> Signed-off-by: Alex Hung <alex.hung(a)amd.com> --- .../gpu/drm/amd/display/dc/resource/dcn351/dcn351_resource.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/display/dc/resource/dcn351/dcn351_resource.c b/drivers/gpu/drm/amd/display/dc/resource/dcn351/dcn351_resource.c index 514c6d56925d..da9101b83e8c 100644 --- a/drivers/gpu/drm/amd/display/dc/resource/dcn351/dcn351_resource.c +++ b/drivers/gpu/drm/amd/display/dc/resource/dcn351/dcn351_resource.c @@ -736,7 +736,7 @@ static const struct dc_debug_options debug_defaults_drv = { .hdmichar = true, .dpstream = true, .symclk32_se = true, - .symclk32_le = true, + .symclk32_le = false, .symclk_fe = true, .physymclk = false, .dpiasymclk = true, -- 2.34.1

1 year, 3 months

1
0
0 0

[PATCH 10/23] drm/amd/display: Clean up dsc blocks in accelerated mode

by Alex Hung

From: Martin Tsai <martin.tsai(a)amd.com> [WHY] DSC on eDP could be enabled during VBIOS post. The enabled DSC may not be disabled when enter to OS, once the system was in second screen only mode before entering to S4. In this case, OS will not send setTimings to reset eDP path again. The enabled DSC HW will make a new stream without DSC cannot output normally if it reused this pipe with enabled DSC. [HOW] In accelerated mode, to clean up DSC blocks if eDP is on link but not active when we are not in fast boot and seamless boot. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Charlene Liu <charlene.liu(a)amd.com> Signed-off-by: Martin Tsai <martin.tsai(a)amd.com> Signed-off-by: Alex Hung <alex.hung(a)amd.com> --- .../amd/display/dc/hwss/dce110/dce110_hwseq.c | 50 +++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.c b/drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.c index d52ce58c6a98..aa7479b31898 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.c @@ -57,6 +57,7 @@ #include "panel_cntl.h" #include "dc_state_priv.h" #include "dpcd_defs.h" +#include "dsc.h" /* include DCE11 register header files */ #include "dce/dce_11_0_d.h" #include "dce/dce_11_0_sh_mask.h" @@ -1823,6 +1824,48 @@ static void get_edp_links_with_sink( } } +static void clean_up_dsc_blocks(struct dc *dc) +{ + struct display_stream_compressor *dsc = NULL; + struct timing_generator *tg = NULL; + struct stream_encoder *se = NULL; + struct dccg *dccg = dc->res_pool->dccg; + struct pg_cntl *pg_cntl = dc->res_pool->pg_cntl; + int i; + + if (dc->ctx->dce_version != DCN_VERSION_3_5 && + dc->ctx->dce_version != DCN_VERSION_3_51) + return; + + for (i = 0; i < dc->res_pool->res_cap->num_dsc; i++) { + struct dcn_dsc_state s = {0}; + + dsc = dc->res_pool->dscs[i]; + dsc->funcs->dsc_read_state(dsc, &s); + if (s.dsc_fw_en) { + /* disable DSC in OPTC */ + if (i < dc->res_pool->timing_generator_count) { + tg = dc->res_pool->timing_generators[i]; + tg->funcs->set_dsc_config(tg, OPTC_DSC_DISABLED, 0, 0); + } + /* disable DSC in stream encoder */ + if (i < dc->res_pool->stream_enc_count) { + se = dc->res_pool->stream_enc[i]; + se->funcs->dp_set_dsc_config(se, OPTC_DSC_DISABLED, 0, 0); + se->funcs->dp_set_dsc_pps_info_packet(se, false, NULL, true); + } + /* disable DSC block */ + if (dccg->funcs->set_ref_dscclk) + dccg->funcs->set_ref_dscclk(dccg, dsc->inst); + dsc->funcs->dsc_disable(dsc); + + /* power down DSC */ + if (pg_cntl != NULL) + pg_cntl->funcs->dsc_pg_control(pg_cntl, dsc->inst, false); + } + } +} + /* * When ASIC goes from VBIOS/VGA mode to driver/accelerated mode we need: * 1. Power down all DC HW blocks @@ -1927,6 +1970,13 @@ void dce110_enable_accelerated_mode(struct dc *dc, struct dc_state *context) clk_mgr_exit_optimized_pwr_state(dc, dc->clk_mgr); power_down_all_hw_blocks(dc); + + /* DSC could be enabled on eDP during VBIOS post. + * To clean up dsc blocks if eDP is in link but not active. + */ + if (edp_link_with_sink && (edp_stream_num == 0)) + clean_up_dsc_blocks(dc); + disable_vga_and_power_gate_all_controllers(dc); if (edp_link_with_sink && !keep_edp_vdd_on) dc->hwss.edp_power_control(edp_link_with_sink, false); -- 2.34.1

1 year, 3 months

1
0
0 0

[PATCH 09/23] drm/amd/display: Block dynamic IPS2 on DCN35 for incompatible FW versions

by Alex Hung

From: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> [WHY] Hangs with Z8 can occur if running an older unfixed PMFW version. [HOW] Fallback to RCG only for dynamic IPS2 states if it's not newer than 93.12. Limit to DCN35. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Charlene Liu <charlene.liu(a)amd.com> Signed-off-by: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> Signed-off-by: Alex Hung <alex.hung(a)amd.com> --- .../gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c index 97164b5585a8..b46a3afe48ca 100644 --- a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c +++ b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c @@ -1222,6 +1222,12 @@ void dcn35_clk_mgr_construct( ctx->dc->debug.disable_dpp_power_gate = false; ctx->dc->debug.disable_hubp_power_gate = false; ctx->dc->debug.disable_dsc_power_gate = false; + + /* Disable dynamic IPS2 in older PMFW (93.12) for Z8 interop. */ + if (ctx->dc->config.disable_ips == DMUB_IPS_ENABLE && + ctx->dce_version == DCN_VERSION_3_5 && + ((clk_mgr->base.smu_ver & 0x00FFFFFF) <= 0x005d0c00)) + ctx->dc->config.disable_ips = DMUB_IPS_RCG_IN_ACTIVE_IPS2_IN_OFF; } else { /*let's reset the config control flag*/ ctx->dc->config.disable_ips = DMUB_IPS_DISABLE_ALL; /*pmfw not support it, disable it all*/ -- 2.34.1

1 year, 3 months

1
0
0 0

[PATCH 07/23] drm/amd/display: Block timing sync for different output formats in pmo

by Alex Hung

From: Dillon Varone <dillon.varone(a)amd.com> [WHY & HOW] If the output format is different for HDMI TMDS signals, they are not synchronizable. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Alvin Lee <alvin.lee2(a)amd.com> Signed-off-by: Dillon Varone <dillon.varone(a)amd.com> Signed-off-by: Alex Hung <alex.hung(a)amd.com> --- .../dc/dml2/dml21/src/dml2_pmo/dml2_pmo_dcn4_fams2.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_pmo/dml2_pmo_dcn4_fams2.c b/drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_pmo/dml2_pmo_dcn4_fams2.c index d63558ee3135..1cf9015e854a 100644 --- a/drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_pmo/dml2_pmo_dcn4_fams2.c +++ b/drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_pmo/dml2_pmo_dcn4_fams2.c @@ -940,9 +940,11 @@ static void build_synchronized_timing_groups( /* find synchronizable timing groups */ for (j = i + 1; j < display_config->display_config.num_streams; j++) { if (memcmp(master_timing, - &display_config->display_config.stream_descriptors[j].timing, - sizeof(struct dml2_timing_cfg)) == 0 && - display_config->display_config.stream_descriptors[i].output.output_encoder == display_config->display_config.stream_descriptors[j].output.output_encoder) { + &display_config->display_config.stream_descriptors[j].timing, + sizeof(struct dml2_timing_cfg)) == 0 && + display_config->display_config.stream_descriptors[i].output.output_encoder == display_config->display_config.stream_descriptors[j].output.output_encoder && + (display_config->display_config.stream_descriptors[i].output.output_encoder != dml2_hdmi || //hdmi requires formats match + display_config->display_config.stream_descriptors[i].output.output_format == display_config->display_config.stream_descriptors[j].output.output_format)) { set_bit_in_bitfield(&pmo->scratch.pmo_dcn4.synchronized_timing_group_masks[timing_group_idx], j); set_bit_in_bitfield(&stream_mapped_mask, j); } -- 2.34.1

1 year, 3 months

1
0
0 0

[PATCH 06/23] drm/amd/display: Enable DML2 override_det_buffer_size_kbytes

by Alex Hung

From: Yihan Zhu <Yihan.Zhu(a)amd.com> [WHY] Corrupted screen will be observed when 4k144 DP/HDMI display and 4k144 eDP are connected, changing eDP refresh rate from 60Hz to 144Hz. [HOW] override_det_buffer_size_kbytes should be true for DCN35/DCN351. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Roman Li <roman.li(a)amd.com> Reviewed-by: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> Signed-off-by: Yihan Zhu <Yihan.Zhu(a)amd.com> Signed-off-by: Alex Hung <alex.hung(a)amd.com> --- drivers/gpu/drm/amd/display/dc/resource/dcn35/dcn35_resource.c | 1 + drivers/gpu/drm/amd/display/dc/resource/dcn351/dcn351_resource.c | 1 + 2 files changed, 2 insertions(+) diff --git a/drivers/gpu/drm/amd/display/dc/resource/dcn35/dcn35_resource.c b/drivers/gpu/drm/amd/display/dc/resource/dcn35/dcn35_resource.c index 46ad684fe192..893a9d9ee870 100644 --- a/drivers/gpu/drm/amd/display/dc/resource/dcn35/dcn35_resource.c +++ b/drivers/gpu/drm/amd/display/dc/resource/dcn35/dcn35_resource.c @@ -2155,6 +2155,7 @@ static bool dcn35_resource_construct( dc->dml2_options.max_segments_per_hubp = 24; dc->dml2_options.det_segment_size = DCN3_2_DET_SEG_SIZE;/*todo*/ + dc->dml2_options.override_det_buffer_size_kbytes = true; if (dc->config.sdpif_request_limit_words_per_umc == 0) dc->config.sdpif_request_limit_words_per_umc = 16;/*todo*/ diff --git a/drivers/gpu/drm/amd/display/dc/resource/dcn351/dcn351_resource.c b/drivers/gpu/drm/amd/display/dc/resource/dcn351/dcn351_resource.c index 4c5e722baa3a..514c6d56925d 100644 --- a/drivers/gpu/drm/amd/display/dc/resource/dcn351/dcn351_resource.c +++ b/drivers/gpu/drm/amd/display/dc/resource/dcn351/dcn351_resource.c @@ -2133,6 +2133,7 @@ static bool dcn351_resource_construct( dc->dml2_options.max_segments_per_hubp = 24; dc->dml2_options.det_segment_size = DCN3_2_DET_SEG_SIZE;/*todo*/ + dc->dml2_options.override_det_buffer_size_kbytes = true; if (dc->config.sdpif_request_limit_words_per_umc == 0) dc->config.sdpif_request_limit_words_per_umc = 16;/*todo*/ -- 2.34.1

1 year, 3 months

1
0
0 0

[PATCH 02/23] drm/amd/display: Use SDR white level to calculate matrix coefficients

by Alex Hung

From: Samson Tam <Samson.Tam(a)amd.com> [WHY] Certain profiles have higher HDR multiplier than SDR white level max which is not currently supported. [HOW] Use SDR white level when calculating matrix coefficients for HDR RGB MPO path instead of HDR multiplier. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Jun Lei <jun.lei(a)amd.com> Signed-off-by: Samson Tam <Samson.Tam(a)amd.com> Signed-off-by: Alex Hung <alex.hung(a)amd.com> --- drivers/gpu/drm/amd/display/dc/core/dc.c | 12 ++++++++++++ drivers/gpu/drm/amd/display/dc/dc.h | 3 +++ .../gpu/drm/amd/display/dc/dc_spl_translate.c | 9 +-------- drivers/gpu/drm/amd/display/dc/spl/dc_spl.c | 17 +++++++++++------ .../gpu/drm/amd/display/dc/spl/dc_spl_types.h | 2 +- 5 files changed, 28 insertions(+), 15 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/core/dc.c b/drivers/gpu/drm/amd/display/dc/core/dc.c index ae788154896c..243928b0a39f 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc.c @@ -2596,6 +2596,12 @@ static enum surface_update_type det_surface_update(const struct dc *dc, elevate_update_type(&overall_type, UPDATE_TYPE_MED); } + if (u->sdr_white_level_nits) + if (u->sdr_white_level_nits != u->surface->sdr_white_level_nits) { + update_flags->bits.sdr_white_level_nits = 1; + elevate_update_type(&overall_type, UPDATE_TYPE_FULL); + } + if (u->cm2_params) { if ((u->cm2_params->component_settings.shaper_3dlut_setting != u->surface->mcm_shaper_3dlut_setting) @@ -2876,6 +2882,10 @@ static void copy_surface_update_to_plane( surface->hdr_mult = srf_update->hdr_mult; + if (srf_update->sdr_white_level_nits) + surface->sdr_white_level_nits = + srf_update->sdr_white_level_nits; + if (srf_update->blend_tf) memcpy(&surface->blend_tf, srf_update->blend_tf, sizeof(surface->blend_tf)); @@ -4679,6 +4689,8 @@ static bool full_update_required(struct dc *dc, srf_updates[i].scaling_info || (srf_updates[i].hdr_mult.value && srf_updates[i].hdr_mult.value != srf_updates->surface->hdr_mult.value) || + (srf_updates[i].sdr_white_level_nits && + srf_updates[i].sdr_white_level_nits != srf_updates->surface->sdr_white_level_nits) || srf_updates[i].in_transfer_func || srf_updates[i].func_shaper || srf_updates[i].lut3d_func || diff --git a/drivers/gpu/drm/amd/display/dc/dc.h b/drivers/gpu/drm/amd/display/dc/dc.h index 4c94dd38be4b..dcf8a90e961d 100644 --- a/drivers/gpu/drm/amd/display/dc/dc.h +++ b/drivers/gpu/drm/amd/display/dc/dc.h @@ -1269,6 +1269,7 @@ union surface_update_flags { uint32_t tmz_changed:1; uint32_t mcm_transfer_function_enable_change:1; /* disable or enable MCM transfer func */ uint32_t full_update:1; + uint32_t sdr_white_level_nits:1; } bits; uint32_t raw; @@ -1351,6 +1352,7 @@ struct dc_plane_state { bool adaptive_sharpness_en; int sharpness_level; enum linear_light_scaling linear_light_scaling; + unsigned int sdr_white_level_nits; }; struct dc_plane_info { @@ -1508,6 +1510,7 @@ struct dc_surface_update { */ struct dc_cm2_parameters *cm2_params; const struct dc_csc_transform *cursor_csc_color_matrix; + unsigned int sdr_white_level_nits; }; /* diff --git a/drivers/gpu/drm/amd/display/dc/dc_spl_translate.c b/drivers/gpu/drm/amd/display/dc/dc_spl_translate.c index cd6de93eb91c..f711fc2e3e65 100644 --- a/drivers/gpu/drm/amd/display/dc/dc_spl_translate.c +++ b/drivers/gpu/drm/amd/display/dc/dc_spl_translate.c @@ -191,14 +191,7 @@ void translate_SPL_in_params_from_pipe_ctx(struct pipe_ctx *pipe_ctx, struct spl */ spl_in->is_fullscreen = dm_helpers_is_fullscreen(pipe_ctx->stream->ctx, pipe_ctx->stream); spl_in->is_hdr_on = dm_helpers_is_hdr_on(pipe_ctx->stream->ctx, pipe_ctx->stream); - spl_in->hdr_multx100 = 0; - if (spl_in->is_hdr_on) { - spl_in->hdr_multx100 = (uint32_t)dc_fixpt_floor(dc_fixpt_mul(plane_state->hdr_mult, - dc_fixpt_from_int(100))); - /* Disable sharpness for HDR Mult > 6.0 */ - if (spl_in->hdr_multx100 > 600) - spl_in->adaptive_sharpness.enable = false; - } + spl_in->sdr_white_level_nits = plane_state->sdr_white_level_nits; } /// @brief Translate SPL output parameters to pipe context diff --git a/drivers/gpu/drm/amd/display/dc/spl/dc_spl.c b/drivers/gpu/drm/amd/display/dc/spl/dc_spl.c index 15f7eda903e6..a59aa6b59687 100644 --- a/drivers/gpu/drm/amd/display/dc/spl/dc_spl.c +++ b/drivers/gpu/drm/amd/display/dc/spl/dc_spl.c @@ -1155,14 +1155,19 @@ static void spl_set_dscl_prog_data(struct spl_in *spl_in, struct spl_scratch *sp } /* Calculate C0-C3 coefficients based on HDR_mult */ -static void spl_calculate_c0_c3_hdr(struct dscl_prog_data *dscl_prog_data, uint32_t hdr_multx100) +static void spl_calculate_c0_c3_hdr(struct dscl_prog_data *dscl_prog_data, uint32_t sdr_white_level_nits) { struct spl_fixed31_32 hdr_mult, c0_mult, c1_mult, c2_mult; struct spl_fixed31_32 c0_calc, c1_calc, c2_calc; struct spl_custom_float_format fmt; + uint32_t hdr_multx100_int; - SPL_ASSERT(hdr_multx100); - hdr_mult = spl_fixpt_from_fraction((long long)hdr_multx100, 100LL); + if ((sdr_white_level_nits >= 80) && (sdr_white_level_nits <= 480)) + hdr_multx100_int = sdr_white_level_nits * 100 / 80; + else + hdr_multx100_int = 100; /* default for 80 nits otherwise */ + + hdr_mult = spl_fixpt_from_fraction((long long)hdr_multx100_int, 100LL); c0_mult = spl_fixpt_from_fraction(2126LL, 10000LL); c1_mult = spl_fixpt_from_fraction(7152LL, 10000LL); c2_mult = spl_fixpt_from_fraction(722LL, 10000LL); @@ -1191,7 +1196,7 @@ static void spl_calculate_c0_c3_hdr(struct dscl_prog_data *dscl_prog_data, uint3 static void spl_set_easf_data(struct spl_scratch *spl_scratch, struct spl_out *spl_out, bool enable_easf_v, bool enable_easf_h, enum linear_light_scaling lls_pref, enum spl_pixel_format format, enum system_setup setup, - uint32_t hdr_multx100) + uint32_t sdr_white_level_nits) { struct dscl_prog_data *dscl_prog_data = spl_out->dscl_prog_data; if (enable_easf_v) { @@ -1499,7 +1504,7 @@ static void spl_set_easf_data(struct spl_scratch *spl_scratch, struct spl_out *s dscl_prog_data->easf_ltonl_en = 1; // Linear input if ((setup == HDR_L) && (spl_is_rgb8(format))) { /* Calculate C0-C3 coefficients based on HDR multiplier */ - spl_calculate_c0_c3_hdr(dscl_prog_data, hdr_multx100); + spl_calculate_c0_c3_hdr(dscl_prog_data, sdr_white_level_nits); } else { // HDR_L ( DWM ) and SDR_L dscl_prog_data->easf_matrix_c0 = 0x4EF7; // fp1.5.10, C0 coefficient (LN_rec709: 0.2126 * (2^14)/125 = 27.86590720) @@ -1750,7 +1755,7 @@ bool spl_calculate_scaler_params(struct spl_in *spl_in, struct spl_out *spl_out) // Set EASF spl_set_easf_data(&spl_scratch, spl_out, enable_easf_v, enable_easf_h, spl_in->lls_pref, - spl_in->basic_in.format, setup, spl_in->hdr_multx100); + spl_in->basic_in.format, setup, spl_in->sdr_white_level_nits); // Set iSHARP vratio = spl_fixpt_ceil(spl_scratch.scl_data.ratios.vert); diff --git a/drivers/gpu/drm/amd/display/dc/spl/dc_spl_types.h b/drivers/gpu/drm/amd/display/dc/spl/dc_spl_types.h index 85b19ebe2c57..74f2a8c42f4f 100644 --- a/drivers/gpu/drm/amd/display/dc/spl/dc_spl_types.h +++ b/drivers/gpu/drm/amd/display/dc/spl/dc_spl_types.h @@ -518,7 +518,7 @@ struct spl_in { bool is_hdr_on; int h_active; int v_active; - int hdr_multx100; + int sdr_white_level_nits; }; // end of SPL inputs -- 2.34.1

1 year, 3 months

1
0
0 0

[PATCH 01/23] drm/amd/display: Round calculated vtotal

by Alex Hung

From: Robin Chen <robin.chen(a)amd.com> [WHY] The calculated vtotal may has 1 line deviation. To get precisely vtotal number, round the vtotal result. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Anthony Koo <anthony.koo(a)amd.com> Signed-off-by: Robin Chen <robin.chen(a)amd.com> Signed-off-by: Alex Hung <alex.hung(a)amd.com> --- drivers/gpu/drm/amd/display/modules/freesync/freesync.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/display/modules/freesync/freesync.c b/drivers/gpu/drm/amd/display/modules/freesync/freesync.c index a40e6590215a..bbd259cea4f4 100644 --- a/drivers/gpu/drm/amd/display/modules/freesync/freesync.c +++ b/drivers/gpu/drm/amd/display/modules/freesync/freesync.c @@ -134,7 +134,7 @@ unsigned int mod_freesync_calc_v_total_from_refresh( v_total = div64_u64(div64_u64(((unsigned long long)( frame_duration_in_ns) * (stream->timing.pix_clk_100hz / 10)), - stream->timing.h_total), 1000000); + stream->timing.h_total) + 500000, 1000000); /* v_total cannot be less than nominal */ if (v_total < stream->timing.v_total) { -- 2.34.1

1 year, 3 months

1
0
0 0

[PATCH v3] i2c: aspeed: Update the stop sw state when the bus recovery occurs

by Tommy Huang

When the i2c bus recovery occurs, driver will send i2c stop command in the scl low condition. In this case the sw state will still keep original situation. Under multi-master usage, i2c bus recovery will be called when i2c transfer timeout occurs. Update the stop command calling with aspeed_i2c_do_stop function to update master_state. Fixes: f327c686d3ba ("i2c: aspeed: added driver for Aspeed I2C") Cc: <stable(a)vger.kernel.org> # v4.13+ Signed-off-by: Tommy Huang <tommy_huang(a)aspeedtech.com> --- drivers/i2c/busses/i2c-aspeed.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/drivers/i2c/busses/i2c-aspeed.c b/drivers/i2c/busses/i2c-aspeed.c index ce8c4846b7fa..2a03a221e2dd 100644 --- a/drivers/i2c/busses/i2c-aspeed.c +++ b/drivers/i2c/busses/i2c-aspeed.c @@ -170,6 +170,13 @@ struct aspeed_i2c_bus { static int aspeed_i2c_reset(struct aspeed_i2c_bus *bus); +/* precondition: bus.lock has been acquired. */ +static void aspeed_i2c_do_stop(struct aspeed_i2c_bus *bus) +{ + bus->master_state = ASPEED_I2C_MASTER_STOP; + writel(ASPEED_I2CD_M_STOP_CMD, bus->base + ASPEED_I2C_CMD_REG); +} + static int aspeed_i2c_recover_bus(struct aspeed_i2c_bus *bus) { unsigned long time_left, flags; @@ -187,7 +194,7 @@ static int aspeed_i2c_recover_bus(struct aspeed_i2c_bus *bus) command); reinit_completion(&bus->cmd_complete); - writel(ASPEED_I2CD_M_STOP_CMD, bus->base + ASPEED_I2C_CMD_REG); + aspeed_i2c_do_stop(bus); spin_unlock_irqrestore(&bus->lock, flags); time_left = wait_for_completion_timeout( @@ -390,13 +397,6 @@ static void aspeed_i2c_do_start(struct aspeed_i2c_bus *bus) writel(command, bus->base + ASPEED_I2C_CMD_REG); } -/* precondition: bus.lock has been acquired. */ -static void aspeed_i2c_do_stop(struct aspeed_i2c_bus *bus) -{ - bus->master_state = ASPEED_I2C_MASTER_STOP; - writel(ASPEED_I2CD_M_STOP_CMD, bus->base + ASPEED_I2C_CMD_REG); -} - /* precondition: bus.lock has been acquired. */ static void aspeed_i2c_next_msg_or_stop(struct aspeed_i2c_bus *bus) { -- 2.25.1

1 year, 3 months

2
2
0 0

[PATCH v2 1/4] drm/xe/client: fix deadlock in show_meminfo()

by Matthew Auld

There is a real deadlock as well as sleeping in atomic() bug in here, if the bo put happens to be the last ref, since bo destruction wants to grab the same spinlock and sleeping locks. Fix that by dropping the ref using xe_bo_put_deferred(), and moving the final commit outside of the lock. Dropping the lock around the put is tricky since the bo can go out of scope and delete itself from the list, making it difficult to navigate to the next list entry. Fixes: 0845233388f8 ("drm/xe: Implement fdinfo memory stats printing") Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2727 Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Cc: Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> Cc: Tejas Upadhyay <tejas.upadhyay(a)intel.com> Cc: "Thomas Hellström" <thomas.hellstrom(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # v6.8+ Reviewed-by: Matthew Brost <matthew.brost(a)intel.com> Reviewed-by: Tejas Upadhyay <tejas.upadhyay(a)intel.com> --- drivers/gpu/drm/xe/xe_drm_client.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/xe/xe_drm_client.c b/drivers/gpu/drm/xe/xe_drm_client.c index e64f4b645e2e..badfa045ead8 100644 --- a/drivers/gpu/drm/xe/xe_drm_client.c +++ b/drivers/gpu/drm/xe/xe_drm_client.c @@ -196,6 +196,7 @@ static void show_meminfo(struct drm_printer *p, struct drm_file *file) struct xe_drm_client *client; struct drm_gem_object *obj; struct xe_bo *bo; + LLIST_HEAD(deferred); unsigned int id; u32 mem_type; @@ -215,11 +216,14 @@ static void show_meminfo(struct drm_printer *p, struct drm_file *file) list_for_each_entry(bo, &client->bos_list, client_link) { if (!kref_get_unless_zero(&bo->ttm.base.refcount)) continue; + bo_meminfo(bo, stats); - xe_bo_put(bo); + xe_bo_put_deferred(bo, &deferred); } spin_unlock(&client->bos_lock); + xe_bo_put_commit(&deferred); + for (mem_type = XE_PL_SYSTEM; mem_type < TTM_NUM_MEM_TYPES; ++mem_type) { if (!xe_mem_type_to_name[mem_type]) continue; -- 2.46.0

1 year, 3 months

1
1
0 0

[PATCH 5.4 000/121] 5.4.284-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.284 release. There are 121 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 12 Sep 2024 09:25:22 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.284-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.284-rc1 Zhang Changzhong <zhangchangzhong(a)huawei.com> cx82310_eth: fix error return code in cx82310_bind() Daniel Borkmann <daniel(a)iogearbox.net> net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket Roland Xu <mu001999(a)outlook.com> rtmutex: Drop rt_mutex::wait_lock before scheduling Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/i915/fence: Mark debug_fence_free() with __maybe_unused Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused Maurizio Lombardi <mlombard(a)redhat.com> nvmet-tcp: fix kernel crash if commands allocation fails Jonathan Cameron <Jonathan.Cameron(a)huawei.com> arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry James Morse <james.morse(a)arm.com> arm64: acpi: Move get_cpu_for_acpi_id() to a header Jonathan Cameron <Jonathan.Cameron(a)huawei.com> ACPI: processor: Fix memory leaks in error paths of processor_add() Jonathan Cameron <Jonathan.Cameron(a)huawei.com> ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: protect references to superblock parameters exposed in sysfs Qing Wang <wangqing(a)vivo.com> nilfs2: replace snprintf in show functions with sysfs_emit Zheng Yejian <zhengyejian(a)huaweicloud.com> tracing: Avoid possible softlockup in tracing_iter_reset() Steven Rostedt (VMware) <rostedt(a)goodmis.org> ring-buffer: Rename ring_buffer_read() to read_buffer_iter_advance() Sven Schnelle <svens(a)linux.ibm.com> uprobes: Use kzalloc to allocate xol area Daniel Lezcano <daniel.lezcano(a)linaro.org> clocksource/drivers/timer-of: Remove percpu irq related code Jacky Bai <ping.bai(a)nxp.com> clocksource/drivers/imx-tpm: Fix next event not taking effect sometime Jacky Bai <ping.bai(a)nxp.com> clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX David Fernandez Gonzalez <david.fernandez.gonzalez(a)oracle.com> VMCI: Fix use-after-free when removing resource in vmci_resource_remove() Naman Jain <namjain(a)linux.microsoft.com> Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic Saurabh Sengar <ssengar(a)linux.microsoft.com> uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind Geert Uytterhoeven <geert+renesas(a)glider.be> nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc Carlos Llamas <cmllamas(a)google.com> binder: fix UAF caused by offsets overwrite Guillaume Stols <gstols(a)baylibre.com> iio: adc: ad7606: remove frstdata check for serial mode Matteo Martelli <matteomartelli3(a)gmail.com> iio: fix scale application in iio_convert_raw_to_processed_unlocked David Lechner <dlechner(a)baylibre.com> iio: buffer-dmaengine: fix releasing dma channel on error Aleksandr Mishin <amishin(a)t-argos.ru> staging: iio: frequency: ad9834: Validate frequency parameter value Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations Michael Ellerman <mpe(a)ellerman.id.au> ata: pata_macio: Use WARN instead of BUG Kent Overstreet <kent.overstreet(a)linux.dev> lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() Stefan Wiehler <stefan.wiehler(a)nokia.com> of/irq: Prevent device address out-of-bounds read in interrupt map walk Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: sanity check symbolic link size Oliver Neukum <oneukum(a)suse.com> usbnet: ipheth: race between ipheth_close and error handling Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: uinput - reject requests with unreasonable number of slots Camila Alvarez <cam.alvarez.i(a)gmail.com> HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup David Sterba <dsterba(a)suse.com> btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry() Dan Williams <dan.j.williams(a)intel.com> PCI: Add missing bridge lock to pci_bus_lock() Josef Bacik <josef(a)toxicpanda.com> btrfs: clean up our handling of refs == 0 in snapshot delete Josef Bacik <josef(a)toxicpanda.com> btrfs: replace BUG_ON with ASSERT in walk_down_proc() Zqiang <qiang.zhang1211(a)gmail.com> smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu() Sascha Hauer <s.hauer(a)pengutronix.de> wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() Andreas Ziegler <ziegler.andreas(a)siemens.com> libbpf: Add NULL checks to bpf_object__{prev_map,next_map} Guenter Roeck <linux(a)roeck-us.net> hwmon: (w83627ehf) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (nct6775-core) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (lm95234) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (adc128d818) Fix underflows seen when writing limit attributes Krishna Kumar <krishnak(a)linux.ibm.com> pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv Zijun Hu <quic_zijuhu(a)quicinc.com> devres: Initialize an uninitialized struct member Johannes Berg <johannes.berg(a)intel.com> um: line: always fill *error_out in setup_one_line() Waiman Long <longman(a)redhat.com> cgroup: Protect css->cgroup write under css_set_lock Jacob Pan <jacob.jun.pan(a)linux.intel.com> iommu/vt-d: Handle volatile descriptor status read Benjamin Marzinski <bmarzins(a)redhat.com> dm init: Handle minors larger than 255 Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: topology: Properly initialize soc_enum values Pawel Dembicki <paweldembicki(a)gmail.com> net: dsa: vsc73xx: fix possible subblocks range of CAPT block Jonas Gorski <jonas.gorski(a)bisdn.de> net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> net: bridge: fdb: convert added_by_external_learn to use bitops Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> net: bridge: fdb: convert added_by_user to bitops Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> net: bridge: fdb: convert is_sticky to bitops Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> net: bridge: fdb: convert is_static to bitops Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> net: bridge: fdb: convert is_local to bitops Oliver Neukum <oneukum(a)suse.com> usbnet: modern method to get random MAC Jakub Kicinski <kuba(a)kernel.org> net: usb: don't write directly to netdev->dev_addr Len Baker <len.baker(a)gmx.com> drivers/net/usb: Remove all strcpy() uses Ondrej Zary <linux(a)zary.sk> cx82310_eth: re-enable ethernet mode after router reboot Cong Wang <cong.wang(a)bytedance.com> tcp_bpf: fix return value of tcp_bpf_sendmsg() Aleksandr Mishin <amishin(a)t-argos.ru> platform/x86: dell-smbios: Fix error path in dell_smbios_init() Daiwei Li <daiweili(a)google.com> igb: Fix not clearing TimeSync interrupts for 82580 Kuniyuki Iwashima <kuniyu(a)amazon.com> can: bcm: Remove proc entry when dev is unregistered. Jules Irenge <jbi.octave(a)gmail.com> pcmcia: Use resource_size function on resource object Chen Ni <nichen(a)iscas.ac.cn> media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse Kishon Vijay Abraham I <kishon(a)ti.com> PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) Shantanu Goel <sgoel01(a)yahoo.com> usb: uas: set host status byte on data completion error Arend van Spriel <arend.vanspriel(a)broadcom.com> wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 Jan Kara <jack(a)suse.cz> udf: Avoid excessive partition lengths Yunjian Wang <wangyunjian(a)huawei.com> netfilter: nf_conncount: fix wrong variable type Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Remove put_pid()/put_cred() in copy_peercred(). Pali Rohár <pali(a)kernel.org> irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1 Konstantin Andreev <andreev(a)swemel.ru> smack: unix sockets: fix accept()ed socket label Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Add input value sanity checks to HDMI channel map controls Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix state management in error path of log writing function Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix missing cleanup on rollforward recovery error Toke Høiland-Jørgensen <toke(a)redhat.com> sched: sch_cake: fix bulk flow accounting logic for host fairness Eric Dumazet <edumazet(a)google.com> ila: call nf_unregister_net_hooks() sooner Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: clk-alpha-pll: Fix the pll post div mask Peter Griffin <peter.griffin(a)linaro.org> clk: hi6220: use CLK_OF_DECLARE_DRIVER Peter Griffin <peter.griffin(a)linaro.org> reset: hi6220: Add support for AO reset controller Jann Horn <jannh(a)google.com> fuse: use unsigned type for getxattr/listxattr size truncation Joanne Koong <joannelkoong(a)gmail.com> fuse: update stats for pages in dropped aux writeback list Liao Chen <liaochen4(a)huawei.com> mmc: sdhci-of-aspeed: fix module autoloading Sam Protsenko <semen.protsenko(a)linaro.org> mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K Ma Ke <make24(a)iscas.ac.cn> irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init() Zheng Qixing <zhengqixing(a)huawei.com> ata: libata: Fix memory leak for error path in ata_host_alloc() Christoffer Sandberg <cs(a)tuxedo.de> ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices robelin <robelin(a)nvidia.com> ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object Stephen Hemminger <stephen(a)networkplumber.org> sch/netem: fix use after free in netem_dequeue Richard Fitzgerald <rf(a)opensource.cirrus.com> i2c: Use IS_REACHABLE() for substituting empty ACPI functions Jan Kara <jack(a)suse.cz> udf: Limit file size to 4TB Breno Leitao <leitao(a)debian.org> virtio_net: Fix napi_skb_cache_put warning Stanislav Fomichev <sdf(a)google.com> net: set SOCK_RCU_FREE before inserting socket into hashtable Christoph Hellwig <hch(a)lst.de> block: initialize integrity buffer to zero before writing it to media Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Enforce alignment of frame and interval Alex Hung <alex.hung(a)amd.com> drm/amd/display: Skip wbscl_set_scaler_filter if filter is null Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: make hash table duplicates more survivable Casey Schaufler <casey(a)schaufler-ca.com> smack: tcp: ipv4, fix incorrect labeling Abhishek Pandit-Subedi <abhishekpandit(a)chromium.org> usb: typec: ucsi: Fix null pointer dereference in trace Simon Holesch <simon(a)holesch.de> usbip: Don't submit special requests twice Shannon Nelson <shannon.nelson(a)amd.com> ionic: fix potential irq name truncation Leesoo Ahn <lsahn(a)ooseel.net> apparmor: fix possible NULL pointer dereference Michael Chen <michael.chen(a)amd.com> drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix mc_data out-of-bounds read warning Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix ucode out-of-bounds read warning Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check gpio_id before used as array index Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix overflowed array index read warning Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr ZHANG Yuntian <yt(a)radxa.com> net: usb: qmi_wwan: add MeiG Smart SRM825L Richard Fitzgerald <rf(a)opensource.cirrus.com> i2c: Fix conditional for substituting empty ACPI functions Philip Mueller <philm(a)manjaro.org> drm: panel-orientation-quirks: Add quirk for OrangePi Neo ------------- Diffstat: Makefile | 4 +- arch/arm64/include/asm/acpi.h | 12 +++ arch/arm64/kernel/acpi_numa.c | 11 -- arch/um/drivers/line.c | 2 + block/bio-integrity.c | 11 +- drivers/acpi/acpi_processor.c | 15 +-- drivers/android/binder.c | 1 + drivers/ata/libata-core.c | 4 +- drivers/ata/pata_macio.c | 7 +- drivers/base/devres.c | 1 + drivers/clk/hisilicon/clk-hi6220.c | 3 +- drivers/clk/qcom/clk-alpha-pll.c | 6 +- drivers/clocksource/timer-imx-tpm.c | 16 ++- drivers/clocksource/timer-of.c | 17 +-- drivers/clocksource/timer-of.h | 1 - drivers/gpu/drm/amd/amdgpu/amdgpu_afmt.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_crat.h | 2 - drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_topology.h | 5 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 5 +- .../drm/amd/display/dc/clk_mgr/dcn21/rn_clk_mgr.c | 3 +- .../gpu/drm/amd/display/dc/dcn20/dcn20_dwb_scl.c | 3 + drivers/gpu/drm/amd/display/dc/gpio/gpio_service.c | 17 ++- drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 ++ drivers/gpu/drm/i915/i915_sw_fence.c | 8 +- drivers/hid/hid-cougar.c | 2 +- drivers/hv/vmbus_drv.c | 1 + drivers/hwmon/adc128d818.c | 4 +- drivers/hwmon/lm95234.c | 9 +- drivers/hwmon/nct6775.c | 2 +- drivers/hwmon/w83627ehf.c | 4 +- drivers/iio/adc/ad7606.c | 28 +---- drivers/iio/adc/ad7606.h | 2 + drivers/iio/adc/ad7606_par.c | 46 +++++++- drivers/iio/buffer/industrialio-buffer-dmaengine.c | 4 +- drivers/iio/inkern.c | 8 +- drivers/input/misc/uinput.c | 14 +++ drivers/iommu/dmar.c | 2 +- drivers/irqchip/irq-armada-370-xp.c | 4 + drivers/irqchip/irq-gic-v2m.c | 6 +- drivers/md/dm-init.c | 4 +- drivers/media/platform/qcom/camss/camss.c | 5 +- drivers/media/usb/uvc/uvc_driver.c | 18 +++- drivers/misc/vmw_vmci/vmci_resource.c | 3 +- drivers/mmc/host/dw_mmc.c | 4 +- drivers/mmc/host/sdhci-of-aspeed.c | 1 + drivers/net/dsa/vitesse-vsc73xx-core.c | 10 +- drivers/net/ethernet/intel/igb/igb_main.c | 10 ++ drivers/net/ethernet/pensando/ionic/ionic_lif.c | 2 +- drivers/net/usb/ch9200.c | 4 +- drivers/net/usb/cx82310_eth.c | 56 ++++++++-- drivers/net/usb/ipheth.c | 4 +- drivers/net/usb/kaweth.c | 3 +- drivers/net/usb/mcs7830.c | 4 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/usb/sierra_net.c | 6 +- drivers/net/usb/sr9700.c | 4 +- drivers/net/usb/sr9800.c | 5 +- drivers/net/usb/usbnet.c | 23 ++-- drivers/net/virtio_net.c | 8 +- .../broadcom/brcm80211/brcmsmac/mac80211_if.c | 1 + drivers/net/wireless/marvell/mwifiex/main.h | 3 + drivers/nvme/target/tcp.c | 4 +- drivers/nvmem/core.c | 6 +- drivers/of/irq.c | 15 ++- drivers/pci/controller/dwc/pci-keystone.c | 44 +++++++- drivers/pci/hotplug/pnv_php.c | 3 +- drivers/pci/pci.c | 35 +++--- drivers/pcmcia/yenta_socket.c | 6 +- drivers/platform/x86/dell-smbios-base.c | 5 +- drivers/reset/hisilicon/hi6220_reset.c | 69 +++++++++++- drivers/staging/iio/frequency/ad9834.c | 2 +- drivers/uio/uio_hv_generic.c | 11 +- drivers/usb/storage/uas.c | 1 + drivers/usb/typec/ucsi/ucsi.h | 2 +- drivers/usb/usbip/stub_rx.c | 77 +++++++++----- fs/btrfs/extent-tree.c | 32 ++++-- fs/btrfs/inode.c | 2 +- fs/fuse/file.c | 8 +- fs/fuse/xattr.c | 4 +- fs/nfs/super.c | 2 + fs/nilfs2/recovery.c | 35 +++++- fs/nilfs2/segment.c | 10 +- fs/nilfs2/sysfs.c | 117 ++++++++++++--------- fs/squashfs/inode.c | 7 +- fs/udf/super.c | 24 ++++- include/linux/i2c.h | 2 +- include/linux/ring_buffer.h | 3 +- kernel/cgroup/cgroup.c | 2 +- kernel/events/uprobes.c | 3 +- kernel/locking/rtmutex.c | 4 +- kernel/smp.c | 1 + kernel/trace/ring_buffer.c | 23 ++-- kernel/trace/trace.c | 6 +- kernel/trace/trace_functions_graph.c | 2 +- lib/generic-radix-tree.c | 2 + net/bridge/br_fdb.c | 116 ++++++++++---------- net/bridge/br_input.c | 2 +- net/bridge/br_private.h | 17 +-- net/bridge/br_switchdev.c | 6 +- net/can/bcm.c | 4 + net/ipv4/inet_hashtables.c | 2 +- net/ipv4/tcp_bpf.c | 2 +- net/ipv6/ila/ila.h | 1 + net/ipv6/ila/ila_main.c | 6 ++ net/ipv6/ila/ila_xlat.c | 13 ++- net/netfilter/nf_conncount.c | 8 +- net/sched/sch_cake.c | 11 +- net/sched/sch_netem.c | 9 +- net/sunrpc/xprtsock.c | 7 ++ net/unix/af_unix.c | 9 +- net/wireless/scan.c | 46 +++++--- security/apparmor/apparmorfs.c | 4 + security/smack/smack_lsm.c | 14 ++- sound/hda/hdmi_chmap.c | 18 ++++ sound/pci/hda/patch_conexant.c | 11 ++ sound/soc/soc-dapm.c | 1 + sound/soc/soc-topology.c | 2 + tools/lib/bpf/libbpf.c | 4 +- 122 files changed, 946 insertions(+), 423 deletions(-)

1 year, 3 months

6
127
0 0

[PATCH v6 1/6] x86/tdx: Fix "in-kernel MMIO" check

by Alexey Gladkov

From: "Alexey Gladkov (Intel)" <legion(a)kernel.org> TDX only supports kernel-initiated MMIO operations. The handle_mmio() function checks if the #VE exception occurred in the kernel and rejects the operation if it did not. However, userspace can deceive the kernel into performing MMIO on its behalf. For example, if userspace can point a syscall to an MMIO address, syscall does get_user() or put_user() on it, triggering MMIO #VE. The kernel will treat the #VE as in-kernel MMIO. Ensure that the target MMIO address is within the kernel before decoding instruction. Cc: stable(a)vger.kernel.org Signed-off-by: Alexey Gladkov (Intel) <legion(a)kernel.org> --- arch/x86/coco/tdx/tdx.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index 078e2bac2553..c90d2fdb5fc4 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -405,6 +405,11 @@ static bool mmio_write(int size, unsigned long addr, unsigned long val) EPT_WRITE, addr, val); } +static inline bool is_kernel_addr(unsigned long addr) +{ + return (long)addr < 0; +} + static int handle_mmio(struct pt_regs *regs, struct ve_info *ve) { unsigned long *reg, val, vaddr; @@ -434,6 +439,11 @@ static int handle_mmio(struct pt_regs *regs, struct ve_info *ve) return -EINVAL; } + if (!user_mode(regs) && !is_kernel_addr(ve->gla)) { + WARN_ONCE(1, "Access to userspace address is not supported"); + return -EINVAL; + } + /* * Reject EPT violation #VEs that split pages. * -- 2.46.0

1 year, 3 months

3
4
0 0

[PATCH 5.4 000/134] 5.4.283-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.283 release. There are 134 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Tue, 03 Sep 2024 16:07:34 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.283-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.283-rc1 Ben Hutchings <benh(a)debian.org> scsi: aacraid: Fix double-free on probe failure Andrew Lunn <andrew(a)lunn.ch> net: dsa: mv8e6xxx: Fix stub function parameters Zijun Hu <quic_zijuhu(a)quicinc.com> usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> usb: dwc3: st: add missing depopulate in probe error path Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> usb: dwc3: st: fix probed platform device ref count on probe error path Selvarasu Ganesan <selvarasu.g(a)samsung.com> usb: dwc3: core: Prevent USB core invalid event buffer address access Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> usb: dwc3: omap: add missing depopulate in probe error path ZHANG Yuntian <yt(a)radxa.com> USB: serial: option: add MeiG Smart SRM825L Ian Ray <ian.ray(a)gehealthcare.com> cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller Volodymyr Babchuk <Volodymyr_Babchuk(a)epam.com> soc: qcom: cmd-db: Map shared memory as WC, not WB Aleksandr Mishin <amishin(a)t-argos.ru> nfc: pn533: Add poll mod list filling check Lars Poeschel <poeschel(a)lemonage.de> nfc: pn533: Add autopoll capability Lars Poeschel <poeschel(a)lemonage.de> nfc: pn533: Add dev_up/dev_down hooks to phy_ops Eric Dumazet <edumazet(a)google.com> net: busy-poll: use ktime_get_ns() instead of local_clock() Cong Wang <cong.wang(a)bytedance.com> gtp: fix a potential NULL pointer dereference Jamie Bainbridge <jamie.bainbridge(a)gmail.com> ethtool: check device is present when getting link settings Prashant Malani <pmalani(a)chromium.org> r8152: Factor out OOB link list waits Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soundwire: stream: fix programming slave ports for non-continous port maps Allison Henderson <allison.henderson(a)oracle.com> net:rds: Fix possible deadlock in rds_message_put Chen Ridong <chenridong(a)huawei.com> cgroup/cpuset: Prevent UAF in proc_cpuset_show() Niklas Cassel <cassel(a)kernel.org> ata: libata-core: Fix null pointer dereference on error Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Fix integer overflow calculating timestamp Long Li <leo.lilong(a)huawei.com> filelock: Correct the filelock owner in fcntl_setlk/fcntl_setlk64 Alex Deucher <alexander.deucher(a)amd.com> drm/amdkfd: don't allow mapping the MMIO HDP page with large pages Rafael Aquini <aquini(a)redhat.com> ipc: replace costly bailout check in sysvipc_find_ipc() Sascha Hauer <s.hauer(a)pengutronix.de> wifi: mwifiex: duplicate static structs used in driver instances Ma Ke <make24(a)iscas.ac.cn> pinctrl: single: fix potential NULL dereference in pcs_get_function() Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc Alexander Lobakin <aleksander.lobakin(a)intel.com> tools: move alignment-related macros to new <linux/align.h> Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Input: MT - limit max slots Lee, Chun-Yi <joeyli.kernel(a)gmail.com> Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO Takashi Iwai <tiwai(a)suse.de> ALSA: timer: Relax start tick time check for slave timer elements Ben Whitten <ben.whitten(a)gmail.com> mmc: dw_mmc: allow biu and ciu clocks to defer Nikolay Kuratov <kniv(a)yandex-team.ru> cxgb4: add forgotten u64 ivlan cast before shift Siarhei Vishniakou <svv(a)google.com> HID: microsoft: Add rumble support to latest xbox controllers Jason Gerecke <jason.gerecke(a)wacom.com> HID: wacom: Defer calculation of resolution until resolution_code is known Griffin Kroah-Hartman <griffin(a)kroah.com> Bluetooth: MGMT: Add error handling to pair_device() Dan Carpenter <dan.carpenter(a)linaro.org> mmc: mmc_test: Fix NULL dereference on allocation failure Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: don't play tricks with debug macros Jani Nikula <jani.nikula(a)intel.com> drm/msm: use drm_debug_enabled() to check for debug categories Sean Anderson <sean.anderson(a)linux.dev> net: xilinx: axienet: Fix dangling multicast addresses Sean Anderson <sean.anderson(a)linux.dev> net: xilinx: axienet: Always disable promiscuous mode Eric Dumazet <edumazet(a)google.com> ipv6: prevent UAF in ip6_send_skb() Stephen Hemminger <stephen(a)networkplumber.org> netem: fix return value if duplicate enqueue fails Joseph Huang <Joseph.Huang(a)garmin.com> net: dsa: mv88e6xxx: Fix out-of-bound access Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: mv88e6xxx: replace ATU violation prints with trace points Hans J. Schultz <netdev(a)kapio-technology.com> net: dsa: mv88e6xxx: read FID when handling ATU violations Andrew Lunn <andrew(a)lunn.ch> net: dsa: mv88e6xxx: global1_atu: Add helper for get next Andrew Lunn <andrew(a)lunn.ch> net: dsa: mv88e6xxx: global2: Expose ATU stats register Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> netfilter: nft_counter: Synchronize nft_counter_reset() against reader. Kuniyuki Iwashima <kuniyu(a)amazon.com> kcm: Serialise kcm_sendmsg() for the same socket. Simon Horman <horms(a)kernel.org> tc-testing: don't access non-existent variable on exception Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_core: Fix LE quote calculation Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_core: Fix not handling link timeouts propertly Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: Make use of __check_timeout on hci_sched_le Mikulas Patocka <mpatocka(a)redhat.com> dm suspend: return -ERESTARTSYS instead of -EINTR Ming Lei <ming.lei(a)redhat.com> dm: do not use waitqueue for request-based DM Gabriel Krisman Bertazi <krisman(a)collabora.com> dm mpath: pass IO start time to path selector Aurelien Jarno <aurelien(a)aurel32.net> media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) Tetsuo Handa <penguin-kernel(a)i-love.sakura.ne.jp> block: use "unsigned long" for blk_validate_block_size(). Eric Dumazet <edumazet(a)google.com> gtp: pull network headers in gtp_dev_xmit() Phil Chang <phil.chang(a)mediatek.com> hrtimer: Prevent queuing of hrtimer without a function callback Sagi Grimberg <sagi(a)grimberg.me> nvmet-rdma: fix possible bad dereference when freeing rsps Baokun Li <libaokun1(a)huawei.com> ext4: set the type of max_zeroout to unsigned int to avoid overflow Guanrui Huang <guanrui.huang(a)linux.alibaba.com> irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc Abdulrasaq Lawani <abdulrasaqolawani(a)gmail.com> fbdev: offb: replace of_node_put with __free(device_node) Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: dwc3: core: Skip setting event buffers for host only controllers Alexander Gordeev <agordeev(a)linux.ibm.com> s390/iucv: fix receive buffer virtual vs physical address confusion Oreoluwa Babatunde <quic_obabatun(a)quicinc.com> openrisc: Call setup_memory() earlier in the init sequence NeilBrown <neilb(a)suse.de> NFS: avoid infinite loop in pnfs_update_layout. Hannes Reinecke <hare(a)suse.de> nvmet-tcp: do not continue for invalid icreq Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: bnep: Fix out-of-bound access Keith Busch <kbusch(a)kernel.org> nvme: clear caller pointer on identify failure Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> usb: gadget: fsl: Increase size of name buffer for endpoints Zhiguo Niu <zhiguo.niu(a)unisoc.com> f2fs: fix to do sanity check in update_sit_entry David Sterba <dsterba(a)suse.com> btrfs: delete pointless BUG_ON check on quota root in btrfs_qgroup_account_extent() David Sterba <dsterba(a)suse.com> btrfs: send: handle unexpected data in header buffer in begin_cmd() David Sterba <dsterba(a)suse.com> btrfs: handle invalid root reference found in may_destroy_subvol() David Sterba <dsterba(a)suse.com> btrfs: change BUG_ON to assertion when checking for delayed_node root Michael Ellerman <mpe(a)ellerman.id.au> powerpc/boot: Only free if realloc() succeeds Li zeming <zeming(a)nfschina.com> powerpc/boot: Handle allocation failure in simple_realloc() Helge Deller <deller(a)gmx.de> parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367 Kees Cook <keescook(a)chromium.org> x86: Increase brk randomness entropy for 64-bit systems Li Nan <linan122(a)huawei.com> md: clean up invalid BUG_ON in md_ioctl Stefan Hajnoczi <stefanha(a)redhat.com> virtiofs: forbid newlines in tags Erico Nunes <nunes.erico(a)gmail.com> drm/lima: set gp bus_stop bit before hard reset Kees Cook <keescook(a)chromium.org> net/sun3_82586: Avoid reading past buffer in debug output Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Initialize status local variable in lpfc_sli4_repost_sgl_list() Max Filippov <jcmvbkbc(a)gmail.com> fs: binfmt_elf_efpic: don't use missing interpreter's properties Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: pci: cx23885: check cx23885_vdev_init() return Jan Kara <jack(a)suse.cz> quota: Remove BUG_ON from dqget() Baokun Li <libaokun1(a)huawei.com> ext4: do not trim the group with corrupted block bitmap Daniel Wagner <dwagner(a)suse.de> nvmet-trace: avoid dereferencing pointer too early Kunwu Chan <chentao(a)kylinos.cn> powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu Chengfeng Ye <dg573847474(a)gmail.com> IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: abort scan when rfkill on but device enabled Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: setattr_chown: Add missing initialization Mike Christie <michael.christie(a)oracle.com> scsi: spi: Fix sshdr use Christian Brauner <christian.brauner(a)ubuntu.com> binfmt_misc: cleanup on filesystem umount Chengfeng Ye <dg573847474(a)gmail.com> staging: ks7010: disable bh on tx_dev_lock Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: radio-isa: use dev_name to fill in bus_info Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: riic: avoid potential division by zero Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: cw1200: Avoid processing an invalid TIM IE Rand Deeb <rand.sec96(a)gmail.com> ssb: Fix division by zero issue in ssb_calc_clock_rate Parsa Poorshikhian <parsa.poorsh(a)gmail.com> ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 Jie Wang <wangjie125(a)huawei.com> net: hns3: fix a deadlock problem when config TC during resetting Pawel Dembicki <paweldembicki(a)gmail.com> net: dsa: vsc73xx: pass value in phy_write operation Radhey Shyam Pandey <radhey.shyam.pandey(a)amd.com> net: axienet: Fix register defines comment description Andre Przywara <andre.przywara(a)arm.com> net: axienet: Autodetect 64-bit DMA capability Andre Przywara <andre.przywara(a)arm.com> net: axienet: Upgrade descriptors to hold 64-bit addresses Andre Przywara <andre.przywara(a)arm.com> net: axienet: Wrap DMA pointer writes to prepare for 64 bit Andre Przywara <andre.przywara(a)arm.com> net: axienet: Drop MDIO interrupt registers from ethtools dump Andre Przywara <andre.przywara(a)arm.com> net: axienet: Check for DMA mapping errors Andre Przywara <andre.przywara(a)arm.com> net: axienet: Factor out TX descriptor chain cleanup Andre Przywara <andre.przywara(a)arm.com> net: axienet: Improve DMA error handling Andre Przywara <andre.przywara(a)arm.com> net: axienet: Fix DMA descriptor cleanup path Dan Carpenter <dan.carpenter(a)linaro.org> atm: idt77252: prevent use after free in dequeue_rx() Cosmin Ratiu <cratiu(a)nvidia.com> net/mlx5e: Correctly report errors for ethtool rx flows Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/uv: Panic for set and remove shared access UVC errors Alexander Lobakin <aleksander.lobakin(a)intel.com> btrfs: rename bitmap_set_bits() -> btrfs_bitmap_set_bits() Alexander Lobakin <aleksander.lobakin(a)intel.com> s390/cio: rename bitmap_size() -> idset_bitmap_size() Al Viro <viro(a)zeniv.linux.org.uk> memcg_write_event_control(): fix a user-triggerable oops Bas Nieuwenhuizen <bas(a)basnieuwenhuizen.nl> drm/amdgpu: Actually check flags for all context ops. Zhen Lei <thunder.leizhen(a)huawei.com> selinux: fix potential counting error in avc_add_xperms_decision() Al Viro <viro(a)zeniv.linux.org.uk> fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE Alexander Lobakin <aleksander.lobakin(a)intel.com> bitmap: introduce generic optimized bitmap_size() Zhihao Cheng <chengzhihao1(a)huawei.com> vfs: Don't evict inode under the inode lru traversing context Mikulas Patocka <mpatocka(a)redhat.com> dm persistent data: fix memory allocation failure Khazhismel Kumykov <khazhy(a)google.com> dm resume: don't return EINVAL when signalled Haibo Xu <haibo1.xu(a)intel.com> arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to NUMA_NO_NODE Stefan Haberland <sth(a)linux.ibm.com> s390/dasd: fix error recovery leading to data corruption on ESE devices Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration Juan José Arboleda <soyjuanarbol(a)gmail.com> ALSA: usb-audio: Support Yamaha P-125 quirk entry Jann Horn <jannh(a)google.com> fuse: Initialize beyond-EOF page contents before setting uptodate ------------- Diffstat: Makefile | 4 +- arch/arm64/kernel/acpi_numa.c | 2 +- arch/openrisc/kernel/setup.c | 6 +- arch/parisc/kernel/irq.c | 4 +- arch/powerpc/boot/simple_alloc.c | 7 +- arch/powerpc/sysdev/xics/icp-native.c | 2 + arch/s390/include/asm/uv.h | 5 +- arch/x86/kernel/process.c | 5 +- drivers/ata/libata-core.c | 3 + drivers/atm/idt77252.c | 9 +- drivers/bluetooth/hci_ldisc.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ctx.c | 8 + drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 5 +- drivers/gpu/drm/lima/lima_gp.c | 12 + drivers/gpu/drm/msm/disp/dpu1/dpu_kms.h | 14 +- drivers/hid/hid-ids.h | 10 +- drivers/hid/hid-microsoft.c | 11 +- drivers/hid/wacom_wac.c | 4 +- drivers/i2c/busses/i2c-riic.c | 2 +- drivers/infiniband/hw/hfi1/chip.c | 5 +- drivers/input/input-mt.c | 3 + drivers/irqchip/irq-gic-v3-its.c | 2 - drivers/md/dm-clone-metadata.c | 5 - drivers/md/dm-ioctl.c | 22 +- drivers/md/dm-mpath.c | 9 +- drivers/md/dm-path-selector.h | 2 +- drivers/md/dm-queue-length.c | 2 +- drivers/md/dm-rq.c | 4 - drivers/md/dm-service-time.c | 2 +- drivers/md/dm.c | 67 ++-- drivers/md/md.c | 5 - drivers/md/persistent-data/dm-space-map-metadata.c | 4 +- drivers/media/pci/cx23885/cx23885-video.c | 8 + drivers/media/pci/solo6x10/solo6x10-offsets.h | 10 +- drivers/media/radio/radio-isa.c | 2 +- drivers/media/usb/uvc/uvc_video.c | 10 +- drivers/mmc/core/mmc_test.c | 9 +- drivers/mmc/host/dw_mmc.c | 8 + drivers/net/dsa/mv88e6xxx/Makefile | 4 + drivers/net/dsa/mv88e6xxx/global1.h | 1 + drivers/net/dsa/mv88e6xxx/global1_atu.c | 87 +++++- drivers/net/dsa/mv88e6xxx/global2.c | 13 + drivers/net/dsa/mv88e6xxx/global2.h | 25 +- drivers/net/dsa/mv88e6xxx/trace.c | 6 + drivers/net/dsa/mv88e6xxx/trace.h | 66 ++++ drivers/net/dsa/vitesse-vsc73xx-core.c | 2 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4_filter.c | 3 +- drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 3 + drivers/net/ethernet/i825xx/sun3_82586.c | 2 +- .../ethernet/mellanox/mlx5/core/en_fs_ethtool.c | 2 +- drivers/net/ethernet/xilinx/xilinx_axienet.h | 34 +-- drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 337 +++++++++++++++------ drivers/net/gtp.c | 5 +- drivers/net/usb/r8152.c | 73 ++--- drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 2 +- drivers/net/wireless/marvell/mwifiex/cfg80211.c | 32 +- drivers/net/wireless/st/cw1200/txrx.c | 2 +- drivers/nfc/pn533/pn533.c | 210 ++++++++++++- drivers/nfc/pn533/pn533.h | 19 +- drivers/nvme/host/core.c | 5 +- drivers/nvme/target/rdma.c | 16 +- drivers/nvme/target/tcp.c | 1 + drivers/nvme/target/trace.c | 6 +- drivers/nvme/target/trace.h | 28 +- drivers/pinctrl/pinctrl-single.c | 2 + drivers/s390/block/dasd.c | 36 ++- drivers/s390/block/dasd_3990_erp.c | 10 +- drivers/s390/block/dasd_eckd.c | 57 ++-- drivers/s390/block/dasd_int.h | 2 +- drivers/s390/cio/idset.c | 12 +- drivers/scsi/aacraid/comminit.c | 2 + drivers/scsi/lpfc/lpfc_sli.c | 2 +- drivers/scsi/scsi_transport_spi.c | 4 +- drivers/soc/qcom/cmd-db.c | 2 +- drivers/soundwire/stream.c | 8 +- drivers/ssb/main.c | 2 +- drivers/staging/ks7010/ks7010_sdio.c | 4 +- drivers/usb/class/cdc-acm.c | 3 + drivers/usb/core/sysfs.c | 1 + drivers/usb/dwc3/core.c | 21 ++ drivers/usb/dwc3/dwc3-omap.c | 4 +- drivers/usb/dwc3/dwc3-st.c | 16 +- drivers/usb/gadget/udc/fsl_udc_core.c | 2 +- drivers/usb/host/xhci.c | 8 +- drivers/usb/serial/option.c | 5 + drivers/video/fbdev/offb.c | 3 +- fs/binfmt_elf_fdpic.c | 2 +- fs/binfmt_misc.c | 216 ++++++++++--- fs/btrfs/delayed-inode.c | 2 +- fs/btrfs/free-space-cache.c | 8 +- fs/btrfs/inode.c | 9 +- fs/btrfs/qgroup.c | 2 - fs/btrfs/send.c | 7 +- fs/ext4/extents.c | 3 +- fs/ext4/mballoc.c | 3 + fs/f2fs/segment.c | 5 +- fs/file.c | 28 +- fs/fuse/dev.c | 6 +- fs/fuse/virtio_fs.c | 10 + fs/gfs2/inode.c | 2 +- fs/inode.c | 39 ++- fs/locks.c | 4 +- fs/nfs/pnfs.c | 8 + fs/quota/dquot.c | 5 +- include/linux/bitmap.h | 20 +- include/linux/blkdev.h | 2 +- include/linux/cpumask.h | 2 +- include/linux/device-mapper.h | 2 + include/linux/fs.h | 5 + include/net/busy_poll.h | 2 +- include/net/kcm.h | 1 + ipc/util.c | 16 +- kernel/cgroup/cpuset.c | 13 +- kernel/time/hrtimer.c | 2 + lib/math/prime_numbers.c | 2 - mm/memcontrol.c | 7 +- net/bluetooth/bnep/core.c | 3 +- net/bluetooth/hci_core.c | 58 ++-- net/bluetooth/mgmt.c | 4 + net/core/ethtool.c | 3 + net/core/net-sysfs.c | 2 +- net/ipv6/ip6_output.c | 2 + net/iucv/iucv.c | 3 +- net/kcm/kcmsock.c | 4 + net/netfilter/nft_counter.c | 5 + net/rds/recv.c | 13 +- net/sched/sch_netem.c | 47 +-- security/selinux/avc.c | 2 +- sound/core/timer.c | 2 +- sound/pci/hda/patch_realtek.c | 1 - sound/usb/quirks-table.h | 1 + tools/include/linux/align.h | 12 + tools/include/linux/bitmap.h | 8 +- tools/testing/selftests/tc-testing/tdc.py | 1 - 135 files changed, 1506 insertions(+), 586 deletions(-)

1 year, 3 months

6
141
0 0

[PATCH 5.15 000/214] 5.15.167-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.167 release. There are 214 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 12 Sep 2024 09:25:22 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.167-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.167-rc1 Felix Fietkau <nbd(a)nbd.name> udp: fix receiving fraglist GSO packets Shakeel Butt <shakeel.butt(a)linux.dev> memcg: protect concurrent access to mem_cgroup_idr Filipe Manana <fdmanana(a)suse.com> btrfs: fix race between direct IO write and fsync when using same fd Daniel Borkmann <daniel(a)iogearbox.net> net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket Thomas Gleixner <tglx(a)linutronix.de> x86/mm: Fix PTI for i386 some more Willem de Bruijn <willemb(a)google.com> net: drop bad gso csum_start and offset in virtio_net_hdr Yan Zhai <yan(a)cloudflare.com> gso: fix dodgy bit handling for GSO_UDP_L4 Yuri Benditovich <yuri.benditovich(a)daynix.com> net: change maximum number of UDP segments to 128 Willem de Bruijn <willemb(a)google.com> net: more strict VIRTIO_NET_HDR_GSO_UDP_L4 validation Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> gpio: rockchip: fix OF node leak in probe() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/i915/fence: Mark debug_fence_free() with __maybe_unused Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused Matteo Martelli <matteomartelli3(a)gmail.com> ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode Maurizio Lombardi <mlombard(a)redhat.com> nvmet-tcp: fix kernel crash if commands allocation fails Jonathan Cameron <Jonathan.Cameron(a)huawei.com> arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry James Morse <james.morse(a)arm.com> arm64: acpi: Move get_cpu_for_acpi_id() to a header Jonathan Cameron <Jonathan.Cameron(a)huawei.com> ACPI: processor: Fix memory leaks in error paths of processor_add() Jonathan Cameron <Jonathan.Cameron(a)huawei.com> ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() Nicholas Piggin <npiggin(a)gmail.com> workqueue: Improve scalability of workqueue watchdog touch Nicholas Piggin <npiggin(a)gmail.com> workqueue: wq_watchdog_touch is always called with valid CPU Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: protect references to superblock parameters exposed in sysfs Qing Wang <wangqing(a)vivo.com> nilfs2: replace snprintf in show functions with sysfs_emit Dan Carpenter <dan.carpenter(a)linaro.org> ksmbd: Unlock on in ksmbd_tcp_set_interfaces() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: unset the binding mark of a reused connection Peter Zijlstra <peterz(a)infradead.org> perf/aux: Fix AUX buffer serialization Sven Schnelle <svens(a)linux.ibm.com> uprobes: Use kzalloc to allocate xol area Daniel Lezcano <daniel.lezcano(a)linaro.org> clocksource/drivers/timer-of: Remove percpu irq related code Jacky Bai <ping.bai(a)nxp.com> clocksource/drivers/imx-tpm: Fix next event not taking effect sometime Jacky Bai <ping.bai(a)nxp.com> clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX David Fernandez Gonzalez <david.fernandez.gonzalez(a)oracle.com> VMCI: Fix use-after-free when removing resource in vmci_resource_remove() Naman Jain <namjain(a)linux.microsoft.com> Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic Saurabh Sengar <ssengar(a)linux.microsoft.com> uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind Geert Uytterhoeven <geert+renesas(a)glider.be> nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc Carlos Llamas <cmllamas(a)google.com> binder: fix UAF caused by offsets overwrite Faisal Hassan <quic_faisalh(a)quicinc.com> usb: dwc3: core: update LC timer as per USB Spec V3.2 Dumitru Ceclan <mitrutzceclan(a)gmail.com> iio: adc: ad7124: fix chip ID mismatch Guillaume Stols <gstols(a)baylibre.com> iio: adc: ad7606: remove frstdata check for serial mode Dumitru Ceclan <mitrutzceclan(a)gmail.com> iio: adc: ad7124: fix config comparison Matteo Martelli <matteomartelli3(a)gmail.com> iio: fix scale application in iio_convert_raw_to_processed_unlocked David Lechner <dlechner(a)baylibre.com> iio: buffer-dmaengine: fix releasing dma channel on error Aleksandr Mishin <amishin(a)t-argos.ru> staging: iio: frequency: ad9834: Validate frequency parameter value Ronnie Sahlberg <lsahlber(a)redhat.com> cifs: Check the lease context if we actually got a lease Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations Michael Ellerman <mpe(a)ellerman.id.au> ata: pata_macio: Use WARN instead of BUG Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed Kent Overstreet <kent.overstreet(a)linux.dev> lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() Stefan Wiehler <stefan.wiehler(a)nokia.com> of/irq: Prevent device address out-of-bounds read in interrupt map walk Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: sanity check symbolic link size Oliver Neukum <oneukum(a)suse.com> usbnet: ipheth: race between ipheth_close and error handling Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: uinput - reject requests with unreasonable number of slots Olivier Sobrie <olivier(a)sobrie.be> HID: amd_sfh: free driver_data after destroying hid device Camila Alvarez <cam.alvarez.i(a)gmail.com> HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup Heiko Carstens <hca(a)linux.ibm.com> s390/vmlinux.lds.S: Move ro_after_init section behind rodata section David Sterba <dsterba(a)suse.com> btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry() Zenghui Yu <yuzenghui(a)huawei.com> kselftests: dmabuf-heaps: Ensure the driver name is null-terminated Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dpaa: avoid on-stack arrays of NR_CPUS elements Dan Williams <dan.j.williams(a)intel.com> PCI: Add missing bridge lock to pci_bus_lock() yang.zhang <yang.zhang(a)hexintek.com> riscv: set trap vector earlier Filipe Manana <fdmanana(a)suse.com> btrfs: replace BUG_ON() with error handling at update_ref_for_cow() Josef Bacik <josef(a)toxicpanda.com> btrfs: clean up our handling of refs == 0 in snapshot delete Josef Bacik <josef(a)toxicpanda.com> btrfs: replace BUG_ON with ASSERT in walk_down_proc() Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Check more cases when directory is corrupted Zqiang <qiang.zhang1211(a)gmail.com> smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu() Sascha Hauer <s.hauer(a)pengutronix.de> wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() Yicong Yang <yangyicong(a)hisilicon.com> dma-mapping: benchmark: Don't starve others when doing the test Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: fix possible tid_t sequence overflows Yifan Zha <Yifan.Zha(a)amd.com> drm/amdgpu: Set no_hw_access when VF request full GPU fails Andreas Ziegler <ziegler.andreas(a)siemens.com> libbpf: Add NULL checks to bpf_object__{prev_map,next_map} Guenter Roeck <linux(a)roeck-us.net> hwmon: (w83627ehf) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (nct6775-core) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (lm95234) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (adc128d818) Fix underflows seen when writing limit attributes Krishna Kumar <krishnak(a)linux.ibm.com> pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv Zijun Hu <quic_zijuhu(a)quicinc.com> devres: Initialize an uninitialized struct member Johannes Berg <johannes.berg(a)intel.com> um: line: always fill *error_out in setup_one_line() Waiman Long <longman(a)redhat.com> cgroup: Protect css->cgroup write under css_set_lock Jacob Pan <jacob.jun.pan(a)linux.intel.com> iommu/vt-d: Handle volatile descriptor status read Benjamin Marzinski <bmarzins(a)redhat.com> dm init: Handle minors larger than 255 Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: topology: Properly initialize soc_enum values Pawel Dembicki <paweldembicki(a)gmail.com> net: dsa: vsc73xx: fix possible subblocks range of CAPT block Jonas Gorski <jonas.gorski(a)bisdn.de> net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN Kuniyuki Iwashima <kuniyu(a)amazon.com> fou: Fix null-ptr-deref in GRO. Eric Dumazet <edumazet(a)google.com> gro: remove rcu_read_lock/rcu_read_unlock from gro_complete handlers Eric Dumazet <edumazet(a)google.com> gro: remove rcu_read_lock/rcu_read_unlock from gro_receive handlers Guillaume Nault <gnault(a)redhat.com> bareudp: Fix device stats updates. Oliver Neukum <oneukum(a)suse.com> usbnet: modern method to get random MAC Jakub Kicinski <kuba(a)kernel.org> net: usb: don't write directly to netdev->dev_addr Larysa Zaremba <larysa.zaremba(a)intel.com> ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset Dan Carpenter <dan.carpenter(a)linaro.org> igc: Unlock on error in igc_io_resume() Cong Wang <cong.wang(a)bytedance.com> tcp_bpf: fix return value of tcp_bpf_sendmsg() Aleksandr Mishin <amishin(a)t-argos.ru> platform/x86: dell-smbios: Fix error path in dell_smbios_init() Daiwei Li <daiweili(a)google.com> igb: Fix not clearing TimeSync interrupts for 82580 Simon Horman <horms(a)kernel.org> can: m_can: Release irq on error in m_can_open Kuniyuki Iwashima <kuniyu(a)amazon.com> can: bcm: Remove proc entry when dev is unregistered. Marek Olšák <marek.olsak(a)amd.com> drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6 Jules Irenge <jbi.octave(a)gmail.com> pcmcia: Use resource_size function on resource object Chen Ni <nichen(a)iscas.ac.cn> media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse Kishon Vijay Abraham I <kishon(a)ti.com> PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: vivid: don't set HDMI TX controls if there are no HDMI outputs Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check HDCP returned status Shantanu Goel <sgoel01(a)yahoo.com> usb: uas: set host status byte on data completion error Arend van Spriel <arend.vanspriel(a)broadcom.com> wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> leds: spi-byte: Call of_node_put() on error path Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: vivid: fix wrong sizeimage value for mplane Jan Kara <jack(a)suse.cz> udf: Avoid excessive partition lengths Yunjian Wang <wangyunjian(a)huawei.com> netfilter: nf_conncount: fix wrong variable type Jernej Skrabec <jernej.skrabec(a)gmail.com> iommu: sun50i: clear bypass register Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Remove put_pid()/put_cred() in copy_peercred(). Pali Rohár <pali(a)kernel.org> irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1 Konstantin Andreev <andreev(a)swemel.ru> smack: unix sockets: fix accept()ed socket label Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Add input value sanity checks to HDMI channel map controls Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: send ACK on an active subflow Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pr_debug: add missing \n at the end Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: skip connecting to already established sf Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: do not remove already closed subflows Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: ADD_ADDR 0 is not a new address Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: close subflow when receiving TCP+FIN Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: avoid duplicated SUB_CLOSED events Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: avoid possible UaF when selecting endp Paolo Abeni <pabeni(a)redhat.com> mptcp: constify a bunch of of helpers Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: fullmesh: select the right ID later Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: only decrement add_addr_accepted for MPJ req Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: re-using ID of unused flushed subflows Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix state management in error path of log writing function Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix missing cleanup on rollforward recovery error Toke Høiland-Jørgensen <toke(a)redhat.com> sched: sch_cake: fix bulk flow accounting logic for host fairness Eric Dumazet <edumazet(a)google.com> ila: call nf_unregister_net_hooks() sooner Zheng Yejian <zhengyejian(a)huaweicloud.com> tracing: Avoid possible softlockup in tracing_iter_reset() Simon Arlott <simon(a)octiron.net> can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: clk-alpha-pll: Update set_rate for Zonda PLL Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: clk-alpha-pll: Fix zonda set_rate failure when PLL is disabled Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: clk-alpha-pll: Fix the pll post div mask Jann Horn <jannh(a)google.com> fuse: use unsigned type for getxattr/listxattr size truncation Joanne Koong <joannelkoong(a)gmail.com> fuse: update stats for pages in dropped aux writeback list Seunghwan Baek <sh8267.baek(a)samsung.com> mmc: cqhci: Fix checking of CQHCI_HALT state Liao Chen <liaochen4(a)huawei.com> mmc: sdhci-of-aspeed: fix module autoloading Sam Protsenko <semen.protsenko(a)linaro.org> mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Ignore keys being loaded with invalid type Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE" Georg Gottleuber <ggo(a)tuxedocomputers.com> nvme-pci: Add sleep quirk for Samsung 990 Evo Roland Xu <mu001999(a)outlook.com> rtmutex: Drop rt_mutex::wait_lock before scheduling Ma Ke <make24(a)iscas.ac.cn> irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init() Zheng Qixing <zhengqixing(a)huawei.com> ata: libata: Fix memory leak for error path in ata_host_alloc() Maximilien Perreault <maximilienperreault(a)gmail.com> ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx Terry Cheong <htcheong(a)chromium.org> ALSA: hda/realtek: add patch for internal mic in Lenovo V145 Christoffer Sandberg <cs(a)tuxedo.de> ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices Ravi Bangoria <ravi.bangoria(a)amd.com> KVM: SVM: Don't advertise Bus Lock Detect to guest if SVM support is missing Maxim Levitsky <mlevitsk(a)redhat.com> KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE robelin <robelin(a)nvidia.com> ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object Stephen Hemminger <stephen(a)networkplumber.org> sch/netem: fix use after free in netem_dequeue Richard Fitzgerald <rf(a)opensource.cirrus.com> i2c: Use IS_REACHABLE() for substituting empty ACPI functions Jan Kara <jack(a)suse.cz> ext4: handle redirtying in ext4_bio_write_page() Jan Kara <jack(a)suse.cz> udf: Limit file size to 4TB Eric Biggers <ebiggers(a)google.com> ext4: reject casefold inode flag without casefold feature Nikita Kiryushin <kiryushin(a)ancud.ru> rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow Breno Leitao <leitao(a)debian.org> virtio_net: Fix napi_skb_cache_put warning Bob Zhou <bob.zhou(a)amd.com> drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Enforce alignment of frame and interval Alex Hung <alex.hung(a)amd.com> drm/amd/display: Skip wbscl_set_scaler_filter if filter is null Christoph Hellwig <hch(a)lst.de> block: remove the blk_flush_integrity call in blk_integrity_unregister Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: make hash table duplicates more survivable Marek Vasut <marex(a)denx.de> drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ Haoran Liu <liuhaoran14(a)163.com> drm/meson: plane: Add error handling Casey Schaufler <casey(a)schaufler-ca.com> smack: tcp: ipv4, fix incorrect labeling Amir Goldstein <amir73il(a)gmail.com> fsnotify: clear PARENT_WATCHED flags lazily Abhishek Pandit-Subedi <abhishekpandit(a)chromium.org> usb: typec: ucsi: Fix null pointer dereference in trace Simon Holesch <simon(a)holesch.de> usbip: Don't submit special requests twice Frederic Weisbecker <frederic(a)kernel.org> rcu/nocb: Remove buggy bypass lock contention mitigation Shannon Nelson <shannon.nelson(a)amd.com> ionic: fix potential irq name truncation Michael Margolin <mrgolin(a)amazon.com> RDMA/efa: Properly handle unexpected AQ completions Richard Maina <quic_rmaina(a)quicinc.com> hwspinlock: Introduce hwspin_lock_bust() Aleksandr Mishin <amishin(a)t-argos.ru> PCI: al: Check IORESOURCE_BUS existence during probe Jagadeesh Kona <quic_jkona(a)quicinc.com> cpufreq: scmi: Avoid overflow of target_freq in fast switch Shahar S Matityahu <shahar.s.matityahu(a)intel.com> wifi: iwlwifi: remove fw_running op Tao Zhou <tao.zhou1(a)amd.com> drm/amdgpu: update type of buf size to u32 for eeprom functions Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: check negtive return for table entries Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: the warning dereferencing obj for nbio_v7_4 Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: check specific index for aldebaran Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: fix the waring dereferencing hive Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs Leesoo Ahn <lsahn(a)ooseel.net> apparmor: fix possible NULL pointer dereference Michael Chen <michael.chen(a)amd.com> drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix mc_data out-of-bounds read warning Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix ucode out-of-bounds read warning Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix out-of-bounds write warning Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Fix uninitialized variable agc_btc_response Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Fix uninitialized variable warning for smu10 Asad Kamal <asad.kamal(a)amd.com> drm/amd/amdgpu: Check tbo resource pointer Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check msg_id before processing transcation Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Add array index check for hdcp ddc access Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check gpio_id before used as array index Zhigang Luo <Zhigang.Luo(a)amd.com> drm/amdgpu: avoid reading vf2pf info size from FB Tim Huang <Tim.Huang(a)amd.com> drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix uninitialized scalar variable warning Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: fix the Out-of-bounds read warning Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: fix warning using uninitialized value of max_vid_step Tim Huang <Tim.Huang(a)amd.com> drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix overflowed array index read warning Alvin Lee <alvin.lee2(a)amd.com> drm/amd/display: Assign linear_pitch_alignment even for VM Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr ZHANG Yuntian <yt(a)radxa.com> net: usb: qmi_wwan: add MeiG Smart SRM825L Rik van Riel <riel(a)surriel.com> dma-debug: avoid deadlock between dma debug vs printk and netconsole Richard Fitzgerald <rf(a)opensource.cirrus.com> i2c: Fix conditional for substituting empty ACPI functions Takashi Iwai <tiwai(a)suse.de> ALSA: hda/conexant: Mute speakers at suspend / shutdown Takashi Iwai <tiwai(a)suse.de> ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown Philip Mueller <philm(a)manjaro.org> drm: panel-orientation-quirks: Add quirk for OrangePi Neo ------------- Diffstat: Documentation/locking/hwspinlock.rst | 11 ++ Makefile | 4 +- arch/arm64/include/asm/acpi.h | 12 ++ arch/arm64/kernel/acpi_numa.c | 11 -- arch/mips/kernel/cevt-r4k.c | 15 +- arch/riscv/kernel/head.S | 3 + arch/s390/kernel/vmlinux.lds.S | 9 ++ arch/um/drivers/line.c | 2 + arch/x86/kvm/svm/svm.c | 15 ++ arch/x86/mm/pti.c | 45 ++++-- block/blk-integrity.c | 2 - drivers/acpi/acpi_processor.c | 15 +- drivers/android/binder.c | 1 + drivers/ata/libata-core.c | 4 +- drivers/ata/pata_macio.c | 7 +- drivers/base/devres.c | 1 + drivers/clk/qcom/clk-alpha-pll.c | 25 ++- drivers/clocksource/timer-imx-tpm.c | 16 +- drivers/clocksource/timer-of.c | 17 +- drivers/clocksource/timer-of.h | 1 - drivers/cpufreq/scmi-cpufreq.c | 4 +- drivers/gpio/gpio-rockchip.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_afmt.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_display.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_eeprom.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu_eeprom.h | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 8 +- drivers/gpu/drm/amd/amdgpu/df_v1_7.c | 2 + drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_crat.h | 2 - drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_topology.h | 5 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 5 +- .../drm/amd/display/dc/clk_mgr/dcn21/rn_clk_mgr.c | 3 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 1 + .../gpu/drm/amd/display/dc/dcn20/dcn20_dwb_scl.c | 3 + drivers/gpu/drm/amd/display/dc/gpio/gpio_service.c | 17 +- drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c | 17 +- .../drm/amd/display/modules/hdcp/hdcp1_execution.c | 15 +- .../gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c | 28 +++- drivers/gpu/drm/amd/pm/powerplay/hwmgr/pp_psm.c | 13 +- .../gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 5 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu10_hwmgr.c | 29 +++- .../gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 2 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu8_hwmgr.c | 15 +- .../gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c | 90 ++++++++--- .../gpu/drm/amd/pm/powerplay/hwmgr/vega12_hwmgr.c | 20 ++- .../gpu/drm/amd/pm/powerplay/hwmgr/vega20_hwmgr.c | 31 +++- .../drm/amd/pm/powerplay/smumgr/vega10_smumgr.c | 6 +- drivers/gpu/drm/amd/pm/swsmu/smu13/aldebaran_ppt.c | 3 +- drivers/gpu/drm/bridge/tc358767.c | 2 +- drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 + drivers/gpu/drm/i915/i915_sw_fence.c | 8 +- drivers/gpu/drm/meson/meson_plane.c | 17 +- drivers/hid/amd-sfh-hid/amd_sfh_hid.c | 4 +- drivers/hid/hid-cougar.c | 2 +- drivers/hv/vmbus_drv.c | 1 + drivers/hwmon/adc128d818.c | 4 +- drivers/hwmon/lm95234.c | 9 +- drivers/hwmon/nct6775.c | 2 +- drivers/hwmon/w83627ehf.c | 4 +- drivers/hwspinlock/hwspinlock_core.c | 28 ++++ drivers/hwspinlock/hwspinlock_internal.h | 3 + drivers/i3c/master/mipi-i3c-hci/dma.c | 5 +- drivers/iio/adc/ad7124.c | 27 ++-- drivers/iio/adc/ad7606.c | 28 +--- drivers/iio/adc/ad7606.h | 2 + drivers/iio/adc/ad7606_par.c | 46 +++++- drivers/iio/buffer/industrialio-buffer-dmaengine.c | 4 +- drivers/iio/inkern.c | 8 +- drivers/infiniband/hw/efa/efa_com.c | 30 ++-- drivers/input/misc/uinput.c | 14 ++ drivers/iommu/intel/dmar.c | 2 +- drivers/iommu/sun50i-iommu.c | 1 + drivers/irqchip/irq-armada-370-xp.c | 4 + drivers/irqchip/irq-gic-v2m.c | 6 +- drivers/leds/leds-spi-byte.c | 6 +- drivers/md/dm-init.c | 4 +- drivers/media/platform/qcom/camss/camss.c | 5 +- drivers/media/test-drivers/vivid/vivid-vid-cap.c | 17 +- drivers/media/test-drivers/vivid/vivid-vid-out.c | 16 +- drivers/media/usb/uvc/uvc_driver.c | 18 ++- drivers/misc/vmw_vmci/vmci_resource.c | 3 +- drivers/mmc/host/cqhci-core.c | 2 +- drivers/mmc/host/dw_mmc.c | 4 +- drivers/mmc/host/sdhci-of-aspeed.c | 1 + drivers/net/bareudp.c | 22 +-- drivers/net/can/m_can/m_can.c | 5 +- drivers/net/can/spi/mcp251x.c | 2 +- drivers/net/dsa/vitesse-vsc73xx-core.c | 10 +- drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 20 ++- drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 10 +- drivers/net/ethernet/intel/ice/ice_lib.c | 12 +- drivers/net/ethernet/intel/igb/igb_main.c | 10 ++ drivers/net/ethernet/intel/igc/igc_main.c | 1 + drivers/net/ethernet/pensando/ionic/ionic_lif.c | 2 +- drivers/net/geneve.c | 8 +- drivers/net/usb/ch9200.c | 4 +- drivers/net/usb/cx82310_eth.c | 5 +- drivers/net/usb/ipheth.c | 2 +- drivers/net/usb/kaweth.c | 3 +- drivers/net/usb/mcs7830.c | 4 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/usb/sierra_net.c | 6 +- drivers/net/usb/sr9700.c | 4 +- drivers/net/usb/sr9800.c | 5 +- drivers/net/usb/usbnet.c | 15 +- drivers/net/virtio_net.c | 8 +- .../broadcom/brcm80211/brcmsmac/mac80211_if.c | 1 + drivers/net/wireless/intel/iwlwifi/fw/debugfs.c | 3 +- drivers/net/wireless/intel/iwlwifi/fw/runtime.h | 1 - drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 6 - drivers/net/wireless/marvell/mwifiex/main.h | 3 + drivers/nvme/host/pci.c | 11 ++ drivers/nvme/target/tcp.c | 4 +- drivers/nvmem/core.c | 6 +- drivers/of/irq.c | 15 +- drivers/pci/controller/dwc/pci-keystone.c | 44 +++++- drivers/pci/controller/dwc/pcie-al.c | 16 +- drivers/pci/hotplug/pnv_php.c | 3 +- drivers/pci/pci.c | 35 +++-- drivers/pcmcia/yenta_socket.c | 6 +- drivers/platform/x86/dell/dell-smbios-base.c | 5 +- drivers/staging/iio/frequency/ad9834.c | 2 +- drivers/uio/uio_hv_generic.c | 11 +- drivers/usb/dwc3/core.c | 15 ++ drivers/usb/dwc3/core.h | 2 + drivers/usb/storage/uas.c | 1 + drivers/usb/typec/ucsi/ucsi.h | 2 +- drivers/usb/usbip/stub_rx.c | 77 +++++---- fs/btrfs/ctree.c | 12 +- fs/btrfs/ctree.h | 1 - fs/btrfs/extent-tree.c | 32 +++- fs/btrfs/file.c | 25 ++- fs/btrfs/inode.c | 2 +- fs/btrfs/transaction.h | 6 + fs/cifs/smb2ops.c | 24 ++- fs/ext4/fast_commit.c | 8 +- fs/ext4/inode.c | 5 +- fs/ext4/page-io.c | 14 +- fs/fuse/file.c | 8 +- fs/fuse/xattr.c | 4 +- fs/ksmbd/smb2pdu.c | 4 + fs/ksmbd/transport_tcp.c | 4 +- fs/nfs/super.c | 2 + fs/nilfs2/recovery.c | 35 ++++- fs/nilfs2/segment.c | 10 +- fs/nilfs2/sysfs.c | 117 ++++++++------ fs/notify/fsnotify.c | 31 ++-- fs/notify/fsnotify.h | 2 +- fs/notify/mark.c | 32 +++- fs/ntfs3/dir.c | 52 +++--- fs/squashfs/inode.c | 7 +- fs/udf/super.c | 24 ++- include/linux/fsnotify_backend.h | 8 +- include/linux/hwspinlock.h | 6 + include/linux/i2c.h | 2 +- include/linux/udp.h | 2 +- include/linux/virtio_net.h | 35 +++-- include/net/bluetooth/hci_core.h | 5 - kernel/cgroup/cgroup.c | 2 +- kernel/dma/debug.c | 5 +- kernel/dma/map_benchmark.c | 16 ++ kernel/events/core.c | 18 ++- kernel/events/internal.h | 1 + kernel/events/ring_buffer.c | 2 + kernel/events/uprobes.c | 3 +- kernel/locking/rtmutex.c | 9 +- kernel/rcu/tasks.h | 2 +- kernel/rcu/tree.h | 1 - kernel/rcu/tree_nocb.h | 32 +--- kernel/smp.c | 1 + kernel/trace/trace.c | 2 + kernel/workqueue.c | 14 +- lib/generic-radix-tree.c | 2 + mm/memcontrol.c | 23 ++- net/8021q/vlan_core.c | 7 +- net/bluetooth/mgmt.c | 60 +++---- net/bluetooth/smp.c | 7 - net/bridge/br_fdb.c | 6 +- net/can/bcm.c | 4 + net/ethernet/eth.c | 7 +- net/ipv4/af_inet.c | 19 +-- net/ipv4/fou.c | 54 ++++--- net/ipv4/gre_offload.c | 12 +- net/ipv4/tcp_bpf.c | 2 +- net/ipv4/tcp_offload.c | 3 + net/ipv4/udp_offload.c | 22 ++- net/ipv6/ila/ila.h | 1 + net/ipv6/ila/ila_main.c | 6 + net/ipv6/ila/ila_xlat.c | 13 +- net/ipv6/ip6_offload.c | 14 +- net/ipv6/udp_offload.c | 2 - net/mptcp/options.c | 44 +++--- net/mptcp/pm.c | 36 +++-- net/mptcp/pm_netlink.c | 174 +++++++++++++-------- net/mptcp/protocol.c | 61 +++++--- net/mptcp/protocol.h | 28 ++-- net/mptcp/sockopt.c | 4 +- net/mptcp/subflow.c | 56 ++++--- net/netfilter/nf_conncount.c | 8 +- net/sched/sch_cake.c | 11 +- net/sched/sch_netem.c | 9 +- net/sunrpc/xprtsock.c | 7 + net/unix/af_unix.c | 9 +- net/wireless/scan.c | 46 ++++-- security/apparmor/apparmorfs.c | 4 + security/smack/smack_lsm.c | 14 +- sound/hda/hdmi_chmap.c | 18 +++ sound/pci/hda/hda_generic.c | 63 ++++++++ sound/pci/hda/hda_generic.h | 1 + sound/pci/hda/patch_conexant.c | 13 ++ sound/pci/hda/patch_realtek.c | 10 ++ sound/soc/soc-dapm.c | 1 + sound/soc/soc-topology.c | 2 + sound/soc/sunxi/sun4i-i2s.c | 143 ++++++++--------- tools/lib/bpf/libbpf.c | 4 +- tools/testing/selftests/dmabuf-heaps/dmabuf-heap.c | 4 +- tools/testing/selftests/net/udpgso.c | 2 +- 224 files changed, 1994 insertions(+), 1016 deletions(-)

1 year, 3 months

7
222
0 0

[PATCH 6.1 000/192] 6.1.110-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.110 release. There are 192 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 12 Sep 2024 09:25:22 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.110-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.110-rc1 Miklos Szeredi <mszeredi(a)redhat.com> fuse: add feature flag for expire-only Peng Wu <wupeng58(a)huawei.com> regulator: of: fix a NULL vs IS_ERR() check in of_regulator_bulk_get_all() Shakeel Butt <shakeel.butt(a)linux.dev> memcg: protect concurrent access to mem_cgroup_idr Yonghong Song <yhs(a)fb.com> bpf: Silence a warning in btf_type_id_size() Filipe Manana <fdmanana(a)suse.com> btrfs: fix race between direct IO write and fsync when using same fd Thomas Gleixner <tglx(a)linutronix.de> x86/mm: Fix PTI for i386 some more Li Nan <linan122(a)huawei.com> ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery() Liao Chen <liaochen4(a)huawei.com> gpio: modepin: Enable module autoloading Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> gpio: rockchip: fix OF node leak in probe() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/i915/fence: Mark debug_fence_free() with __maybe_unused Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused Matteo Martelli <matteomartelli3(a)gmail.com> ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode Chen-Yu Tsai <wenst(a)chromium.org> ASoc: SOF: topology: Clear SOF link platform name upon unload Maurizio Lombardi <mlombard(a)redhat.com> nvmet-tcp: fix kernel crash if commands allocation fails Mohan Kumar <mkumard(a)nvidia.com> ASoC: tegra: Fix CBB error during probe() Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/64e: Define mmu_pte_psize static Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64e: split out nohash Book3E 64-bit code Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64e: remove unused IBM HTW code Marek Olšák <marek.olsak(a)amd.com> drm/amdgpu: handle gfx12 in amdgpu_display_verify_sizes Aurabindo Pillai <aurabindo.pillai(a)amd.com> drm/amd: Add gfx12 swizzle mode defs Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: rx: add workaround for erratum DS80000789E 6 of mcp2518fd Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: clarify the meaning of timestamp Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: rx: prepare to workaround broken RX FIFO head index erratum Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: mcp251xfd_handle_rxif_ring_uinc(): factor out in separate function Jonathan Cameron <Jonathan.Cameron(a)huawei.com> arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry James Morse <james.morse(a)arm.com> arm64: acpi: Move get_cpu_for_acpi_id() to a header Jonathan Cameron <Jonathan.Cameron(a)huawei.com> ACPI: processor: Fix memory leaks in error paths of processor_add() Jonathan Cameron <Jonathan.Cameron(a)huawei.com> ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() Nicholas Piggin <npiggin(a)gmail.com> workqueue: Improve scalability of workqueue watchdog touch Nicholas Piggin <npiggin(a)gmail.com> workqueue: wq_watchdog_touch is always called with valid CPU Souradeep Chakrabarti <schakrabarti(a)linux.microsoft.com> net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup Jann Horn <jannh(a)google.com> userfaultfd: fix checks for huge PMDs Peter Zijlstra <peterz(a)infradead.org> mm: Rename pmd_read_atomic() Peter Zijlstra <peterz(a)infradead.org> mm: Fix pmd_read_atomic() Peter Zijlstra <peterz(a)infradead.org> x86/mm/pae: Make pmd_t similar to pte_t yangyun <yangyun50(a)huawei.com> fuse: fix memory leak in fuse_create_open Miklos Szeredi <mszeredi(a)redhat.com> fuse: add request extension Dharmendra Singh <dsingh(a)ddn.com> fuse: allow non-extending parallel direct writes on the same file Miklos Szeredi <mszeredi(a)redhat.com> fuse: add "expire only" mode to FUSE_NOTIFY_INVAL_ENTRY Boqun Feng <boqun.feng(a)gmail.com> rust: macros: provide correct provenance when constructing THIS_MODULE Peter Zijlstra <peterz(a)infradead.org> perf/aux: Fix AUX buffer serialization Sven Schnelle <svens(a)linux.ibm.com> uprobes: Use kzalloc to allocate xol area Daniel Lezcano <daniel.lezcano(a)linaro.org> clocksource/drivers/timer-of: Remove percpu irq related code Jacky Bai <ping.bai(a)nxp.com> clocksource/drivers/imx-tpm: Fix next event not taking effect sometime Jacky Bai <ping.bai(a)nxp.com> clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX David Fernandez Gonzalez <david.fernandez.gonzalez(a)oracle.com> VMCI: Fix use-after-free when removing resource in vmci_resource_remove() Naman Jain <namjain(a)linux.microsoft.com> Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic Saurabh Sengar <ssengar(a)linux.microsoft.com> uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind Geert Uytterhoeven <geert+renesas(a)glider.be> nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc Carlos Llamas <cmllamas(a)google.com> binder: fix UAF caused by offsets overwrite Faisal Hassan <quic_faisalh(a)quicinc.com> usb: dwc3: core: update LC timer as per USB Spec V3.2 Dumitru Ceclan <mitrutzceclan(a)gmail.com> iio: adc: ad7124: fix chip ID mismatch Guillaume Stols <gstols(a)baylibre.com> iio: adc: ad7606: remove frstdata check for serial mode Dumitru Ceclan <mitrutzceclan(a)gmail.com> iio: adc: ad7124: fix config comparison Matteo Martelli <matteomartelli3(a)gmail.com> iio: fix scale application in iio_convert_raw_to_processed_unlocked David Lechner <dlechner(a)baylibre.com> iio: buffer-dmaengine: fix releasing dma channel on error Aleksandr Mishin <amishin(a)t-argos.ru> staging: iio: frequency: ad9834: Validate frequency parameter value Matthieu Baerts (NGI0) <matttbe(a)kernel.org> tcp: process the 3rd ACK with sk_socket for TFO/MPTCP Michal Koutný <mkoutny(a)suse.com> io_uring/sqpoll: Do not set PF_NO_SETAFFINITY on sqpoll threads Jens Axboe <axboe(a)kernel.dk> io_uring/io-wq: stop setting PF_NO_SETAFFINITY on io-wq workers Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: check re-re-adding ID 0 signal Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: validate event numbers Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: fix backport issues Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations Michael Ellerman <mpe(a)ellerman.id.au> ata: pata_macio: Use WARN instead of BUG Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed Kent Overstreet <kent.overstreet(a)linux.dev> lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() Stefan Wiehler <stefan.wiehler(a)nokia.com> of/irq: Prevent device address out-of-bounds read in interrupt map walk Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: sanity check symbolic link size Oliver Neukum <oneukum(a)suse.com> usbnet: ipheth: race between ipheth_close and error handling Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: uinput - reject requests with unreasonable number of slots Olivier Sobrie <olivier(a)sobrie.be> HID: amd_sfh: free driver_data after destroying hid device Camila Alvarez <cam.alvarez.i(a)gmail.com> HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup Heiko Carstens <hca(a)linux.ibm.com> s390/vmlinux.lds.S: Move ro_after_init section behind rodata section David Sterba <dsterba(a)suse.com> btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry() Zenghui Yu <yuzenghui(a)huawei.com> kselftests: dmabuf-heaps: Ensure the driver name is null-terminated Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dpaa: avoid on-stack arrays of NR_CPUS elements Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Don't drop SYN+ACK for simultaneous connect(). Dan Williams <dan.j.williams(a)intel.com> PCI: Add missing bridge lock to pci_bus_lock() yang.zhang <yang.zhang(a)hexintek.com> riscv: set trap vector earlier Filipe Manana <fdmanana(a)suse.com> btrfs: replace BUG_ON() with error handling at update_ref_for_cow() Josef Bacik <josef(a)toxicpanda.com> btrfs: clean up our handling of refs == 0 in snapshot delete Josef Bacik <josef(a)toxicpanda.com> btrfs: replace BUG_ON with ASSERT in walk_down_proc() Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Check more cases when directory is corrupted Zqiang <qiang.zhang1211(a)gmail.com> smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu() Sascha Hauer <s.hauer(a)pengutronix.de> wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() Yicong Yang <yangyicong(a)hisilicon.com> dma-mapping: benchmark: Don't starve others when doing the test Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: fix possible tid_t sequence overflows Yifan Zha <Yifan.Zha(a)amd.com> drm/amdgpu: Set no_hw_access when VF request full GPU fails Andreas Ziegler <ziegler.andreas(a)siemens.com> libbpf: Add NULL checks to bpf_object__{prev_map,next_map} Guenter Roeck <linux(a)roeck-us.net> hwmon: (w83627ehf) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (nct6775-core) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (lm95234) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (adc128d818) Fix underflows seen when writing limit attributes Hareshx Sankar Raj <hareshx.sankar.raj(a)intel.com> crypto: qat - fix unintentional re-enabling of error interrupts Krishna Kumar <krishnak(a)linux.ibm.com> pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv Zijun Hu <quic_zijuhu(a)quicinc.com> devres: Initialize an uninitialized struct member Johannes Berg <johannes.berg(a)intel.com> um: line: always fill *error_out in setup_one_line() Waiman Long <longman(a)redhat.com> cgroup: Protect css->cgroup write under css_set_lock Jacob Pan <jacob.jun.pan(a)linux.intel.com> iommu/vt-d: Handle volatile descriptor status read Benjamin Marzinski <bmarzins(a)redhat.com> dm init: Handle minors larger than 255 Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: topology: Properly initialize soc_enum values Sean Anderson <sean.anderson(a)linux.dev> phy: zynqmp: Take the phy mutex in xlate Richard Fitzgerald <rf(a)opensource.cirrus.com> firmware: cs_dsp: Don't allow writes to read-only controls Pawel Dembicki <paweldembicki(a)gmail.com> net: dsa: vsc73xx: fix possible subblocks range of CAPT block Jonas Gorski <jonas.gorski(a)bisdn.de> net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN Kuniyuki Iwashima <kuniyu(a)amazon.com> fou: Fix null-ptr-deref in GRO. Guillaume Nault <gnault(a)redhat.com> bareudp: Fix device stats updates. Oliver Neukum <oneukum(a)suse.com> usbnet: modern method to get random MAC Larysa Zaremba <larysa.zaremba(a)intel.com> ice: do not bring the VSI up, if it was down before the XDP setup Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: allow hot-swapping XDP programs Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: Use ice_max_xdp_frame_size() in ice_xdp_setup_prog() Dan Carpenter <dan.carpenter(a)linaro.org> igc: Unlock on error in igc_io_resume() Douglas Anderson <dianders(a)chromium.org> regulator: core: Stub devm_regulator_bulk_get_const() if !CONFIG_REGULATOR Corentin Labbe <clabbe(a)baylibre.com> regulator: Add of_regulator_bulk_get_all Aleksandr Mishin <amishin(a)t-argos.ru> platform/x86: dell-smbios: Fix error path in dell_smbios_init() Dawid Osuchowski <dawid.osuchowski(a)linux.intel.com> ice: Add netif_device_attach/detach into PF reset flow Daiwei Li <daiweili(a)google.com> igb: Fix not clearing TimeSync interrupts for 82580 David Howells <dhowells(a)redhat.com> cifs: Fix FALLOC_FL_ZERO_RANGE to preflush buffered part of target region Andreas Hindborg <a.hindborg(a)samsung.com> rust: kbuild: fix export of bss symbols Matthew Maurer <mmaurer(a)google.com> rust: Use awk instead of recent xargs Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: fix ring configuration when switching from CAN-CC to CAN-FD mode Simon Horman <horms(a)kernel.org> can: m_can: Release irq on error in m_can_open Kuniyuki Iwashima <kuniyu(a)amazon.com> can: bcm: Remove proc entry when dev is unregistered. Marek Olšák <marek.olsak(a)amd.com> drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6 Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check denominator pbn_div before used Jules Irenge <jbi.octave(a)gmail.com> pcmcia: Use resource_size function on resource object Chen Ni <nichen(a)iscas.ac.cn> media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: ili210x - use kvmalloc() to allocate buffer for firmware update Kishon Vijay Abraham I <kishon(a)ti.com> PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: vivid: don't set HDMI TX controls if there are no HDMI outputs Danijel Slivka <danijel.slivka(a)amd.com> drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts Hawking Zhang <Hawking.Zhang(a)amd.com> drm/amdgpu: Fix smatch static checker warning Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check HDCP returned status Ma Ke <make24(a)iscas.ac.cn> usb: gadget: aspeed_udc: validate endpoint index for ast udc Shantanu Goel <sgoel01(a)yahoo.com> usb: uas: set host status byte on data completion error Arend van Spriel <arend.vanspriel(a)broadcom.com> wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> leds: spi-byte: Call of_node_put() on error path Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: vivid: fix wrong sizeimage value for mplane Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: One more reason to mark inode bad Jan Kara <jack(a)suse.cz> udf: Avoid excessive partition lengths Yunjian Wang <wangyunjian(a)huawei.com> netfilter: nf_conncount: fix wrong variable type Jernej Skrabec <jernej.skrabec(a)gmail.com> iommu: sun50i: clear bypass register Brian Johannesmeyer <bjohannesmeyer(a)gmail.com> x86/kmsan: Fix hook for unaligned accesses Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Remove put_pid()/put_cred() in copy_peercred(). Pali Rohár <pali(a)kernel.org> irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1 Alexey Dobriyan <adobriyan(a)gmail.com> ELF: fix kernel.randomize_va_space double read Konstantin Andreev <andreev(a)swemel.ru> smack: unix sockets: fix accept()ed socket label Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Add input value sanity checks to HDMI channel map controls Takashi Iwai <tiwai(a)suse.de> ALSA: control: Apply sanity check of input values for user elements Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix state management in error path of log writing function Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: protect references to superblock parameters exposed in sysfs Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix missing cleanup on rollforward recovery error Toke Høiland-Jørgensen <toke(a)redhat.com> sched: sch_cake: fix bulk flow accounting logic for host fairness Eric Dumazet <edumazet(a)google.com> ila: call nf_unregister_net_hooks() sooner Cong Wang <cong.wang(a)bytedance.com> tcp_bpf: fix return value of tcp_bpf_sendmsg() Alex Deucher <alexander.deucher(a)amd.com> Revert "drm/amdgpu: align pp_power_profile_mode with kernel docs" Mitchell Levy <levymitchell0(a)gmail.com> x86/fpu: Avoid writing LBR bit to IA32_XSS unless supported Matt Johnston <matt(a)codeconstruct.com.au> net: mctp-serial: Fix missing escapes on transmit Zheng Yejian <zhengyejian(a)huaweicloud.com> tracing: Avoid possible softlockup in tracing_iter_reset() Brian Norris <briannorris(a)chromium.org> spi: rockchip: Resolve unbalanced runtime PM / system PM handling Simon Arlott <simon(a)octiron.net> can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: clk-alpha-pll: Update set_rate for Zonda PLL Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: clk-alpha-pll: Fix zonda set_rate failure when PLL is disabled Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: clk-alpha-pll: Fix the pll post div mask Jann Horn <jannh(a)google.com> fuse: use unsigned type for getxattr/listxattr size truncation Joanne Koong <joannelkoong(a)gmail.com> fuse: update stats for pages in dropped aux writeback list Seunghwan Baek <sh8267.baek(a)samsung.com> mmc: cqhci: Fix checking of CQHCI_HALT state Liao Chen <liaochen4(a)huawei.com> mmc: sdhci-of-aspeed: fix module autoloading Sam Protsenko <semen.protsenko(a)linaro.org> mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K Jonathan Bell <jonathan(a)raspberrypi.com> mmc: core: apply SD quirks earlier during probe Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Ignore keys being loaded with invalid type Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE" Georg Gottleuber <ggo(a)tuxedocomputers.com> nvme-pci: Add sleep quirk for Samsung 990 Evo Roland Xu <mu001999(a)outlook.com> rtmutex: Drop rt_mutex::wait_lock before scheduling Thomas Gleixner <tglx(a)linutronix.de> x86/kaslr: Expose and use the end of the physical memory address space Ma Ke <make24(a)iscas.ac.cn> irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init() Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Limit the period on Haswell Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/tdx: Fix data leak in mmio_read() Zheng Qixing <zhengqixing(a)huawei.com> ata: libata: Fix memory leak for error path in ata_host_alloc() Dan Carpenter <dan.carpenter(a)linaro.org> ksmbd: Unlock on in ksmbd_tcp_set_interfaces() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: unset the binding mark of a reused connection Maximilien Perreault <maximilienperreault(a)gmail.com> ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx Terry Cheong <htcheong(a)chromium.org> ALSA: hda/realtek: add patch for internal mic in Lenovo V145 Christoffer Sandberg <cs(a)tuxedo.de> ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices Ravi Bangoria <ravi.bangoria(a)amd.com> KVM: SVM: Don't advertise Bus Lock Detect to guest if SVM support is missing Maxim Levitsky <mlevitsk(a)redhat.com> KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE Sean Christopherson <seanjc(a)google.com> KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS robelin <robelin(a)nvidia.com> ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object Stephen Hemminger <stephen(a)networkplumber.org> sch/netem: fix use after free in netem_dequeue ------------- Diffstat: Makefile | 4 +- arch/arm64/include/asm/acpi.h | 12 + arch/arm64/kernel/acpi_numa.c | 11 - arch/mips/kernel/cevt-r4k.c | 15 +- arch/powerpc/include/asm/nohash/mmu-e500.h | 3 +- arch/powerpc/mm/nohash/Makefile | 2 +- arch/powerpc/mm/nohash/tlb.c | 398 +-------------------- arch/powerpc/mm/nohash/tlb_64e.c | 361 +++++++++++++++++++ arch/powerpc/mm/nohash/tlb_low_64e.S | 195 ---------- arch/riscv/kernel/head.S | 3 + arch/s390/kernel/vmlinux.lds.S | 9 + arch/um/drivers/line.c | 2 + arch/x86/coco/tdx/tdx.c | 1 - arch/x86/events/intel/core.c | 23 +- arch/x86/include/asm/fpu/types.h | 7 + arch/x86/include/asm/page_64.h | 1 + arch/x86/include/asm/pgtable-3level.h | 96 +---- arch/x86/include/asm/pgtable-3level_types.h | 7 + arch/x86/include/asm/pgtable_64_types.h | 5 + arch/x86/include/asm/pgtable_types.h | 4 +- arch/x86/kernel/fpu/xstate.c | 3 + arch/x86/kernel/fpu/xstate.h | 4 +- arch/x86/kvm/svm/svm.c | 15 + arch/x86/kvm/x86.c | 2 + arch/x86/lib/iomem.c | 5 +- arch/x86/mm/init_64.c | 4 + arch/x86/mm/kaslr.c | 34 +- arch/x86/mm/pti.c | 45 ++- drivers/acpi/acpi_processor.c | 15 +- drivers/android/binder.c | 1 + drivers/ata/libata-core.c | 4 +- drivers/ata/pata_macio.c | 7 +- drivers/base/devres.c | 1 + drivers/block/ublk_drv.c | 2 + drivers/clk/qcom/clk-alpha-pll.c | 25 +- drivers/clocksource/timer-imx-tpm.c | 16 +- drivers/clocksource/timer-of.c | 17 +- drivers/clocksource/timer-of.h | 1 - drivers/crypto/qat/qat_common/adf_gen2_pfvf.c | 4 +- .../crypto/qat/qat_dh895xcc/adf_dh895xcc_hw_data.c | 8 +- drivers/firmware/cirrus/cs_dsp.c | 3 + drivers/gpio/gpio-rockchip.c | 1 + drivers/gpio/gpio-zynqmp-modepin.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_display.c | 30 +- drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 4 +- drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 8 +- drivers/gpu/drm/amd/amdgpu/ih_v6_0.c | 28 ++ drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 2 +- .../drm/amd/display/modules/hdcp/hdcp1_execution.c | 15 +- drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 6 +- drivers/gpu/drm/i915/i915_sw_fence.c | 8 +- drivers/hid/amd-sfh-hid/amd_sfh_hid.c | 4 +- drivers/hid/hid-cougar.c | 2 +- drivers/hv/vmbus_drv.c | 1 + drivers/hwmon/adc128d818.c | 4 +- drivers/hwmon/lm95234.c | 9 +- drivers/hwmon/nct6775-core.c | 2 +- drivers/hwmon/w83627ehf.c | 4 +- drivers/i3c/master/mipi-i3c-hci/dma.c | 5 +- drivers/iio/adc/ad7124.c | 27 +- drivers/iio/adc/ad7606.c | 28 +- drivers/iio/adc/ad7606.h | 2 + drivers/iio/adc/ad7606_par.c | 46 ++- drivers/iio/buffer/industrialio-buffer-dmaengine.c | 4 +- drivers/iio/inkern.c | 8 +- drivers/input/misc/uinput.c | 14 + drivers/input/touchscreen/ili210x.c | 6 +- drivers/iommu/intel/dmar.c | 2 +- drivers/iommu/sun50i-iommu.c | 1 + drivers/irqchip/irq-armada-370-xp.c | 4 + drivers/irqchip/irq-gic-v2m.c | 6 +- drivers/leds/leds-spi-byte.c | 6 +- drivers/md/dm-init.c | 4 +- drivers/media/platform/qcom/camss/camss.c | 5 +- drivers/media/test-drivers/vivid/vivid-vid-cap.c | 17 +- drivers/media/test-drivers/vivid/vivid-vid-out.c | 16 +- drivers/misc/vmw_vmci/vmci_resource.c | 3 +- drivers/mmc/core/quirks.h | 22 +- drivers/mmc/core/sd.c | 4 + drivers/mmc/host/cqhci-core.c | 2 +- drivers/mmc/host/dw_mmc.c | 4 +- drivers/mmc/host/sdhci-of-aspeed.c | 1 + drivers/net/bareudp.c | 22 +- drivers/net/can/m_can/m_can.c | 5 +- drivers/net/can/spi/mcp251x.c | 2 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c | 28 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-ram.c | 11 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-ring.c | 23 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-rx.c | 165 ++++++--- drivers/net/can/spi/mcp251xfd/mcp251xfd-tef.c | 2 +- .../net/can/spi/mcp251xfd/mcp251xfd-timestamp.c | 22 +- drivers/net/can/spi/mcp251xfd/mcp251xfd.h | 42 ++- drivers/net/dsa/vitesse-vsc73xx-core.c | 10 +- drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 20 +- drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 10 +- drivers/net/ethernet/intel/ice/ice_main.c | 61 ++-- drivers/net/ethernet/intel/igb/igb_main.c | 10 + drivers/net/ethernet/intel/igc/igc_main.c | 1 + drivers/net/ethernet/microsoft/mana/mana.h | 2 + drivers/net/ethernet/microsoft/mana/mana_en.c | 22 +- drivers/net/mctp/mctp-serial.c | 4 +- drivers/net/usb/ipheth.c | 2 +- drivers/net/usb/usbnet.c | 11 +- .../broadcom/brcm80211/brcmsmac/mac80211_if.c | 1 + drivers/net/wireless/marvell/mwifiex/main.h | 3 + drivers/nvme/host/pci.c | 11 + drivers/nvme/target/tcp.c | 4 +- drivers/nvmem/core.c | 6 +- drivers/of/irq.c | 15 +- drivers/pci/controller/dwc/pci-keystone.c | 44 ++- drivers/pci/hotplug/pnv_php.c | 3 +- drivers/pci/pci.c | 35 +- drivers/pcmcia/yenta_socket.c | 6 +- drivers/phy/xilinx/phy-zynqmp.c | 1 + drivers/platform/x86/dell/dell-smbios-base.c | 5 +- drivers/regulator/of_regulator.c | 92 +++++ drivers/spi/spi-rockchip.c | 23 +- drivers/staging/iio/frequency/ad9834.c | 2 +- drivers/uio/uio_hv_generic.c | 11 +- drivers/usb/dwc3/core.c | 15 + drivers/usb/dwc3/core.h | 2 + drivers/usb/gadget/udc/aspeed_udc.c | 2 + drivers/usb/storage/uas.c | 1 + fs/binfmt_elf.c | 5 +- fs/btrfs/ctree.c | 12 +- fs/btrfs/ctree.h | 1 - fs/btrfs/extent-tree.c | 32 +- fs/btrfs/file.c | 25 +- fs/btrfs/inode.c | 2 +- fs/btrfs/transaction.h | 6 + fs/ext4/fast_commit.c | 8 +- fs/fuse/dev.c | 6 +- fs/fuse/dir.c | 72 ++-- fs/fuse/file.c | 51 ++- fs/fuse/fuse_i.h | 8 +- fs/fuse/inode.c | 3 +- fs/fuse/xattr.c | 4 +- fs/nfs/super.c | 2 + fs/nilfs2/recovery.c | 35 +- fs/nilfs2/segment.c | 10 +- fs/nilfs2/sysfs.c | 43 ++- fs/ntfs3/dir.c | 52 +-- fs/ntfs3/frecord.c | 4 +- fs/smb/client/smb2ops.c | 16 +- fs/smb/server/smb2pdu.c | 4 + fs/smb/server/transport_tcp.c | 4 +- fs/squashfs/inode.c | 7 +- fs/udf/super.c | 15 + include/linux/mm.h | 4 + include/linux/pgtable.h | 54 ++- include/linux/regulator/consumer.h | 16 + include/net/bluetooth/hci_core.h | 5 - include/uapi/drm/drm_fourcc.h | 18 + include/uapi/linux/fuse.h | 46 ++- io_uring/io-wq.c | 16 +- io_uring/sqpoll.c | 1 - kernel/bpf/btf.c | 13 +- kernel/cgroup/cgroup.c | 2 +- kernel/dma/map_benchmark.c | 16 + kernel/events/core.c | 18 +- kernel/events/internal.h | 1 + kernel/events/ring_buffer.c | 2 + kernel/events/uprobes.c | 3 +- kernel/locking/rtmutex.c | 9 +- kernel/resource.c | 6 +- kernel/smp.c | 1 + kernel/trace/trace.c | 2 + kernel/workqueue.c | 14 +- lib/generic-radix-tree.c | 2 + mm/hmm.c | 2 +- mm/khugepaged.c | 2 +- mm/mapping_dirty_helpers.c | 2 +- mm/memcontrol.c | 22 +- mm/memory_hotplug.c | 2 +- mm/mprotect.c | 2 +- mm/sparse.c | 2 +- mm/userfaultfd.c | 24 +- mm/vmscan.c | 4 +- net/bluetooth/mgmt.c | 60 ++-- net/bluetooth/smp.c | 7 - net/bridge/br_fdb.c | 6 +- net/can/bcm.c | 4 + net/ipv4/fou.c | 29 +- net/ipv4/tcp_bpf.c | 2 +- net/ipv4/tcp_input.c | 6 + net/ipv6/ila/ila.h | 1 + net/ipv6/ila/ila_main.c | 6 + net/ipv6/ila/ila_xlat.c | 13 +- net/netfilter/nf_conncount.c | 8 +- net/sched/sch_cake.c | 11 +- net/sched/sch_netem.c | 9 +- net/unix/af_unix.c | 9 +- rust/Makefile | 4 +- rust/macros/module.rs | 6 +- security/smack/smack_lsm.c | 12 +- sound/core/control.c | 6 +- sound/hda/hdmi_chmap.c | 18 + sound/pci/hda/patch_conexant.c | 11 + sound/pci/hda/patch_realtek.c | 10 + sound/soc/soc-dapm.c | 1 + sound/soc/soc-topology.c | 2 + sound/soc/sof/topology.c | 2 + sound/soc/sunxi/sun4i-i2s.c | 143 ++++---- sound/soc/tegra/tegra210_ahub.c | 12 +- tools/lib/bpf/libbpf.c | 4 +- tools/testing/selftests/dmabuf-heaps/dmabuf-heap.c | 4 +- tools/testing/selftests/net/mptcp/mptcp_join.sh | 234 ++++++++---- tools/testing/selftests/net/mptcp/mptcp_lib.sh | 15 + 208 files changed, 2369 insertions(+), 1522 deletions(-)

1 year, 3 months

8
204
0 0

[PATCH 5.10 000/186] 5.10.226-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.226 release. There are 186 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 12 Sep 2024 09:25:22 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.226-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.226-rc1 Shakeel Butt <shakeel.butt(a)linux.dev> memcg: protect concurrent access to mem_cgroup_idr Daniel Borkmann <daniel(a)iogearbox.net> net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket Thomas Gleixner <tglx(a)linutronix.de> x86/mm: Fix PTI for i386 some more Roland Xu <mu001999(a)outlook.com> rtmutex: Drop rt_mutex::wait_lock before scheduling Seunghwan Baek <sh8267.baek(a)samsung.com> mmc: cqhci: Fix checking of CQHCI_HALT state Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/i915/fence: Mark debug_fence_free() with __maybe_unused Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused Maurizio Lombardi <mlombard(a)redhat.com> nvmet-tcp: fix kernel crash if commands allocation fails Jonathan Cameron <Jonathan.Cameron(a)huawei.com> arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry James Morse <james.morse(a)arm.com> arm64: acpi: Move get_cpu_for_acpi_id() to a header Jonathan Cameron <Jonathan.Cameron(a)huawei.com> ACPI: processor: Fix memory leaks in error paths of processor_add() Jonathan Cameron <Jonathan.Cameron(a)huawei.com> ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: protect references to superblock parameters exposed in sysfs Qing Wang <wangqing(a)vivo.com> nilfs2: replace snprintf in show functions with sysfs_emit Peter Zijlstra <peterz(a)infradead.org> perf/aux: Fix AUX buffer serialization Sven Schnelle <svens(a)linux.ibm.com> uprobes: Use kzalloc to allocate xol area Daniel Lezcano <daniel.lezcano(a)linaro.org> clocksource/drivers/timer-of: Remove percpu irq related code Jacky Bai <ping.bai(a)nxp.com> clocksource/drivers/imx-tpm: Fix next event not taking effect sometime Jacky Bai <ping.bai(a)nxp.com> clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX David Fernandez Gonzalez <david.fernandez.gonzalez(a)oracle.com> VMCI: Fix use-after-free when removing resource in vmci_resource_remove() Naman Jain <namjain(a)linux.microsoft.com> Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic Saurabh Sengar <ssengar(a)linux.microsoft.com> uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind Geert Uytterhoeven <geert+renesas(a)glider.be> nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc Carlos Llamas <cmllamas(a)google.com> binder: fix UAF caused by offsets overwrite Dumitru Ceclan <mitrutzceclan(a)gmail.com> iio: adc: ad7124: fix chip ID mismatch Guillaume Stols <gstols(a)baylibre.com> iio: adc: ad7606: remove frstdata check for serial mode Matteo Martelli <matteomartelli3(a)gmail.com> iio: fix scale application in iio_convert_raw_to_processed_unlocked David Lechner <dlechner(a)baylibre.com> iio: buffer-dmaengine: fix releasing dma channel on error Aleksandr Mishin <amishin(a)t-argos.ru> staging: iio: frequency: ad9834: Validate frequency parameter value Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations Michael Ellerman <mpe(a)ellerman.id.au> ata: pata_macio: Use WARN instead of BUG Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed Kent Overstreet <kent.overstreet(a)linux.dev> lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() Stefan Wiehler <stefan.wiehler(a)nokia.com> of/irq: Prevent device address out-of-bounds read in interrupt map walk Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: sanity check symbolic link size Oliver Neukum <oneukum(a)suse.com> usbnet: ipheth: race between ipheth_close and error handling Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: uinput - reject requests with unreasonable number of slots Camila Alvarez <cam.alvarez.i(a)gmail.com> HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup Heiko Carstens <hca(a)linux.ibm.com> s390/vmlinux.lds.S: Move ro_after_init section behind rodata section David Sterba <dsterba(a)suse.com> btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry() Zenghui Yu <yuzenghui(a)huawei.com> kselftests: dmabuf-heaps: Ensure the driver name is null-terminated Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dpaa: avoid on-stack arrays of NR_CPUS elements Dan Williams <dan.j.williams(a)intel.com> PCI: Add missing bridge lock to pci_bus_lock() Josef Bacik <josef(a)toxicpanda.com> btrfs: clean up our handling of refs == 0 in snapshot delete Josef Bacik <josef(a)toxicpanda.com> btrfs: replace BUG_ON with ASSERT in walk_down_proc() Zqiang <qiang.zhang1211(a)gmail.com> smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu() Sascha Hauer <s.hauer(a)pengutronix.de> wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() Andreas Ziegler <ziegler.andreas(a)siemens.com> libbpf: Add NULL checks to bpf_object__{prev_map,next_map} Guenter Roeck <linux(a)roeck-us.net> hwmon: (w83627ehf) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (nct6775-core) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (lm95234) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (adc128d818) Fix underflows seen when writing limit attributes Krishna Kumar <krishnak(a)linux.ibm.com> pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv Zijun Hu <quic_zijuhu(a)quicinc.com> devres: Initialize an uninitialized struct member Johannes Berg <johannes.berg(a)intel.com> um: line: always fill *error_out in setup_one_line() Waiman Long <longman(a)redhat.com> cgroup: Protect css->cgroup write under css_set_lock Jacob Pan <jacob.jun.pan(a)linux.intel.com> iommu/vt-d: Handle volatile descriptor status read Benjamin Marzinski <bmarzins(a)redhat.com> dm init: Handle minors larger than 255 Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: topology: Properly initialize soc_enum values Pawel Dembicki <paweldembicki(a)gmail.com> net: dsa: vsc73xx: fix possible subblocks range of CAPT block Jonas Gorski <jonas.gorski(a)bisdn.de> net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN Kuniyuki Iwashima <kuniyu(a)amazon.com> fou: Fix null-ptr-deref in GRO. Eric Dumazet <edumazet(a)google.com> gro: remove rcu_read_lock/rcu_read_unlock from gro_complete handlers Eric Dumazet <edumazet(a)google.com> gro: remove rcu_read_lock/rcu_read_unlock from gro_receive handlers Eric Dumazet <edumazet(a)google.com> fou: remove sparse errors Guillaume Nault <gnault(a)redhat.com> bareudp: Fix device stats updates. Oliver Neukum <oneukum(a)suse.com> usbnet: modern method to get random MAC Jakub Kicinski <kuba(a)kernel.org> net: usb: don't write directly to netdev->dev_addr Len Baker <len.baker(a)gmx.com> drivers/net/usb: Remove all strcpy() uses Dan Carpenter <dan.carpenter(a)linaro.org> igc: Unlock on error in igc_io_resume() Cong Wang <cong.wang(a)bytedance.com> tcp_bpf: fix return value of tcp_bpf_sendmsg() Aleksandr Mishin <amishin(a)t-argos.ru> platform/x86: dell-smbios: Fix error path in dell_smbios_init() Chuck Lever <chuck.lever(a)oracle.com> svcrdma: Catch another Reply chunk overflow case Daiwei Li <daiweili(a)google.com> igb: Fix not clearing TimeSync interrupts for 82580 Kuniyuki Iwashima <kuniyu(a)amazon.com> can: bcm: Remove proc entry when dev is unregistered. Jules Irenge <jbi.octave(a)gmail.com> pcmcia: Use resource_size function on resource object Chen Ni <nichen(a)iscas.ac.cn> media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse Kishon Vijay Abraham I <kishon(a)ti.com> PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: vivid: don't set HDMI TX controls if there are no HDMI outputs Shantanu Goel <sgoel01(a)yahoo.com> usb: uas: set host status byte on data completion error Arend van Spriel <arend.vanspriel(a)broadcom.com> wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> leds: spi-byte: Call of_node_put() on error path Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: vivid: fix wrong sizeimage value for mplane Jan Kara <jack(a)suse.cz> udf: Avoid excessive partition lengths Yunjian Wang <wangyunjian(a)huawei.com> netfilter: nf_conncount: fix wrong variable type Jernej Skrabec <jernej.skrabec(a)gmail.com> iommu: sun50i: clear bypass register Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Remove put_pid()/put_cred() in copy_peercred(). Pali Rohár <pali(a)kernel.org> irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1 Konstantin Andreev <andreev(a)swemel.ru> smack: unix sockets: fix accept()ed socket label Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Add input value sanity checks to HDMI channel map controls Josef Bacik <josef(a)toxicpanda.com> nfsd: make svc_stat per-network namespace instead of global Josef Bacik <josef(a)toxicpanda.com> nfsd: remove nfsd_stats, make th_cnt a global counter Josef Bacik <josef(a)toxicpanda.com> nfsd: make all of the nfsd stats per-network namespace Josef Bacik <josef(a)toxicpanda.com> nfsd: expose /proc/net/sunrpc/nfsd in net namespaces Josef Bacik <josef(a)toxicpanda.com> nfsd: rename NFSD_NET_* to NFSD_STATS_* Josef Bacik <josef(a)toxicpanda.com> sunrpc: use the struct net as the svc proc private Josef Bacik <josef(a)toxicpanda.com> sunrpc: remove ->pg_stats from svc_program Josef Bacik <josef(a)toxicpanda.com> sunrpc: pass in the sv_stats struct through svc_create_pooled Josef Bacik <josef(a)toxicpanda.com> nfsd: stop setting ->pg_stats for unused stats Josef Bacik <josef(a)toxicpanda.com> sunrpc: don't change ->sv_stats if it doesn't exist Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix frame size warning in svc_export_parse() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Rewrite synopsis of nfsd_percpu_counters_init() NeilBrown <neilb(a)suse.de> NFSD: simplify error paths in nfsd_svc() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor the duplicate reply cache shrinker Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace nfsd_prune_bucket() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Rename nfsd_reply_cache_alloc() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd_reply_cache_free_locked() Jeff Layton <jlayton(a)kernel.org> nfsd: move init of percpu reply_cache_stats counters back to nfsd_init_net Jeff Layton <jlayton(a)kernel.org> nfsd: move reply cache initialization into nfsd startup Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: avoid possible UaF when selecting endp Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pr_debug: add missing \n at the end Filipe Manana <fdmanana(a)suse.com> btrfs: fix use-after-free after failure to create a snapshot Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix state management in error path of log writing function Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix missing cleanup on rollforward recovery error Toke Høiland-Jørgensen <toke(a)redhat.com> sched: sch_cake: fix bulk flow accounting logic for host fairness Eric Dumazet <edumazet(a)google.com> ila: call nf_unregister_net_hooks() sooner Zheng Yejian <zhengyejian(a)huaweicloud.com> tracing: Avoid possible softlockup in tracing_iter_reset() Simon Arlott <simon(a)octiron.net> can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: clk-alpha-pll: Fix the pll post div mask Jann Horn <jannh(a)google.com> fuse: use unsigned type for getxattr/listxattr size truncation Joanne Koong <joannelkoong(a)gmail.com> fuse: update stats for pages in dropped aux writeback list Liao Chen <liaochen4(a)huawei.com> mmc: sdhci-of-aspeed: fix module autoloading Sam Protsenko <semen.protsenko(a)linaro.org> mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Ignore keys being loaded with invalid type Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE" Ma Ke <make24(a)iscas.ac.cn> irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init() Zheng Qixing <zhengqixing(a)huawei.com> ata: libata: Fix memory leak for error path in ata_host_alloc() Maximilien Perreault <maximilienperreault(a)gmail.com> ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx Terry Cheong <htcheong(a)chromium.org> ALSA: hda/realtek: add patch for internal mic in Lenovo V145 Christoffer Sandberg <cs(a)tuxedo.de> ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices robelin <robelin(a)nvidia.com> ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object Stephen Hemminger <stephen(a)networkplumber.org> sch/netem: fix use after free in netem_dequeue Connor O'Brien <connor.obrien(a)crowdstrike.com> bpf, cgroup: Assign cgroup in cgroup_sk_alloc when called from interrupt Richard Fitzgerald <rf(a)opensource.cirrus.com> i2c: Use IS_REACHABLE() for substituting empty ACPI functions Jan Kara <jack(a)suse.cz> ext4: handle redirtying in ext4_bio_write_page() Jan Kara <jack(a)suse.cz> udf: Limit file size to 4TB Nikita Kiryushin <kiryushin(a)ancud.ru> rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow Breno Leitao <leitao(a)debian.org> virtio_net: Fix napi_skb_cache_put warning Stanislav Fomichev <sdf(a)google.com> net: set SOCK_RCU_FREE before inserting socket into hashtable Connor O'Brien <connor.obrien(a)crowdstrike.com> bpf, cgroups: Fix cgroup v2 fallback on v1/v2 mixed mode Bob Zhou <bob.zhou(a)amd.com> drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr Christoph Hellwig <hch(a)lst.de> block: initialize integrity buffer to zero before writing it to media Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Enforce alignment of frame and interval Alex Hung <alex.hung(a)amd.com> drm/amd/display: Skip wbscl_set_scaler_filter if filter is null Christoph Hellwig <hch(a)lst.de> block: remove the blk_flush_integrity call in blk_integrity_unregister Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: make hash table duplicates more survivable Haoran Liu <liuhaoran14(a)163.com> drm/meson: plane: Add error handling Casey Schaufler <casey(a)schaufler-ca.com> smack: tcp: ipv4, fix incorrect labeling Amir Goldstein <amir73il(a)gmail.com> fsnotify: clear PARENT_WATCHED flags lazily Abhishek Pandit-Subedi <abhishekpandit(a)chromium.org> usb: typec: ucsi: Fix null pointer dereference in trace Simon Holesch <simon(a)holesch.de> usbip: Don't submit special requests twice Shannon Nelson <shannon.nelson(a)amd.com> ionic: fix potential irq name truncation Richard Maina <quic_rmaina(a)quicinc.com> hwspinlock: Introduce hwspin_lock_bust() Aleksandr Mishin <amishin(a)t-argos.ru> PCI: al: Check IORESOURCE_BUS existence during probe Shahar S Matityahu <shahar.s.matityahu(a)intel.com> wifi: iwlwifi: remove fw_running op Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: check negtive return for table entries Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: the warning dereferencing obj for nbio_v7_4 Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs Leesoo Ahn <lsahn(a)ooseel.net> apparmor: fix possible NULL pointer dereference Michael Chen <michael.chen(a)amd.com> drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix mc_data out-of-bounds read warning Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix ucode out-of-bounds read warning Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix out-of-bounds write warning Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Fix uninitialized variable agc_btc_response Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check msg_id before processing transcation Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Add array index check for hdcp ddc access Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check gpio_id before used as array index Zhigang Luo <Zhigang.Luo(a)amd.com> drm/amdgpu: avoid reading vf2pf info size from FB Tim Huang <Tim.Huang(a)amd.com> drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix uninitialized scalar variable warning Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: fix the Out-of-bounds read warning Jesse Zhang <jesse.zhang(a)amd.com> drm/amd/pm: fix warning using uninitialized value of max_vid_step Tim Huang <Tim.Huang(a)amd.com> drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix overflowed array index read warning Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr ZHANG Yuntian <yt(a)radxa.com> net: usb: qmi_wwan: add MeiG Smart SRM825L Rik van Riel <riel(a)surriel.com> dma-debug: avoid deadlock between dma debug vs printk and netconsole Richard Fitzgerald <rf(a)opensource.cirrus.com> i2c: Fix conditional for substituting empty ACPI functions Takashi Iwai <tiwai(a)suse.de> ALSA: hda/conexant: Mute speakers at suspend / shutdown Takashi Iwai <tiwai(a)suse.de> ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown Philip Mueller <philm(a)manjaro.org> drm: panel-orientation-quirks: Add quirk for OrangePi Neo ------------- Diffstat: Documentation/locking/hwspinlock.rst | 11 ++ Makefile | 4 +- arch/arm64/include/asm/acpi.h | 12 ++ arch/arm64/kernel/acpi_numa.c | 11 -- arch/mips/kernel/cevt-r4k.c | 15 +- arch/s390/kernel/vmlinux.lds.S | 9 + arch/um/drivers/line.c | 2 + arch/x86/mm/pti.c | 45 +++-- block/bio-integrity.c | 11 +- block/blk-integrity.c | 2 - drivers/acpi/acpi_processor.c | 15 +- drivers/android/binder.c | 1 + drivers/ata/libata-core.c | 4 +- drivers/ata/pata_macio.c | 7 +- drivers/base/devres.c | 1 + drivers/clk/qcom/clk-alpha-pll.c | 6 +- drivers/clocksource/timer-imx-tpm.c | 16 +- drivers/clocksource/timer-of.c | 17 +- drivers/clocksource/timer-of.h | 1 - drivers/gpu/drm/amd/amdgpu/amdgpu_afmt.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 4 +- drivers/gpu/drm/amd/amdgpu/df_v1_7.c | 2 + drivers/gpu/drm/amd/amdgpu/nbio_v7_4.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_crat.h | 2 - drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_topology.h | 5 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 5 +- .../drm/amd/display/dc/clk_mgr/dcn21/rn_clk_mgr.c | 3 +- .../gpu/drm/amd/display/dc/dcn20/dcn20_dwb_scl.c | 3 + drivers/gpu/drm/amd/display/dc/gpio/gpio_service.c | 17 +- drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c | 17 +- .../gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c | 28 ++- drivers/gpu/drm/amd/pm/powerplay/hwmgr/pp_psm.c | 13 +- .../gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 5 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 2 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu8_hwmgr.c | 15 +- .../gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c | 90 +++++++-- .../gpu/drm/amd/pm/powerplay/hwmgr/vega20_hwmgr.c | 8 +- .../drm/amd/pm/powerplay/smumgr/vega10_smumgr.c | 6 +- drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 + drivers/gpu/drm/i915/i915_sw_fence.c | 8 +- drivers/gpu/drm/meson/meson_plane.c | 17 +- drivers/hid/hid-cougar.c | 2 +- drivers/hv/vmbus_drv.c | 1 + drivers/hwmon/adc128d818.c | 4 +- drivers/hwmon/lm95234.c | 9 +- drivers/hwmon/nct6775.c | 2 +- drivers/hwmon/w83627ehf.c | 4 +- drivers/hwspinlock/hwspinlock_core.c | 28 +++ drivers/hwspinlock/hwspinlock_internal.h | 3 + drivers/iio/adc/ad7124.c | 1 + drivers/iio/adc/ad7606.c | 28 +-- drivers/iio/adc/ad7606.h | 2 + drivers/iio/adc/ad7606_par.c | 46 ++++- drivers/iio/buffer/industrialio-buffer-dmaengine.c | 4 +- drivers/iio/inkern.c | 8 +- drivers/input/misc/uinput.c | 14 ++ drivers/iommu/intel/dmar.c | 2 +- drivers/iommu/sun50i-iommu.c | 1 + drivers/irqchip/irq-armada-370-xp.c | 4 + drivers/irqchip/irq-gic-v2m.c | 6 +- drivers/leds/leds-spi-byte.c | 6 +- drivers/md/dm-init.c | 4 +- drivers/media/platform/qcom/camss/camss.c | 5 +- drivers/media/test-drivers/vivid/vivid-vid-cap.c | 17 +- drivers/media/test-drivers/vivid/vivid-vid-out.c | 16 +- drivers/media/usb/uvc/uvc_driver.c | 18 +- drivers/misc/vmw_vmci/vmci_resource.c | 3 +- drivers/mmc/host/cqhci.c | 2 +- drivers/mmc/host/dw_mmc.c | 4 +- drivers/mmc/host/sdhci-of-aspeed.c | 1 + drivers/net/bareudp.c | 22 +-- drivers/net/can/spi/mcp251x.c | 2 +- drivers/net/dsa/vitesse-vsc73xx-core.c | 10 +- drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 20 +- drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 10 +- drivers/net/ethernet/intel/igb/igb_main.c | 10 + drivers/net/ethernet/intel/igc/igc_main.c | 1 + drivers/net/ethernet/pensando/ionic/ionic_lif.c | 2 +- drivers/net/geneve.c | 8 +- drivers/net/usb/ch9200.c | 4 +- drivers/net/usb/cx82310_eth.c | 5 +- drivers/net/usb/ipheth.c | 4 +- drivers/net/usb/kaweth.c | 3 +- drivers/net/usb/mcs7830.c | 4 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/usb/sierra_net.c | 6 +- drivers/net/usb/sr9700.c | 4 +- drivers/net/usb/sr9800.c | 5 +- drivers/net/usb/usbnet.c | 23 +-- drivers/net/virtio_net.c | 8 +- .../broadcom/brcm80211/brcmsmac/mac80211_if.c | 1 + drivers/net/wireless/intel/iwlwifi/fw/debugfs.c | 3 +- drivers/net/wireless/intel/iwlwifi/fw/runtime.h | 1 - drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 6 - drivers/net/wireless/marvell/mwifiex/main.h | 3 + drivers/nvme/target/tcp.c | 4 +- drivers/nvmem/core.c | 6 +- drivers/of/irq.c | 15 +- drivers/pci/controller/dwc/pci-keystone.c | 44 ++++- drivers/pci/controller/dwc/pcie-al.c | 16 +- drivers/pci/hotplug/pnv_php.c | 3 +- drivers/pci/pci.c | 35 ++-- drivers/pcmcia/yenta_socket.c | 6 +- drivers/platform/x86/dell-smbios-base.c | 5 +- drivers/staging/iio/frequency/ad9834.c | 2 +- drivers/uio/uio_hv_generic.c | 11 +- drivers/usb/storage/uas.c | 1 + drivers/usb/typec/ucsi/ucsi.h | 2 +- drivers/usb/usbip/stub_rx.c | 77 +++++--- fs/btrfs/extent-tree.c | 32 +++- fs/btrfs/inode.c | 2 +- fs/btrfs/ioctl.c | 5 +- fs/btrfs/transaction.c | 24 +++ fs/btrfs/transaction.h | 2 + fs/ext4/page-io.c | 14 +- fs/fuse/file.c | 8 +- fs/fuse/xattr.c | 4 +- fs/lockd/svc.c | 3 - fs/nfs/callback.c | 3 - fs/nfs/super.c | 2 + fs/nfsd/export.c | 32 +++- fs/nfsd/export.h | 4 +- fs/nfsd/netns.h | 25 ++- fs/nfsd/nfs4proc.c | 6 +- fs/nfsd/nfscache.c | 202 ++++++++++++--------- fs/nfsd/nfsctl.c | 24 ++- fs/nfsd/nfsd.h | 1 + fs/nfsd/nfsfh.c | 3 +- fs/nfsd/nfssvc.c | 38 ++-- fs/nfsd/stats.c | 52 +++--- fs/nfsd/stats.h | 83 ++++----- fs/nfsd/trace.h | 22 +++ fs/nfsd/vfs.c | 6 +- fs/nilfs2/recovery.c | 35 +++- fs/nilfs2/segment.c | 10 +- fs/nilfs2/sysfs.c | 117 +++++++----- fs/notify/fsnotify.c | 31 +++- fs/notify/fsnotify.h | 2 +- fs/notify/mark.c | 32 +++- fs/squashfs/inode.c | 7 +- fs/udf/super.c | 24 ++- include/linux/cgroup-defs.h | 107 +++-------- include/linux/cgroup.h | 22 +-- include/linux/fsnotify_backend.h | 8 +- include/linux/hwspinlock.h | 6 + include/linux/i2c.h | 2 +- include/linux/sunrpc/svc.h | 5 +- include/net/bluetooth/hci_core.h | 5 - kernel/cgroup/cgroup.c | 65 +++---- kernel/dma/debug.c | 5 +- kernel/events/core.c | 18 +- kernel/events/internal.h | 1 + kernel/events/ring_buffer.c | 2 + kernel/events/uprobes.c | 3 +- kernel/locking/rtmutex.c | 4 +- kernel/rcu/tasks.h | 2 +- kernel/smp.c | 1 + kernel/trace/trace.c | 2 + lib/generic-radix-tree.c | 2 + mm/memcontrol.c | 23 ++- net/8021q/vlan_core.c | 7 +- net/bluetooth/mgmt.c | 60 +++--- net/bluetooth/smp.c | 7 - net/bridge/br_fdb.c | 6 +- net/can/bcm.c | 4 + net/core/netclassid_cgroup.c | 7 +- net/core/netprio_cgroup.c | 10 +- net/ethernet/eth.c | 7 +- net/ipv4/af_inet.c | 19 +- net/ipv4/fou.c | 62 ++++--- net/ipv4/gre_offload.c | 12 +- net/ipv4/inet_hashtables.c | 2 +- net/ipv4/tcp_bpf.c | 2 +- net/ipv4/udp_offload.c | 6 +- net/ipv6/ila/ila.h | 1 + net/ipv6/ila/ila_main.c | 6 + net/ipv6/ila/ila_xlat.c | 13 +- net/ipv6/ip6_offload.c | 14 +- net/ipv6/udp_offload.c | 2 - net/mptcp/options.c | 34 ++-- net/mptcp/pm.c | 24 +-- net/mptcp/pm_netlink.c | 59 +++--- net/mptcp/protocol.c | 54 +++--- net/mptcp/protocol.h | 4 +- net/mptcp/subflow.c | 50 ++--- net/netfilter/nf_conncount.c | 8 +- net/sched/sch_cake.c | 11 +- net/sched/sch_netem.c | 9 +- net/sunrpc/stats.c | 2 +- net/sunrpc/svc.c | 36 ++-- net/sunrpc/xprtrdma/svc_rdma_rw.c | 2 + net/sunrpc/xprtsock.c | 7 + net/unix/af_unix.c | 9 +- net/wireless/scan.c | 46 +++-- security/apparmor/apparmorfs.c | 4 + security/smack/smack_lsm.c | 14 +- sound/hda/hdmi_chmap.c | 18 ++ sound/pci/hda/hda_generic.c | 63 +++++++ sound/pci/hda/hda_generic.h | 1 + sound/pci/hda/patch_conexant.c | 13 ++ sound/pci/hda/patch_realtek.c | 10 + sound/soc/soc-dapm.c | 1 + sound/soc/soc-topology.c | 2 + tools/lib/bpf/libbpf.c | 4 +- tools/testing/selftests/dmabuf-heaps/dmabuf-heap.c | 4 +- 209 files changed, 1848 insertions(+), 1126 deletions(-)

1 year, 3 months

6
193
0 0

[PATCH 3/4] phy: qcom: qmp-usbc: fix NULL-deref on runtime suspend

by Johan Hovold

Commit 413db06c05e7 ("phy: qcom-qmp-usb: clean up probe initialisation") removed most users of the platform device driver data from the qcom-qmp-usb driver, but mistakenly also removed the initialisation despite the data still being used in the runtime PM callbacks. This bug was later reproduced when the driver was copied to create the qmp-usbc driver. Restore the driver data initialisation at probe to avoid a NULL-pointer dereference on runtime suspend. Apparently no one uses runtime PM, which currently needs to be enabled manually through sysfs, with these drivers. Fixes: 19281571a4d5 ("phy: qcom: qmp-usb: split USB-C PHY driver") Cc: stable(a)vger.kernel.org # 6.9 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/phy/qualcomm/phy-qcom-qmp-usbc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-usbc.c b/drivers/phy/qualcomm/phy-qcom-qmp-usbc.c index 5cbc5fd529eb..dea3456f88b1 100644 --- a/drivers/phy/qualcomm/phy-qcom-qmp-usbc.c +++ b/drivers/phy/qualcomm/phy-qcom-qmp-usbc.c @@ -1049,6 +1049,7 @@ static int qmp_usbc_probe(struct platform_device *pdev) return -ENOMEM; qmp->dev = dev; + dev_set_drvdata(dev, qmp); qmp->orientation = TYPEC_ORIENTATION_NORMAL; -- 2.44.2

1 year, 3 months

1
0
0 0

[PATCH 2/4] phy: qcom: qmp-usb-legacy: fix NULL-deref on runtime suspend

by Johan Hovold

Commit 413db06c05e7 ("phy: qcom-qmp-usb: clean up probe initialisation") removed most users of the platform device driver data from the qcom-qmp-usb driver, but mistakenly also removed the initialisation despite the data still being used in the runtime PM callbacks. This bug was later reproduced when the driver was copied to create the qmp-usb-legacy driver. Restore the driver data initialisation at probe to avoid a NULL-pointer dereference on runtime suspend. Apparently no one uses runtime PM, which currently needs to be enabled manually through sysfs, with these drivers. Fixes: e464a3180a43 ("phy: qcom-qmp-usb: split off the legacy USB+dp_com support") Cc: stable(a)vger.kernel.org # 6.6 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/phy/qualcomm/phy-qcom-qmp-usb-legacy.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-usb-legacy.c b/drivers/phy/qualcomm/phy-qcom-qmp-usb-legacy.c index 6d0ba39c1943..8bf951b0490c 100644 --- a/drivers/phy/qualcomm/phy-qcom-qmp-usb-legacy.c +++ b/drivers/phy/qualcomm/phy-qcom-qmp-usb-legacy.c @@ -1248,6 +1248,7 @@ static int qmp_usb_legacy_probe(struct platform_device *pdev) return -ENOMEM; qmp->dev = dev; + dev_set_drvdata(dev, qmp); qmp->cfg = of_device_get_match_data(dev); if (!qmp->cfg) -- 2.44.2

1 year, 3 months

1
0
0 0

[PATCH 1/4] phy: qcom: qmp-usb: fix NULL-deref on runtime suspend

by Johan Hovold

Commit 413db06c05e7 ("phy: qcom-qmp-usb: clean up probe initialisation") removed most users of the platform device driver data, but mistakenly also removed the initialisation despite the data still being used in the runtime PM callbacks. Restore the driver data initialisation at probe to avoid a NULL-pointer dereference on runtime suspend. Apparently no one uses runtime PM, which currently needs to be enabled manually through sysfs, with this driver. Fixes: 413db06c05e7 ("phy: qcom-qmp-usb: clean up probe initialisation") Cc: stable(a)vger.kernel.org # 6.2 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/phy/qualcomm/phy-qcom-qmp-usb.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/phy/qualcomm/phy-qcom-qmp-usb.c b/drivers/phy/qualcomm/phy-qcom-qmp-usb.c index 49f4a53f9b2c..76068393e4ba 100644 --- a/drivers/phy/qualcomm/phy-qcom-qmp-usb.c +++ b/drivers/phy/qualcomm/phy-qcom-qmp-usb.c @@ -2191,6 +2191,7 @@ static int qmp_usb_probe(struct platform_device *pdev) return -ENOMEM; qmp->dev = dev; + dev_set_drvdata(dev, qmp); qmp->cfg = of_device_get_match_data(dev); if (!qmp->cfg) -- 2.44.2

1 year, 3 months

1
0
0 0

[PATCH] perf/x86/intel: Allow to setup LBR for counting event for BPF

by kan.liang＠linux.intel.com

From: Kan Liang <kan.liang(a)linux.intel.com> The BPF subsystem may capture LBR data on a counting event. However, the current implementation assumes that LBR can/should only be used with sampling events. For instance, retsnoop tool ([0]) makes an extensive use of this functionality and sets up perf event as follows: struct perf_event_attr attr; memset(&attr, 0, sizeof(attr)); attr.size = sizeof(attr); attr.type = PERF_TYPE_HARDWARE; attr.config = PERF_COUNT_HW_CPU_CYCLES; attr.sample_type = PERF_SAMPLE_BRANCH_STACK; attr.branch_sample_type = PERF_SAMPLE_BRANCH_KERNEL; To limit the LBR for a sampling event is to avoid unnecessary branch stack setup for a counting event in the sample read. Because LBR is only read in the sampling event's overflow. Although in most cases LBR is used in sampling, there is no HW limit to bind LBR to the sampling mode. Allow an LBR setup for a counting event unless in the sample read mode. Fixes: 85846b27072d ("perf/x86: Add PERF_X86_EVENT_NEEDS_BRANCH_STACK flag") Reported-by: Andrii Nakryiko <andrii.nakryiko(a)gmail.com> Closes: https://lore.kernel.org/lkml/20240905180055.1221620-1-andrii@kernel.org/ Signed-off-by: Kan Liang <kan.liang(a)linux.intel.com> Cc: stable(a)vger.kernel.org --- arch/x86/events/intel/core.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c index 605ed19043ed..2b5ff112d8d1 100644 --- a/arch/x86/events/intel/core.c +++ b/arch/x86/events/intel/core.c @@ -3981,8 +3981,12 @@ static int intel_pmu_hw_config(struct perf_event *event) x86_pmu.pebs_aliases(event); } - if (needs_branch_stack(event) && is_sampling_event(event)) - event->hw.flags |= PERF_X86_EVENT_NEEDS_BRANCH_STACK; + if (needs_branch_stack(event)) { + /* Avoid branch stack setup for counting events in SAMPLE READ */ + if (is_sampling_event(event) || + !(event->attr.sample_type & PERF_SAMPLE_READ)) + event->hw.flags |= PERF_X86_EVENT_NEEDS_BRANCH_STACK; + } if (branch_sample_counters(event)) { struct perf_event *leader, *sibling; -- 2.38.1

1 year, 3 months

3
2
0 0

[PATCH v6 1/2] ufs: core: fix the issue of ICU failure

by peter.wang＠mediatek.com

From: Peter Wang <peter.wang(a)mediatek.com> When setting the ICU bit without using read-modify-write, SQRTCy will restart SQ again and receive an RTC return error code 2 (Failure - SQ not stopped). Additionally, the error log has been modified so that this type of error can be observed. Fixes: ab248643d3d6 ("scsi: ufs: core: Add error handling for MCQ mode") Cc: stable(a)vger.kernel.org Signed-off-by: Peter Wang <peter.wang(a)mediatek.com> Reviewed-by: Bao D. Nguyen <quic_nguyenb(a)quicinc.com> Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> --- drivers/ufs/core/ufs-mcq.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/drivers/ufs/core/ufs-mcq.c b/drivers/ufs/core/ufs-mcq.c index 5891cdacd0b3..3903947dbed1 100644 --- a/drivers/ufs/core/ufs-mcq.c +++ b/drivers/ufs/core/ufs-mcq.c @@ -539,7 +539,7 @@ int ufshcd_mcq_sq_cleanup(struct ufs_hba *hba, int task_tag) struct scsi_cmnd *cmd = lrbp->cmd; struct ufs_hw_queue *hwq; void __iomem *reg, *opr_sqd_base; - u32 nexus, id, val; + u32 nexus, id, val, rtc; int err; if (hba->quirks & UFSHCD_QUIRK_MCQ_BROKEN_RTC) @@ -569,17 +569,18 @@ int ufshcd_mcq_sq_cleanup(struct ufs_hba *hba, int task_tag) opr_sqd_base = mcq_opr_base(hba, OPR_SQD, id); writel(nexus, opr_sqd_base + REG_SQCTI); - /* SQRTCy.ICU = 1 */ - writel(SQ_ICU, opr_sqd_base + REG_SQRTC); + /* Initiate Cleanup */ + writel(readl(opr_sqd_base + REG_SQRTC) | SQ_ICU, + opr_sqd_base + REG_SQRTC); /* Poll SQRTSy.CUS = 1. Return result from SQRTSy.RTC */ reg = opr_sqd_base + REG_SQRTS; err = read_poll_timeout(readl, val, val & SQ_CUS, 20, MCQ_POLL_US, false, reg); - if (err) - dev_err(hba->dev, "%s: failed. hwq=%d, tag=%d err=%ld\n", - __func__, id, task_tag, - FIELD_GET(SQ_ICU_ERR_CODE_MASK, readl(reg))); + rtc = FIELD_GET(SQ_ICU_ERR_CODE_MASK, readl(reg)); + if (err || rtc) + dev_err(hba->dev, "%s: failed. hwq=%d, tag=%d err=%d RTC=%d\n", + __func__, id, task_tag, err, rtc); if (ufshcd_mcq_sq_start(hba, hwq)) err = -ETIMEDOUT; -- 2.45.2

1 year, 3 months

1
0
0 0

[PATCH 1/4] drm/xe/client: fix deadlock in show_meminfo()

by Matthew Auld

There is a real deadlock as well as sleeping in atomic() bug in here, if the bo put happens to be the last ref, since bo destruction wants to grab the same spinlock and sleeping locks. Fix that by dropping the ref using xe_bo_put_deferred(), and moving the final commit outside of the lock. Dropping the lock around the put is tricky since the bo can go out of scope and delete itself from the list, making it difficult to navigate to the next list entry. Fixes: 0845233388f8 ("drm/xe: Implement fdinfo memory stats printing") Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2727 Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Cc: Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> Cc: Tejas Upadhyay <tejas.upadhyay(a)intel.com> Cc: "Thomas Hellström" <thomas.hellstrom(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # v6.8+ --- drivers/gpu/drm/xe/xe_drm_client.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/xe/xe_drm_client.c b/drivers/gpu/drm/xe/xe_drm_client.c index e64f4b645e2e..badfa045ead8 100644 --- a/drivers/gpu/drm/xe/xe_drm_client.c +++ b/drivers/gpu/drm/xe/xe_drm_client.c @@ -196,6 +196,7 @@ static void show_meminfo(struct drm_printer *p, struct drm_file *file) struct xe_drm_client *client; struct drm_gem_object *obj; struct xe_bo *bo; + LLIST_HEAD(deferred); unsigned int id; u32 mem_type; @@ -215,11 +216,14 @@ static void show_meminfo(struct drm_printer *p, struct drm_file *file) list_for_each_entry(bo, &client->bos_list, client_link) { if (!kref_get_unless_zero(&bo->ttm.base.refcount)) continue; + bo_meminfo(bo, stats); - xe_bo_put(bo); + xe_bo_put_deferred(bo, &deferred); } spin_unlock(&client->bos_lock); + xe_bo_put_commit(&deferred); + for (mem_type = XE_PL_SYSTEM; mem_type < TTM_NUM_MEM_TYPES; ++mem_type) { if (!xe_mem_type_to_name[mem_type]) continue; -- 2.46.0

1 year, 3 months

3
7
0 0

[PATCH RESEND] soundwire: stream: Revert "soundwire: stream: fix programming slave ports for non-continous port maps"

by Krzysztof Kozlowski

This reverts commit ab8d66d132bc8f1992d3eb6cab8d32dda6733c84 because it breaks codecs using non-continuous masks in source and sink ports. The commit missed the point that port numbers are not used as indices for iterating over prop.sink_ports or prop.source_ports. Soundwire core and existing codecs expect that the array passed as prop.sink_ports and prop.source_ports is continuous. The port mask still might be non-continuous, but that's unrelated. Reported-by: Bard Liao <yung-chuan.liao(a)linux.intel.com> Closes: https://lore.kernel.org/all/b6c75eee-761d-44c8-8413-2a5b34ee2f98@linux.inte… Fixes: ab8d66d132bc ("soundwire: stream: fix programming slave ports for non-continous port maps") Acked-by: Bard Liao <yung-chuan.liao(a)linux.intel.com> Reviewed-by: Charles Keepax <ckeepax(a)opensource.cirrus.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> --- Resending with Ack/Rb tags and missing Cc-stable. --- drivers/soundwire/stream.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/soundwire/stream.c b/drivers/soundwire/stream.c index f275143d7b18..7aa4900dcf31 100644 --- a/drivers/soundwire/stream.c +++ b/drivers/soundwire/stream.c @@ -1291,18 +1291,18 @@ struct sdw_dpn_prop *sdw_get_slave_dpn_prop(struct sdw_slave *slave, unsigned int port_num) { struct sdw_dpn_prop *dpn_prop; - unsigned long mask; + u8 num_ports; int i; if (direction == SDW_DATA_DIR_TX) { - mask = slave->prop.source_ports; + num_ports = hweight32(slave->prop.source_ports); dpn_prop = slave->prop.src_dpn_prop; } else { - mask = slave->prop.sink_ports; + num_ports = hweight32(slave->prop.sink_ports); dpn_prop = slave->prop.sink_dpn_prop; } - for_each_set_bit(i, &mask, 32) { + for (i = 0; i < num_ports; i++) { if (dpn_prop[i].num == port_num) return &dpn_prop[i]; } -- 2.43.0

1 year, 3 months

3
4
0 0

Follow-up to "net: drop bad gso csum_start and offset in virtio_net_hdr" - backport for 5.15 needed

by Christian Theune

Hi, the issue was so far handled in https://lore.kernel.org/regressions/ZsyMzW-4ee_U8NoX@eldamar.lan/T/#m390d6e… and https://bugzilla.kernel.org/show_bug.cgi?id=219129 I haven’t seen any communication whether a backport for 5.15 is already in progress, so I thought I’d follow up here. Today we rolled out 5.15.165 and immediately ran into the same issue. There’s at least one other person asking for a 5.15 backport in Bugzilla. Hugs, Christian -- Christian Theune - A97C62CE - 0179 7808366 @theuni - christian(a)theune.cc

1 year, 3 months

4
9
0 0

[PATCH v5 2/2] ufs: core: requeue aborted request

by peter.wang＠mediatek.com

From: Peter Wang <peter.wang(a)mediatek.com> ufshcd_abort_all forcibly aborts all on-going commands and the host controller will automatically fill in the OCS field of the corresponding response with OCS_ABORTED based on different working modes. MCQ mode: aborts a command using SQ cleanup, The host controller will post a Completion Queue entry with OCS = ABORTED. SDB mode: aborts a command using UTRLCLR. Task Management response which means a Transfer Request was aborted. For these two cases, set a flag to notify SCSI to requeue the command after receiving response with OCS_ABORTED. Fixes: ab248643d3d6 ("scsi: ufs: core: Add error handling for MCQ mode") Cc: stable(a)vger.kernel.org Signed-off-by: Peter Wang <peter.wang(a)mediatek.com> --- drivers/ufs/core/ufshcd.c | 35 ++++++++++++++++++++--------------- include/ufs/ufshcd.h | 3 +++ 2 files changed, 23 insertions(+), 15 deletions(-) diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c index a6f818cdef0e..8380e8861d83 100644 --- a/drivers/ufs/core/ufshcd.c +++ b/drivers/ufs/core/ufshcd.c @@ -3006,6 +3006,7 @@ static int ufshcd_queuecommand(struct Scsi_Host *host, struct scsi_cmnd *cmd) ufshcd_prepare_lrbp_crypto(scsi_cmd_to_rq(cmd), lrbp); lrbp->req_abort_skip = false; + lrbp->abort_initiated_by_eh = false; ufshcd_comp_scsi_upiu(hba, lrbp); @@ -5404,7 +5405,10 @@ ufshcd_transfer_rsp_status(struct ufs_hba *hba, struct ufshcd_lrb *lrbp, } break; case OCS_ABORTED: - result |= DID_ABORT << 16; + if (lrbp->abort_initiated_by_eh) + result |= DID_REQUEUE << 16; + else + result |= DID_ABORT << 16; break; case OCS_INVALID_COMMAND_STATUS: result |= DID_REQUEUE << 16; @@ -6471,26 +6475,12 @@ static bool ufshcd_abort_one(struct request *rq, void *priv) struct scsi_device *sdev = cmd->device; struct Scsi_Host *shost = sdev->host; struct ufs_hba *hba = shost_priv(shost); - struct ufshcd_lrb *lrbp = &hba->lrb[tag]; - struct ufs_hw_queue *hwq; - unsigned long flags; *ret = ufshcd_try_to_abort_task(hba, tag); dev_err(hba->dev, "Aborting tag %d / CDB %#02x %s\n", tag, hba->lrb[tag].cmd ? hba->lrb[tag].cmd->cmnd[0] : -1, *ret ? "failed" : "succeeded"); - /* Release cmd in MCQ mode if abort succeeds */ - if (hba->mcq_enabled && (*ret == 0)) { - hwq = ufshcd_mcq_req_to_hwq(hba, scsi_cmd_to_rq(lrbp->cmd)); - if (!hwq) - return 0; - spin_lock_irqsave(&hwq->cq_lock, flags); - if (ufshcd_cmd_inflight(lrbp->cmd)) - ufshcd_release_scsi_cmd(hba, lrbp); - spin_unlock_irqrestore(&hwq->cq_lock, flags); - } - return *ret == 0; } @@ -7561,6 +7551,21 @@ int ufshcd_try_to_abort_task(struct ufs_hba *hba, int tag) goto out; } + /* + * When the host software receives a "FUNCTION COMPLETE", set flag + * to requeue command after receive response with OCS_ABORTED + * SDB mode: UTRLCLR Task Management response which means a Transfer + * Request was aborted. + * MCQ mode: Host will post to CQ with OCS_ABORTED after SQ cleanup + * + * This flag is set because error handler ufshcd_abort_all forcibly + * aborts all commands, and the host controller will automatically + * fill in the OCS field of the corresponding response with OCS_ABORTED. + * Therefore, upon receiving this response, it needs to be requeued. + */ + if (!err) + lrbp->abort_initiated_by_eh = true; + err = ufshcd_clear_cmd(hba, tag); if (err) dev_err(hba->dev, "%s: Failed clearing cmd at tag %d, err %d\n", diff --git a/include/ufs/ufshcd.h b/include/ufs/ufshcd.h index 0fd2aebac728..07b5e60e6c44 100644 --- a/include/ufs/ufshcd.h +++ b/include/ufs/ufshcd.h @@ -173,6 +173,8 @@ struct ufs_pm_lvl_states { * @crypto_key_slot: the key slot to use for inline crypto (-1 if none) * @data_unit_num: the data unit number for the first block for inline crypto * @req_abort_skip: skip request abort task flag + * @abort_initiated_by_eh: The flag is specifically used to handle + * ufshcd_err_handler forcibly aborts. */ struct ufshcd_lrb { struct utp_transfer_req_desc *utr_descriptor_ptr; @@ -202,6 +204,7 @@ struct ufshcd_lrb { #endif bool req_abort_skip; + bool abort_initiated_by_eh; }; /** -- 2.45.2

1 year, 3 months

1
0
0 0

[PATCH v5 1/2] ufs: core: fix the issue of ICU failure

by peter.wang＠mediatek.com

From: Peter Wang <peter.wang(a)mediatek.com> When setting the ICU bit without using read-modify-write, SQRTCy will restart SQ again and receive an RTC return error code 2 (Failure - SQ not stopped). Additionally, the error log has been modified so that this type of error can be observed. Fixes: ab248643d3d6 ("scsi: ufs: core: Add error handling for MCQ mode") Cc: stable(a)vger.kernel.org Signed-off-by: Peter Wang <peter.wang(a)mediatek.com> Reviewed-by: Bao D. Nguyen <quic_nguyenb(a)quicinc.com> Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> --- drivers/ufs/core/ufs-mcq.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/drivers/ufs/core/ufs-mcq.c b/drivers/ufs/core/ufs-mcq.c index 5891cdacd0b3..3903947dbed1 100644 --- a/drivers/ufs/core/ufs-mcq.c +++ b/drivers/ufs/core/ufs-mcq.c @@ -539,7 +539,7 @@ int ufshcd_mcq_sq_cleanup(struct ufs_hba *hba, int task_tag) struct scsi_cmnd *cmd = lrbp->cmd; struct ufs_hw_queue *hwq; void __iomem *reg, *opr_sqd_base; - u32 nexus, id, val; + u32 nexus, id, val, rtc; int err; if (hba->quirks & UFSHCD_QUIRK_MCQ_BROKEN_RTC) @@ -569,17 +569,18 @@ int ufshcd_mcq_sq_cleanup(struct ufs_hba *hba, int task_tag) opr_sqd_base = mcq_opr_base(hba, OPR_SQD, id); writel(nexus, opr_sqd_base + REG_SQCTI); - /* SQRTCy.ICU = 1 */ - writel(SQ_ICU, opr_sqd_base + REG_SQRTC); + /* Initiate Cleanup */ + writel(readl(opr_sqd_base + REG_SQRTC) | SQ_ICU, + opr_sqd_base + REG_SQRTC); /* Poll SQRTSy.CUS = 1. Return result from SQRTSy.RTC */ reg = opr_sqd_base + REG_SQRTS; err = read_poll_timeout(readl, val, val & SQ_CUS, 20, MCQ_POLL_US, false, reg); - if (err) - dev_err(hba->dev, "%s: failed. hwq=%d, tag=%d err=%ld\n", - __func__, id, task_tag, - FIELD_GET(SQ_ICU_ERR_CODE_MASK, readl(reg))); + rtc = FIELD_GET(SQ_ICU_ERR_CODE_MASK, readl(reg)); + if (err || rtc) + dev_err(hba->dev, "%s: failed. hwq=%d, tag=%d err=%d RTC=%d\n", + __func__, id, task_tag, err, rtc); if (ufshcd_mcq_sq_start(hba, hwq)) err = -ETIMEDOUT; -- 2.45.2

1 year, 3 months

1
0
0 0

[PATCH] fbdev/xen-fbfront: Assign fb_info->device

by Jason Andryuk

From: Jason Andryuk <jason.andryuk(a)amd.com> Probing xen-fbfront faults in video_is_primary_device(). The passed-in struct device is NULL since xen-fbfront doesn't assign it and the memory is kzalloc()-ed. Assign fb_info->device to avoid this. This was exposed by the conversion of fb_is_primary_device() to video_is_primary_device() which dropped a NULL check for struct device. Fixes: f178e96de7f0 ("arch: Remove struct fb_info from video helpers") Reported-by: Arthur Borsboom <arthurborsboom(a)gmail.com> Closes: https://lore.kernel.org/xen-devel/CALUcmUncX=LkXWeiSiTKsDY-cOe8QksWhFvcCneO… Tested-by: Arthur Borsboom <arthurborsboom(a)gmail.com> CC: stable(a)vger.kernel.org Signed-off-by: Jason Andryuk <jason.andryuk(a)amd.com> --- The other option would be to re-instate the NULL check in video_is_primary_device() --- drivers/video/fbdev/xen-fbfront.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/video/fbdev/xen-fbfront.c b/drivers/video/fbdev/xen-fbfront.c index 66d4628a96ae..c90f48ebb15e 100644 --- a/drivers/video/fbdev/xen-fbfront.c +++ b/drivers/video/fbdev/xen-fbfront.c @@ -407,6 +407,7 @@ static int xenfb_probe(struct xenbus_device *dev, /* complete the abuse: */ fb_info->pseudo_palette = fb_info->par; fb_info->par = info; + fb_info->device = &dev->dev; fb_info->screen_buffer = info->fb; -- 2.43.0

1 year, 3 months

6
8
0 0

[PATCH 5.10 000/151] 5.10.225-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.225 release. There are 151 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Tue, 03 Sep 2024 16:07:34 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.225-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.225-rc1 Guenter Roeck <linux(a)roeck-us.net> apparmor: fix policy_unpack_test on big endian systems Ben Hutchings <benh(a)debian.org> scsi: aacraid: Fix double-free on probe failure Zijun Hu <quic_zijuhu(a)quicinc.com> usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> usb: dwc3: st: add missing depopulate in probe error path Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> usb: dwc3: st: fix probed platform device ref count on probe error path Selvarasu Ganesan <selvarasu.g(a)samsung.com> usb: dwc3: core: Prevent USB core invalid event buffer address access Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> usb: dwc3: omap: add missing depopulate in probe error path ZHANG Yuntian <yt(a)radxa.com> USB: serial: option: add MeiG Smart SRM825L Ian Ray <ian.ray(a)gehealthcare.com> cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller Volodymyr Babchuk <Volodymyr_Babchuk(a)epam.com> soc: qcom: cmd-db: Map shared memory as WC, not WB Aleksandr Mishin <amishin(a)t-argos.ru> nfc: pn533: Add poll mod list filling check Eric Dumazet <edumazet(a)google.com> net: busy-poll: use ktime_get_ns() instead of local_clock() Cong Wang <cong.wang(a)bytedance.com> gtp: fix a potential NULL pointer dereference Jamie Bainbridge <jamie.bainbridge(a)gmail.com> ethtool: check device is present when getting link settings Serge Semin <fancer.lancer(a)gmail.com> dmaengine: dw: Add memory bus width verification Serge Semin <fancer.lancer(a)gmail.com> dmaengine: dw: Add peripheral bus width verification Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soundwire: stream: fix programming slave ports for non-continous port maps Miklos Szeredi <mszeredi(a)redhat.com> ovl: do not fail because of O_NOATIME Allison Henderson <allison.henderson(a)oracle.com> net:rds: Fix possible deadlock in rds_message_put Chen Ridong <chenridong(a)huawei.com> cgroup/cpuset: Prevent UAF in proc_cpuset_show() Niklas Cassel <cassel(a)kernel.org> ata: libata-core: Fix null pointer dereference on error Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "Input: ioc3kbd - convert to platform remove callback returning void" Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Fix integer overflow calculating timestamp Alex Deucher <alexander.deucher(a)amd.com> drm/amdkfd: don't allow mapping the MMIO HDP page with large pages Rafael Aquini <aquini(a)redhat.com> ipc: replace costly bailout check in sysvipc_find_ipc() Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: sched: check both backup in retrans Sascha Hauer <s.hauer(a)pengutronix.de> wifi: mwifiex: duplicate static structs used in driver instances Ma Ke <make24(a)iscas.ac.cn> pinctrl: single: fix potential NULL dereference in pcs_get_function() Huang-Huang Bao <i(a)eh5.me> pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins Sami Tolvanen <samitolvanen(a)google.com> KVM: arm64: Don't use cbz/adr with external symbols Jesse Zhang <jesse.zhang(a)amd.com> drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc Alexander Lobakin <aleksander.lobakin(a)intel.com> tools: move alignment-related macros to new <linux/align.h> Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Input: MT - limit max slots Lee, Chun-Yi <joeyli.kernel(a)gmail.com> Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO Kuniyuki Iwashima <kuniyu(a)amazon.com> nfsd: Don't call freezable_schedule_timeout() after each successful page allocation in svc_alloc_arg(). Takashi Iwai <tiwai(a)suse.de> ALSA: timer: Relax start tick time check for slave timer elements Alex Hung <alex.hung(a)amd.com> Revert "drm/amd/display: Validate hw_points_num before using it" Ben Whitten <ben.whitten(a)gmail.com> mmc: dw_mmc: allow biu and ciu clocks to defer Marc Zyngier <maz(a)kernel.org> KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 Nikolay Kuratov <kniv(a)yandex-team.ru> cxgb4: add forgotten u64 ivlan cast before shift Siarhei Vishniakou <svv(a)google.com> HID: microsoft: Add rumble support to latest xbox controllers Jason Gerecke <jason.gerecke(a)wacom.com> HID: wacom: Defer calculation of resolution until resolution_code is known Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: Loongson64: Set timer mode in cpu-probe Laurent Vivier <laurent(a)vivier.eu> binfmt_misc: pass binfmt_misc flags to the interpreter Griffin Kroah-Hartman <griffin(a)kroah.com> Bluetooth: MGMT: Add error handling to pair_device() Dan Carpenter <dan.carpenter(a)linaro.org> mmc: mmc_test: Fix NULL dereference on allocation failure Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm/msm/dp: reset the link phy params before link training Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: don't play tricks with debug macros Sean Anderson <sean.anderson(a)linux.dev> net: xilinx: axienet: Fix dangling multicast addresses Sean Anderson <sean.anderson(a)linux.dev> net: xilinx: axienet: Always disable promiscuous mode Eric Dumazet <edumazet(a)google.com> ipv6: prevent UAF in ip6_send_skb() Stephen Hemminger <stephen(a)networkplumber.org> netem: fix return value if duplicate enqueue fails Joseph Huang <Joseph.Huang(a)garmin.com> net: dsa: mv88e6xxx: Fix out-of-bound access Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: mv88e6xxx: replace ATU violation prints with trace points Hans J. Schultz <netdev(a)kapio-technology.com> net: dsa: mv88e6xxx: read FID when handling ATU violations Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: fix ICE_LAST_OFFSET formula Nikolay Aleksandrov <razor(a)blackwall.org> bonding: fix xfrm state handling when clearing active slave Nikolay Aleksandrov <razor(a)blackwall.org> bonding: fix xfrm real_dev null pointer dereference Nikolay Aleksandrov <razor(a)blackwall.org> bonding: fix null pointer deref in bond_ipsec_offload_ok Nikolay Aleksandrov <razor(a)blackwall.org> bonding: fix bond_ipsec_offload_ok return type Thomas Bogendoerfer <tbogendoerfer(a)suse.de> ip6_tunnel: Fix broken GRO Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> netfilter: nft_counter: Synchronize nft_counter_reset() against reader. Kuniyuki Iwashima <kuniyu(a)amazon.com> kcm: Serialise kcm_sendmsg() for the same socket. Simon Horman <horms(a)kernel.org> tc-testing: don't access non-existent variable on exception Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SMP: Fix assumption of Central always being Initiator Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_core: Fix LE quote calculation Mikulas Patocka <mpatocka(a)redhat.com> dm suspend: return -ERESTARTSYS instead of -EINTR Aurelien Jarno <aurelien(a)aurel32.net> media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) Tetsuo Handa <penguin-kernel(a)i-love.sakura.ne.jp> block: use "unsigned long" for blk_validate_block_size(). Eric Dumazet <edumazet(a)google.com> gtp: pull network headers in gtp_dev_xmit() Phil Chang <phil.chang(a)mediatek.com> hrtimer: Prevent queuing of hrtimer without a function callback Sagi Grimberg <sagi(a)grimberg.me> nvmet-rdma: fix possible bad dereference when freeing rsps Baokun Li <libaokun1(a)huawei.com> ext4: set the type of max_zeroout to unsigned int to avoid overflow Guanrui Huang <guanrui.huang(a)linux.alibaba.com> irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc Abdulrasaq Lawani <abdulrasaqolawani(a)gmail.com> fbdev: offb: replace of_node_put with __free(device_node) Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: dwc3: core: Skip setting event buffers for host only controllers Alexander Gordeev <agordeev(a)linux.ibm.com> s390/iucv: fix receive buffer virtual vs physical address confusion Oreoluwa Babatunde <quic_obabatun(a)quicinc.com> openrisc: Call setup_memory() earlier in the init sequence NeilBrown <neilb(a)suse.de> NFS: avoid infinite loop in pnfs_update_layout. Hannes Reinecke <hare(a)suse.de> nvmet-tcp: do not continue for invalid icreq Jian Shen <shenjian15(a)huawei.com> net: hns3: add checking for vf id of mailbox Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: bnep: Fix out-of-bound access Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> usb: gadget: fsl: Increase size of name buffer for endpoints Zhiguo Niu <zhiguo.niu(a)unisoc.com> f2fs: fix to do sanity check in update_sit_entry David Sterba <dsterba(a)suse.com> btrfs: delete pointless BUG_ON check on quota root in btrfs_qgroup_account_extent() David Sterba <dsterba(a)suse.com> btrfs: send: handle unexpected data in header buffer in begin_cmd() David Sterba <dsterba(a)suse.com> btrfs: handle invalid root reference found in may_destroy_subvol() David Sterba <dsterba(a)suse.com> btrfs: change BUG_ON to assertion when checking for delayed_node root Michael Ellerman <mpe(a)ellerman.id.au> powerpc/boot: Only free if realloc() succeeds Li zeming <zeming(a)nfschina.com> powerpc/boot: Handle allocation failure in simple_realloc() Helge Deller <deller(a)gmx.de> parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367 Christophe Kerello <christophe.kerello(a)foss.st.com> memory: stm32-fmc2-ebi: check regmap_read return value Kees Cook <keescook(a)chromium.org> x86: Increase brk randomness entropy for 64-bit systems Li Nan <linan122(a)huawei.com> md: clean up invalid BUG_ON in md_ioctl Eric Dumazet <edumazet(a)google.com> netlink: hold nlk->cb_mutex longer in __netlink_dump_start() Stefan Hajnoczi <stefanha(a)redhat.com> virtiofs: forbid newlines in tags Erico Nunes <nunes.erico(a)gmail.com> drm/lima: set gp bus_stop bit before hard reset Kees Cook <keescook(a)chromium.org> net/sun3_82586: Avoid reading past buffer in debug output Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Initialize status local variable in lpfc_sli4_repost_sgl_list() Max Filippov <jcmvbkbc(a)gmail.com> fs: binfmt_elf_efpic: don't use missing interpreter's properties Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: pci: cx23885: check cx23885_vdev_init() return Jan Kara <jack(a)suse.cz> quota: Remove BUG_ON from dqget() Baokun Li <libaokun1(a)huawei.com> ext4: do not trim the group with corrupted block bitmap Daniel Wagner <dwagner(a)suse.de> nvmet-trace: avoid dereferencing pointer too early Kunwu Chan <chentao(a)kylinos.cn> powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu Chengfeng Ye <dg573847474(a)gmail.com> IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: abort scan when rfkill on but device enabled Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: setattr_chown: Add missing initialization Mike Christie <michael.christie(a)oracle.com> scsi: spi: Fix sshdr use Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: qcom: venus: fix incorrect return value Christian Brauner <christian.brauner(a)ubuntu.com> binfmt_misc: cleanup on filesystem umount Chengfeng Ye <dg573847474(a)gmail.com> staging: ks7010: disable bh on tx_dev_lock Alex Hung <alex.hung(a)amd.com> drm/amd/display: Validate hw_points_num before using it David Lechner <dlechner(a)baylibre.com> staging: iio: resolver: ad2s1210: fix use before initialization Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: radio-isa: use dev_name to fill in bus_info Heiko Carstens <hca(a)linux.ibm.com> s390/smp,mcck: fix early IPI handling Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/rtrs: Fix the problem of variable not initialized fully Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: riic: avoid potential division by zero Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: cw1200: Avoid processing an invalid TIM IE Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix BA session teardown race Rand Deeb <rand.sec96(a)gmail.com> ssb: Fix division by zero issue in ssb_calc_clock_rate Parsa Poorshikhian <parsa.poorsh(a)gmail.com> ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 Jie Wang <wangjie125(a)huawei.com> net: hns3: fix a deadlock problem when config TC during resetting Jie Wang <wangjie125(a)huawei.com> net: hns3: fix wrong use of semaphore up Donald Hunter <donald.hunter(a)gmail.com> netfilter: flowtable: initialise extack before use Eugene Syromiatnikov <esyr(a)redhat.com> mptcp: correct MPTCP_SUBFLOW_ATTR_SSN_OFFSET reserved size Pawel Dembicki <paweldembicki(a)gmail.com> net: dsa: vsc73xx: check busy flag in MDIO operations Pawel Dembicki <paweldembicki(a)gmail.com> net: dsa: vsc73xx: use read_poll_timeout instead delay loop Pawel Dembicki <paweldembicki(a)gmail.com> net: dsa: vsc73xx: pass value in phy_write operation Radhey Shyam Pandey <radhey.shyam.pandey(a)amd.com> net: axienet: Fix register defines comment description Dan Carpenter <dan.carpenter(a)linaro.org> atm: idt77252: prevent use after free in dequeue_rx() Cosmin Ratiu <cratiu(a)nvidia.com> net/mlx5e: Correctly report errors for ethtool rx flows Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/uv: Panic for set and remove shared access UVC errors Alexander Lobakin <aleksander.lobakin(a)intel.com> btrfs: rename bitmap_set_bits() -> btrfs_bitmap_set_bits() Alexander Lobakin <aleksander.lobakin(a)intel.com> s390/cio: rename bitmap_size() -> idset_bitmap_size() Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/jpeg2: properly set atomics vmid field Al Viro <viro(a)zeniv.linux.org.uk> memcg_write_event_control(): fix a user-triggerable oops Bas Nieuwenhuizen <bas(a)basnieuwenhuizen.nl> drm/amdgpu: Actually check flags for all context ops. Qu Wenruo <wqu(a)suse.com> btrfs: tree-checker: add dev extent item checks Zhen Lei <thunder.leizhen(a)huawei.com> selinux: fix potential counting error in avc_add_xperms_decision() Al Viro <viro(a)zeniv.linux.org.uk> fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE Alexander Lobakin <aleksander.lobakin(a)intel.com> bitmap: introduce generic optimized bitmap_size() Zhihao Cheng <chengzhihao1(a)huawei.com> vfs: Don't evict inode under the inode lru traversing context Mikulas Patocka <mpatocka(a)redhat.com> dm persistent data: fix memory allocation failure Khazhismel Kumykov <khazhy(a)google.com> dm resume: don't return EINVAL when signalled Haibo Xu <haibo1.xu(a)intel.com> arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to NUMA_NO_NODE Stefan Haberland <sth(a)linux.ibm.com> s390/dasd: fix error recovery leading to data corruption on ESE devices Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Mark XDomain as unplugged when router is removed Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration Juan José Arboleda <soyjuanarbol(a)gmail.com> ALSA: usb-audio: Support Yamaha P-125 quirk entry Jann Horn <jannh(a)google.com> fuse: Initialize beyond-EOF page contents before setting uptodate ------------- Diffstat: Makefile | 4 +- arch/arm64/kernel/acpi_numa.c | 2 +- arch/arm64/kvm/hyp/entry.S | 6 +- arch/arm64/kvm/sys_regs.c | 6 + arch/arm64/kvm/vgic/vgic.h | 7 + arch/mips/kernel/cpu-probe.c | 4 + arch/openrisc/kernel/setup.c | 6 +- arch/parisc/kernel/irq.c | 4 +- arch/powerpc/boot/simple_alloc.c | 7 +- arch/powerpc/sysdev/xics/icp-native.c | 2 + arch/s390/include/asm/uv.h | 5 +- arch/s390/kernel/early.c | 12 +- arch/s390/kernel/smp.c | 4 +- arch/x86/kernel/process.c | 5 +- drivers/ata/libata-core.c | 3 + drivers/atm/idt77252.c | 9 +- drivers/bluetooth/hci_ldisc.c | 3 +- drivers/dma/dw/core.c | 89 ++++++++- drivers/gpu/drm/amd/amdgpu/amdgpu_ctx.c | 8 + drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 3 +- drivers/gpu/drm/amd/amdgpu/jpeg_v2_0.c | 4 +- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 5 +- drivers/gpu/drm/lima/lima_gp.c | 12 ++ drivers/gpu/drm/msm/disp/dpu1/dpu_kms.h | 14 +- drivers/gpu/drm/msm/dp/dp_ctrl.c | 2 + drivers/hid/hid-ids.h | 10 +- drivers/hid/hid-microsoft.c | 11 +- drivers/hid/wacom_wac.c | 4 +- drivers/i2c/busses/i2c-riic.c | 2 +- drivers/infiniband/hw/hfi1/chip.c | 5 +- drivers/infiniband/ulp/rtrs/rtrs.c | 2 +- drivers/input/input-mt.c | 3 + drivers/input/serio/ioc3kbd.c | 6 +- drivers/irqchip/irq-gic-v3-its.c | 2 - drivers/md/dm-clone-metadata.c | 5 - drivers/md/dm-ioctl.c | 22 ++- drivers/md/dm.c | 4 +- drivers/md/md.c | 5 - drivers/md/persistent-data/dm-space-map-metadata.c | 4 +- drivers/media/pci/cx23885/cx23885-video.c | 8 + drivers/media/pci/solo6x10/solo6x10-offsets.h | 10 +- drivers/media/platform/qcom/venus/pm_helpers.c | 2 +- drivers/media/radio/radio-isa.c | 2 +- drivers/media/usb/uvc/uvc_video.c | 10 +- drivers/memory/stm32-fmc2-ebi.c | 122 ++++++++---- drivers/mmc/core/mmc_test.c | 9 +- drivers/mmc/host/dw_mmc.c | 8 + drivers/net/bonding/bond_main.c | 21 +- drivers/net/bonding/bond_options.c | 2 +- drivers/net/dsa/mv88e6xxx/Makefile | 4 + drivers/net/dsa/mv88e6xxx/global1_atu.c | 82 ++++++-- drivers/net/dsa/mv88e6xxx/trace.c | 6 + drivers/net/dsa/mv88e6xxx/trace.h | 66 +++++++ drivers/net/dsa/vitesse-vsc73xx-core.c | 69 +++++-- drivers/net/ethernet/chelsio/cxgb4/cxgb4_filter.c | 3 +- drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 3 + .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 4 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 7 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 4 +- drivers/net/ethernet/i825xx/sun3_82586.c | 2 +- drivers/net/ethernet/intel/ice/ice_txrx.c | 2 +- .../ethernet/mellanox/mlx5/core/en_fs_ethtool.c | 2 +- drivers/net/ethernet/xilinx/xilinx_axienet.h | 17 +- drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 25 +-- drivers/net/gtp.c | 5 +- drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 2 +- drivers/net/wireless/marvell/mwifiex/cfg80211.c | 32 ++- drivers/net/wireless/st/cw1200/txrx.c | 2 +- drivers/nfc/pn533/pn533.c | 5 + drivers/nvme/target/rdma.c | 16 +- drivers/nvme/target/tcp.c | 1 + drivers/nvme/target/trace.c | 6 +- drivers/nvme/target/trace.h | 28 +-- drivers/pinctrl/pinctrl-rockchip.c | 2 +- drivers/pinctrl/pinctrl-single.c | 2 + drivers/s390/block/dasd.c | 36 ++-- drivers/s390/block/dasd_3990_erp.c | 10 +- drivers/s390/block/dasd_eckd.c | 57 +++--- drivers/s390/block/dasd_int.h | 2 +- drivers/s390/cio/idset.c | 12 +- drivers/scsi/aacraid/comminit.c | 2 + drivers/scsi/lpfc/lpfc_sli.c | 2 +- drivers/scsi/scsi_transport_spi.c | 4 +- drivers/soc/qcom/cmd-db.c | 2 +- drivers/soundwire/stream.c | 8 +- drivers/ssb/main.c | 2 +- drivers/staging/iio/resolver/ad2s1210.c | 7 +- drivers/staging/ks7010/ks7010_sdio.c | 4 +- drivers/thunderbolt/switch.c | 1 + drivers/usb/class/cdc-acm.c | 3 + drivers/usb/core/sysfs.c | 1 + drivers/usb/dwc3/core.c | 21 ++ drivers/usb/dwc3/dwc3-omap.c | 4 +- drivers/usb/dwc3/dwc3-st.c | 16 +- drivers/usb/gadget/udc/fsl_udc_core.c | 2 +- drivers/usb/host/xhci.c | 8 +- drivers/usb/serial/option.c | 5 + drivers/video/fbdev/offb.c | 3 +- fs/binfmt_elf.c | 5 +- fs/binfmt_elf_fdpic.c | 7 +- fs/binfmt_misc.c | 220 ++++++++++++++++----- fs/btrfs/delayed-inode.c | 2 +- fs/btrfs/free-space-cache.c | 8 +- fs/btrfs/inode.c | 9 +- fs/btrfs/qgroup.c | 2 - fs/btrfs/send.c | 7 +- fs/btrfs/tree-checker.c | 69 +++++++ fs/ext4/extents.c | 3 +- fs/ext4/mballoc.c | 3 + fs/f2fs/segment.c | 5 +- fs/file.c | 28 ++- fs/fuse/dev.c | 6 +- fs/fuse/virtio_fs.c | 10 + fs/gfs2/inode.c | 2 +- fs/inode.c | 39 +++- fs/nfs/pnfs.c | 8 + fs/overlayfs/file.c | 11 +- fs/quota/dquot.c | 5 +- include/linux/binfmts.h | 4 + include/linux/bitmap.h | 20 +- include/linux/blkdev.h | 2 +- include/linux/cpumask.h | 2 +- include/linux/fs.h | 5 + include/net/busy_poll.h | 2 +- include/net/kcm.h | 1 + include/uapi/linux/binfmts.h | 4 + ipc/util.c | 16 +- kernel/cgroup/cpuset.c | 13 +- kernel/time/hrtimer.c | 2 + lib/math/prime_numbers.c | 2 - mm/memcontrol.c | 7 +- net/bluetooth/bnep/core.c | 3 +- net/bluetooth/hci_core.c | 19 +- net/bluetooth/mgmt.c | 4 + net/bluetooth/smp.c | 146 +++++++------- net/core/net-sysfs.c | 2 +- net/ethtool/ioctl.c | 3 + net/ipv6/ip6_output.c | 2 + net/ipv6/ip6_tunnel.c | 12 +- net/iucv/iucv.c | 3 +- net/kcm/kcmsock.c | 4 + net/mac80211/agg-tx.c | 6 +- net/mac80211/driver-ops.c | 3 - net/mac80211/sta_info.c | 14 ++ net/mptcp/diag.c | 2 +- net/mptcp/protocol.c | 2 +- net/netfilter/nf_flow_table_offload.c | 2 +- net/netfilter/nft_counter.c | 5 + net/netlink/af_netlink.c | 13 +- net/rds/recv.c | 13 +- net/sched/sch_netem.c | 47 +++-- net/sunrpc/svc_xprt.c | 2 +- security/apparmor/policy_unpack_test.c | 6 +- security/selinux/avc.c | 2 +- sound/core/timer.c | 2 +- sound/pci/hda/patch_realtek.c | 1 - sound/usb/quirks-table.h | 1 + tools/include/linux/align.h | 12 ++ tools/include/linux/bitmap.h | 9 +- tools/testing/selftests/core/close_range_test.c | 35 ++++ tools/testing/selftests/tc-testing/tdc.py | 1 - 161 files changed, 1422 insertions(+), 597 deletions(-)

1 year, 3 months

7
164
0 0

[PATCH net] net: tighten bad gso csum offset check in virtio_net_hdr

by Willem de Bruijn

From: Willem de Bruijn <willemb(a)google.com> The referenced commit drops bad input, but has false positives. Tighten the check to avoid these. The check detects illegal checksum offload requests, which produce csum_start/csum_off beyond end of packet after segmentation. But it is based on two incorrect assumptions: 1. virtio_net_hdr_to_skb with VIRTIO_NET_HDR_GSO_TCP[46] implies GSO. True in callers that inject into the tx path, such as tap. But false in callers that inject into rx, like virtio-net. Here, the flags indicate GRO, and CHECKSUM_UNNECESSARY or CHECKSUM_NONE without VIRTIO_NET_HDR_F_NEEDS_CSUM is normal. 2. TSO requires checksum offload, i.e., ip_summed == CHECKSUM_PARTIAL. False, as tcp[46]_gso_segment will fix up csum_start and offset for all other ip_summed by calling __tcp_v4_send_check. Because of 2, we can limit the scope of the fix to virtio_net_hdr that do try to set these fields, with a bogus value. Link: https://lore.kernel.org/netdev/20240909094527.GA3048202@port70.net/ Fixes: 89add40066f9 ("net: drop bad gso csum_start and offset in virtio_net_hdr") Signed-off-by: Willem de Bruijn <willemb(a)google.com> Cc: <stable(a)vger.kernel.net> --- Verified that the syzbot repro is still caught. An equivalent alternative would be to move the check for csum_offset to where the csum_start check is in segmentation: - if (unlikely(skb_checksum_start(skb) != skb_transport_header(skb))) + if (unlikely(skb_checksum_start(skb) != skb_transport_header(skb) || + skb->csum_offset != offsetof(struct tcphdr, check))) Cleaner, but messier stable backport. We'll need an equivalent patch to this for VIRTIO_NET_HDR_GSO_UDP_L4. But that csum_offset test was in a different commit, so different Fixes tag. --- include/linux/virtio_net.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/linux/virtio_net.h b/include/linux/virtio_net.h index 6c395a2600e8d..276ca543ef44d 100644 --- a/include/linux/virtio_net.h +++ b/include/linux/virtio_net.h @@ -173,7 +173,8 @@ static inline int virtio_net_hdr_to_skb(struct sk_buff *skb, break; case SKB_GSO_TCPV4: case SKB_GSO_TCPV6: - if (skb->csum_offset != offsetof(struct tcphdr, check)) + if (skb->ip_summed == CHECKSUM_PARTIAL && + skb->csum_offset != offsetof(struct tcphdr, check)) return -EINVAL; break; } -- 2.46.0.598.g6f2099f65c-goog

1 year, 3 months

6
10
0 0

[PATCH v2 3/3] block: fix ordering between checking BLK_MQ_S_STOPPED and adding requests

by Muchun Song

Supposing first scenario with a virtio_blk driver. CPU0 CPU1 blk_mq_try_issue_directly() __blk_mq_issue_directly() q->mq_ops->queue_rq() virtio_queue_rq() blk_mq_stop_hw_queue() virtblk_done() blk_mq_request_bypass_insert() blk_mq_start_stopped_hw_queues() /* Add IO request to dispatch list */ 1) store blk_mq_start_stopped_hw_queue() clear_bit(BLK_MQ_S_STOPPED) 3) store blk_mq_run_hw_queue() blk_mq_run_hw_queue() if (!blk_mq_hctx_has_pending()) if (!blk_mq_hctx_has_pending()) 4) load return return blk_mq_sched_dispatch_requests() blk_mq_sched_dispatch_requests() if (blk_mq_hctx_stopped()) 2) load if (blk_mq_hctx_stopped()) return return __blk_mq_sched_dispatch_requests() __blk_mq_sched_dispatch_requests() Supposing another scenario. CPU0 CPU1 blk_mq_requeue_work() /* Add IO request to dispatch list */ 1) store virtblk_done() blk_mq_run_hw_queues()/blk_mq_delay_run_hw_queues() blk_mq_start_stopped_hw_queues() if (blk_mq_hctx_stopped()) 2) load blk_mq_start_stopped_hw_queue() continue clear_bit(BLK_MQ_S_STOPPED) 3) store blk_mq_run_hw_queue()/blk_mq_delay_run_hw_queue() blk_mq_run_hw_queue() if (!blk_mq_hctx_has_pending()) 4) load return blk_mq_sched_dispatch_requests() Both scenarios are similar, the full memory barrier should be inserted between 1) and 2), as well as between 3) and 4) to make sure that either CPU0 sees BLK_MQ_S_STOPPED is cleared or CPU1 sees dispatch list. Otherwise, either CPU will not rerun the hardware queue causing starvation of the request. The easy way to fix it is to add the essential full memory barrier into helper of blk_mq_hctx_stopped(). In order to not affect the fast path (hardware queue is not stopped most of the time), we only insert the barrier into the slow path. Actually, only slow path needs to care about missing of dispatching the request to the low-level device driver. Fixes: 320ae51feed5c ("blk-mq: new multi-queue block IO queueing mechanism") Cc: stable(a)vger.kernel.org Cc: Muchun Song <muchun.song(a)linux.dev> Signed-off-by: Muchun Song <songmuchun(a)bytedance.com> --- block/blk-mq.c | 6 ++++++ block/blk-mq.h | 13 +++++++++++++ 2 files changed, 19 insertions(+) diff --git a/block/blk-mq.c b/block/blk-mq.c index ac39f2a346a52..48a6a437fba5e 100644 --- a/block/blk-mq.c +++ b/block/blk-mq.c @@ -2413,6 +2413,12 @@ void blk_mq_start_stopped_hw_queue(struct blk_mq_hw_ctx *hctx, bool async) return; clear_bit(BLK_MQ_S_STOPPED, &hctx->state); + /* + * Pairs with the smp_mb() in blk_mq_hctx_stopped() to order the + * clearing of BLK_MQ_S_STOPPED above and the checking of dispatch + * list in the subsequent routine. + */ + smp_mb__after_atomic(); blk_mq_run_hw_queue(hctx, async); } EXPORT_SYMBOL_GPL(blk_mq_start_stopped_hw_queue); diff --git a/block/blk-mq.h b/block/blk-mq.h index 260beea8e332c..f36f3bff70d86 100644 --- a/block/blk-mq.h +++ b/block/blk-mq.h @@ -228,6 +228,19 @@ static inline struct blk_mq_tags *blk_mq_tags_from_data(struct blk_mq_alloc_data static inline bool blk_mq_hctx_stopped(struct blk_mq_hw_ctx *hctx) { + /* Fast path: hardware queue is not stopped most of the time. */ + if (likely(!test_bit(BLK_MQ_S_STOPPED, &hctx->state))) + return false; + + /* + * This barrier is used to order adding of dispatch list before and + * the test of BLK_MQ_S_STOPPED below. Pairs with the memory barrier + * in blk_mq_start_stopped_hw_queue() so that dispatch code could + * either see BLK_MQ_S_STOPPED is cleared or dispatch list is not + * empty to avoid missing dispatching requests. + */ + smp_mb(); + return test_bit(BLK_MQ_S_STOPPED, &hctx->state); } -- 2.20.1

1 year, 3 months

4
3
0 0

[PATCH v2 1/3] block: fix missing dispatching request when queue is started or unquiesced

by Muchun Song

Supposing the following scenario with a virtio_blk driver. CPU0 CPU1 CPU2 blk_mq_try_issue_directly() __blk_mq_issue_directly() q->mq_ops->queue_rq() virtio_queue_rq() blk_mq_stop_hw_queue() blk_mq_try_issue_directly() virtblk_done() if (blk_mq_hctx_stopped()) blk_mq_request_bypass_insert() blk_mq_start_stopped_hw_queue() blk_mq_run_hw_queue() blk_mq_run_hw_queue() blk_mq_insert_request() return // Who is responsible for dispatching this IO request? After CPU0 has marked the queue as stopped, CPU1 will see the queue is stopped. But before CPU1 puts the request on the dispatch list, CPU2 receives the interrupt of completion of request, so it will run the hardware queue and marks the queue as non-stopped. Meanwhile, CPU1 also runs the same hardware queue. After both CPU1 and CPU2 complete blk_mq_run_hw_queue(), CPU1 just puts the request to the same hardware queue and returns. It misses dispatching a request. Fix it by running the hardware queue explicitly. And blk_mq_request_issue_directly() should handle a similar situation. Fix it as well. Fixes: d964f04a8fde8 ("blk-mq: fix direct issue") Cc: stable(a)vger.kernel.org Cc: Muchun Song <muchun.song(a)linux.dev> Signed-off-by: Muchun Song <songmuchun(a)bytedance.com> Reviewed-by: Ming Lei <ming.lei(a)redhat.com> --- block/blk-mq.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/block/blk-mq.c b/block/blk-mq.c index e3c3c0c21b553..b2d0f22de0c7f 100644 --- a/block/blk-mq.c +++ b/block/blk-mq.c @@ -2619,6 +2619,7 @@ static void blk_mq_try_issue_directly(struct blk_mq_hw_ctx *hctx, if (blk_mq_hctx_stopped(hctx) || blk_queue_quiesced(rq->q)) { blk_mq_insert_request(rq, 0); + blk_mq_run_hw_queue(hctx, false); return; } @@ -2649,6 +2650,7 @@ static blk_status_t blk_mq_request_issue_directly(struct request *rq, bool last) if (blk_mq_hctx_stopped(hctx) || blk_queue_quiesced(rq->q)) { blk_mq_insert_request(rq, 0); + blk_mq_run_hw_queue(hctx, false); return BLK_STS_OK; } -- 2.20.1

1 year, 3 months

3
2
0 0

[PATCH 4.19 00/96] 4.19.322-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.19.322 release. There are 96 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 12 Sep 2024 09:25:22 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.322-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.19.322-rc1 Li RongQing <lirongqing(a)baidu.com> netns: restore ops before calling ops_exit_list Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> net: bridge: explicitly zero is_sticky in fdb_create Zhang Changzhong <zhangchangzhong(a)huawei.com> cx82310_eth: fix error return code in cx82310_bind() Daniel Borkmann <daniel(a)iogearbox.net> net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket Roland Xu <mu001999(a)outlook.com> rtmutex: Drop rt_mutex::wait_lock before scheduling Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/i915/fence: Mark debug_fence_free() with __maybe_unused Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused Jonathan Cameron <Jonathan.Cameron(a)huawei.com> ACPI: processor: Fix memory leaks in error paths of processor_add() Jonathan Cameron <Jonathan.Cameron(a)huawei.com> ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() Eric Dumazet <edumazet(a)google.com> ila: call nf_unregister_net_hooks() sooner Eric Dumazet <edumazet(a)google.com> netns: add pre_exit method to struct pernet_operations Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: protect references to superblock parameters exposed in sysfs Qing Wang <wangqing(a)vivo.com> nilfs2: replace snprintf in show functions with sysfs_emit Zheng Yejian <zhengyejian(a)huaweicloud.com> tracing: Avoid possible softlockup in tracing_iter_reset() Steven Rostedt (VMware) <rostedt(a)goodmis.org> ring-buffer: Rename ring_buffer_read() to read_buffer_iter_advance() Sven Schnelle <svens(a)linux.ibm.com> uprobes: Use kzalloc to allocate xol area Jacky Bai <ping.bai(a)nxp.com> clocksource/drivers/imx-tpm: Fix next event not taking effect sometime Jacky Bai <ping.bai(a)nxp.com> clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX David Fernandez Gonzalez <david.fernandez.gonzalez(a)oracle.com> VMCI: Fix use-after-free when removing resource in vmci_resource_remove() Naman Jain <namjain(a)linux.microsoft.com> Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic Saurabh Sengar <ssengar(a)linux.microsoft.com> uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind Geert Uytterhoeven <geert+renesas(a)glider.be> nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc Matteo Martelli <matteomartelli3(a)gmail.com> iio: fix scale application in iio_convert_raw_to_processed_unlocked David Lechner <dlechner(a)baylibre.com> iio: buffer-dmaengine: fix releasing dma channel on error Michael Ellerman <mpe(a)ellerman.id.au> ata: pata_macio: Use WARN instead of BUG Stefan Wiehler <stefan.wiehler(a)nokia.com> of/irq: Prevent device address out-of-bounds read in interrupt map walk Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: sanity check symbolic link size Oliver Neukum <oneukum(a)suse.com> usbnet: ipheth: race between ipheth_close and error handling Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: uinput - reject requests with unreasonable number of slots Camila Alvarez <cam.alvarez.i(a)gmail.com> HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup David Sterba <dsterba(a)suse.com> btrfs: initialize location to fix -Wmaybe-uninitialized in btrfs_lookup_dentry() Dan Williams <dan.j.williams(a)intel.com> PCI: Add missing bridge lock to pci_bus_lock() Josef Bacik <josef(a)toxicpanda.com> btrfs: clean up our handling of refs == 0 in snapshot delete Josef Bacik <josef(a)toxicpanda.com> btrfs: replace BUG_ON with ASSERT in walk_down_proc() Zqiang <qiang.zhang1211(a)gmail.com> smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu() Sascha Hauer <s.hauer(a)pengutronix.de> wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() Guenter Roeck <linux(a)roeck-us.net> hwmon: (w83627ehf) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (nct6775-core) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (lm95234) Fix underflows seen when writing limit attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (adc128d818) Fix underflows seen when writing limit attributes Krishna Kumar <krishnak(a)linux.ibm.com> pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv Zijun Hu <quic_zijuhu(a)quicinc.com> devres: Initialize an uninitialized struct member Johannes Berg <johannes.berg(a)intel.com> um: line: always fill *error_out in setup_one_line() Waiman Long <longman(a)redhat.com> cgroup: Protect css->cgroup write under css_set_lock Jacob Pan <jacob.jun.pan(a)linux.intel.com> iommu/vt-d: Handle volatile descriptor status read Pawel Dembicki <paweldembicki(a)gmail.com> net: dsa: vsc73xx: fix possible subblocks range of CAPT block Jonas Gorski <jonas.gorski(a)bisdn.de> net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> net: bridge: fdb: convert added_by_external_learn to use bitops Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> net: bridge: fdb: convert added_by_user to bitops Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> net: bridge: fdb: convert is_sticky to bitops Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> net: bridge: fdb: convert is_static to bitops Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> net: bridge: fdb: convert is_local to bitops Ido Schimmel <idosch(a)mellanox.com> bridge: switchdev: Allow clearing FDB entry offload indication Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> net: bridge: add support for sticky fdb entries Richard Guy Briggs <rgb(a)redhat.com> rfkill: fix spelling mistake contidion to condition Oliver Neukum <oneukum(a)suse.com> usbnet: modern method to get random MAC Jakub Kicinski <kuba(a)kernel.org> net: usb: don't write directly to netdev->dev_addr Len Baker <len.baker(a)gmx.com> drivers/net/usb: Remove all strcpy() uses Ondrej Zary <linux(a)zary.sk> cx82310_eth: re-enable ethernet mode after router reboot Aleksandr Mishin <amishin(a)t-argos.ru> platform/x86: dell-smbios: Fix error path in dell_smbios_init() Daiwei Li <daiweili(a)google.com> igb: Fix not clearing TimeSync interrupts for 82580 Kuniyuki Iwashima <kuniyu(a)amazon.com> can: bcm: Remove proc entry when dev is unregistered. Jules Irenge <jbi.octave(a)gmail.com> pcmcia: Use resource_size function on resource object Chen Ni <nichen(a)iscas.ac.cn> media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse Arend van Spriel <arend.vanspriel(a)broadcom.com> wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 Jan Kara <jack(a)suse.cz> udf: Avoid excessive partition lengths Yunjian Wang <wangyunjian(a)huawei.com> netfilter: nf_conncount: fix wrong variable type Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Remove put_pid()/put_cred() in copy_peercred(). Pali Rohár <pali(a)kernel.org> irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1 Konstantin Andreev <andreev(a)swemel.ru> smack: unix sockets: fix accept()ed socket label Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Add input value sanity checks to HDMI channel map controls Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix state management in error path of log writing function Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix missing cleanup on rollforward recovery error Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> clk: qcom: clk-alpha-pll: Fix the pll post div mask Jann Horn <jannh(a)google.com> fuse: use unsigned type for getxattr/listxattr size truncation Sam Protsenko <semen.protsenko(a)linaro.org> mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K Zheng Qixing <zhengqixing(a)huawei.com> ata: libata: Fix memory leak for error path in ata_host_alloc() Christoffer Sandberg <cs(a)tuxedo.de> ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices Stephen Hemminger <stephen(a)networkplumber.org> sch/netem: fix use after free in netem_dequeue Hillf Danton <hdanton(a)sina.com> ALSA: usb-audio: Fix gpf in snd_usb_pipe_sanity_check Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Sanity checks for each pipe and EP types Jan Kara <jack(a)suse.cz> udf: Limit file size to 4TB Breno Leitao <leitao(a)debian.org> virtio_net: Fix napi_skb_cache_put warning Christoph Hellwig <hch(a)lst.de> block: initialize integrity buffer to zero before writing it to media Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Enforce alignment of frame and interval Casey Schaufler <casey(a)schaufler-ca.com> smack: tcp: ipv4, fix incorrect labeling Simon Holesch <simon(a)holesch.de> usbip: Don't submit special requests twice Leesoo Ahn <lsahn(a)ooseel.net> apparmor: fix possible NULL pointer dereference Michael Chen <michael.chen(a)amd.com> drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix mc_data out-of-bounds read warning Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix ucode out-of-bounds read warning Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix overflowed array index read warning Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> usb: dwc3: st: add missing depopulate in probe error path Nishka Dasgupta <nishkadg.linux(a)gmail.com> usb: dwc3: st: Add of_node_put() before return in probe function ZHANG Yuntian <yt(a)radxa.com> net: usb: qmi_wwan: add MeiG Smart SRM825L ------------- Diffstat: Makefile | 4 +- arch/um/drivers/line.c | 2 + block/bio-integrity.c | 11 +- drivers/acpi/acpi_processor.c | 15 +-- drivers/ata/libata-core.c | 4 +- drivers/ata/pata_macio.c | 7 +- drivers/base/devres.c | 1 + drivers/clk/qcom/clk-alpha-pll.c | 2 +- drivers/clocksource/timer-imx-tpm.c | 16 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_afmt.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_atombios.c | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_crat.h | 2 - drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_topology.h | 5 +- drivers/gpu/drm/i915/i915_sw_fence.c | 8 +- drivers/hid/hid-cougar.c | 2 +- drivers/hv/vmbus_drv.c | 1 + drivers/hwmon/adc128d818.c | 4 +- drivers/hwmon/lm95234.c | 9 +- drivers/hwmon/nct6775.c | 2 +- drivers/hwmon/w83627ehf.c | 4 +- drivers/iio/buffer/industrialio-buffer-dmaengine.c | 4 +- drivers/iio/inkern.c | 8 +- drivers/input/misc/uinput.c | 14 +++ drivers/iommu/dmar.c | 2 +- drivers/irqchip/irq-armada-370-xp.c | 4 + drivers/media/platform/qcom/camss/camss.c | 5 +- drivers/media/usb/uvc/uvc_driver.c | 18 ++- drivers/misc/vmw_vmci/vmci_resource.c | 3 +- drivers/mmc/host/dw_mmc.c | 4 +- drivers/net/dsa/vitesse-vsc73xx.c | 10 +- drivers/net/ethernet/intel/igb/igb_main.c | 10 ++ .../ethernet/mellanox/mlxsw/spectrum_switchdev.c | 9 +- drivers/net/ethernet/rocker/rocker_main.c | 1 + drivers/net/usb/ch9200.c | 4 +- drivers/net/usb/cx82310_eth.c | 56 +++++++-- drivers/net/usb/ipheth.c | 4 +- drivers/net/usb/kaweth.c | 3 +- drivers/net/usb/mcs7830.c | 4 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/usb/sierra_net.c | 6 +- drivers/net/usb/sr9700.c | 4 +- drivers/net/usb/sr9800.c | 5 +- drivers/net/usb/usbnet.c | 23 ++-- drivers/net/virtio_net.c | 8 +- .../broadcom/brcm80211/brcmsmac/mac80211_if.c | 1 + drivers/net/wireless/marvell/mwifiex/main.h | 3 + drivers/nvmem/core.c | 6 +- drivers/of/irq.c | 15 ++- drivers/pci/hotplug/pnv_php.c | 3 +- drivers/pci/pci.c | 35 +++--- drivers/pcmcia/yenta_socket.c | 6 +- drivers/platform/x86/dell-smbios-base.c | 5 +- drivers/uio/uio_hv_generic.c | 11 +- drivers/usb/dwc3/dwc3-st.c | 12 +- drivers/usb/usbip/stub_rx.c | 77 +++++++----- fs/btrfs/extent-tree.c | 32 +++-- fs/btrfs/inode.c | 2 +- fs/fuse/xattr.c | 4 +- fs/nilfs2/recovery.c | 35 +++++- fs/nilfs2/segment.c | 10 +- fs/nilfs2/sysfs.c | 117 +++++++++++-------- fs/squashfs/inode.c | 7 +- fs/udf/super.c | 24 +++- include/linux/ring_buffer.h | 3 +- include/net/net_namespace.h | 5 + include/net/switchdev.h | 3 +- include/uapi/linux/neighbour.h | 1 + kernel/cgroup/cgroup.c | 2 +- kernel/events/uprobes.c | 3 +- kernel/locking/rtmutex.c | 4 +- kernel/smp.c | 1 + kernel/trace/ring_buffer.c | 23 +--- kernel/trace/trace.c | 6 +- kernel/trace/trace_functions_graph.c | 2 +- net/bridge/br.c | 4 +- net/bridge/br_fdb.c | 129 ++++++++++++--------- net/bridge/br_input.c | 2 +- net/bridge/br_private.h | 18 ++- net/bridge/br_switchdev.c | 11 +- net/can/bcm.c | 4 + net/core/net_namespace.c | 28 +++++ net/dsa/slave.c | 1 + net/ipv6/ila/ila.h | 1 + net/ipv6/ila/ila_main.c | 6 + net/ipv6/ila/ila_xlat.c | 13 ++- net/netfilter/nf_conncount.c | 8 +- net/rfkill/core.c | 4 +- net/sched/sch_netem.c | 9 +- net/sunrpc/xprtsock.c | 7 ++ net/unix/af_unix.c | 9 +- security/apparmor/apparmorfs.c | 4 + security/smack/smack_lsm.c | 14 ++- sound/hda/hdmi_chmap.c | 18 +++ sound/pci/hda/patch_conexant.c | 11 ++ sound/usb/helper.c | 17 +++ sound/usb/helper.h | 1 + sound/usb/quirks.c | 14 ++- 100 files changed, 768 insertions(+), 344 deletions(-)

1 year, 3 months

2
97
0 0

[PATCH v3] KVM: arm64: Add memory length checks and remove inline in do_ffa_mem_xfer

by Snehal Koukuntla

When we share memory through FF-A and the description of the buffers exceeds the size of the mapped buffer, the fragmentation API is used. The fragmentation API allows specifying chunks of descriptors in subsequent FF-A fragment calls and no upper limit has been established for this. The entire memory region transferred is identified by a handle which can be used to reclaim the transferred memory. To be able to reclaim the memory, the description of the buffers has to fit in the ffa_desc_buf. Add a bounds check on the FF-A sharing path to prevent the memory reclaim from failing. Also do_ffa_mem_xfer() does not need __always_inline Fixes: 634d90cf0ac65 ("KVM: arm64: Handle FFA_MEM_LEND calls from the host") Cc: stable(a)vger.kernel.org Reviewed-by: Sebastian Ene <sebastianene(a)google.com> Signed-off-by: Snehal Koukuntla <snehalreddy(a)google.com> --- arch/arm64/kvm/hyp/nvhe/ffa.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/arch/arm64/kvm/hyp/nvhe/ffa.c b/arch/arm64/kvm/hyp/nvhe/ffa.c index e715c157c2c4..637425f63fd1 100644 --- a/arch/arm64/kvm/hyp/nvhe/ffa.c +++ b/arch/arm64/kvm/hyp/nvhe/ffa.c @@ -426,7 +426,7 @@ static void do_ffa_mem_frag_tx(struct arm_smccc_res *res, return; } -static __always_inline void do_ffa_mem_xfer(const u64 func_id, +static void do_ffa_mem_xfer(const u64 func_id, struct arm_smccc_res *res, struct kvm_cpu_context *ctxt) { @@ -461,6 +461,11 @@ static __always_inline void do_ffa_mem_xfer(const u64 func_id, goto out_unlock; } + if (len > ffa_desc_buf.len) { + ret = FFA_RET_NO_MEMORY; + goto out_unlock; + } + buf = hyp_buffers.tx; memcpy(buf, host_buffers.tx, fraglen); -- 2.46.0.598.g6f2099f65c-goog

1 year, 3 months

4
7
0 0

[PATCH 0/2] arm64: KVM: prevent overflow in inject_abt64

by Anastasia Belova

Add explicit casting to prevent expantion of 32th bit of u32 into highest half of u64. Found by Linux Verification Center (linuxtesting.org) with SVACE.

1 year, 3 months

4
10
0 0

[PATCH 6.6] membarrier: riscv: Add full memory barrier in switch_mm()

by WangYuli

From: Andrea Parri <parri.andrea(a)gmail.com> [ Upstream commit d6cfd1770f20392d7009ae1fdb04733794514fa9 ] The membarrier system call requires a full memory barrier after storing to rq->curr, before going back to user-space. The barrier is only needed when switching between processes: the barrier is implied by mmdrop() when switching from kernel to userspace, and it's not needed when switching from userspace to kernel. Rely on the feature/mechanism ARCH_HAS_MEMBARRIER_CALLBACKS and on the primitive membarrier_arch_switch_mm(), already adopted by the PowerPC architecture, to insert the required barrier. Fixes: fab957c11efe2f ("RISC-V: Atomic and Locking Code") Signed-off-by: Andrea Parri <parri.andrea(a)gmail.com> Reviewed-by: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Link: https://lore.kernel.org/r/20240131144936.29190-2-parri.andrea@gmail.com Signed-off-by: Palmer Dabbelt <palmer(a)rivosinc.com> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> --- MAINTAINERS | 2 +- arch/riscv/Kconfig | 1 + arch/riscv/include/asm/membarrier.h | 31 +++++++++++++++++++++++++++++ arch/riscv/mm/context.c | 2 ++ kernel/sched/core.c | 5 +++-- 5 files changed, 38 insertions(+), 3 deletions(-) create mode 100644 arch/riscv/include/asm/membarrier.h diff --git a/MAINTAINERS b/MAINTAINERS index f09415b2b3c5..ae4c0cec5073 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -13702,7 +13702,7 @@ M: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> M: "Paul E. McKenney" <paulmck(a)kernel.org> L: linux-kernel(a)vger.kernel.org S: Supported -F: arch/powerpc/include/asm/membarrier.h +F: arch/*/include/asm/membarrier.h F: include/uapi/linux/membarrier.h F: kernel/sched/membarrier.c diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig index c785a0200573..1df4afccc381 100644 --- a/arch/riscv/Kconfig +++ b/arch/riscv/Kconfig @@ -27,6 +27,7 @@ config RISCV select ARCH_HAS_GCOV_PROFILE_ALL select ARCH_HAS_GIGANTIC_PAGE select ARCH_HAS_KCOV + select ARCH_HAS_MEMBARRIER_CALLBACKS select ARCH_HAS_MMIOWB select ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE select ARCH_HAS_PMEM_API diff --git a/arch/riscv/include/asm/membarrier.h b/arch/riscv/include/asm/membarrier.h new file mode 100644 index 000000000000..6c016ebb5020 --- /dev/null +++ b/arch/riscv/include/asm/membarrier.h @@ -0,0 +1,31 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +#ifndef _ASM_RISCV_MEMBARRIER_H +#define _ASM_RISCV_MEMBARRIER_H + +static inline void membarrier_arch_switch_mm(struct mm_struct *prev, + struct mm_struct *next, + struct task_struct *tsk) +{ + /* + * Only need the full barrier when switching between processes. + * Barrier when switching from kernel to userspace is not + * required here, given that it is implied by mmdrop(). Barrier + * when switching from userspace to kernel is not needed after + * store to rq->curr. + */ + if (IS_ENABLED(CONFIG_SMP) && + likely(!(atomic_read(&next->membarrier_state) & + (MEMBARRIER_STATE_PRIVATE_EXPEDITED | + MEMBARRIER_STATE_GLOBAL_EXPEDITED)) || !prev)) + return; + + /* + * The membarrier system call requires a full memory barrier + * after storing to rq->curr, before going back to user-space. + * Matches a full barrier in the proximity of the membarrier + * system call entry. + */ + smp_mb(); +} + +#endif /* _ASM_RISCV_MEMBARRIER_H */ diff --git a/arch/riscv/mm/context.c b/arch/riscv/mm/context.c index 217fd4de6134..ba8eb3944687 100644 --- a/arch/riscv/mm/context.c +++ b/arch/riscv/mm/context.c @@ -323,6 +323,8 @@ void switch_mm(struct mm_struct *prev, struct mm_struct *next, if (unlikely(prev == next)) return; + membarrier_arch_switch_mm(prev, next, task); + /* * Mark the current MM context as inactive, and the next as * active. This is at least used by the icache flushing diff --git a/kernel/sched/core.c b/kernel/sched/core.c index 97571d390f18..9b406d988654 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -6679,8 +6679,9 @@ static void __sched notrace __schedule(unsigned int sched_mode) * * Here are the schemes providing that barrier on the * various architectures: - * - mm ? switch_mm() : mmdrop() for x86, s390, sparc, PowerPC. - * switch_mm() rely on membarrier_arch_switch_mm() on PowerPC. + * - mm ? switch_mm() : mmdrop() for x86, s390, sparc, PowerPC, + * RISC-V. switch_mm() relies on membarrier_arch_switch_mm() + * on PowerPC and on RISC-V. * - finish_lock_switch() for weakly-ordered * architectures where spin_unlock is a full barrier, * - switch_to() for arm64 (weakly-ordered, spin_unlock -- 2.43.4

1 year, 3 months

3
6
0 0

[PATCH AUTOSEL 4.19 1/2] ASoC: tda7419: fix module autoloading

by Sasha Levin

From: Liao Chen <liaochen4(a)huawei.com> [ Upstream commit 934b44589da9aa300201a00fe139c5c54f421563 ] Add MODULE_DEVICE_TABLE(), so modules could be properly autoloaded based on the alias from of_device_id table. Signed-off-by: Liao Chen <liaochen4(a)huawei.com> Link: https://patch.msgid.link/20240826084924.368387-4-liaochen4@huawei.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/soc/codecs/tda7419.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sound/soc/codecs/tda7419.c b/sound/soc/codecs/tda7419.c index 7f3b79c5a563..a3fc9b7fefd8 100644 --- a/sound/soc/codecs/tda7419.c +++ b/sound/soc/codecs/tda7419.c @@ -637,6 +637,7 @@ static const struct of_device_id tda7419_of_match[] = { { .compatible = "st,tda7419" }, { }, }; +MODULE_DEVICE_TABLE(of, tda7419_of_match); static struct i2c_driver tda7419_driver = { .driver = { -- 2.43.0

1 year, 3 months

1
1
0 0

[PATCH AUTOSEL 5.4 1/3] ASoC: tda7419: fix module autoloading

by Sasha Levin

From: Liao Chen <liaochen4(a)huawei.com> [ Upstream commit 934b44589da9aa300201a00fe139c5c54f421563 ] Add MODULE_DEVICE_TABLE(), so modules could be properly autoloaded based on the alias from of_device_id table. Signed-off-by: Liao Chen <liaochen4(a)huawei.com> Link: https://patch.msgid.link/20240826084924.368387-4-liaochen4@huawei.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/soc/codecs/tda7419.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sound/soc/codecs/tda7419.c b/sound/soc/codecs/tda7419.c index 2bf4f5e8af27..9d8753b28e36 100644 --- a/sound/soc/codecs/tda7419.c +++ b/sound/soc/codecs/tda7419.c @@ -629,6 +629,7 @@ static const struct of_device_id tda7419_of_match[] = { { .compatible = "st,tda7419" }, { }, }; +MODULE_DEVICE_TABLE(of, tda7419_of_match); static struct i2c_driver tda7419_driver = { .driver = { -- 2.43.0

1 year, 3 months

1
2
0 0

[PATCH AUTOSEL 5.10 1/4] ASoC: intel: fix module autoloading

by Sasha Levin

From: Liao Chen <liaochen4(a)huawei.com> [ Upstream commit ae61a3391088d29aa8605c9f2db84295ab993a49 ] Add MODULE_DEVICE_TABLE(), so modules could be properly autoloaded based on the alias from of_device_id table. Signed-off-by: Liao Chen <liaochen4(a)huawei.com> Link: https://patch.msgid.link/20240826084924.368387-2-liaochen4@huawei.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/soc/intel/keembay/kmb_platform.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sound/soc/intel/keembay/kmb_platform.c b/sound/soc/intel/keembay/kmb_platform.c index 291a686568c2..c7b754034d24 100644 --- a/sound/soc/intel/keembay/kmb_platform.c +++ b/sound/soc/intel/keembay/kmb_platform.c @@ -634,6 +634,7 @@ static const struct of_device_id kmb_plat_of_match[] = { { .compatible = "intel,keembay-tdm", .data = &intel_kmb_tdm_dai}, {} }; +MODULE_DEVICE_TABLE(of, kmb_plat_of_match); static int kmb_plat_dai_probe(struct platform_device *pdev) { -- 2.43.0

1 year, 3 months

1
3
0 0

[PATCH AUTOSEL 5.15 1/5] ASoC: intel: fix module autoloading

by Sasha Levin

From: Liao Chen <liaochen4(a)huawei.com> [ Upstream commit ae61a3391088d29aa8605c9f2db84295ab993a49 ] Add MODULE_DEVICE_TABLE(), so modules could be properly autoloaded based on the alias from of_device_id table. Signed-off-by: Liao Chen <liaochen4(a)huawei.com> Link: https://patch.msgid.link/20240826084924.368387-2-liaochen4@huawei.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/soc/intel/keembay/kmb_platform.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sound/soc/intel/keembay/kmb_platform.c b/sound/soc/intel/keembay/kmb_platform.c index a6fb74ba1c42..86a4c32686e7 100644 --- a/sound/soc/intel/keembay/kmb_platform.c +++ b/sound/soc/intel/keembay/kmb_platform.c @@ -815,6 +815,7 @@ static const struct of_device_id kmb_plat_of_match[] = { { .compatible = "intel,keembay-tdm", .data = &intel_kmb_tdm_dai}, {} }; +MODULE_DEVICE_TABLE(of, kmb_plat_of_match); static int kmb_plat_dai_probe(struct platform_device *pdev) { -- 2.43.0

1 year, 3 months

1
4
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror