- Linux-stable-mirror - lists.linaro.org

[folded-merged] ocfs2-fix-null-pointer-dereference-in-ocfs2_abort_trigger-v2.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: ocfs2: fix NULL pointer dereference in ocfs2_abort_trigger() has been removed from the -mm tree. Its filename was ocfs2-fix-null-pointer-dereference-in-ocfs2_abort_trigger-v2.patch This patch was dropped because it was folded into ocfs2-fix-null-pointer-dereference-in-ocfs2_abort_trigger.patch ------------------------------------------------------ From: Joseph Qi <joseph.qi(a)linux.alibaba.com> Subject: ocfs2: fix NULL pointer dereference in ocfs2_abort_trigger() Date: Sun, 2 Jun 2024 19:20:45 +0800 Link: https://lkml.kernel.org/r/20240602112045.1112708-1-joseph.qi@linux.alibaba.… Fixes: 8887b94d9322 ("ocfs2: stop using bdev->bd_super for journal error logging") Signed-off-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Reviewed-by: Heming Zhao <heming.zhao(a)suse.com> Cc: <stable(a)vger.kernel.org> [6.6+] Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Gang He <ghe(a)suse.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Jun Piao <piaojun(a)huawei.com> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Mark Fasheh <mark(a)fasheh.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/journal.c | 111 +++++++++++++++++-------------------------- fs/ocfs2/ocfs2.h | 27 ++++++++++ fs/ocfs2/super.c | 4 + 3 files changed, 74 insertions(+), 68 deletions(-) --- a/fs/ocfs2/journal.c~ocfs2-fix-null-pointer-dereference-in-ocfs2_abort_trigger-v2 +++ a/fs/ocfs2/journal.c @@ -479,28 +479,6 @@ bail: return status; } - -struct ocfs2_triggers { - struct jbd2_buffer_trigger_type ot_triggers; - int ot_offset; - struct super_block *sb; -}; - -enum ocfs2_journal_trigger_type { - OCFS2_JTR_DI, - OCFS2_JTR_EB, - OCFS2_JTR_RB, - OCFS2_JTR_GD, - OCFS2_JTR_DB, - OCFS2_JTR_XB, - OCFS2_JTR_DQ, - OCFS2_JTR_DR, - OCFS2_JTR_DL, - OCFS2_JTR_NONE /* This must be the last entry */ -}; - -#define OCFS2_JOURNAL_TRIGGER_COUNT OCFS2_JTR_NONE - static inline struct ocfs2_triggers *to_ocfs2_trigger(struct jbd2_buffer_trigger_type *triggers) { return container_of(triggers, struct ocfs2_triggers, ot_triggers); @@ -626,6 +604,15 @@ static void ocfs2_setup_csum_triggers(st ot->sb = sb; } +void ocfs2_initialize_journal_triggers(struct super_block *sb, + struct ocfs2_triggers triggers[]) +{ + enum ocfs2_journal_trigger_type type; + + for (type = OCFS2_JTR_DI; type < OCFS2_JOURNAL_TRIGGER_COUNT; type++) + ocfs2_setup_csum_triggers(sb, type, &triggers[type]); +} + static int __ocfs2_journal_access(handle_t *handle, struct ocfs2_caching_info *ci, struct buffer_head *bh, @@ -706,101 +693,91 @@ static int __ocfs2_journal_access(handle int ocfs2_journal_access_di(handle_t *handle, struct ocfs2_caching_info *ci, struct buffer_head *bh, int type) { - struct ocfs2_triggers di_triggers; + struct ocfs2_super *osb = OCFS2_SB(ocfs2_metadata_cache_get_super(ci)); - ocfs2_setup_csum_triggers(ocfs2_metadata_cache_get_super(ci), - OCFS2_JTR_DI, &di_triggers); - - return __ocfs2_journal_access(handle, ci, bh, &di_triggers, type); + return __ocfs2_journal_access(handle, ci, bh, + &osb->s_journal_triggers[OCFS2_JTR_DI], + type); } int ocfs2_journal_access_eb(handle_t *handle, struct ocfs2_caching_info *ci, struct buffer_head *bh, int type) { - struct ocfs2_triggers eb_triggers; + struct ocfs2_super *osb = OCFS2_SB(ocfs2_metadata_cache_get_super(ci)); - ocfs2_setup_csum_triggers(ocfs2_metadata_cache_get_super(ci), - OCFS2_JTR_EB, &eb_triggers); - - return __ocfs2_journal_access(handle, ci, bh, &eb_triggers, type); + return __ocfs2_journal_access(handle, ci, bh, + &osb->s_journal_triggers[OCFS2_JTR_EB], + type); } int ocfs2_journal_access_rb(handle_t *handle, struct ocfs2_caching_info *ci, struct buffer_head *bh, int type) { - struct ocfs2_triggers rb_triggers; - - ocfs2_setup_csum_triggers(ocfs2_metadata_cache_get_super(ci), - OCFS2_JTR_RB, &rb_triggers); + struct ocfs2_super *osb = OCFS2_SB(ocfs2_metadata_cache_get_super(ci)); - return __ocfs2_journal_access(handle, ci, bh, &rb_triggers, + return __ocfs2_journal_access(handle, ci, bh, + &osb->s_journal_triggers[OCFS2_JTR_RB], type); } int ocfs2_journal_access_gd(handle_t *handle, struct ocfs2_caching_info *ci, struct buffer_head *bh, int type) { - struct ocfs2_triggers gd_triggers; + struct ocfs2_super *osb = OCFS2_SB(ocfs2_metadata_cache_get_super(ci)); - ocfs2_setup_csum_triggers(ocfs2_metadata_cache_get_super(ci), - OCFS2_JTR_GD, &gd_triggers); - - return __ocfs2_journal_access(handle, ci, bh, &gd_triggers, type); + return __ocfs2_journal_access(handle, ci, bh, + &osb->s_journal_triggers[OCFS2_JTR_GD], + type); } int ocfs2_journal_access_db(handle_t *handle, struct ocfs2_caching_info *ci, struct buffer_head *bh, int type) { - struct ocfs2_triggers db_triggers; - - ocfs2_setup_csum_triggers(ocfs2_metadata_cache_get_super(ci), - OCFS2_JTR_DB, &db_triggers); + struct ocfs2_super *osb = OCFS2_SB(ocfs2_metadata_cache_get_super(ci)); - return __ocfs2_journal_access(handle, ci, bh, &db_triggers, type); + return __ocfs2_journal_access(handle, ci, bh, + &osb->s_journal_triggers[OCFS2_JTR_DB], + type); } int ocfs2_journal_access_xb(handle_t *handle, struct ocfs2_caching_info *ci, struct buffer_head *bh, int type) { - struct ocfs2_triggers xb_triggers; + struct ocfs2_super *osb = OCFS2_SB(ocfs2_metadata_cache_get_super(ci)); - ocfs2_setup_csum_triggers(ocfs2_metadata_cache_get_super(ci), - OCFS2_JTR_XB, &xb_triggers); - - return __ocfs2_journal_access(handle, ci, bh, &xb_triggers, type); + return __ocfs2_journal_access(handle, ci, bh, + &osb->s_journal_triggers[OCFS2_JTR_XB], + type); } int ocfs2_journal_access_dq(handle_t *handle, struct ocfs2_caching_info *ci, struct buffer_head *bh, int type) { - struct ocfs2_triggers dq_triggers; - - ocfs2_setup_csum_triggers(ocfs2_metadata_cache_get_super(ci), - OCFS2_JTR_DQ, &dq_triggers); + struct ocfs2_super *osb = OCFS2_SB(ocfs2_metadata_cache_get_super(ci)); - return __ocfs2_journal_access(handle, ci, bh, &dq_triggers, type); + return __ocfs2_journal_access(handle, ci, bh, + &osb->s_journal_triggers[OCFS2_JTR_DQ], + type); } int ocfs2_journal_access_dr(handle_t *handle, struct ocfs2_caching_info *ci, struct buffer_head *bh, int type) { - struct ocfs2_triggers dr_triggers; + struct ocfs2_super *osb = OCFS2_SB(ocfs2_metadata_cache_get_super(ci)); - ocfs2_setup_csum_triggers(ocfs2_metadata_cache_get_super(ci), - OCFS2_JTR_DR, &dr_triggers); - - return __ocfs2_journal_access(handle, ci, bh, &dr_triggers, type); + return __ocfs2_journal_access(handle, ci, bh, + &osb->s_journal_triggers[OCFS2_JTR_DR], + type); } int ocfs2_journal_access_dl(handle_t *handle, struct ocfs2_caching_info *ci, struct buffer_head *bh, int type) { - struct ocfs2_triggers dl_triggers; - - ocfs2_setup_csum_triggers(ocfs2_metadata_cache_get_super(ci), - OCFS2_JTR_DL, &dl_triggers); + struct ocfs2_super *osb = OCFS2_SB(ocfs2_metadata_cache_get_super(ci)); - return __ocfs2_journal_access(handle, ci, bh, &dl_triggers, type); + return __ocfs2_journal_access(handle, ci, bh, + &osb->s_journal_triggers[OCFS2_JTR_DL], + type); } int ocfs2_journal_access(handle_t *handle, struct ocfs2_caching_info *ci, --- a/fs/ocfs2/ocfs2.h~ocfs2-fix-null-pointer-dereference-in-ocfs2_abort_trigger-v2 +++ a/fs/ocfs2/ocfs2.h @@ -284,6 +284,30 @@ enum ocfs2_mount_options #define OCFS2_OSB_ERROR_FS 0x0004 #define OCFS2_DEFAULT_ATIME_QUANTUM 60 +struct ocfs2_triggers { + struct jbd2_buffer_trigger_type ot_triggers; + int ot_offset; + struct super_block *sb; +}; + +enum ocfs2_journal_trigger_type { + OCFS2_JTR_DI, + OCFS2_JTR_EB, + OCFS2_JTR_RB, + OCFS2_JTR_GD, + OCFS2_JTR_DB, + OCFS2_JTR_XB, + OCFS2_JTR_DQ, + OCFS2_JTR_DR, + OCFS2_JTR_DL, + OCFS2_JTR_NONE /* This must be the last entry */ +}; + +#define OCFS2_JOURNAL_TRIGGER_COUNT OCFS2_JTR_NONE + +void ocfs2_initialize_journal_triggers(struct super_block *sb, + struct ocfs2_triggers triggers[]); + struct ocfs2_journal; struct ocfs2_slot_info; struct ocfs2_recovery_map; @@ -351,6 +375,9 @@ struct ocfs2_super struct ocfs2_journal *journal; unsigned long osb_commit_interval; + /* Journal triggers for checksum */ + struct ocfs2_triggers s_journal_triggers[OCFS2_JOURNAL_TRIGGER_COUNT]; + struct delayed_work la_enable_wq; /* --- a/fs/ocfs2/super.c~ocfs2-fix-null-pointer-dereference-in-ocfs2_abort_trigger-v2 +++ a/fs/ocfs2/super.c @@ -1075,9 +1075,11 @@ static int ocfs2_fill_super(struct super debugfs_create_file("fs_state", S_IFREG|S_IRUSR, osb->osb_debug_root, osb, &ocfs2_osb_debug_fops); - if (ocfs2_meta_ecc(osb)) + if (ocfs2_meta_ecc(osb)) { + ocfs2_initialize_journal_triggers(sb, osb->s_journal_triggers); ocfs2_blockcheck_stats_debugfs_install( &osb->osb_ecc_stats, osb->osb_debug_root); + } status = ocfs2_mount_volume(sb); if (status < 0) _ Patches currently in -mm which might be from joseph.qi(a)linux.alibaba.com are ocfs2-fix-null-pointer-dereference-in-ocfs2_journal_dirty.patch ocfs2-fix-null-pointer-dereference-in-ocfs2_abort_trigger.patch

1 year, 3 months

1
0
0 0

+ ocfs2-fix-null-pointer-dereference-in-ocfs2_abort_trigger-v2.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: ocfs2: fix NULL pointer dereference in ocfs2_abort_trigger() has been added to the -mm mm-hotfixes-unstable branch. Its filename is ocfs2-fix-null-pointer-dereference-in-ocfs2_abort_trigger-v2.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Joseph Qi <joseph.qi(a)linux.alibaba.com> Subject: ocfs2: fix NULL pointer dereference in ocfs2_abort_trigger() Date: Sun, 2 Jun 2024 19:20:45 +0800 Link: https://lkml.kernel.org/r/20240602112045.1112708-1-joseph.qi@linux.alibaba.… Fixes: 8887b94d9322 ("ocfs2: stop using bdev->bd_super for journal error logging") Signed-off-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Reviewed-by: Heming Zhao <heming.zhao(a)suse.com> Cc: <stable(a)vger.kernel.org> [6.6+] Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Gang He <ghe(a)suse.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Jun Piao <piaojun(a)huawei.com> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Mark Fasheh <mark(a)fasheh.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/journal.c | 111 +++++++++++++++++-------------------------- fs/ocfs2/ocfs2.h | 27 ++++++++++ fs/ocfs2/super.c | 4 + 3 files changed, 74 insertions(+), 68 deletions(-) --- a/fs/ocfs2/journal.c~ocfs2-fix-null-pointer-dereference-in-ocfs2_abort_trigger-v2 +++ a/fs/ocfs2/journal.c @@ -479,28 +479,6 @@ bail: return status; } - -struct ocfs2_triggers { - struct jbd2_buffer_trigger_type ot_triggers; - int ot_offset; - struct super_block *sb; -}; - -enum ocfs2_journal_trigger_type { - OCFS2_JTR_DI, - OCFS2_JTR_EB, - OCFS2_JTR_RB, - OCFS2_JTR_GD, - OCFS2_JTR_DB, - OCFS2_JTR_XB, - OCFS2_JTR_DQ, - OCFS2_JTR_DR, - OCFS2_JTR_DL, - OCFS2_JTR_NONE /* This must be the last entry */ -}; - -#define OCFS2_JOURNAL_TRIGGER_COUNT OCFS2_JTR_NONE - static inline struct ocfs2_triggers *to_ocfs2_trigger(struct jbd2_buffer_trigger_type *triggers) { return container_of(triggers, struct ocfs2_triggers, ot_triggers); @@ -626,6 +604,15 @@ static void ocfs2_setup_csum_triggers(st ot->sb = sb; } +void ocfs2_initialize_journal_triggers(struct super_block *sb, + struct ocfs2_triggers triggers[]) +{ + enum ocfs2_journal_trigger_type type; + + for (type = OCFS2_JTR_DI; type < OCFS2_JOURNAL_TRIGGER_COUNT; type++) + ocfs2_setup_csum_triggers(sb, type, &triggers[type]); +} + static int __ocfs2_journal_access(handle_t *handle, struct ocfs2_caching_info *ci, struct buffer_head *bh, @@ -706,101 +693,91 @@ static int __ocfs2_journal_access(handle int ocfs2_journal_access_di(handle_t *handle, struct ocfs2_caching_info *ci, struct buffer_head *bh, int type) { - struct ocfs2_triggers di_triggers; + struct ocfs2_super *osb = OCFS2_SB(ocfs2_metadata_cache_get_super(ci)); - ocfs2_setup_csum_triggers(ocfs2_metadata_cache_get_super(ci), - OCFS2_JTR_DI, &di_triggers); - - return __ocfs2_journal_access(handle, ci, bh, &di_triggers, type); + return __ocfs2_journal_access(handle, ci, bh, + &osb->s_journal_triggers[OCFS2_JTR_DI], + type); } int ocfs2_journal_access_eb(handle_t *handle, struct ocfs2_caching_info *ci, struct buffer_head *bh, int type) { - struct ocfs2_triggers eb_triggers; + struct ocfs2_super *osb = OCFS2_SB(ocfs2_metadata_cache_get_super(ci)); - ocfs2_setup_csum_triggers(ocfs2_metadata_cache_get_super(ci), - OCFS2_JTR_EB, &eb_triggers); - - return __ocfs2_journal_access(handle, ci, bh, &eb_triggers, type); + return __ocfs2_journal_access(handle, ci, bh, + &osb->s_journal_triggers[OCFS2_JTR_EB], + type); } int ocfs2_journal_access_rb(handle_t *handle, struct ocfs2_caching_info *ci, struct buffer_head *bh, int type) { - struct ocfs2_triggers rb_triggers; - - ocfs2_setup_csum_triggers(ocfs2_metadata_cache_get_super(ci), - OCFS2_JTR_RB, &rb_triggers); + struct ocfs2_super *osb = OCFS2_SB(ocfs2_metadata_cache_get_super(ci)); - return __ocfs2_journal_access(handle, ci, bh, &rb_triggers, + return __ocfs2_journal_access(handle, ci, bh, + &osb->s_journal_triggers[OCFS2_JTR_RB], type); } int ocfs2_journal_access_gd(handle_t *handle, struct ocfs2_caching_info *ci, struct buffer_head *bh, int type) { - struct ocfs2_triggers gd_triggers; + struct ocfs2_super *osb = OCFS2_SB(ocfs2_metadata_cache_get_super(ci)); - ocfs2_setup_csum_triggers(ocfs2_metadata_cache_get_super(ci), - OCFS2_JTR_GD, &gd_triggers); - - return __ocfs2_journal_access(handle, ci, bh, &gd_triggers, type); + return __ocfs2_journal_access(handle, ci, bh, + &osb->s_journal_triggers[OCFS2_JTR_GD], + type); } int ocfs2_journal_access_db(handle_t *handle, struct ocfs2_caching_info *ci, struct buffer_head *bh, int type) { - struct ocfs2_triggers db_triggers; - - ocfs2_setup_csum_triggers(ocfs2_metadata_cache_get_super(ci), - OCFS2_JTR_DB, &db_triggers); + struct ocfs2_super *osb = OCFS2_SB(ocfs2_metadata_cache_get_super(ci)); - return __ocfs2_journal_access(handle, ci, bh, &db_triggers, type); + return __ocfs2_journal_access(handle, ci, bh, + &osb->s_journal_triggers[OCFS2_JTR_DB], + type); } int ocfs2_journal_access_xb(handle_t *handle, struct ocfs2_caching_info *ci, struct buffer_head *bh, int type) { - struct ocfs2_triggers xb_triggers; + struct ocfs2_super *osb = OCFS2_SB(ocfs2_metadata_cache_get_super(ci)); - ocfs2_setup_csum_triggers(ocfs2_metadata_cache_get_super(ci), - OCFS2_JTR_XB, &xb_triggers); - - return __ocfs2_journal_access(handle, ci, bh, &xb_triggers, type); + return __ocfs2_journal_access(handle, ci, bh, + &osb->s_journal_triggers[OCFS2_JTR_XB], + type); } int ocfs2_journal_access_dq(handle_t *handle, struct ocfs2_caching_info *ci, struct buffer_head *bh, int type) { - struct ocfs2_triggers dq_triggers; - - ocfs2_setup_csum_triggers(ocfs2_metadata_cache_get_super(ci), - OCFS2_JTR_DQ, &dq_triggers); + struct ocfs2_super *osb = OCFS2_SB(ocfs2_metadata_cache_get_super(ci)); - return __ocfs2_journal_access(handle, ci, bh, &dq_triggers, type); + return __ocfs2_journal_access(handle, ci, bh, + &osb->s_journal_triggers[OCFS2_JTR_DQ], + type); } int ocfs2_journal_access_dr(handle_t *handle, struct ocfs2_caching_info *ci, struct buffer_head *bh, int type) { - struct ocfs2_triggers dr_triggers; + struct ocfs2_super *osb = OCFS2_SB(ocfs2_metadata_cache_get_super(ci)); - ocfs2_setup_csum_triggers(ocfs2_metadata_cache_get_super(ci), - OCFS2_JTR_DR, &dr_triggers); - - return __ocfs2_journal_access(handle, ci, bh, &dr_triggers, type); + return __ocfs2_journal_access(handle, ci, bh, + &osb->s_journal_triggers[OCFS2_JTR_DR], + type); } int ocfs2_journal_access_dl(handle_t *handle, struct ocfs2_caching_info *ci, struct buffer_head *bh, int type) { - struct ocfs2_triggers dl_triggers; - - ocfs2_setup_csum_triggers(ocfs2_metadata_cache_get_super(ci), - OCFS2_JTR_DL, &dl_triggers); + struct ocfs2_super *osb = OCFS2_SB(ocfs2_metadata_cache_get_super(ci)); - return __ocfs2_journal_access(handle, ci, bh, &dl_triggers, type); + return __ocfs2_journal_access(handle, ci, bh, + &osb->s_journal_triggers[OCFS2_JTR_DL], + type); } int ocfs2_journal_access(handle_t *handle, struct ocfs2_caching_info *ci, --- a/fs/ocfs2/ocfs2.h~ocfs2-fix-null-pointer-dereference-in-ocfs2_abort_trigger-v2 +++ a/fs/ocfs2/ocfs2.h @@ -284,6 +284,30 @@ enum ocfs2_mount_options #define OCFS2_OSB_ERROR_FS 0x0004 #define OCFS2_DEFAULT_ATIME_QUANTUM 60 +struct ocfs2_triggers { + struct jbd2_buffer_trigger_type ot_triggers; + int ot_offset; + struct super_block *sb; +}; + +enum ocfs2_journal_trigger_type { + OCFS2_JTR_DI, + OCFS2_JTR_EB, + OCFS2_JTR_RB, + OCFS2_JTR_GD, + OCFS2_JTR_DB, + OCFS2_JTR_XB, + OCFS2_JTR_DQ, + OCFS2_JTR_DR, + OCFS2_JTR_DL, + OCFS2_JTR_NONE /* This must be the last entry */ +}; + +#define OCFS2_JOURNAL_TRIGGER_COUNT OCFS2_JTR_NONE + +void ocfs2_initialize_journal_triggers(struct super_block *sb, + struct ocfs2_triggers triggers[]); + struct ocfs2_journal; struct ocfs2_slot_info; struct ocfs2_recovery_map; @@ -351,6 +375,9 @@ struct ocfs2_super struct ocfs2_journal *journal; unsigned long osb_commit_interval; + /* Journal triggers for checksum */ + struct ocfs2_triggers s_journal_triggers[OCFS2_JOURNAL_TRIGGER_COUNT]; + struct delayed_work la_enable_wq; /* --- a/fs/ocfs2/super.c~ocfs2-fix-null-pointer-dereference-in-ocfs2_abort_trigger-v2 +++ a/fs/ocfs2/super.c @@ -1075,9 +1075,11 @@ static int ocfs2_fill_super(struct super debugfs_create_file("fs_state", S_IFREG|S_IRUSR, osb->osb_debug_root, osb, &ocfs2_osb_debug_fops); - if (ocfs2_meta_ecc(osb)) + if (ocfs2_meta_ecc(osb)) { + ocfs2_initialize_journal_triggers(sb, osb->s_journal_triggers); ocfs2_blockcheck_stats_debugfs_install( &osb->osb_ecc_stats, osb->osb_debug_root); + } status = ocfs2_mount_volume(sb); if (status < 0) _ Patches currently in -mm which might be from joseph.qi(a)linux.alibaba.com are ocfs2-fix-null-pointer-dereference-in-ocfs2_journal_dirty.patch ocfs2-fix-null-pointer-dereference-in-ocfs2_abort_trigger.patch ocfs2-fix-null-pointer-dereference-in-ocfs2_abort_trigger-v2.patch

1 year, 3 months

1
0
0 0

+ mm-page_table_check-fix-crash-on-zone_device.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/page_table_check: fix crash on ZONE_DEVICE has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-page_table_check-fix-crash-on-zone_device.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Peter Xu <peterx(a)redhat.com> Subject: mm/page_table_check: fix crash on ZONE_DEVICE Date: Wed, 5 Jun 2024 17:21:46 -0400 Not all pages may apply to pgtable check. One example is ZONE_DEVICE pages: they map PFNs directly, and they don't allocate page_ext at all even if there's struct page around. One may reference devm_memremap_pages(). When both ZONE_DEVICE and page-table-check enabled, then try to map some dax memories, one can trigger kernel bug constantly now when the kernel was trying to inject some pfn maps on the dax device: kernel BUG at mm/page_table_check.c:55! While it's pretty legal to use set_pxx_at() for ZONE_DEVICE pages for page fault resolutions, skip all the checks if page_ext doesn't even exist in pgtable checker, which applies to ZONE_DEVICE but maybe more. Link: https://lkml.kernel.org/r/20240605212146.994486-1-peterx@redhat.com Signed-off-by: Peter Xu <peterx(a)redhat.com> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: Pasha Tatashin <pasha.tatashin(a)soleen.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/page_table_check.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) --- a/mm/page_table_check.c~mm-page_table_check-fix-crash-on-zone_device +++ a/mm/page_table_check.c @@ -73,6 +73,9 @@ static void page_table_check_clear(unsig page = pfn_to_page(pfn); page_ext = page_ext_get(page); + if (!page_ext) + return; + BUG_ON(PageSlab(page)); anon = PageAnon(page); @@ -110,6 +113,9 @@ static void page_table_check_set(unsigne page = pfn_to_page(pfn); page_ext = page_ext_get(page); + if (!page_ext) + return; + BUG_ON(PageSlab(page)); anon = PageAnon(page); @@ -140,7 +146,10 @@ void __page_table_check_zero(struct page BUG_ON(PageSlab(page)); page_ext = page_ext_get(page); - BUG_ON(!page_ext); + + if (!page_ext) + return; + for (i = 0; i < (1ul << order); i++) { struct page_table_check *ptc = get_page_table_check(page_ext); _ Patches currently in -mm which might be from peterx(a)redhat.com are mm-page_table_check-fix-crash-on-zone_device.patch mm-debug_vm_pgtable-drop-random_orvalue-trick.patch mm-drop-leftover-comment-references-to-pxx_huge.patch

1 year, 3 months

1
0
0 0

[tip: x86/urgent] x86/amd_nb: Check for invalid SMN reads

by tip-bot2 for Yazen Ghannam

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: c625dabbf1c4a8e77e4734014f2fde7aa9071a1f Gitweb: https://git.kernel.org/tip/c625dabbf1c4a8e77e4734014f2fde7aa9071a1f Author: Yazen Ghannam <yazen.ghannam(a)amd.com> AuthorDate: Mon, 03 Apr 2023 16:42:44 Committer: Borislav Petkov (AMD) <bp(a)alien8.de> CommitterDate: Wed, 05 Jun 2024 21:23:34 +02:00 x86/amd_nb: Check for invalid SMN reads AMD Zen-based systems use a System Management Network (SMN) that provides access to implementation-specific registers. SMN accesses are done indirectly through an index/data pair in PCI config space. The PCI config access may fail and return an error code. This would prevent the "read" value from being updated. However, the PCI config access may succeed, but the return value may be invalid. This is in similar fashion to PCI bad reads, i.e. return all bits set. Most systems will return 0 for SMN addresses that are not accessible. This is in line with AMD convention that unavailable registers are Read-as-Zero/Writes-Ignored. However, some systems will return a "PCI Error Response" instead. This value, along with an error code of 0 from the PCI config access, will confuse callers of the amd_smn_read() function. Check for this condition, clear the return value, and set a proper error code. Fixes: ddfe43cdc0da ("x86/amd_nb: Add SMN and Indirect Data Fabric access for AMD Fam17h") Signed-off-by: Yazen Ghannam <yazen.ghannam(a)amd.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20230403164244.471141-1-yazen.ghannam@amd.com --- arch/x86/kernel/amd_nb.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/amd_nb.c b/arch/x86/kernel/amd_nb.c index 3cf156f..027a8c7 100644 --- a/arch/x86/kernel/amd_nb.c +++ b/arch/x86/kernel/amd_nb.c @@ -215,7 +215,14 @@ out: int amd_smn_read(u16 node, u32 address, u32 *value) { - return __amd_smn_rw(node, address, value, false); + int err = __amd_smn_rw(node, address, value, false); + + if (PCI_POSSIBLE_ERROR(*value)) { + err = -ENODEV; + *value = 0; + } + + return err; } EXPORT_SYMBOL_GPL(amd_smn_read);

1 year, 3 months

1
0
0 0

[PATCH v5] af_packet: Handle outgoing VLAN packets without hardware offloading

by Chengen Du

The issue initially stems from libpcap. The ethertype will be overwritten as the VLAN TPID if the network interface lacks hardware VLAN offloading. In the outbound packet path, if hardware VLAN offloading is unavailable, the VLAN tag is inserted into the payload but then cleared from the sk_buff struct. Consequently, this can lead to a false negative when checking for the presence of a VLAN tag, causing the packet sniffing outcome to lack VLAN tag information (i.e., TCI-TPID). As a result, the packet capturing tool may be unable to parse packets as expected. The TCI-TPID is missing because the prb_fill_vlan_info() function does not modify the tp_vlan_tci/tp_vlan_tpid values, as the information is in the payload and not in the sk_buff struct. The skb_vlan_tag_present() function only checks vlan_all in the sk_buff struct. In cooked mode, the L2 header is stripped, preventing the packet capturing tool from determining the correct TCI-TPID value. Additionally, the protocol in SLL is incorrect, which means the packet capturing tool cannot parse the L3 header correctly. Link: https://github.com/the-tcpdump-group/libpcap/issues/1105 Link: https://lore.kernel.org/netdev/20240520070348.26725-1-chengen.du@canonical.… Fixes: 393e52e33c6c ("packet: deliver VLAN TCI to userspace") Cc: stable(a)vger.kernel.org Signed-off-by: Chengen Du <chengen.du(a)canonical.com> --- net/packet/af_packet.c | 64 ++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 62 insertions(+), 2 deletions(-) diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c index ea3ebc160e25..53d51ac87ac6 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c @@ -538,6 +538,52 @@ static void *packet_current_frame(struct packet_sock *po, return packet_lookup_frame(po, rb, rb->head, status); } +static u16 vlan_get_tci(struct sk_buff *skb) +{ + unsigned int vlan_depth = skb->mac_len; + struct vlan_hdr vhdr, *vh; + u8 *skb_head = skb->data; + int skb_len = skb->len; + + if (vlan_depth) { + if (WARN_ON(vlan_depth < VLAN_HLEN)) + return 0; + vlan_depth -= VLAN_HLEN; + } else { + vlan_depth = ETH_HLEN; + } + + skb_push(skb, skb->data - skb_mac_header(skb)); + vh = skb_header_pointer(skb, vlan_depth, sizeof(vhdr), &vhdr); + if (skb_head != skb->data) { + skb->data = skb_head; + skb->len = skb_len; + } + if (unlikely(!vh)) + return 0; + + return ntohs(vh->h_vlan_TCI); +} + +static __be16 vlan_get_protocol_dgram(struct sk_buff *skb) +{ + __be16 proto = skb->protocol; + + if (unlikely(eth_type_vlan(proto))) { + u8 *skb_head = skb->data; + int skb_len = skb->len; + + skb_push(skb, skb->data - skb_mac_header(skb)); + proto = __vlan_get_protocol(skb, proto, NULL); + if (skb_head != skb->data) { + skb->data = skb_head; + skb->len = skb_len; + } + } + + return proto; +} + static void prb_del_retire_blk_timer(struct tpacket_kbdq_core *pkc) { del_timer_sync(&pkc->retire_blk_timer); @@ -1011,6 +1057,10 @@ static void prb_fill_vlan_info(struct tpacket_kbdq_core *pkc, ppd->hv1.tp_vlan_tci = skb_vlan_tag_get(pkc->skb); ppd->hv1.tp_vlan_tpid = ntohs(pkc->skb->vlan_proto); ppd->tp_status = TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; + } else if (unlikely(eth_type_vlan(pkc->skb->protocol))) { + ppd->hv1.tp_vlan_tci = vlan_get_tci(pkc->skb); + ppd->hv1.tp_vlan_tpid = ntohs(pkc->skb->protocol); + ppd->tp_status = TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; } else { ppd->hv1.tp_vlan_tci = 0; ppd->hv1.tp_vlan_tpid = 0; @@ -2428,6 +2478,10 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, h.h2->tp_vlan_tci = skb_vlan_tag_get(skb); h.h2->tp_vlan_tpid = ntohs(skb->vlan_proto); status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; + } else if (unlikely(eth_type_vlan(skb->protocol))) { + h.h2->tp_vlan_tci = vlan_get_tci(skb); + h.h2->tp_vlan_tpid = ntohs(skb->protocol); + status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; } else { h.h2->tp_vlan_tci = 0; h.h2->tp_vlan_tpid = 0; @@ -2457,7 +2511,8 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, sll->sll_halen = dev_parse_header(skb, sll->sll_addr); sll->sll_family = AF_PACKET; sll->sll_hatype = dev->type; - sll->sll_protocol = skb->protocol; + sll->sll_protocol = (sk->sk_type == SOCK_DGRAM) ? + vlan_get_protocol_dgram(skb) : skb->protocol; sll->sll_pkttype = skb->pkt_type; if (unlikely(packet_sock_flag(po, PACKET_SOCK_ORIGDEV))) sll->sll_ifindex = orig_dev->ifindex; @@ -3482,7 +3537,8 @@ static int packet_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, /* Original length was stored in sockaddr_ll fields */ origlen = PACKET_SKB_CB(skb)->sa.origlen; sll->sll_family = AF_PACKET; - sll->sll_protocol = skb->protocol; + sll->sll_protocol = (sock->type == SOCK_DGRAM) ? + vlan_get_protocol_dgram(skb) : skb->protocol; } sock_recv_cmsgs(msg, sk, skb); @@ -3539,6 +3595,10 @@ static int packet_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, aux.tp_vlan_tci = skb_vlan_tag_get(skb); aux.tp_vlan_tpid = ntohs(skb->vlan_proto); aux.tp_status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; + } else if (unlikely(eth_type_vlan(skb->protocol))) { + aux.tp_vlan_tci = vlan_get_tci(skb); + aux.tp_vlan_tpid = ntohs(skb->protocol); + aux.tp_status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; } else { aux.tp_vlan_tci = 0; aux.tp_vlan_tpid = 0; -- 2.43.0

1 year, 3 months

3
7
0 0

[PATCH] scsi: sd: Use READ(16) when reading block zero on large capacity disks

by Martin K. Petersen

Commit 321da3dc1f3c ("scsi: sd: usb_storage: uas: Access media prior to querying device properties") triggered a read to LBA 0 before attempting to inquire about device characteristics. This was done because some protocol bridge devices will return generic values until an attached storage device's media has been accessed. Pierre Tomon reported that this change caused problems on a large capacity external drive connected via a bridge device. The bridge in question does not appear to implement the READ(10) command. Issue a READ(16) instead of READ(10) when a device has been identified as preferring 16-byte commands (use_16_for_rw heuristic). Cc: stable(a)vger.kernel.org Fixes: 321da3dc1f3c ("scsi: sd: usb_storage: uas: Access media prior to querying device properties") Link: https://bugzilla.kernel.org/show_bug.cgi?id=218890 Reported-by: Pierre Tomon <pierretom+12(a)ik.me> Suggested-by: Alan Stern <stern(a)rowland.harvard.edu> Tested-by: Pierre Tomon <pierretom+12(a)ik.me> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> --- drivers/scsi/sd.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c index 65cdc8b77e35..6759bd5af58a 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c @@ -3572,16 +3572,23 @@ static bool sd_validate_opt_xfer_size(struct scsi_disk *sdkp, static void sd_read_block_zero(struct scsi_disk *sdkp) { - unsigned int buf_len = sdkp->device->sector_size; - char *buffer, cmd[10] = { }; + struct scsi_device *sdev = sdkp->device; + unsigned int buf_len = sdev->sector_size; + char *buffer, cmd[16] = { }; buffer = kmalloc(buf_len, GFP_KERNEL); if (!buffer) return; - cmd[0] = READ_10; - put_unaligned_be32(0, &cmd[2]); /* Logical block address 0 */ - put_unaligned_be16(1, &cmd[7]); /* Transfer 1 logical block */ + if (sdev->use_16_for_rw) { + cmd[0] = READ_16; + put_unaligned_be64(0, &cmd[2]); /* Logical block address 0 */ + put_unaligned_be32(1, &cmd[10]);/* Transfer 1 logical block */ + } else { + cmd[0] = READ_10; + put_unaligned_be32(0, &cmd[2]); /* Logical block address 0 */ + put_unaligned_be16(1, &cmd[7]); /* Transfer 1 logical block */ + } scsi_execute_cmd(sdkp->device, cmd, REQ_OP_DRV_IN, buffer, buf_len, SD_TIMEOUT, sdkp->max_retries, NULL); -- 2.45.1

1 year, 3 months

2
4
0 0

[PATCH 1/2] mm: page_ref: remove folio_try_get_rcu()

by Yang Shi

The below bug was reported on a non-SMP kernel: [ 275.267158][ T4335] ------------[ cut here ]------------ [ 275.267949][ T4335] kernel BUG at include/linux/page_ref.h:275! [ 275.268526][ T4335] invalid opcode: 0000 [#1] KASAN PTI [ 275.269001][ T4335] CPU: 0 PID: 4335 Comm: trinity-c3 Not tainted 6.7.0-rc4-00061-gefa7df3e3bb5 #1 [ 275.269787][ T4335] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 [ 275.270679][ T4335] RIP: 0010:try_get_folio (include/linux/page_ref.h:275 (discriminator 3) mm/gup.c:79 (discriminator 3)) [ 275.272813][ T4335] RSP: 0018:ffffc90005dcf650 EFLAGS: 00010202 [ 275.273346][ T4335] RAX: 0000000000000246 RBX: ffffea00066e0000 RCX: 0000000000000000 [ 275.274032][ T4335] RDX: fffff94000cdc007 RSI: 0000000000000004 RDI: ffffea00066e0034 [ 275.274719][ T4335] RBP: ffffea00066e0000 R08: 0000000000000000 R09: fffff94000cdc006 [ 275.275404][ T4335] R10: ffffea00066e0037 R11: 0000000000000000 R12: 0000000000000136 [ 275.276106][ T4335] R13: ffffea00066e0034 R14: dffffc0000000000 R15: ffffea00066e0008 [ 275.276790][ T4335] FS: 00007fa2f9b61740(0000) GS:ffffffff89d0d000(0000) knlGS:0000000000000000 [ 275.277570][ T4335] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 275.278143][ T4335] CR2: 00007fa2f6c00000 CR3: 0000000134b04000 CR4: 00000000000406f0 [ 275.278833][ T4335] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 275.279521][ T4335] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 275.280201][ T4335] Call Trace: [ 275.280499][ T4335] <TASK> [ 275.280751][ T4335] ? die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434 arch/x86/kernel/dumpstack.c:447) [ 275.281087][ T4335] ? do_trap (arch/x86/kernel/traps.c:112 arch/x86/kernel/traps.c:153) [ 275.281463][ T4335] ? try_get_folio (include/linux/page_ref.h:275 (discriminator 3) mm/gup.c:79 (discriminator 3)) [ 275.281884][ T4335] ? try_get_folio (include/linux/page_ref.h:275 (discriminator 3) mm/gup.c:79 (discriminator 3)) [ 275.282300][ T4335] ? do_error_trap (arch/x86/kernel/traps.c:174) [ 275.282711][ T4335] ? try_get_folio (include/linux/page_ref.h:275 (discriminator 3) mm/gup.c:79 (discriminator 3)) [ 275.283129][ T4335] ? handle_invalid_op (arch/x86/kernel/traps.c:212) [ 275.283561][ T4335] ? try_get_folio (include/linux/page_ref.h:275 (discriminator 3) mm/gup.c:79 (discriminator 3)) [ 275.283990][ T4335] ? exc_invalid_op (arch/x86/kernel/traps.c:264) [ 275.284415][ T4335] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:568) [ 275.284859][ T4335] ? try_get_folio (include/linux/page_ref.h:275 (discriminator 3) mm/gup.c:79 (discriminator 3)) [ 275.285278][ T4335] try_grab_folio (mm/gup.c:148) [ 275.285684][ T4335] __get_user_pages (mm/gup.c:1297 (discriminator 1)) [ 275.286111][ T4335] ? __pfx___get_user_pages (mm/gup.c:1188) [ 275.286579][ T4335] ? __pfx_validate_chain (kernel/locking/lockdep.c:3825) [ 275.287034][ T4335] ? mark_lock (kernel/locking/lockdep.c:4656 (discriminator 1)) [ 275.287416][ T4335] __gup_longterm_locked (mm/gup.c:1509 mm/gup.c:2209) [ 275.288192][ T4335] ? __pfx___gup_longterm_locked (mm/gup.c:2204) [ 275.288697][ T4335] ? __pfx_lock_acquire (kernel/locking/lockdep.c:5722) [ 275.289135][ T4335] ? __pfx___might_resched (kernel/sched/core.c:10106) [ 275.289595][ T4335] pin_user_pages_remote (mm/gup.c:3350) [ 275.290041][ T4335] ? __pfx_pin_user_pages_remote (mm/gup.c:3350) [ 275.290545][ T4335] ? find_held_lock (kernel/locking/lockdep.c:5244 (discriminator 1)) [ 275.290961][ T4335] ? mm_access (kernel/fork.c:1573) [ 275.291353][ T4335] process_vm_rw_single_vec+0x142/0x360 [ 275.291900][ T4335] ? __pfx_process_vm_rw_single_vec+0x10/0x10 [ 275.292471][ T4335] ? mm_access (kernel/fork.c:1573) [ 275.292859][ T4335] process_vm_rw_core+0x272/0x4e0 [ 275.293384][ T4335] ? hlock_class (arch/x86/include/asm/bitops.h:227 arch/x86/include/asm/bitops.h:239 include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) [ 275.293780][ T4335] ? __pfx_process_vm_rw_core+0x10/0x10 [ 275.294350][ T4335] process_vm_rw (mm/process_vm_access.c:284) [ 275.294748][ T4335] ? __pfx_process_vm_rw (mm/process_vm_access.c:259) [ 275.295197][ T4335] ? __task_pid_nr_ns (include/linux/rcupdate.h:306 (discriminator 1) include/linux/rcupdate.h:780 (discriminator 1) kernel/pid.c:504 (discriminator 1)) [ 275.295634][ T4335] __x64_sys_process_vm_readv (mm/process_vm_access.c:291) [ 275.296139][ T4335] ? syscall_enter_from_user_mode (kernel/entry/common.c:94 kernel/entry/common.c:112) [ 275.296642][ T4335] do_syscall_64 (arch/x86/entry/common.c:51 (discriminator 1) arch/x86/entry/common.c:82 (discriminator 1)) [ 275.297032][ T4335] ? __task_pid_nr_ns (include/linux/rcupdate.h:306 (discriminator 1) include/linux/rcupdate.h:780 (discriminator 1) kernel/pid.c:504 (discriminator 1)) [ 275.297470][ T4335] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4300 kernel/locking/lockdep.c:4359) [ 275.297988][ T4335] ? do_syscall_64 (arch/x86/include/asm/cpufeature.h:171 arch/x86/entry/common.c:97) [ 275.298389][ T4335] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4300 kernel/locking/lockdep.c:4359) [ 275.298906][ T4335] ? do_syscall_64 (arch/x86/include/asm/cpufeature.h:171 arch/x86/entry/common.c:97) [ 275.299304][ T4335] ? do_syscall_64 (arch/x86/include/asm/cpufeature.h:171 arch/x86/entry/common.c:97) [ 275.299703][ T4335] ? do_syscall_64 (arch/x86/include/asm/cpufeature.h:171 arch/x86/entry/common.c:97) [ 275.300115][ T4335] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129) This BUG is the VM_BUG_ON(!in_atomic() && !irqs_disabled()) assertion in folio_ref_try_add_rcu() for non-SMP kernel. The process_vm_readv() calls GUP to pin the THP. An optimization for pinning THP instroduced by commit 57edfcfd3419 ("mm/gup: accelerate thp gup even for "pages != NULL"") calls try_grab_folio() to pin the THP, but try_grab_folio() is supposed to be called in atomic context for non-SMP kernel, for example, irq disabled or preemption disabled, due to the optimization introduced by commit e286781d5f2e ("mm: speculative page references"). The commit efa7df3e3bb5 ("mm: align larger anonymous mappings on THP boundaries") is not actually the root cause although it was bisected to. It just makes the problem exposed more likely. The follow up discussion suggested the optimization for non-SMP kernel may be out-dated and not worth it anymore [1]. So removing the optimization to silence the BUG. However calling try_grab_folio() in GUP slow path actually is unnecessary, so the following patch will clean this up. [1] https://lore.kernel.org/linux-mm/821cf1d6-92b9-4ac4-bacc-d8f2364ac14f@paulm… Fixes: 57edfcfd3419 ("mm/gup: accelerate thp gup even for "pages != NULL"") Reported-by: kernel test robot <oliver.sang(a)intel.com> Cc: linux-stable <stable(a)vger.kernel.org> v6.6+ Signed-off-by: Yang Shi <yang(a)os.amperecomputing.com> --- include/linux/page_ref.h | 49 ++-------------------------------------- mm/filemap.c | 10 ++++---- mm/gup.c | 2 +- 3 files changed, 8 insertions(+), 53 deletions(-) diff --git a/include/linux/page_ref.h b/include/linux/page_ref.h index 1acf5bac7f50..490d0ad6e56d 100644 --- a/include/linux/page_ref.h +++ b/include/linux/page_ref.h @@ -258,54 +258,9 @@ static inline bool folio_try_get(struct folio *folio) return folio_ref_add_unless(folio, 1, 0); } -static inline bool folio_ref_try_add_rcu(struct folio *folio, int count) -{ -#ifdef CONFIG_TINY_RCU - /* - * The caller guarantees the folio will not be freed from interrupt - * context, so (on !SMP) we only need preemption to be disabled - * and TINY_RCU does that for us. - */ -# ifdef CONFIG_PREEMPT_COUNT - VM_BUG_ON(!in_atomic() && !irqs_disabled()); -# endif - VM_BUG_ON_FOLIO(folio_ref_count(folio) == 0, folio); - folio_ref_add(folio, count); -#else - if (unlikely(!folio_ref_add_unless(folio, count, 0))) { - /* Either the folio has been freed, or will be freed. */ - return false; - } -#endif - return true; -} - -/** - * folio_try_get_rcu - Attempt to increase the refcount on a folio. - * @folio: The folio. - * - * This is a version of folio_try_get() optimised for non-SMP kernels. - * If you are still holding the rcu_read_lock() after looking up the - * page and know that the page cannot have its refcount decreased to - * zero in interrupt context, you can use this instead of folio_try_get(). - * - * Example users include get_user_pages_fast() (as pages are not unmapped - * from interrupt context) and the page cache lookups (as pages are not - * truncated from interrupt context). We also know that pages are not - * frozen in interrupt context for the purposes of splitting or migration. - * - * You can also use this function if you're holding a lock that prevents - * pages being frozen & removed; eg the i_pages lock for the page cache - * or the mmap_lock or page table lock for page tables. In this case, - * it will always succeed, and you could have used a plain folio_get(), - * but it's sometimes more convenient to have a common function called - * from both locked and RCU-protected contexts. - * - * Return: True if the reference count was successfully incremented. - */ -static inline bool folio_try_get_rcu(struct folio *folio) +static inline bool folio_ref_try_add(struct folio *folio, int count) { - return folio_ref_try_add_rcu(folio, 1); + return folio_ref_add_unless(folio, count, 0); } static inline int page_ref_freeze(struct page *page, int count) diff --git a/mm/filemap.c b/mm/filemap.c index 9fe5c02ae92e..0fb5f3097094 100644 --- a/mm/filemap.c +++ b/mm/filemap.c @@ -1847,7 +1847,7 @@ void *filemap_get_entry(struct address_space *mapping, pgoff_t index) if (!folio || xa_is_value(folio)) goto out; - if (!folio_try_get_rcu(folio)) + if (!folio_try_get(folio)) goto repeat; if (unlikely(folio != xas_reload(&xas))) { @@ -2001,7 +2001,7 @@ static inline struct folio *find_get_entry(struct xa_state *xas, pgoff_t max, if (!folio || xa_is_value(folio)) return folio; - if (!folio_try_get_rcu(folio)) + if (!folio_try_get(folio)) goto reset; if (unlikely(folio != xas_reload(xas))) { @@ -2181,7 +2181,7 @@ unsigned filemap_get_folios_contig(struct address_space *mapping, if (xa_is_value(folio)) goto update_start; - if (!folio_try_get_rcu(folio)) + if (!folio_try_get(folio)) goto retry; if (unlikely(folio != xas_reload(&xas))) @@ -2313,7 +2313,7 @@ static void filemap_get_read_batch(struct address_space *mapping, break; if (xa_is_sibling(folio)) break; - if (!folio_try_get_rcu(folio)) + if (!folio_try_get(folio)) goto retry; if (unlikely(folio != xas_reload(&xas))) @@ -3473,7 +3473,7 @@ static struct folio *next_uptodate_folio(struct xa_state *xas, continue; if (folio_test_locked(folio)) continue; - if (!folio_try_get_rcu(folio)) + if (!folio_try_get(folio)) continue; /* Has the page moved or been split? */ if (unlikely(folio != xas_reload(xas))) diff --git a/mm/gup.c b/mm/gup.c index e17466fd62bb..17f89e8d31f1 100644 --- a/mm/gup.c +++ b/mm/gup.c @@ -78,7 +78,7 @@ static inline struct folio *try_get_folio(struct page *page, int refs) folio = page_folio(page); if (WARN_ON_ONCE(folio_ref_count(folio) < 0)) return NULL; - if (unlikely(!folio_ref_try_add_rcu(folio, refs))) + if (unlikely(!folio_ref_try_add(folio, refs))) return NULL; /* -- 2.41.0

1 year, 3 months

4
7
0 0

[PATCH v4] perf/core: Fix missing wakeup when waiting for context reference

by Haifeng Xu

In our production environment, we found many hung tasks which are blocked for more than 18 hours. Their call traces are like this: [346278.191038] __schedule+0x2d8/0x890 [346278.191046] schedule+0x4e/0xb0 [346278.191049] perf_event_free_task+0x220/0x270 [346278.191056] ? init_wait_var_entry+0x50/0x50 [346278.191060] copy_process+0x663/0x18d0 [346278.191068] kernel_clone+0x9d/0x3d0 [346278.191072] __do_sys_clone+0x5d/0x80 [346278.191076] __x64_sys_clone+0x25/0x30 [346278.191079] do_syscall_64+0x5c/0xc0 [346278.191083] ? syscall_exit_to_user_mode+0x27/0x50 [346278.191086] ? do_syscall_64+0x69/0xc0 [346278.191088] ? irqentry_exit_to_user_mode+0x9/0x20 [346278.191092] ? irqentry_exit+0x19/0x30 [346278.191095] ? exc_page_fault+0x89/0x160 [346278.191097] ? asm_exc_page_fault+0x8/0x30 [346278.191102] entry_SYSCALL_64_after_hwframe+0x44/0xae The task was waiting for the refcount become to 1, but from the vmcore, we found the refcount has already been 1. It seems that the task didn't get woken up by perf_event_release_kernel() and got stuck forever. The below scenario may cause the problem. Thread A Thread B ... ... perf_event_free_task perf_event_release_kernel ... acquire event->child_mutex ... get_ctx ... release event->child_mutex acquire ctx->mutex ... perf_free_event (acquire/release event->child_mutex) ... release ctx->mutex wait_var_event acquire ctx->mutex acquire event->child_mutex # move existing events to free_list release event->child_mutex release ctx->mutex put_ctx ... ... In this case, all events of the ctx have been freed, so we couldn't find the ctx in free_list and Thread A will miss the wakeup. It's thus necessary to add a wakeup after dropping the reference. Fixes: 1cf8dfe8a661 ("perf/core: Fix race between close() and fork()") Cc: stable(a)vger.kernel.org Signed-off-by: Haifeng Xu <haifeng.xu(a)shopee.com> Reviewed-by: Frederic Weisbecker <frederic(a)kernel.org> Acked-by: Mark Rutland <mark.rutland(a)arm.com> --- Changes since v1: - Add the fixed tag. - Simplify v1's patch. (Frederic) Changes since v2: - Use Reviewed-by tag instead of Signed-off-by tag. Changes since v3: - Add Acked-by tag. - Cc stable(a)vger.kernel.org. (Mark) --- kernel/events/core.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/kernel/events/core.c b/kernel/events/core.c index 4f0c45ab8d7d..15c35070db6a 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -5340,6 +5340,7 @@ int perf_event_release_kernel(struct perf_event *event) again: mutex_lock(&event->child_mutex); list_for_each_entry(child, &event->child_list, child_list) { + void *var = NULL; /* * Cannot change, child events are not migrated, see the @@ -5380,11 +5381,23 @@ int perf_event_release_kernel(struct perf_event *event) * this can't be the last reference. */ put_event(event); + } else { + var = &ctx->refcount; } mutex_unlock(&event->child_mutex); mutex_unlock(&ctx->mutex); put_ctx(ctx); + + if (var) { + /* + * If perf_event_free_task() has deleted all events from the + * ctx while the child_mutex got released above, make sure to + * notify about the preceding put_ctx(). + */ + smp_mb(); /* pairs with wait_var_event() */ + wake_up_var(var); + } goto again; } mutex_unlock(&event->child_mutex); -- 2.25.1

1 year, 3 months

4
3
0 0

[PATCH] locking/atomic: fix trivial typo in comment

by Carlos Llamas

For atomic_sub_and_test() the @i parameter is the value to subtract, not add. Fix the kerneldoc comment accordingly. Fixes: ad8110706f38 ("locking/atomic: scripts: generate kerneldoc comments") Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: stable(a)vger.kernel.org Signed-off-by: Carlos Llamas <cmllamas(a)google.com> --- include/linux/atomic/atomic-instrumented.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/atomic/atomic-instrumented.h b/include/linux/atomic/atomic-instrumented.h index debd487fe971..12b558c05384 100644 --- a/include/linux/atomic/atomic-instrumented.h +++ b/include/linux/atomic/atomic-instrumented.h @@ -1349,7 +1349,7 @@ atomic_try_cmpxchg_relaxed(atomic_t *v, int *old, int new) /** * atomic_sub_and_test() - atomic subtract and test if zero with full ordering - * @i: int value to add + * @i: int value to subtract * @v: pointer to atomic_t * * Atomically updates @v to (@v - @i) with full ordering. -- 2.45.0.rc1.225.g2a3ae87e7f-goog

1 year, 3 months

6
10
0 0

[PATCH stable 5.15] scripts/gdb: fix SB_* constants parsing

by Florian Fainelli

commit 6a59cb5158bff13b80f116305155fbe4967a5010 upstream --0000000000009a0c9905fd9173ad Content-Transfer-Encoding: 8bit After f15afbd34d8f ("fs: fix undefined behavior in bit shift for SB_NOUSER") the constants were changed from plain integers which LX_VALUE() can parse to constants using the BIT() macro which causes the following: Reading symbols from build/linux-custom/vmlinux...done. Traceback (most recent call last): File "/home/fainelli/work/buildroot/output/arm64/build/linux-custom/vmlinux-gdb.py", line 25, in <module> import linux.constants File "/home/fainelli/work/buildroot/output/arm64/build/linux-custom/scripts/gdb/linux/constants.py", line 5 LX_SB_RDONLY = ((((1UL))) << (0)) Use LX_GDBPARSED() which does not suffer from that issue. Fixes: f15afbd34d8f ("fs: fix undefined behavior in bit shift for SB_NOUSER") Link: https://lkml.kernel.org/r/20230607221337.2781730-1-florian.fainelli@broadco… Signed-off-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Acked-by: Christian Brauner <brauner(a)kernel.org> Cc: Hao Ge <gehao(a)kylinos.cn> Cc: Jan Kiszka <jan.kiszka(a)siemens.com> Cc: Kieran Bingham <kbingham(a)kernel.org> Cc: Luis Chamberlain <mcgrof(a)kernel.org> Cc: Pankaj Raghav <p.raghav(a)samsung.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Florian Fainelli <florian.fainelli(a)broadcom.com> --- scripts/gdb/linux/constants.py.in | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/scripts/gdb/linux/constants.py.in b/scripts/gdb/linux/constants.py.in index 08f0587d15ea..0ff707bc1896 100644 --- a/scripts/gdb/linux/constants.py.in +++ b/scripts/gdb/linux/constants.py.in @@ -46,12 +46,12 @@ if IS_BUILTIN(CONFIG_COMMON_CLK): LX_GDBPARSED(CLK_GET_RATE_NOCACHE) /* linux/fs.h */ -LX_VALUE(SB_RDONLY) -LX_VALUE(SB_SYNCHRONOUS) -LX_VALUE(SB_MANDLOCK) -LX_VALUE(SB_DIRSYNC) -LX_VALUE(SB_NOATIME) -LX_VALUE(SB_NODIRATIME) +LX_GDBPARSED(SB_RDONLY) +LX_GDBPARSED(SB_SYNCHRONOUS) +LX_GDBPARSED(SB_MANDLOCK) +LX_GDBPARSED(SB_DIRSYNC) +LX_GDBPARSED(SB_NOATIME) +LX_GDBPARSED(SB_NODIRATIME) /* linux/htimer.h */ LX_GDBPARSED(hrtimer_resolution) -- 2.34.1

1 year, 3 months

1
1
0 0

[PATCH AUTOSEL 5.4 1/2] nvme-multipath: find NUMA path only for online numa-node

by Sasha Levin

From: Nilay Shroff <nilay(a)linux.ibm.com> [ Upstream commit d3a043733f25d743f3aa617c7f82dbcb5ee2211a ] In current native multipath design when a shared namespace is created, we loop through each possible numa-node, calculate the NUMA distance of that node from each nvme controller and then cache the optimal IO path for future reference while sending IO. The issue with this design is that we may refer to the NUMA distance table for an offline node which may not be populated at the time and so we may inadvertently end up finding and caching a non-optimal path for IO. Then latter when the corresponding numa-node becomes online and hence the NUMA distance table entry for that node is created, ideally we should re-calculate the multipath node distance for the newly added node however that doesn't happen unless we rescan/reset the controller. So essentially, we may keep using non-optimal IO path for a node which is made online after namespace is created. This patch helps fix this issue ensuring that when a shared namespace is created, we calculate the multipath node distance for each online numa-node instead of each possible numa-node. Then latter when a node becomes online and we receive any IO on that newly added node, we would calculate the multipath node distance for newly added node but this time NUMA distance table would have been already populated for newly added node. Hence we would be able to correctly calculate the multipath node distance and choose the optimal path for the IO. Signed-off-by: Nilay Shroff <nilay(a)linux.ibm.com> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Signed-off-by: Keith Busch <kbusch(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/nvme/host/multipath.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/nvme/host/multipath.c b/drivers/nvme/host/multipath.c index 811f7b96b5517..c993548403f5c 100644 --- a/drivers/nvme/host/multipath.c +++ b/drivers/nvme/host/multipath.c @@ -436,7 +436,7 @@ static void nvme_mpath_set_live(struct nvme_ns *ns) int node, srcu_idx; srcu_idx = srcu_read_lock(&head->srcu); - for_each_node(node) + for_each_online_node(node) __nvme_find_path(head, node); srcu_read_unlock(&head->srcu, srcu_idx); } -- 2.43.0

1 year, 3 months

1
1
0 0

[PATCH AUTOSEL 5.15 01/12] nvme-multipath: find NUMA path only for online numa-node

by Sasha Levin

From: Nilay Shroff <nilay(a)linux.ibm.com> [ Upstream commit d3a043733f25d743f3aa617c7f82dbcb5ee2211a ] In current native multipath design when a shared namespace is created, we loop through each possible numa-node, calculate the NUMA distance of that node from each nvme controller and then cache the optimal IO path for future reference while sending IO. The issue with this design is that we may refer to the NUMA distance table for an offline node which may not be populated at the time and so we may inadvertently end up finding and caching a non-optimal path for IO. Then latter when the corresponding numa-node becomes online and hence the NUMA distance table entry for that node is created, ideally we should re-calculate the multipath node distance for the newly added node however that doesn't happen unless we rescan/reset the controller. So essentially, we may keep using non-optimal IO path for a node which is made online after namespace is created. This patch helps fix this issue ensuring that when a shared namespace is created, we calculate the multipath node distance for each online numa-node instead of each possible numa-node. Then latter when a node becomes online and we receive any IO on that newly added node, we would calculate the multipath node distance for newly added node but this time NUMA distance table would have been already populated for newly added node. Hence we would be able to correctly calculate the multipath node distance and choose the optimal path for the IO. Signed-off-by: Nilay Shroff <nilay(a)linux.ibm.com> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Signed-off-by: Keith Busch <kbusch(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/nvme/host/multipath.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/nvme/host/multipath.c b/drivers/nvme/host/multipath.c index 73eddb67f0d24..9ddaa599a9cd0 100644 --- a/drivers/nvme/host/multipath.c +++ b/drivers/nvme/host/multipath.c @@ -516,7 +516,7 @@ static void nvme_mpath_set_live(struct nvme_ns *ns) int node, srcu_idx; srcu_idx = srcu_read_lock(&head->srcu); - for_each_node(node) + for_each_online_node(node) __nvme_find_path(head, node); srcu_read_unlock(&head->srcu, srcu_idx); } -- 2.43.0

1 year, 3 months

1
11
0 0

[PATCH AUTOSEL 6.8 01/18] nvme-multipath: find NUMA path only for online numa-node

by Sasha Levin

From: Nilay Shroff <nilay(a)linux.ibm.com> [ Upstream commit d3a043733f25d743f3aa617c7f82dbcb5ee2211a ] In current native multipath design when a shared namespace is created, we loop through each possible numa-node, calculate the NUMA distance of that node from each nvme controller and then cache the optimal IO path for future reference while sending IO. The issue with this design is that we may refer to the NUMA distance table for an offline node which may not be populated at the time and so we may inadvertently end up finding and caching a non-optimal path for IO. Then latter when the corresponding numa-node becomes online and hence the NUMA distance table entry for that node is created, ideally we should re-calculate the multipath node distance for the newly added node however that doesn't happen unless we rescan/reset the controller. So essentially, we may keep using non-optimal IO path for a node which is made online after namespace is created. This patch helps fix this issue ensuring that when a shared namespace is created, we calculate the multipath node distance for each online numa-node instead of each possible numa-node. Then latter when a node becomes online and we receive any IO on that newly added node, we would calculate the multipath node distance for newly added node but this time NUMA distance table would have been already populated for newly added node. Hence we would be able to correctly calculate the multipath node distance and choose the optimal path for the IO. Signed-off-by: Nilay Shroff <nilay(a)linux.ibm.com> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Signed-off-by: Keith Busch <kbusch(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/nvme/host/multipath.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/nvme/host/multipath.c b/drivers/nvme/host/multipath.c index 75386d3e0f981..615fbdc09d1cc 100644 --- a/drivers/nvme/host/multipath.c +++ b/drivers/nvme/host/multipath.c @@ -594,7 +594,7 @@ static void nvme_mpath_set_live(struct nvme_ns *ns) int node, srcu_idx; srcu_idx = srcu_read_lock(&head->srcu); - for_each_node(node) + for_each_online_node(node) __nvme_find_path(head, node); srcu_read_unlock(&head->srcu, srcu_idx); } -- 2.43.0

1 year, 3 months

1
17
0 0

[PATCH AUTOSEL 6.9 01/23] nvme-multipath: find NUMA path only for online numa-node

by Sasha Levin

From: Nilay Shroff <nilay(a)linux.ibm.com> [ Upstream commit d3a043733f25d743f3aa617c7f82dbcb5ee2211a ] In current native multipath design when a shared namespace is created, we loop through each possible numa-node, calculate the NUMA distance of that node from each nvme controller and then cache the optimal IO path for future reference while sending IO. The issue with this design is that we may refer to the NUMA distance table for an offline node which may not be populated at the time and so we may inadvertently end up finding and caching a non-optimal path for IO. Then latter when the corresponding numa-node becomes online and hence the NUMA distance table entry for that node is created, ideally we should re-calculate the multipath node distance for the newly added node however that doesn't happen unless we rescan/reset the controller. So essentially, we may keep using non-optimal IO path for a node which is made online after namespace is created. This patch helps fix this issue ensuring that when a shared namespace is created, we calculate the multipath node distance for each online numa-node instead of each possible numa-node. Then latter when a node becomes online and we receive any IO on that newly added node, we would calculate the multipath node distance for newly added node but this time NUMA distance table would have been already populated for newly added node. Hence we would be able to correctly calculate the multipath node distance and choose the optimal path for the IO. Signed-off-by: Nilay Shroff <nilay(a)linux.ibm.com> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Signed-off-by: Keith Busch <kbusch(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/nvme/host/multipath.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/nvme/host/multipath.c b/drivers/nvme/host/multipath.c index d16e976ae1a47..9c1e135b8df3b 100644 --- a/drivers/nvme/host/multipath.c +++ b/drivers/nvme/host/multipath.c @@ -595,7 +595,7 @@ static void nvme_mpath_set_live(struct nvme_ns *ns) int node, srcu_idx; srcu_idx = srcu_read_lock(&head->srcu); - for_each_node(node) + for_each_online_node(node) __nvme_find_path(head, node); srcu_read_unlock(&head->srcu, srcu_idx); } -- 2.43.0

1 year, 3 months

1
22
0 0

[PATCH AUTOSEL 5.4] ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897

by Sasha Levin

From: Jian-Hong Pan <jhp(a)endlessos.org> [ Upstream commit 45e37f9ce28d248470bab4376df2687a215d1b22 ] JP-IK LEAP W502 laptop's headset mic is not enabled until ALC897_FIXUP_HEADSET_MIC_PIN3 quirk is applied. Here is the original pin node values: 0x11 0x40000000 0x12 0xb7a60130 0x14 0x90170110 0x15 0x411111f0 0x16 0x411111f0 0x17 0x411111f0 0x18 0x411111f0 0x19 0x411111f0 0x1a 0x411111f0 0x1b 0x03211020 0x1c 0x411111f0 0x1d 0x4026892d 0x1e 0x411111f0 0x1f 0x411111f0 Signed-off-by: Jian-Hong Pan <jhp(a)endlessos.org> Link: https://lore.kernel.org/r/20240520055008.7083-2-jhp@endlessos.org Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/pci/hda/patch_realtek.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c index bf9a4d5f8555d..2c0bfdfcf6410 100644 --- a/sound/pci/hda/patch_realtek.c +++ b/sound/pci/hda/patch_realtek.c @@ -9909,6 +9909,7 @@ enum { ALC897_FIXUP_LENOVO_HEADSET_MODE, ALC897_FIXUP_HEADSET_MIC_PIN2, ALC897_FIXUP_UNIS_H3C_X500S, + ALC897_FIXUP_HEADSET_MIC_PIN3, }; static const struct hda_fixup alc662_fixups[] = { @@ -10355,10 +10356,18 @@ static const struct hda_fixup alc662_fixups[] = { {} }, }, + [ALC897_FIXUP_HEADSET_MIC_PIN3] = { + .type = HDA_FIXUP_PINS, + .v.pins = (const struct hda_pintbl[]) { + { 0x19, 0x03a11050 }, /* use as headset mic */ + { } + }, + }, }; static const struct snd_pci_quirk alc662_fixup_tbl[] = { SND_PCI_QUIRK(0x1019, 0x9087, "ECS", ALC662_FIXUP_ASUS_MODE2), + SND_PCI_QUIRK(0x1019, 0x9859, "JP-IK LEAP W502", ALC897_FIXUP_HEADSET_MIC_PIN3), SND_PCI_QUIRK(0x1025, 0x022f, "Acer Aspire One", ALC662_FIXUP_INV_DMIC), SND_PCI_QUIRK(0x1025, 0x0241, "Packard Bell DOTS", ALC662_FIXUP_INV_DMIC), SND_PCI_QUIRK(0x1025, 0x0308, "Acer Aspire 8942G", ALC662_FIXUP_ASPIRE), -- 2.43.0

1 year, 3 months

1
0
0 0

[PATCH AUTOSEL 5.10] ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897

by Sasha Levin

From: Jian-Hong Pan <jhp(a)endlessos.org> [ Upstream commit 45e37f9ce28d248470bab4376df2687a215d1b22 ] JP-IK LEAP W502 laptop's headset mic is not enabled until ALC897_FIXUP_HEADSET_MIC_PIN3 quirk is applied. Here is the original pin node values: 0x11 0x40000000 0x12 0xb7a60130 0x14 0x90170110 0x15 0x411111f0 0x16 0x411111f0 0x17 0x411111f0 0x18 0x411111f0 0x19 0x411111f0 0x1a 0x411111f0 0x1b 0x03211020 0x1c 0x411111f0 0x1d 0x4026892d 0x1e 0x411111f0 0x1f 0x411111f0 Signed-off-by: Jian-Hong Pan <jhp(a)endlessos.org> Link: https://lore.kernel.org/r/20240520055008.7083-2-jhp@endlessos.org Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/pci/hda/patch_realtek.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c index 4af8094938059..86f7a8fbff689 100644 --- a/sound/pci/hda/patch_realtek.c +++ b/sound/pci/hda/patch_realtek.c @@ -10806,6 +10806,7 @@ enum { ALC897_FIXUP_LENOVO_HEADSET_MODE, ALC897_FIXUP_HEADSET_MIC_PIN2, ALC897_FIXUP_UNIS_H3C_X500S, + ALC897_FIXUP_HEADSET_MIC_PIN3, }; static const struct hda_fixup alc662_fixups[] = { @@ -11252,10 +11253,18 @@ static const struct hda_fixup alc662_fixups[] = { {} }, }, + [ALC897_FIXUP_HEADSET_MIC_PIN3] = { + .type = HDA_FIXUP_PINS, + .v.pins = (const struct hda_pintbl[]) { + { 0x19, 0x03a11050 }, /* use as headset mic */ + { } + }, + }, }; static const struct snd_pci_quirk alc662_fixup_tbl[] = { SND_PCI_QUIRK(0x1019, 0x9087, "ECS", ALC662_FIXUP_ASUS_MODE2), + SND_PCI_QUIRK(0x1019, 0x9859, "JP-IK LEAP W502", ALC897_FIXUP_HEADSET_MIC_PIN3), SND_PCI_QUIRK(0x1025, 0x022f, "Acer Aspire One", ALC662_FIXUP_INV_DMIC), SND_PCI_QUIRK(0x1025, 0x0241, "Packard Bell DOTS", ALC662_FIXUP_INV_DMIC), SND_PCI_QUIRK(0x1025, 0x0308, "Acer Aspire 8942G", ALC662_FIXUP_ASPIRE), -- 2.43.0

1 year, 3 months

1
0
0 0

[PATCH AUTOSEL 5.15 1/2] fs/ntfs3: Mark volume as dirty if xattr is broken

by Sasha Levin

From: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> [ Upstream commit 24f6f5020b0b2c89c2cba5ec224547be95f753ee ] Mark a volume as corrupted if the name length exceeds the space occupied by ea. Signed-off-by: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/ntfs3/xattr.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/fs/ntfs3/xattr.c b/fs/ntfs3/xattr.c index d0b75d7f58a7b..4a7753384b0e9 100644 --- a/fs/ntfs3/xattr.c +++ b/fs/ntfs3/xattr.c @@ -217,8 +217,11 @@ static ssize_t ntfs_list_ea(struct ntfs_inode *ni, char *buffer, if (!ea->name_len) break; - if (ea->name_len > ea_size) + if (ea->name_len > ea_size) { + ntfs_set_state(ni->mi.sbi, NTFS_DIRTY_ERROR); + err = -EINVAL; /* corrupted fs */ break; + } if (buffer) { /* Check if we can use field ea->name */ -- 2.43.0

1 year, 3 months

1
1
0 0

[PATCH AUTOSEL 6.1 1/3] fs/ntfs3: Mark volume as dirty if xattr is broken

by Sasha Levin

From: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> [ Upstream commit 24f6f5020b0b2c89c2cba5ec224547be95f753ee ] Mark a volume as corrupted if the name length exceeds the space occupied by ea. Signed-off-by: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/ntfs3/xattr.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/fs/ntfs3/xattr.c b/fs/ntfs3/xattr.c index d98cf7b382bcc..2e4eea854bda5 100644 --- a/fs/ntfs3/xattr.c +++ b/fs/ntfs3/xattr.c @@ -217,8 +217,11 @@ static ssize_t ntfs_list_ea(struct ntfs_inode *ni, char *buffer, if (!ea->name_len) break; - if (ea->name_len > ea_size) + if (ea->name_len > ea_size) { + ntfs_set_state(ni->mi.sbi, NTFS_DIRTY_ERROR); + err = -EINVAL; /* corrupted fs */ break; + } if (buffer) { /* Check if we can use field ea->name */ -- 2.43.0

1 year, 3 months

1
2
0 0

[PATCH AUTOSEL 6.6 1/4] fs/ntfs3: Mark volume as dirty if xattr is broken

by Sasha Levin

From: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> [ Upstream commit 24f6f5020b0b2c89c2cba5ec224547be95f753ee ] Mark a volume as corrupted if the name length exceeds the space occupied by ea. Signed-off-by: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/ntfs3/xattr.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/fs/ntfs3/xattr.c b/fs/ntfs3/xattr.c index b50010494e6d0..72bceb8cd164b 100644 --- a/fs/ntfs3/xattr.c +++ b/fs/ntfs3/xattr.c @@ -219,8 +219,11 @@ static ssize_t ntfs_list_ea(struct ntfs_inode *ni, char *buffer, if (!ea->name_len) break; - if (ea->name_len > ea_size) + if (ea->name_len > ea_size) { + ntfs_set_state(ni->mi.sbi, NTFS_DIRTY_ERROR); + err = -EINVAL; /* corrupted fs */ break; + } if (buffer) { /* Check if we can use field ea->name */ -- 2.43.0

1 year, 3 months

1
3
0 0

[PATCH AUTOSEL 6.8 1/6] fs/ntfs3: Mark volume as dirty if xattr is broken

by Sasha Levin

From: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> [ Upstream commit 24f6f5020b0b2c89c2cba5ec224547be95f753ee ] Mark a volume as corrupted if the name length exceeds the space occupied by ea. Signed-off-by: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/ntfs3/xattr.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/fs/ntfs3/xattr.c b/fs/ntfs3/xattr.c index 53e7d1fa036aa..73785dece7a7f 100644 --- a/fs/ntfs3/xattr.c +++ b/fs/ntfs3/xattr.c @@ -219,8 +219,11 @@ static ssize_t ntfs_list_ea(struct ntfs_inode *ni, char *buffer, if (!ea->name_len) break; - if (ea->name_len > ea_size) + if (ea->name_len > ea_size) { + ntfs_set_state(ni->mi.sbi, NTFS_DIRTY_ERROR); + err = -EINVAL; /* corrupted fs */ break; + } if (buffer) { /* Check if we can use field ea->name */ -- 2.43.0

1 year, 3 months

1
5
0 0

[PATCH AUTOSEL 6.9 1/6] fs/ntfs3: Mark volume as dirty if xattr is broken

by Sasha Levin

From: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> [ Upstream commit 24f6f5020b0b2c89c2cba5ec224547be95f753ee ] Mark a volume as corrupted if the name length exceeds the space occupied by ea. Signed-off-by: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/ntfs3/xattr.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/fs/ntfs3/xattr.c b/fs/ntfs3/xattr.c index 53e7d1fa036aa..73785dece7a7f 100644 --- a/fs/ntfs3/xattr.c +++ b/fs/ntfs3/xattr.c @@ -219,8 +219,11 @@ static ssize_t ntfs_list_ea(struct ntfs_inode *ni, char *buffer, if (!ea->name_len) break; - if (ea->name_len > ea_size) + if (ea->name_len > ea_size) { + ntfs_set_state(ni->mi.sbi, NTFS_DIRTY_ERROR); + err = -EINVAL; /* corrupted fs */ break; + } if (buffer) { /* Check if we can use field ea->name */ -- 2.43.0

1 year, 3 months

1
5
0 0

[PATCH AUTOSEL 4.19 1/4] usb: misc: uss720: check for incompatible versions of the Belkin F5U002

by Sasha Levin

From: Alex Henrie <alexhenrie24(a)gmail.com> [ Upstream commit 3295f1b866bfbcabd625511968e8a5c541f9ab32 ] The incompatible device in my possession has a sticker that says "F5U002 Rev 2" and "P80453-B", and lsusb identifies it as "050d:0002 Belkin Components IEEE-1284 Controller". There is a bug report from 2007 from Michael Trausch who was seeing the exact same errors that I saw in 2024 trying to use this cable. Link: https://lore.kernel.org/all/46DE5830.9060401@trausch.us/ Signed-off-by: Alex Henrie <alexhenrie24(a)gmail.com> Link: https://lore.kernel.org/r/20240326150723.99939-5-alexhenrie24@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/usb/misc/uss720.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/drivers/usb/misc/uss720.c b/drivers/usb/misc/uss720.c index 0be8efcda15d5..d972c09629397 100644 --- a/drivers/usb/misc/uss720.c +++ b/drivers/usb/misc/uss720.c @@ -677,7 +677,7 @@ static int uss720_probe(struct usb_interface *intf, struct parport_uss720_private *priv; struct parport *pp; unsigned char reg; - int i; + int ret; dev_dbg(&intf->dev, "probe: vendor id 0x%x, device id 0x%x\n", le16_to_cpu(usbdev->descriptor.idVendor), @@ -688,8 +688,8 @@ static int uss720_probe(struct usb_interface *intf, usb_put_dev(usbdev); return -ENODEV; } - i = usb_set_interface(usbdev, intf->altsetting->desc.bInterfaceNumber, 2); - dev_dbg(&intf->dev, "set interface result %d\n", i); + ret = usb_set_interface(usbdev, intf->altsetting->desc.bInterfaceNumber, 2); + dev_dbg(&intf->dev, "set interface result %d\n", ret); interface = intf->cur_altsetting; @@ -725,12 +725,18 @@ static int uss720_probe(struct usb_interface *intf, set_1284_register(pp, 7, 0x00, GFP_KERNEL); set_1284_register(pp, 6, 0x30, GFP_KERNEL); /* PS/2 mode */ set_1284_register(pp, 2, 0x0c, GFP_KERNEL); - /* debugging */ - get_1284_register(pp, 0, &reg, GFP_KERNEL); + + /* The Belkin F5U002 Rev 2 P80453-B USB parallel port adapter shares the + * device ID 050d:0002 with some other device that works with this + * driver, but it itself does not. Detect and handle the bad cable + * here. */ + ret = get_1284_register(pp, 0, &reg, GFP_KERNEL); dev_dbg(&intf->dev, "reg: %7ph\n", priv->reg); + if (ret < 0) + return ret; - i = usb_find_last_int_in_endpoint(interface, &epd); - if (!i) { + ret = usb_find_last_int_in_endpoint(interface, &epd); + if (!ret) { dev_dbg(&intf->dev, "epaddr %d interval %d\n", epd->bEndpointAddress, epd->bInterval); } -- 2.43.0

1 year, 3 months

1
3
0 0

[PATCH AUTOSEL 5.4 1/5] usb: misc: uss720: check for incompatible versions of the Belkin F5U002

by Sasha Levin

From: Alex Henrie <alexhenrie24(a)gmail.com> [ Upstream commit 3295f1b866bfbcabd625511968e8a5c541f9ab32 ] The incompatible device in my possession has a sticker that says "F5U002 Rev 2" and "P80453-B", and lsusb identifies it as "050d:0002 Belkin Components IEEE-1284 Controller". There is a bug report from 2007 from Michael Trausch who was seeing the exact same errors that I saw in 2024 trying to use this cable. Link: https://lore.kernel.org/all/46DE5830.9060401@trausch.us/ Signed-off-by: Alex Henrie <alexhenrie24(a)gmail.com> Link: https://lore.kernel.org/r/20240326150723.99939-5-alexhenrie24@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/usb/misc/uss720.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/drivers/usb/misc/uss720.c b/drivers/usb/misc/uss720.c index 0be8efcda15d5..d972c09629397 100644 --- a/drivers/usb/misc/uss720.c +++ b/drivers/usb/misc/uss720.c @@ -677,7 +677,7 @@ static int uss720_probe(struct usb_interface *intf, struct parport_uss720_private *priv; struct parport *pp; unsigned char reg; - int i; + int ret; dev_dbg(&intf->dev, "probe: vendor id 0x%x, device id 0x%x\n", le16_to_cpu(usbdev->descriptor.idVendor), @@ -688,8 +688,8 @@ static int uss720_probe(struct usb_interface *intf, usb_put_dev(usbdev); return -ENODEV; } - i = usb_set_interface(usbdev, intf->altsetting->desc.bInterfaceNumber, 2); - dev_dbg(&intf->dev, "set interface result %d\n", i); + ret = usb_set_interface(usbdev, intf->altsetting->desc.bInterfaceNumber, 2); + dev_dbg(&intf->dev, "set interface result %d\n", ret); interface = intf->cur_altsetting; @@ -725,12 +725,18 @@ static int uss720_probe(struct usb_interface *intf, set_1284_register(pp, 7, 0x00, GFP_KERNEL); set_1284_register(pp, 6, 0x30, GFP_KERNEL); /* PS/2 mode */ set_1284_register(pp, 2, 0x0c, GFP_KERNEL); - /* debugging */ - get_1284_register(pp, 0, &reg, GFP_KERNEL); + + /* The Belkin F5U002 Rev 2 P80453-B USB parallel port adapter shares the + * device ID 050d:0002 with some other device that works with this + * driver, but it itself does not. Detect and handle the bad cable + * here. */ + ret = get_1284_register(pp, 0, &reg, GFP_KERNEL); dev_dbg(&intf->dev, "reg: %7ph\n", priv->reg); + if (ret < 0) + return ret; - i = usb_find_last_int_in_endpoint(interface, &epd); - if (!i) { + ret = usb_find_last_int_in_endpoint(interface, &epd); + if (!ret) { dev_dbg(&intf->dev, "epaddr %d interval %d\n", epd->bEndpointAddress, epd->bInterval); } -- 2.43.0

1 year, 3 months

1
4
0 0

[PATCH AUTOSEL 5.10 1/7] f2fs: remove clear SB_INLINECRYPT flag in default_options

by Sasha Levin

From: Yunlei He <heyunlei(a)oppo.com> [ Upstream commit ac5eecf481c29942eb9a862e758c0c8b68090c33 ] In f2fs_remount, SB_INLINECRYPT flag will be clear and re-set. If create new file or open file during this gap, these files will not use inlinecrypt. Worse case, it may lead to data corruption if wrappedkey_v0 is enable. Thread A: Thread B: -f2fs_remount -f2fs_file_open or f2fs_new_inode -default_options <- clear SB_INLINECRYPT flag -fscrypt_select_encryption_impl -parse_options <- set SB_INLINECRYPT again Signed-off-by: Yunlei He <heyunlei(a)oppo.com> Reviewed-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/f2fs/super.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index 9a74d60f61dba..f73b2b9445acd 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -1713,8 +1713,6 @@ static void default_options(struct f2fs_sb_info *sbi) F2FS_OPTION(sbi).compress_ext_cnt = 0; F2FS_OPTION(sbi).bggc_mode = BGGC_MODE_ON; - sbi->sb->s_flags &= ~SB_INLINECRYPT; - set_opt(sbi, INLINE_XATTR); set_opt(sbi, INLINE_DATA); set_opt(sbi, INLINE_DENTRY); -- 2.43.0

1 year, 3 months

1
6
0 0

[PATCH AUTOSEL 5.15 1/9] f2fs: remove clear SB_INLINECRYPT flag in default_options

by Sasha Levin

From: Yunlei He <heyunlei(a)oppo.com> [ Upstream commit ac5eecf481c29942eb9a862e758c0c8b68090c33 ] In f2fs_remount, SB_INLINECRYPT flag will be clear and re-set. If create new file or open file during this gap, these files will not use inlinecrypt. Worse case, it may lead to data corruption if wrappedkey_v0 is enable. Thread A: Thread B: -f2fs_remount -f2fs_file_open or f2fs_new_inode -default_options <- clear SB_INLINECRYPT flag -fscrypt_select_encryption_impl -parse_options <- set SB_INLINECRYPT again Signed-off-by: Yunlei He <heyunlei(a)oppo.com> Reviewed-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/f2fs/super.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index df1e5496352c2..706d7adda3b22 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -2068,8 +2068,6 @@ static void default_options(struct f2fs_sb_info *sbi) F2FS_OPTION(sbi).compress_mode = COMPR_MODE_FS; F2FS_OPTION(sbi).bggc_mode = BGGC_MODE_ON; - sbi->sb->s_flags &= ~SB_INLINECRYPT; - set_opt(sbi, INLINE_XATTR); set_opt(sbi, INLINE_DATA); set_opt(sbi, INLINE_DENTRY); -- 2.43.0

1 year, 3 months

1
8
0 0

[PATCH AUTOSEL 6.1 01/12] f2fs: remove clear SB_INLINECRYPT flag in default_options

by Sasha Levin

From: Yunlei He <heyunlei(a)oppo.com> [ Upstream commit ac5eecf481c29942eb9a862e758c0c8b68090c33 ] In f2fs_remount, SB_INLINECRYPT flag will be clear and re-set. If create new file or open file during this gap, these files will not use inlinecrypt. Worse case, it may lead to data corruption if wrappedkey_v0 is enable. Thread A: Thread B: -f2fs_remount -f2fs_file_open or f2fs_new_inode -default_options <- clear SB_INLINECRYPT flag -fscrypt_select_encryption_impl -parse_options <- set SB_INLINECRYPT again Signed-off-by: Yunlei He <heyunlei(a)oppo.com> Reviewed-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/f2fs/super.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index c529ce5d986cc..f496622921843 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -2092,8 +2092,6 @@ static void default_options(struct f2fs_sb_info *sbi) F2FS_OPTION(sbi).bggc_mode = BGGC_MODE_ON; F2FS_OPTION(sbi).memory_mode = MEMORY_MODE_NORMAL; - sbi->sb->s_flags &= ~SB_INLINECRYPT; - set_opt(sbi, INLINE_XATTR); set_opt(sbi, INLINE_DATA); set_opt(sbi, INLINE_DENTRY); -- 2.43.0

1 year, 3 months

1
11
0 0

[PATCH AUTOSEL 6.6 01/20] usb: gadget: uvc: configfs: ensure guid to be valid before set

by Sasha Levin

From: Michael Grzeschik <m.grzeschik(a)pengutronix.de> [ Upstream commit f7a7f80ccc8df017507e2b1e1dd652361374d25b ] When setting the guid via configfs it is possible to test if its value is one of the kernel supported ones by calling uvc_format_by_guid on it. If the result is NULL, we know the guid is unsupported and can be ignored. Signed-off-by: Michael Grzeschik <m.grzeschik(a)pengutronix.de> Link: https://lore.kernel.org/r/20240221-uvc-gadget-configfs-guid-v1-1-f0678ca62e… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/usb/gadget/function/uvc_configfs.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/drivers/usb/gadget/function/uvc_configfs.c b/drivers/usb/gadget/function/uvc_configfs.c index d16c04d2961b6..4acf336e946d6 100644 --- a/drivers/usb/gadget/function/uvc_configfs.c +++ b/drivers/usb/gadget/function/uvc_configfs.c @@ -13,6 +13,7 @@ #include "uvc_configfs.h" #include <linux/sort.h> +#include <linux/usb/uvc.h> #include <linux/usb/video.h> /* ----------------------------------------------------------------------------- @@ -2260,6 +2261,8 @@ static ssize_t uvcg_uncompressed_guid_format_store(struct config_item *item, struct f_uvc_opts *opts; struct config_item *opts_item; struct mutex *su_mutex = &ch->fmt.group.cg_subsys->su_mutex; + const struct uvc_format_desc *format; + u8 tmpguidFormat[sizeof(ch->desc.guidFormat)]; int ret; mutex_lock(su_mutex); /* for navigating configfs hierarchy */ @@ -2273,7 +2276,16 @@ static ssize_t uvcg_uncompressed_guid_format_store(struct config_item *item, goto end; } - memcpy(ch->desc.guidFormat, page, + memcpy(tmpguidFormat, page, + min(sizeof(tmpguidFormat), len)); + + format = uvc_format_by_guid(tmpguidFormat); + if (!format) { + ret = -EINVAL; + goto end; + } + + memcpy(ch->desc.guidFormat, tmpguidFormat, min(sizeof(ch->desc.guidFormat), len)); ret = sizeof(ch->desc.guidFormat); -- 2.43.0

1 year, 3 months

1
19
0 0

[PATCH v2] PCI: use local_pci_probe when best selected cpu is offline

by Hongchen Zhang

When the best selected CPU is offline, work_on_cpu() will stuck forever. This can be happen if a node is online while all its CPUs are offline (we can use "maxcpus=1" without "nr_cpus=1" to reproduce it), Therefore, in this case, we should call local_pci_probe() instead of work_on_cpu(). Cc: <stable(a)vger.kernel.org> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> Signed-off-by: Hongchen Zhang <zhanghongchen(a)loongson.cn> --- v1 -> v2 Added the method to reproduce this issue --- drivers/pci/pci-driver.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/pci/pci-driver.c b/drivers/pci/pci-driver.c index af2996d0d17f..32a99828e6a3 100644 --- a/drivers/pci/pci-driver.c +++ b/drivers/pci/pci-driver.c @@ -386,7 +386,7 @@ static int pci_call_probe(struct pci_driver *drv, struct pci_dev *dev, free_cpumask_var(wq_domain_mask); } - if (cpu < nr_cpu_ids) + if ((cpu < nr_cpu_ids) && cpu_online(cpu)) error = work_on_cpu(cpu, local_pci_probe, &ddi); else error = local_pci_probe(&ddi); -- 2.33.0

1 year, 3 months

1
0
0 0

New opportunity for your establishment

by Srisawad Corp. PCL

Attention, I am writing from Srisawad Corp. PCL. We would like to invest in your project, we have the capacity to fund your project and we are open to discuss on any of these three types of investment plans. We can invest either as a debt/loan finance, equity venture or a combination of debt/loan and equity venture, likewise known as convertible note depending on the investment plan most suitable for your project. We are majorly interested in projects with high profit value. Projects that fall within our interest can be funded completely with very considerable and workable terms. Should you be interested please get back to me through the below email for more information. Email: doungchai(a)sawadscorpsocl.com Kindly let us know what your ideas are. Doungchai Kaewbootta Executive Director/Managing Director Srisawad Corp. PCL 99/392 Srisawad Building, 4th, 6th floor, Soi Chaengwattana 10 Intersection 3 (Benjamitr) Chaengwattana Road, Thung Song Hong Subdistrict Lak Si District, Bangkok 10210

1 year, 3 months

1
0
0 0

[PATCH] PCI: use local_pci_probe when best selected cpu is offline

by Hongchen Zhang

When the best selected cpu is offline, work_on_cpu will stuck forever. Therefore, in this case, we should call local_pci_probe instead of work_on_cpu. Cc: <stable(a)vger.kernel.org> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> Signed-off-by: Hongchen Zhang <zhanghongchen(a)loongson.cn> --- drivers/pci/pci-driver.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/pci/pci-driver.c b/drivers/pci/pci-driver.c index af2996d0d17f..32a99828e6a3 100644 --- a/drivers/pci/pci-driver.c +++ b/drivers/pci/pci-driver.c @@ -386,7 +386,7 @@ static int pci_call_probe(struct pci_driver *drv, struct pci_dev *dev, free_cpumask_var(wq_domain_mask); } - if (cpu < nr_cpu_ids) + if ((cpu < nr_cpu_ids) && cpu_online(cpu)) error = work_on_cpu(cpu, local_pci_probe, &ddi); else error = local_pci_probe(&ddi); -- 2.33.0

1 year, 3 months

2
2
0 0

[PATCH v4 7/9] drm/amdgpu: fix locking scope when flushing tlb

by Yunxiang Li

Which method is used to flush tlb does not depend on whether a reset is in progress or not. We should skip flush altogether if the GPU will get reset. So put both path under reset_domain read lock. Signed-off-by: Yunxiang Li <Yunxiang.Li(a)amd.com> Reviewed-by: Christian König <christian.koenig(a)amd.com> CC: stable(a)vger.kernel.org --- drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c | 66 +++++++++++++------------ 1 file changed, 34 insertions(+), 32 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c index 660599823050..322b8ff67cde 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c @@ -682,12 +682,17 @@ int amdgpu_gmc_flush_gpu_tlb_pasid(struct amdgpu_device *adev, uint16_t pasid, struct amdgpu_ring *ring = &adev->gfx.kiq[inst].ring; struct amdgpu_kiq *kiq = &adev->gfx.kiq[inst]; unsigned int ndw; - signed long r; + int r; uint32_t seq; - if (!adev->gmc.flush_pasid_uses_kiq || !ring->sched.ready || - !down_read_trylock(&adev->reset_domain->sem)) { + /* + * A GPU reset should flush all TLBs anyway, so no need to do + * this while one is ongoing. + */ + if (!down_read_trylock(&adev->reset_domain->sem)) + return 0; + if (!adev->gmc.flush_pasid_uses_kiq || !ring->sched.ready) { if (adev->gmc.flush_tlb_needs_extra_type_2) adev->gmc.gmc_funcs->flush_gpu_tlb_pasid(adev, pasid, 2, all_hub, @@ -701,43 +706,40 @@ int amdgpu_gmc_flush_gpu_tlb_pasid(struct amdgpu_device *adev, uint16_t pasid, adev->gmc.gmc_funcs->flush_gpu_tlb_pasid(adev, pasid, flush_type, all_hub, inst); - return 0; - } + r = 0; + } else { + /* 2 dwords flush + 8 dwords fence */ + ndw = kiq->pmf->invalidate_tlbs_size + 8; - /* 2 dwords flush + 8 dwords fence */ - ndw = kiq->pmf->invalidate_tlbs_size + 8; + if (adev->gmc.flush_tlb_needs_extra_type_2) + ndw += kiq->pmf->invalidate_tlbs_size; - if (adev->gmc.flush_tlb_needs_extra_type_2) - ndw += kiq->pmf->invalidate_tlbs_size; + if (adev->gmc.flush_tlb_needs_extra_type_0) + ndw += kiq->pmf->invalidate_tlbs_size; - if (adev->gmc.flush_tlb_needs_extra_type_0) - ndw += kiq->pmf->invalidate_tlbs_size; + spin_lock(&adev->gfx.kiq[inst].ring_lock); + amdgpu_ring_alloc(ring, ndw); + if (adev->gmc.flush_tlb_needs_extra_type_2) + kiq->pmf->kiq_invalidate_tlbs(ring, pasid, 2, all_hub); - spin_lock(&adev->gfx.kiq[inst].ring_lock); - amdgpu_ring_alloc(ring, ndw); - if (adev->gmc.flush_tlb_needs_extra_type_2) - kiq->pmf->kiq_invalidate_tlbs(ring, pasid, 2, all_hub); + if (flush_type == 2 && adev->gmc.flush_tlb_needs_extra_type_0) + kiq->pmf->kiq_invalidate_tlbs(ring, pasid, 0, all_hub); - if (flush_type == 2 && adev->gmc.flush_tlb_needs_extra_type_0) - kiq->pmf->kiq_invalidate_tlbs(ring, pasid, 0, all_hub); + kiq->pmf->kiq_invalidate_tlbs(ring, pasid, flush_type, all_hub); + r = amdgpu_fence_emit_polling(ring, &seq, MAX_KIQ_REG_WAIT); + if (r) { + amdgpu_ring_undo(ring); + spin_unlock(&adev->gfx.kiq[inst].ring_lock); + goto error_unlock_reset; + } - kiq->pmf->kiq_invalidate_tlbs(ring, pasid, flush_type, all_hub); - r = amdgpu_fence_emit_polling(ring, &seq, MAX_KIQ_REG_WAIT); - if (r) { - amdgpu_ring_undo(ring); + amdgpu_ring_commit(ring); spin_unlock(&adev->gfx.kiq[inst].ring_lock); - goto error_unlock_reset; - } - - amdgpu_ring_commit(ring); - spin_unlock(&adev->gfx.kiq[inst].ring_lock); - r = amdgpu_fence_wait_polling(ring, seq, usec_timeout); - if (r < 1) { - dev_err(adev->dev, "wait for kiq fence error: %ld.\n", r); - r = -ETIME; - goto error_unlock_reset; + if (amdgpu_fence_wait_polling(ring, seq, usec_timeout) < 1) { + dev_err(adev->dev, "timeout waiting for kiq fence\n"); + r = -ETIME; + } } - r = 0; error_unlock_reset: up_read(&adev->reset_domain->sem); -- 2.34.1

1 year, 3 months

1
0
0 0

[PATCH v2] KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()

by Breno Leitao

Use {READ,WRITE}_ONCE() to access kvm->last_boosted_vcpu to ensure the loads and stores are atomic. In the extremely unlikely scenario the compiler tears the stores, it's theoretically possible for KVM to attempt to get a vCPU using an out-of-bounds index, e.g. if the write is split into multiple 8-bit stores, and is paired with a 32-bit load on a VM with 257 vCPUs: CPU0 CPU1 last_boosted_vcpu = 0xff; (last_boosted_vcpu = 0x100) last_boosted_vcpu[15:8] = 0x01; i = (last_boosted_vcpu = 0x1ff) last_boosted_vcpu[7:0] = 0x00; vcpu = kvm->vcpu_array[0x1ff]; As detected by KCSAN: BUG: KCSAN: data-race in kvm_vcpu_on_spin [kvm] / kvm_vcpu_on_spin [kvm] write to 0xffffc90025a92344 of 4 bytes by task 4340 on cpu 16: kvm_vcpu_on_spin (arch/x86/kvm/../../../virt/kvm/kvm_main.c:4112) kvm handle_pause (arch/x86/kvm/vmx/vmx.c:5929) kvm_intel vmx_handle_exit (arch/x86/kvm/vmx/vmx.c:? arch/x86/kvm/vmx/vmx.c:6606) kvm_intel vcpu_run (arch/x86/kvm/x86.c:11107 arch/x86/kvm/x86.c:11211) kvm kvm_arch_vcpu_ioctl_run (arch/x86/kvm/x86.c:?) kvm kvm_vcpu_ioctl (arch/x86/kvm/../../../virt/kvm/kvm_main.c:?) kvm __se_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:904 fs/ioctl.c:890) __x64_sys_ioctl (fs/ioctl.c:890) x64_sys_call (arch/x86/entry/syscall_64.c:33) do_syscall_64 (arch/x86/entry/common.c:?) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) read to 0xffffc90025a92344 of 4 bytes by task 4342 on cpu 4: kvm_vcpu_on_spin (arch/x86/kvm/../../../virt/kvm/kvm_main.c:4069) kvm handle_pause (arch/x86/kvm/vmx/vmx.c:5929) kvm_intel vmx_handle_exit (arch/x86/kvm/vmx/vmx.c:? arch/x86/kvm/vmx/vmx.c:6606) kvm_intel vcpu_run (arch/x86/kvm/x86.c:11107 arch/x86/kvm/x86.c:11211) kvm kvm_arch_vcpu_ioctl_run (arch/x86/kvm/x86.c:?) kvm kvm_vcpu_ioctl (arch/x86/kvm/../../../virt/kvm/kvm_main.c:?) kvm __se_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:904 fs/ioctl.c:890) __x64_sys_ioctl (fs/ioctl.c:890) x64_sys_call (arch/x86/entry/syscall_64.c:33) do_syscall_64 (arch/x86/entry/common.c:?) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) value changed: 0x00000012 -> 0x00000000 Fixes: 217ece6129f2 ("KVM: use yield_to instead of sleep in kvm_vcpu_on_spin") Cc: stable(a)vger.kernel.org Signed-off-by: Breno Leitao <leitao(a)debian.org> --- Changelog: v2: * Reworded the git commit as suggested by Sean * Dropped the me->kvm->last_boosted_vcpu in favor of kvm->last_boosted_vcpu as suggested by Sean v1: * https://lore.kernel.org/all/20240509090146.146153-1-leitao@debian.org/ --- virt/kvm/kvm_main.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index ff0a20565f90..d9ce063c76f9 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -4066,12 +4066,13 @@ void kvm_vcpu_on_spin(struct kvm_vcpu *me, bool yield_to_kernel_mode) { struct kvm *kvm = me->kvm; struct kvm_vcpu *vcpu; - int last_boosted_vcpu = me->kvm->last_boosted_vcpu; + int last_boosted_vcpu; unsigned long i; int yielded = 0; int try = 3; int pass; + last_boosted_vcpu = READ_ONCE(kvm->last_boosted_vcpu); kvm_vcpu_set_in_spin_loop(me, true); /* * We boost the priority of a VCPU that is runnable but not @@ -4109,7 +4110,7 @@ void kvm_vcpu_on_spin(struct kvm_vcpu *me, bool yield_to_kernel_mode) yielded = kvm_vcpu_yield_to(vcpu); if (yielded > 0) { - kvm->last_boosted_vcpu = i; + WRITE_ONCE(kvm->last_boosted_vcpu, i); break; } else if (yielded < 0) { try--; -- 2.43.0

1 year, 3 months

2
1
0 0

+ nilfs2-fix-nilfs_empty_dir-misjudgment-and-long-loop-on-i-o-errors.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors has been added to the -mm mm-hotfixes-unstable branch. Its filename is nilfs2-fix-nilfs_empty_dir-misjudgment-and-long-loop-on-i-o-errors.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Subject: nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors Date: Tue, 4 Jun 2024 22:42:55 +0900 The error handling in nilfs_empty_dir() when a directory folio/page read fails is incorrect, as in the old ext2 implementation, and if the folio/page cannot be read or nilfs_check_folio() fails, it will falsely determine the directory as empty and corrupt the file system. In addition, since nilfs_empty_dir() does not immediately return on a failed folio/page read, but continues to loop, this can cause a long loop with I/O if i_size of the directory's inode is also corrupted, causing the log writer thread to wait and hang, as reported by syzbot. Fix these issues by making nilfs_empty_dir() immediately return a false value (0) if it fails to get a directory folio/page. Link: https://lkml.kernel.org/r/20240604134255.7165-1-konishi.ryusuke@gmail.com Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: syzbot+c8166c541d3971bf6c87(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=c8166c541d3971bf6c87 Fixes: 2ba466d74ed7 ("nilfs2: directory entry operations") Tested-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/nilfs2/dir.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/nilfs2/dir.c~nilfs2-fix-nilfs_empty_dir-misjudgment-and-long-loop-on-i-o-errors +++ a/fs/nilfs2/dir.c @@ -607,7 +607,7 @@ int nilfs_empty_dir(struct inode *inode) kaddr = nilfs_get_folio(inode, i, &folio); if (IS_ERR(kaddr)) - continue; + return 0; de = (struct nilfs_dir_entry *)kaddr; kaddr += nilfs_last_byte(inode, i) - NILFS_DIR_REC_LEN(1); _ Patches currently in -mm which might be from konishi.ryusuke(a)gmail.com are nilfs2-fix-potential-kernel-bug-due-to-lack-of-writeback-flag-waiting.patch nilfs2-fix-nilfs_empty_dir-misjudgment-and-long-loop-on-i-o-errors.patch

1 year, 3 months

1
0
0 0

Please queue up f4dca95fc0f6 for 6.9 et.al.

by Holger Hoffstätte

Just ${Subject} since it's a fix for a potential security footgun/DOS, whereever commit 378979e94e95 ("tcp: remove 64 KByte limit for initial tp->rcv_wnd value") has been queued up. Thanks! Holger

1 year, 3 months

3
6
0 0

[PATCH] crypto: ccp - Fix null pointer dereference in __sev_snp_shutdown_locked

by Kim Phillips

Another DEBUG_TEST_DRIVER_REMOVE induced splat found, this time in __sev_snp_shutdown_locked(). [ 38.625613] ccp 0000:55:00.5: enabling device (0000 -> 0002) [ 38.633022] ccp 0000:55:00.5: sev enabled [ 38.637498] ccp 0000:55:00.5: psp enabled [ 38.642011] BUG: kernel NULL pointer dereference, address: 00000000000000f0 [ 38.645963] #PF: supervisor read access in kernel mode [ 38.645963] #PF: error_code(0x0000) - not-present page [ 38.645963] PGD 0 P4D 0 [ 38.645963] Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC NOPTI [ 38.645963] CPU: 262 PID: 1 Comm: swapper/0 Not tainted 6.9.0-rc1+ #29 [ 38.645963] RIP: 0010:__sev_snp_shutdown_locked+0x2e/0x150 [ 38.645963] Code: 00 55 48 89 e5 41 57 41 56 41 54 53 48 83 ec 10 41 89 f7 49 89 fe 65 48 8b 04 25 28 00 00 00 48 89 45 d8 48 8b 05 6a 5a 7f 06 <4c> 8b a0 f0 00 00 00 41 0f b6 9c 24 a2 00 00 00 48 83 fb 02 0f 83 [ 38.645963] RSP: 0018:ffffb2ea4014b7b8 EFLAGS: 00010286 [ 38.645963] RAX: 0000000000000000 RBX: ffff9e4acd2e0a28 RCX: 0000000000000000 [ 38.645963] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffb2ea4014b808 [ 38.645963] RBP: ffffb2ea4014b7e8 R08: 0000000000000106 R09: 000000000003d9c0 [ 38.645963] R10: 0000000000000001 R11: ffffffffa39ff070 R12: ffff9e49d40590c8 [ 38.645963] R13: 0000000000000000 R14: ffffb2ea4014b808 R15: 0000000000000000 [ 38.645963] FS: 0000000000000000(0000) GS:ffff9e58b1e00000(0000) knlGS:0000000000000000 [ 38.645963] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 38.645963] CR2: 00000000000000f0 CR3: 0000000418a3e001 CR4: 0000000000770ef0 [ 38.645963] PKRU: 55555554 [ 38.645963] Call Trace: [ 38.645963] <TASK> [ 38.645963] ? __die_body+0x6f/0xb0 [ 38.645963] ? __die+0xcc/0xf0 [ 38.645963] ? page_fault_oops+0x330/0x3a0 [ 38.645963] ? save_trace+0x2a5/0x360 [ 38.645963] ? do_user_addr_fault+0x583/0x630 [ 38.645963] ? exc_page_fault+0x81/0x120 [ 38.645963] ? asm_exc_page_fault+0x2b/0x30 [ 38.645963] ? __sev_snp_shutdown_locked+0x2e/0x150 [ 38.645963] __sev_firmware_shutdown+0x349/0x5b0 [ 38.645963] ? pm_runtime_barrier+0x66/0xe0 [ 38.645963] sev_dev_destroy+0x34/0xb0 [ 38.645963] psp_dev_destroy+0x27/0x60 [ 38.645963] sp_destroy+0x39/0x90 [ 38.645963] sp_pci_remove+0x22/0x60 [ 38.645963] pci_device_remove+0x4e/0x110 [ 38.645963] really_probe+0x271/0x4e0 [ 38.645963] __driver_probe_device+0x8f/0x160 [ 38.645963] driver_probe_device+0x24/0x120 [ 38.645963] __driver_attach+0xc7/0x280 [ 38.645963] ? driver_attach+0x30/0x30 [ 38.645963] bus_for_each_dev+0x10d/0x130 [ 38.645963] driver_attach+0x22/0x30 [ 38.645963] bus_add_driver+0x171/0x2b0 [ 38.645963] ? unaccepted_memory_init_kdump+0x20/0x20 [ 38.645963] driver_register+0x67/0x100 [ 38.645963] __pci_register_driver+0x83/0x90 [ 38.645963] sp_pci_init+0x22/0x30 [ 38.645963] sp_mod_init+0x13/0x30 [ 38.645963] do_one_initcall+0xb8/0x290 [ 38.645963] ? sched_clock_noinstr+0xd/0x10 [ 38.645963] ? local_clock_noinstr+0x3e/0x100 [ 38.645963] ? stack_depot_save_flags+0x21e/0x6a0 [ 38.645963] ? local_clock+0x1c/0x60 [ 38.645963] ? stack_depot_save_flags+0x21e/0x6a0 [ 38.645963] ? sched_clock_noinstr+0xd/0x10 [ 38.645963] ? local_clock_noinstr+0x3e/0x100 [ 38.645963] ? __lock_acquire+0xd90/0xe30 [ 38.645963] ? sched_clock_noinstr+0xd/0x10 [ 38.645963] ? local_clock_noinstr+0x3e/0x100 [ 38.645963] ? __create_object+0x66/0x100 [ 38.645963] ? local_clock+0x1c/0x60 [ 38.645963] ? __create_object+0x66/0x100 [ 38.645963] ? parameq+0x1b/0x90 [ 38.645963] ? parse_one+0x6d/0x1d0 [ 38.645963] ? parse_args+0xd7/0x1f0 [ 38.645963] ? do_initcall_level+0x180/0x180 [ 38.645963] do_initcall_level+0xb0/0x180 [ 38.645963] do_initcalls+0x60/0xa0 [ 38.645963] ? kernel_init+0x1f/0x1d0 [ 38.645963] do_basic_setup+0x41/0x50 [ 38.645963] kernel_init_freeable+0x1ac/0x230 [ 38.645963] ? rest_init+0x1f0/0x1f0 [ 38.645963] kernel_init+0x1f/0x1d0 [ 38.645963] ? rest_init+0x1f0/0x1f0 [ 38.645963] ret_from_fork+0x3d/0x50 [ 38.645963] ? rest_init+0x1f0/0x1f0 [ 38.645963] ret_from_fork_asm+0x11/0x20 [ 38.645963] </TASK> [ 38.645963] Modules linked in: [ 38.645963] CR2: 00000000000000f0 [ 38.645963] ---[ end trace 0000000000000000 ]--- [ 38.645963] RIP: 0010:__sev_snp_shutdown_locked+0x2e/0x150 [ 38.645963] Code: 00 55 48 89 e5 41 57 41 56 41 54 53 48 83 ec 10 41 89 f7 49 89 fe 65 48 8b 04 25 28 00 00 00 48 89 45 d8 48 8b 05 6a 5a 7f 06 <4c> 8b a0 f0 00 00 00 41 0f b6 9c 24 a2 00 00 00 48 83 fb 02 0f 83 [ 38.645963] RSP: 0018:ffffb2ea4014b7b8 EFLAGS: 00010286 [ 38.645963] RAX: 0000000000000000 RBX: ffff9e4acd2e0a28 RCX: 0000000000000000 [ 38.645963] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffb2ea4014b808 [ 38.645963] RBP: ffffb2ea4014b7e8 R08: 0000000000000106 R09: 000000000003d9c0 [ 38.645963] R10: 0000000000000001 R11: ffffffffa39ff070 R12: ffff9e49d40590c8 [ 38.645963] R13: 0000000000000000 R14: ffffb2ea4014b808 R15: 0000000000000000 [ 38.645963] FS: 0000000000000000(0000) GS:ffff9e58b1e00000(0000) knlGS:0000000000000000 [ 38.645963] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 38.645963] CR2: 00000000000000f0 CR3: 0000000418a3e001 CR4: 0000000000770ef0 [ 38.645963] PKRU: 55555554 [ 38.645963] Kernel panic - not syncing: Fatal exception [ 38.645963] Kernel Offset: 0x1fc00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) Fixes: ccb88e9549e7 ("crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked") Cc: stable(a)vger.kernel.org Signed-off-by: Kim Phillips <kim.phillips(a)amd.com> --- drivers/crypto/ccp/sev-dev.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 2102377f727b..1912bee22dd4 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -1642,10 +1642,16 @@ static int sev_update_firmware(struct device *dev) static int __sev_snp_shutdown_locked(int *error, bool panic) { - struct sev_device *sev = psp_master->sev_data; + struct psp_device *psp = psp_master; + struct sev_device *sev; struct sev_data_snp_shutdown_ex data; int ret; + if (!psp || !psp->sev_data) + return 0; + + sev = psp->sev_data; + if (!sev->snp_initialized) return 0; -- 2.34.1

1 year, 3 months

5
4
0 0

[PATCH v7 00/10] Fix Kselftest's vfork() side effects

by Mickaël Salaün

Hi, This seven series fix an issue reported by kernel test robot [3]. Shuah, I (as well as Kees and Sean [4]) think this should be in -next really soon to make sure everything works fine for the v6.9 release, which is not currently the case. I cannot test against all kselftests though. I would prefer to let you handle this, but I guess you're not able to do so and I'll push it on my branch without reply from you. Even if I push it on my branch, please push it on yours too as soon as you see this and I'll remove it from mine. Mark, Jakub, could you please test this series? As reported by Kernel Test Robot [1] and Sean Christopherson [2], some tests fail since v6.9-rc1 . This is due to the use of vfork() which introduced some side effects. Similarly, while making it more generic, a previous commit made some Landlock file system tests flaky, and subject to the host's file system mount configuration. This series fixes all these side effects by replacing vfork() with clone3() and CLONE_VFORK, which is cleaner (no arbitrary shared memory) and makes the Kselftest framework more robust. I tried different approaches and I found this one to be the cleaner and less invasive for current test cases. I successfully ran the following tests (using TEST_F and fork/clone/clone3, and KVM_ONE_VCPU_TEST) with this series: - kvm:fix_hypercall_test - kvm:sync_regs_test - kvm:userspace_msr_exit_test - kvm:vmx_pmu_caps_test - landlock:fs_test - landlock:net_test - landlock:ptrace_test - move_mount_set_group:move_mount_set_group_test - net/af_unix:scm_pidfd - perf_events:remove_on_exec - pidfd:pidfd_getfd_test - pidfd:pidfd_setns_test - seccomp:seccomp_bpf - user_events:abi_test [1] https://lore.kernel.org/oe-lkp/202403291015.1fcfa957-oliver.sang@intel.com [2] https://lore.kernel.org/r/ZjPelW6-AbtYvslu@google.com [3] https://lore.kernel.org/r/202405100339.vfBe0t9C-lkp@intel.com [4] https://lore.kernel.org/r/202405061002.01D399877A@keescook Previous versions: v1: https://lore.kernel.org/r/20240426172252.1862930-1-mic@digikod.net v2: https://lore.kernel.org/r/20240429130931.2394118-1-mic@digikod.net v3: https://lore.kernel.org/r/20240429191911.2552580-1-mic@digikod.net v4: https://lore.kernel.org/r/20240502210926.145539-1-mic@digikod.net v5: https://lore.kernel.org/r/20240503105820.300927-1-mic@digikod.net v6: https://lore.kernel.org/r/20240506165518.474504-1-mic@digikod.net Regards, Mickaël Salaün (10): selftests/pidfd: Fix config for pidfd_setns_test selftests/landlock: Fix FS tests when run on a private mount point selftests/harness: Fix fixture teardown selftests/harness: Fix interleaved scheduling leading to race conditions selftests/landlock: Do not allocate memory in fixture data selftests/harness: Constify fixture variants selftests/pidfd: Fix wrong expectation selftests/harness: Share _metadata between forked processes selftests/harness: Fix vfork() side effects selftests/harness: Handle TEST_F()'s explicit exit codes tools/testing/selftests/kselftest_harness.h | 127 +++++++++++++----- tools/testing/selftests/landlock/fs_test.c | 83 +++++++----- tools/testing/selftests/pidfd/config | 2 + .../selftests/pidfd/pidfd_setns_test.c | 2 +- 4 files changed, 147 insertions(+), 67 deletions(-) base-commit: e67572cd2204894179d89bd7b984072f19313b03 -- 2.45.0

1 year, 3 months

3
16
0 0

[PATCH 0/2] arm64: dts: qcom: switch RB1 and RB2 platforms to i2c2-gpio

by Dmitry Baryshkov

On the Qualcomm RB1 and RB2 platforms the I2C bus connected to the LT9611UXC bridge under some circumstances can go into a state when all transfers timeout. This causes both issues with fetching of EDID and with updating of the bridge's firmware. While we are debugging the issue, switch corresponding I2C bus to use i2c-gpio driver. While using i2c-gpio no communication issues are observed. Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> --- Dmitry Baryshkov (2): arm64: dts: qcom: qrb2210-rb1: switch I2C2 to i2c-gpio arm64: dts: qcom: qrb4210-rb2: switch I2C2 to i2c-gpio arch/arm64/boot/dts/qcom/qrb2210-rb1.dts | 13 ++++++++++++- arch/arm64/boot/dts/qcom/qrb4210-rb2.dts | 13 ++++++++++++- 2 files changed, 24 insertions(+), 2 deletions(-) --- base-commit: 0e1980c40b6edfa68b6acf926bab22448a6e40c9 change-id: 20240604-rb12-i2c2g-pio-f6035fa8e022 Best regards, -- Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>

1 year, 3 months

2
3
0 0

[PATCH v2 2/2] arm64: dts: qcom: sc7280: Disable SuperSpeed instances in park mode

by Krishna Kurapati

On SC7280, in host mode, it is observed that stressing out controller results in HC died error: xhci-hcd.12.auto: xHCI host not responding to stop endpoint command xhci-hcd.12.auto: xHCI host controller not responding, assume dead xhci-hcd.12.auto: HC died; cleaning up And at this instant only restarting the host mode fixes it. Disable SuperSpeed instances in park mode for SC7280 to mitigate this issue. Reported-by: Doug Anderson <dianders(a)google.com> Cc: <stable(a)vger.kernel.org> Fixes: bb9efa59c665 ("arm64: dts: qcom: sc7280: Add USB related nodes") Signed-off-by: Krishna Kurapati <quic_kriskura(a)quicinc.com> --- Removed RB/TB tag from Doug as commit text was updated. arch/arm64/boot/dts/qcom/sc7280.dtsi | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm64/boot/dts/qcom/sc7280.dtsi b/arch/arm64/boot/dts/qcom/sc7280.dtsi index 41f51d326111..e0d3eeb6f639 100644 --- a/arch/arm64/boot/dts/qcom/sc7280.dtsi +++ b/arch/arm64/boot/dts/qcom/sc7280.dtsi @@ -4131,6 +4131,7 @@ usb_1_dwc3: usb@a600000 { iommus = <&apps_smmu 0xe0 0x0>; snps,dis_u2_susphy_quirk; snps,dis_enblslpm_quirk; + snps,parkmode-disable-ss-quirk; phys = <&usb_1_hsphy>, <&usb_1_qmpphy QMP_USB43DP_USB3_PHY>; phy-names = "usb2-phy", "usb3-phy"; maximum-speed = "super-speed"; -- 2.34.1

1 year, 3 months

2
1
0 0

[PATCH v2 1/2] arm64: dts: qcom: sc7180: Disable SuperSpeed instances in park mode

by Krishna Kurapati

On SC7180, in host mode, it is observed that stressing out controller results in HC died error: xhci-hcd.12.auto: xHCI host not responding to stop endpoint command xhci-hcd.12.auto: xHCI host controller not responding, assume dead xhci-hcd.12.auto: HC died; cleaning up And at this instant only restarting the host mode fixes it. Disable SuperSpeed instances in park mode for SC7180 to mitigate this issue. Reported-by: Doug Anderson <dianders(a)google.com> Cc: <stable(a)vger.kernel.org> Fixes: 0b766e7fe5a2 ("arm64: dts: qcom: sc7180: Add USB related nodes") Signed-off-by: Krishna Kurapati <quic_kriskura(a)quicinc.com> --- Removed RB/TB tag from Doug as commit text was updated. arch/arm64/boot/dts/qcom/sc7180.dtsi | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm64/boot/dts/qcom/sc7180.dtsi b/arch/arm64/boot/dts/qcom/sc7180.dtsi index 2b481e20ae38..cc93b5675d5d 100644 --- a/arch/arm64/boot/dts/qcom/sc7180.dtsi +++ b/arch/arm64/boot/dts/qcom/sc7180.dtsi @@ -3063,6 +3063,7 @@ usb_1_dwc3: usb@a600000 { iommus = <&apps_smmu 0x540 0>; snps,dis_u2_susphy_quirk; snps,dis_enblslpm_quirk; + snps,parkmode-disable-ss-quirk; phys = <&usb_1_hsphy>, <&usb_1_qmpphy QMP_USB43DP_USB3_PHY>; phy-names = "usb2-phy", "usb3-phy"; maximum-speed = "super-speed"; -- 2.34.1

1 year, 3 months

4
6
0 0

Widespread breakage in v6.9.4-rc1

by Mark Brown

I'm not seeing a test mail for v6.9.4-rc1 but it's in the stable-rc git and I'm seeing extensive breakage on many platforms with it due to the backporting of c0e0f139354 ("drm: Make drivers depends on DRM_DW_HDMI") which was reverted upstream in commit 8f7f115596d3dcced ("Revert "drm: Make drivers depends on DRM_DW_HDMI"") for a combination of the reasons outlined in that revert and the extensive breakage that it cause in -next.

1 year, 3 months

2
2
0 0

[PATCH 1/2] mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos

by Ilpo Järvinen

jmicron_pmos() and sdhci_pci_probe() use pci_{read,write}_config_byte() that return PCIBIOS_* codes. The return code is then returned as is by jmicron_probe() and sdhci_pci_probe(). Similarly, the return code is also returned as is from jmicron_resume(). Both probe and resume functions should return normal errnos. Convert PCIBIOS_* returns code using pcibios_err_to_errno() into normal errno before returning them the fix these issues. Fixes: 7582041ff3d4 ("mmc: sdhci-pci: fix simple_return.cocci warnings") Fixes: 45211e215984 ("sdhci: toggle JMicron PMOS setting") Cc: stable(a)vger.kernel.org Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> --- drivers/mmc/host/sdhci-pci-core.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/drivers/mmc/host/sdhci-pci-core.c b/drivers/mmc/host/sdhci-pci-core.c index ef89ec382bfe..23e6ba70144c 100644 --- a/drivers/mmc/host/sdhci-pci-core.c +++ b/drivers/mmc/host/sdhci-pci-core.c @@ -1326,7 +1326,7 @@ static int jmicron_pmos(struct sdhci_pci_chip *chip, int on) ret = pci_read_config_byte(chip->pdev, 0xAE, &scratch); if (ret) - return ret; + goto fail; /* * Turn PMOS on [bit 0], set over current detection to 2.4 V @@ -1337,7 +1337,10 @@ static int jmicron_pmos(struct sdhci_pci_chip *chip, int on) else scratch &= ~0x47; - return pci_write_config_byte(chip->pdev, 0xAE, scratch); + ret = pci_write_config_byte(chip->pdev, 0xAE, scratch); + +fail: + return pcibios_err_to_errno(ret); } static int jmicron_probe(struct sdhci_pci_chip *chip) @@ -2202,7 +2205,7 @@ static int sdhci_pci_probe(struct pci_dev *pdev, ret = pci_read_config_byte(pdev, PCI_SLOT_INFO, &slots); if (ret) - return ret; + return pcibios_err_to_errno(ret); slots = PCI_SLOT_INFO_SLOTS(slots) + 1; dev_dbg(&pdev->dev, "found %d slot(s)\n", slots); @@ -2211,7 +2214,7 @@ static int sdhci_pci_probe(struct pci_dev *pdev, ret = pci_read_config_byte(pdev, PCI_SLOT_INFO, &first_bar); if (ret) - return ret; + return pcibios_err_to_errno(ret); first_bar &= PCI_SLOT_INFO_FIRST_BAR_MASK; -- 2.39.2

1 year, 3 months

3
5
0 0

[PATCH 1/2] EDAC/amd64: Convert PCIBIOS_* return codes to errnos

by Ilpo Järvinen

gpu_get_node_map() uses pci_read_config_dword() that returns PCIBIOS_* codes. The return code is then returned all the way into the module init function amd64_edac_init() that returns it as is. The module init functions, however, should return normal errnos. Convert PCIBIOS_* returns code using pcibios_err_to_errno() into normal errno before returning it from gpu_get_node_map(). For consistency, convert also the other similar cases which return PCIBIOS_* codes even if they do not have any bugs at the moment. Fixes: 4251566ebc1c ("EDAC/amd64: Cache and use GPU node map") Cc: stable(a)vger.kernel.org Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> --- drivers/edac/amd64_edac.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/edac/amd64_edac.c b/drivers/edac/amd64_edac.c index 1f3520d76861..a17f3c0cdfa6 100644 --- a/drivers/edac/amd64_edac.c +++ b/drivers/edac/amd64_edac.c @@ -81,7 +81,7 @@ int __amd64_read_pci_cfg_dword(struct pci_dev *pdev, int offset, amd64_warn("%s: error reading F%dx%03x.\n", func, PCI_FUNC(pdev->devfn), offset); - return err; + return pcibios_err_to_errno(err); } int __amd64_write_pci_cfg_dword(struct pci_dev *pdev, int offset, @@ -94,7 +94,7 @@ int __amd64_write_pci_cfg_dword(struct pci_dev *pdev, int offset, amd64_warn("%s: error writing to F%dx%03x.\n", func, PCI_FUNC(pdev->devfn), offset); - return err; + return pcibios_err_to_errno(err); } /* @@ -1025,8 +1025,10 @@ static int gpu_get_node_map(struct amd64_pvt *pvt) } ret = pci_read_config_dword(pdev, REG_LOCAL_NODE_TYPE_MAP, &tmp); - if (ret) + if (ret) { + ret = pcibios_err_to_errno(ret); goto out; + } gpu_node_map.node_count = FIELD_GET(LNTM_NODE_COUNT, tmp); gpu_node_map.base_node_id = FIELD_GET(LNTM_BASE_NODE_ID, tmp); -- 2.39.2

1 year, 3 months

3
3
0 0

[PATCH] Documentation: mtd: spinand: macronix: Add support for serial NAND flash

by Cheng Ming Lin

From: Cheng Ming Lin <chengminglin(a)mxic.com.tw> MX35UF{1,2,4}GE4AD and MX35UF{1,2}GE4AC have been merge into Linux kernel mainline. Commit ID: "c374839f9b4475173e536d1eaddff45cb481dbdf". For SPI-NAND flash support on Linux kernel LTS v5.4.y, add SPI-NAND flash MX35UF{1,2,4}GE4AD and MX35UF{1,2}GE4AC in id tables. Those five flashes have been validate on Xilinx zynq-picozed board and Linux kernel LTS v5.4.y. Signed-off-by: Cheng Ming Lin <chengminglin(a)mxic.com.tw> --- drivers/mtd/nand/spi/macronix.c | 45 +++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/drivers/mtd/nand/spi/macronix.c b/drivers/mtd/nand/spi/macronix.c index f18c6cfe8ff5..e1446798bfb3 100644 --- a/drivers/mtd/nand/spi/macronix.c +++ b/drivers/mtd/nand/spi/macronix.c @@ -132,6 +132,51 @@ static const struct spinand_info macronix_spinand_table[] = { &update_cache_variants), SPINAND_HAS_QE_BIT, SPINAND_ECCINFO(&mx35lfxge4ab_ooblayout, NULL)), + SPINAND_INFO("MX35UF4GE4AD", 0xb7, + NAND_MEMORG(1, 4096, 256, 64, 2048, 40, 1, 1, 1), + NAND_ECCREQ(8, 512), + SPINAND_INFO_OP_VARIANTS(&read_cache_variants, + &write_cache_variants, + &update_cache_variants), + SPINAND_HAS_QE_BIT, + SPINAND_ECCINFO(&mx35lfxge4ab_ooblayout, + mx35lf1ge4ab_ecc_get_status)), + SPINAND_INFO("MX35UF2GE4AD", 0xa6, + NAND_MEMORG(1, 2048, 128, 64, 2048, 40, 1, 1, 1), + NAND_ECCREQ(8, 512), + SPINAND_INFO_OP_VARIANTS(&read_cache_variants, + &write_cache_variants, + &update_cache_variants), + SPINAND_HAS_QE_BIT, + SPINAND_ECCINFO(&mx35lfxge4ab_ooblayout, + mx35lf1ge4ab_ecc_get_status)), + SPINAND_INFO("MX35UF2GE4AC", 0xa2, + NAND_MEMORG(1, 2048, 64, 64, 2048, 40, 1, 1, 1), + NAND_ECCREQ(4, 512), + SPINAND_INFO_OP_VARIANTS(&read_cache_variants, + &write_cache_variants, + &update_cache_variants), + SPINAND_HAS_QE_BIT, + SPINAND_ECCINFO(&mx35lfxge4ab_ooblayout, + mx35lf1ge4ab_ecc_get_status)), + SPINAND_INFO("MX35UF1GE4AD", 0x96, + NAND_MEMORG(1, 2048, 128, 64, 1024, 20, 1, 1, 1), + NAND_ECCREQ(8, 512), + SPINAND_INFO_OP_VARIANTS(&read_cache_variants, + &write_cache_variants, + &update_cache_variants), + SPINAND_HAS_QE_BIT, + SPINAND_ECCINFO(&mx35lfxge4ab_ooblayout, + mx35lf1ge4ab_ecc_get_status)), + SPINAND_INFO("MX35UF1GE4AC", 0x92, + NAND_MEMORG(1, 2048, 64, 64, 1024, 20, 1, 1, 1), + NAND_ECCREQ(4, 512), + SPINAND_INFO_OP_VARIANTS(&read_cache_variants, + &write_cache_variants, + &update_cache_variants), + SPINAND_HAS_QE_BIT, + SPINAND_ECCINFO(&mx35lfxge4ab_ooblayout, + mx35lf1ge4ab_ecc_get_status)), }; static int macronix_spinand_detect(struct spinand_device *spinand) -- 2.25.1

1 year, 3 months

4
6
0 0

[PATCH bpf v1 1/2] Compiler Attributes: Add __retain macro

by Tony Ambardar

Some code includes the __used macro to prevent functions and data from being optimized out. This macro implements __attribute__((__used__)), which operates at the compiler and IR-level, and so still allows a linker to remove objects intended to be kept. Compilers supporting __attribute__((__retain__)) can address this gap by setting the flag SHF_GNU_RETAIN on the section of a function/variable, indicating to the linker the object should be retained. This attribute is available since gcc 11, clang 13, and binutils 2.36. Provide a __retain macro implementing __attribute__((__retain__)), whose first user will be the '__bpf_kfunc' tag. Link: https://lore.kernel.org/bpf/ZlmGoT9KiYLZd91S@krava/T/ Cc: stable(a)vger.kernel.org # v6.6+ Signed-off-by: Tony Ambardar <Tony.Ambardar(a)gmail.com> --- include/linux/compiler_attributes.h | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/include/linux/compiler_attributes.h b/include/linux/compiler_attributes.h index 32284cd26d52..1c22e1a734dc 100644 --- a/include/linux/compiler_attributes.h +++ b/include/linux/compiler_attributes.h @@ -326,6 +326,20 @@ */ #define __pure __attribute__((__pure__)) +/* + * Optional: only supported since gcc >= 11, clang >= 13 + * + * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-re… + * clang: https://clang.llvm.org/docs/AttributeReference.html#retain + */ +#if __has_attribute(__retain__) && \ + (defined(CONFIG_LD_DEAD_CODE_DATA_ELIMINATION) || \ + defined(CONFIG_LTO_CLANG)) +# define __retain __attribute__((__retain__)) +#else +# define __retain +#endif + /* * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-se… * gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html#index-se… -- 2.34.1

1 year, 3 months

2
2
0 0

[PATCH] drm/xe: Restrict user fences to long running VMs

by Matthew Brost

User fences are intended to be used on long running VMs, enforce this restriction. This addresses possible concerns of using user fences in dma-fence and having the dma-fence signal before the user fence. Fixes: d1df9bfbf68c ("drm/xe: Only allow 1 ufence per exec / bind IOCTL") Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs") Cc: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Cc: stable(a)vger.kernel.org Signed-off-by: Matthew Brost <matthew.brost(a)intel.com> --- drivers/gpu/drm/xe/xe_exec.c | 3 ++- drivers/gpu/drm/xe/xe_vm.c | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_exec.c b/drivers/gpu/drm/xe/xe_exec.c index 97eeb973e897..a145813ad229 100644 --- a/drivers/gpu/drm/xe/xe_exec.c +++ b/drivers/gpu/drm/xe/xe_exec.c @@ -168,7 +168,8 @@ int xe_exec_ioctl(struct drm_device *dev, void *data, struct drm_file *file) num_ufence++; } - if (XE_IOCTL_DBG(xe, num_ufence > 1)) { + if (XE_IOCTL_DBG(xe, num_ufence > 1) || + XE_IOCTL_DBG(xe, num_ufence && !xe_vm_in_lr_mode(vm))) { err = -EINVAL; goto err_syncs; } diff --git a/drivers/gpu/drm/xe/xe_vm.c b/drivers/gpu/drm/xe/xe_vm.c index 26b409e1b0f0..85da3a8a83b6 100644 --- a/drivers/gpu/drm/xe/xe_vm.c +++ b/drivers/gpu/drm/xe/xe_vm.c @@ -3226,7 +3226,8 @@ int xe_vm_bind_ioctl(struct drm_device *dev, void *data, struct drm_file *file) num_ufence++; } - if (XE_IOCTL_DBG(xe, num_ufence > 1)) { + if (XE_IOCTL_DBG(xe, num_ufence > 1) || + XE_IOCTL_DBG(xe, num_ufence && !xe_vm_in_lr_mode(vm))) { err = -EINVAL; goto free_syncs; } -- 2.34.1

1 year, 3 months

2
2
0 0

[PATCH] bus: mhi: ep: Do not allocate memory for MHI objects from DMA zone

by Manivannan Sadhasivam

MHI endpoint stack accidentally started allocating memory for objects from DMA zone since commit 62210a26cd4f ("bus: mhi: ep: Use slab allocator where applicable"). But there is no real need to allocate memory from this naturally limited DMA zone. This also causes the MHI endpoint stack to run out of memory while doing high bandwidth transfers. So let's switch over to normal memory. Cc: stable(a)vger.kernel.org # 6.8 Fixes: 62210a26cd4f ("bus: mhi: ep: Use slab allocator where applicable") Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> --- drivers/bus/mhi/ep/main.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/drivers/bus/mhi/ep/main.c b/drivers/bus/mhi/ep/main.c index f8f674adf1d4..4acfac73ca9a 100644 --- a/drivers/bus/mhi/ep/main.c +++ b/drivers/bus/mhi/ep/main.c @@ -90,7 +90,7 @@ static int mhi_ep_send_completion_event(struct mhi_ep_cntrl *mhi_cntrl, struct m struct mhi_ring_element *event; int ret; - event = kmem_cache_zalloc(mhi_cntrl->ev_ring_el_cache, GFP_KERNEL | GFP_DMA); + event = kmem_cache_zalloc(mhi_cntrl->ev_ring_el_cache, GFP_KERNEL); if (!event) return -ENOMEM; @@ -109,7 +109,7 @@ int mhi_ep_send_state_change_event(struct mhi_ep_cntrl *mhi_cntrl, enum mhi_stat struct mhi_ring_element *event; int ret; - event = kmem_cache_zalloc(mhi_cntrl->ev_ring_el_cache, GFP_KERNEL | GFP_DMA); + event = kmem_cache_zalloc(mhi_cntrl->ev_ring_el_cache, GFP_KERNEL); if (!event) return -ENOMEM; @@ -127,7 +127,7 @@ int mhi_ep_send_ee_event(struct mhi_ep_cntrl *mhi_cntrl, enum mhi_ee_type exec_e struct mhi_ring_element *event; int ret; - event = kmem_cache_zalloc(mhi_cntrl->ev_ring_el_cache, GFP_KERNEL | GFP_DMA); + event = kmem_cache_zalloc(mhi_cntrl->ev_ring_el_cache, GFP_KERNEL); if (!event) return -ENOMEM; @@ -146,7 +146,7 @@ static int mhi_ep_send_cmd_comp_event(struct mhi_ep_cntrl *mhi_cntrl, enum mhi_e struct mhi_ring_element *event; int ret; - event = kmem_cache_zalloc(mhi_cntrl->ev_ring_el_cache, GFP_KERNEL | GFP_DMA); + event = kmem_cache_zalloc(mhi_cntrl->ev_ring_el_cache, GFP_KERNEL); if (!event) return -ENOMEM; @@ -438,7 +438,7 @@ static int mhi_ep_read_channel(struct mhi_ep_cntrl *mhi_cntrl, read_offset = mhi_chan->tre_size - mhi_chan->tre_bytes_left; write_offset = len - buf_left; - buf_addr = kmem_cache_zalloc(mhi_cntrl->tre_buf_cache, GFP_KERNEL | GFP_DMA); + buf_addr = kmem_cache_zalloc(mhi_cntrl->tre_buf_cache, GFP_KERNEL); if (!buf_addr) return -ENOMEM; @@ -1481,14 +1481,14 @@ int mhi_ep_register_controller(struct mhi_ep_cntrl *mhi_cntrl, mhi_cntrl->ev_ring_el_cache = kmem_cache_create("mhi_ep_event_ring_el", sizeof(struct mhi_ring_element), 0, - SLAB_CACHE_DMA, NULL); + 0, NULL); if (!mhi_cntrl->ev_ring_el_cache) { ret = -ENOMEM; goto err_free_cmd; } mhi_cntrl->tre_buf_cache = kmem_cache_create("mhi_ep_tre_buf", MHI_EP_DEFAULT_MTU, 0, - SLAB_CACHE_DMA, NULL); + 0, NULL); if (!mhi_cntrl->tre_buf_cache) { ret = -ENOMEM; goto err_destroy_ev_ring_el_cache; -- 2.25.1

1 year, 3 months

2
1
0 0

[PATCH] drm/amd/display: prevent register access while in IPS

by Hamza Mahfooz

We can't read/write to DCN registers while in IPS. Since, that can cause the system to hang. So, before proceeding with the access in that scenario, force the system out of IPS. Cc: stable(a)vger.kernel.org # 6.6+ Signed-off-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> --- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index 059f78c8cd04..c8bc4098ed18 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -11796,6 +11796,12 @@ void amdgpu_dm_trigger_timing_sync(struct drm_device *dev) mutex_unlock(&adev->dm.dc_lock); } +static inline void amdgpu_dm_exit_ips_for_hw_access(struct dc *dc) +{ + if (dc->ctx->dmub_srv && !dc->ctx->dmub_srv->idle_exit_counter) + dc_exit_ips_for_hw_access(dc); +} + void dm_write_reg_func(const struct dc_context *ctx, uint32_t address, u32 value, const char *func_name) { @@ -11806,6 +11812,8 @@ void dm_write_reg_func(const struct dc_context *ctx, uint32_t address, return; } #endif + + amdgpu_dm_exit_ips_for_hw_access(ctx->dc); cgs_write_register(ctx->cgs_device, address, value); trace_amdgpu_dc_wreg(&ctx->perf_trace->write_count, address, value); } @@ -11829,6 +11837,8 @@ uint32_t dm_read_reg_func(const struct dc_context *ctx, uint32_t address, return 0; } + amdgpu_dm_exit_ips_for_hw_access(ctx->dc); + value = cgs_read_register(ctx->cgs_device, address); trace_amdgpu_dc_rreg(&ctx->perf_trace->read_count, address, value); -- 2.45.0

1 year, 3 months

2
1
0 0

[PATCH v4] af_packet: Handle outgoing VLAN packets without hardware offloading

by Chengen Du

The issue initially stems from libpcap. The ethertype will be overwritten as the VLAN TPID if the network interface lacks hardware VLAN offloading. In the outbound packet path, if hardware VLAN offloading is unavailable, the VLAN tag is inserted into the payload but then cleared from the sk_buff struct. Consequently, this can lead to a false negative when checking for the presence of a VLAN tag, causing the packet sniffing outcome to lack VLAN tag information (i.e., TCI-TPID). As a result, the packet capturing tool may be unable to parse packets as expected. The TCI-TPID is missing because the prb_fill_vlan_info() function does not modify the tp_vlan_tci/tp_vlan_tpid values, as the information is in the payload and not in the sk_buff struct. The skb_vlan_tag_present() function only checks vlan_all in the sk_buff struct. In cooked mode, the L2 header is stripped, preventing the packet capturing tool from determining the correct TCI-TPID value. Additionally, the protocol in SLL is incorrect, which means the packet capturing tool cannot parse the L3 header correctly. Link: https://github.com/the-tcpdump-group/libpcap/issues/1105 Link: https://lore.kernel.org/netdev/20240520070348.26725-1-chengen.du@canonical.… Fixes: 393e52e33c6c ("packet: deliver VLAN TCI to userspace") Cc: stable(a)vger.kernel.org Signed-off-by: Chengen Du <chengen.du(a)canonical.com> --- net/packet/af_packet.c | 85 ++++++++++++++++++++++++++++++++++++------ 1 file changed, 74 insertions(+), 11 deletions(-) diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c index ea3ebc160e25..21d34a12c11c 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c @@ -538,6 +538,62 @@ static void *packet_current_frame(struct packet_sock *po, return packet_lookup_frame(po, rb, rb->head, status); } +static int vlan_get_info(struct sk_buff *skb, u16 *tci, u16 *tpid) +{ + if (skb_vlan_tag_present(skb)) { + *tci = skb_vlan_tag_get(skb); + *tpid = ntohs(skb->vlan_proto); + } else if (unlikely(eth_type_vlan(skb->protocol))) { + unsigned int vlan_depth = skb->mac_len; + struct vlan_hdr vhdr, *vh; + u8 *skb_head = skb->data; + int skb_len = skb->len; + + if (vlan_depth) { + if (WARN_ON(vlan_depth < VLAN_HLEN)) + return 0; + vlan_depth -= VLAN_HLEN; + } else { + vlan_depth = ETH_HLEN; + } + + skb_push(skb, skb->data - skb_mac_header(skb)); + vh = skb_header_pointer(skb, vlan_depth, sizeof(vhdr), &vhdr); + if (skb_head != skb->data) { + skb->data = skb_head; + skb->len = skb_len; + } + if (unlikely(!vh)) + return 0; + + *tci = ntohs(vh->h_vlan_TCI); + *tpid = ntohs(skb->protocol); + } else { + return 0; + } + + return 1; +} + +static __be16 sll_get_protocol(struct sk_buff *skb) +{ + __be16 proto = skb->protocol; + + if (unlikely(eth_type_vlan(proto))) { + u8 *skb_head = skb->data; + int skb_len = skb->len; + + skb_push(skb, skb->data - skb_mac_header(skb)); + proto = __vlan_get_protocol(skb, proto, NULL); + if (skb_head != skb->data) { + skb->data = skb_head; + skb->len = skb_len; + } + } + + return proto; +} + static void prb_del_retire_blk_timer(struct tpacket_kbdq_core *pkc) { del_timer_sync(&pkc->retire_blk_timer); @@ -1007,9 +1063,11 @@ static void prb_clear_rxhash(struct tpacket_kbdq_core *pkc, static void prb_fill_vlan_info(struct tpacket_kbdq_core *pkc, struct tpacket3_hdr *ppd) { - if (skb_vlan_tag_present(pkc->skb)) { - ppd->hv1.tp_vlan_tci = skb_vlan_tag_get(pkc->skb); - ppd->hv1.tp_vlan_tpid = ntohs(pkc->skb->vlan_proto); + u16 tci, tpid; + + if (vlan_get_info(pkc->skb, &tci, &tpid)) { + ppd->hv1.tp_vlan_tci = tci; + ppd->hv1.tp_vlan_tpid = tpid; ppd->tp_status = TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; } else { ppd->hv1.tp_vlan_tci = 0; @@ -2418,15 +2476,17 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, hdrlen = sizeof(*h.h1); break; case TPACKET_V2: + u16 tci, tpid; + h.h2->tp_len = skb->len; h.h2->tp_snaplen = snaplen; h.h2->tp_mac = macoff; h.h2->tp_net = netoff; h.h2->tp_sec = ts.tv_sec; h.h2->tp_nsec = ts.tv_nsec; - if (skb_vlan_tag_present(skb)) { - h.h2->tp_vlan_tci = skb_vlan_tag_get(skb); - h.h2->tp_vlan_tpid = ntohs(skb->vlan_proto); + if (vlan_get_info(skb, &tci, &tpid)) { + h.h2->tp_vlan_tci = tci; + h.h2->tp_vlan_tpid = tpid; status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; } else { h.h2->tp_vlan_tci = 0; @@ -2457,7 +2517,8 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, sll->sll_halen = dev_parse_header(skb, sll->sll_addr); sll->sll_family = AF_PACKET; sll->sll_hatype = dev->type; - sll->sll_protocol = skb->protocol; + sll->sll_protocol = (sk->sk_type == SOCK_DGRAM) ? + sll_get_protocol(skb) : skb->protocol; sll->sll_pkttype = skb->pkt_type; if (unlikely(packet_sock_flag(po, PACKET_SOCK_ORIGDEV))) sll->sll_ifindex = orig_dev->ifindex; @@ -3482,7 +3543,8 @@ static int packet_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, /* Original length was stored in sockaddr_ll fields */ origlen = PACKET_SKB_CB(skb)->sa.origlen; sll->sll_family = AF_PACKET; - sll->sll_protocol = skb->protocol; + sll->sll_protocol = (sock->type == SOCK_DGRAM) ? + sll_get_protocol(skb) : skb->protocol; } sock_recv_cmsgs(msg, sk, skb); @@ -3521,6 +3583,7 @@ static int packet_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, if (packet_sock_flag(pkt_sk(sk), PACKET_SOCK_AUXDATA)) { struct tpacket_auxdata aux; + u16 tci, tpid; aux.tp_status = TP_STATUS_USER; if (skb->ip_summed == CHECKSUM_PARTIAL) @@ -3535,9 +3598,9 @@ static int packet_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, aux.tp_snaplen = skb->len; aux.tp_mac = 0; aux.tp_net = skb_network_offset(skb); - if (skb_vlan_tag_present(skb)) { - aux.tp_vlan_tci = skb_vlan_tag_get(skb); - aux.tp_vlan_tpid = ntohs(skb->vlan_proto); + if (vlan_get_info(skb, &tci, &tpid)) { + aux.tp_vlan_tci = tci; + aux.tp_vlan_tpid = tpid; aux.tp_status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; } else { aux.tp_vlan_tci = 0; -- 2.43.0

1 year, 3 months

2
1
0 0

[tip: irq/urgent] irqchip/gic-v3-its: Fix potential race condition in its_vlpi_prop_update()

by tip-bot2 for Hagar Hemdan

The following commit has been merged into the irq/urgent branch of tip: Commit-ID: b97e8a2f7130a4b30d1502003095833d16c028b3 Gitweb: https://git.kernel.org/tip/b97e8a2f7130a4b30d1502003095833d16c028b3 Author: Hagar Hemdan <hagarhem(a)amazon.com> AuthorDate: Fri, 31 May 2024 16:21:44 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Mon, 03 Jun 2024 18:20:00 +02:00 irqchip/gic-v3-its: Fix potential race condition in its_vlpi_prop_update() its_vlpi_prop_update() calls lpi_write_config() which obtains the mapping information for a VLPI without lock held. So it could race with its_vlpi_unmap(). Since all calls from its_irq_set_vcpu_affinity() require the same lock to be held, hoist the locking there instead of sprinkling the locking all over the place. This bug was discovered using Coverity Static Analysis Security Testing (SAST) by Synopsys, Inc. [ tglx: Use guard() instead of goto ] Fixes: 015ec0386ab6 ("irqchip/gic-v3-its: Add VLPI configuration handling") Suggested-by: Marc Zyngier <maz(a)kernel.org> Signed-off-by: Hagar Hemdan <hagarhem(a)amazon.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Reviewed-by: Marc Zyngier <maz(a)kernel.org> Link: https://lore.kernel.org/r/20240531162144.28650-1-hagarhem@amazon.com --- drivers/irqchip/irq-gic-v3-its.c | 44 ++++++++----------------------- 1 file changed, 12 insertions(+), 32 deletions(-) diff --git a/drivers/irqchip/irq-gic-v3-its.c b/drivers/irqchip/irq-gic-v3-its.c index 40ebf17..3c755d5 100644 --- a/drivers/irqchip/irq-gic-v3-its.c +++ b/drivers/irqchip/irq-gic-v3-its.c @@ -1846,28 +1846,22 @@ static int its_vlpi_map(struct irq_data *d, struct its_cmd_info *info) { struct its_device *its_dev = irq_data_get_irq_chip_data(d); u32 event = its_get_event_id(d); - int ret = 0; if (!info->map) return -EINVAL; - raw_spin_lock(&its_dev->event_map.vlpi_lock); - if (!its_dev->event_map.vm) { struct its_vlpi_map *maps; maps = kcalloc(its_dev->event_map.nr_lpis, sizeof(*maps), GFP_ATOMIC); - if (!maps) { - ret = -ENOMEM; - goto out; - } + if (!maps) + return -ENOMEM; its_dev->event_map.vm = info->map->vm; its_dev->event_map.vlpi_maps = maps; } else if (its_dev->event_map.vm != info->map->vm) { - ret = -EINVAL; - goto out; + return -EINVAL; } /* Get our private copy of the mapping information */ @@ -1899,46 +1893,32 @@ static int its_vlpi_map(struct irq_data *d, struct its_cmd_info *info) its_dev->event_map.nr_vlpis++; } -out: - raw_spin_unlock(&its_dev->event_map.vlpi_lock); - return ret; + return 0; } static int its_vlpi_get(struct irq_data *d, struct its_cmd_info *info) { struct its_device *its_dev = irq_data_get_irq_chip_data(d); struct its_vlpi_map *map; - int ret = 0; - - raw_spin_lock(&its_dev->event_map.vlpi_lock); map = get_vlpi_map(d); - if (!its_dev->event_map.vm || !map) { - ret = -EINVAL; - goto out; - } + if (!its_dev->event_map.vm || !map) + return -EINVAL; /* Copy our mapping information to the incoming request */ *info->map = *map; -out: - raw_spin_unlock(&its_dev->event_map.vlpi_lock); - return ret; + return 0; } static int its_vlpi_unmap(struct irq_data *d) { struct its_device *its_dev = irq_data_get_irq_chip_data(d); u32 event = its_get_event_id(d); - int ret = 0; - - raw_spin_lock(&its_dev->event_map.vlpi_lock); - if (!its_dev->event_map.vm || !irqd_is_forwarded_to_vcpu(d)) { - ret = -EINVAL; - goto out; - } + if (!its_dev->event_map.vm || !irqd_is_forwarded_to_vcpu(d)) + return -EINVAL; /* Drop the virtual mapping */ its_send_discard(its_dev, event); @@ -1962,9 +1942,7 @@ static int its_vlpi_unmap(struct irq_data *d) kfree(its_dev->event_map.vlpi_maps); } -out: - raw_spin_unlock(&its_dev->event_map.vlpi_lock); - return ret; + return 0; } static int its_vlpi_prop_update(struct irq_data *d, struct its_cmd_info *info) @@ -1992,6 +1970,8 @@ static int its_irq_set_vcpu_affinity(struct irq_data *d, void *vcpu_info) if (!is_v4(its_dev->its)) return -EINVAL; + guard(raw_spinlock_irq)(&its_dev->event_map.vlpi_lock); + /* Unmap request? */ if (!info) return its_vlpi_unmap(d);

1 year, 3 months

1
0
0 0

[tip: irq/urgent] irqchip/gic-v3-its: Fix potential race condition in its_vlpi_prop_update()

by tip-bot2 for Hagar Hemdan

The following commit has been merged into the irq/urgent branch of tip: Commit-ID: 8dd4302d37bb2fe842acb3be688d393254b4f126 Gitweb: https://git.kernel.org/tip/8dd4302d37bb2fe842acb3be688d393254b4f126 Author: Hagar Hemdan <hagarhem(a)amazon.com> AuthorDate: Fri, 31 May 2024 16:21:44 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Mon, 03 Jun 2024 14:19:42 +02:00 irqchip/gic-v3-its: Fix potential race condition in its_vlpi_prop_update() its_vlpi_prop_update() calls lpi_write_config() which obtains the mapping information for a VLPI without lock held. So it could race with its_vlpi_unmap(). Since all calls from its_irq_set_vcpu_affinity() require the same lock to be held, hoist the locking there instead of sprinkling the locking all over the place. This bug was discovered using Coverity Static Analysis Security Testing (SAST) by Synopsys, Inc. [ tglx: Use guard() instead of goto ] Fixes: 015ec0386ab6 ("irqchip/gic-v3-its: Add VLPI configuration handling") Suggested-by: Marc Zyngier <maz(a)kernel.org> Signed-off-by: Hagar Hemdan <hagarhem(a)amazon.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Reviewed-by: Marc Zyngier <maz(a)kernel.org> Link: https://lore.kernel.org/r/20240531162144.28650-1-hagarhem@amazon.com --- drivers/irqchip/irq-gic-v3-its.c | 44 ++++++++----------------------- 1 file changed, 12 insertions(+), 32 deletions(-) diff --git a/drivers/irqchip/irq-gic-v3-its.c b/drivers/irqchip/irq-gic-v3-its.c index 40ebf17..c696ac9 100644 --- a/drivers/irqchip/irq-gic-v3-its.c +++ b/drivers/irqchip/irq-gic-v3-its.c @@ -1846,28 +1846,22 @@ static int its_vlpi_map(struct irq_data *d, struct its_cmd_info *info) { struct its_device *its_dev = irq_data_get_irq_chip_data(d); u32 event = its_get_event_id(d); - int ret = 0; if (!info->map) return -EINVAL; - raw_spin_lock(&its_dev->event_map.vlpi_lock); - if (!its_dev->event_map.vm) { struct its_vlpi_map *maps; maps = kcalloc(its_dev->event_map.nr_lpis, sizeof(*maps), GFP_ATOMIC); - if (!maps) { - ret = -ENOMEM; - goto out; - } + if (!maps) + return -ENOMEM; its_dev->event_map.vm = info->map->vm; its_dev->event_map.vlpi_maps = maps; } else if (its_dev->event_map.vm != info->map->vm) { - ret = -EINVAL; - goto out; + return -EINVAL; } /* Get our private copy of the mapping information */ @@ -1899,46 +1893,32 @@ static int its_vlpi_map(struct irq_data *d, struct its_cmd_info *info) its_dev->event_map.nr_vlpis++; } -out: - raw_spin_unlock(&its_dev->event_map.vlpi_lock); - return ret; + return 0; } static int its_vlpi_get(struct irq_data *d, struct its_cmd_info *info) { struct its_device *its_dev = irq_data_get_irq_chip_data(d); struct its_vlpi_map *map; - int ret = 0; - - raw_spin_lock(&its_dev->event_map.vlpi_lock); map = get_vlpi_map(d); - if (!its_dev->event_map.vm || !map) { - ret = -EINVAL; - goto out; - } + if (!its_dev->event_map.vm || !map) + return -EINVAL; /* Copy our mapping information to the incoming request */ *info->map = *map; -out: - raw_spin_unlock(&its_dev->event_map.vlpi_lock); - return ret; + return 0; } static int its_vlpi_unmap(struct irq_data *d) { struct its_device *its_dev = irq_data_get_irq_chip_data(d); u32 event = its_get_event_id(d); - int ret = 0; - - raw_spin_lock(&its_dev->event_map.vlpi_lock); - if (!its_dev->event_map.vm || !irqd_is_forwarded_to_vcpu(d)) { - ret = -EINVAL; - goto out; - } + if (!its_dev->event_map.vm || !irqd_is_forwarded_to_vcpu(d)) + return -EINVAL; /* Drop the virtual mapping */ its_send_discard(its_dev, event); @@ -1962,9 +1942,7 @@ static int its_vlpi_unmap(struct irq_data *d) kfree(its_dev->event_map.vlpi_maps); } -out: - raw_spin_unlock(&its_dev->event_map.vlpi_lock); - return ret; + return 0; } static int its_vlpi_prop_update(struct irq_data *d, struct its_cmd_info *info) @@ -1992,6 +1970,8 @@ static int its_irq_set_vcpu_affinity(struct irq_data *d, void *vcpu_info) if (!is_v4(its_dev->its)) return -EINVAL; + guard(raw_spinlock_irq, &its_dev->event_map.vlpi_lock); + /* Unmap request? */ if (!info) return its_vlpi_unmap(d);

1 year, 3 months

4
3
0 0

Re: Patch "nilfs2: make superblock data array index computation sparse friendly" has been added to the 6.1-stable tree

by Ryusuke Konishi

Hi Sasha, A week ago, I notified the stable mailing list that this patch is not a bug fix that should be backported, and Greg removed it from the backport queue to the stable trees. [1] https://lkml.kernel.org/r/CAKFNMo=kyzbvfLrTv8JhuY=e7-fkjtpL3DvcQ1r+RUPPeC4S… On Tue, May 28, 2024 at 3:28 AM Greg KH <greg(a)kroah.com> wrote: > > This commit fixes the sparse warning output by build "make C=1" with > > the sparse check, but does not fix any operational bugs. > > > > Therefore, if fixing a harmless sparse warning does not meet the > > requirements for backporting to stable trees (I assume it does), > > please drop it as it is a false positive pickup. Sorry if the > > "Fixes:" tag is confusing. > > > > The same goes for the same patch queued to other stable-trees. > > Now dropped, thanks! > > greg k-h So I think this is just a case where the "Fixes" tag was mechanically detected and mistakenly picked up again. Could you please confirm? Regards, Ryusuke Konishi On Mon, Jun 3, 2024 at 9:11 PM Sasha Levin wrote: > > This is a note to let you know that I've just added the patch titled > > nilfs2: make superblock data array index computation sparse friendly > > to the 6.1-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > nilfs2-make-superblock-data-array-index-computation-.patch > and it can be found in the queue-6.1 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit 358bc3e8f5a5e2c51fc07aadb70e25fa206e764b > Author: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> > Date: Tue Apr 30 17:00:19 2024 +0900 > > nilfs2: make superblock data array index computation sparse friendly > > [ Upstream commit 91d743a9c8299de1fc1b47428d8bb4c85face00f ] > > Upon running sparse, "warning: dubious: x & !y" is output at an array > index calculation within nilfs_load_super_block(). > > The calculation is not wrong, but to eliminate the sparse warning, replace > it with an equivalent calculation. > > Also, add a comment to make it easier to understand what the unintuitive > array index calculation is doing and whether it's correct. > > Link: https://lkml.kernel.org/r/20240430080019.4242-3-konishi.ryusuke@gmail.com > Fixes: e339ad31f599 ("nilfs2: introduce secondary super block") > Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> > Cc: Bart Van Assche <bvanassche(a)acm.org> > Cc: Jens Axboe <axboe(a)kernel.dk> > Cc: kernel test robot <lkp(a)intel.com> > Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/fs/nilfs2/the_nilfs.c b/fs/nilfs2/the_nilfs.c > index 71400496ed365..3e3c1d32da180 100644 > --- a/fs/nilfs2/the_nilfs.c > +++ b/fs/nilfs2/the_nilfs.c > @@ -592,7 +592,7 @@ static int nilfs_load_super_block(struct the_nilfs *nilfs, > struct nilfs_super_block **sbp = nilfs->ns_sbp; > struct buffer_head **sbh = nilfs->ns_sbh; > u64 sb2off, devsize = bdev_nr_bytes(nilfs->ns_bdev); > - int valid[2], swp = 0; > + int valid[2], swp = 0, older; > > if (devsize < NILFS_SEG_MIN_BLOCKS * NILFS_MIN_BLOCK_SIZE + 4096) { > nilfs_err(sb, "device size too small"); > @@ -648,9 +648,25 @@ static int nilfs_load_super_block(struct the_nilfs *nilfs, > if (swp) > nilfs_swap_super_block(nilfs); > > + /* > + * Calculate the array index of the older superblock data. > + * If one has been dropped, set index 0 pointing to the remaining one, > + * otherwise set index 1 pointing to the old one (including if both > + * are the same). > + * > + * Divided case valid[0] valid[1] swp -> older > + * ------------------------------------------------------------- > + * Both SBs are invalid 0 0 N/A (Error) > + * SB1 is invalid 0 1 1 0 > + * SB2 is invalid 1 0 0 0 > + * SB2 is newer 1 1 1 0 > + * SB2 is older or the same 1 1 0 1 > + */ > + older = valid[1] ^ swp; > + > nilfs->ns_sbwcount = 0; > nilfs->ns_sbwtime = le64_to_cpu(sbp[0]->s_wtime); > - nilfs->ns_prot_seq = le64_to_cpu(sbp[valid[1] & !swp]->s_last_seq); > + nilfs->ns_prot_seq = le64_to_cpu(sbp[older]->s_last_seq); > *sbpp = sbp[0]; > return 0; > }

1 year, 3 months

1
0
0 0

Re: Patch "nfc: nci: Fix kcov check in nci_rx_work()" has been added to the 6.1-stable tree

by Tetsuo Handa

Not for 6.1 and earlier kernels. -------- Forwarded Message -------- Date: Sat, 11 May 2024 09:05:18 -0400 Subject: Re: Patch "nfc: nci: Fix kcov check in nci_rx_work()" has been added to the 6.1-stable tree Message-ID: <Zj9tDunQd3BDcG2a@sashalap> On Sat, May 11, 2024 at 07:53:00AM +0900, Tetsuo Handa wrote: >On 2024/05/11 6:39, Sasha Levin wrote: >> This is a note to let you know that I've just added the patch titled >> >> nfc: nci: Fix kcov check in nci_rx_work() >> >> to the 6.1-stable tree which can be found at: >> http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… >> >> The filename of the patch is: >> nfc-nci-fix-kcov-check-in-nci_rx_work.patch >> and it can be found in the queue-6.1 subdirectory. >> >> If you, or anyone else, feels it should not be added to the stable tree, >> please let <stable(a)vger.kernel.org> know about it. >> > >I think we should not add this patch to 6.1 and earlier kernels, for >only 6.2 and later kernels call kcov_remote_stop() from nci_rx_work(). Dropped, thanks! -- Thanks, Sasha On 2024/06/03 21:13, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > nfc: nci: Fix kcov check in nci_rx_work() > > to the 6.1-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > nfc-nci-fix-kcov-check-in-nci_rx_work.patch > and it can be found in the queue-6.1 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. >

1 year, 3 months

1
0
0 0

Re: Patch "ALSA: timer: Set lower bound of start tick time" has been added to the 6.8-stable tree

by Takashi Iwai

On Thu, 30 May 2024 21:02:36 +0200, Sasha Levin wrote: > > This is a note to let you know that I've just added the patch titled > > ALSA: timer: Set lower bound of start tick time > > to the 6.8-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > alsa-timer-set-lower-bound-of-start-tick-time.patch > and it can be found in the queue-6.8 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. Please drop this one for 6.8 and older (you posted for 6.6 too). As already explained in another mail, this commit needs a prerequisite use of guard(). An alternative patch has been already submitted. Take it instead: https://lore.kernel.org/all/20240527062431.18709-1-tiwai@suse.de/ thanks, Takashi > > > > commit d717dbdb94145bee1e9cf9eca387d973564203c4 > Author: Takashi Iwai <tiwai(a)suse.de> > Date: Tue May 14 20:27:36 2024 +0200 > > ALSA: timer: Set lower bound of start tick time > > [ Upstream commit 4a63bd179fa8d3fcc44a0d9d71d941ddd62f0c4e ] > > Currently ALSA timer doesn't have the lower limit of the start tick > time, and it allows a very small size, e.g. 1 tick with 1ns resolution > for hrtimer. Such a situation may lead to an unexpected RCU stall, > where the callback repeatedly queuing the expire update, as reported > by fuzzer. > > This patch introduces a sanity check of the timer start tick time, so > that the system returns an error when a too small start size is set. > As of this patch, the lower limit is hard-coded to 100us, which is > small enough but can still work somehow. > > Reported-by: syzbot+43120c2af6ca2938cc38(a)syzkaller.appspotmail.com > Closes: https://lore.kernel.org/r/000000000000fa00a1061740ab6d@google.com > Cc: <stable(a)vger.kernel.org> > Link: https://lore.kernel.org/r/20240514182745.4015-1-tiwai@suse.de > Signed-off-by: Takashi Iwai <tiwai(a)suse.de> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/sound/core/timer.c b/sound/core/timer.c > index e6e551d4a29e0..42c4c2b029526 100644 > --- a/sound/core/timer.c > +++ b/sound/core/timer.c > @@ -553,6 +553,14 @@ static int snd_timer_start1(struct snd_timer_instance *timeri, > goto unlock; > } > > + /* check the actual time for the start tick; > + * bail out as error if it's way too low (< 100us) > + */ > + if (start) { > + if ((u64)snd_timer_hw_resolution(timer) * ticks < 100000) > + return -EINVAL; > + } > + > if (start) > timeri->ticks = timeri->cticks = ticks; > else if (!timeri->cticks)

1 year, 3 months

2
1
0 0

[PATCH bpf v1 2/2] bpf: Harden __bpf_kfunc tag against linker kfunc removal

by Tony Ambardar

BPF kfuncs are often not directly referenced and may be inadvertently removed by optimization steps during kernel builds, thus the __bpf_kfunc tag mitigates against this removal by including the __used macro. However, this macro alone does not prevent removal during linking, and may still yield build warnings (e.g. on mips64el): LD vmlinux BTFIDS vmlinux WARN: resolve_btfids: unresolved symbol bpf_verify_pkcs7_signature WARN: resolve_btfids: unresolved symbol bpf_lookup_user_key WARN: resolve_btfids: unresolved symbol bpf_lookup_system_key WARN: resolve_btfids: unresolved symbol bpf_key_put WARN: resolve_btfids: unresolved symbol bpf_iter_task_next WARN: resolve_btfids: unresolved symbol bpf_iter_css_task_new WARN: resolve_btfids: unresolved symbol bpf_get_file_xattr WARN: resolve_btfids: unresolved symbol bpf_ct_insert_entry WARN: resolve_btfids: unresolved symbol bpf_cgroup_release WARN: resolve_btfids: unresolved symbol bpf_cgroup_from_id WARN: resolve_btfids: unresolved symbol bpf_cgroup_acquire WARN: resolve_btfids: unresolved symbol bpf_arena_free_pages NM System.map SORTTAB vmlinux OBJCOPY vmlinux.32 Update the __bpf_kfunc tag to better guard against linker optimization by including the new __retain compiler macro, which fixes the warnings above. Verify the __retain macro with readelf by checking object flags for 'R': $ readelf -Wa kernel/trace/bpf_trace.o Section Headers: [Nr] Name Type Address Off Size ES Flg Lk Inf Al ... [178] .text.bpf_key_put PROGBITS 00000000 6420 0050 00 AXR 0 0 8 ... Key to Flags: ... R (retain), D (mbind), p (processor specific) Link: https://lore.kernel.org/bpf/ZlmGoT9KiYLZd91S@krava/T/ Reported-by: kernel test robot <lkp(a)intel.com> Closes: https://lore.kernel.org/r/202401211357.OCX9yllM-lkp@intel.com/ Fixes: 57e7c169cd6a ("bpf: Add __bpf_kfunc tag for marking kernel functions as kfuncs") Cc: stable(a)vger.kernel.org # v6.6+ Signed-off-by: Tony Ambardar <Tony.Ambardar(a)gmail.com> --- include/linux/btf.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/btf.h b/include/linux/btf.h index f9e56fd12a9f..7c3e40c3295e 100644 --- a/include/linux/btf.h +++ b/include/linux/btf.h @@ -82,7 +82,7 @@ * as to avoid issues such as the compiler inlining or eliding either a static * kfunc, or a global kfunc in an LTO build. */ -#define __bpf_kfunc __used noinline +#define __bpf_kfunc __used __retain noinline #define __bpf_kfunc_start_defs() \ __diag_push(); \ -- 2.34.1

1 year, 3 months

1
0
0 0

Re: Patch "KVM: arm64: nv: Add sanitising to VNCR-backed sysregs" has been added to the 6.8-stable tree

by Marc Zyngier

On Mon, 03 Jun 2024 12:52:54 +0100, Sasha Levin <sashal(a)kernel.org> wrote: > > This is a note to let you know that I've just added the patch titled > > KVM: arm64: nv: Add sanitising to VNCR-backed sysregs > > to the 6.8-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > kvm-arm64-nv-add-sanitising-to-vncr-backed-sysregs.patch > and it can be found in the queue-6.8 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit fbb2bcdc458dd7db3860f85a06e98cc25904d20d > Author: Marc Zyngier <maz(a)kernel.org> > Date: Wed Feb 14 13:18:04 2024 +0000 > > KVM: arm64: nv: Add sanitising to VNCR-backed sysregs > > [ Upstream commit 888f0880702293096619b300150cd7e59fcd9743 ] > > VNCR-backed "registers" are actually only memory. Which means that > there is zero control over what the guest can write, and that it > is the hypervisor's job to actually sanitise the content of the > backing store. Yeah, this is fun. > > In order to preserve some form of sanity, add a repainting mechanism > that makes use of a per-VM set of RES0/RES1 masks, one pair per VNCR > register. These masks get applied on access to the backing store via > __vcpu_sys_reg(), ensuring that the state that is consumed by KVM is > correct. > > So far, nothing populates these masks, but stay tuned. > > Signed-off-by: Marc Zyngier <maz(a)kernel.org> > Reviewed-by: Joey Gouly <joey.gouly(a)arm.com> > Link: https://lore.kernel.org/r/20240214131827.2856277-4-maz@kernel.org > Signed-off-by: Oliver Upton <oliver.upton(a)linux.dev> > Stable-dep-of: ce5d2448eb8f ("KVM: arm64: Destroy mpidr_data for 'late' vCPU creation") > Signed-off-by: Sasha Levin <sashal(a)kernel.org> Please drop this. It serves no purpose on 6.8 aside from wasting memory. If backporting ce5d2448eb8f is hard due to some conflicts, we'll tackle it ourselves. Thanks, M. -- Without deviation from the norm, progress is not possible.

1 year, 3 months

1
0
0 0

[tip: irq/urgent] irqchip/sifive-plic: Chain to parent IRQ after handlers are ready

by tip-bot2 for Samuel Holland

The following commit has been merged into the irq/urgent branch of tip: Commit-ID: e306a894bd511804ba9db7c00ca9cc05b55df1f2 Gitweb: https://git.kernel.org/tip/e306a894bd511804ba9db7c00ca9cc05b55df1f2 Author: Samuel Holland <samuel.holland(a)sifive.com> AuthorDate: Wed, 29 May 2024 14:54:56 -07:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Mon, 03 Jun 2024 13:53:12 +02:00 irqchip/sifive-plic: Chain to parent IRQ after handlers are ready Now that the PLIC uses a platform driver, the driver is probed later in the boot process, where interrupts from peripherals might already be pending. As a result, plic_handle_irq() may be called as early as the call to irq_set_chained_handler() completes. But this call happens before the per-context handler is completely set up, so there is a window where plic_handle_irq() can see incomplete per-context state and crash. Avoid this by delaying the call to irq_set_chained_handler() until all handlers from all PLICs are initialized. Fixes: 8ec99b033147 ("irqchip/sifive-plic: Convert PLIC driver into a platform driver") Reported-by: Geert Uytterhoeven <geert(a)linux-m68k.org> Signed-off-by: Samuel Holland <samuel.holland(a)sifive.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Tested-by: Geert Uytterhoeven <geert+renesas(a)glider.be> Reviewed-by: Anup Patel <anup(a)brainfault.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240529215458.937817-1-samuel.holland@sifive.com Closes: https://lore.kernel.org/r/CAMuHMdVYFFR7K5SbHBLY-JHhb7YpgGMS_hnRWm8H0KD-wBo+… --- drivers/irqchip/irq-sifive-plic.c | 34 +++++++++++++++--------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/drivers/irqchip/irq-sifive-plic.c b/drivers/irqchip/irq-sifive-plic.c index 8fb183c..9e22f7e 100644 --- a/drivers/irqchip/irq-sifive-plic.c +++ b/drivers/irqchip/irq-sifive-plic.c @@ -85,7 +85,7 @@ struct plic_handler { struct plic_priv *priv; }; static int plic_parent_irq __ro_after_init; -static bool plic_cpuhp_setup_done __ro_after_init; +static bool plic_global_setup_done __ro_after_init; static DEFINE_PER_CPU(struct plic_handler, plic_handlers); static int plic_irq_set_type(struct irq_data *d, unsigned int type); @@ -487,10 +487,8 @@ static int plic_probe(struct platform_device *pdev) unsigned long plic_quirks = 0; struct plic_handler *handler; u32 nr_irqs, parent_hwirq; - struct irq_domain *domain; struct plic_priv *priv; irq_hw_number_t hwirq; - bool cpuhp_setup; if (is_of_node(dev->fwnode)) { const struct of_device_id *id; @@ -549,14 +547,6 @@ static int plic_probe(struct platform_device *pdev) continue; } - /* Find parent domain and register chained handler */ - domain = irq_find_matching_fwnode(riscv_get_intc_hwnode(), DOMAIN_BUS_ANY); - if (!plic_parent_irq && domain) { - plic_parent_irq = irq_create_mapping(domain, RV_IRQ_EXT); - if (plic_parent_irq) - irq_set_chained_handler(plic_parent_irq, plic_handle_irq); - } - /* * When running in M-mode we need to ignore the S-mode handler. * Here we assume it always comes later, but that might be a @@ -597,25 +587,35 @@ done: goto fail_cleanup_contexts; /* - * We can have multiple PLIC instances so setup cpuhp state + * We can have multiple PLIC instances so setup global state * and register syscore operations only once after context * handlers of all online CPUs are initialized. */ - if (!plic_cpuhp_setup_done) { - cpuhp_setup = true; + if (!plic_global_setup_done) { + struct irq_domain *domain; + bool global_setup = true; + for_each_online_cpu(cpu) { handler = per_cpu_ptr(&plic_handlers, cpu); if (!handler->present) { - cpuhp_setup = false; + global_setup = false; break; } } - if (cpuhp_setup) { + + if (global_setup) { + /* Find parent domain and register chained handler */ + domain = irq_find_matching_fwnode(riscv_get_intc_hwnode(), DOMAIN_BUS_ANY); + if (domain) + plic_parent_irq = irq_create_mapping(domain, RV_IRQ_EXT); + if (plic_parent_irq) + irq_set_chained_handler(plic_parent_irq, plic_handle_irq); + cpuhp_setup_state(CPUHP_AP_IRQ_SIFIVE_PLIC_STARTING, "irqchip/sifive/plic:starting", plic_starting_cpu, plic_dying_cpu); register_syscore_ops(&plic_irq_syscore_ops); - plic_cpuhp_setup_done = true; + plic_global_setup_done = true; } }

1 year, 3 months

1
0
0 0

[PATCH] exfat: fix potential deadlock on __exfat_get_dentry_set

by Sungjong Seo

When accessing a file with more entries than ES_MAX_ENTRY_NUM, the bh-array is allocated in __exfat_get_entry_set. The problem is that the bh-array is allocated with GFP_KERNEL. It does not make sense. In the following cases, a deadlock for sbi->s_lock between the two processes may occur. CPU0 CPU1 ---- ---- kswapd balance_pgdat lock(fs_reclaim) exfat_iterate lock(&sbi->s_lock) exfat_readdir exfat_get_uniname_from_ext_entry exfat_get_dentry_set __exfat_get_dentry_set kmalloc_array ... lock(fs_reclaim) ... evict exfat_evict_inode lock(&sbi->s_lock) To fix this, let's allocate bh-array with GFP_NOFS. Fixes: a3ff29a95fde ("exfat: support dynamic allocate bh for exfat_entry_set_cache") Cc: stable(a)vger.kernel.org # v6.2+ Reported-by: syzbot+412a392a2cd4a65e71db(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/lkml/000000000000fef47e0618c0327f@google.com Signed-off-by: Sungjong Seo <sj1557.seo(a)samsung.com> --- fs/exfat/dir.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/exfat/dir.c b/fs/exfat/dir.c index 84572e11cc05..7446bf09a04a 100644 --- a/fs/exfat/dir.c +++ b/fs/exfat/dir.c @@ -813,7 +813,7 @@ static int __exfat_get_dentry_set(struct exfat_entry_set_cache *es, num_bh = EXFAT_B_TO_BLK_ROUND_UP(off + num_entries * DENTRY_SIZE, sb); if (num_bh > ARRAY_SIZE(es->__bh)) { - es->bh = kmalloc_array(num_bh, sizeof(*es->bh), GFP_KERNEL); + es->bh = kmalloc_array(num_bh, sizeof(*es->bh), GFP_NOFS); if (!es->bh) { brelse(bh); return -ENOMEM; -- 2.25.1

1 year, 3 months

2
1
0 0

[PATCH v3] drivers: soc: xilinx: check return status of get_api_version()

by Jay Buddhabhatti

Currently return status is not getting checked for get_api_version and because of that for x86 arch we are getting below smatch error. CC drivers/soc/xilinx/zynqmp_power.o drivers/soc/xilinx/zynqmp_power.c: In function 'zynqmp_pm_probe': drivers/soc/xilinx/zynqmp_power.c:295:12: warning: 'pm_api_version' is used uninitialized [-Wuninitialized] 295 | if (pm_api_version < ZYNQMP_PM_VERSION) | ^ CHECK drivers/soc/xilinx/zynqmp_power.c drivers/soc/xilinx/zynqmp_power.c:295 zynqmp_pm_probe() error: uninitialized symbol 'pm_api_version'. So, check return status of pm_get_api_version and return error in case of failure to avoid checking uninitialized pm_api_version variable. Fixes: b9b3a8be28b3 ("firmware: xilinx: Remove eemi ops for get_api_version") Signed-off-by: Jay Buddhabhatti <jay.buddhabhatti(a)amd.com> Cc: stable(a)vger.kernel.org --- V1: https://lore.kernel.org/lkml/20240424063118.23200-1-jay.buddhabhatti@amd.co… V2: https://lore.kernel.org/lkml/20240509045616.22338-1-jay.buddhabhatti@amd.co… V2->V3: Added stable tree email in cc V1->V2: Removed AMD copyright --- drivers/soc/xilinx/zynqmp_power.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/soc/xilinx/zynqmp_power.c b/drivers/soc/xilinx/zynqmp_power.c index 965b1143936a..b82c01373f53 100644 --- a/drivers/soc/xilinx/zynqmp_power.c +++ b/drivers/soc/xilinx/zynqmp_power.c @@ -190,7 +190,9 @@ static int zynqmp_pm_probe(struct platform_device *pdev) u32 pm_api_version; struct mbox_client *client; - zynqmp_pm_get_api_version(&pm_api_version); + ret = zynqmp_pm_get_api_version(&pm_api_version); + if (ret) + return ret; /* Check PM API version number */ if (pm_api_version < ZYNQMP_PM_VERSION) -- 2.17.1

1 year, 3 months

2
1
0 0

[tip: irq/urgent] irqchip/riscv-intc: Prevent memory leak when riscv_intc_init_common() fails

by tip-bot2 for Sunil V L

The following commit has been merged into the irq/urgent branch of tip: Commit-ID: 0110c4b110477bb1f19b0d02361846be7ab08300 Gitweb: https://git.kernel.org/tip/0110c4b110477bb1f19b0d02361846be7ab08300 Author: Sunil V L <sunilvl(a)ventanamicro.com> AuthorDate: Mon, 27 May 2024 13:41:13 +05:30 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Mon, 03 Jun 2024 12:29:35 +02:00 irqchip/riscv-intc: Prevent memory leak when riscv_intc_init_common() fails When riscv_intc_init_common() fails, the firmware node allocated is not freed. Add the missing free(). Fixes: 7023b9d83f03 ("irqchip/riscv-intc: Add ACPI support") Signed-off-by: Sunil V L <sunilvl(a)ventanamicro.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Reviewed-by: Anup Patel <anup(a)brainfault.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240527081113.616189-1-sunilvl@ventanamicro.com --- drivers/irqchip/irq-riscv-intc.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/drivers/irqchip/irq-riscv-intc.c b/drivers/irqchip/irq-riscv-intc.c index 9e71c44..4f3a123 100644 --- a/drivers/irqchip/irq-riscv-intc.c +++ b/drivers/irqchip/irq-riscv-intc.c @@ -253,8 +253,9 @@ IRQCHIP_DECLARE(andes, "andestech,cpu-intc", riscv_intc_init); static int __init riscv_intc_acpi_init(union acpi_subtable_headers *header, const unsigned long end) { - struct fwnode_handle *fn; struct acpi_madt_rintc *rintc; + struct fwnode_handle *fn; + int rc; rintc = (struct acpi_madt_rintc *)header; @@ -273,7 +274,11 @@ static int __init riscv_intc_acpi_init(union acpi_subtable_headers *header, return -ENOMEM; } - return riscv_intc_init_common(fn, &riscv_intc_chip); + rc = riscv_intc_init_common(fn, &riscv_intc_chip); + if (rc) + irq_domain_free_fwnode(fn); + + return rc; } IRQCHIP_ACPI_DECLARE(riscv_intc, ACPI_MADT_TYPE_RINTC, NULL,

1 year, 3 months

1
0
0 0

[PATCH v1 RESEND] arch/powerpc/kvm: Fix doorbell emulation by adding DPDES support

by Gautam Menghani

Doorbell emulation is broken for KVM on PowerVM guests as support for DPDES was not added in the initial patch series. Due to this, a KVM on PowerVM guest cannot be booted with the XICS interrupt controller as doorbells are to be setup in the initial probe path when using XICS (pSeries_smp_probe()). Add DPDES support in the host KVM code to fix doorbell emulation. Fixes: 6ccbbc33f06a ("KVM: PPC: Add helper library for Guest State Buffers") Cc: stable(a)vger.kernel.org Signed-off-by: Gautam Menghani <gautam(a)linux.ibm.com> --- v1 -> v1 resend: 1. Add the stable tag Documentation/arch/powerpc/kvm-nested.rst | 4 +++- arch/powerpc/include/asm/guest-state-buffer.h | 3 ++- arch/powerpc/include/asm/kvm_book3s.h | 1 + arch/powerpc/kvm/book3s_hv.c | 14 +++++++++++++- arch/powerpc/kvm/book3s_hv_nestedv2.c | 7 +++++++ arch/powerpc/kvm/test-guest-state-buffer.c | 2 +- 6 files changed, 27 insertions(+), 4 deletions(-) diff --git a/Documentation/arch/powerpc/kvm-nested.rst b/Documentation/arch/powerpc/kvm-nested.rst index 630602a8aa00..5defd13cc6c1 100644 --- a/Documentation/arch/powerpc/kvm-nested.rst +++ b/Documentation/arch/powerpc/kvm-nested.rst @@ -546,7 +546,9 @@ table information. +--------+-------+----+--------+----------------------------------+ | 0x1052 | 0x08 | RW | T | CTRL | +--------+-------+----+--------+----------------------------------+ -| 0x1053-| | | | Reserved | +| 0x1053 | 0x08 | RW | T | DPDES | ++--------+-------+----+--------+----------------------------------+ +| 0x1054-| | | | Reserved | | 0x1FFF | | | | | +--------+-------+----+--------+----------------------------------+ | 0x2000 | 0x04 | RW | T | CR | diff --git a/arch/powerpc/include/asm/guest-state-buffer.h b/arch/powerpc/include/asm/guest-state-buffer.h index 808149f31576..d107abe1468f 100644 --- a/arch/powerpc/include/asm/guest-state-buffer.h +++ b/arch/powerpc/include/asm/guest-state-buffer.h @@ -81,6 +81,7 @@ #define KVMPPC_GSID_HASHKEYR 0x1050 #define KVMPPC_GSID_HASHPKEYR 0x1051 #define KVMPPC_GSID_CTRL 0x1052 +#define KVMPPC_GSID_DPDES 0x1053 #define KVMPPC_GSID_CR 0x2000 #define KVMPPC_GSID_PIDR 0x2001 @@ -110,7 +111,7 @@ #define KVMPPC_GSE_META_COUNT (KVMPPC_GSE_META_END - KVMPPC_GSE_META_START + 1) #define KVMPPC_GSE_DW_REGS_START KVMPPC_GSID_GPR(0) -#define KVMPPC_GSE_DW_REGS_END KVMPPC_GSID_CTRL +#define KVMPPC_GSE_DW_REGS_END KVMPPC_GSID_DPDES #define KVMPPC_GSE_DW_REGS_COUNT \ (KVMPPC_GSE_DW_REGS_END - KVMPPC_GSE_DW_REGS_START + 1) diff --git a/arch/powerpc/include/asm/kvm_book3s.h b/arch/powerpc/include/asm/kvm_book3s.h index 3e1e2a698c9e..10618622d7ef 100644 --- a/arch/powerpc/include/asm/kvm_book3s.h +++ b/arch/powerpc/include/asm/kvm_book3s.h @@ -594,6 +594,7 @@ static inline u##size kvmppc_get_##reg(struct kvm_vcpu *vcpu) \ KVMPPC_BOOK3S_VCORE_ACCESSOR(vtb, 64, KVMPPC_GSID_VTB) +KVMPPC_BOOK3S_VCORE_ACCESSOR(dpdes, 64, KVMPPC_GSID_DPDES) KVMPPC_BOOK3S_VCORE_ACCESSOR_GET(arch_compat, 32, KVMPPC_GSID_LOGICAL_PVR) KVMPPC_BOOK3S_VCORE_ACCESSOR_GET(lpcr, 64, KVMPPC_GSID_LPCR) KVMPPC_BOOK3S_VCORE_ACCESSOR_SET(tb_offset, 64, KVMPPC_GSID_TB_OFFSET) diff --git a/arch/powerpc/kvm/book3s_hv.c b/arch/powerpc/kvm/book3s_hv.c index 35cb014a0c51..cf285e5153ba 100644 --- a/arch/powerpc/kvm/book3s_hv.c +++ b/arch/powerpc/kvm/book3s_hv.c @@ -4116,6 +4116,11 @@ static int kvmhv_vcpu_entry_nestedv2(struct kvm_vcpu *vcpu, u64 time_limit, int trap; long rc; + if (vcpu->arch.doorbell_request) { + vcpu->arch.doorbell_request = 0; + kvmppc_set_dpdes(vcpu, 1); + } + io = &vcpu->arch.nestedv2_io; msr = mfmsr(); @@ -4278,9 +4283,16 @@ static int kvmhv_p9_guest_entry(struct kvm_vcpu *vcpu, u64 time_limit, if (kvmhv_on_pseries()) { if (kvmhv_is_nestedv1()) trap = kvmhv_vcpu_entry_p9_nested(vcpu, time_limit, lpcr, tb); - else + else { trap = kvmhv_vcpu_entry_nestedv2(vcpu, time_limit, lpcr, tb); + /* Remember doorbell if it is pending */ + if (kvmppc_get_dpdes(vcpu)) { + vcpu->arch.doorbell_request = 1; + kvmppc_set_dpdes(vcpu, 0); + } + } + /* H_CEDE has to be handled now, not later */ if (trap == BOOK3S_INTERRUPT_SYSCALL && !nested && kvmppc_get_gpr(vcpu, 3) == H_CEDE) { diff --git a/arch/powerpc/kvm/book3s_hv_nestedv2.c b/arch/powerpc/kvm/book3s_hv_nestedv2.c index 8e6f5355f08b..36863fff2a99 100644 --- a/arch/powerpc/kvm/book3s_hv_nestedv2.c +++ b/arch/powerpc/kvm/book3s_hv_nestedv2.c @@ -311,6 +311,10 @@ static int gs_msg_ops_vcpu_fill_info(struct kvmppc_gs_buff *gsb, rc = kvmppc_gse_put_u64(gsb, iden, vcpu->arch.vcore->vtb); break; + case KVMPPC_GSID_DPDES: + rc = kvmppc_gse_put_u64(gsb, iden, + vcpu->arch.vcore->dpdes); + break; case KVMPPC_GSID_LPCR: rc = kvmppc_gse_put_u64(gsb, iden, vcpu->arch.vcore->lpcr); @@ -543,6 +547,9 @@ static int gs_msg_ops_vcpu_refresh_info(struct kvmppc_gs_msg *gsm, case KVMPPC_GSID_VTB: vcpu->arch.vcore->vtb = kvmppc_gse_get_u64(gse); break; + case KVMPPC_GSID_DPDES: + vcpu->arch.vcore->dpdes = kvmppc_gse_get_u64(gse); + break; case KVMPPC_GSID_LPCR: vcpu->arch.vcore->lpcr = kvmppc_gse_get_u64(gse); break; diff --git a/arch/powerpc/kvm/test-guest-state-buffer.c b/arch/powerpc/kvm/test-guest-state-buffer.c index 4720b8dc8837..91ae660cfe21 100644 --- a/arch/powerpc/kvm/test-guest-state-buffer.c +++ b/arch/powerpc/kvm/test-guest-state-buffer.c @@ -151,7 +151,7 @@ static void test_gs_bitmap(struct kunit *test) i++; } - for (u16 iden = KVMPPC_GSID_GPR(0); iden <= KVMPPC_GSID_CTRL; iden++) { + for (u16 iden = KVMPPC_GSID_GPR(0); iden <= KVMPPC_GSID_DPDES; iden++) { kvmppc_gsbm_set(&gsbm, iden); kvmppc_gsbm_set(&gsbm1, iden); KUNIT_EXPECT_TRUE(test, kvmppc_gsbm_test(&gsbm, iden)); -- 2.45.0

1 year, 3 months

2
3
0 0

[PATCH] arm64: dts: rockchip: Fix the DCDC_REG2 minimum voltage on Quartz64 Model B

by Dragan Simic

Correct the specified regulator-min-microvolt value for the buck DCDC_REG2 regulator, which is part of the Rockchip RK809 PMIC, in the Pine64 Quartz64 Model B board dts. According to the RK809 datasheet, version 1.01, this regulator is capable of producing voltages as low as 0.5 V on its output, instead of going down to 0.9 V only, which is additionally confirmed by the regulator-min-microvolt values found in the board dts files for the other supported boards that use the same RK809 PMIC. This allows the DVFS to clock the GPU on the Quartz64 Model B below 700 MHz, all the way down to 200 MHz, which saves some power and reduces the amount of generated heat a bit, improving the thermal headroom and possibly improving the bursty CPU and GPU performance on this board. This also eliminates the following warnings in the kernel log: core: _opp_supported_by_regulators: OPP minuV: 825000 maxuV: 825000, not supported by regulator panfrost fde60000.gpu: _opp_add: OPP not supported by regulators (200000000) core: _opp_supported_by_regulators: OPP minuV: 825000 maxuV: 825000, not supported by regulator panfrost fde60000.gpu: _opp_add: OPP not supported by regulators (300000000) core: _opp_supported_by_regulators: OPP minuV: 825000 maxuV: 825000, not supported by regulator panfrost fde60000.gpu: _opp_add: OPP not supported by regulators (400000000) core: _opp_supported_by_regulators: OPP minuV: 825000 maxuV: 825000, not supported by regulator panfrost fde60000.gpu: _opp_add: OPP not supported by regulators (600000000) Fixes: dcc8c66bef79 ("arm64: dts: rockchip: add Pine64 Quartz64-B device tree") Cc: stable(a)vger.kernel.org Reported-By: Diederik de Haas <didi.debian(a)cknow.org> Signed-off-by: Dragan Simic <dsimic(a)manjaro.org> --- arch/arm64/boot/dts/rockchip/rk3566-quartz64-b.dts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/boot/dts/rockchip/rk3566-quartz64-b.dts b/arch/arm64/boot/dts/rockchip/rk3566-quartz64-b.dts index 26322a358d91..b908ce006c26 100644 --- a/arch/arm64/boot/dts/rockchip/rk3566-quartz64-b.dts +++ b/arch/arm64/boot/dts/rockchip/rk3566-quartz64-b.dts @@ -289,7 +289,7 @@ vdd_gpu: DCDC_REG2 { regulator-name = "vdd_gpu"; regulator-always-on; regulator-boot-on; - regulator-min-microvolt = <900000>; + regulator-min-microvolt = <500000>; regulator-max-microvolt = <1350000>; regulator-ramp-delay = <6001>;

1 year, 3 months

5
12
0 0

+ mm-vmalloc-fix-vbq-free-breakage.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/vmalloc: fix vbq->free breakage has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-vmalloc-fix-vbq-free-breakage.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: "hailong.liu" <hailong.liu(a)oppo.com> Subject: mm/vmalloc: fix vbq->free breakage Date: Thu, 30 May 2024 17:31:08 +0800 The function xa_for_each() in _vm_unmap_aliases() loops through all vbs. However, since commit 062eacf57ad9 ("mm: vmalloc: remove a global vmap_blocks xarray") the vb from xarray may not be on the corresponding CPU vmap_block_queue. Consequently, purge_fragmented_block() might use the wrong vbq->lock to protect the free list, leading to vbq->free breakage. Link: https://lkml.kernel.org/r/20240530093108.4512-1-hailong.liu@oppo.com Fixes: fc1e0d980037 ("mm/vmalloc: prevent stale TLBs in fully utilized blocks") Signed-off-by: Hailong.Liu <liuhailong(a)oppo.com> Reported-by: Guangye Yang <guangye.yang(a)mediatek.com> Cc: Barry Song <21cnbao(a)gmail.com> Cc: Christoph Hellwig <hch(a)infradead.org> Cc: Gao Xiang <xiang(a)kernel.org> Cc: Guangye Yang <guangye.yang(a)mediatek.com> Cc: liuhailong <liuhailong(a)oppo.com> Cc: Lorenzo Stoakes <lstoakes(a)gmail.com> Cc: Uladzislau Rezki (Sony) <urezki(a)gmail.com> Cc: Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmalloc.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/mm/vmalloc.c~mm-vmalloc-fix-vbq-free-breakage +++ a/mm/vmalloc.c @@ -2830,10 +2830,9 @@ static void _vm_unmap_aliases(unsigned l for_each_possible_cpu(cpu) { struct vmap_block_queue *vbq = &per_cpu(vmap_block_queue, cpu); struct vmap_block *vb; - unsigned long idx; rcu_read_lock(); - xa_for_each(&vbq->vmap_blocks, idx, vb) { + list_for_each_entry_rcu(vb, &vbq->free, free_list) { spin_lock(&vb->lock); /* _ Patches currently in -mm which might be from hailong.liu(a)oppo.com are mm-vmalloc-fix-vbq-free-breakage.patch

1 year, 3 months

3
3
0 0

[PATCH 5.4.y] x86/mm: Remove broken vsyscall emulation code from the page fault code

by Guilherme G. Piccoli

From: Linus Torvalds <torvalds(a)linux-foundation.org> commit 02b670c1f88e78f42a6c5aee155c7b26960ca054 upstream. The syzbot-reported stack trace from hell in this discussion thread actually has three nested page faults: https://lore.kernel.org/r/000000000000d5f4fc0616e816d4@google.com ... and I think that's actually the important thing here: - the first page fault is from user space, and triggers the vsyscall emulation. - the second page fault is from __do_sys_gettimeofday(), and that should just have caused the exception that then sets the return value to -EFAULT - the third nested page fault is due to _raw_spin_unlock_irqrestore() -> preempt_schedule() -> trace_sched_switch(), which then causes a BPF trace program to run, which does that bpf_probe_read_compat(), which causes that page fault under pagefault_disable(). It's quite the nasty backtrace, and there's a lot going on. The problem is literally the vsyscall emulation, which sets current->thread.sig_on_uaccess_err = 1; and that causes the fixup_exception() code to send the signal *despite* the exception being caught. And I think that is in fact completely bogus. It's completely bogus exactly because it sends that signal even when it *shouldn't* be sent - like for the BPF user mode trace gathering. In other words, I think the whole "sig_on_uaccess_err" thing is entirely broken, because it makes any nested page-faults do all the wrong things. Now, arguably, I don't think anybody should enable vsyscall emulation any more, but this test case clearly does. I think we should just make the "send SIGSEGV" be something that the vsyscall emulation does on its own, not this broken per-thread state for something that isn't actually per thread. The x86 page fault code actually tried to deal with the "incorrect nesting" by having that: if (in_interrupt()) return; which ignores the sig_on_uaccess_err case when it happens in interrupts, but as shown by this example, these nested page faults do not need to be about interrupts at all. IOW, I think the only right thing is to remove that horrendously broken code. The attached patch looks like the ObviouslyCorrect(tm) thing to do. NOTE! This broken code goes back to this commit in 2011: 4fc3490114bb ("x86-64: Set siginfo and context on vsyscall emulation faults") ... and back then the reason was to get all the siginfo details right. Honestly, I do not for a moment believe that it's worth getting the siginfo details right here, but part of the commit says: This fixes issues with UML when vsyscall=emulate. ... and so my patch to remove this garbage will probably break UML in this situation. I do not believe that anybody should be running with vsyscall=emulate in 2024 in the first place, much less if you are doing things like UML. But let's see if somebody screams. Reported-and-tested-by: syzbot+83e7f982ca045ab4405c(a)syzkaller.appspotmail.com Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Tested-by: Jiri Olsa <jolsa(a)kernel.org> Acked-by: Andy Lutomirski <luto(a)kernel.org> Link: https://lore.kernel.org/r/CAHk-=wh9D6f7HUkDgZHKmDCHUQmp+Co89GP+b8+z+G56BKey… Signed-off-by: Sasha Levin <sashal(a)kernel.org> [gpiccoli: Backport the patch due to differences in the trees. The main changes between 5.4.y and 5.15.y are due to renaming the fixup function, by commit 6456a2a69ee1 ("x86/fault: Rename no_context() to kernelmode_fixup_or_oops()"), and on processor.h thread_struct due to commit cf122cfba5b1 ("kill uaccess_try()"). Following 2 commits cause divergence in the diffs too (in the removed lines): cd072dab453a ("x86/fault: Add a helper function to sanitize error code") d4ffd5df9d18 ("x86/fault: Fix wrong signal when vsyscall fails with pkey").] Signed-off-by: Guilherme G. Piccoli <gpiccoli(a)igalia.com> --- Hi folks, this was backported by AUTOSEL up to 5.15.y; I'm manually submitting the backport to 5.4.y and 5.10.y. I've detailed a bit the changes necessary due to other nonrelated missing patches, but these are really simple and non-intrusive. Nevertheless, I've explicitely CCed x86 ML to be sure the maintainers are aware of the backport, and if anybody thinks we shouldn't do it for these (very) old releases, please respond here. Cheers, Guilherme arch/x86/entry/vsyscall/vsyscall_64.c | 28 ++------------------------- arch/x86/include/asm/processor.h | 1 - arch/x86/mm/fault.c | 27 +------------------------- 3 files changed, 3 insertions(+), 53 deletions(-) diff --git a/arch/x86/entry/vsyscall/vsyscall_64.c b/arch/x86/entry/vsyscall/vsyscall_64.c index e7c596dea947..86e5a1c1055f 100644 --- a/arch/x86/entry/vsyscall/vsyscall_64.c +++ b/arch/x86/entry/vsyscall/vsyscall_64.c @@ -98,11 +98,6 @@ static int addr_to_vsyscall_nr(unsigned long addr) static bool write_ok_or_segv(unsigned long ptr, size_t size) { - /* - * XXX: if access_ok, get_user, and put_user handled - * sig_on_uaccess_err, this could go away. - */ - if (!access_ok((void __user *)ptr, size)) { struct thread_struct *thread = &current->thread; @@ -120,10 +115,8 @@ static bool write_ok_or_segv(unsigned long ptr, size_t size) bool emulate_vsyscall(unsigned long error_code, struct pt_regs *regs, unsigned long address) { - struct task_struct *tsk; unsigned long caller; int vsyscall_nr, syscall_nr, tmp; - int prev_sig_on_uaccess_err; long ret; unsigned long orig_dx; @@ -172,8 +165,6 @@ bool emulate_vsyscall(unsigned long error_code, goto sigsegv; } - tsk = current; - /* * Check for access_ok violations and find the syscall nr. * @@ -233,12 +224,8 @@ bool emulate_vsyscall(unsigned long error_code, goto do_ret; /* skip requested */ /* - * With a real vsyscall, page faults cause SIGSEGV. We want to - * preserve that behavior to make writing exploits harder. + * With a real vsyscall, page faults cause SIGSEGV. */ - prev_sig_on_uaccess_err = current->thread.sig_on_uaccess_err; - current->thread.sig_on_uaccess_err = 1; - ret = -EFAULT; switch (vsyscall_nr) { case 0: @@ -261,23 +248,12 @@ bool emulate_vsyscall(unsigned long error_code, break; } - current->thread.sig_on_uaccess_err = prev_sig_on_uaccess_err; - check_fault: if (ret == -EFAULT) { /* Bad news -- userspace fed a bad pointer to a vsyscall. */ warn_bad_vsyscall(KERN_INFO, regs, "vsyscall fault (exploit attempt?)"); - - /* - * If we failed to generate a signal for any reason, - * generate one here. (This should be impossible.) - */ - if (WARN_ON_ONCE(!sigismember(&tsk->pending.signal, SIGBUS) && - !sigismember(&tsk->pending.signal, SIGSEGV))) - goto sigsegv; - - return true; /* Don't emulate the ret. */ + goto sigsegv; } regs->ax = ret; diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h index 9cbd86cf0deb..087df5edef78 100644 --- a/arch/x86/include/asm/processor.h +++ b/arch/x86/include/asm/processor.h @@ -487,7 +487,6 @@ struct thread_struct { mm_segment_t addr_limit; - unsigned int sig_on_uaccess_err:1; unsigned int uaccess_err:1; /* uaccess failed */ /* Floating point and extended processor state */ diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c index c494c8c05824..21383ef7b506 100644 --- a/arch/x86/mm/fault.c +++ b/arch/x86/mm/fault.c @@ -743,33 +743,8 @@ no_context(struct pt_regs *regs, unsigned long error_code, } /* Are we prepared to handle this kernel fault? */ - if (fixup_exception(regs, X86_TRAP_PF, error_code, address)) { - /* - * Any interrupt that takes a fault gets the fixup. This makes - * the below recursive fault logic only apply to a faults from - * task context. - */ - if (in_interrupt()) - return; - - /* - * Per the above we're !in_interrupt(), aka. task context. - * - * In this case we need to make sure we're not recursively - * faulting through the emulate_vsyscall() logic. - */ - if (current->thread.sig_on_uaccess_err && signal) { - set_signal_archinfo(address, error_code); - - /* XXX: hwpoison faults will set the wrong code. */ - force_sig_fault(signal, si_code, (void __user *)address); - } - - /* - * Barring that, we can do the fixup and be happy. - */ + if (fixup_exception(regs, X86_TRAP_PF, error_code, address)) return; - } #ifdef CONFIG_VMAP_STACK /* -- 2.45.1

1 year, 3 months

1
0
0 0

[PATCH v2] iio: imu: inv_mpu6050: stabilized timestamping in interrupt

by inv.git-commit＠tdk.com

From: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> Use IRQ ONESHOT flag to ensure the timestamp is not updated in the hard handler during the thread handler. And use a fixed value of 1 sample that correspond to this first timestamp. This way we can ensure the timestamp is always corresponding to the value used by the timestamping mechanism. Otherwise, it is possible that between FIFO count read and FIFO processing the timestamp is overwritten in the hard handler. Fixes: 111e1abd0045 ("iio: imu: inv_mpu6050: use the common inv_sensors timestamp module") Cc: stable(a)vger.kernel.org Signed-off-by: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> --- drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c | 4 ++-- drivers/iio/imu/inv_mpu6050/inv_mpu_trigger.c | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c b/drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c index 0dc0f22a5582..3d3b27f28c9d 100644 --- a/drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c +++ b/drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c @@ -100,8 +100,8 @@ irqreturn_t inv_mpu6050_read_fifo(int irq, void *p) goto end_session; /* Each FIFO data contains all sensors, so same number for FIFO and sensor data */ fifo_period = NSEC_PER_SEC / INV_MPU6050_DIVIDER_TO_FIFO_RATE(st->chip_config.divider); - inv_sensors_timestamp_interrupt(&st->timestamp, nb, pf->timestamp); - inv_sensors_timestamp_apply_odr(&st->timestamp, fifo_period, nb, 0); + inv_sensors_timestamp_interrupt(&st->timestamp, 1, pf->timestamp); + inv_sensors_timestamp_apply_odr(&st->timestamp, fifo_period, 1, 0); /* clear internal data buffer for avoiding kernel data leak */ memset(data, 0, sizeof(data)); diff --git a/drivers/iio/imu/inv_mpu6050/inv_mpu_trigger.c b/drivers/iio/imu/inv_mpu6050/inv_mpu_trigger.c index 1b603567ccc8..84273660ca2e 100644 --- a/drivers/iio/imu/inv_mpu6050/inv_mpu_trigger.c +++ b/drivers/iio/imu/inv_mpu6050/inv_mpu_trigger.c @@ -300,6 +300,7 @@ int inv_mpu6050_probe_trigger(struct iio_dev *indio_dev, int irq_type) if (!st->trig) return -ENOMEM; + irq_type |= IRQF_ONESHOT; ret = devm_request_threaded_irq(&indio_dev->dev, st->irq, &inv_mpu6050_interrupt_timestamp, &inv_mpu6050_interrupt_handle, -- 2.34.1

1 year, 3 months

2
1
0 0

[PATCH] iio: imu: inv_icm42600: stabilized timestamp in interrupt

by inv.git-commit＠tdk.com

From: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> Use IRQ_ONESHOT flag to ensure the timestamp is not updated in the hard handler during the thread handler. And compute and use the effective watermark value that correspond to this first timestamp. This way we can ensure the timestamp is always corresponding to the value used by the timestamping mechanism. Otherwise, it is possible that between FIFO count read and FIFO processing the timestamp is overwritten in the hard handler. Fixes: ec74ae9fd37c ("iio: imu: inv_icm42600: add accurate timestamping") Cc: stable(a)vger.kernel.org Signed-off-by: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> --- .../imu/inv_icm42600/inv_icm42600_buffer.c | 19 +++++++++++++++++-- .../imu/inv_icm42600/inv_icm42600_buffer.h | 2 ++ .../iio/imu/inv_icm42600/inv_icm42600_core.c | 1 + 3 files changed, 20 insertions(+), 2 deletions(-) diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.c index 63b85ec88c13..a8cf74c84c3c 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.c +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.c @@ -222,10 +222,15 @@ int inv_icm42600_buffer_update_watermark(struct inv_icm42600_state *st) latency_accel = period_accel * wm_accel; /* 0 value for watermark means that the sensor is turned off */ + if (wm_gyro == 0 && wm_accel == 0) + return 0; + if (latency_gyro == 0) { watermark = wm_accel; + st->fifo.watermark.eff_accel = wm_accel; } else if (latency_accel == 0) { watermark = wm_gyro; + st->fifo.watermark.eff_gyro = wm_gyro; } else { /* compute the smallest latency that is a multiple of both */ if (latency_gyro <= latency_accel) @@ -241,6 +246,13 @@ int inv_icm42600_buffer_update_watermark(struct inv_icm42600_state *st) watermark = latency / period; if (watermark < 1) watermark = 1; + /* update effective watermark */ + st->fifo.watermark.eff_gyro = latency / period_gyro; + if (st->fifo.watermark.eff_gyro < 1) + st->fifo.watermark.eff_gyro = 1; + st->fifo.watermark.eff_accel = latency / period_accel; + if (st->fifo.watermark.eff_accel < 1) + st->fifo.watermark.eff_accel = 1; } /* compute watermark value in bytes */ @@ -514,7 +526,7 @@ int inv_icm42600_buffer_fifo_parse(struct inv_icm42600_state *st) /* handle gyroscope timestamp and FIFO data parsing */ if (st->fifo.nb.gyro > 0) { ts = &gyro_st->ts; - inv_sensors_timestamp_interrupt(ts, st->fifo.nb.gyro, + inv_sensors_timestamp_interrupt(ts, st->fifo.watermark.eff_gyro, st->timestamp.gyro); ret = inv_icm42600_gyro_parse_fifo(st->indio_gyro); if (ret) @@ -524,7 +536,7 @@ int inv_icm42600_buffer_fifo_parse(struct inv_icm42600_state *st) /* handle accelerometer timestamp and FIFO data parsing */ if (st->fifo.nb.accel > 0) { ts = &accel_st->ts; - inv_sensors_timestamp_interrupt(ts, st->fifo.nb.accel, + inv_sensors_timestamp_interrupt(ts, st->fifo.watermark.eff_accel, st->timestamp.accel); ret = inv_icm42600_accel_parse_fifo(st->indio_accel); if (ret) @@ -577,6 +589,9 @@ int inv_icm42600_buffer_init(struct inv_icm42600_state *st) unsigned int val; int ret; + st->fifo.watermark.eff_gyro = 1; + st->fifo.watermark.eff_accel = 1; + /* * Default FIFO configuration (bits 7 to 5) * - use invalid value diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.h b/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.h index 8b85ee333bf8..f6c85daf42b0 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.h +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.h @@ -32,6 +32,8 @@ struct inv_icm42600_fifo { struct { unsigned int gyro; unsigned int accel; + unsigned int eff_gyro; + unsigned int eff_accel; } watermark; size_t count; struct { diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c index 96116a68ab29..62fdae530334 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c @@ -537,6 +537,7 @@ static int inv_icm42600_irq_init(struct inv_icm42600_state *st, int irq, if (ret) return ret; + irq_type |= IRQF_ONESHOT; return devm_request_threaded_irq(dev, irq, inv_icm42600_irq_timestamp, inv_icm42600_irq_handler, irq_type, "inv_icm42600", st); -- 2.34.1

1 year, 3 months

2
1
0 0

Maybe a security bug

by Massimo Di Carlo

Hi, I hope this is the right place I think I found a security bug. I have a faulty hard disk and sometimes the system doesn't boot but a root console appears. it's already the second time and I didn't think to take a photo. I'm not talking about the control D or Root password screen! A root console appears directly. kernel 6.8.11-1 manjaro 64 bit

1 year, 3 months

2
1
0 0

[PATCH v3] mm/vmalloc: fix corrupted list of vbq->free

by hailong.liu＠oppo.com

From: "Hailong.Liu" <hailong.liu(a)oppo.com> The function xa_for_each() in _vm_unmap_aliases() loops through all vbs. However, since commit 062eacf57ad9 ("mm: vmalloc: remove a global vmap_blocks xarray") the vb from xarray may not be on the corresponding CPU vmap_block_queue. Consequently, purge_fragmented_block() might use the wrong vbq->lock to protect the free list, leading to vbq->free breakage. Incorrect lock protection can exhaust all vmalloc space as follows: CPU0 CPU1 +--------------------------------------------+ | +--------------------+ +-----+ | +--> | |---->| |------+ | CPU1:vbq free_list | | vb1 | +--- | |<----| |<-----+ | +--------------------+ +-----+ | +--------------------------------------------+ _vm_unmap_aliases() vb_alloc() new_vmap_block() xa_for_each(&vbq->vmap_blocks, idx, vb) --> vb in CPU1:vbq->freelist purge_fragmented_block(vb) spin_lock(&vbq->lock) spin_lock(&vbq->lock) --> use CPU0:vbq->lock --> use CPU1:vbq->lock list_del_rcu(&vb->free_list) list_add_tail_rcu(&vb->free_list, &vbq->free) __list_del(vb->prev, vb->next) next->prev = prev +--------------------+ | | | CPU1:vbq free_list | +---| |<--+ | +--------------------+ | +----------------------------+ __list_add(new, head->prev, head) +--------------------------------------------+ | +--------------------+ +-----+ | +--> | |---->| |------+ | CPU1:vbq free_list | | vb2 | +--- | |<----| |<-----+ | +--------------------+ +-----+ | +--------------------------------------------+ prev->next = next +--------------------------------------------+ |----------------------------+ | | +--------------------+ | +-----+ | +--> | |--+ | |------+ | CPU1:vbq free_list | | vb2 | +--- | |<----| |<-----+ | +--------------------+ +-----+ | +--------------------------------------------+ Here’s a list breakdown. All vbs, which were to be added to ‘prev’, cannot be used by list_for_each_entry_rcu(vb, &vbq->free, free_list) in vb_alloc(). Thus, vmalloc space is exhausted. This issue affects both erofs and f2fs, the stacktrace is as follows: erofs: [<ffffffd4ffb93ad4>] __switch_to+0x174 [<ffffffd4ffb942f0>] __schedule+0x624 [<ffffffd4ffb946f4>] schedule+0x7c [<ffffffd4ffb947cc>] schedule_preempt_disabled+0x24 [<ffffffd4ffb962ec>] __mutex_lock+0x374 [<ffffffd4ffb95998>] __mutex_lock_slowpath+0x14 [<ffffffd4ffb95954>] mutex_lock+0x24 [<ffffffd4fef2900c>] reclaim_and_purge_vmap_areas+0x44 [<ffffffd4fef25908>] alloc_vmap_area+0x2e0 [<ffffffd4fef24ea0>] vm_map_ram+0x1b0 [<ffffffd4ff1b46f4>] z_erofs_lz4_decompress+0x278 [<ffffffd4ff1b8ac4>] z_erofs_decompress_queue+0x650 [<ffffffd4ff1b8328>] z_erofs_runqueue+0x7f4 [<ffffffd4ff1b66a8>] z_erofs_read_folio+0x104 [<ffffffd4feeb6fec>] filemap_read_folio+0x6c [<ffffffd4feeb68c4>] filemap_fault+0x300 [<ffffffd4fef0ecac>] __do_fault+0xc8 [<ffffffd4fef0c908>] handle_mm_fault+0xb38 [<ffffffd4ffb9f008>] do_page_fault+0x288 [<ffffffd4ffb9ed64>] do_translation_fault[jt]+0x40 [<ffffffd4fec39c78>] do_mem_abort+0x58 [<ffffffd4ffb8c3e4>] el0_ia+0x70 [<ffffffd4ffb8c260>] el0t_64_sync_handler[jt]+0xb0 [<ffffffd4fec11588>] ret_to_user[jt]+0x0 f2fs: [<ffffffd4ffb93ad4>] __switch_to+0x174 [<ffffffd4ffb942f0>] __schedule+0x624 [<ffffffd4ffb946f4>] schedule+0x7c [<ffffffd4ffb947cc>] schedule_preempt_disabled+0x24 [<ffffffd4ffb962ec>] __mutex_lock+0x374 [<ffffffd4ffb95998>] __mutex_lock_slowpath+0x14 [<ffffffd4ffb95954>] mutex_lock+0x24 [<ffffffd4fef2900c>] reclaim_and_purge_vmap_areas+0x44 [<ffffffd4fef25908>] alloc_vmap_area+0x2e0 [<ffffffd4fef24ea0>] vm_map_ram+0x1b0 [<ffffffd4ff1a3b60>] f2fs_prepare_decomp_mem+0x144 [<ffffffd4ff1a6c24>] f2fs_alloc_dic+0x264 [<ffffffd4ff175468>] f2fs_read_multi_pages+0x428 [<ffffffd4ff17b46c>] f2fs_mpage_readpages+0x314 [<ffffffd4ff1785c4>] f2fs_readahead+0x50 [<ffffffd4feec3384>] read_pages+0x80 [<ffffffd4feec32c0>] page_cache_ra_unbounded+0x1a0 [<ffffffd4feec39e8>] page_cache_ra_order+0x274 [<ffffffd4feeb6cec>] do_sync_mmap_readahead+0x11c [<ffffffd4feeb6764>] filemap_fault+0x1a0 [<ffffffd4ff1423bc>] f2fs_filemap_fault+0x28 [<ffffffd4fef0ecac>] __do_fault+0xc8 [<ffffffd4fef0c908>] handle_mm_fault+0xb38 [<ffffffd4ffb9f008>] do_page_fault+0x288 [<ffffffd4ffb9ed64>] do_translation_fault[jt]+0x40 [<ffffffd4fec39c78>] do_mem_abort+0x58 [<ffffffd4ffb8c3e4>] el0_ia+0x70 [<ffffffd4ffb8c260>] el0t_64_sync_handler[jt]+0xb0 [<ffffffd4fec11588>] ret_to_user[jt]+0x0 To fix this, introduce vbq->lock in vmap_block. Cc: <stable(a)vger.kernel.org> Signed-off-by: Hailong.Liu <hailong.liu(a)oppo.com> --- mm/vmalloc.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/mm/vmalloc.c b/mm/vmalloc.c index 125427cbdb87..f4cfdf3fd925 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -2467,6 +2467,7 @@ struct vmap_block_queue { struct vmap_block { spinlock_t lock; + spinlock_t *vbq_lock; struct vmap_area *va; unsigned long free, dirty; DECLARE_BITMAP(used_map, VMAP_BBMAP_BITS); @@ -2603,6 +2604,7 @@ static void *new_vmap_block(unsigned int order, gfp_t gfp_mask) } vbq = raw_cpu_ptr(&vmap_block_queue); + vb->vbq_lock = &vbq->lock; spin_lock(&vbq->lock); list_add_tail_rcu(&vb->free_list, &vbq->free); spin_unlock(&vbq->lock); @@ -2630,7 +2632,7 @@ static void free_vmap_block(struct vmap_block *vb) } static bool purge_fragmented_block(struct vmap_block *vb, - struct vmap_block_queue *vbq, struct list_head *purge_list, + struct list_head *purge_list, bool force_purge) { if (vb->free + vb->dirty != VMAP_BBMAP_BITS || @@ -2647,9 +2649,9 @@ static bool purge_fragmented_block(struct vmap_block *vb, WRITE_ONCE(vb->dirty, VMAP_BBMAP_BITS); vb->dirty_min = 0; vb->dirty_max = VMAP_BBMAP_BITS; - spin_lock(&vbq->lock); + spin_lock(vb->vbq_lock); list_del_rcu(&vb->free_list); - spin_unlock(&vbq->lock); + spin_unlock(vb->vbq_lock); list_add_tail(&vb->purge, purge_list); return true; } @@ -2680,7 +2682,7 @@ static void purge_fragmented_blocks(int cpu) continue; spin_lock(&vb->lock); - purge_fragmented_block(vb, vbq, &purge, true); + purge_fragmented_block(vb, &purge, true); spin_unlock(&vb->lock); } rcu_read_unlock(); @@ -2817,7 +2819,7 @@ static void _vm_unmap_aliases(unsigned long start, unsigned long end, int flush) * not purgeable, check whether there is dirty * space to be flushed. */ - if (!purge_fragmented_block(vb, vbq, &purge_list, false) && + if (!purge_fragmented_block(vb, &purge_list, false) && vb->dirty_max && vb->dirty != VMAP_BBMAP_BITS) { unsigned long va_start = vb->va->va_start; unsigned long s, e; -- 2.34.1

1 year, 3 months

2
1
0 0

[PATCH net] net/tcp: Don't consider TCP_CLOSE in TCP_AO_ESTABLISHED

by Dmitry Safonov via B4 Relay

From: Dmitry Safonov <0x7f454c46(a)gmail.com> TCP_CLOSE may or may not have current/rnext keys and should not be considered "established". The fast-path for TCP_CLOSE is SKB_DROP_REASON_TCP_CLOSE. This is what tcp_rcv_state_process() does anyways. Add an early drop path to not spend any time verifying segment signatures for sockets in TCP_CLOSE state. Cc: stable(a)vger.kernel.org # v6.7 Fixes: 0a3a809089eb ("net/tcp: Verify inbound TCP-AO signed segments") Signed-off-by: Dmitry Safonov <0x7f454c46(a)gmail.com> --- include/net/tcp_ao.h | 7 ++++--- net/ipv4/tcp_ao.c | 13 +++++++++---- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/include/net/tcp_ao.h b/include/net/tcp_ao.h index 471e177362b4..5d8e9ed2c005 100644 --- a/include/net/tcp_ao.h +++ b/include/net/tcp_ao.h @@ -86,7 +86,8 @@ static inline int tcp_ao_sizeof_key(const struct tcp_ao_key *key) struct tcp_ao_info { /* List of tcp_ao_key's */ struct hlist_head head; - /* current_key and rnext_key aren't maintained on listen sockets. + /* current_key and rnext_key are maintained on sockets + * in TCP_AO_ESTABLISHED states. * Their purpose is to cache keys on established connections, * saving needless lookups. Never dereference any of them from * listen sockets. @@ -201,9 +202,9 @@ struct tcp6_ao_context { }; struct tcp_sigpool; +/* Established states are fast-path and there always is current_key/rnext_key */ #define TCP_AO_ESTABLISHED (TCPF_ESTABLISHED | TCPF_FIN_WAIT1 | TCPF_FIN_WAIT2 | \ - TCPF_CLOSE | TCPF_CLOSE_WAIT | \ - TCPF_LAST_ACK | TCPF_CLOSING) + TCPF_CLOSE_WAIT | TCPF_LAST_ACK | TCPF_CLOSING) int tcp_ao_transmit_skb(struct sock *sk, struct sk_buff *skb, struct tcp_ao_key *key, struct tcphdr *th, diff --git a/net/ipv4/tcp_ao.c b/net/ipv4/tcp_ao.c index 781b67a52571..37c42b63ff99 100644 --- a/net/ipv4/tcp_ao.c +++ b/net/ipv4/tcp_ao.c @@ -933,6 +933,7 @@ tcp_inbound_ao_hash(struct sock *sk, const struct sk_buff *skb, struct tcp_ao_key *key; __be32 sisn, disn; u8 *traffic_key; + int state; u32 sne = 0; info = rcu_dereference(tcp_sk(sk)->ao_info); @@ -948,8 +949,9 @@ tcp_inbound_ao_hash(struct sock *sk, const struct sk_buff *skb, disn = 0; } + state = READ_ONCE(sk->sk_state); /* Fast-path */ - if (likely((1 << sk->sk_state) & TCP_AO_ESTABLISHED)) { + if (likely((1 << state) & TCP_AO_ESTABLISHED)) { enum skb_drop_reason err; struct tcp_ao_key *current_key; @@ -988,6 +990,9 @@ tcp_inbound_ao_hash(struct sock *sk, const struct sk_buff *skb, return SKB_NOT_DROPPED_YET; } + if (unlikely(state == TCP_CLOSE)) + return SKB_DROP_REASON_TCP_CLOSE; + /* Lookup key based on peer address and keyid. * current_key and rnext_key must not be used on tcp listen * sockets as otherwise: @@ -1001,7 +1006,7 @@ tcp_inbound_ao_hash(struct sock *sk, const struct sk_buff *skb, if (th->syn && !th->ack) goto verify_hash; - if ((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_NEW_SYN_RECV)) { + if ((1 << state) & (TCPF_LISTEN | TCPF_NEW_SYN_RECV)) { /* Make the initial syn the likely case here */ if (unlikely(req)) { sne = tcp_ao_compute_sne(0, tcp_rsk(req)->rcv_isn, @@ -1018,14 +1023,14 @@ tcp_inbound_ao_hash(struct sock *sk, const struct sk_buff *skb, /* no way to figure out initial sisn/disn - drop */ return SKB_DROP_REASON_TCP_FLAGS; } - } else if ((1 << sk->sk_state) & (TCPF_SYN_SENT | TCPF_SYN_RECV)) { + } else if ((1 << state) & (TCPF_SYN_SENT | TCPF_SYN_RECV)) { disn = info->lisn; if (th->syn || th->rst) sisn = th->seq; else sisn = info->risn; } else { - WARN_ONCE(1, "TCP-AO: Unexpected sk_state %d", sk->sk_state); + WARN_ONCE(1, "TCP-AO: Unexpected sk_state %d", state); return SKB_DROP_REASON_TCP_AOFAILURE; } verify_hash: --- base-commit: e0cce98fe279b64f4a7d81b7f5c3a23d80b92fbc change-id: 20240529-tcp_ao-sk_state-4eb21b045001 Best regards, -- Dmitry Safonov <0x7f454c46(a)gmail.com>

1 year, 3 months

3
2
0 0

[PATCH v3] mm/vmalloc: fix corrupted list of vbq->free

by hailong.liu＠oppo.com

From: "Hailong.Liu" <hailong.liu(a)oppo.com> The function xa_for_each() in _vm_unmap_aliases() loops through all vbs. However, since commit 062eacf57ad9 ("mm: vmalloc: remove a global vmap_blocks xarray") the vb from xarray may not be on the corresponding CPU vmap_block_queue. Consequently, purge_fragmented_block() might use the wrong vbq->lock to protect the free list, leading to vbq->free breakage. Incorrect lock protection can exhaust all vmalloc space as follows: CPU0 CPU1 +--------------------------------------------+ | +--------------------+ +-----+ | +--> | |---->| |------+ | CPU1:vbq free_list | | vb1 | +--- | |<----| |<-----+ | +--------------------+ +-----+ | +--------------------------------------------+ _vm_unmap_aliases() vb_alloc() new_vmap_block() xa_for_each(&vbq->vmap_blocks, idx, vb) --> vb in CPU1:vbq->freelist purge_fragmented_block(vb) spin_lock(&vbq->lock) spin_lock(&vbq->lock) --> use CPU0:vbq->lock --> use CPU1:vbq->lock list_del_rcu(&vb->free_list) list_add_tail_rcu(&vb->free_list, &vbq->free) __list_del(vb->prev, vb->next) next->prev = prev +--------------------+ | | | CPU1:vbq free_list | +---| |<--+ | +--------------------+ | +----------------------------+ __list_add(new, head->prev, head) +--------------------------------------------+ | +--------------------+ +-----+ | +--> | |---->| |------+ | CPU1:vbq free_list | | vb2 | +--- | |<----| |<-----+ | +--------------------+ +-----+ | +--------------------------------------------+ prev->next = next +--------------------------------------------+ |----------------------------+ | | +--------------------+ | +-----+ | +--> | |--+ | |------+ | CPU1:vbq free_list | | vb2 | +--- | |<----| |<-----+ | +--------------------+ +-----+ | +--------------------------------------------+ Here’s a list breakdown. All vbs, which were to be added to ‘prev’, cannot be used by list_for_each_entry_rcu(vb, &vbq->free, free_list) in vb_alloc(). Thus, vmalloc space is exhausted. This issue affects both erofs and f2fs, the stacktrace is as follows: erofs: [<ffffffd4ffb93ad4>] __switch_to+0x174 [<ffffffd4ffb942f0>] __schedule+0x624 [<ffffffd4ffb946f4>] schedule+0x7c [<ffffffd4ffb947cc>] schedule_preempt_disabled+0x24 [<ffffffd4ffb962ec>] __mutex_lock+0x374 [<ffffffd4ffb95998>] __mutex_lock_slowpath+0x14 [<ffffffd4ffb95954>] mutex_lock+0x24 [<ffffffd4fef2900c>] reclaim_and_purge_vmap_areas+0x44 [<ffffffd4fef25908>] alloc_vmap_area+0x2e0 [<ffffffd4fef24ea0>] vm_map_ram+0x1b0 [<ffffffd4ff1b46f4>] z_erofs_lz4_decompress+0x278 [<ffffffd4ff1b8ac4>] z_erofs_decompress_queue+0x650 [<ffffffd4ff1b8328>] z_erofs_runqueue+0x7f4 [<ffffffd4ff1b66a8>] z_erofs_read_folio+0x104 [<ffffffd4feeb6fec>] filemap_read_folio+0x6c [<ffffffd4feeb68c4>] filemap_fault+0x300 [<ffffffd4fef0ecac>] __do_fault+0xc8 [<ffffffd4fef0c908>] handle_mm_fault+0xb38 [<ffffffd4ffb9f008>] do_page_fault+0x288 [<ffffffd4ffb9ed64>] do_translation_fault[jt]+0x40 [<ffffffd4fec39c78>] do_mem_abort+0x58 [<ffffffd4ffb8c3e4>] el0_ia+0x70 [<ffffffd4ffb8c260>] el0t_64_sync_handler[jt]+0xb0 [<ffffffd4fec11588>] ret_to_user[jt]+0x0 f2fs: [<ffffffd4ffb93ad4>] __switch_to+0x174 [<ffffffd4ffb942f0>] __schedule+0x624 [<ffffffd4ffb946f4>] schedule+0x7c [<ffffffd4ffb947cc>] schedule_preempt_disabled+0x24 [<ffffffd4ffb962ec>] __mutex_lock+0x374 [<ffffffd4ffb95998>] __mutex_lock_slowpath+0x14 [<ffffffd4ffb95954>] mutex_lock+0x24 [<ffffffd4fef2900c>] reclaim_and_purge_vmap_areas+0x44 [<ffffffd4fef25908>] alloc_vmap_area+0x2e0 [<ffffffd4fef24ea0>] vm_map_ram+0x1b0 [<ffffffd4ff1a3b60>] f2fs_prepare_decomp_mem+0x144 [<ffffffd4ff1a6c24>] f2fs_alloc_dic+0x264 [<ffffffd4ff175468>] f2fs_read_multi_pages+0x428 [<ffffffd4ff17b46c>] f2fs_mpage_readpages+0x314 [<ffffffd4ff1785c4>] f2fs_readahead+0x50 [<ffffffd4feec3384>] read_pages+0x80 [<ffffffd4feec32c0>] page_cache_ra_unbounded+0x1a0 [<ffffffd4feec39e8>] page_cache_ra_order+0x274 [<ffffffd4feeb6cec>] do_sync_mmap_readahead+0x11c [<ffffffd4feeb6764>] filemap_fault+0x1a0 [<ffffffd4ff1423bc>] f2fs_filemap_fault+0x28 [<ffffffd4fef0ecac>] __do_fault+0xc8 [<ffffffd4fef0c908>] handle_mm_fault+0xb38 [<ffffffd4ffb9f008>] do_page_fault+0x288 [<ffffffd4ffb9ed64>] do_translation_fault[jt]+0x40 [<ffffffd4fec39c78>] do_mem_abort+0x58 [<ffffffd4ffb8c3e4>] el0_ia+0x70 [<ffffffd4ffb8c260>] el0t_64_sync_handler[jt]+0xb0 [<ffffffd4fec11588>] ret_to_user[jt]+0x0 To fix this, introduce vbq_lock in vmap_block. Cc: <stable(a)vger.kernel.org> Fixes: fc1e0d980037 ("mm/vmalloc: prevent stale TLBs in fully utilized blocks") Suggested-by: Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> Signed-off-by: Hailong.Liu <hailong.liu(a)oppo.com> --- mm/vmalloc.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/mm/vmalloc.c b/mm/vmalloc.c index 125427cbdb87..f4cfdf3fd925 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -2467,6 +2467,7 @@ struct vmap_block_queue { struct vmap_block { spinlock_t lock; + spinlock_t *vbq_lock; struct vmap_area *va; unsigned long free, dirty; DECLARE_BITMAP(used_map, VMAP_BBMAP_BITS); @@ -2603,6 +2604,7 @@ static void *new_vmap_block(unsigned int order, gfp_t gfp_mask) } vbq = raw_cpu_ptr(&vmap_block_queue); + vb->vbq_lock = &vbq->lock; spin_lock(&vbq->lock); list_add_tail_rcu(&vb->free_list, &vbq->free); spin_unlock(&vbq->lock); @@ -2630,7 +2632,7 @@ static void free_vmap_block(struct vmap_block *vb) } static bool purge_fragmented_block(struct vmap_block *vb, - struct vmap_block_queue *vbq, struct list_head *purge_list, + struct list_head *purge_list, bool force_purge) { if (vb->free + vb->dirty != VMAP_BBMAP_BITS || @@ -2647,9 +2649,9 @@ static bool purge_fragmented_block(struct vmap_block *vb, WRITE_ONCE(vb->dirty, VMAP_BBMAP_BITS); vb->dirty_min = 0; vb->dirty_max = VMAP_BBMAP_BITS; - spin_lock(&vbq->lock); + spin_lock(vb->vbq_lock); list_del_rcu(&vb->free_list); - spin_unlock(&vbq->lock); + spin_unlock(vb->vbq_lock); list_add_tail(&vb->purge, purge_list); return true; } @@ -2680,7 +2682,7 @@ static void purge_fragmented_blocks(int cpu) continue; spin_lock(&vb->lock); - purge_fragmented_block(vb, vbq, &purge, true); + purge_fragmented_block(vb, &purge, true); spin_unlock(&vb->lock); } rcu_read_unlock(); @@ -2817,7 +2819,7 @@ static void _vm_unmap_aliases(unsigned long start, unsigned long end, int flush) * not purgeable, check whether there is dirty * space to be flushed. */ - if (!purge_fragmented_block(vb, vbq, &purge_list, false) && + if (!purge_fragmented_block(vb, &purge_list, false) && vb->dirty_max && vb->dirty != VMAP_BBMAP_BITS) { unsigned long va_start = vb->va->va_start; unsigned long s, e; --- Changes since v2 [2]: - simply revert the patch has other effects, per Zhaoyang Changes since v1 [1]: - add runtime effect in commit msg, per Andrew. BTW, 1. use xa_for_each to iterate all vb, we need a mapping from vb to vbq. Zhaoyang use cpuid to get vbq as follows: https://lore.kernel.org/all/20240531030520.1615833-1-zhaoyang.huang@unisoc.… IMO, why not just store the address of the lock, which might waste a few more bytes but would look clearer. Baoquan and Hillf save directly to the queue correspoding to va, - vbq = raw_cpu_ptr(&vmap_block_queue); + vbq = container_of(xa, struct vmap_block_queue, vmap_blocks); spin_lock(&vbq->lock); , /* * We should probably have a fallback mechanism to allocate virtual memory * out of partially filled vmap blocks. However vmap block sizing should be @@ -2626,7 +2634,7 @@ static void *new_vmap_block(unsigned int order, gfp_t gfp_mask) return ERR_PTR(err); } - vbq = raw_cpu_ptr(&vmap_block_queue); + vbq = addr_to_vbq(va->va_start); If in this case we actually don't need the percpu variable at all, because each address directly to the correspoding index through hash function. Does anyone have a btter suggestion? https://lore.kernel.org/all/ZlqIp9V1Jknm7axa@MiWiFi-R3L-srv/ [1] https://lore.kernel.org/all/20240530093108.4512-1-hailong.liu@oppo.com/ [2] https://lore.kernel.org/all/20240531024820.5507-1-hailong.liu@oppo.com/ -- 2.34.1

1 year, 3 months

2
1
0 0

Re: Patch "s390/vdso: Create .build-id links for unstripped vdso files" has been added to the 6.1-stable tree

by Masahiro Yamada

On Fri, May 31, 2024 at 4:16 AM Sasha Levin <sashal(a)kernel.org> wrote: > > This is a note to let you know that I've just added the patch titled > > s390/vdso: Create .build-id links for unstripped vdso files > > to the 6.1-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > s390-vdso-create-.build-id-links-for-unstripped-vdso.patch > and it can be found in the queue-6.1 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit e5fcc928a0c3c2fe5e6e2c66a16b7d67334fac02 > Author: Jens Remus <jremus(a)linux.ibm.com> > Date: Mon Apr 29 17:02:53 2024 +0200 > > s390/vdso: Create .build-id links for unstripped vdso files > > [ Upstream commit fc2f5f10f9bc5e58d38e9fda7dae107ac04a799f ] > > Citing Andy Lutomirski from commit dda1e95cee38 ("x86/vdso: Create > .build-id links for unstripped vdso files"): > > "With this change, doing 'make vdso_install' and telling gdb: > > set debug-file-directory /lib/modules/KVER/vdso > > will enable vdso debugging with symbols. This is useful for > testing, but kernel RPM builds will probably want to manually delete > these symlinks or otherwise do something sensible when they strip > the vdso/*.so files." > > Fixes: 4bff8cb54502 ("s390: convert to GENERIC_VDSO") I doubt this Fixes tag. I do not think this is a bug fix. Its prerequisites are not suitable for stable either. > Signed-off-by: Jens Remus <jremus(a)linux.ibm.com> > Signed-off-by: Alexander Gordeev <agordeev(a)linux.ibm.com> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/scripts/Makefile.vdsoinst b/scripts/Makefile.vdsoinst > index c477d17b0aa5b..a81ca735003e4 100644 > --- a/scripts/Makefile.vdsoinst > +++ b/scripts/Makefile.vdsoinst > @@ -21,7 +21,7 @@ $$(dest): $$(src) FORCE > $$(call cmd,install) > > # Some architectures create .build-id symlinks > -ifneq ($(filter arm sparc x86, $(SRCARCH)),) > +ifneq ($(filter arm s390 sparc x86, $(SRCARCH)),) > link := $(install-dir)/.build-id/$$(shell $(READELF) -n $$(src) | sed -n 's(a)^.*Build ID: $..$$.*$@\1/\2@p').debug > > __default: $$(link) -- Best Regards Masahiro Yamada

1 year, 3 months

1
0
0 0

[PATCH wireless] wifi: mt76: mt7615: add missing chanctx ops

by Johannes Berg

From: Johannes Berg <johannes.berg(a)intel.com> Here's another one I missed during the initial conversion, fix that. Cc: stable(a)vger.kernel.org Reported-by: Rene Petersen <renepetersen(a)posteo.de> Fixes: 0a44dfc07074 ("wifi: mac80211: simplify non-chanctx drivers") Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218895 Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> --- drivers/net/wireless/mediatek/mt76/mt7615/main.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/net/wireless/mediatek/mt76/mt7615/main.c b/drivers/net/wireless/mediatek/mt76/mt7615/main.c index 0971c164b57e..c27acaf0eb1c 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7615/main.c +++ b/drivers/net/wireless/mediatek/mt76/mt7615/main.c @@ -1326,6 +1326,10 @@ static void mt7615_set_rekey_data(struct ieee80211_hw *hw, #endif /* CONFIG_PM */ const struct ieee80211_ops mt7615_ops = { + .add_chanctx = ieee80211_emulate_add_chanctx, + .remove_chanctx = ieee80211_emulate_remove_chanctx, + .change_chanctx = ieee80211_emulate_change_chanctx, + .switch_vif_chanctx = ieee80211_emulate_switch_vif_chanctx, .tx = mt7615_tx, .start = mt7615_start, .stop = mt7615_stop, -- 2.45.1

1 year, 3 months

2
2
0 0

Kernel 6.9 regression: X86: Bogus messages from topology detection

by Peter Schneider

Hi all, I have noticed strange messages in kernel version 6.9, obviously from CPU topology detection, which were not present in 6.8.y and earlier kernels. This is coming from an older server machine: 2-socket Ivy Bridge Xeon E5-2697 v2 (24C/48T) in an Asus Z9PE-D16/2L motherboard (Intel C-602A chipset); BIOS patched to the latest available from Asus. All memory slots occupied, so 256 GB RAM in total. From a "good boot", e.g. kernel 6.8.11, dmesg output looks like this: [ 1.823797] smpboot: x86: Booting SMP configuration: [ 1.823799] .... node #0, CPUs: #1 #2 #3 #4 #5 #6 #7 #8 #9 #10 #11 [ 1.827514] .... node #1, CPUs: #12 #13 #14 #15 #16 #17 #18 #19 #20 #21 #22 #23 [ 0.011462] smpboot: CPU 12 Converting physical 0 to logical die 1 [ 1.875532] .... node #0, CPUs: #24 #25 #26 #27 #28 #29 #30 #31 #32 #33 #34 #35 [ 1.882453] .... node #1, CPUs: #36 #37 #38 #39 #40 #41 #42 #43 #44 #45 #46 #47 [ 1.887532] MDS CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html for more details. [ 1.933640] smp: Brought up 2 nodes, 48 CPUs [ 1.933640] smpboot: Max logical packages: 2 [ 1.933640] smpboot: Total of 48 processors activated (259199.61 BogoMIPS) From a "bad" boot, e.g. kernel 6.9.2, dmesg output has these messages in it: [ 1.785937] smpboot: x86: Booting SMP configuration: [ 1.785939] .... node #0, CPUs: #4 [ 1.786215] .... node #1, CPUs: #12 #16 [ 1.793547] MDS CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html for more details. [ 1.797547] .... node #0, CPUs: #1 #2 #3 #5 #6 #7 #8 #9 #10 #11 [ 1.801858] .... node #1, CPUs: #13 #14 #15 #17 #18 #19 #20 #21 #22 #23 [ 1.804687] .... node #0, CPUs: #24 #25 #26 #27 #28 #29 #30 #31 #32 #33 #34 #35 [ 1.810728] .... node #1, CPUs: #36 #37 #38 #39 #40 #41 #42 #43 #44 #45 #46 #47 [ 1.901547] smp: Brought up 2 nodes, 48 CPUs [ 1.901547] smpboot: Total of 48 processors activated (259207.87 BogoMIPS) [ 1.903803] BUG: arch topology borken [ 1.903879] the SMT domain not a subset of the CLS domain [ 1.903970] BUG: arch topology borken [ 1.904040] the SMT domain not a subset of the CLS domain [ 1.904128] BUG: arch topology borken [ 1.904198] the SMT domain not a subset of the CLS domain ... and this "BUG" and the following line repeat 48 times which is the number of logical CPUs this machine has. Also, there is a funny typo in the message, but that might be intended, I guess?! Moreover I noticed, from node #1, CPU #12 detection message is missing, so the counting maybe wrong?! However the machine boots, and except from these strange messages, I cannot detect any other abnormal behaviour. It is running ~15 QEMU/KVM virtual machines just fine. Because these messages look unusual and a bit scary though, I have bisected the issue, to be able to report it here. The first bad commit I found is this one: 22d63660c35eb751c63a709bf901a64c1726592a is the first bad commit commit 22d63660c35eb751c63a709bf901a64c1726592a Author: Thomas Gleixner <tglx(a)linutronix.de> Date: Tue Feb 13 22:04:08 2024 +0100 x86/cpu: Use common topology code for Intel Intel CPUs use either topology leaf 0xb/0x1f evaluation or the legacy SMP/HT evaluation based on CPUID leaf 0x1/0x4. Move it over to the consolidated topology code and remove the random topology hacks which are sprinkled into the Intel and the common code. No functional change intended. Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Tested-by: Juergen Gross <jgross(a)suse.com> Tested-by: Sohil Mehta <sohil.mehta(a)intel.com> Tested-by: Michael Kelley <mhklinux(a)outlook.com> Tested-by: Zhang Rui <rui.zhang(a)intel.com> Tested-by: Wang Wendy <wendy.wang(a)intel.com> Tested-by: K Prateek Nayak <kprateek.nayak(a)amd.com> Link: https://lore.kernel.org/r/20240212153624.893644349@linutronix.de arch/x86/kernel/cpu/common.c | 65 ----------------------------------- arch/x86/kernel/cpu/cpu.h | 4 --- arch/x86/kernel/cpu/intel.c | 25 -------------- arch/x86/kernel/cpu/topology.c | 22 ------------ arch/x86/kernel/cpu/topology_common.c | 5 ++- 5 files changed, 4 insertions(+), 117 deletions(-) root@linus:/usr/src/linux# I attach my bisect log, and full dmesg output from a good and from a bad kernel version. Moreover, the last 3 bad kernels from my bisect session did not boot at all, including the one with commit SHA1 from the first bad commit above. These kernels also had the series of "BUG" messages scrolling through on the console, and then additionally a kernel panic, seemingly coming from a divide exception from function init_intel_microcode: <5>[ 5.968685] Key type dns_resolver registered <4>[ 5.974402] ENERGY_PERF_BIAS: Set to 'normal', was 'performance' <4>[ 5.977017] divide error: 0000 [#1] PREEMPT SMP PTI <4>[ 5.977116] CPU: 9 PID: 1 Comm: swapper/0 Not tainted 6.8.0-rc4+ #1 <4>[ 5.977213] Hardware name: ASUSTeK COMPUTER INC. Z9PE-D16 Series/Z9PE-D16 Series, BIOS 5601 06/11/2015 <4>[ 5.977337] RIP: 0010:init_intel_microcode+0x3c/0x80 <4>[ 5.977436] Code: ff 75 44 40 80 fe 05 76 3e 48 8b 05 b6 45 f7 ff a9 00 00 00 40 75 30 8b 05 85 46 f7 ff 0f b7 0d aa 46 f7 ff 31 d2 48 c1 e0 0a <48> f7 f1 89 05 9b f9 46 ff 48 c7 c0 c0 98 e4 a8 31 d2 31 c9 31 f6 <4>[ 5.977602] RSP: 0000:ffffb79b8008fd80 EFLAGS: 00010206 <4>[ 5.977697] RAX: 0000000001e00000 RBX: 0000000000000000 RCX: 0000000000000000 <4>[ 5.977795] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000000 <4>[ 5.977894] RBP: ffffb79b8008fdf8 R08: 0000000000000000 R09: 0000000000000000 <4>[ 5.977992] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 <4>[ 5.978090] R13: 000000000000019a R14: ffffb79b8008fe08 R15: ffff96ad4026cf00 <4>[ 5.978187] FS: 0000000000000000(0000) GS:ffff96cc3fa40000(0000) knlGS:0000000000000000 <4>[ 5.978308] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 <4>[ 5.978402] CR2: 0000000000000000 CR3: 0000000e6d236001 CR4: 00000000001706f0 <4>[ 5.978500] Call Trace: <4>[ 5.978588] <TASK> <4>[ 5.978675] ? show_regs+0x6d/0x80 <4>[ 5.978767] ? die+0x37/0xa0 <4>[ 5.978857] ? do_trap+0xd4/0xf0 <4>[ 5.978948] ? do_error_trap+0x71/0xb0 <4>[ 5.979040] ? init_intel_microcode+0x3c/0x80 <4>[ 5.979131] ? exc_divide_error+0x3a/0x70 <4>[ 5.979226] ? init_intel_microcode+0x3c/0x80 <4>[ 5.979317] ? asm_exc_divide_error+0x1b/0x20 <4>[ 5.979427] ? init_intel_microcode+0x3c/0x80 <4>[ 5.979520] ? microcode_init+0x196/0x260 <4>[ 5.979612] ? __pfx_microcode_init+0x10/0x10 <4>[ 5.979718] do_one_initcall+0x5e/0x340 <4>[ 5.979813] kernel_init_freeable+0x322/0x490 <4>[ 5.979906] ? __pfx_kernel_init+0x10/0x10 <4>[ 5.979998] kernel_init+0x1b/0x200 <4>[ 5.980089] ret_from_fork+0x47/0x70 <4>[ 5.980180] ? __pfx_kernel_init+0x10/0x10 <4>[ 5.980272] ret_from_fork_asm+0x1b/0x30 <4>[ 5.980364] </TASK> <4>[ 5.980450] Modules linked in: <4>[ 5.980544] ---[ end trace 0000000000000000 ]--- <4>[ 6.959943] RIP: 0010:init_intel_microcode+0x3c/0x80 <4>[ 6.960041] Code: ff 75 44 40 80 fe 05 76 3e 48 8b 05 b6 45 f7 ff a9 00 00 00 40 75 30 8b 05 85 46 f7 ff 0f b7 0d aa 46 f7 ff 31 d2 48 c1 e0 0a <48> f7 f1 89 05 9b f9 46 ff 48 c7 c0 c0 98 e4 a8 31 d2 31 c9 31 f6 <4>[ 6.960207] RSP: 0000:ffffb79b8008fd80 EFLAGS: 00010206 <4>[ 6.960316] RAX: 0000000001e00000 RBX: 0000000000000000 RCX: 0000000000000000 <4>[ 6.960414] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000000 <4>[ 6.960512] RBP: ffffb79b8008fdf8 R08: 0000000000000000 R09: 0000000000000000 <4>[ 6.960610] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 <4>[ 6.960708] R13: 000000000000019a R14: ffffb79b8008fe08 R15: ffff96ad4026cf00 <4>[ 6.960806] FS: 0000000000000000(0000) GS:ffff96cc3fa40000(0000) knlGS:0000000000000000 <4>[ 6.960927] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 <4>[ 6.961021] CR2: 0000000000000000 CR3: 0000000e6d236001 CR4: 00000000001706f0 <0>[ 6.961120] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b <0>[ 6.961312] Kernel Offset: 0x25c00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) I also attached full dmesg log file "dmesg-erst-7373208397568540677" of this panic which I could find in /var/lib/systemd/pstore. Beste Grüße, Peter Schneider -- Climb the mountain not to plant your flag, but to embrace the challenge, enjoy the air and behold the view. Climb it so you can see the world, not so the world can see you. -- David McCullough Jr. OpenPGP: 0xA3828BD796CCE11A8CADE8866E3A92C92C3FF244 Download: https://www.peters-netzplatz.de/download/pschneider1968_pub.asc https://keys.mailvelope.com/pks/lookup?op=get&search=pschneider1968@googlem… https://keys.mailvelope.com/pks/lookup?op=get&search=pschneider1968@gmail.c…

1 year, 3 months

4
28
0 0

[PATCH 6.8 000/493] 6.8.12-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.8.12 release. There are 493 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 29 May 2024 18:53:22 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.8.12-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.8.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.8.12-rc1 Jiawen Wu <jiawenwu(a)trustnetic.com> net: txgbe: fix GPIO interrupt blocking Jiawen Wu <jiawenwu(a)trustnetic.com> net: txgbe: fix to clear interrupt status after handling IRQ Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: Fix setting period with #pwm-cells = <1> and of_pwm_single_xlate() Jens Axboe <axboe(a)kernel.dk> io_uring/net: ensure async prep handlers always initialize ->done_io Tom Parkin <tparkin(a)katalix.com> l2tp: fix ICMP error handling for UDP-encap sockets Jiawen Wu <jiawenwu(a)trustnetic.com> net: txgbe: fix to control VLAN strip Jiawen Wu <jiawenwu(a)trustnetic.com> net: txgbe: use irq_domain for interrupt controller Jiawen Wu <jiawenwu(a)trustnetic.com> net: txgbe: move interrupt codes to a separate file Jiawen Wu <jiawenwu(a)trustnetic.com> net: wangxun: match VLAN CTAG and STAG features Jiawen Wu <jiawenwu(a)trustnetic.com> net: wangxun: fix to change Rx features Cheng Yu <serein.chengyu(a)huawei.com> sched/core: Fix incorrect initialization of the 'burst' parameter in cpu_max_write() Vitalii Bursov <vitaly(a)bursov.com> sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level Eric Dumazet <edumazet(a)google.com> af_packet: do not call packet_read_pending() from tpacket_destruct_skb() Eric Dumazet <edumazet(a)google.com> netrom: fix possible dead-lock in nr_rt_ioctl() Michal Schmidt <mschmidt(a)redhat.com> idpf: don't skip over ethtool tcp-data-split setting Hangbin Liu <liuhangbin(a)gmail.com> selftests/net/lib: no need to record ns name if it already exist Chris Lew <quic_clew(a)quicinc.com> net: qrtr: ns: Fix module refcnt Nikolay Aleksandrov <razor(a)blackwall.org> net: bridge: mst: fix vlan use-after-free Nikolay Aleksandrov <razor(a)blackwall.org> selftests: net: bridge: increase IGMP/MLD exclude timeout membership interval Nikolay Aleksandrov <razor(a)blackwall.org> net: bridge: xmit: make sure we have at least eth header len bytes Wang Yao <wangyao(a)lemote.com> modules: Drop the .export_symbol section from the final modules Beau Belgrave <beaub(a)linux.microsoft.com> tracing/user_events: Fix non-spaced field matching Beau Belgrave <beaub(a)linux.microsoft.com> tracing/user_events: Prepare find/delete for same name events Ivanov Mikhail <ivanov.mikhail1(a)huawei-partners.com> samples/landlock: Fix incorrect free in populate_ruleset_net Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/cma: Fix kmemleak in rdma_core observed during blktests nvme/rdma use siw Leon Romanovsky <leon(a)kernel.org> RDMA/IPoIB: Fix format truncation compilation errors Edward Liaw <edliaw(a)google.com> selftests/kcmp: remove unused open mode SeongJae Park <sj(a)kernel.org> selftests/damon/_damon_sysfs: check errors from nr_schemes file reads Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Fix gss_free_in_token_pages() Michal Schmidt <mschmidt(a)redhat.com> bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq Sergey Shtylyov <s.shtylyov(a)omp.ru> of: module: add buffer overflow check in of_modalias() Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: apss-ipq-pll: fix PLL rate for IPQ5018 Nathan Chancellor <nathan(a)kernel.org> clk: qcom: Fix SM_GPUCC_8650 dependencies Nathan Chancellor <nathan(a)kernel.org> clk: qcom: Fix SC_CAMCC_8280XP dependencies Zhang Yi <yi.zhang(a)huawei.com> ext4: remove the redundant folio_wait_stable() Dan Carpenter <dan.carpenter(a)linaro.org> ext4: fix potential unnitialized variable NeilBrown <neilb(a)suse.de> nfsd: don't create nfsv4recoverydir in nfsdfs when not used. Aleksandr Aprelkov <aaprelkov(a)usergate.com> sunrpc: removed redundant procp check David Hildenbrand <david(a)redhat.com> drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map() Christoph Hellwig <hch(a)lst.de> virt: acrn: stop using follow_pfn Konstantin Taranov <kotaranov(a)microsoft.com> RDMA/mana_ib: boundary check before installing cq callbacks Konstantin Taranov <kotaranov(a)microsoft.com> RDMA/mana_ib: Use struct mana_ib_queue for CQs Konstantin Taranov <kotaranov(a)microsoft.com> RDMA/mana_ib: Introduce helpers to create and destroy mana queues Jan Kara <jack(a)suse.cz> ext4: avoid excessive credit estimate in ext4_tmpfile() Adrian Hunter <adrian.hunter(a)intel.com> x86/insn: Add VEX versions of VPDPBUSD, VPDPBUSDS, VPDPWSSD and VPDPWSSDS Adrian Hunter <adrian.hunter(a)intel.com> x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map Marc Gonzalez <mgonzalez(a)freebox.fr> clk: qcom: mmcc-msm8998: fix venus clock issue Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: dispcc-sm8650: fix DisplayPort clocks Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: dispcc-sm8550: fix DisplayPort clocks Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: dispcc-sm6350: fix DisplayPort clocks Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: dispcc-sm8450: fix DisplayPort clocks Jinjiang Tu <tujinjiang(a)huawei.com> mm/ksm: fix ksm exec support for prctl Duoming Zhou <duoming(a)zju.edu.cn> lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> clk: renesas: r9a07g043: Add clock and reset entry for PLIC Geert Uytterhoeven <geert+renesas(a)glider.be> clk: renesas: r8a779a0: Fix CANFD parent clock Jason Gunthorpe <jgg(a)ziepe.ca> IB/mlx5: Use __iowrite64_copy() for write combining stores Bob Pearson <rpearsonhpe(a)gmail.com> RDMA/rxe: Fix incorrect rxe_put in error path Bob Pearson <rpearsonhpe(a)gmail.com> RDMA/rxe: Allow good work requests to be executed Bob Pearson <rpearsonhpe(a)gmail.com> RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: clk-alpha-pll: remove invalid Stromer register offset Catalin Popescu <catalin.popescu(a)leica-geosystems.com> clk: rs9: fix wrong default value for clock amplitude Alexandre Mergnat <amergnat(a)baylibre.com> clk: mediatek: mt8365-mm: fix DPI0 parent Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Modify the print level of CQE error Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Use complete parentheses in macros Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix GMV table pagesize Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix UAF for cq async event Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix deadlock on SRQ async events. Zhengchao Shao <shaozhengchao(a)huawei.com> RDMA/hns: Fix return value in hns_roce_map_mr_sg Yi Liu <yi.l.liu(a)intel.com> iommu: Undo pasid attachment only for the devices that have succeeded Nícolas F. R. A. Prado <nfraprado(a)collabora.com> clk: mediatek: pllfh: Don't log error for missing fhctl node Or Har-Toov <ohartoov(a)nvidia.com> RDMA/mlx5: Adding remote atomic access flag to updatable flags Or Har-Toov <ohartoov(a)nvidia.com> RDMA/mlx5: Change check for cacheable mkeys Or Har-Toov <ohartoov(a)nvidia.com> RDMA/mlx5: Uncacheable mkey has neither rb_key or cache_ent Jaewon Kim <jaewon02.kim(a)samsung.com> clk: samsung: exynosautov9: fix wrong pll clock id value Pratyush Yadav <p.yadav(a)ti.com> media: cadence: csi2rx: configure DPHY before starting source stream Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/edid: Parse topology block for all DispID structure v1.x Detlev Casanova <detlev.casanova(a)collabora.com> drm/rockchip: vop2: Do not divide height twice for YUV Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Add quirk for Logitech Rally Bar Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/mipi-dsi: use correct return type for the DSC functions Stefan Binding <sbinding(a)opensource.cirrus.com> ALSA: hda: cs35l41: Remove Speaker ID for Lenovo Legion slim 7 16ARHA7 Marek Vasut <marex(a)denx.de> drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector Hsin-Te Yuan <yuanhsinte(a)chromium.org> drm/bridge: anx7625: Update audio status while detecting Nícolas F. R. A. Prado <nfraprado(a)collabora.com> drm/panel: novatek-nt35950: Don't log an error when DSI host can't be found Nícolas F. R. A. Prado <nfraprado(a)collabora.com> drm/bridge: dpc3433: Don't log an error when DSI host can't be found Nícolas F. R. A. Prado <nfraprado(a)collabora.com> drm/bridge: tc358775: Don't log an error when DSI host can't be found Nícolas F. R. A. Prado <nfraprado(a)collabora.com> drm/bridge: lt9611uxc: Don't log an error when DSI host can't be found Nícolas F. R. A. Prado <nfraprado(a)collabora.com> drm/bridge: lt9611: Don't log an error when DSI host can't be found Nícolas F. R. A. Prado <nfraprado(a)collabora.com> drm/bridge: lt8912b: Don't log an error when DSI host can't be found Nícolas F. R. A. Prado <nfraprado(a)collabora.com> drm/bridge: icn6211: Don't log an error when DSI host can't be found Nícolas F. R. A. Prado <nfraprado(a)collabora.com> drm/bridge: anx7625: Don't log an error when DSI host can't be found Steven Rostedt <rostedt(a)goodmis.org> ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value Aleksandr Mishin <amishin(a)t-argos.ru> drm: vc4: Fix possible null pointer dereference Huai-Yuan Liu <qq810974084(a)gmail.com> drm/arm/malidp: fix a possible null pointer dereference Zhipeng Lu <alexious(a)zju.edu.cn> media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries Randy Dunlap <rdunlap(a)infradead.org> fbdev: sh7760fb: allow modular build Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: v4l2-subdev: Fix stream handling for crop API Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> media: i2c: et8ek8: Don't strip remove function when driver is builtin Fabio Estevam <festevam(a)denx.de> media: dt-bindings: ovti,ov2680: Fix the power supply names Sakari Ailus <sakari.ailus(a)linux.intel.com> media: ipu3-cio2: Request IRQ earlier Douglas Anderson <dianders(a)chromium.org> drm/msm/dp: Avoid a long timeout for AUX transfer if nothing connected Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dp: allow voltage swing / pre emphasis of 3 Armin Wolf <W_Armin(a)gmx.de> platform/x86: xiaomi-wmi: Fix race condition when reporting key events Aleksandr Mishin <amishin(a)t-argos.ru> drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference Ricardo Ribalda <ribalda(a)chromium.org> media: radio-shark2: Avoid led_names truncations Arnd Bergmann <arnd(a)arndb.de> media: rcar-vin: work around -Wenum-compare-conditional warning Changhuang Liang <changhuang.liang(a)starfivetech.com> staging: media: starfive: Remove links when unregistering devices Aleksandr Burakov <a.burakov(a)rosalinux.ru> media: ngene: Add dvb_ca_en50221_init return value check Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Test result of avs_get_module_entry() Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Fix potential integer overflow Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Fix ASRC module initialization Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: Intel: avs: Restore stream decoupling on prepare Tianchen Ding <dtcccc(a)linux.alibaba.com> selftests: cgroup: skip test_cgcore_lesser_ns_open when cgroup2 mounted without nsdelegate Arnd Bergmann <arnd(a)arndb.de> fbdev: sisfb: hide unused variables Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: mtl: Implement firmware boot state check Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: mtl: Disable interrupts when firmware boot failed Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: lnl: Correct rom_status_reg Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: mtl: Correct rom_status_reg Arnd Bergmann <arnd(a)arndb.de> powerpc/fsl-soc: hide unused const variable Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: SOF: Intel: hda-dai: fix channel map configuration for aggregated dailink Douglas Anderson <dianders(a)chromium.org> drm/mediatek: Init `ddp_comp` with devm_kcalloc() Justin Green <greenjustin(a)chromium.org> drm/mediatek: Add 0 size check to mtk_drm_gem_obj Christian Hewitt <christianshewitt(a)gmail.com> drm/meson: vclk: fix calculation of 59.94 fractional rates Aleksandr Mishin <amishin(a)t-argos.ru> ASoC: kirkwood: Fix potential NULL dereference Arnd Bergmann <arnd(a)arndb.de> fbdev: shmobile: fix snprintf truncation Heiko Stuebner <heiko.stuebner(a)cherry.de> drm/panel: ltk050h3146w: drop duplicate commands from LTK050H3148W init Heiko Stuebner <heiko.stuebner(a)cherry.de> drm/panel: ltk050h3146w: add MIPI_DSI_MODE_VIDEO to LTK050H3148W flags AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> ASoC: mediatek: Assign dummy when codec not specified for a DAI link Arnd Bergmann <arnd(a)arndb.de> drm/imagination: avoid -Woverflow warning Maxim Korotkov <korotkov.maxim.s(a)gmail.com> mtd: rawnand: hynix: fixed typo Aapo Vienamo <aapo.vienamo(a)linux.intel.com> mtd: core: Report error if first mtd_otp_size() call fails in mtd_otp_nvmem_add() Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: ssm4567: Do not ignore route checks Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: Disable route checks for Skylake boards Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Remove redundant condition in dcn35_calc_blocks_to_gate() Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Fix potential index out of bounds in color transformation function Douglas Anderson <dianders(a)chromium.org> drm/panel: atna33xc20: Fix unbalanced regulator in the case HPD doesn't assert Douglas Anderson <dianders(a)chromium.org> drm/dp: Don't attempt AUX transfers when eDP panels are not powered Marek Vasut <marex(a)denx.de> drm/lcdif: Do not disable clocks on already suspended hardware Geert Uytterhoeven <geert+renesas(a)glider.be> dev_printk: Add and use dev_no_printk() Geert Uytterhoeven <geert+renesas(a)glider.be> printk: Let no_printk() use _printk() Tony Lindgren <tony(a)atomide.com> drm/omapdrm: Fix console with deferred ops Tony Lindgren <tony(a)atomide.com> drm/omapdrm: Fix console by implementing fb_dirty Lyude Paul <lyude(a)redhat.com> drm/nouveau/dp: Fix incorrect return code in r535_dp_aux_xfer() Vignesh Raman <vignesh.raman(a)collabora.com> drm/ci: update device type for volteer devices Jagan Teki <jagan(a)amarulasolutions.com> drm/bridge: Fix improper bridge init order with pre_enable_prev_first Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_core: Fix not handling hdev->le_num_of_adv_sets=1 Gustavo A. R. Silva <gustavoars(a)kernel.org> Bluetooth: hci_conn, hci_sync: Use __counted_by() to avoid -Wfamnae warnings Kees Cook <keescook(a)chromium.org> overflow: Change DEFINE_FLEX to take __counted_by member Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: make ice_vsi_cfg_txq() static Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: make ice_vsi_cfg_rxq() static Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: HCI: Remove HCI_AMP support Lukas Bulwahn <lukas.bulwahn(a)gmail.com> Bluetooth: hci_event: Remove code to removed CONFIG_BT_HS Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> Bluetooth: Remove usage of the deprecated ida_simple_xx() API Iulia Tanasescu <iulia.tanasescu(a)nxp.com> Bluetooth: ISO: Make iso_get_sock_listen generic Dan Carpenter <dan.carpenter(a)linaro.org> Bluetooth: ISO: Clean up returns values in iso_connect_ind() Iulia Tanasescu <iulia.tanasescu(a)nxp.com> Bluetooth: ISO: Add hcon for listening bis sk Dan Carpenter <dan.carpenter(a)linaro.org> Bluetooth: qca: Fix error code in qca_read_fw_build_info() Sebastian Urban <surban(a)surban.net> Bluetooth: compute LE flow credits based on recvbuf space Horatiu Vultur <horatiu.vultur(a)microchip.com> net: micrel: Fix receiving the timestamp in the frame for lan8841 Xiaolei Wang <xiaolei.wang(a)windriver.com> net: stmmac: move the EST lock to struct stmmac_priv Rohan G Thomas <rohan.g.thomas(a)intel.com> net: stmmac: Report taprio offload status Rohan G Thomas <rohan.g.thomas(a)intel.com> net: stmmac: est: Per Tx-queue error count for HLBF Rohan G Thomas <rohan.g.thomas(a)intel.com> net: stmmac: Offload queueMaxSDU from tc-taprio Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: fix full TCP keep-alive support Paolo Abeni <pabeni(a)redhat.com> mptcp: cleanup SOL_TCP handling Paolo Abeni <pabeni(a)redhat.com> mptcp: implement TCP_NOTSENT_LOWAT support Paolo Abeni <pabeni(a)redhat.com> mptcp: avoid some duplicate code in socket option handling Paolo Abeni <pabeni(a)redhat.com> mptcp: cleanup writer wake-up Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: SO_KEEPALIVE: fix getsockopt support Wei Fang <wei.fang(a)nxp.com> net: fec: remove .ndo_poll_controller to avoid deadlocks Chen Ni <nichen(a)iscas.ac.cn> dpll: fix return value check for kmemdup Duoming Zhou <duoming(a)zju.edu.cn> ax25: Fix reference count leak issue of net_device Duoming Zhou <duoming(a)zju.edu.cn> ax25: Fix reference count leak issues of ax25_dev Duoming Zhou <duoming(a)zju.edu.cn> ax25: Use kernel universal linked list to implement ax25_dev_list Puranjay Mohan <puranjay(a)kernel.org> riscv, bpf: make some atomic operations fully ordered Ilya Leoshkevich <iii(a)linux.ibm.com> s390/bpf: Emit a barrier for BPF_FETCH instructions Akiva Goldberger <agoldberger(a)nvidia.com> net/mlx5: Discard command completions in internal error Akiva Goldberger <agoldberger(a)nvidia.com> net/mlx5: Add a timeout to acquire the command queue semaphore Maher Sanalla <msanalla(a)nvidia.com> net/mlx5: Reload only IB representors upon lag disable/enable Shay Drory <shayd(a)nvidia.com> net/mlx5: Fix peer devlink set for SF representor devlink port Hangbin Liu <liuhangbin(a)gmail.com> ipv6: sr: fix invalid unregister error path Hangbin Liu <liuhangbin(a)gmail.com> ipv6: sr: fix incorrect unregister order Hangbin Liu <liuhangbin(a)gmail.com> ipv6: sr: add missing seg6_local_exit Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: fix overwriting ct original tuple for ICMPv6 Eric Dumazet <edumazet(a)google.com> net: usb: smsc95xx: stop lying about skb->truesize Breno Leitao <leitao(a)debian.org> af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg Linus Walleij <linus.walleij(a)linaro.org> net: ethernet: cortina: Locking fixes Dan Nowlin <dan.nowlin(a)intel.com> ice: Fix package download algorithm Daniel Golle <daniel(a)makrotopia.org> net: ethernet: mediatek: use ADMAv1 instead of ADMAv2.0 on MT7981 and MT7986 Lorenzo Bianconi <lorenzo(a)kernel.org> net: ethernet: mediatek: split tx and rx fields in mtk_soc_data struct Jakub Kicinski <kuba(a)kernel.org> selftests: net: move amt to socat for better compatibility Jakub Kicinski <kuba(a)kernel.org> selftests: net: add missing config for amt.sh Jakub Kicinski <kuba(a)kernel.org> eth: sungem: remove .ndo_poll_controller to avoid deadlocks gaoxingwang <gaoxingwang1(a)huawei.com> net: ipv6: fix wrong start position when receive hop-by-hop fragment Vadim Fedorenko <vadim.fedorenko(a)linux.dev> ptp: ocp: fix DPLL functions Benjamin Marzinski <bmarzins(a)redhat.com> dm-delay: fix max_delay calculations Joel Colledge <joel.colledge(a)linbit.com> dm-delay: fix hung task introduced by kthread mode Benjamin Marzinski <bmarzins(a)redhat.com> dm-delay: fix workqueue delay_timer race Finn Thain <fthain(a)linux-m68k.org> m68k: mac: Fix reboot hang on Mac IIci Michael Schmitz <schmitzmic(a)gmail.com> m68k: Fix spinlock race in kernel thread creation Eric Dumazet <edumazet(a)google.com> net: usb: sr9700: stop lying about skb->truesize Eric Dumazet <edumazet(a)google.com> usb: aqc111: stop lying about skb->truesize Basavaraj Natikar <Basavaraj.Natikar(a)amd.com> HID: amd_sfh: Handle "no sensors" in PM operations Dan Carpenter <dan.carpenter(a)linaro.org> wifi: mwl8k: initialize cmd->addr[] properly Robert Richter <rrichter(a)amd.com> x86/numa: Fix SRAT lookup of CFMWS ranges with numa_fill_memblks() Jim Liu <jim.t90615(a)gmail.com> gpio: nuvoton: Fix sgpio irq handle error Himanshu Madhani <himanshu.madhani(a)oracle.com> scsi: qla2xxx: Fix debugfs output for fw_resource_count Bui Quang Minh <minhquangbui99(a)gmail.com> scsi: qedf: Ensure the copied buf is NUL terminated Bui Quang Minh <minhquangbui99(a)gmail.com> scsi: bfa: Ensure the copied buf is NUL terminated Chen Ni <nichen(a)iscas.ac.cn> HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors Michal Schmidt <mschmidt(a)redhat.com> selftests/bpf: Fix pointer arithmetic in test_xdp_do_redirect Scott Mayhew <smayhew(a)redhat.com> kunit: bail out early in __kunit_test_suites_init() if there are no suites to test Wander Lairson Costa <wander(a)redhat.com> kunit: unregister the device on error Mickaël Salaün <mic(a)digikod.net> kunit: Fix kthread reference Valentin Obst <kernel(a)valentinobst.de> selftests: default to host arch for LLVM builds John Hubbard <jhubbard(a)nvidia.com> selftests/resctrl: fix clang build failure: use LOCAL_HDRS John Hubbard <jhubbard(a)nvidia.com> selftests/binderfs: use the Makefile's rules, not Make's implicit rules Chih-Kang Chang <gary.chang(a)realtek.com> wifi: rtw89: wow: refine WoWLAN flows of HCI interrupts and low power mode Kees Cook <keescook(a)chromium.org> wifi: nl80211: Avoid address calculations via out of bounds array indexing Jiri Olsa <jolsa(a)kernel.org> libbpf: Fix error message in attach_kprobe_multi Howard Hsu <howard-yh.hsu(a)mediatek.com> wifi: mt76: mt7996: fix potential memory leakage when reading chip temperature Lorenzo Bianconi <lorenzo(a)kernel.org> wifi: mt76: mt7996: fix uninitialized variable in mt7996_irq_tasklet() Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: ensure 4-byte alignment for suspend & wow command Chad Monroe <chad(a)monroe.io> wifi: mt76: mt7996: fix size of txpower MCU command Felix Fietkau <nbd(a)nbd.name> wifi: mt76: mt7603: add wpdma tx eof flag for PSE client reset Felix Fietkau <nbd(a)nbd.name> wifi: mt76: mt7603: fix tx queue of loopback packets Guenter Roeck <linux(a)roeck-us.net> Revert "sh: Handle calling csum_partial with misaligned data" Geert Uytterhoeven <geert+renesas(a)glider.be> sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe() Stanislav Fomichev <sdf(a)google.com> bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE George Stark <gnstark(a)salutedevices.com> pwm: meson: Use mul_u64_u64_div_u64() for frequency calculating George Stark <gnstark(a)salutedevices.com> pwm: meson: Add check for error from clk_round_rate() Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: meson: Make use of pwmchip_parent() accessor Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: meson: Change prototype of a few helpers to prepare further changes Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: Provide an inline function to get the parent device of a given chip Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: Reorder symbols in core.c Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: Drop duplicate check against chip->npwm in of_pwm_xlate_with_flags() Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: Let the of_xlate callbacks accept references without period Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: Drop useless member .of_pwm_n_cells of struct pwm_chip Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> wifi: ar5523: enable proper endpoint verification Viktor Malik <vmalik(a)redhat.com> selftests/bpf: Run cgroup1_hierarchy test in own mount namespace Alexei Starovoitov <ast(a)kernel.org> bpf: Fix verifier assumptions about socket->sk Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> wifi: carl9170: add a proper sanity check for endpoints Finn Thain <fthain(a)linux-m68k.org> macintosh/via-macii: Fix "BUG: sleeping function called from invalid context" Eric Dumazet <edumazet(a)google.com> net: give more chances to rcu in netdev_wait_allrefs_any() Hao Chen <chenhao418(a)huawei.com> drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() Junhao He <hejunhao3(a)huawei.com> drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group Junhao He <hejunhao3(a)huawei.com> drivers/perf: hisi_pcie: Fix out-of-bound access when valid event group Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: sti: Simplify probe function using devm functions Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: sti: Prepare removing pwm_chip from driver data Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal/debugfs: Pass cooling device state to thermal_debug_cdev_add() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal/debugfs: Create records for cdev states as they get used Eric Dumazet <edumazet(a)google.com> tcp: avoid premature drops in tcp_add_backlog() Matthias Schiffer <matthias.schiffer(a)ew.tq-group.com> net: dsa: mv88e6xxx: Avoid EEPROM timeout without EEPROM on 88E6250-family switches Matthias Schiffer <matthias.schiffer(a)ew.tq-group.com> net: dsa: mv88e6xxx: Add support for model-specific pre- and post-reset handlers Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> wifi: ath10k: populate board data for WCN3990 Portia Stephens <portia.stephens(a)canonical.com> cpufreq: brcmstb-avs-cpufreq: ISO C90 forbids mixed declarations Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: mcq: Fix ufshcd_mcq_sqe_search() Geliang Tang <tanggeliang(a)kylinos.cn> selftests/bpf: Fix a fd leak in error paths in open_netns Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal/debugfs: Avoid excessive updates of trip point statistics Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: do_xmote fixes Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: finish_xmote cleanup Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Fix potential glock use-after-free on unmount Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Remove ill-placed consistency check Su Hui <suhui(a)nfschina.com> wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() Binbin Zhou <zhoubinbin(a)loongson.cn> dt-bindings: thermal: loongson,ls2k-thermal: Fix incorrect compatible definition Binbin Zhou <zhoubinbin(a)loongson.cn> dt-bindings: thermal: loongson,ls2k-thermal: Add Loongson-2K0500 compatible Aleksandr Mishin <amishin(a)t-argos.ru> thermal/drivers/tsens: Fix null pointer dereference Hsin-Te Yuan <yuanhsinte(a)chromium.org> thermal/drivers/mediatek/lvts_thermal: Add coeff for mt8192 Karthikeyan Kathirvel <quic_kathirve(a)quicinc.com> wifi: ath12k: fix out-of-bound access of qmi_invoke_handler() Ard Biesheuvel <ardb(a)kernel.org> x86/purgatory: Switch to the position-independent small code model Yuri Karpov <YKarpov(a)ispras.ru> scsi: hpsa: Fix allocation size for Scsi_Host private data Xingui Yang <yangxingui(a)huawei.com> scsi: libsas: Fix the failure of adding phy with zero-address to port Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: init vif works only once Aleksandr Mishin <amishin(a)t-argos.ru> cppc_cpufreq: Fix possible null pointer dereference Stafford Horne <shorne(a)gmail.com> openrisc: traps: Don't send signals to kernel mode threads Gabriel Krisman Bertazi <krisman(a)suse.de> udp: Avoid call to compute_score on multiple sites Juergen Gross <jgross(a)suse.com> x86/pat: Fix W^X violation false-positives when running as Xen PV guest Juergen Gross <jgross(a)suse.com> x86/pat: Restructure _lookup_address_cpa() Juergen Gross <jgross(a)suse.com> x86/pat: Introduce lookup_address_in_pgd_attr() Viresh Kumar <viresh.kumar(a)linaro.org> cpufreq: exit() callback is optional Hechao Li <hli(a)netflix.com> tcp: increase the default TCP scaling ratio Geliang Tang <tanggeliang(a)kylinos.cn> selftests/bpf: Fix umount cgroup2 error in test_sockmap Ard Biesheuvel <ardb(a)kernel.org> x86/boot/64: Clear most of CR4 in startup_64(), except PAE, MCE and LA57 Jinjie Ruan <ruanjinjie(a)huawei.com> arm64: Remove unnecessary irqflags alternative.h include Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Fix "ignore unlock failures after withdraw" Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Don't forget to complete delayed withdraw Arnd Bergmann <arnd(a)arndb.de> ACPI: disable -Wstringop-truncation Zenghui Yu <yuzenghui(a)huawei.com> irqchip/loongson-pch-msi: Fix off-by-one on allocation error path Zenghui Yu <yuzenghui(a)huawei.com> irqchip/alpine-msi: Fix off-by-one in allocation error path Uros Bizjak <ubizjak(a)gmail.com> locking/atomic/x86: Correct the definition of __arch_try_cmpxchg128() Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/skx_common: Allow decoding of SGX addresses Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> ACPI: LPSS: Advertise number of chip selects via property Andrew Halaney <ahalaney(a)redhat.com> scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL Andrew Halaney <ahalaney(a)redhat.com> scsi: ufs: core: Perform read back after disabling interrupts Andrew Halaney <ahalaney(a)redhat.com> scsi: ufs: core: Perform read back after writing UTP_TASK_REQ_LIST_BASE_H Andrew Halaney <ahalaney(a)redhat.com> scsi: ufs: cdns-pltfrm: Perform read back after writing HCLKDIV Andrew Halaney <ahalaney(a)redhat.com> scsi: ufs: qcom: Perform read back after writing CGC enable Andrew Halaney <ahalaney(a)redhat.com> scsi: ufs: qcom: Perform read back after writing unipro mode Andrew Halaney <ahalaney(a)redhat.com> scsi: ufs: qcom: Perform read back after writing REG_UFS_SYS1CLK_1US Andrew Halaney <ahalaney(a)redhat.com> scsi: ufs: qcom: Perform read back after writing reset bit Arnd Bergmann <arnd(a)arndb.de> x86/microcode/AMD: Avoid -Wformat warning with clang-15 Andrii Nakryiko <andrii(a)kernel.org> bpf: prevent r10 register from being marked as precise Anton Protopopov <aspsk(a)isovalent.com> bpf: Pack struct bpf_fib_lookup Sahil Siddiq <icegambit91(a)gmail.com> bpftool: Mount bpffs on provided dir instead of parent dir Arnd Bergmann <arnd(a)arndb.de> wifi: carl9170: re-fix fortified-memset warning Alexander Aring <aahringo(a)redhat.com> dlm: fix user space lock decision to copy lvb Alexander Lobakin <aleksander.lobakin(a)intel.com> bitops: add missing prototype check Arnd Bergmann <arnd(a)arndb.de> mlx5: stop warning for 64KB pages Arnd Bergmann <arnd(a)arndb.de> mlx5: avoid truncating error message Arnd Bergmann <arnd(a)arndb.de> qed: avoid truncating work queue length Arnd Bergmann <arnd(a)arndb.de> enetc: avoid truncating error message Armin Wolf <W_Armin(a)gmx.de> ACPI: bus: Indicate support for IRQ ResourceSource thru _OSC Armin Wolf <W_Armin(a)gmx.de> ACPI: Fix Generic Initiator Affinity _OSC bit Armin Wolf <W_Armin(a)gmx.de> ACPI: bus: Indicate support for the Generic Event Device thru _OSC Armin Wolf <W_Armin(a)gmx.de> ACPI: bus: Indicate support for more than 16 p-states thru _OSC Armin Wolf <W_Armin(a)gmx.de> ACPI: bus: Indicate support for _TFP thru _OSC Shrikanth Hegde <sshegde(a)linux.ibm.com> sched/fair: Add EAS checks before updating root_domain::overutilized Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: fix check in iwl_mvm_sta_fw_id_mask Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: reconfigure TLC during HW restart Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: select STA mask only for active links Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: mvm: fix active link counting during recovery Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: implement can_activate_links callback Ayala Beker <ayala.beker(a)intel.com> wifi: mac80211: don't select link ID if not provided in scan request Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: allocate STA links only for active links Ilan Peer <ilan.peer(a)intel.com> wifi: iwlwifi: mvm: Do not warn on invalid link on scan complete Johannes Berg <johannes.berg(a)intel.com> wifi: ieee80211: fix ieee80211_mle_basic_sta_prof_size_ok() Guixiong Wei <weiguixiong(a)bytedance.com> x86/boot: Ignore relocations in .notes sections in walk_relocs() too Lorenzo Bianconi <lorenzo(a)kernel.org> wifi: mt76: mt7915: workaround too long expansion sparse warnings Aloka Dixit <quic_alokad(a)quicinc.com> wifi: ath12k: use correct flag field for 320 MHz channels Quentin Monnet <qmo(a)kernel.org> libbpf: Prevent null-pointer dereference when prog to load has no BTF Yonghong Song <yonghong.song(a)linux.dev> bpftool: Fix missing pids during link show Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: don't force enable power save on non-running vdevs Duoming Zhou <duoming(a)zju.edu.cn> wifi: brcmfmac: pcie: handle randbuf allocation failure Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath10k: poll service ready message before failing Yu Kuai <yukuai3(a)huawei.com> block: support to account io_ticks precisely INAGAKI Hiroshi <musashino.open(a)gmail.com> block: fix and simplify blkdevparts= cmdline parsing Christoph Hellwig <hch(a)lst.de> block: refine the EOF check in blkdev_iomap_begin Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> crypto: qat - specify firmware files for 402xx Yu Kuai <yukuai3(a)huawei.com> md: fix resync softlockup when bitmap size is less than array size Kees Cook <keescook(a)chromium.org> lkdtm: Disable CFI checking for perms functions Bjorn Andersson <quic_bjorande(a)quicinc.com> soc: qcom: pmic_glink: Make client-lock non-sleeping Pavel Begunkov <asml.silence(a)gmail.com> io_uring/net: fix sendzc lazy wake polling Jens Axboe <axboe(a)kernel.dk> io_uring/net: remove dependency on REQ_F_PARTIAL_IO for sr->done_io Kees Cook <keescook(a)chromium.org> kunit/fortify: Fix mismatched kvalloc()/vfree() usage Marek Vasut <marex(a)denx.de> hwrng: stm32 - repair clock handling Marek Vasut <marex(a)denx.de> hwrng: stm32 - put IP into RPM suspend on failure Marek Vasut <marex(a)denx.de> hwrng: stm32 - use logical OR in conditional Lucas Segarra Fernandez <lucas.segarra.fernandez(a)intel.com> crypto: qat - validate slices count returned by FW Zhu Yanjun <yanjun.zhu(a)linux.dev> null_blk: Fix missing mutex_destroy() at module removal Chun-Kuang Hu <chunkuang.hu(a)kernel.org> soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE Mukesh Ojha <quic_mojha(a)quicinc.com> firmware: qcom: scm: Fix __scm and waitq completion variable initialization Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> soc: qcom: pmic_glink: notify clients about the current state Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> soc: qcom: pmic_glink: don't traverse clients list without a lock Adam Guerin <adam.guerin(a)intel.com> crypto: qat - improve error logging to be consistent across features Adam Guerin <adam.guerin(a)intel.com> crypto: qat - improve error message in adf_get_arbiter_mapping() Chen Ni <nichen(a)iscas.ac.cn> crypto: octeontx2 - add missing check for dma_map_single David Hildenbrand <david(a)redhat.com> s390/mm: Re-enable the shared zeropage for !PV and !skeys KVM guests David Hildenbrand <david(a)redhat.com> mm/userfaultfd: Do not place zeropages when zeropages are disallowed Gabriel Krisman Bertazi <krisman(a)suse.de> io-wq: write next_work before dropping acct_lock Chuck Lever <chuck.lever(a)oracle.com> shmem: Fix shmem_rename2() Chuck Lever <chuck.lever(a)oracle.com> libfs: Add simple_offset_rename() API Chuck Lever <chuck.lever(a)oracle.com> libfs: Fix simple_offset_rename_exchange() Chuck Lever <chuck.lever(a)oracle.com> libfs: Convert simple directory offsets to use a Maple Tree Chuck Lever <chuck.lever(a)oracle.com> maple_tree: Add mtree_alloc_cyclic() Chuck Lever <chuck.lever(a)oracle.com> libfs: Add simple_offset_empty() Chuck Lever <chuck.lever(a)oracle.com> libfs: Define a minimum directory offset Chuck Lever <chuck.lever(a)oracle.com> libfs: Re-arrange locking in offset_iterate_dir() Ilya Denisyev <dev(a)elkcl.ru> jffs2: prevent xattr node from overflowing the eraseblock Maxime Ripard <mripard(a)kernel.org> ARM: configs: sunxi: Enable DRM_DW_HDMI Nikita Kiryushin <kiryushin(a)ancud.ru> rcu: Fix buffer overflow in print_cpu_stall_info() Nikita Kiryushin <kiryushin(a)ancud.ru> rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow Jens Axboe <axboe(a)kernel.dk> io_uring: use the right type for work_llist empty check Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/cio: fix tracepoint subchannel type field Eric Biggers <ebiggers(a)google.com> crypto: x86/sha512-avx2 - add missing vzeroupper Eric Biggers <ebiggers(a)google.com> crypto: x86/sha256-avx2 - add missing vzeroupper Eric Biggers <ebiggers(a)google.com> crypto: x86/nh-avx2 - add missing vzeroupper Arnd Bergmann <arnd(a)arndb.de> crypto: ccp - drop platform ifdef checks Al Viro <viro(a)zeniv.linux.org.uk> parisc: add missing export of __cmpxchg_u8() Arnd Bergmann <arnd(a)arndb.de> nilfs2: fix out-of-range warning Brian Kubisiak <brian(a)kubisiak.com> ecryptfs: Fix buffer size for tag 66 packet Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> firmware: raspberrypi: Use correct device for DMA mappings Guenter Roeck <linux(a)roeck-us.net> mm/slub, kunit: Use inverted data to corrupt kmem cache Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> firmware: qcom: qcm: fix unused qcom_scm_qseecom_allowlist Aleksandr Mishin <amishin(a)t-argos.ru> crypto: bcm - Fix pointer arithmetic Eric Sandeen <sandeen(a)redhat.com> openpromfs: finish conversion to the new mount API Dan Carpenter <dan.carpenter(a)linaro.org> nvmet: prevent sprintf() overflow in nvmet_subsys_nsid_exists() Linus Torvalds <torvalds(a)linux-foundation.org> epoll: be better about file lifetimes Hannes Reinecke <hare(a)kernel.org> nvme-tcp: strict pdu pacing to avoid send stalls on TLS Sagi Grimberg <sagi(a)grimberg.me> nvmet: fix nvme status code when namespace is disabled Sagi Grimberg <sagi(a)grimberg.me> nvmet-tcp: fix possible memory leak when tearing down a controller Nilay Shroff <nilay(a)linux.ibm.com> nvme: cancel pending I/O if nvme controller is in terminal state Maurizio Lombardi <mlombard(a)redhat.com> nvmet-auth: replace pr_debug() with pr_err() to report an error. Maurizio Lombardi <mlombard(a)redhat.com> nvmet-auth: return the error code to the nvmet_auth_host_hash() callers Nilay Shroff <nilay(a)linux.ibm.com> nvme: find numa distance only if controller has valid numa id Linus Torvalds <torvalds(a)linux-foundation.org> x86/mm: Remove broken vsyscall emulation code from the page fault code Lancelot SIX <lancelot.six(a)amd.com> drm/amdkfd: Flush the process wq before creating a kfd_process Sung Joon Kim <sungjoon.kim(a)amd.com> drm/amd/display: Disable seamless boot on 128b/132b encoding Leo Ma <hanghong.ma(a)amd.com> drm/amd/display: Fix DC mode screen flickering on DCN321 Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> drm/amd/display: Add VCO speed parameter for DCN31 FPU Meenakshikumar Somasundaram <meenakshikumar.somasundaram(a)amd.com> drm/amd/display: Allocate zero bw after bw alloc enable Swapnil Patel <swapnil.patel(a)amd.com> drm/amd/display: Add dtbclk access to dcn315 Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> drm/amd/display: Ensure that dmcub support flag is set for DCN20 Mukul Joshi <mukul.joshi(a)amd.com> drm/amdgpu: Fix VRAM memory accounting Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> Input: amimouse - mark driver struct with __refdata to prevent section mismatch Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ALSA: hda: intel-dsp-config: harden I2C/I2S codec detection Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: cs35l56: fix usages of device_get_named_child_node() Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: da7219-aad: fix usage of device_get_named_child_node() Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> platform/x86: ISST: Add Grand Ridge to HPM CPU list Zqiang <qiang.zhang1211(a)gmail.com> softirq: Fix suspicious RCU usage in __do_softirq() Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: make E-MU FPGA writes potentially more reliable Puranjay Mohan <puranjay(a)kernel.org> bpf, x86: Fix PROBE_MEM runtime load check Peter Colberg <peter.colberg(a)intel.com> fpga: dfl-pci: add PCI subdevice ID for Intel D5005 card Shubhrajyoti Datta <shubhrajyoti.datta(a)amd.com> EDAC/versal: Do not register for NOC errors Josef Bacik <josef(a)toxicpanda.com> btrfs: take the cleaner_mutex earlier in qgroup disable Vicki Pfau <vi(a)endrift.com> Input: xpad - add support for ASUS ROG RAIKIRI Oliver Upton <oliver.upton(a)linux.dev> KVM: selftests: Add test for uaccesses to non-existent vgic-v2 CPUIF Jack Yu <jack.yu(a)realtek.com> ASoC: rt715-sdca: volume step modification Jack Yu <jack.yu(a)realtek.com> ASoC: rt715: add vendor clear control register Stefan Binding <sbinding(a)opensource.cirrus.com> ASoC: cs35l41: Update DSP1RX5/6 Sources for DSP config Krzysztof Kozlowski <krzk(a)kernel.org> regulator: vqmmc-ipq4019: fix module autoloading Krzysztof Kozlowski <krzk(a)kernel.org> regulator: qcom-refgen: fix module autoloading Jack Yu <jack.yu(a)realtek.com> ASoC: rt722-sdca: add headset microphone vrefo setting Jack Yu <jack.yu(a)realtek.com> ASoC: rt722-sdca: modify channel number to support 4 channels Derek Fang <derek.fang(a)realtek.com> ASoC: dt-bindings: rt5645: add cbj sleeve gpio property Derek Fang <derek.fang(a)realtek.com> ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating end.to.start <end.to.start(a)mail.ru> ASoC: acp: Support microphone from device Acer 315-24p Ranjani Sridharan <ranjani.sridharan(a)linux.intel.com> ASoC: SOF: pcm: Restrict DSP D0i3 during S0ix to IPC3 Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-pcm: Introduce generic sof_ipc4_pcm_stream_priv Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-pcm: Use consistent name for sof_ipc4_timestamp_info pointer Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-pcm: Use consistent name for snd_sof_pcm_stream pointer Richard Fitzgerald <rf(a)opensource.cirrus.com> ALSA: hda: cs35l56: Exit cache-only after cs35l56_wait_for_firmware_boot() Matti Vaittinen <mazziesaccount(a)gmail.com> regulator: irq_helpers: duplicate IRQ name Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: bytcr_rt5640: Apply Asus T100TA quirk to Asus T100TAM too Oleg Nesterov <oleg(a)redhat.com> sched/isolation: Fix boot crash when maxcpus < first housekeeping CPU Christoph Müllner <christoph.muellner(a)vrull.eu> riscv: T-Head: Test availability bit before enabling MAE errata Christoph Müllner <christoph.muellner(a)vrull.eu> riscv: thead: Rename T-Head PBMT to MAE Clément Léger <cleger(a)rivosinc.com> selftests: sud_test: return correct emulated syscall value on RISC-V Derek Foreman <derek.foreman(a)collabora.com> drm/etnaviv: fix tx clock gating on some GC7000 variants Bibo Mao <maobibo(a)loongson.cn> LoongArch: Lately init pmu after smp is online Sean Christopherson <seanjc(a)google.com> cpu: Ignore "mitigations" kernel parameter if CPU_MITIGATIONS=n Duanqiang Wen <duanqiangwen(a)net-swift.com> Revert "net: txgbe: fix clk_name exceed MAX_DEV_ID limits" Duanqiang Wen <duanqiangwen(a)net-swift.com> Revert "net: txgbe: fix i2c dev name cannot match clkdev" Jack Xiao <Jack.Xiao(a)amd.com> drm/amdgpu/mes: fix use-after-free issue Prike Liang <Prike.Liang(a)amd.com> drm/amdgpu: Fix the ring buffer size for queue VM flush Mukul Joshi <mukul.joshi(a)amd.com> drm/amdkfd: Add VRAM accounting for SVM migration Lijo Lazar <lijo.lazar(a)amd.com> drm/amd/pm: Restore config space after reset Felix Kuehling <felix.kuehling(a)amd.com> drm/amdgpu: Update BO eviction priorities Joshua Ashton <joshua(a)froggi.es> drm/amd/display: Set color_mgmt_changed to true on unsuspend Daniele Palmas <dnlplm(a)gmail.com> net: usb: qmi_wwan: add Telit FN920C04 compositions Abdelrahman Morsy <abdelrahmanhesham94(a)gmail.com> HID: mcp-2221: cancel delayed_work only when CONFIG_IIO is enabled Rob Herring <robh(a)kernel.org> dt-bindings: rockchip: grf: Add missing type to 'pcie-phy' node Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class Richard Kinder <richard.kinder(a)gmail.com> wifi: mac80211: ensure beacon is non-S1G prior to extracting the beacon timestamp field Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: don't use rate mask for scanning Miquel Raynal <miquel.raynal(a)bootlin.com> dmaengine: xilinx: xdma: Clarify kdoc in XDMA driver Nuno Pereira <nf.pereira(a)outlook.pt> HID: nintendo: Fix N64 controller being identified as mouse Eric Biggers <ebiggers(a)google.com> KEYS: asymmetric: Add missing dependencies of FIPS_SIGNATURE_SELFTEST Eric Biggers <ebiggers(a)google.com> KEYS: asymmetric: Add missing dependency on CRYPTO_SIG Takashi Iwai <tiwai(a)suse.de> ALSA: Fix deadlocks with kctl removals at disconnection Takashi Iwai <tiwai(a)suse.de> ALSA: core: Fix NULL module pointer assignment at card init Andy Chi <andy.chi(a)canonical.com> ALSA: hda/realtek: fix mute/micmute LEDs don't work for ProBook 440/460 G11. Nandor Kracser <bonifaido(a)gmail.com> ksmbd: ignore trailing slashes in share paths Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: avoid to send duplicate oplock break notifications Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Break dir enumeration if directory contents error Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix case when index is reused during tree transformation Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Taking DOS names into account during link counting Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Remove max link count info display during driver init Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix potential hang in nilfs_detach_log_writer() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix unexpected freezing of nilfs_segctor_sync() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix use-after-free of timer for log writer thread Thorsten Blum <thorsten.blum(a)toblux.com> net: smc91x: Fix m68k kernel compilation for ColdFire CPU Herve Codina <herve.codina(a)bootlin.com> net: lan966x: remove debugfs directory in probe() error path Romain Gantois <romain.gantois(a)bootlin.com> net: ti: icssg_prueth: Fix NULL pointer dereference in prueth_probe() Brennan Xavier McManus <bxmcmanus(a)gmail.com> tools/nolibc/stdlib: fix memory error in realloc() Shuah Khan <skhan(a)linuxfoundation.org> tools/latency-collector: Fix -Wformat-security compile warns Souradeep Chakrabarti <schakrabarti(a)linux.microsoft.com> net: mana: Fix the extra HZ in mana_hwc_send_request Petr Pavlu <petr.pavlu(a)suse.com> ring-buffer: Fix a race between readers and resize checks Ken Milmore <ken.milmore(a)gmail.com> r8169: Fix possible ring buffer corruption on fragmented Tx packets. Heiner Kallweit <hkallweit1(a)gmail.com> Revert "r8169: don't try to disable interrupts if NAPI is, scheduled already" Ming Lei <ming.lei(a)redhat.com> io_uring: fail NOP if non-zero op flags is passed in Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: try trimming too long modalias strings Pin-yen Lin <treapking(a)chromium.org> serial: 8520_mtk: Set RTS on shutdown for Rx in-band wakeup Doug Berger <opendmb(a)gmail.com> serial: 8250_bcm7271: use default_mux_rate if possible Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler Dan Carpenter <dan.carpenter(a)linaro.org> speakup: Fix sizeof() vs ARRAY_SIZE() bug Daniel Starke <daniel.starke(a)siemens.com> tty: n_gsm: fix missing receive state reset after mode switch Daniel Starke <daniel.starke(a)siemens.com> tty: n_gsm: fix possible out-of-bounds in gsm0_receive() Will Deacon <will(a)kernel.org> Reapply "arm64: fpsimd: Implement lazy restore for kernel mode FPSIMD" Ard Biesheuvel <ardb(a)kernel.org> arm64/fpsimd: Avoid erroneous elide of user state reload Will Deacon <will(a)kernel.org> Revert "arm64: fpsimd: Implement lazy restore for kernel mode FPSIMD" Zheng Yejian <zhengyejian1(a)huawei.com> ftrace: Fix possible use-after-free issue in ftrace_location() Masami Hiramatsu (Google) <mhiramat(a)kernel.org> selftests/ftrace: Fix BTFARG testcase to check fprobe is enabled correctly Daniel J Blueman <daniel(a)quora.org> x86/tsc: Trust initial offset in architectural TSC-adjust MSRs Josef Bacik <josef(a)toxicpanda.com> sunrpc: use the struct net as the svc proc private ------------- Diffstat: Documentation/admin-guide/kernel-parameters.txt | 3 + .../devicetree/bindings/media/i2c/ovti,ov2680.yaml | 18 +- .../devicetree/bindings/soc/rockchip/grf.yaml | 1 + Documentation/devicetree/bindings/sound/rt5645.txt | 6 + .../bindings/thermal/loongson,ls2k-thermal.yaml | 24 +- Makefile | 4 +- arch/arm/configs/sunxi_defconfig | 1 + arch/arm64/include/asm/irqflags.h | 1 - arch/arm64/kernel/fpsimd.c | 44 +- arch/loongarch/kernel/perf_event.c | 2 +- arch/m68k/kernel/entry.S | 4 +- arch/m68k/mac/misc.c | 36 +- arch/openrisc/kernel/traps.c | 42 +- arch/parisc/kernel/parisc_ksyms.c | 1 + arch/powerpc/sysdev/fsl_msi.c | 2 + arch/riscv/Kconfig.errata | 8 +- arch/riscv/errata/thead/errata.c | 24 +- arch/riscv/include/asm/errata_list.h | 20 +- arch/riscv/net/bpf_jit_comp64.c | 20 +- arch/s390/include/asm/gmap.h | 2 +- arch/s390/include/asm/mmu.h | 5 + arch/s390/include/asm/mmu_context.h | 1 + arch/s390/include/asm/pgtable.h | 16 +- arch/s390/kvm/kvm-s390.c | 4 +- arch/s390/mm/gmap.c | 165 +++-- arch/s390/net/bpf_jit_comp.c | 8 +- arch/sh/kernel/kprobes.c | 7 +- arch/sh/lib/checksum.S | 67 +-- arch/x86/Kconfig | 8 +- arch/x86/boot/compressed/head_64.S | 5 + arch/x86/crypto/nh-avx2-x86_64.S | 1 + arch/x86/crypto/sha256-avx2-asm.S | 1 + arch/x86/crypto/sha512-avx2-asm.S | 1 + arch/x86/entry/vsyscall/vsyscall_64.c | 28 +- arch/x86/include/asm/cmpxchg_64.h | 2 +- arch/x86/include/asm/pgtable_types.h | 2 + arch/x86/include/asm/processor.h | 1 - arch/x86/include/asm/sparsemem.h | 2 - arch/x86/kernel/cpu/microcode/amd.c | 2 +- arch/x86/kernel/tsc_sync.c | 6 +- arch/x86/lib/x86-opcode-map.txt | 10 +- arch/x86/mm/fault.c | 33 +- arch/x86/mm/numa.c | 4 +- arch/x86/mm/pat/set_memory.c | 68 ++- arch/x86/net/bpf_jit_comp.c | 57 +- arch/x86/purgatory/Makefile | 3 +- arch/x86/tools/relocs.c | 9 + block/blk-core.c | 9 +- block/blk-merge.c | 2 + block/blk-mq.c | 4 + block/blk.h | 1 + block/fops.c | 2 +- block/genhd.c | 2 +- block/partitions/cmdline.c | 49 +- crypto/asymmetric_keys/Kconfig | 3 + drivers/accessibility/speakup/main.c | 2 +- drivers/acpi/acpi_lpss.c | 1 + drivers/acpi/acpica/Makefile | 1 + drivers/acpi/bus.c | 5 + drivers/acpi/numa/srat.c | 5 + drivers/block/null_blk/main.c | 2 + drivers/bluetooth/btmrvl_main.c | 9 - drivers/bluetooth/btqca.c | 4 +- drivers/bluetooth/btrsi.c | 1 - drivers/bluetooth/btsdio.c | 8 - drivers/bluetooth/btusb.c | 5 - drivers/bluetooth/hci_bcm4377.c | 1 - drivers/bluetooth/hci_ldisc.c | 6 - drivers/bluetooth/hci_serdev.c | 5 - drivers/bluetooth/hci_uart.h | 1 - drivers/bluetooth/hci_vhci.c | 10 +- drivers/bluetooth/virtio_bt.c | 2 - drivers/char/hw_random/stm32-rng.c | 18 +- drivers/clk/clk-renesas-pcie.c | 10 +- drivers/clk/mediatek/clk-mt8365-mm.c | 2 +- drivers/clk/mediatek/clk-pllfh.c | 2 +- drivers/clk/qcom/Kconfig | 2 + drivers/clk/qcom/apss-ipq-pll.c | 3 +- drivers/clk/qcom/clk-alpha-pll.c | 1 - drivers/clk/qcom/dispcc-sm6350.c | 11 +- drivers/clk/qcom/dispcc-sm8450.c | 20 +- drivers/clk/qcom/dispcc-sm8550.c | 20 +- drivers/clk/qcom/dispcc-sm8650.c | 20 +- drivers/clk/qcom/mmcc-msm8998.c | 8 + drivers/clk/renesas/r8a779a0-cpg-mssr.c | 2 +- drivers/clk/renesas/r9a07g043-cpg.c | 9 + drivers/clk/samsung/clk-exynosautov9.c | 8 +- drivers/cpufreq/brcmstb-avs-cpufreq.c | 5 +- drivers/cpufreq/cppc_cpufreq.c | 14 +- drivers/cpufreq/cpufreq.c | 11 +- drivers/crypto/bcm/spu2.c | 2 +- drivers/crypto/ccp/sp-platform.c | 14 +- .../crypto/intel/qat/qat_420xx/adf_420xx_hw_data.c | 2 +- .../crypto/intel/qat/qat_4xxx/adf_4xxx_hw_data.c | 2 +- drivers/crypto/intel/qat/qat_4xxx/adf_drv.c | 2 + drivers/crypto/intel/qat/qat_common/adf_gen4_tl.c | 1 + drivers/crypto/intel/qat/qat_common/adf_rl.c | 2 +- .../crypto/intel/qat/qat_common/adf_telemetry.c | 21 + .../crypto/intel/qat/qat_common/adf_telemetry.h | 1 + drivers/crypto/marvell/octeontx2/cn10k_cpt.c | 4 + drivers/dma/xilinx/xdma.c | 14 +- drivers/dpll/dpll_core.c | 2 +- drivers/edac/skx_common.c | 2 +- drivers/edac/versal_edac.c | 5 +- drivers/firmware/qcom/qcom_scm.c | 12 +- drivers/firmware/raspberrypi.c | 7 +- drivers/fpga/dfl-pci.c | 3 + drivers/gpio/gpio-npcm-sgpio.c | 10 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_mes.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 2 + drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 3 +- drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 3 +- drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 2 - drivers/gpu/drm/amd/amdkfd/kfd_migrate.c | 16 +- drivers/gpu/drm/amd/amdkfd/kfd_process.c | 8 + drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 2 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 1 + .../amd/display/dc/clk_mgr/dcn315/dcn315_clk_mgr.c | 8 + .../amd/display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c | 15 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 3 + .../gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c | 5 + .../gpu/drm/amd/display/dc/dml/dcn31/dcn31_fpu.c | 2 + .../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 3 +- .../display/dc/link/protocols/link_dp_dpia_bw.c | 10 +- .../amd/display/dc/resource/dcn20/dcn20_resource.c | 1 + .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_6_ppt.c | 25 + drivers/gpu/drm/arm/malidp_mw.c | 5 +- drivers/gpu/drm/bridge/analogix/anx7625.c | 15 +- .../gpu/drm/bridge/cadence/cdns-mhdp8546-core.c | 3 + drivers/gpu/drm/bridge/chipone-icn6211.c | 6 +- drivers/gpu/drm/bridge/lontium-lt8912b.c | 6 +- drivers/gpu/drm/bridge/lontium-lt9611.c | 6 +- drivers/gpu/drm/bridge/lontium-lt9611uxc.c | 6 +- drivers/gpu/drm/bridge/tc358775.c | 6 +- drivers/gpu/drm/bridge/ti-dlpc3433.c | 17 +- drivers/gpu/drm/bridge/ti-sn65dsi86.c | 1 - drivers/gpu/drm/ci/test.yml | 6 +- drivers/gpu/drm/display/drm_dp_helper.c | 35 ++ drivers/gpu/drm/drm_bridge.c | 10 +- drivers/gpu/drm/drm_edid.c | 2 +- drivers/gpu/drm/drm_mipi_dsi.c | 6 +- drivers/gpu/drm/etnaviv/etnaviv_gpu.c | 4 +- drivers/gpu/drm/imagination/pvr_vm_mips.c | 4 +- drivers/gpu/drm/mediatek/mtk_drm_crtc.c | 8 +- drivers/gpu/drm/mediatek/mtk_drm_gem.c | 3 + drivers/gpu/drm/meson/meson_vclk.c | 6 +- drivers/gpu/drm/msm/dp/dp_aux.c | 20 + drivers/gpu/drm/msm/dp/dp_aux.h | 1 + drivers/gpu/drm/msm/dp/dp_ctrl.c | 6 +- drivers/gpu/drm/msm/dp/dp_display.c | 4 + drivers/gpu/drm/msm/dp/dp_link.c | 22 +- drivers/gpu/drm/msm/dp/dp_link.h | 14 +- drivers/gpu/drm/mxsfb/lcdif_drv.c | 6 +- drivers/gpu/drm/nouveau/nvkm/engine/disp/r535.c | 2 +- drivers/gpu/drm/omapdrm/Kconfig | 2 +- drivers/gpu/drm/omapdrm/omap_fbdev.c | 40 +- drivers/gpu/drm/panel/panel-edp.c | 3 + drivers/gpu/drm/panel/panel-leadtek-ltk050h3146w.c | 5 +- drivers/gpu/drm/panel/panel-novatek-nt35950.c | 6 +- drivers/gpu/drm/panel/panel-samsung-atna33xc20.c | 24 +- drivers/gpu/drm/panel/panel-simple.c | 3 + drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 22 +- drivers/gpu/drm/vc4/vc4_hdmi.c | 2 + drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c | 10 + drivers/hid/hid-mcp2221.c | 2 + drivers/hid/hid-nintendo.c | 8 +- drivers/hid/intel-ish-hid/ipc/pci-ish.c | 5 + drivers/infiniband/core/cma.c | 4 +- drivers/infiniband/hw/bnxt_re/qplib_fp.c | 3 +- drivers/infiniband/hw/hns/hns_roce_cq.c | 24 +- drivers/infiniband/hw/hns/hns_roce_hem.h | 12 +- drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 7 +- drivers/infiniband/hw/hns/hns_roce_main.c | 1 + drivers/infiniband/hw/hns/hns_roce_mr.c | 15 +- drivers/infiniband/hw/hns/hns_roce_srq.c | 6 +- drivers/infiniband/hw/mana/cq.c | 54 +- drivers/infiniband/hw/mana/main.c | 43 ++ drivers/infiniband/hw/mana/mana_ib.h | 14 +- drivers/infiniband/hw/mana/qp.c | 26 +- drivers/infiniband/hw/mlx5/mem.c | 8 +- drivers/infiniband/hw/mlx5/mlx5_ib.h | 3 +- drivers/infiniband/hw/mlx5/mr.c | 35 +- drivers/infiniband/sw/rxe/rxe_comp.c | 6 +- drivers/infiniband/sw/rxe/rxe_net.c | 12 +- drivers/infiniband/sw/rxe/rxe_verbs.c | 6 +- drivers/infiniband/ulp/ipoib/ipoib_vlan.c | 8 +- drivers/input/input.c | 104 +++- drivers/input/joystick/xpad.c | 2 + drivers/input/mouse/amimouse.c | 8 +- drivers/iommu/iommu.c | 21 +- drivers/irqchip/irq-alpine-msi.c | 2 +- drivers/irqchip/irq-loongson-pch-msi.c | 2 +- drivers/macintosh/via-macii.c | 11 +- drivers/md/dm-delay.c | 14 +- drivers/md/md-bitmap.c | 6 +- drivers/media/i2c/et8ek8/et8ek8_driver.c | 4 +- drivers/media/pci/intel/ipu3/ipu3-cio2.c | 10 +- drivers/media/pci/ngene/ngene-core.c | 4 +- drivers/media/platform/cadence/cdns-csi2rx.c | 26 +- drivers/media/platform/renesas/rcar-vin/rcar-vin.h | 2 +- drivers/media/radio/radio-shark2.c | 2 +- drivers/media/usb/uvc/uvc_driver.c | 31 + drivers/media/usb/uvc/uvcvideo.h | 1 + drivers/media/v4l2-core/v4l2-subdev.c | 2 + drivers/misc/lkdtm/Makefile | 2 +- drivers/misc/lkdtm/perms.c | 2 +- drivers/mtd/mtdcore.c | 6 +- drivers/mtd/nand/raw/nand_hynix.c | 2 +- drivers/net/dsa/mv88e6xxx/chip.c | 50 +- drivers/net/dsa/mv88e6xxx/chip.h | 6 + drivers/net/dsa/mv88e6xxx/global1.c | 89 +++ drivers/net/dsa/mv88e6xxx/global1.h | 2 + drivers/net/ethernet/cortina/gemini.c | 12 +- drivers/net/ethernet/freescale/enetc/enetc.c | 2 +- drivers/net/ethernet/freescale/fec_main.c | 26 - drivers/net/ethernet/intel/ice/ice_base.c | 134 ++++- drivers/net/ethernet/intel/ice/ice_base.h | 10 +- drivers/net/ethernet/intel/ice/ice_common.c | 4 +- drivers/net/ethernet/intel/ice/ice_ddp.c | 18 +- drivers/net/ethernet/intel/ice/ice_lag.c | 6 +- drivers/net/ethernet/intel/ice/ice_lib.c | 129 ---- drivers/net/ethernet/intel/ice/ice_lib.h | 10 - drivers/net/ethernet/intel/ice/ice_sched.c | 4 +- drivers/net/ethernet/intel/ice/ice_switch.c | 10 +- drivers/net/ethernet/intel/ice/ice_xsk.c | 22 +- drivers/net/ethernet/intel/idpf/idpf_ethtool.c | 3 +- drivers/net/ethernet/mediatek/mtk_eth_soc.c | 240 ++++---- drivers/net/ethernet/mediatek/mtk_eth_soc.h | 29 +- drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 46 +- .../net/ethernet/mellanox/mlx5/core/en/xsk/setup.c | 6 +- .../net/ethernet/mellanox/mlx5/core/esw/bridge.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/eswitch.h | 4 +- .../ethernet/mellanox/mlx5/core/eswitch_offloads.c | 28 +- drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c | 6 +- .../net/ethernet/mellanox/mlx5/core/lag/mpesw.c | 4 +- drivers/net/ethernet/mellanox/mlx5/core/main.c | 14 +- .../ethernet/mellanox/mlx5/core/sf/dev/driver.c | 19 +- .../net/ethernet/microchip/lan966x/lan966x_main.c | 6 +- drivers/net/ethernet/microsoft/mana/hw_channel.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_main.c | 9 +- drivers/net/ethernet/realtek/r8169_main.c | 9 +- drivers/net/ethernet/smsc/smc91x.h | 4 +- drivers/net/ethernet/stmicro/stmmac/common.h | 2 + drivers/net/ethernet/stmicro/stmmac/stmmac.h | 2 + drivers/net/ethernet/stmicro/stmmac/stmmac_est.c | 6 + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 22 + drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c | 8 +- drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c | 105 +++- drivers/net/ethernet/sun/sungem.c | 14 - drivers/net/ethernet/ti/icssg/icssg_prueth.c | 14 +- drivers/net/ethernet/wangxun/libwx/wx_hw.c | 2 +- drivers/net/ethernet/wangxun/libwx/wx_lib.c | 76 ++- drivers/net/ethernet/wangxun/libwx/wx_lib.h | 2 + drivers/net/ethernet/wangxun/libwx/wx_type.h | 23 +- drivers/net/ethernet/wangxun/ngbe/ngbe_ethtool.c | 18 +- drivers/net/ethernet/wangxun/ngbe/ngbe_main.c | 1 + drivers/net/ethernet/wangxun/txgbe/Makefile | 1 + drivers/net/ethernet/wangxun/txgbe/txgbe_ethtool.c | 18 +- drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c | 269 +++++++++ drivers/net/ethernet/wangxun/txgbe/txgbe_irq.h | 7 + drivers/net/ethernet/wangxun/txgbe/txgbe_main.c | 172 ++---- drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c | 90 +-- drivers/net/ethernet/wangxun/txgbe/txgbe_phy.h | 3 + drivers/net/ethernet/wangxun/txgbe/txgbe_type.h | 18 + drivers/net/phy/micrel.c | 3 +- drivers/net/usb/aqc111.c | 8 +- drivers/net/usb/qmi_wwan.c | 3 + drivers/net/usb/smsc95xx.c | 15 +- drivers/net/usb/sr9700.c | 10 +- drivers/net/wireless/ath/ar5523/ar5523.c | 14 + drivers/net/wireless/ath/ath10k/core.c | 3 + drivers/net/wireless/ath/ath10k/debugfs_sta.c | 2 +- drivers/net/wireless/ath/ath10k/hw.h | 1 + drivers/net/wireless/ath/ath10k/targaddrs.h | 3 + drivers/net/wireless/ath/ath10k/wmi.c | 26 +- drivers/net/wireless/ath/ath11k/mac.c | 9 +- drivers/net/wireless/ath/ath12k/qmi.c | 3 + drivers/net/wireless/ath/ath12k/wmi.c | 2 +- drivers/net/wireless/ath/carl9170/tx.c | 3 +- drivers/net/wireless/ath/carl9170/usb.c | 32 + .../wireless/broadcom/brcm80211/brcmfmac/pcie.c | 15 +- drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 19 +- .../net/wireless/intel/iwlwifi/mvm/mld-mac80211.c | 47 +- drivers/net/wireless/intel/iwlwifi/mvm/mld-sta.c | 19 +- drivers/net/wireless/intel/iwlwifi/mvm/mvm.h | 2 + drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 7 +- drivers/net/wireless/marvell/mwl8k.c | 2 +- drivers/net/wireless/mediatek/mt76/mt7603/dma.c | 46 +- drivers/net/wireless/mediatek/mt76/mt7603/mac.c | 1 + .../net/wireless/mediatek/mt76/mt76_connac_mcu.c | 1 + .../net/wireless/mediatek/mt76/mt7915/debugfs.c | 6 +- drivers/net/wireless/mediatek/mt76/mt7925/mcu.h | 2 +- drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 12 +- drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 2 +- drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 1 + drivers/net/wireless/realtek/rtw89/ps.c | 3 +- drivers/net/wireless/realtek/rtw89/wow.c | 12 +- drivers/nvme/host/core.c | 21 - drivers/nvme/host/multipath.c | 3 +- drivers/nvme/host/nvme.h | 21 + drivers/nvme/host/pci.c | 8 +- drivers/nvme/host/tcp.c | 10 +- drivers/nvme/target/auth.c | 8 +- drivers/nvme/target/configfs.c | 12 + drivers/nvme/target/core.c | 5 +- drivers/nvme/target/nvmet.h | 1 + drivers/nvme/target/tcp.c | 11 +- drivers/of/module.c | 7 +- drivers/perf/hisilicon/hisi_pcie_pmu.c | 14 +- drivers/perf/hisilicon/hns3_pmu.c | 16 +- .../x86/intel/speed_select_if/isst_if_common.c | 1 + drivers/platform/x86/xiaomi-wmi.c | 18 + drivers/ptp/ptp_ocp.c | 6 +- drivers/pwm/core.c | 666 ++++++++++----------- drivers/pwm/pwm-clps711x.c | 1 - drivers/pwm/pwm-cros-ec.c | 1 - drivers/pwm/pwm-meson.c | 51 +- drivers/pwm/pwm-pxa.c | 4 +- drivers/pwm/pwm-sti.c | 46 +- drivers/pwm/sysfs.c | 4 +- drivers/regulator/irq_helpers.c | 3 + drivers/regulator/qcom-refgen-regulator.c | 1 + drivers/regulator/vqmmc-ipq4019-regulator.c | 1 + drivers/s390/cio/trace.h | 2 +- drivers/scsi/bfa/bfad_debugfs.c | 4 +- drivers/scsi/hpsa.c | 2 +- drivers/scsi/libsas/sas_expander.c | 3 +- drivers/scsi/qedf/qedf_debugfs.c | 2 +- drivers/scsi/qla2xxx/qla_dfs.c | 2 +- drivers/soc/mediatek/mtk-cmdq-helper.c | 5 +- drivers/soc/qcom/pmic_glink.c | 26 +- drivers/staging/media/atomisp/pci/sh_css.c | 1 + drivers/staging/media/starfive/camss/stf-camss.c | 6 + drivers/thermal/mediatek/lvts_thermal.c | 4 + drivers/thermal/qcom/tsens.c | 2 +- drivers/thermal/thermal_core.c | 12 +- drivers/thermal/thermal_debugfs.c | 27 +- drivers/thermal/thermal_debugfs.h | 4 +- drivers/tty/n_gsm.c | 140 +++-- drivers/tty/serial/8250/8250_bcm7271.c | 99 +-- drivers/tty/serial/8250/8250_mtk.c | 8 +- drivers/tty/serial/sc16is7xx.c | 23 +- drivers/ufs/core/ufs-mcq.c | 3 +- drivers/ufs/core/ufshcd.c | 6 +- drivers/ufs/host/cdns-pltfrm.c | 2 +- drivers/ufs/host/ufs-qcom.c | 7 +- drivers/ufs/host/ufs-qcom.h | 12 +- drivers/video/fbdev/Kconfig | 4 +- drivers/video/fbdev/core/Kconfig | 6 + drivers/video/fbdev/sh_mobile_lcdcfb.c | 2 +- drivers/video/fbdev/sis/init301.c | 3 +- drivers/virt/acrn/mm.c | 61 +- fs/btrfs/ioctl.c | 33 +- fs/btrfs/qgroup.c | 21 +- fs/dlm/ast.c | 14 + fs/dlm/dlm_internal.h | 1 + fs/dlm/user.c | 15 +- fs/ecryptfs/keystore.c | 4 +- fs/eventpoll.c | 38 +- fs/exec.c | 11 + fs/ext4/inode.c | 3 - fs/ext4/mballoc.c | 1 + fs/ext4/namei.c | 2 +- fs/gfs2/glock.c | 91 ++- fs/gfs2/glock.h | 1 + fs/gfs2/glops.c | 3 + fs/gfs2/incore.h | 1 + fs/gfs2/lock_dlm.c | 32 +- fs/gfs2/ops_fstype.c | 1 + fs/gfs2/super.c | 3 - fs/gfs2/util.c | 1 - fs/jffs2/xattr.c | 3 + fs/libfs.c | 147 +++-- fs/nfsd/nfsctl.c | 4 +- fs/nilfs2/ioctl.c | 2 +- fs/nilfs2/segment.c | 63 +- fs/ntfs3/dir.c | 1 + fs/ntfs3/index.c | 6 + fs/ntfs3/inode.c | 7 +- fs/ntfs3/record.c | 11 +- fs/ntfs3/super.c | 2 - fs/openpromfs/inode.c | 8 +- fs/smb/server/mgmt/share_config.c | 6 +- fs/smb/server/oplock.c | 21 +- include/drm/display/drm_dp_helper.h | 6 + include/drm/drm_displayid.h | 1 - include/drm/drm_mipi_dsi.h | 6 +- include/linux/acpi.h | 6 +- include/linux/bitops.h | 1 + include/linux/cpu.h | 11 + include/linux/dev_printk.h | 25 +- include/linux/fb.h | 4 + include/linux/fs.h | 8 +- include/linux/ieee80211.h | 2 +- include/linux/ksm.h | 13 + include/linux/maple_tree.h | 7 + include/linux/mlx5/driver.h | 1 + include/linux/numa.h | 7 +- include/linux/overflow.h | 25 +- include/linux/printk.h | 2 +- include/linux/pwm.h | 7 +- include/linux/stmmac.h | 2 +- include/net/ax25.h | 3 +- include/net/bluetooth/bluetooth.h | 2 +- include/net/bluetooth/hci.h | 122 +--- include/net/bluetooth/hci_core.h | 53 +- include/net/bluetooth/l2cap.h | 11 +- include/net/mac80211.h | 3 + include/net/tcp.h | 5 +- include/trace/events/asoc.h | 2 + include/uapi/linux/bpf.h | 2 +- include/uapi/linux/virtio_bt.h | 1 - io_uring/io-wq.c | 13 +- io_uring/io_uring.h | 2 +- io_uring/net.c | 22 +- io_uring/nop.c | 2 + kernel/bpf/syscall.c | 5 + kernel/bpf/verifier.c | 29 +- kernel/cgroup/cpuset.c | 2 +- kernel/cpu.c | 14 +- kernel/rcu/tasks.h | 2 +- kernel/rcu/tree_stall.h | 3 +- kernel/sched/core.c | 2 +- kernel/sched/fair.c | 53 +- kernel/sched/isolation.c | 7 +- kernel/sched/topology.c | 2 +- kernel/softirq.c | 12 +- kernel/trace/ftrace.c | 39 +- kernel/trace/ring_buffer.c | 9 + kernel/trace/trace_events_user.c | 181 ++++-- lib/fortify_kunit.c | 16 +- lib/kunit/device.c | 2 +- lib/kunit/test.c | 3 + lib/kunit/try-catch.c | 9 +- lib/maple_tree.c | 93 +++ lib/overflow_kunit.c | 19 + lib/slub_kunit.c | 2 +- lib/test_hmm.c | 8 +- mm/shmem.c | 7 +- mm/userfaultfd.c | 35 ++ net/ax25/ax25_dev.c | 48 +- net/bluetooth/hci_conn.c | 35 +- net/bluetooth/hci_core.c | 144 +---- net/bluetooth/hci_event.c | 313 +--------- net/bluetooth/hci_sock.c | 9 +- net/bluetooth/hci_sync.c | 207 ++----- net/bluetooth/iso.c | 125 ++-- net/bluetooth/l2cap_core.c | 77 ++- net/bluetooth/l2cap_sock.c | 91 ++- net/bluetooth/mgmt.c | 84 +-- net/bridge/br_device.c | 6 + net/bridge/br_mst.c | 16 +- net/core/dev.c | 3 +- net/ipv4/tcp_ipv4.c | 13 +- net/ipv4/udp.c | 21 +- net/ipv6/reassembly.c | 2 +- net/ipv6/seg6.c | 5 +- net/ipv6/udp.c | 20 +- net/l2tp/l2tp_core.c | 44 +- net/mac80211/mlme.c | 3 +- net/mac80211/rate.c | 6 +- net/mac80211/scan.c | 17 +- net/mac80211/tx.c | 13 +- net/mptcp/protocol.c | 54 +- net/mptcp/protocol.h | 45 +- net/mptcp/sockopt.c | 131 ++-- net/netrom/nr_route.c | 19 +- net/openvswitch/flow.c | 3 +- net/packet/af_packet.c | 3 +- net/qrtr/ns.c | 27 + net/sunrpc/auth_gss/svcauth_gss.c | 10 +- net/sunrpc/stats.c | 2 +- net/sunrpc/svc.c | 2 - net/unix/af_unix.c | 2 +- net/wireless/nl80211.c | 14 +- net/wireless/trace.h | 4 +- samples/landlock/sandboxer.c | 5 +- scripts/module.lds.S | 1 + sound/core/init.c | 11 +- sound/hda/intel-dsp-config.c | 27 +- sound/pci/emu10k1/io.c | 1 + sound/pci/hda/cs35l41_hda_property.c | 4 +- sound/pci/hda/cs35l56_hda.c | 4 + sound/pci/hda/patch_realtek.c | 3 + sound/soc/amd/yc/acp6x-mach.c | 7 + sound/soc/codecs/cs35l41.c | 28 +- sound/soc/codecs/cs35l56.c | 13 +- sound/soc/codecs/da7219-aad.c | 6 +- sound/soc/codecs/rt5645.c | 25 + sound/soc/codecs/rt715-sdca.c | 8 +- sound/soc/codecs/rt715-sdw.c | 1 + sound/soc/codecs/rt722-sdca.c | 27 +- sound/soc/codecs/rt722-sdca.h | 3 + sound/soc/intel/avs/boards/ssm4567.c | 1 - sound/soc/intel/avs/cldma.c | 2 +- sound/soc/intel/avs/path.c | 1 + sound/soc/intel/avs/pcm.c | 4 + sound/soc/intel/avs/probes.c | 14 +- sound/soc/intel/boards/bxt_da7219_max98357a.c | 1 + sound/soc/intel/boards/bxt_rt298.c | 1 + sound/soc/intel/boards/bytcr_rt5640.c | 24 +- sound/soc/intel/boards/glk_rt5682_max98357a.c | 2 + sound/soc/intel/boards/kbl_da7219_max98357a.c | 1 + sound/soc/intel/boards/kbl_da7219_max98927.c | 4 + sound/soc/intel/boards/kbl_rt5660.c | 1 + sound/soc/intel/boards/kbl_rt5663_max98927.c | 2 + .../soc/intel/boards/kbl_rt5663_rt5514_max98927.c | 1 + sound/soc/intel/boards/skl_hda_dsp_generic.c | 2 + sound/soc/intel/boards/skl_nau88l25_max98357a.c | 1 + sound/soc/intel/boards/skl_rt286.c | 1 + sound/soc/kirkwood/kirkwood-dma.c | 3 + sound/soc/mediatek/common/mtk-soundcard-driver.c | 6 +- sound/soc/sof/intel/hda-dai.c | 31 +- sound/soc/sof/intel/lnl.c | 3 +- sound/soc/sof/intel/lnl.h | 15 + sound/soc/sof/intel/mtl.c | 46 +- sound/soc/sof/intel/mtl.h | 4 +- sound/soc/sof/ipc3-pcm.c | 1 + sound/soc/sof/ipc4-pcm.c | 97 +-- sound/soc/sof/pcm.c | 13 +- sound/soc/sof/sof-audio.h | 2 + tools/arch/x86/lib/x86-opcode-map.txt | 10 +- tools/bpf/bpftool/common.c | 96 ++- tools/bpf/bpftool/iter.c | 2 +- tools/bpf/bpftool/main.h | 3 +- tools/bpf/bpftool/prog.c | 5 +- tools/bpf/bpftool/skeleton/pid_iter.bpf.c | 4 +- tools/bpf/bpftool/struct_ops.c | 2 +- tools/include/nolibc/stdlib.h | 2 +- tools/include/uapi/linux/bpf.h | 2 +- tools/lib/bpf/libbpf.c | 9 +- tools/testing/selftests/bpf/cgroup_helpers.c | 3 + tools/testing/selftests/bpf/network_helpers.c | 2 + .../selftests/bpf/prog_tests/cgroup1_hierarchy.c | 7 +- .../selftests/bpf/prog_tests/xdp_do_redirect.c | 4 +- .../bpf/progs/bench_local_storage_create.c | 5 +- tools/testing/selftests/bpf/progs/local_storage.c | 20 +- tools/testing/selftests/bpf/progs/lsm_cgroup.c | 8 +- tools/testing/selftests/bpf/test_sockmap.c | 2 +- tools/testing/selftests/cgroup/cgroup_util.c | 8 +- tools/testing/selftests/cgroup/cgroup_util.h | 2 +- tools/testing/selftests/cgroup/test_core.c | 7 +- tools/testing/selftests/cgroup/test_cpu.c | 2 +- tools/testing/selftests/cgroup/test_cpuset.c | 2 +- tools/testing/selftests/cgroup/test_freezer.c | 2 +- .../testing/selftests/cgroup/test_hugetlb_memcg.c | 2 +- tools/testing/selftests/cgroup/test_kill.c | 2 +- tools/testing/selftests/cgroup/test_kmem.c | 2 +- tools/testing/selftests/cgroup/test_memcontrol.c | 2 +- tools/testing/selftests/cgroup/test_zswap.c | 2 +- tools/testing/selftests/damon/_damon_sysfs.py | 2 + .../selftests/filesystems/binderfs/Makefile | 2 - .../ftrace/test.d/dynevent/add_remove_btfarg.tc | 2 +- tools/testing/selftests/kcmp/kcmp_test.c | 2 +- tools/testing/selftests/kvm/aarch64/vgic_init.c | 49 ++ tools/testing/selftests/lib.mk | 12 +- tools/testing/selftests/net/amt.sh | 12 +- tools/testing/selftests/net/config | 1 + .../selftests/net/forwarding/bridge_igmp.sh | 6 +- .../testing/selftests/net/forwarding/bridge_mld.sh | 6 +- tools/testing/selftests/net/lib.sh | 6 +- tools/testing/selftests/resctrl/Makefile | 4 +- .../selftests/syscall_user_dispatch/sud_test.c | 14 + tools/tracing/latency/latency-collector.c | 8 +- 565 files changed, 5865 insertions(+), 3850 deletions(-)

1 year, 3 months

10
503
0 0

[PATCH] ata: ahci: Do not enable LPM if no LPM states are supported by the HBA

by Niklas Cassel

LPM consists of HIPM (host initiated power management) and DIPM (device initiated power management). ata_eh_set_lpm() will only enable HIPM if both the HBA and the device supports it. However, DIPM will be enabled as long as the device supports it. The HBA will later reject the device's request to enter a power state that it does not support (Slumber/Partial/DevSleep) (DevSleep is never initiated by the device). For a HBA that doesn't support any LPM states, simply don't set a LPM policy such that all the HIPM/DIPM probing/enabling will be skipped. Not enabling HIPM or DIPM in the first place is safer than relying on the device following the AHCI specification and respecting the NAK. (There are comments in the code that some devices misbehave when receiving a NAK.) Performing this check in ahci_update_initial_lpm_policy() also has the advantage that a HBA that doesn't support any LPM states will take the exact same code paths as a port that is external/hot plug capable. Fixes: 7627a0edef54 ("ata: ahci: Drop low power policy board type") Cc: stable(a)vger.kernel.org Signed-off-by: Niklas Cassel <cassel(a)kernel.org> --- We have not received any bug reports with this. The devices that were quirked recently all supported both Partial and Slumber. This is more a defensive action, as it seems unnecessary to enable DIPM in the first place, if the HBA doesn't support any LPM states. drivers/ata/ahci.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c index 07d66d2c5f0d..214de08de642 100644 --- a/drivers/ata/ahci.c +++ b/drivers/ata/ahci.c @@ -1735,6 +1735,12 @@ static void ahci_update_initial_lpm_policy(struct ata_port *ap) if (ap->pflags & ATA_PFLAG_EXTERNAL) return; + /* If no LPM states are supported by the HBA, do not bother with LPM */ + if ((ap->host->flags & ATA_HOST_NO_PART) && + (ap->host->flags & ATA_HOST_NO_SSC) && + (ap->host->flags & ATA_HOST_NO_DEVSLP)) + return; + /* user modified policy via module param */ if (mobile_lpm_policy != -1) { policy = mobile_lpm_policy; -- 2.45.1

1 year, 3 months

2
1
0 0

[to-be-updated] mm-vmalloc-fix-vbq-free-breakage.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/vmalloc: fix vbq->free breakage has been removed from the -mm tree. Its filename was mm-vmalloc-fix-vbq-free-breakage.patch This patch was dropped because an updated version will be merged ------------------------------------------------------ From: "hailong.liu" <hailong.liu(a)oppo.com> Subject: mm/vmalloc: fix vbq->free breakage Date: Thu, 30 May 2024 17:31:08 +0800 The function xa_for_each() in _vm_unmap_aliases() loops through all vbs. However, since commit 062eacf57ad9 ("mm: vmalloc: remove a global vmap_blocks xarray") the vb from xarray may not be on the corresponding CPU vmap_block_queue. Consequently, purge_fragmented_block() might use the wrong vbq->lock to protect the free list, leading to vbq->free breakage. Link: https://lkml.kernel.org/r/20240530093108.4512-1-hailong.liu@oppo.com Fixes: fc1e0d980037 ("mm/vmalloc: prevent stale TLBs in fully utilized blocks") Signed-off-by: Hailong.Liu <liuhailong(a)oppo.com> Reported-by: Guangye Yang <guangye.yang(a)mediatek.com> Cc: Barry Song <21cnbao(a)gmail.com> Cc: Christoph Hellwig <hch(a)infradead.org> Cc: Gao Xiang <xiang(a)kernel.org> Cc: Guangye Yang <guangye.yang(a)mediatek.com> Cc: liuhailong <liuhailong(a)oppo.com> Cc: Lorenzo Stoakes <lstoakes(a)gmail.com> Cc: Uladzislau Rezki (Sony) <urezki(a)gmail.com> Cc: Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmalloc.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/mm/vmalloc.c~mm-vmalloc-fix-vbq-free-breakage +++ a/mm/vmalloc.c @@ -2830,10 +2830,9 @@ static void _vm_unmap_aliases(unsigned l for_each_possible_cpu(cpu) { struct vmap_block_queue *vbq = &per_cpu(vmap_block_queue, cpu); struct vmap_block *vb; - unsigned long idx; rcu_read_lock(); - xa_for_each(&vbq->vmap_blocks, idx, vb) { + list_for_each_entry_rcu(vb, &vbq->free, free_list) { spin_lock(&vb->lock); /* _ Patches currently in -mm which might be from hailong.liu(a)oppo.com are

1 year, 3 months

1
0
0 0

[PATCH 1/2] arm64: dts: qcom: sc7180: Disable SS instances in park mode

by Krishna Kurapati

On SC7180, in host mode, it is observed that stressing out controller in host mode results in HC died error and only restarting the host mode fixes it. Disable SS instances in park mode for these targets to avoid host controller being dead. Reported-by: Doug Anderson <dianders(a)google.com> Cc: <stable(a)vger.kernel.org> Fixes: 0b766e7fe5a2 ("arm64: dts: qcom: sc7180: Add USB related nodes") Signed-off-by: Krishna Kurapati <quic_kriskura(a)quicinc.com> --- arch/arm64/boot/dts/qcom/sc7180.dtsi | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm64/boot/dts/qcom/sc7180.dtsi b/arch/arm64/boot/dts/qcom/sc7180.dtsi index 2b481e20ae38..cc93b5675d5d 100644 --- a/arch/arm64/boot/dts/qcom/sc7180.dtsi +++ b/arch/arm64/boot/dts/qcom/sc7180.dtsi @@ -3063,6 +3063,7 @@ usb_1_dwc3: usb@a600000 { iommus = <&apps_smmu 0x540 0>; snps,dis_u2_susphy_quirk; snps,dis_enblslpm_quirk; + snps,parkmode-disable-ss-quirk; phys = <&usb_1_hsphy>, <&usb_1_qmpphy QMP_USB43DP_USB3_PHY>; phy-names = "usb2-phy", "usb3-phy"; maximum-speed = "super-speed"; -- 2.34.1

1 year, 3 months

4
3
0 0

[PATCH v4 2/7] PCI: xilinx-nwl: Fix off-by-one in IRQ handler

by Sean Anderson

MSGF_LEG_MASK is laid out with INTA in bit 0, INTB in bit 1, INTC in bit 2, and INTD in bit 3. Hardware IRQ numbers start at 0, and we register PCI_NUM_INTX irqs. So to enable INTA (aka hwirq 0) we should set bit 0. Remove the subtraction of one. This bug would cause legacy interrupts not to be delivered, as enabling INTB would actually enable INTA, and enabling INTA wouldn't enable anything at all. It is likely that this got overlooked for so long since most PCIe hardware uses MSIs. This fixes the following UBSAN error: UBSAN: shift-out-of-bounds in ../drivers/pci/controller/pcie-xilinx-nwl.c:389:11 shift exponent 18446744073709551615 is too large for 32-bit type 'int' CPU: 1 PID: 61 Comm: kworker/u10:1 Not tainted 6.6.20+ #268 Hardware name: xlnx,zynqmp (DT) Workqueue: events_unbound deferred_probe_work_func Call trace: dump_backtrace (arch/arm64/kernel/stacktrace.c:235) show_stack (arch/arm64/kernel/stacktrace.c:242) dump_stack_lvl (lib/dump_stack.c:107) dump_stack (lib/dump_stack.c:114) __ubsan_handle_shift_out_of_bounds (lib/ubsan.c:218 lib/ubsan.c:387) nwl_unmask_leg_irq (drivers/pci/controller/pcie-xilinx-nwl.c:389 (discriminator 1)) irq_enable (kernel/irq/internals.h:234 kernel/irq/chip.c:170 kernel/irq/chip.c:439 kernel/irq/chip.c:432 kernel/irq/chip.c:345) __irq_startup (kernel/irq/internals.h:239 kernel/irq/chip.c:180 kernel/irq/chip.c:250) irq_startup (kernel/irq/chip.c:270) __setup_irq (kernel/irq/manage.c:1800) request_threaded_irq (kernel/irq/manage.c:2206) pcie_pme_probe (include/linux/interrupt.h:168 drivers/pci/pcie/pme.c:348) <snip> Fixes: 9a181e1093af ("PCI: xilinx-nwl: Modify IRQ chip for legacy interrupts") Cc: <stable(a)vger.kernel.org> Signed-off-by: Sean Anderson <sean.anderson(a)linux.dev> --- Changes in v4: - Explain likely effects of the off-by-one error - Trim down UBSAN backtrace Changes in v3: - Expand commit message drivers/pci/controller/pcie-xilinx-nwl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/pci/controller/pcie-xilinx-nwl.c b/drivers/pci/controller/pcie-xilinx-nwl.c index 0408f4d612b5..437927e3bcca 100644 --- a/drivers/pci/controller/pcie-xilinx-nwl.c +++ b/drivers/pci/controller/pcie-xilinx-nwl.c @@ -371,7 +371,7 @@ static void nwl_mask_intx_irq(struct irq_data *data) u32 mask; u32 val; - mask = 1 << (data->hwirq - 1); + mask = 1 << data->hwirq; raw_spin_lock_irqsave(&pcie->leg_mask_lock, flags); val = nwl_bridge_readl(pcie, MSGF_LEG_MASK); nwl_bridge_writel(pcie, (val & (~mask)), MSGF_LEG_MASK); @@ -385,7 +385,7 @@ static void nwl_unmask_intx_irq(struct irq_data *data) u32 mask; u32 val; - mask = 1 << (data->hwirq - 1); + mask = 1 << data->hwirq; raw_spin_lock_irqsave(&pcie->leg_mask_lock, flags); val = nwl_bridge_readl(pcie, MSGF_LEG_MASK); nwl_bridge_writel(pcie, (val | mask), MSGF_LEG_MASK); -- 2.35.1.1320.gc452695387.dirty

1 year, 3 months

1
0
0 0

[PATCH v3] serial: port: Don't block system suspend even if bytes are left to xmit

by Douglas Anderson

Recently, suspend testing on sc7180-trogdor based devices has started to sometimes fail with messages like this: port a88000.serial:0.0: PM: calling pm_runtime_force_suspend+0x0/0xf8 @ 28934, parent: a88000.serial:0 port a88000.serial:0.0: PM: dpm_run_callback(): pm_runtime_force_suspend+0x0/0xf8 returns -16 port a88000.serial:0.0: PM: pm_runtime_force_suspend+0x0/0xf8 returned -16 after 33 usecs port a88000.serial:0.0: PM: failed to suspend: error -16 I could reproduce these problems by logging in via an agetty on the debug serial port (which was _not_ used for kernel console) and running: cat /var/log/messages ...and then (via an SSH session) forcing a few suspend/resume cycles. Tracing through the code and doing some printf()-based debugging shows that the -16 (-EBUSY) comes from the recently added serial_port_runtime_suspend(). The idea of the serial_port_runtime_suspend() function is to prevent the port from being _runtime_ suspended if it still has bytes left to transmit. Having bytes left to transmit isn't a reason to block _system_ suspend, though. If a serdev device in the kernel needs to block system suspend it should block its own suspend and it can use serdev_device_wait_until_sent() to ensure bytes are sent. The DEFINE_RUNTIME_DEV_PM_OPS() used by the serial_port code means that the system suspend function will be pm_runtime_force_suspend(). In pm_runtime_force_suspend() we can see that before calling the runtime suspend function we'll call pm_runtime_disable(). This should be a reliable way to detect that we're called from system suspend and that we shouldn't look for busyness. Fixes: 43066e32227e ("serial: port: Don't suspend if the port is still busy") Cc: stable(a)vger.kernel.org Reviewed-by: Tony Lindgren <tony.lindgren(a)linux.intel.com> Signed-off-by: Douglas Anderson <dianders(a)chromium.org> --- In v1 [1] this was part of a 2-patch series. I'm now just sending this patch on its own since the Qualcomm GENI serial driver has ended up having a whole pile of problems that are taking a while to unravel. It makes sense to disconnect the two efforts. The core problem fixed by this patch and the geni problems never had any dependencies anyway. [1] https://lore.kernel.org/r/20240523162207.1.I2395e66cf70c6e67d774c56943825c2… Changes in v3: - Adjust comment as per Tony Lindgren. - Add Cc: stable. Changes in v2: - Fix "regulator" => "regular" in comment. - Fix "PM Runtime" => "runtime PM" in comment. - Commit messages says how serdev devices should ensure bytes xfered. drivers/tty/serial/serial_port.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/tty/serial/serial_port.c b/drivers/tty/serial/serial_port.c index 91a338d3cb34..d35f1d24156c 100644 --- a/drivers/tty/serial/serial_port.c +++ b/drivers/tty/serial/serial_port.c @@ -64,6 +64,13 @@ static int serial_port_runtime_suspend(struct device *dev) if (port->flags & UPF_DEAD) return 0; + /* + * Nothing to do on pm_runtime_force_suspend(), see + * DEFINE_RUNTIME_DEV_PM_OPS. + */ + if (!pm_runtime_enabled(dev)) + return 0; + uart_port_lock_irqsave(port, &flags); if (!port_dev->tx_enabled) { uart_port_unlock_irqrestore(port, flags); -- 2.45.1.288.g0e0cd299f1-goog

1 year, 3 months

2
1
0 0

[PATCH 1/1] leds: ss4200: Convert PCIBIOS_* return codes to errnos

by Ilpo Järvinen

ich7_lpc_probe() uses pci_read_config_dword() that returns PCIBIOS_* codes. The error handling code assumes incorrectly it's a normal errno and checks for < 0. The return code is returned from the probe function as is but probe functions should return normal errnos. Remove < 0 from the check and convert PCIBIOS_* returns code using pcibios_err_to_errno() into normal errno before returning it. Fixes: a328e95b82c1 ("leds: LED driver for Intel NAS SS4200 series (v5)") Cc: stable(a)vger.kernel.org Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> --- drivers/leds/leds-ss4200.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/leds/leds-ss4200.c b/drivers/leds/leds-ss4200.c index fcaa34706b6c..2ef9fc7371bd 100644 --- a/drivers/leds/leds-ss4200.c +++ b/drivers/leds/leds-ss4200.c @@ -356,8 +356,10 @@ static int ich7_lpc_probe(struct pci_dev *dev, nas_gpio_pci_dev = dev; status = pci_read_config_dword(dev, PMBASE, &g_pm_io_base); - if (status) + if (status) { + status = pcibios_err_to_errno(status); goto out; + } g_pm_io_base &= 0x00000ff80; status = pci_read_config_dword(dev, GPIO_CTRL, &gc); @@ -369,8 +371,9 @@ static int ich7_lpc_probe(struct pci_dev *dev, } status = pci_read_config_dword(dev, GPIO_BASE, &nas_gpio_io_base); - if (0 > status) { + if (status) { dev_info(&dev->dev, "Unable to read GPIOBASE.\n"); + status = pcibios_err_to_errno(status); goto out; } dev_dbg(&dev->dev, ": GPIOBASE = 0x%08x\n", nas_gpio_io_base); -- 2.39.2

1 year, 3 months

2
1
0 0

[PATCH v2 5.10.y 0/2] bpf: fix warning in ftrace_verify_code()

by kovalev＠altlinux.org

This bug was found by syzkaller. The reproducer and the detailed warning log can be viewed here [1] [1] https://lore.kernel.org/bpf/20240129091746.260538-1-kovalev@altlinux.org/#t Capability cap_sys_admin is required for reproduce and on kernels with panic_on_warn enabled it will cause the system to crash. v2: Added an additional patch that fixes a build error by the clang compiler. To solve the problem, it is proposed to backport the following commits: [PATCH v2 5.10.y 1/2] bpf: Convert BPF_DISPATCHER to use static_call() (not [PATCH v2 5.10.y 2/2] bpf: Add explicit cast to 'void *' for

1 year, 3 months

1
2
0 0

[PATCH v2 5.15.y 0/2] bpf: fix warning in ftrace_verify_code()

by kovalev＠altlinux.org

This bug was found by syzkaller. The reproducer and the detailed warning log can be viewed here [1] [1] https://lore.kernel.org/bpf/20240129091746.260538-1-kovalev@altlinux.org/#t Capability cap_sys_admin is required for reproduce and on kernels with panic_on_warn enabled it will cause the system to crash. v2: Added an additional patch that fixes a build error by the clang compiler. To solve the problem, it is proposed to backport the following commits: [PATCH v2 5.15.y 1/2] bpf: Convert BPF_DISPATCHER to use static_call() (not [PATCH v2 5.15.y 2/2] bpf: Add explicit cast to 'void *' for

1 year, 3 months

1
2
0 0

[PATCH] ata: libata-core: Add ATA_HORKAGE_NOLPM for Apacer AS340

by Niklas Cassel

Commit 7627a0edef54 ("ata: ahci: Drop low power policy board type") dropped the board_ahci_low_power board type, and instead enables LPM if: -The AHCI controller reports that it supports LPM (Partial/Slumber), and -CONFIG_SATA_MOBILE_LPM_POLICY != 0, and -The port is not defined as external in the per port PxCMD register, and -The port is not defined as hotplug capable in the per port PxCMD register. Partial and Slumber LPM states can either be initiated by HIPM or DIPM. For HIPM (host initiated power management) to get enabled, both the AHCI controller and the drive have to report that they support HIPM. For DIPM (device initiated power management) to get enabled, only the drive has to report that it supports DIPM. However, the HBA will reject device requests to enter LPM states which the HBA does not support. The problem is that Apacer AS340 drives do not handle low power modes correctly. The problem was most likely not seen before because no one had used this drive with a AHCI controller with LPM enabled. Add a quirk so that we do not enable LPM for this drive, since we see command timeouts if we do (even though the drive claims to support DIPM). Fixes: 7627a0edef54 ("ata: ahci: Drop low power policy board type") Cc: stable(a)vger.kernel.org Reported-by: Tim Teichmann <teichmanntim(a)outlook.de> Closes: https://lore.kernel.org/linux-ide/87bk4pbve8.ffs@tglx/ Signed-off-by: Niklas Cassel <cassel(a)kernel.org> --- On the system reporting this issue, the HBA supports SALP (HIPM) and LPM states Partial and Slumber. This drive only supports DIPM but not HIPM, however, that should not matter, as a DIPM request from the device still has to be acked by the HBA, and according to AHCI 1.3.1, section 5.3.2.11 P:Idle, if the link layer has negotiated to low power state based on device power management request, the HBA will jump to state PM:LowPower. In PM:LowPower, the HBA will automatically request to wake the link (exit from Partial/Slumber) when a new command is queued (by writing to PxCI). Thus, there should be no need for host software to request an explicit wakeup (by writing PxCMD.ICC to 1). Therefore, even with only DIPM supported/enabled, we shouldn't see command timeouts with the current code. Also, only enabling only DIPM (by modifying the AHCI driver) with another drive (which support both DIPM and HIPM), shows no errors. Thus, it seems like the drive is the problem. drivers/ata/libata-core.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c index 4f35aab81a0a..25b400f1c3de 100644 --- a/drivers/ata/libata-core.c +++ b/drivers/ata/libata-core.c @@ -4155,6 +4155,9 @@ static const struct ata_blacklist_entry ata_device_blacklist [] = { ATA_HORKAGE_ZERO_AFTER_TRIM | ATA_HORKAGE_NOLPM }, + /* Apacer models with LPM issues */ + { "Apacer AS340*", NULL, ATA_HORKAGE_NOLPM }, + /* These specific Samsung models/firmware-revs do not handle LPM well */ { "SAMSUNG MZMPC128HBFU-000MV", "CXM14M1Q", ATA_HORKAGE_NOLPM }, { "SAMSUNG SSD PM830 mSATA *", "CXM13D1Q", ATA_HORKAGE_NOLPM }, -- 2.45.1

1 year, 3 months

3
5
0 0

[PATCH] ata: libata-core: Add ATA_HORKAGE_NOLPM for AMD Radeon S3 SSD

by Niklas Cassel

Commit 7627a0edef54 ("ata: ahci: Drop low power policy board type") dropped the board_ahci_low_power board type, and instead enables LPM if: -The AHCI controller reports that it supports LPM (Partial/Slumber), and -CONFIG_SATA_MOBILE_LPM_POLICY != 0, and -The port is not defined as external in the per port PxCMD register, and -The port is not defined as hotplug capable in the per port PxCMD register. Partial and Slumber LPM states can either be initiated by HIPM or DIPM. For HIPM (host initiated power management) to get enabled, both the AHCI controller and the drive have to report that they support HIPM. For DIPM (device initiated power management) to get enabled, only the drive has to report that it supports DIPM. However, the HBA will reject device requests to enter LPM states which the HBA does not support. The problem is that AMD Radeon S3 SSD drives do not handle low power modes correctly. The problem was most likely not seen before because no one had used this drive with a AHCI controller with LPM enabled. Add a quirk so that we do not enable LPM for this drive, since we see command timeouts if we do (even though the drive claims to support DIPM). Fixes: 7627a0edef54 ("ata: ahci: Drop low power policy board type") Cc: stable(a)vger.kernel.org Reported-by: Doru Iorgulescu <doru.iorgulescu1(a)gmail.com> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218832 Signed-off-by: Niklas Cassel <cassel(a)kernel.org> --- drivers/ata/libata-core.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c index 4f35aab81a0a..6c4b69d34aa1 100644 --- a/drivers/ata/libata-core.c +++ b/drivers/ata/libata-core.c @@ -4155,6 +4155,9 @@ static const struct ata_blacklist_entry ata_device_blacklist [] = { ATA_HORKAGE_ZERO_AFTER_TRIM | ATA_HORKAGE_NOLPM }, + /* AMD Radeon devices with broken LPM support */ + { "R3SL240G", NULL, ATA_HORKAGE_NOLPM }, + /* These specific Samsung models/firmware-revs do not handle LPM well */ { "SAMSUNG MZMPC128HBFU-000MV", "CXM14M1Q", ATA_HORKAGE_NOLPM }, { "SAMSUNG SSD PM830 mSATA *", "CXM13D1Q", ATA_HORKAGE_NOLPM }, -- 2.45.1

1 year, 3 months

3
3
0 0

[PATCH] ata: libata-core: Add ATA_HORKAGE_NOLPM for Crucial CT240BX500SSD1

by Niklas Cassel

Commit 7627a0edef54 ("ata: ahci: Drop low power policy board type") dropped the board_ahci_low_power board type, and instead enables LPM if: -The AHCI controller reports that it supports LPM (Partial/Slumber), and -CONFIG_SATA_MOBILE_LPM_POLICY != 0, and -The port is not defined as external in the per port PxCMD register, and -The port is not defined as hotplug capable in the per port PxCMD register. Partial and Slumber LPM states can either be initiated by HIPM or DIPM. For HIPM (host initiated power management) to get enabled, both the AHCI controller and the drive have to report that they support HIPM. For DIPM (device initiated power management) to get enabled, only the drive has to report that it supports DIPM. However, the HBA will reject device requests to enter LPM states which the HBA does not support. The problem is that Crucial CT240BX500SSD1 drives do not handle low power modes correctly. The problem was most likely not seen before because no one had used this drive with a AHCI controller with LPM enabled. Add a quirk so that we do not enable LPM for this drive, since we see command timeouts if we do (even though the drive claims to support DIPM). Fixes: 7627a0edef54 ("ata: ahci: Drop low power policy board type") Cc: stable(a)vger.kernel.org Reported-by: Aarrayy <lp610mh(a)gmail.com> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218832 Signed-off-by: Niklas Cassel <cassel(a)kernel.org> --- On the system reporting this issue, the HBA supports SALP (HIPM) and LPM states Partial and Slumber. This drive only supports DIPM but not HIPM, however, that should not matter, as a DIPM request from the device still has to be acked by the HBA, and according to AHCI 1.3.1, section 5.3.2.11 P:Idle, if the link layer has negotiated to low power state based on device power management request, the HBA will jump to state PM:LowPower. In PM:LowPower, the HBA will automatically request to wake the link (exit from Partial/Slumber) when a new command is queued (by writing to PxCI). Thus, there should be no need for host software to request an explicit wakeup (by writing PxCMD.ICC to 1). Therefore, even with only DIPM supported/enabled, we shouldn't see command timeouts with the current code. Also, only enabling only DIPM (by modifying the AHCI driver) with another drive (which support both DIPM and HIPM), shows no errors. Thus, it seems like the drive is the problem. drivers/ata/libata-core.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c index 4f35aab81a0a..b0ce621fe2a1 100644 --- a/drivers/ata/libata-core.c +++ b/drivers/ata/libata-core.c @@ -4136,8 +4136,9 @@ static const struct ata_blacklist_entry ata_device_blacklist [] = { { "PIONEER BD-RW BDR-207M", NULL, ATA_HORKAGE_NOLPM }, { "PIONEER BD-RW BDR-205", NULL, ATA_HORKAGE_NOLPM }, - /* Crucial BX100 SSD 500GB has broken LPM support */ + /* Crucial devices with broken LPM support */ { "CT500BX100SSD1", NULL, ATA_HORKAGE_NOLPM }, + { "CT240BX500SSD1", NULL, ATA_HORKAGE_NOLPM }, /* 512GB MX100 with MU01 firmware has both queued TRIM and LPM issues */ { "Crucial_CT512MX100*", "MU01", ATA_HORKAGE_NO_NCQ_TRIM | -- 2.45.1

1 year, 3 months

3
3
0 0

[PATCH 2/2] PCI: of_property: Fix NULL pointer defererence in of_pci_prop_intr_map()

by Nam Cao

The subordinate pointer can be null if we are out of bus number. The function of_pci_prop_intr_map() deferences this pointer without checking and may crashes the kernel. This crash can be reproduced by starting a QEMU instance: qemu-system-riscv64 -machine virt \ -kernel ../build-pci-riscv/arch/riscv/boot/Image \ -append "console=ttyS0 root=/dev/vda" \ -nographic \ -drive "file=root.img,format=raw,id=hd0" \ -device virtio-blk-device,drive=hd0 \ -device pcie-root-port,bus=pcie.0,slot=1,id=rp1,bus-reserve=0 \ -device pcie-pci-bridge,id=br1,bus=rp1 Then hot-add a bridge with device_add pci-bridge,id=br2,bus=br1,chassis_nr=1,addr=1 Then the kernel crashes: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000028 [snip] [<ffffffff804dac82>] of_pci_prop_intr_map+0x104/0x362 [<ffffffff804db262>] of_pci_add_properties+0x382/0x3ca [<ffffffff804c8228>] of_pci_make_dev_node+0xb6/0x116 [<ffffffff804a6b72>] pci_bus_add_device+0xa8/0xaa [<ffffffff804a6ba4>] pci_bus_add_devices+0x30/0x6a [<ffffffff804d3b5c>] shpchp_configure_device+0xa0/0x112 [<ffffffff804d2b3a>] board_added+0xce/0x354 [<ffffffff804d2e9a>] shpchp_enable_slot+0xda/0x30c [<ffffffff804d336c>] shpchp_pushbutton_thread+0x84/0xa0 NULL check this pointer first before proceeding. Fixes: 407d1a51921e ("PCI: Create device tree node for bridge") Signed-off-by: Nam Cao <namcao(a)linutronix.de> Cc: stable(a)vger.kernel.org --- drivers/pci/of_property.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/pci/of_property.c b/drivers/pci/of_property.c index 5fb516807ba2..c405978a0b7e 100644 --- a/drivers/pci/of_property.c +++ b/drivers/pci/of_property.c @@ -199,6 +199,9 @@ static int of_pci_prop_intr_map(struct pci_dev *pdev, struct of_changeset *ocs, int ret; u8 pin; + if (!pdev->subordinate) + return 0; + pnode = pci_device_to_OF_node(pdev->bus->self); if (!pnode) pnode = pci_bus_to_OF_node(pdev->bus); -- 2.39.2

1 year, 3 months

1
0
0 0

[PATCH 1/2] PCI: of_property: Fix NULL pointer defererence in of_pci_prop_bus_range()

by Nam Cao

The subordinate pointer can be null if we are out of bus number. The function of_pci_prop_bus_range() deferences this pointer without checking and may crashes the kernel. This crash can be reproduced by starting a QEMU instance: qemu-system-riscv64 -machine virt \ -kernel ../build-pci-riscv/arch/riscv/boot/Image \ -append "console=ttyS0 root=/dev/vda" \ -nographic \ -drive "file=root.img,format=raw,id=hd0" \ -device virtio-blk-device,drive=hd0 \ -device pcie-root-port,bus=pcie.0,slot=1,id=rp1,bus-reserve=0 \ -device pcie-pci-bridge,id=br1,bus=rp1 Then hot-add a bridge with device_add pci-bridge,id=br2,bus=br1,chassis_nr=1,addr=1 Then the kernel crashes: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000088 [snip] [<ffffffff804db234>] of_pci_add_properties+0x34c/0x3c6 [<ffffffff804c8228>] of_pci_make_dev_node+0xb6/0x116 [<ffffffff804a6b72>] pci_bus_add_device+0xa8/0xaa [<ffffffff804a6ba4>] pci_bus_add_devices+0x30/0x6a [<ffffffff804d3b5c>] shpchp_configure_device+0xa0/0x112 [<ffffffff804d2b3a>] board_added+0xce/0x354 [<ffffffff804d2e9a>] shpchp_enable_slot+0xda/0x30c [<ffffffff804d336c>] shpchp_pushbutton_thread+0x84/0xa0 NULL check this pointer first before proceeding. Fixes: 407d1a51921e ("PCI: Create device tree node for bridge") Signed-off-by: Nam Cao <namcao(a)linutronix.de> Cc: stable(a)vger.kernel.org --- drivers/pci/of_property.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/pci/of_property.c b/drivers/pci/of_property.c index c2c7334152bc..5fb516807ba2 100644 --- a/drivers/pci/of_property.c +++ b/drivers/pci/of_property.c @@ -91,6 +91,9 @@ static int of_pci_prop_bus_range(struct pci_dev *pdev, struct of_changeset *ocs, struct device_node *np) { + if (!pdev->subordinate) + return 0; + u32 bus_range[] = { pdev->subordinate->busn_res.start, pdev->subordinate->busn_res.end }; -- 2.39.2

1 year, 3 months

1
0
0 0

[PATCH] PCI: hotplug: shpchp: Prevent NULL pointer dereference during probe

by Nam Cao

pci_dev->subordinate pointer can be NULL if we run out of bus number. The driver deferences this pointer without checking, and the kernel crashes. This crash can be reproduced by starting a QEMU instance: qemu-system-x86_64 -machine pc-q35-2.10 \ -kernel bzImage \ -drive "file=img,format=raw" \ -m 2048 -smp 1 -enable-kvm \ -append "console=ttyS0 root=/dev/sda debug" \ -nographic \ -device pcie-root-port,bus=pcie.0,slot=1,id=rp1 \ -device pcie-pci-bridge,id=br1,bus=rp1 Then hot-add a bridge with the QEMU command: device_add pci-bridge,id=br2,bus=br1,chassis_nr=1,addr=1 Then the kernel crashes: shpchp 0000:02:01.0: enabling device (0000 -> 0002) shpchp 0000:02:01.0: enabling bus mastering BUG: kernel NULL pointer dereference, address: 00000000000000da [snip] Call Trace: <TASK> ? show_regs+0x63/0x70 ? __die+0x23/0x70 ? page_fault_oops+0x17a/0x480 ? shpc_init+0x3fb/0x9d0 ? search_module_extables+0x4e/0x80 ? shpc_init+0x3fb/0x9d0 ? kernelmode_fixup_or_oops+0x9b/0x120 ? __bad_area_nosemaphore+0x16e/0x240 ? bad_area_nosemaphore+0x11/0x20 ? do_user_addr_fault+0x2a3/0x610 ? exc_page_fault+0x6d/0x160 ? asm_exc_page_fault+0x2b/0x30 ? shpc_init+0x3fb/0x9d0 shpc_probe+0x92/0x390 NULL check this pointer first before proceeding. If there is no secondary bus number, there is no point in initializing this hot-plug controller, so just bails out. Signed-off-by: Nam Cao <namcao(a)linutronix.de> Cc: stable(a)vger.kernel.org # all --- This one exists since beginning of git history. So I didn't bother with a Fixes: tag. This patch is almost a copy-paste from pciehp --- drivers/pci/hotplug/shpchp_core.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/pci/hotplug/shpchp_core.c b/drivers/pci/hotplug/shpchp_core.c index 56c7795ed890..14cf9e894201 100644 --- a/drivers/pci/hotplug/shpchp_core.c +++ b/drivers/pci/hotplug/shpchp_core.c @@ -262,6 +262,12 @@ static int shpc_probe(struct pci_dev *pdev, const struct pci_device_id *ent) if (acpi_get_hp_hw_control_from_firmware(pdev)) return -ENODEV; + if (!pdev->subordinate) { + /* Can happen if we run out of bus numbers during probe */ + pci_err(pdev, "Hotplug bridge without secondary bus, ignoring\n"); + return -ENODEV; + } + ctrl = kzalloc(sizeof(*ctrl), GFP_KERNEL); if (!ctrl) goto err_out_none; -- 2.39.2

1 year, 3 months

1
0
0 0

[PATCH] PCI: Bail out if bus number overflows during scan

by Nam Cao

In function pci_scan_bridge_extend(), if the variable next_busnr gets to 256, "child = pci_find_bus()" will return bus 0 (root bus). Consequently, we have a circular PCI topology. The scan will then go in circle until the kernel crashes due to stack overflow. This can be reproduced with: qemu-system-x86_64 -machine pc-q35-2.10 \ -kernel bzImage \ -m 2048 -smp 1 -enable-kvm \ -append "console=ttyS0 root=/dev/sda debug" \ -nographic \ -device pcie-root-port,bus=pcie.0,slot=1,id=rp1,bus-reserve=253 \ -device pcie-root-port,bus=pcie.0,slot=2,id=rp2,bus-reserve=0 \ -device pcie-root-port,bus=pcie.0,slot=3,id=rp3,bus-reserve=0 Check if next_busnr "overflow" and bail out if this is the case. Signed-off-by: Nam Cao <namcao(a)linutronix.de> Cc: stable(a)vger.kernel.org # all --- This bug exists since the beginning of git history. So I didn't bother tracing beyond git to see which patch introduced this. --- drivers/pci/probe.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c index 1325fbae2f28..03caae76337c 100644 --- a/drivers/pci/probe.c +++ b/drivers/pci/probe.c @@ -1382,6 +1382,9 @@ static int pci_scan_bridge_extend(struct pci_bus *bus, struct pci_dev *dev, else next_busnr = max + 1; + if (next_busnr == 256) + goto out; + /* * Prevent assigning a bus number that already exists. * This can happen when a bridge is hot-plugged, so in this -- 2.39.2

1 year, 3 months

1
0
0 0

Re: Patch "ovl: add helper ovl_file_modified()" has been added to the 6.6-stable tree

by Amir Goldstein

On Thu, May 30, 2024 at 10:05 PM Sasha Levin <sashal(a)kernel.org> wrote: > > This is a note to let you know that I've just added the patch titled > > ovl: add helper ovl_file_modified() > > to the 6.6-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > ovl-add-helper-ovl_file_modified.patch > and it can be found in the queue-6.6 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit f87db32c0cdadc7eea4a37560867da0bd0bb87e8 > Author: Amir Goldstein <amir73il(a)gmail.com> > Date: Wed Sep 27 13:43:44 2023 +0300 > > ovl: add helper ovl_file_modified() > > [ Upstream commit c002728f608183449673818076380124935e6b9b ] > > A simple wrapper for updating ovl inode size/mtime, to conform > with ovl_file_accessed(). > > Signed-off-by: Amir Goldstein <amir73il(a)gmail.com> > Stable-dep-of: 7c98f7cb8fda ("remove call_{read,write}_iter() functions") > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > No objection to this patch, except for the fact that I think it is not in the best interest of the stable tree to backport 7c98f7cb8fda as is. I suggest that you consider backporting only the parts of 7c98f7cb8fda that open code call_{read,write}_iter() in call sites (some or all), if you need those as dependencies but actually leave the wrappers in the stable tree. If the bots selected 7c98f7cb8fda to stable because of the Fixes: tag, then I think that Fixes: tag was misleading the stable bots in this case. Thanks, Amir. > diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c > index 8be4dc050d1ed..9fd88579bfbfb 100644 > --- a/fs/overlayfs/file.c > +++ b/fs/overlayfs/file.c > @@ -235,6 +235,12 @@ static loff_t ovl_llseek(struct file *file, loff_t offset, int whence) > return ret; > } > > +static void ovl_file_modified(struct file *file) > +{ > + /* Update size/mtime */ > + ovl_copyattr(file_inode(file)); > +} > + > static void ovl_file_accessed(struct file *file) > { > struct inode *inode, *upperinode; > @@ -290,10 +296,8 @@ static void ovl_aio_cleanup_handler(struct ovl_aio_req *aio_req) > struct kiocb *orig_iocb = aio_req->orig_iocb; > > if (iocb->ki_flags & IOCB_WRITE) { > - struct inode *inode = file_inode(orig_iocb->ki_filp); > - > kiocb_end_write(iocb); > - ovl_copyattr(inode); > + ovl_file_modified(orig_iocb->ki_filp); > } > > orig_iocb->ki_pos = iocb->ki_pos; > @@ -403,7 +407,7 @@ static ssize_t ovl_write_iter(struct kiocb *iocb, struct iov_iter *iter) > ovl_iocb_to_rwf(ifl)); > file_end_write(real.file); > /* Update size */ > - ovl_copyattr(inode); > + ovl_file_modified(file); > } else { > struct ovl_aio_req *aio_req; > > @@ -489,7 +493,7 @@ static ssize_t ovl_splice_write(struct pipe_inode_info *pipe, struct file *out, > > file_end_write(real.file); > /* Update size */ > - ovl_copyattr(inode); > + ovl_file_modified(out); > revert_creds(old_cred); > fdput(real); > > @@ -570,7 +574,7 @@ static long ovl_fallocate(struct file *file, int mode, loff_t offset, loff_t len > revert_creds(old_cred); > > /* Update size */ > - ovl_copyattr(inode); > + ovl_file_modified(file); > > fdput(real); > > @@ -654,7 +658,7 @@ static loff_t ovl_copyfile(struct file *file_in, loff_t pos_in, > revert_creds(old_cred); > > /* Update size */ > - ovl_copyattr(inode_out); > + ovl_file_modified(file_out); > > fdput(real_in); > fdput(real_out);

1 year, 3 months

1
0
0 0

Re: Patch "fs: move kiocb_start_write() into vfs_iocb_iter_write()" has been added to the 6.6-stable tree

by Amir Goldstein

On Thu, May 30, 2024 at 10:05 PM Sasha Levin <sashal(a)kernel.org> wrote: > > This is a note to let you know that I've just added the patch titled > > fs: move kiocb_start_write() into vfs_iocb_iter_write() > > to the 6.6-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > fs-move-kiocb_start_write-into-vfs_iocb_iter_write.patch > and it can be found in the queue-6.6 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit 17f38d69e7960a2b346db04750b0e4ba867c0b83 > Author: Amir Goldstein <amir73il(a)gmail.com> > Date: Wed Nov 22 14:27:12 2023 +0200 > > fs: move kiocb_start_write() into vfs_iocb_iter_write() > > [ Upstream commit 6ae654392bb516a0baa47fed1f085d84e8cad739 ] > > In vfs code, sb_start_write() is usually called after the permission hook > in rw_verify_area(). vfs_iocb_iter_write() is an exception to this rule, > where kiocb_start_write() is called by its callers. > > Move kiocb_start_write() from the callers into vfs_iocb_iter_write() > after the rw_verify_area() checks, to make them "start-write-safe". > > The semantics of vfs_iocb_iter_write() is changed, so that the caller is > responsible for calling kiocb_end_write() on completion only if async > iocb was queued. The completion handlers of both callers were adapted > to this semantic change. > This comment about semantics change looks like a clue from my past self that backporting this commit as standalone is risky. This commit was part of a pretty big shuffle in splice and ovl code. I'd feel much more comfortable with backporting the entire ovl series 14ab6d425e8067..5b02bfc1e7e3 and splice series v6.7..6ae654392bb51 than just 3 individual commits in the middle. Thanks, Amir. > This is needed for fanotify "pre content" events. > > Suggested-by: Jan Kara <jack(a)suse.cz> > Suggested-by: Josef Bacik <josef(a)toxicpanda.com> > Signed-off-by: Amir Goldstein <amir73il(a)gmail.com> > Link: https://lore.kernel.org/r/20231122122715.2561213-14-amir73il@gmail.com > Reviewed-by: Josef Bacik <josef(a)toxicpanda.com> > Reviewed-by: Jan Kara <jack(a)suse.cz> > Signed-off-by: Christian Brauner <brauner(a)kernel.org> > Stable-dep-of: 7c98f7cb8fda ("remove call_{read,write}_iter() functions") > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/fs/cachefiles/io.c b/fs/cachefiles/io.c > index 009d23cd435b5..5857241c59181 100644 > --- a/fs/cachefiles/io.c > +++ b/fs/cachefiles/io.c > @@ -259,7 +259,8 @@ static void cachefiles_write_complete(struct kiocb *iocb, long ret) > > _enter("%ld", ret); > > - kiocb_end_write(iocb); > + if (ki->was_async) > + kiocb_end_write(iocb); > > if (ret < 0) > trace_cachefiles_io_error(object, inode, ret, > @@ -319,8 +320,6 @@ int __cachefiles_write(struct cachefiles_object *object, > ki->iocb.ki_complete = cachefiles_write_complete; > atomic_long_add(ki->b_writing, &cache->b_writing); > > - kiocb_start_write(&ki->iocb); > - > get_file(ki->iocb.ki_filp); > cachefiles_grab_object(object, cachefiles_obj_get_ioreq); > > diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c > index 9fd88579bfbfb..a1c64c2b8e204 100644 > --- a/fs/overlayfs/file.c > +++ b/fs/overlayfs/file.c > @@ -295,10 +295,8 @@ static void ovl_aio_cleanup_handler(struct ovl_aio_req *aio_req) > struct kiocb *iocb = &aio_req->iocb; > struct kiocb *orig_iocb = aio_req->orig_iocb; > > - if (iocb->ki_flags & IOCB_WRITE) { > - kiocb_end_write(iocb); > + if (iocb->ki_flags & IOCB_WRITE) > ovl_file_modified(orig_iocb->ki_filp); > - } > > orig_iocb->ki_pos = iocb->ki_pos; > ovl_aio_put(aio_req); > @@ -310,6 +308,9 @@ static void ovl_aio_rw_complete(struct kiocb *iocb, long res) > struct ovl_aio_req, iocb); > struct kiocb *orig_iocb = aio_req->orig_iocb; > > + if (iocb->ki_flags & IOCB_WRITE) > + kiocb_end_write(iocb); > + > ovl_aio_cleanup_handler(aio_req); > orig_iocb->ki_complete(orig_iocb, res); > } > @@ -421,7 +422,6 @@ static ssize_t ovl_write_iter(struct kiocb *iocb, struct iov_iter *iter) > aio_req->iocb.ki_flags = ifl; > aio_req->iocb.ki_complete = ovl_aio_rw_complete; > refcount_set(&aio_req->ref, 2); > - kiocb_start_write(&aio_req->iocb); > ret = vfs_iocb_iter_write(real.file, &aio_req->iocb, iter); > ovl_aio_put(aio_req); > if (ret != -EIOCBQUEUED) > diff --git a/fs/read_write.c b/fs/read_write.c > index 4771701c896ba..9a56949f3b8d1 100644 > --- a/fs/read_write.c > +++ b/fs/read_write.c > @@ -865,6 +865,10 @@ static ssize_t do_iter_write(struct file *file, struct iov_iter *iter, > return ret; > } > > +/* > + * Caller is responsible for calling kiocb_end_write() on completion > + * if async iocb was queued. > + */ > ssize_t vfs_iocb_iter_write(struct file *file, struct kiocb *iocb, > struct iov_iter *iter) > { > @@ -885,7 +889,10 @@ ssize_t vfs_iocb_iter_write(struct file *file, struct kiocb *iocb, > if (ret < 0) > return ret; > > + kiocb_start_write(iocb); > ret = call_write_iter(file, iocb, iter); > + if (ret != -EIOCBQUEUED) > + kiocb_end_write(iocb); > if (ret > 0) > fsnotify_modify(file); >

1 year, 3 months

1
0
0 0

Re: Patch "splice: remove permission hook from iter_file_splice_write()" has been added to the 6.6-stable tree

by Amir Goldstein

On Thu, May 30, 2024 at 10:05 PM Sasha Levin <sashal(a)kernel.org> wrote: > > This is a note to let you know that I've just added the patch titled > > splice: remove permission hook from iter_file_splice_write() > > to the 6.6-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > splice-remove-permission-hook-from-iter_file_splice_.patch > and it can be found in the queue-6.6 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit 9519e9d1e625d4f01b3c8a1c32042e3f5da53b0b > Author: Amir Goldstein <amir73il(a)gmail.com> > Date: Thu Nov 23 18:51:44 2023 +0100 > > splice: remove permission hook from iter_file_splice_write() > > [ Upstream commit d53471ba6f7ae97a4e223539029528108b705af1 ] > > All the callers of ->splice_write(), (e.g. do_splice_direct() and > do_splice()) already check rw_verify_area() for the entire range > and perform all the other checks that are in vfs_write_iter(). > Alas, that is incorrect for 6.6.y, because it depends on prior commit ca7ab482401c ("ovl: add permission hooks outside of do_splice_direct()") And in any case, this commit is part of a pretty hairy shuffle in splice code. I'd feel much more comfortable with backporting the entire series 0db1d53937fa..6ae654392bb51 than just 3 individual commits in the middle of the series. I looked into it and ca7ab482401c does not apply cleanly to 6.6.y - it depends on the ovl changes 14ab6d425e8067..5b02bfc1e7e3. Not only for conflict, but also for correct locking order. That amounts to quite a few non trivial ovl and splice patches, so maybe you need to reconsider, but on the up side, all those ovl and splice patches are actually very subtle bug fixes, so I cannot say that they are not stable tree worthy. There is also a coda commit that depends on this for conflict: 581a4d003001 coda: convert to new timestamp accessors I did not check if it all compiles or works, only that it applies cleanly. > Instead of creating another tiny helper for special caller, just > open-code it. > > This is needed for fanotify "pre content" events. > > Suggested-by: Jan Kara <jack(a)suse.cz> > Reviewed-by: Josef Bacik <josef(a)toxicpanda.com> > Signed-off-by: Amir Goldstein <amir73il(a)gmail.com> > Link: https://lore.kernel.org/r/20231122122715.2561213-6-amir73il@gmail.com > Signed-off-by: Christian Brauner <brauner(a)kernel.org> > Stable-dep-of: 7c98f7cb8fda ("remove call_{read,write}_iter() functions") Why would you want to backport this commit? It hinders backporting work - it does not assist it. Any new code that open codes call_{read,write}_iter() is not affected by the existence of the helpers in stable kernels and any old code that does use these helpers works as well. Thanks, Amir.

1 year, 3 months

1
0
0 0

[PATCH] arch/powerpc/kvm: Fix doorbell emulation by adding DPDES support

by Gautam Menghani

Doorbell emulation is broken for KVM on PowerVM guests as support for DPDES was not added in the initial patch series. Due to this, a KVM on PowerVM guest cannot be booted with the XICS interrupt controller as doorbells are to be setup in the initial probe path when using XICS (pSeries_smp_probe()). Add DPDES support in the host KVM code to fix doorbell emulation. Fixes: 6ccbbc33f06a ("KVM: PPC: Add helper library for Guest State Buffers") Signed-off-by: Gautam Menghani <gautam(a)linux.ibm.com> --- Documentation/arch/powerpc/kvm-nested.rst | 4 +++- arch/powerpc/include/asm/guest-state-buffer.h | 3 ++- arch/powerpc/include/asm/kvm_book3s.h | 1 + arch/powerpc/kvm/book3s_hv.c | 14 +++++++++++++- arch/powerpc/kvm/book3s_hv_nestedv2.c | 7 +++++++ arch/powerpc/kvm/test-guest-state-buffer.c | 2 +- 6 files changed, 27 insertions(+), 4 deletions(-) diff --git a/Documentation/arch/powerpc/kvm-nested.rst b/Documentation/arch/powerpc/kvm-nested.rst index 630602a8aa00..5defd13cc6c1 100644 --- a/Documentation/arch/powerpc/kvm-nested.rst +++ b/Documentation/arch/powerpc/kvm-nested.rst @@ -546,7 +546,9 @@ table information. +--------+-------+----+--------+----------------------------------+ | 0x1052 | 0x08 | RW | T | CTRL | +--------+-------+----+--------+----------------------------------+ -| 0x1053-| | | | Reserved | +| 0x1053 | 0x08 | RW | T | DPDES | ++--------+-------+----+--------+----------------------------------+ +| 0x1054-| | | | Reserved | | 0x1FFF | | | | | +--------+-------+----+--------+----------------------------------+ | 0x2000 | 0x04 | RW | T | CR | diff --git a/arch/powerpc/include/asm/guest-state-buffer.h b/arch/powerpc/include/asm/guest-state-buffer.h index 808149f31576..d107abe1468f 100644 --- a/arch/powerpc/include/asm/guest-state-buffer.h +++ b/arch/powerpc/include/asm/guest-state-buffer.h @@ -81,6 +81,7 @@ #define KVMPPC_GSID_HASHKEYR 0x1050 #define KVMPPC_GSID_HASHPKEYR 0x1051 #define KVMPPC_GSID_CTRL 0x1052 +#define KVMPPC_GSID_DPDES 0x1053 #define KVMPPC_GSID_CR 0x2000 #define KVMPPC_GSID_PIDR 0x2001 @@ -110,7 +111,7 @@ #define KVMPPC_GSE_META_COUNT (KVMPPC_GSE_META_END - KVMPPC_GSE_META_START + 1) #define KVMPPC_GSE_DW_REGS_START KVMPPC_GSID_GPR(0) -#define KVMPPC_GSE_DW_REGS_END KVMPPC_GSID_CTRL +#define KVMPPC_GSE_DW_REGS_END KVMPPC_GSID_DPDES #define KVMPPC_GSE_DW_REGS_COUNT \ (KVMPPC_GSE_DW_REGS_END - KVMPPC_GSE_DW_REGS_START + 1) diff --git a/arch/powerpc/include/asm/kvm_book3s.h b/arch/powerpc/include/asm/kvm_book3s.h index 3e1e2a698c9e..10618622d7ef 100644 --- a/arch/powerpc/include/asm/kvm_book3s.h +++ b/arch/powerpc/include/asm/kvm_book3s.h @@ -594,6 +594,7 @@ static inline u##size kvmppc_get_##reg(struct kvm_vcpu *vcpu) \ KVMPPC_BOOK3S_VCORE_ACCESSOR(vtb, 64, KVMPPC_GSID_VTB) +KVMPPC_BOOK3S_VCORE_ACCESSOR(dpdes, 64, KVMPPC_GSID_DPDES) KVMPPC_BOOK3S_VCORE_ACCESSOR_GET(arch_compat, 32, KVMPPC_GSID_LOGICAL_PVR) KVMPPC_BOOK3S_VCORE_ACCESSOR_GET(lpcr, 64, KVMPPC_GSID_LPCR) KVMPPC_BOOK3S_VCORE_ACCESSOR_SET(tb_offset, 64, KVMPPC_GSID_TB_OFFSET) diff --git a/arch/powerpc/kvm/book3s_hv.c b/arch/powerpc/kvm/book3s_hv.c index 35cb014a0c51..cf285e5153ba 100644 --- a/arch/powerpc/kvm/book3s_hv.c +++ b/arch/powerpc/kvm/book3s_hv.c @@ -4116,6 +4116,11 @@ static int kvmhv_vcpu_entry_nestedv2(struct kvm_vcpu *vcpu, u64 time_limit, int trap; long rc; + if (vcpu->arch.doorbell_request) { + vcpu->arch.doorbell_request = 0; + kvmppc_set_dpdes(vcpu, 1); + } + io = &vcpu->arch.nestedv2_io; msr = mfmsr(); @@ -4278,9 +4283,16 @@ static int kvmhv_p9_guest_entry(struct kvm_vcpu *vcpu, u64 time_limit, if (kvmhv_on_pseries()) { if (kvmhv_is_nestedv1()) trap = kvmhv_vcpu_entry_p9_nested(vcpu, time_limit, lpcr, tb); - else + else { trap = kvmhv_vcpu_entry_nestedv2(vcpu, time_limit, lpcr, tb); + /* Remember doorbell if it is pending */ + if (kvmppc_get_dpdes(vcpu)) { + vcpu->arch.doorbell_request = 1; + kvmppc_set_dpdes(vcpu, 0); + } + } + /* H_CEDE has to be handled now, not later */ if (trap == BOOK3S_INTERRUPT_SYSCALL && !nested && kvmppc_get_gpr(vcpu, 3) == H_CEDE) { diff --git a/arch/powerpc/kvm/book3s_hv_nestedv2.c b/arch/powerpc/kvm/book3s_hv_nestedv2.c index 8e6f5355f08b..36863fff2a99 100644 --- a/arch/powerpc/kvm/book3s_hv_nestedv2.c +++ b/arch/powerpc/kvm/book3s_hv_nestedv2.c @@ -311,6 +311,10 @@ static int gs_msg_ops_vcpu_fill_info(struct kvmppc_gs_buff *gsb, rc = kvmppc_gse_put_u64(gsb, iden, vcpu->arch.vcore->vtb); break; + case KVMPPC_GSID_DPDES: + rc = kvmppc_gse_put_u64(gsb, iden, + vcpu->arch.vcore->dpdes); + break; case KVMPPC_GSID_LPCR: rc = kvmppc_gse_put_u64(gsb, iden, vcpu->arch.vcore->lpcr); @@ -543,6 +547,9 @@ static int gs_msg_ops_vcpu_refresh_info(struct kvmppc_gs_msg *gsm, case KVMPPC_GSID_VTB: vcpu->arch.vcore->vtb = kvmppc_gse_get_u64(gse); break; + case KVMPPC_GSID_DPDES: + vcpu->arch.vcore->dpdes = kvmppc_gse_get_u64(gse); + break; case KVMPPC_GSID_LPCR: vcpu->arch.vcore->lpcr = kvmppc_gse_get_u64(gse); break; diff --git a/arch/powerpc/kvm/test-guest-state-buffer.c b/arch/powerpc/kvm/test-guest-state-buffer.c index 4720b8dc8837..91ae660cfe21 100644 --- a/arch/powerpc/kvm/test-guest-state-buffer.c +++ b/arch/powerpc/kvm/test-guest-state-buffer.c @@ -151,7 +151,7 @@ static void test_gs_bitmap(struct kunit *test) i++; } - for (u16 iden = KVMPPC_GSID_GPR(0); iden <= KVMPPC_GSID_CTRL; iden++) { + for (u16 iden = KVMPPC_GSID_GPR(0); iden <= KVMPPC_GSID_DPDES; iden++) { kvmppc_gsbm_set(&gsbm, iden); kvmppc_gsbm_set(&gsbm1, iden); KUNIT_EXPECT_TRUE(test, kvmppc_gsbm_test(&gsbm, iden)); -- 2.45.0

1 year, 3 months

5
7
0 0

Fwd: Kernel 6.8.12

by phil995511 -

Hello, Kernel 6.8 which is the default kernel of Ubundu 24.04 and other distributions derived from it is at the end of its life for you !?! As it provides better support for the Raspberry Pi 5 graphics card, I hoped to be able to benefit from it under Raspberry Pi OS which still uses the latest LTS kernel available. But if you don't make kernel 6.8 an LTS kernel, for Ubuntu and its derivatives, I will never be able to benefit from it on my RPi5 ;-( In addition, I am afraid that OS derived from Ubuntu 24.04 LTS will end up in difficulties due to this situation. Best regards.

1 year, 3 months

2
1
0 0

[PATCH] riscv: fix overlap of allocated page and PTR_ERR

by Nam Cao

On riscv32, it is possible for the last page in virtual address space (0xfffff000) to be allocated. This page overlaps with PTR_ERR, so that shouldn't happen. There is already some code to ensure memblock won't allocate the last page. However, buddy allocator is left unchecked. Fix this by reserving physical memory that would be mapped at virtual addresses greater than 0xfffff000. Reported-by: Björn Töpel <bjorn(a)kernel.org> Closes: https://lore.kernel.org/linux-riscv/878r1ibpdn.fsf@all.your.base.are.belong… Fixes: 76d2a0493a17 ("RISC-V: Init and Halt Code") Signed-off-by: Nam Cao <namcao(a)linutronix.de> Cc: <stable(a)vger.kernel.org> --- arch/riscv/mm/init.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/arch/riscv/mm/init.c b/arch/riscv/mm/init.c index 968761843203..7c985435b3fc 100644 --- a/arch/riscv/mm/init.c +++ b/arch/riscv/mm/init.c @@ -235,18 +235,19 @@ static void __init setup_bootmem(void) kernel_map.va_pa_offset = PAGE_OFFSET - phys_ram_base; /* - * memblock allocator is not aware of the fact that last 4K bytes of - * the addressable memory can not be mapped because of IS_ERR_VALUE - * macro. Make sure that last 4k bytes are not usable by memblock - * if end of dram is equal to maximum addressable memory. For 64-bit - * kernel, this problem can't happen here as the end of the virtual - * address space is occupied by the kernel mapping then this check must - * be done as soon as the kernel mapping base address is determined. + * Reserve physical address space that would be mapped to virtual + * addresses greater than (void *)(-PAGE_SIZE) because: + * - This memory would overlap with ERR_PTR + * - This memory belongs to high memory, which is not supported + * + * This is not applicable to 64-bit kernel, because virtual addresses + * after (void *)(-PAGE_SIZE) are not linearly mapped: they are + * occupied by kernel mapping. Also it is unrealistic for high memory + * to exist on 64-bit platforms. */ if (!IS_ENABLED(CONFIG_64BIT)) { - max_mapped_addr = __pa(~(ulong)0); - if (max_mapped_addr == (phys_ram_end - 1)) - memblock_set_current_limit(max_mapped_addr - 4096); + max_mapped_addr = __va_to_pa_nodebug(-PAGE_SIZE); + memblock_reserve(max_mapped_addr, (phys_addr_t)-max_mapped_addr); } min_low_pfn = PFN_UP(phys_ram_base); -- 2.39.2

1 year, 3 months

4
3
0 0

[PATCH v3 7/8] drm/amdgpu: fix locking scope when flushing tlb

by Yunxiang Li

Which method is used to flush tlb does not depend on whether a reset is in progress or not. We should skip flush altogether if the GPU will get reset. So put both path under reset_domain read lock. Signed-off-by: Yunxiang Li <Yunxiang.Li(a)amd.com> Reviewed-by: Christian König <christian.koenig(a)amd.com> CC: stable(a)vger.kernel.org --- drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c | 66 +++++++++++++------------ 1 file changed, 34 insertions(+), 32 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c index 603c0738fd03..4edd10b10a92 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c @@ -684,12 +684,17 @@ int amdgpu_gmc_flush_gpu_tlb_pasid(struct amdgpu_device *adev, uint16_t pasid, struct amdgpu_ring *ring = &adev->gfx.kiq[inst].ring; struct amdgpu_kiq *kiq = &adev->gfx.kiq[inst]; unsigned int ndw; - signed long r; + int r; uint32_t seq; - if (!adev->gmc.flush_pasid_uses_kiq || !ring->sched.ready || - !down_read_trylock(&adev->reset_domain->sem)) { + /* + * A GPU reset should flush all TLBs anyway, so no need to do + * this while one is ongoing. + */ + if (!down_read_trylock(&adev->reset_domain->sem)) + return 0; + if (!adev->gmc.flush_pasid_uses_kiq || !ring->sched.ready) { if (adev->gmc.flush_tlb_needs_extra_type_2) adev->gmc.gmc_funcs->flush_gpu_tlb_pasid(adev, pasid, 2, all_hub, @@ -703,43 +708,40 @@ int amdgpu_gmc_flush_gpu_tlb_pasid(struct amdgpu_device *adev, uint16_t pasid, adev->gmc.gmc_funcs->flush_gpu_tlb_pasid(adev, pasid, flush_type, all_hub, inst); - return 0; - } + r = 0; + } else { + /* 2 dwords flush + 8 dwords fence */ + ndw = kiq->pmf->invalidate_tlbs_size + 8; - /* 2 dwords flush + 8 dwords fence */ - ndw = kiq->pmf->invalidate_tlbs_size + 8; + if (adev->gmc.flush_tlb_needs_extra_type_2) + ndw += kiq->pmf->invalidate_tlbs_size; - if (adev->gmc.flush_tlb_needs_extra_type_2) - ndw += kiq->pmf->invalidate_tlbs_size; + if (adev->gmc.flush_tlb_needs_extra_type_0) + ndw += kiq->pmf->invalidate_tlbs_size; - if (adev->gmc.flush_tlb_needs_extra_type_0) - ndw += kiq->pmf->invalidate_tlbs_size; + spin_lock(&adev->gfx.kiq[inst].ring_lock); + amdgpu_ring_alloc(ring, ndw); + if (adev->gmc.flush_tlb_needs_extra_type_2) + kiq->pmf->kiq_invalidate_tlbs(ring, pasid, 2, all_hub); - spin_lock(&adev->gfx.kiq[inst].ring_lock); - amdgpu_ring_alloc(ring, ndw); - if (adev->gmc.flush_tlb_needs_extra_type_2) - kiq->pmf->kiq_invalidate_tlbs(ring, pasid, 2, all_hub); + if (flush_type == 2 && adev->gmc.flush_tlb_needs_extra_type_0) + kiq->pmf->kiq_invalidate_tlbs(ring, pasid, 0, all_hub); - if (flush_type == 2 && adev->gmc.flush_tlb_needs_extra_type_0) - kiq->pmf->kiq_invalidate_tlbs(ring, pasid, 0, all_hub); + kiq->pmf->kiq_invalidate_tlbs(ring, pasid, flush_type, all_hub); + r = amdgpu_fence_emit_polling(ring, &seq, MAX_KIQ_REG_WAIT); + if (r) { + amdgpu_ring_undo(ring); + spin_unlock(&adev->gfx.kiq[inst].ring_lock); + goto error_unlock_reset; + } - kiq->pmf->kiq_invalidate_tlbs(ring, pasid, flush_type, all_hub); - r = amdgpu_fence_emit_polling(ring, &seq, MAX_KIQ_REG_WAIT); - if (r) { - amdgpu_ring_undo(ring); + amdgpu_ring_commit(ring); spin_unlock(&adev->gfx.kiq[inst].ring_lock); - goto error_unlock_reset; - } - - amdgpu_ring_commit(ring); - spin_unlock(&adev->gfx.kiq[inst].ring_lock); - r = amdgpu_fence_wait_polling(ring, seq, usec_timeout); - if (r < 1) { - dev_err(adev->dev, "wait for kiq fence error: %ld.\n", r); - r = -ETIME; - goto error_unlock_reset; + if (amdgpu_fence_wait_polling(ring, seq, usec_timeout) < 1) { + dev_err(adev->dev, "timeout waiting for kiq fence\n"); + r = -ETIME; + } } - r = 0; error_unlock_reset: up_read(&adev->reset_domain->sem); -- 2.34.1

1 year, 3 months

1
0
0 0

[PATCH] riscv: enable HAVE_ARCH_HUGE_VMAP for XIP kernel

by Nam Cao

HAVE_ARCH_HUGE_VMAP also works on XIP kernel, so remove its dependency on !XIP_KERNEL. This also fixes a boot problem for XIP kernel introduced by the commit in "Fixes:". This commit used huge page mapping for vmemmap, but huge page vmap was not enabled for XIP kernel. Fixes: ff172d4818ad ("riscv: Use hugepage mappings for vmemmap") Signed-off-by: Nam Cao <namcao(a)linutronix.de> Cc: <stable(a)vger.kernel.org> --- This patch replaces: https://patchwork.kernel.org/project/linux-riscv/patch/20240508173116.28661… arch/riscv/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig index b94176e25be1..0525ee2d63c7 100644 --- a/arch/riscv/Kconfig +++ b/arch/riscv/Kconfig @@ -106,7 +106,7 @@ config RISCV select HAS_IOPORT if MMU select HAVE_ARCH_AUDITSYSCALL select HAVE_ARCH_HUGE_VMALLOC if HAVE_ARCH_HUGE_VMAP - select HAVE_ARCH_HUGE_VMAP if MMU && 64BIT && !XIP_KERNEL + select HAVE_ARCH_HUGE_VMAP if MMU && 64BIT select HAVE_ARCH_JUMP_LABEL if !XIP_KERNEL select HAVE_ARCH_JUMP_LABEL_RELATIVE if !XIP_KERNEL select HAVE_ARCH_KASAN if MMU && 64BIT -- 2.39.2

1 year, 3 months

3
2
0 0

[PATCH] drm/xe: Fix NULL ptr dereference in devcoredump

by Matthew Brost

Kernel VM do not have an Xe file. Include a check for Xe file in the VM before trying to get pid from VM's Xe file when taking a devcoredump. Fixes: b10d0c5e9df7 ("drm/xe: Add process name to devcoredump") Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: José Roberto de Souza <jose.souza(a)intel.com> Cc: stable(a)vger.kernel.org Signed-off-by: Matthew Brost <matthew.brost(a)intel.com> --- drivers/gpu/drm/xe/xe_devcoredump.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/xe/xe_devcoredump.c b/drivers/gpu/drm/xe/xe_devcoredump.c index 1643d44f8bc4..6f63b8e4e3b9 100644 --- a/drivers/gpu/drm/xe/xe_devcoredump.c +++ b/drivers/gpu/drm/xe/xe_devcoredump.c @@ -176,7 +176,7 @@ static void devcoredump_snapshot(struct xe_devcoredump *coredump, ss->snapshot_time = ktime_get_real(); ss->boot_time = ktime_get_boottime(); - if (q->vm) { + if (q->vm && q->vm->xef) { task = get_pid_task(q->vm->xef->drm->pid, PIDTYPE_PID); if (task) process_name = task->comm; -- 2.34.1

1 year, 3 months

2
1
0 0

+ ocfs2-fix-null-pointer-dereference-in-ocfs2_abort_trigger.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: ocfs2: fix NULL pointer dereference in ocfs2_abort_trigger() has been added to the -mm mm-hotfixes-unstable branch. Its filename is ocfs2-fix-null-pointer-dereference-in-ocfs2_abort_trigger.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Joseph Qi <joseph.qi(a)linux.alibaba.com> Subject: ocfs2: fix NULL pointer dereference in ocfs2_abort_trigger() Date: Thu, 30 May 2024 19:06:30 +0800 bdev->bd_super has been removed and commit 8887b94d9322 change the usage from bdev->bd_super to b_assoc_map->host->i_sb. Since ocfs2 hasn't set bh->b_assoc_map, it will trigger NULL pointer dereference when calling into ocfs2_abort_trigger(). Actually this was pointed out in history, see commit 74e364ad1b13. But I've made a mistake when reviewing commit 8887b94d9322 and then reintroduce this regression. Since we cannot revive bdev in buffer head, we can get super block from ocfs2_caching_info first and then associate it with ocfs2_triggers to fix this issue. Link: https://lkml.kernel.org/r/20240530110630.3933832-2-joseph.qi@linux.alibaba.… Fixes: 8887b94d9322 ("ocfs2: stop using bdev->bd_super for journal error logging") Signed-off-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Gang He <ghe(a)suse.com> Cc: Jun Piao <piaojun(a)huawei.com> Cc: <stable(a)vger.kernel.org> [6.6+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/journal.c | 179 ++++++++++++++++++++++++++----------------- 1 file changed, 111 insertions(+), 68 deletions(-) --- a/fs/ocfs2/journal.c~ocfs2-fix-null-pointer-dereference-in-ocfs2_abort_trigger +++ a/fs/ocfs2/journal.c @@ -483,8 +483,24 @@ bail: struct ocfs2_triggers { struct jbd2_buffer_trigger_type ot_triggers; int ot_offset; + struct super_block *sb; }; +enum ocfs2_journal_trigger_type { + OCFS2_JTR_DI, + OCFS2_JTR_EB, + OCFS2_JTR_RB, + OCFS2_JTR_GD, + OCFS2_JTR_DB, + OCFS2_JTR_XB, + OCFS2_JTR_DQ, + OCFS2_JTR_DR, + OCFS2_JTR_DL, + OCFS2_JTR_NONE /* This must be the last entry */ +}; + +#define OCFS2_JOURNAL_TRIGGER_COUNT OCFS2_JTR_NONE + static inline struct ocfs2_triggers *to_ocfs2_trigger(struct jbd2_buffer_trigger_type *triggers) { return container_of(triggers, struct ocfs2_triggers, ot_triggers); @@ -548,85 +564,67 @@ static void ocfs2_db_frozen_trigger(stru static void ocfs2_abort_trigger(struct jbd2_buffer_trigger_type *triggers, struct buffer_head *bh) { + struct ocfs2_triggers *ot = to_ocfs2_trigger(triggers); + mlog(ML_ERROR, "ocfs2_abort_trigger called by JBD2. bh = 0x%lx, " "bh->b_blocknr = %llu\n", (unsigned long)bh, (unsigned long long)bh->b_blocknr); - ocfs2_error(bh->b_assoc_map->host->i_sb, + ocfs2_error(ot->sb, "JBD2 has aborted our journal, ocfs2 cannot continue\n"); } -static struct ocfs2_triggers di_triggers = { - .ot_triggers = { - .t_frozen = ocfs2_frozen_trigger, - .t_abort = ocfs2_abort_trigger, - }, - .ot_offset = offsetof(struct ocfs2_dinode, i_check), -}; - -static struct ocfs2_triggers eb_triggers = { - .ot_triggers = { - .t_frozen = ocfs2_frozen_trigger, - .t_abort = ocfs2_abort_trigger, - }, - .ot_offset = offsetof(struct ocfs2_extent_block, h_check), -}; - -static struct ocfs2_triggers rb_triggers = { - .ot_triggers = { - .t_frozen = ocfs2_frozen_trigger, - .t_abort = ocfs2_abort_trigger, - }, - .ot_offset = offsetof(struct ocfs2_refcount_block, rf_check), -}; - -static struct ocfs2_triggers gd_triggers = { - .ot_triggers = { - .t_frozen = ocfs2_frozen_trigger, - .t_abort = ocfs2_abort_trigger, - }, - .ot_offset = offsetof(struct ocfs2_group_desc, bg_check), -}; - -static struct ocfs2_triggers db_triggers = { - .ot_triggers = { - .t_frozen = ocfs2_db_frozen_trigger, - .t_abort = ocfs2_abort_trigger, - }, -}; - -static struct ocfs2_triggers xb_triggers = { - .ot_triggers = { - .t_frozen = ocfs2_frozen_trigger, - .t_abort = ocfs2_abort_trigger, - }, - .ot_offset = offsetof(struct ocfs2_xattr_block, xb_check), -}; - -static struct ocfs2_triggers dq_triggers = { - .ot_triggers = { - .t_frozen = ocfs2_dq_frozen_trigger, - .t_abort = ocfs2_abort_trigger, - }, -}; +static void ocfs2_setup_csum_triggers(struct super_block *sb, + enum ocfs2_journal_trigger_type type, + struct ocfs2_triggers *ot) +{ + BUG_ON(type >= OCFS2_JOURNAL_TRIGGER_COUNT); -static struct ocfs2_triggers dr_triggers = { - .ot_triggers = { - .t_frozen = ocfs2_frozen_trigger, - .t_abort = ocfs2_abort_trigger, - }, - .ot_offset = offsetof(struct ocfs2_dx_root_block, dr_check), -}; + switch (type) { + case OCFS2_JTR_DI: + ot->ot_triggers.t_frozen = ocfs2_frozen_trigger; + ot->ot_offset = offsetof(struct ocfs2_dinode, i_check); + break; + case OCFS2_JTR_EB: + ot->ot_triggers.t_frozen = ocfs2_frozen_trigger; + ot->ot_offset = offsetof(struct ocfs2_extent_block, h_check); + break; + case OCFS2_JTR_RB: + ot->ot_triggers.t_frozen = ocfs2_frozen_trigger; + ot->ot_offset = offsetof(struct ocfs2_refcount_block, rf_check); + break; + case OCFS2_JTR_GD: + ot->ot_triggers.t_frozen = ocfs2_frozen_trigger; + ot->ot_offset = offsetof(struct ocfs2_group_desc, bg_check); + break; + case OCFS2_JTR_DB: + ot->ot_triggers.t_frozen = ocfs2_db_frozen_trigger; + break; + case OCFS2_JTR_XB: + ot->ot_triggers.t_frozen = ocfs2_frozen_trigger; + ot->ot_offset = offsetof(struct ocfs2_xattr_block, xb_check); + break; + case OCFS2_JTR_DQ: + ot->ot_triggers.t_frozen = ocfs2_dq_frozen_trigger; + break; + case OCFS2_JTR_DR: + ot->ot_triggers.t_frozen = ocfs2_frozen_trigger; + ot->ot_offset = offsetof(struct ocfs2_dx_root_block, dr_check); + break; + case OCFS2_JTR_DL: + ot->ot_triggers.t_frozen = ocfs2_frozen_trigger; + ot->ot_offset = offsetof(struct ocfs2_dx_leaf, dl_check); + break; + case OCFS2_JTR_NONE: + /* To make compiler happy... */ + return; + } -static struct ocfs2_triggers dl_triggers = { - .ot_triggers = { - .t_frozen = ocfs2_frozen_trigger, - .t_abort = ocfs2_abort_trigger, - }, - .ot_offset = offsetof(struct ocfs2_dx_leaf, dl_check), -}; + ot->ot_triggers.t_abort = ocfs2_abort_trigger; + ot->sb = sb; +} static int __ocfs2_journal_access(handle_t *handle, struct ocfs2_caching_info *ci, @@ -708,18 +706,33 @@ static int __ocfs2_journal_access(handle int ocfs2_journal_access_di(handle_t *handle, struct ocfs2_caching_info *ci, struct buffer_head *bh, int type) { + struct ocfs2_triggers di_triggers; + + ocfs2_setup_csum_triggers(ocfs2_metadata_cache_get_super(ci), + OCFS2_JTR_DI, &di_triggers); + return __ocfs2_journal_access(handle, ci, bh, &di_triggers, type); } int ocfs2_journal_access_eb(handle_t *handle, struct ocfs2_caching_info *ci, struct buffer_head *bh, int type) { + struct ocfs2_triggers eb_triggers; + + ocfs2_setup_csum_triggers(ocfs2_metadata_cache_get_super(ci), + OCFS2_JTR_EB, &eb_triggers); + return __ocfs2_journal_access(handle, ci, bh, &eb_triggers, type); } int ocfs2_journal_access_rb(handle_t *handle, struct ocfs2_caching_info *ci, struct buffer_head *bh, int type) { + struct ocfs2_triggers rb_triggers; + + ocfs2_setup_csum_triggers(ocfs2_metadata_cache_get_super(ci), + OCFS2_JTR_RB, &rb_triggers); + return __ocfs2_journal_access(handle, ci, bh, &rb_triggers, type); } @@ -727,36 +740,66 @@ int ocfs2_journal_access_rb(handle_t *ha int ocfs2_journal_access_gd(handle_t *handle, struct ocfs2_caching_info *ci, struct buffer_head *bh, int type) { + struct ocfs2_triggers gd_triggers; + + ocfs2_setup_csum_triggers(ocfs2_metadata_cache_get_super(ci), + OCFS2_JTR_GD, &gd_triggers); + return __ocfs2_journal_access(handle, ci, bh, &gd_triggers, type); } int ocfs2_journal_access_db(handle_t *handle, struct ocfs2_caching_info *ci, struct buffer_head *bh, int type) { + struct ocfs2_triggers db_triggers; + + ocfs2_setup_csum_triggers(ocfs2_metadata_cache_get_super(ci), + OCFS2_JTR_DB, &db_triggers); + return __ocfs2_journal_access(handle, ci, bh, &db_triggers, type); } int ocfs2_journal_access_xb(handle_t *handle, struct ocfs2_caching_info *ci, struct buffer_head *bh, int type) { + struct ocfs2_triggers xb_triggers; + + ocfs2_setup_csum_triggers(ocfs2_metadata_cache_get_super(ci), + OCFS2_JTR_XB, &xb_triggers); + return __ocfs2_journal_access(handle, ci, bh, &xb_triggers, type); } int ocfs2_journal_access_dq(handle_t *handle, struct ocfs2_caching_info *ci, struct buffer_head *bh, int type) { + struct ocfs2_triggers dq_triggers; + + ocfs2_setup_csum_triggers(ocfs2_metadata_cache_get_super(ci), + OCFS2_JTR_DQ, &dq_triggers); + return __ocfs2_journal_access(handle, ci, bh, &dq_triggers, type); } int ocfs2_journal_access_dr(handle_t *handle, struct ocfs2_caching_info *ci, struct buffer_head *bh, int type) { + struct ocfs2_triggers dr_triggers; + + ocfs2_setup_csum_triggers(ocfs2_metadata_cache_get_super(ci), + OCFS2_JTR_DR, &dr_triggers); + return __ocfs2_journal_access(handle, ci, bh, &dr_triggers, type); } int ocfs2_journal_access_dl(handle_t *handle, struct ocfs2_caching_info *ci, struct buffer_head *bh, int type) { + struct ocfs2_triggers dl_triggers; + + ocfs2_setup_csum_triggers(ocfs2_metadata_cache_get_super(ci), + OCFS2_JTR_DL, &dl_triggers); + return __ocfs2_journal_access(handle, ci, bh, &dl_triggers, type); } _ Patches currently in -mm which might be from joseph.qi(a)linux.alibaba.com are ocfs2-fix-null-pointer-dereference-in-ocfs2_journal_dirty.patch ocfs2-fix-null-pointer-dereference-in-ocfs2_abort_trigger.patch

1 year, 3 months

1
0
0 0

+ ocfs2-fix-null-pointer-dereference-in-ocfs2_journal_dirty.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: ocfs2: fix NULL pointer dereference in ocfs2_journal_dirty() has been added to the -mm mm-hotfixes-unstable branch. Its filename is ocfs2-fix-null-pointer-dereference-in-ocfs2_journal_dirty.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Joseph Qi <joseph.qi(a)linux.alibaba.com> Subject: ocfs2: fix NULL pointer dereference in ocfs2_journal_dirty() Date: Thu, 30 May 2024 19:06:29 +0800 bdev->bd_super has been removed and commit 8887b94d9322 change the usage from bdev->bd_super to b_assoc_map->host->i_sb. This introduces the following NULL pointer dereference in ocfs2_journal_dirty() since b_assoc_map is still not initialized. This can be easily reproduced by running xfstests generic/186, which simulate no more credits. [ 134.351592] BUG: kernel NULL pointer dereference, address: 0000000000000000 ... [ 134.355341] RIP: 0010:ocfs2_journal_dirty+0x14f/0x160 [ocfs2] ... [ 134.365071] Call Trace: [ 134.365312] <TASK> [ 134.365524] ? __die_body+0x1e/0x60 [ 134.365868] ? page_fault_oops+0x13d/0x4f0 [ 134.366265] ? __pfx_bit_wait_io+0x10/0x10 [ 134.366659] ? schedule+0x27/0xb0 [ 134.366981] ? exc_page_fault+0x6a/0x140 [ 134.367356] ? asm_exc_page_fault+0x26/0x30 [ 134.367762] ? ocfs2_journal_dirty+0x14f/0x160 [ocfs2] [ 134.368305] ? ocfs2_journal_dirty+0x13d/0x160 [ocfs2] [ 134.368837] ocfs2_create_new_meta_bhs.isra.51+0x139/0x2e0 [ocfs2] [ 134.369454] ocfs2_grow_tree+0x688/0x8a0 [ocfs2] [ 134.369927] ocfs2_split_and_insert.isra.67+0x35c/0x4a0 [ocfs2] [ 134.370521] ocfs2_split_extent+0x314/0x4d0 [ocfs2] [ 134.371019] ocfs2_change_extent_flag+0x174/0x410 [ocfs2] [ 134.371566] ocfs2_add_refcount_flag+0x3fa/0x630 [ocfs2] [ 134.372117] ocfs2_reflink_remap_extent+0x21b/0x4c0 [ocfs2] [ 134.372994] ? inode_update_timestamps+0x4a/0x120 [ 134.373692] ? __pfx_ocfs2_journal_access_di+0x10/0x10 [ocfs2] [ 134.374545] ? __pfx_ocfs2_journal_access_di+0x10/0x10 [ocfs2] [ 134.375393] ocfs2_reflink_remap_blocks+0xe4/0x4e0 [ocfs2] [ 134.376197] ocfs2_remap_file_range+0x1de/0x390 [ocfs2] [ 134.376971] ? security_file_permission+0x29/0x50 [ 134.377644] vfs_clone_file_range+0xfe/0x320 [ 134.378268] ioctl_file_clone+0x45/0xa0 [ 134.378853] do_vfs_ioctl+0x457/0x990 [ 134.379422] __x64_sys_ioctl+0x6e/0xd0 [ 134.379987] do_syscall_64+0x5d/0x170 [ 134.380550] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 134.381231] RIP: 0033:0x7fa4926397cb [ 134.381786] Code: 73 01 c3 48 8b 0d bd 56 38 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 8d 56 38 00 f7 d8 64 89 01 48 [ 134.383930] RSP: 002b:00007ffc2b39f7b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 134.384854] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fa4926397cb [ 134.385734] RDX: 00007ffc2b39f7f0 RSI: 000000004020940d RDI: 0000000000000003 [ 134.386606] RBP: 0000000000000000 R08: 00111a82a4f015bb R09: 00007fa494221000 [ 134.387476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 134.388342] R13: 0000000000f10000 R14: 0000558e844e2ac8 R15: 0000000000f10000 [ 134.389207] </TASK> Fix it by only aborting transaction and journal in ocfs2_journal_dirty() now, and leave ocfs2_abort() later when detecting an aborted handle, e.g. start next transaction. Also log the handle details in this case. Link: https://lkml.kernel.org/r/20240530110630.3933832-1-joseph.qi@linux.alibaba.… Fixes: 8887b94d9322 ("ocfs2: stop using bdev->bd_super for journal error logging") Signed-off-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Gang He <ghe(a)suse.com> Cc: Jun Piao <piaojun(a)huawei.com> Cc: <stable(a)vger.kernel.org> [6.6+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/journal.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) --- a/fs/ocfs2/journal.c~ocfs2-fix-null-pointer-dereference-in-ocfs2_journal_dirty +++ a/fs/ocfs2/journal.c @@ -778,13 +778,15 @@ void ocfs2_journal_dirty(handle_t *handl if (!is_handle_aborted(handle)) { journal_t *journal = handle->h_transaction->t_journal; - mlog(ML_ERROR, "jbd2_journal_dirty_metadata failed. " - "Aborting transaction and journal.\n"); + mlog(ML_ERROR, "jbd2_journal_dirty_metadata failed: " + "handle type %u started at line %u, credits %u/%u " + "errcode %d. Aborting transaction and journal.\n", + handle->h_type, handle->h_line_no, + handle->h_requested_credits, + jbd2_handle_buffer_credits(handle), status); handle->h_err = status; jbd2_journal_abort_handle(handle); jbd2_journal_abort(journal, status); - ocfs2_abort(bh->b_assoc_map->host->i_sb, - "Journal already aborted.\n"); } } } _ Patches currently in -mm which might be from joseph.qi(a)linux.alibaba.com are ocfs2-fix-null-pointer-dereference-in-ocfs2_journal_dirty.patch ocfs2-fix-null-pointer-dereference-in-ocfs2_abort_trigger.patch

1 year, 3 months

1
0
0 0

AM5 big performance reduction with CSM boot mode and Wi-Fi disabled.

by Mohammad Hosain

Hello There is a big performance bug (only affecting games performance) on Linux (not reproducible on Windows) with AM5 boards (at least for my MSI MAG b650 Tomahawk) if these BIOS settings are used: CSM -> Enabled Wi-Fi -> Disabled (or set to Bluetooth only) This does not happen even on Win 7... (I've only tested DX12 games) and does not happen if UEFI mode is chosen. I've tested with many different BIOS versions all showing the same result. I have tried troubleshooting with MSI with some benchmarks posted (https://forum-en.msi.com/index.php?threads/b650-tomahawk-bios-bug-disabling…) and after a week we realized this only happens on Linux (tested on Arch/Fedora/Ubuntu with 6.8 and 6.9 kernels for the first two). Please investigate. Thank you

1 year, 3 months

2
3
0 0

+ nilfs2-fix-potential-kernel-bug-due-to-lack-of-writeback-flag-waiting.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: nilfs2: fix potential kernel bug due to lack of writeback flag waiting has been added to the -mm mm-hotfixes-unstable branch. Its filename is nilfs2-fix-potential-kernel-bug-due-to-lack-of-writeback-flag-waiting.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Subject: nilfs2: fix potential kernel bug due to lack of writeback flag waiting Date: Thu, 30 May 2024 23:15:56 +0900 Destructive writes to a block device on which nilfs2 is mounted can cause a kernel bug in the folio/page writeback start routine or writeback end routine (__folio_start_writeback in the log below): kernel BUG at mm/page-writeback.c:3070! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI ... RIP: 0010:__folio_start_writeback+0xbaa/0x10e0 Code: 25 ff 0f 00 00 0f 84 18 01 00 00 e8 40 ca c6 ff e9 17 f6 ff ff e8 36 ca c6 ff 4c 89 f7 48 c7 c6 80 c0 12 84 e8 e7 b3 0f 00 90 <0f> 0b e8 1f ca c6 ff 4c 89 f7 48 c7 c6 a0 c6 12 84 e8 d0 b3 0f 00 ... Call Trace: <TASK> nilfs_segctor_do_construct+0x4654/0x69d0 [nilfs2] nilfs_segctor_construct+0x181/0x6b0 [nilfs2] nilfs_segctor_thread+0x548/0x11c0 [nilfs2] kthread+0x2f0/0x390 ret_from_fork+0x4b/0x80 ret_from_fork_asm+0x1a/0x30 </TASK> This is because when the log writer starts a writeback for segment summary blocks or a super root block that use the backing device's page cache, it does not wait for the ongoing folio/page writeback, resulting in an inconsistent writeback state. Fix this issue by waiting for ongoing writebacks when putting folios/pages on the backing device into writeback state. Link: https://lkml.kernel.org/r/20240530141556.4411-1-konishi.ryusuke@gmail.com Fixes: 9ff05123e3bf ("nilfs2: segment constructor") Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Tested-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/nilfs2/segment.c | 3 +++ 1 file changed, 3 insertions(+) --- a/fs/nilfs2/segment.c~nilfs2-fix-potential-kernel-bug-due-to-lack-of-writeback-flag-waiting +++ a/fs/nilfs2/segment.c @@ -1652,6 +1652,7 @@ static void nilfs_segctor_prepare_write( if (bh->b_folio != bd_folio) { if (bd_folio) { folio_lock(bd_folio); + folio_wait_writeback(bd_folio); folio_clear_dirty_for_io(bd_folio); folio_start_writeback(bd_folio); folio_unlock(bd_folio); @@ -1665,6 +1666,7 @@ static void nilfs_segctor_prepare_write( if (bh == segbuf->sb_super_root) { if (bh->b_folio != bd_folio) { folio_lock(bd_folio); + folio_wait_writeback(bd_folio); folio_clear_dirty_for_io(bd_folio); folio_start_writeback(bd_folio); folio_unlock(bd_folio); @@ -1681,6 +1683,7 @@ static void nilfs_segctor_prepare_write( } if (bd_folio) { folio_lock(bd_folio); + folio_wait_writeback(bd_folio); folio_clear_dirty_for_io(bd_folio); folio_start_writeback(bd_folio); folio_unlock(bd_folio); _ Patches currently in -mm which might be from konishi.ryusuke(a)gmail.com are nilfs2-fix-potential-kernel-bug-due-to-lack-of-writeback-flag-waiting.patch

1 year, 3 months

1
0
0 0

Re: [PATCH] afs: Don't cross .backup mountpoint from backup volume

by Jeffrey E Altman

On 5/24/2024 12:17 PM, David Howells wrote: > Hi Christian, > > Can you pick this up, please? > > Thanks, > David > --- > From: Marc Dionne<marc.dionne(a)auristor.com> > > afs: Don't cross .backup mountpoint from backup volume > > Don't cross a mountpoint that explicitly specifies a backup volume > (target is <vol>.backup) when starting from a backup volume. > > It it not uncommon to mount a volume's backup directly in the volume > itself. This can cause tools that are not paying attention to get > into a loop mounting the volume onto itself as they attempt to > traverse the tree, leading to a variety of problems. > > This doesn't prevent the general case of loops in a sequence of > mountpoints, but addresses a common special case in the same way > as other afs clients. > > Reported-by: Jan Henrik Sylvester<jan.henrik.sylvester(a)uni-hamburg.de> > Link:http://lists.infradead.org/pipermail/linux-afs/2024-May/008454.html > Reported-by: Markus Suvanto<markus.suvanto(a)gmail.com> > Link:http://lists.infradead.org/pipermail/linux-afs/2024-February/008074.ht… > Signed-off-by: Marc Dionne<marc.dionne(a)auristor.com> > Signed-off-by: David Howells<dhowells(a)redhat.com> > Reviewed-by: Jeffrey Altman<jaltman(a)auristor.com> > cc:linux-afs@lists.infradead.org > --- > fs/afs/mntpt.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/fs/afs/mntpt.c b/fs/afs/mntpt.c > index 97f50e9fd9eb..297487ee8323 100644 > --- a/fs/afs/mntpt.c > +++ b/fs/afs/mntpt.c > @@ -140,6 +140,11 @@ static int afs_mntpt_set_params(struct fs_context *fc, struct dentry *mntpt) > put_page(page); > if (ret < 0) > return ret; > + > + /* Don't cross a backup volume mountpoint from a backup volume */ > + if (src_as->volume && src_as->volume->type == AFSVL_BACKVOL && > + ctx->type == AFSVL_BACKVOL) > + return -ENODEV; > } > > return 0; Please add cc: stable(a)vger.kernel.org when it is applied to vfs-fixes. Thank you. Jeffrey Altman

1 year, 3 months

1
0
0 0

Re: [PATCH] afs: Don't cross .backup mountpoint from backup volume

by Jeffrey E Altman

On 5/24/2024 12:17 PM, David Howells wrote: > Hi Christian, > > Can you pick this up, please? > > Thanks, > David > --- > From: Marc Dionne<marc.dionne(a)auristor.com> > > afs: Don't cross .backup mountpoint from backup volume > > Don't cross a mountpoint that explicitly specifies a backup volume > (target is <vol>.backup) when starting from a backup volume. > > It it not uncommon to mount a volume's backup directly in the volume > itself. This can cause tools that are not paying attention to get > into a loop mounting the volume onto itself as they attempt to > traverse the tree, leading to a variety of problems. > > This doesn't prevent the general case of loops in a sequence of > mountpoints, but addresses a common special case in the same way > as other afs clients. > > Reported-by: Jan Henrik Sylvester<jan.henrik.sylvester(a)uni-hamburg.de> > Link:http://lists.infradead.org/pipermail/linux-afs/2024-May/008454.html > Reported-by: Markus Suvanto<markus.suvanto(a)gmail.com> > Link:http://lists.infradead.org/pipermail/linux-afs/2024-February/008074.ht… > Signed-off-by: Marc Dionne<marc.dionne(a)auristor.com> > Signed-off-by: David Howells<dhowells(a)redhat.com> > Reviewed-by: Jeffrey Altman<jaltman(a)auristor.com> > cc:linux-afs@lists.infradead.org > --- > fs/afs/mntpt.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/fs/afs/mntpt.c b/fs/afs/mntpt.c > index 97f50e9fd9eb..297487ee8323 100644 > --- a/fs/afs/mntpt.c > +++ b/fs/afs/mntpt.c > @@ -140,6 +140,11 @@ static int afs_mntpt_set_params(struct fs_context *fc, struct dentry *mntpt) > put_page(page); > if (ret < 0) > return ret; > + > + /* Don't cross a backup volume mountpoint from a backup volume */ > + if (src_as->volume && src_as->volume->type == AFSVL_BACKVOL && > + ctx->type == AFSVL_BACKVOL) > + return -ENODEV; > } > > return 0; Please add cc: stable(a)vger.kernel.org when it is applied to vfs-fixes. Thank you. Jeffrey Altman

1 year, 3 months

1
0
0 0

[tip: x86/urgent] x86/cpu: Provide default cache line size if not enumerated

by tip-bot2 for Dave Hansen

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: 2a38e4ca302280fdcce370ba2bee79bac16c4587 Gitweb: https://git.kernel.org/tip/2a38e4ca302280fdcce370ba2bee79bac16c4587 Author: Dave Hansen <dave.hansen(a)linux.intel.com> AuthorDate: Fri, 17 May 2024 13:05:34 -07:00 Committer: Dave Hansen <dave.hansen(a)linux.intel.com> CommitterDate: Thu, 30 May 2024 08:29:45 -07:00 x86/cpu: Provide default cache line size if not enumerated tl;dr: CPUs with CPUID.80000008H but without CPUID.01H:EDX[CLFSH] will end up reporting cache_line_size()==0 and bad things happen. Fill in a default on those to avoid the problem. Long Story: The kernel dies a horrible death if c->x86_cache_alignment (aka. cache_line_size() is 0. Normally, this value is populated from c->x86_clflush_size. Right now the code is set up to get c->x86_clflush_size from two places. First, modern CPUs get it from CPUID. Old CPUs that don't have leaf 0x80000008 (or CPUID at all) just get some sane defaults from the kernel in get_cpu_address_sizes(). The vast majority of CPUs that have leaf 0x80000008 also get ->x86_clflush_size from CPUID. But there are oddballs. Intel Quark CPUs[1] and others[2] have leaf 0x80000008 but don't set CPUID.01H:EDX[CLFSH], so they skip over filling in ->x86_clflush_size: cpuid(0x00000001, &tfms, &misc, &junk, &cap0); if (cap0 & (1<<19)) c->x86_clflush_size = ((misc >> 8) & 0xff) * 8; So they: land in get_cpu_address_sizes() and see that CPUID has level 0x80000008 and jump into the side of the if() that does not fill in c->x86_clflush_size. That assigns a 0 to c->x86_cache_alignment, and hilarity ensues in code like: buffer = kzalloc(ALIGN(sizeof(*buffer), cache_line_size()), GFP_KERNEL); To fix this, always provide a sane value for ->x86_clflush_size. Big thanks to Andy Shevchenko for finding and reporting this and also providing a first pass at a fix. But his fix was only partial and only worked on the Quark CPUs. It would not, for instance, have worked on the QEMU config. 1. https://raw.githubusercontent.com/InstLatx64/InstLatx64/master/GenuineIntel… 2. You can also get this behavior if you use "-cpu 486,+clzero" in QEMU. [ dhansen: remove 'vp_bits_from_cpuid' reference in changelog because bpetkov brutally murdered it recently. ] Fixes: fbf6449f84bf ("x86/sev-es: Set x86_virt_bits to the correct value straight away, instead of a two-phase approach") Reported-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Tested-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Tested-by: Jörn Heusipp <osmanx(a)heusipp.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/20240516173928.3960193-1-andriy.shevchenko@linu… Link: https://lore.kernel.org/lkml/5e31cad3-ad4d-493e-ab07-724cfbfaba44@heusipp.d… Link: https://lore.kernel.org/all/20240517200534.8EC5F33E%40davehans-spike.ostc.i… --- arch/x86/kernel/cpu/common.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 2b170da..e31293c 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -1075,6 +1075,10 @@ void get_cpu_address_sizes(struct cpuinfo_x86 *c) c->x86_virt_bits = (eax >> 8) & 0xff; c->x86_phys_bits = eax & 0xff; + + /* Provide a sane default if not enumerated: */ + if (!c->x86_clflush_size) + c->x86_clflush_size = 32; } c->x86_cache_bits = c->x86_phys_bits;

1 year, 3 months

1
0
0 0

[tip: x86/urgent] x86/cpu: Provide default cache line size if not enumerated

by tip-bot2 for Dave Hansen

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: b9210e56d71d9deb1ad692e405f6b2394f7baa4d Gitweb: https://git.kernel.org/tip/b9210e56d71d9deb1ad692e405f6b2394f7baa4d Author: Dave Hansen <dave.hansen(a)linux.intel.com> AuthorDate: Fri, 17 May 2024 13:05:34 -07:00 Committer: Dave Hansen <dave.hansen(a)linux.intel.com> CommitterDate: Thu, 30 May 2024 07:14:27 -07:00 x86/cpu: Provide default cache line size if not enumerated tl;dr: CPUs with CPUID.80000008H but without CPUID.01H:EDX[CLFSH] will end up reporting cache_line_size()==0 and bad things happen. Fill in a default on those to avoid the problem. Long Story: The kernel dies a horrible death if c->x86_cache_alignment (aka. cache_line_size() is 0. Normally, this value is populated from c->x86_clflush_size. Right now the code is set up to get c->x86_clflush_size from two places. First, modern CPUs get it from CPUID. Old CPUs that don't have leaf 0x80000008 (or CPUID at all) just get some sane defaults from the kernel in get_cpu_address_sizes(). The vast majority of CPUs that have leaf 0x80000008 also get ->x86_clflush_size from CPUID. But there are oddballs. Intel Quark CPUs[1] and others[2] have leaf 0x80000008 but don't set CPUID.01H:EDX[CLFSH], so they skip over filling in ->x86_clflush_size: cpuid(0x00000001, &tfms, &misc, &junk, &cap0); if (cap0 & (1<<19)) c->x86_clflush_size = ((misc >> 8) & 0xff) * 8; So they: land in get_cpu_address_sizes() and see that CPUID has level 0x80000008 and jump into the side of the if() that does not fill in c->x86_clflush_size. That assigns a 0 to c->x86_cache_alignment, and hilarity ensues in code like: buffer = kzalloc(ALIGN(sizeof(*buffer), cache_line_size()), GFP_KERNEL); To fix this, always provide a sane value for ->x86_clflush_size. Big thanks to Andy Shevchenko for finding and reporting this and also providing a first pass at a fix. But his fix was only partial and only worked on the Quark CPUs. It would not, for instance, have worked on the QEMU config. 1. https://raw.githubusercontent.com/InstLatx64/InstLatx64/master/GenuineIntel… 2. You can also get this behavior if you use "-cpu 486,+clzero" in QEMU. [ dhansen: remove 'vp_bits_from_cpuid' reference in changelog because bpetkov brutally murdered it recently. ] Fixes: fbf6449f84bf ("x86/sev-es: Set x86_virt_bits to the correct value straight away, instead of a two-phase approach") Reported-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Tested-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Tested-by: Jörn Heusipp <osmanx(a)heusipp.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/20240516173928.3960193-1-andriy.shevchenko@linu… Link: https://lore.kernel.org/lkml/5e31cad3-ad4d-493e-ab07-724cfbfaba44@heusipp.d… Link: https://lore.kernel.org/all/20240517200534.8EC5F33E%40davehans-spike.ostc.i… --- arch/x86/kernel/cpu/common.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 2b170da..373b16b 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -1070,6 +1070,10 @@ void get_cpu_address_sizes(struct cpuinfo_x86 *c) cpu_has(c, X86_FEATURE_PSE36)) c->x86_phys_bits = 36; } + + /* Provide a sane default if not enumerated: */ + if (!c->x86_clflush_size) + c->x86_clflush_size = 32; } else { cpuid(0x80000008, &eax, &ebx, &ecx, &edx);

1 year, 3 months

3
2
0 0

[PATCH] x86/cpu: Provide default cache line size if not enumerated

by Dave Hansen

From: Dave Hansen <dave.hansen(a)linux.intel.com> tl;dr: CPUs with CPUID.80000008H but without CPUID.01H:EDX[CLFSH] will end up reporting cache_line_size()==0 and bad things happen. Fill in a default on those to avoid the problem. Long Story: The kernel dies a horrible death if c->x86_cache_alignment (aka. cache_line_size() is 0. Normally, this value is populated from c->x86_clflush_size. Right now the code is set up to get c->x86_clflush_size from two places. First, modern CPUs get it from CPUID. Old CPUs that don't have leaf 0x80000008 (or CPUID at all) just get some sane defaults from the kernel in get_cpu_address_sizes(). The vast majority of CPUs that have leaf 0x80000008 also get ->x86_clflush_size from CPUID. But there are oddballs. Intel Quark CPUs[1] and others[2] have leaf 0x80000008 but don't set CPUID.01H:EDX[CLFSH], so they skip over filling in ->x86_clflush_size: cpuid(0x00000001, &tfms, &misc, &junk, &cap0); if (cap0 & (1<<19)) c->x86_clflush_size = ((misc >> 8) & 0xff) * 8; So they: land in get_cpu_address_sizes(), set vp_bits_from_cpuid=0 and never fill in c->x86_clflush_size, assign c->x86_cache_alignment, and hilarity ensues in code like: buffer = kzalloc(ALIGN(sizeof(*buffer), cache_line_size()), GFP_KERNEL); To fix this, always provide a sane value for ->x86_clflush_size. Big thanks to Andy Shevchenko for finding and reporting this and also providing a first pass at a fix. But his fix was only partial and only worked on the Quark CPUs. It would not, for instance, have worked on the QEMU config. 1. https://raw.githubusercontent.com/InstLatx64/InstLatx64/master/GenuineIntel… 2. You can also get this behavior if you use "-cpu 486,+clzero" in QEMU. Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Reported-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Fixes: fbf6449f84bf ("x86/sev-es: Set x86_virt_bits to the correct value straight away, instead of a two-phase approach") Link: https://lore.kernel.org/all/20240516173928.3960193-1-andriy.shevchenko@linu… Cc: stable(a)vger.kernel.org --- b/arch/x86/kernel/cpu/common.c | 4 ++++ 1 file changed, 4 insertions(+) diff -puN arch/x86/kernel/cpu/common.c~default-x86_clflush_size arch/x86/kernel/cpu/common.c --- a/arch/x86/kernel/cpu/common.c~default-x86_clflush_size 2024-05-17 12:51:25.886169008 -0700 +++ b/arch/x86/kernel/cpu/common.c 2024-05-17 13:03:09.761999885 -0700 @@ -1064,6 +1064,10 @@ void get_cpu_address_sizes(struct cpuinf c->x86_virt_bits = (eax >> 8) & 0xff; c->x86_phys_bits = eax & 0xff; + + /* Provide a sane default if not enumerated: */ + if (!c->x86_clflush_size) + c->x86_clflush_size = 32; } else { if (IS_ENABLED(CONFIG_X86_64)) { c->x86_clflush_size = 64; _

1 year, 3 months

4
5
0 0

[PATCH] drm/radeon: Remove __counted_by from StateArray.states[]

by Nathan Chancellor

From: Bill Wendling <morbo(a)google.com> Work for __counted_by on generic pointers in structures (not just flexible array members) has started landing in Clang 19 (current tip of tree). During the development of this feature, a restriction was added to __counted_by to prevent the flexible array member's element type from including a flexible array member itself such as: struct foo { int count; char buf[]; }; struct bar { int count; struct foo data[] __counted_by(count); }; because the size of data cannot be calculated with the standard array size formula: sizeof(struct foo) * count This restriction was downgraded to a warning but due to CONFIG_WERROR, it can still break the build. The application of __counted_by on the states member of 'struct _StateArray' triggers this restriction, resulting in: drivers/gpu/drm/radeon/pptable.h:442:5: error: 'counted_by' should not be applied to an array with element of unknown size because 'ATOM_PPLIB_STATE_V2' (aka 'struct _ATOM_PPLIB_STATE_V2') is a struct type with a flexible array member. This will be an error in a future compiler version [-Werror,-Wbounds-safety-counted-by-elt-type-unknown-size] 442 | ATOM_PPLIB_STATE_V2 states[] __counted_by(ucNumEntries); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1 error generated. Remove this use of __counted_by to fix the warning/error. However, rather than remove it altogether, leave it commented, as it may be possible to support this in future compiler releases. Cc: stable(a)vger.kernel.org Closes: https://github.com/ClangBuiltLinux/linux/issues/2028 Fixes: efade6fe50e7 ("drm/radeon: silence UBSAN warning (v3)") Signed-off-by: Bill Wendling <morbo(a)google.com> Co-developed-by: Nathan Chancellor <nathan(a)kernel.org> Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> --- drivers/gpu/drm/radeon/pptable.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/radeon/pptable.h b/drivers/gpu/drm/radeon/pptable.h index b7f22597ee95..969a8fb0ee9e 100644 --- a/drivers/gpu/drm/radeon/pptable.h +++ b/drivers/gpu/drm/radeon/pptable.h @@ -439,7 +439,7 @@ typedef struct _StateArray{ //how many states we have UCHAR ucNumEntries; - ATOM_PPLIB_STATE_V2 states[] __counted_by(ucNumEntries); + ATOM_PPLIB_STATE_V2 states[] /* __counted_by(ucNumEntries) */; }StateArray; --- base-commit: e64e8f7c178e5228e0b2dbb504b9dc75953a319f change-id: 20240529-drop-counted-by-radeon-states-state-array-01936ded4c18 Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

1 year, 3 months

2
1
0 0

[PATCH v3 0/4] LoongArch: Bootloader interface fixes

by Jiaxun Yang

Hi all, This series fixed some issues on bootloader - kernel interface. The first two fixed booting with devicetree, the last two enhanced kernel's tolerance on different bootloader implementation. Please review. Thanks Signed-off-by: Jiaxun Yang <jiaxun.yang(a)flygoat.com> --- Changes in v3: - Polish all individual patches with comments received offline. - Link to v2: https://lore.kernel.org/r/20240522-loongarch-booting-fixes-v2-0-727edb96e54… Changes in v2: - Enhance PATCH 3-4 based on off list discussions with Huacai & co. - Link to v1: https://lore.kernel.org/r/20240521-loongarch-booting-fixes-v1-0-659c201c037… --- Jiaxun Yang (4): LoongArch: Fix built-in DTB detection LoongArch: smp: Add all CPUs enabled by fdt to NUMA node 0 LoongArch: Fix entry point in image header LoongArch: Override higher address bits in JUMP_VIRT_ADDR arch/loongarch/include/asm/stackframe.h | 2 +- arch/loongarch/kernel/head.S | 2 +- arch/loongarch/kernel/setup.c | 6 ++++-- arch/loongarch/kernel/smp.c | 5 ++++- arch/loongarch/kernel/vmlinux.lds.S | 2 ++ drivers/firmware/efi/libstub/loongarch.c | 2 +- 6 files changed, 13 insertions(+), 6 deletions(-) --- base-commit: 124cfbcd6d185d4f50be02d5f5afe61578916773 change-id: 20240521-loongarch-booting-fixes-366e13e7ca55 Best regards, -- Jiaxun Yang <jiaxun.yang(a)flygoat.com>

1 year, 3 months

5
10
0 0

[PATCH] kheaders: explicitly define file modes for archived headers

by Matthias Männich

From: Matthias Maennich <maennich(a)google.com> Build environments might be running with different umask settings resulting in indeterministic file modes for the files contained in kheaders.tar.xz. The file itself is served with 444, i.e. world readable. Archive the files explicitly with 744,a+X to improve reproducibility across build environments. --mode=0444 is not suitable as directories need to be executable. Also, 444 makes it hard to delete all the readonly files after extraction. Cc: stable(a)vger.kernel.org Cc: linux-kbuild(a)vger.kernel.org Cc: Masahiro Yamada <masahiroy(a)kernel.org> Cc: Joel Fernandes <joel(a)joelfernandes.org> Signed-off-by: Matthias Maennich <maennich(a)google.com> --- kernel/gen_kheaders.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/gen_kheaders.sh b/kernel/gen_kheaders.sh index 6d443ea22bb7..8b6e0c2bc0df 100755 --- a/kernel/gen_kheaders.sh +++ b/kernel/gen_kheaders.sh @@ -84,7 +84,7 @@ find $cpio_dir -type f -print0 | # Create archive and try to normalize metadata for reproducibility. tar "${KBUILD_BUILD_TIMESTAMP:+--mtime=$KBUILD_BUILD_TIMESTAMP}" \ - --owner=0 --group=0 --sort=name --numeric-owner \ + --owner=0 --group=0 --sort=name --numeric-owner --mode=u=rw,go=r,a+X \ -I $XZ -cf $tarfile -C $cpio_dir/ . > /dev/null echo $headers_md5 > kernel/kheaders.md5 -- 2.45.1.288.g0e0cd299f1-goog

1 year, 3 months

2
1
0 0

[PATCH v3] ata: ahci: Do not apply Intel PCS quirk on Intel Alder Lake

by Jason Nader

Commit b8b8b4e0c052 ("ata: ahci: Add Intel Alder Lake-P AHCI controller to low power chipsets list") added Intel Alder Lake to the ahci_pci_tbl. Because of the way that the Intel PCS quirk was implemented, having an explicit entry in the ahci_pci_tbl caused the Intel PCS quirk to be applied. (The quirk was not being applied if there was no explict entry.) Thus, entries that were added to the ahci_pci_tbl also got the Intel PCS quirk applied. The quirk was cleaned up in commit 7edbb6059274 ("ahci: clean up intel_pcs_quirk"), such that it is clear which entries that actually applies the Intel PCS quirk. Newer Intel AHCI controllers do not need the Intel PCS quirk, and applying it when not needed actually breaks some platforms. Do not apply the Intel PCS quirk for Intel Alder Lake. This is in line with how things worked before commit b8b8b4e0c052 ("ata: ahci: Add Intel Alder Lake-P AHCI controller to low power chipsets list"), such that certain platforms using Intel Alder Lake will work once again. Cc: stable(a)vger.kernel.org # 6.7 Fixes: b8b8b4e0c052 ("ata: ahci: Add Intel Alder Lake-P AHCI controller to low power chipsets list") Signed-off-by: Jason Nader <dev(a)kayoway.com> --- drivers/ata/ahci.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c index 6548f10e61d9..07d66d2c5f0d 100644 --- a/drivers/ata/ahci.c +++ b/drivers/ata/ahci.c @@ -429,7 +429,6 @@ static const struct pci_device_id ahci_pci_tbl[] = { { PCI_VDEVICE(INTEL, 0x02d7), board_ahci_pcs_quirk }, /* Comet Lake PCH RAID */ /* Elkhart Lake IDs 0x4b60 & 0x4b62 https://sata-io.org/product/8803 not tested yet */ { PCI_VDEVICE(INTEL, 0x4b63), board_ahci_pcs_quirk }, /* Elkhart Lake AHCI */ - { PCI_VDEVICE(INTEL, 0x7ae2), board_ahci_pcs_quirk }, /* Alder Lake-P AHCI */ /* JMicron 360/1/3/5/6, match class to avoid IDE function */ { PCI_VENDOR_ID_JMICRON, PCI_ANY_ID, PCI_ANY_ID, PCI_ANY_ID, -- 2.45.1

1 year, 3 months

3
2
0 0

[REGRESSION][BISECTED] Scheduling errors with the AMD FX 8300 CPU

by Christian Heusel

Hello Thomas, Tim reports a regression on his AMD FX 8300 CPU that causes him scheduling errors (see dmesg below), initially on the latest stable kernel from Arch Linux. The issue reproduces by simply booting the kernel on his hardware. He also reported some ATA related errors (also attached below the dmesg), of which I dont know whether they are relevant or not. We have debugged the issue together in the ticket in our bugtracker[0] and collectively bisected it down to the following commit: c749ce393b8f ("x86/cpu: Use common topology code for AMD") Tim (in CC) offered to be available for further debugging in this thread. Reported-by: Tim Teichmann <teichmanntim(a)outlook.de> Bisected-by: Christian Heusel <christian(a)heusel.eu> Cheers, Chris [0]: https://gitlab.archlinux.org/archlinux/packaging/packages/linux/-/issues/56 --- #regzbot link: https://gitlab.archlinux.org/archlinux/packaging/packages/linux/-/issues/56 #regzbot introduced: c749ce393b8f #regzbot title: Scheduling errors with the AMD FX 8300 CPU --- dmesg output: May 23 23:36:49 archlinux kernel: smp: Bringing up secondary CPUs ... May 23 23:36:49 archlinux kernel: smpboot: x86: Booting SMP configuration: May 23 23:36:49 archlinux kernel: .... node #0, CPUs: #2 #4 #6 May 23 23:36:49 archlinux kernel: __common_interrupt: 2.55 No irq handler for vector May 23 23:36:49 archlinux kernel: __common_interrupt: 4.55 No irq handler for vector May 23 23:36:49 archlinux kernel: __common_interrupt: 6.55 No irq handler for vector May 23 23:36:49 archlinux kernel: #1 #3 #5 #7 May 23 23:36:49 archlinux kernel: ------------[ cut here ]------------ May 23 23:36:49 archlinux kernel: WARNING: CPU: 1 PID: 0 at kernel/sched/core.c:6482 sched_cpu_starting+0x183/0x250 May 23 23:36:49 archlinux kernel: Modules linked in: May 23 23:36:49 archlinux kernel: CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.9.1-arch1-2 #1 06928436e5a6b4805e171d14d8efa397d7db9ad0 May 23 23:36:49 archlinux kernel: Hardware name: Gigabyte Technology Co., Ltd. GA-78LMT-USB3 R2/GA-78LMT-USB3 R2, BIOS F1 11/08/2017 May 23 23:36:49 archlinux kernel: RIP: 0010:sched_cpu_starting+0x183/0x250 May 23 23:36:49 archlinux kernel: Code: 00 8b 0d b0 e0 10 02 39 c8 0f 83 71 ff ff ff 48 63 d0 48 8b 3c d5 20 53 71 a6 4c 01 e7 39 c3 75 c7 4c 89 bf 48 0d 00 00 eb c7 <0f> 0b eb c3 be 04 00> May 23 23:36:49 archlinux kernel: RSP: 0000:ffffa6a3c00cfe38 EFLAGS: 00010087 May 23 23:36:49 archlinux kernel: RAX: 0000000000000002 RBX: 0000000000000001 RCX: 0000000000000008 May 23 23:36:49 archlinux kernel: RDX: 0000000000000002 RSI: fffffffffffffffc RDI: ffff9367aeb36540 May 23 23:36:49 archlinux kernel: RBP: ffff9367aea99b00 R08: ffff9367aea99b00 R09: 0000000000000003 May 23 23:36:49 archlinux kernel: R10: ffff9367aea99b00 R11: 0000000000000006 R12: 0000000000036540 May 23 23:36:49 archlinux kernel: R13: 0000000000036540 R14: 0000000000000001 R15: ffff9367aea36540 May 23 23:36:49 archlinux kernel: FS: 0000000000000000(0000) GS:ffff9367aea80000(0000) knlGS:0000000000000000 May 23 23:36:49 archlinux kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 May 23 23:36:49 archlinux kernel: CR2: 0000000000000000 CR3: 000000036dc20000 CR4: 00000000000406f0 May 23 23:36:49 archlinux kernel: Call Trace: May 23 23:36:49 archlinux kernel: <TASK> May 23 23:36:49 archlinux kernel: ? sched_cpu_starting+0x183/0x250 May 23 23:36:49 archlinux kernel: ? __warn.cold+0x8e/0xe8 May 23 23:36:49 archlinux kernel: ? sched_cpu_starting+0x183/0x250 May 23 23:36:49 archlinux kernel: ? report_bug+0xff/0x140 May 23 23:36:49 archlinux kernel: ? handle_bug+0x3c/0x80 May 23 23:36:49 archlinux kernel: ? exc_invalid_op+0x17/0x70 May 23 23:36:49 archlinux kernel: ? asm_exc_invalid_op+0x1a/0x20 May 23 23:36:49 archlinux kernel: ? sched_cpu_starting+0x183/0x250 May 23 23:36:49 archlinux kernel: ? sched_cpu_starting+0x15a/0x250 May 23 23:36:49 archlinux kernel: ? __pfx_sched_cpu_starting+0x10/0x10 May 23 23:36:49 archlinux kernel: cpuhp_invoke_callback+0x122/0x410 May 23 23:36:49 archlinux kernel: __cpuhp_invoke_callback_range+0x64/0xc0 May 23 23:36:49 archlinux kernel: start_secondary+0x9c/0x140 May 23 23:36:49 archlinux kernel: common_startup_64+0x13e/0x141 May 23 23:36:49 archlinux kernel: </TASK> May 23 23:36:49 archlinux kernel: ---[ end trace 0000000000000000 ]--- May 23 23:36:49 archlinux kernel: __common_interrupt: 1.55 No irq handler for vector May 23 23:36:49 archlinux kernel: __common_interrupt: 3.55 No irq handler for vector May 23 23:36:49 archlinux kernel: __common_interrupt: 5.55 No irq handler for vector May 23 23:36:49 archlinux kernel: __common_interrupt: 7.55 No irq handler for vector May 23 23:36:49 archlinux kernel: smp: Brought up 1 node, 8 CPUs May 23 23:36:49 archlinux kernel: smpboot: Total of 8 processors activated (53173.28 BogoMIPS) May 23 23:36:49 archlinux kernel: ------------[ cut here ]------------ May 23 23:36:49 archlinux kernel: WARNING: CPU: 0 PID: 1 at kernel/sched/topology.c:2408 build_sched_domains+0x76b/0x12b0 May 23 23:36:49 archlinux kernel: Modules linked in: May 23 23:36:49 archlinux kernel: CPU: 0 PID: 1 Comm: swapper/0 Tainted: G W 6.9.1-arch1-2 #1 06928436e5a6b4805e171d14d8efa397d7db9ad0 May 23 23:36:49 archlinux kernel: Hardware name: Gigabyte Technology Co., Ltd. GA-78LMT-USB3 R2/GA-78LMT-USB3 R2, BIOS F1 11/08/2017 May 23 23:36:49 archlinux kernel: RIP: 0010:build_sched_domains+0x76b/0x12b0 May 23 23:36:49 archlinux kernel: Code: 63 4d 14 39 34 8a 0f 8e 73 fe ff ff 25 e9 ef ff ff 80 cc 04 41 89 46 3c e9 62 fe ff ff 41 c7 46 30 01 00 00 00 e9 55 fe ff ff <0f> 0b bb f4 ff ff ff> May 23 23:36:49 archlinux kernel: RSP: 0018:ffffa6a3c001fe10 EFLAGS: 00010202 May 23 23:36:49 archlinux kernel: RAX: 00000000ffffff01 RBX: 0000000000000000 RCX: 00000000ffffff01 May 23 23:36:49 archlinux kernel: RDX: 00000000fffffff8 RSI: 0000000000000003 RDI: ffff9367aea19b00 May 23 23:36:49 archlinux kernel: RBP: ffff936480367a00 R08: ffff9367aea19b00 R09: 0000000000000000 May 23 23:36:49 archlinux kernel: R10: ffffa6a3c001fdd8 R11: 0000000000000000 R12: 0000000000000001 May 23 23:36:49 archlinux kernel: R13: ffff9367aea99b00 R14: 0000000000000001 R15: ffff936480942e80 May 23 23:36:49 archlinux kernel: FS: 0000000000000000(0000) GS:ffff9367aea00000(0000) knlGS:0000000000000000 May 23 23:36:49 archlinux kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 May 23 23:36:49 archlinux kernel: CR2: ffff9366eea01000 CR3: 000000036dc20000 CR4: 00000000000406f0 May 23 23:36:49 archlinux kernel: Call Trace: May 23 23:36:49 archlinux kernel: <TASK> May 23 23:36:49 archlinux kernel: ? build_sched_domains+0x76b/0x12b0 May 23 23:36:49 archlinux kernel: ? __warn.cold+0x8e/0xe8 May 23 23:36:49 archlinux kernel: ? build_sched_domains+0x76b/0x12b0 May 23 23:36:49 archlinux kernel: ? report_bug+0xff/0x140 May 23 23:36:49 archlinux kernel: ? handle_bug+0x3c/0x80 May 23 23:36:49 archlinux kernel: ? exc_invalid_op+0x17/0x70 May 23 23:36:49 archlinux kernel: ? asm_exc_invalid_op+0x1a/0x20 May 23 23:36:49 archlinux kernel: ? build_sched_domains+0x76b/0x12b0 May 23 23:36:49 archlinux kernel: ? kmalloc_trace+0x13a/0x320 May 23 23:36:49 archlinux kernel: sched_init_smp+0x3e/0xc0 May 23 23:36:49 archlinux kernel: ? stop_machine+0x30/0x40 May 23 23:36:49 archlinux kernel: kernel_init_freeable+0x109/0x250 May 23 23:36:49 archlinux kernel: ? __pfx_kernel_init+0x10/0x10 May 23 23:36:49 archlinux kernel: kernel_init+0x1a/0x140 May 23 23:36:49 archlinux kernel: ret_from_fork+0x34/0x50 May 23 23:36:49 archlinux kernel: ? __pfx_kernel_init+0x10/0x10 May 23 23:36:49 archlinux kernel: ret_from_fork_asm+0x1a/0x30 May 23 23:36:49 archlinux kernel: </TASK> May 23 23:36:49 archlinux kernel: ---[ end trace 0000000000000000 ]--- --- ATA stuff: May 23 23:36:59 archlinux kernel: ata2.00: exception Emask 0x10 SAct 0x1fffe000 SErr 0x40d0002 action 0xe frozen May 23 23:36:59 archlinux kernel: ata2.00: irq_stat 0x00000040, connection status changed May 23 23:36:59 archlinux kernel: ata2: SError: { RecovComm PHYRdyChg CommWake 10B8B DevExch } May 23 23:36:59 archlinux kernel: ata2.00: failed command: WRITE FPDMA QUEUED May 23 23:36:59 archlinux kernel: ata2.00: cmd 61/10:68:10:f8:07/00:00:00:00:00/40 tag 13 ncq dma 8192 out res 40/00:01:00:00:00/00:00:00:00:00/00 Emask 0x10 (ATA bus error) May 23 23:36:59 archlinux kernel: ata2.00: status: { DRDY } May 23 23:36:59 archlinux kernel: ata2.00: failed command: WRITE FPDMA QUEUED May 23 23:36:59 archlinux kernel: ata2.00: cmd 61/08:70:28:f8:07/00:00:00:00:00/40 tag 14 ncq dma 4096 out res 40/00:00:00:00:00/00:00:00:00:00/00 Emask 0x10 (ATA bus error) May 23 23:36:59 archlinux kernel: ata2.00: status: { DRDY } May 23 23:36:59 archlinux kernel: ata2.00: failed command: WRITE FPDMA QUEUED May 23 23:36:59 archlinux kernel: ata2.00: cmd 61/18:78:50:f8:07/00:00:00:00:00/40 tag 15 ncq dma 12288 out res 40/00:68:00:00:00/00:00:00:00:00/40 Emask 0x10 (ATA

1 year, 3 months

6
18
0 0

[PATCH 2/2] arm64: dts: qcom: sc7280: Disable SS instances in park mode

by Krishna Kurapati

On SC7280, in host mode, it is observed that stressing out controller in host mode results in HC died error and only restarting the host mode fixes it. Disable SS instances in park mode for these targets to avoid host controller being dead. Reported-by: Doug Anderson <dianders(a)google.com> Cc: <stable(a)vger.kernel.org> Fixes: bb9efa59c665 ("arm64: dts: qcom: sc7280: Add USB related nodes") Signed-off-by: Krishna Kurapati <quic_kriskura(a)quicinc.com> --- arch/arm64/boot/dts/qcom/sc7280.dtsi | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm64/boot/dts/qcom/sc7280.dtsi b/arch/arm64/boot/dts/qcom/sc7280.dtsi index 41f51d326111..e0d3eeb6f639 100644 --- a/arch/arm64/boot/dts/qcom/sc7280.dtsi +++ b/arch/arm64/boot/dts/qcom/sc7280.dtsi @@ -4131,6 +4131,7 @@ usb_1_dwc3: usb@a600000 { iommus = <&apps_smmu 0xe0 0x0>; snps,dis_u2_susphy_quirk; snps,dis_enblslpm_quirk; + snps,parkmode-disable-ss-quirk; phys = <&usb_1_hsphy>, <&usb_1_qmpphy QMP_USB43DP_USB3_PHY>; phy-names = "usb2-phy", "usb3-phy"; maximum-speed = "super-speed"; -- 2.34.1

1 year, 3 months

2
1
0 0

[PATCH 1/2] gpio: amd8111: Convert PCIBIOS_* return codes to errnos

by Ilpo Järvinen

amd_gpio_init() uses pci_read_config_dword() that returns PCIBIOS_* codes. The return code is then returned as is but amd_gpio_init() is a module init function that should return normal errnos. Convert PCIBIOS_* returns code using pcibios_err_to_errno() into normal errno before returning it from amd_gpio_init(). Fixes: f942a7de047d ("gpio: add a driver for GPIO pins found on AMD-8111 south bridge chips") Cc: stable(a)vger.kernel.org Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> --- drivers/gpio/gpio-amd8111.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/gpio/gpio-amd8111.c b/drivers/gpio/gpio-amd8111.c index 6f3ded619c8b..3377667a28de 100644 --- a/drivers/gpio/gpio-amd8111.c +++ b/drivers/gpio/gpio-amd8111.c @@ -195,8 +195,10 @@ static int __init amd_gpio_init(void) found: err = pci_read_config_dword(pdev, 0x58, &gp.pmbase); - if (err) + if (err) { + err = pcibios_err_to_errno(err); goto out; + } err = -EIO; gp.pmbase &= 0x0000FF00; if (gp.pmbase == 0) -- 2.39.2

1 year, 3 months

4
8
0 0

Linux 6.8.12

by Greg Kroah-Hartman

Note, this the LAST 6.8.y release, this branch is now end-of-life. Please move to the 6.9.y branch at this point in time. ----------------------- I'm announcing the release of the 6.8.12 kernel. All users of the 6.8 kernel series must upgrade. The updated 6.8.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.8.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/kernel-parameters.txt | 3 Documentation/devicetree/bindings/media/i2c/ovti,ov2680.yaml | 18 Documentation/devicetree/bindings/soc/rockchip/grf.yaml | 1 Documentation/devicetree/bindings/sound/rt5645.txt | 6 Documentation/devicetree/bindings/thermal/loongson,ls2k-thermal.yaml | 24 Makefile | 2 arch/arm/configs/sunxi_defconfig | 1 arch/arm64/include/asm/irqflags.h | 1 arch/arm64/kernel/fpsimd.c | 44 arch/loongarch/kernel/perf_event.c | 2 arch/m68k/kernel/entry.S | 4 arch/m68k/mac/misc.c | 36 arch/openrisc/kernel/traps.c | 48 arch/parisc/kernel/parisc_ksyms.c | 1 arch/powerpc/sysdev/fsl_msi.c | 2 arch/riscv/Kconfig.errata | 8 arch/riscv/errata/thead/errata.c | 24 arch/riscv/include/asm/errata_list.h | 20 arch/riscv/net/bpf_jit_comp64.c | 20 arch/s390/include/asm/gmap.h | 2 arch/s390/include/asm/mmu.h | 5 arch/s390/include/asm/mmu_context.h | 1 arch/s390/include/asm/pgtable.h | 16 arch/s390/kvm/kvm-s390.c | 4 arch/s390/mm/gmap.c | 165 + arch/s390/net/bpf_jit_comp.c | 8 arch/sh/kernel/kprobes.c | 7 arch/sh/lib/checksum.S | 67 arch/x86/Kconfig | 8 arch/x86/boot/compressed/head_64.S | 5 arch/x86/crypto/nh-avx2-x86_64.S | 1 arch/x86/crypto/sha256-avx2-asm.S | 1 arch/x86/crypto/sha512-avx2-asm.S | 1 arch/x86/entry/vsyscall/vsyscall_64.c | 28 arch/x86/include/asm/cmpxchg_64.h | 2 arch/x86/include/asm/pgtable_types.h | 2 arch/x86/include/asm/processor.h | 1 arch/x86/include/asm/sparsemem.h | 2 arch/x86/kernel/cpu/microcode/amd.c | 2 arch/x86/kernel/tsc_sync.c | 6 arch/x86/lib/x86-opcode-map.txt | 10 arch/x86/mm/fault.c | 33 arch/x86/mm/numa.c | 4 arch/x86/mm/pat/set_memory.c | 68 arch/x86/net/bpf_jit_comp.c | 57 arch/x86/purgatory/Makefile | 3 arch/x86/tools/relocs.c | 9 block/blk-core.c | 9 block/blk-merge.c | 2 block/blk-mq.c | 4 block/blk.h | 1 block/fops.c | 2 block/genhd.c | 2 block/partitions/cmdline.c | 49 crypto/asymmetric_keys/Kconfig | 3 drivers/accessibility/speakup/main.c | 2 drivers/acpi/acpi_lpss.c | 1 drivers/acpi/acpica/Makefile | 1 drivers/acpi/bus.c | 5 drivers/acpi/numa/srat.c | 5 drivers/block/null_blk/main.c | 2 drivers/bluetooth/btmrvl_main.c | 9 drivers/bluetooth/btqca.c | 4 drivers/bluetooth/btrsi.c | 1 drivers/bluetooth/btsdio.c | 8 drivers/bluetooth/btusb.c | 5 drivers/bluetooth/hci_bcm4377.c | 1 drivers/bluetooth/hci_ldisc.c | 6 drivers/bluetooth/hci_serdev.c | 5 drivers/bluetooth/hci_uart.h | 1 drivers/bluetooth/hci_vhci.c | 10 drivers/bluetooth/virtio_bt.c | 2 drivers/char/hw_random/stm32-rng.c | 18 drivers/clk/clk-renesas-pcie.c | 10 drivers/clk/mediatek/clk-mt8365-mm.c | 2 drivers/clk/mediatek/clk-pllfh.c | 2 drivers/clk/qcom/Kconfig | 2 drivers/clk/qcom/apss-ipq-pll.c | 3 drivers/clk/qcom/clk-alpha-pll.c | 1 drivers/clk/qcom/dispcc-sm6350.c | 11 drivers/clk/qcom/dispcc-sm8450.c | 20 drivers/clk/qcom/dispcc-sm8550.c | 20 drivers/clk/qcom/dispcc-sm8650.c | 20 drivers/clk/qcom/mmcc-msm8998.c | 8 drivers/clk/renesas/r8a779a0-cpg-mssr.c | 2 drivers/clk/renesas/r9a07g043-cpg.c | 9 drivers/clk/samsung/clk-exynosautov9.c | 8 drivers/cpufreq/brcmstb-avs-cpufreq.c | 5 drivers/cpufreq/cppc_cpufreq.c | 14 drivers/cpufreq/cpufreq.c | 11 drivers/crypto/bcm/spu2.c | 2 drivers/crypto/ccp/sp-platform.c | 14 drivers/crypto/intel/qat/qat_420xx/adf_420xx_hw_data.c | 2 drivers/crypto/intel/qat/qat_4xxx/adf_4xxx_hw_data.c | 2 drivers/crypto/intel/qat/qat_4xxx/adf_drv.c | 2 drivers/crypto/intel/qat/qat_common/adf_gen4_tl.c | 1 drivers/crypto/intel/qat/qat_common/adf_rl.c | 2 drivers/crypto/intel/qat/qat_common/adf_telemetry.c | 21 drivers/crypto/intel/qat/qat_common/adf_telemetry.h | 1 drivers/crypto/marvell/octeontx2/cn10k_cpt.c | 4 drivers/dma/xilinx/xdma.c | 14 drivers/dpll/dpll_core.c | 2 drivers/edac/skx_common.c | 2 drivers/edac/versal_edac.c | 5 drivers/firmware/qcom/qcom_scm.c | 12 drivers/firmware/raspberrypi.c | 7 drivers/fpga/dfl-pci.c | 3 drivers/gpio/gpio-npcm-sgpio.c | 10 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_mes.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 3 drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 3 drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_migrate.c | 16 drivers/gpu/drm/amd/amdkfd/kfd_process.c | 8 drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 2 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 1 drivers/gpu/drm/amd/display/dc/clk_mgr/dcn315/dcn315_clk_mgr.c | 8 drivers/gpu/drm/amd/display/dc/clk_mgr/dcn32/dcn32_clk_mgr.c | 15 drivers/gpu/drm/amd/display/dc/core/dc.c | 3 drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c | 5 drivers/gpu/drm/amd/display/dc/dml/dcn31/dcn31_fpu.c | 2 drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 3 drivers/gpu/drm/amd/display/dc/link/protocols/link_dp_dpia_bw.c | 10 drivers/gpu/drm/amd/display/dc/resource/dcn20/dcn20_resource.c | 1 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_6_ppt.c | 25 drivers/gpu/drm/arm/malidp_mw.c | 5 drivers/gpu/drm/bridge/analogix/anx7625.c | 15 drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c | 3 drivers/gpu/drm/bridge/chipone-icn6211.c | 6 drivers/gpu/drm/bridge/lontium-lt8912b.c | 6 drivers/gpu/drm/bridge/lontium-lt9611.c | 6 drivers/gpu/drm/bridge/lontium-lt9611uxc.c | 6 drivers/gpu/drm/bridge/tc358775.c | 6 drivers/gpu/drm/bridge/ti-dlpc3433.c | 17 drivers/gpu/drm/bridge/ti-sn65dsi86.c | 1 drivers/gpu/drm/ci/test.yml | 6 drivers/gpu/drm/display/drm_dp_helper.c | 35 drivers/gpu/drm/drm_bridge.c | 10 drivers/gpu/drm/drm_edid.c | 2 drivers/gpu/drm/drm_mipi_dsi.c | 6 drivers/gpu/drm/etnaviv/etnaviv_gpu.c | 4 drivers/gpu/drm/imagination/pvr_vm_mips.c | 4 drivers/gpu/drm/mediatek/mtk_drm_crtc.c | 8 drivers/gpu/drm/mediatek/mtk_drm_gem.c | 3 drivers/gpu/drm/meson/meson_vclk.c | 6 drivers/gpu/drm/msm/dp/dp_aux.c | 20 drivers/gpu/drm/msm/dp/dp_aux.h | 1 drivers/gpu/drm/msm/dp/dp_ctrl.c | 6 drivers/gpu/drm/msm/dp/dp_display.c | 4 drivers/gpu/drm/msm/dp/dp_link.c | 22 drivers/gpu/drm/msm/dp/dp_link.h | 14 drivers/gpu/drm/mxsfb/lcdif_drv.c | 6 drivers/gpu/drm/nouveau/nvkm/engine/disp/r535.c | 2 drivers/gpu/drm/omapdrm/Kconfig | 2 drivers/gpu/drm/omapdrm/omap_fbdev.c | 40 drivers/gpu/drm/panel/panel-edp.c | 3 drivers/gpu/drm/panel/panel-leadtek-ltk050h3146w.c | 5 drivers/gpu/drm/panel/panel-novatek-nt35950.c | 6 drivers/gpu/drm/panel/panel-samsung-atna33xc20.c | 24 drivers/gpu/drm/panel/panel-simple.c | 3 drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 22 drivers/gpu/drm/vc4/vc4_hdmi.c | 2 drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c | 10 drivers/hid/hid-mcp2221.c | 2 drivers/hid/hid-nintendo.c | 8 drivers/hid/intel-ish-hid/ipc/pci-ish.c | 5 drivers/infiniband/core/cma.c | 4 drivers/infiniband/hw/bnxt_re/qplib_fp.c | 3 drivers/infiniband/hw/hns/hns_roce_cq.c | 24 drivers/infiniband/hw/hns/hns_roce_hem.h | 12 drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 7 drivers/infiniband/hw/hns/hns_roce_main.c | 1 drivers/infiniband/hw/hns/hns_roce_mr.c | 15 drivers/infiniband/hw/hns/hns_roce_srq.c | 6 drivers/infiniband/hw/mana/cq.c | 54 drivers/infiniband/hw/mana/main.c | 43 drivers/infiniband/hw/mana/mana_ib.h | 14 drivers/infiniband/hw/mana/qp.c | 26 drivers/infiniband/hw/mlx5/mem.c | 8 drivers/infiniband/hw/mlx5/mlx5_ib.h | 3 drivers/infiniband/hw/mlx5/mr.c | 35 drivers/infiniband/sw/rxe/rxe_comp.c | 6 drivers/infiniband/sw/rxe/rxe_net.c | 12 drivers/infiniband/sw/rxe/rxe_verbs.c | 6 drivers/infiniband/ulp/ipoib/ipoib_vlan.c | 8 drivers/input/input.c | 104 + drivers/input/joystick/xpad.c | 2 drivers/input/mouse/amimouse.c | 8 drivers/iommu/iommu.c | 21 drivers/irqchip/irq-alpine-msi.c | 2 drivers/irqchip/irq-loongson-pch-msi.c | 2 drivers/macintosh/via-macii.c | 11 drivers/md/dm-delay.c | 14 drivers/md/md-bitmap.c | 6 drivers/media/i2c/et8ek8/et8ek8_driver.c | 4 drivers/media/pci/intel/ipu3/ipu3-cio2.c | 10 drivers/media/pci/ngene/ngene-core.c | 4 drivers/media/platform/cadence/cdns-csi2rx.c | 26 drivers/media/platform/renesas/rcar-vin/rcar-vin.h | 2 drivers/media/radio/radio-shark2.c | 2 drivers/media/usb/uvc/uvc_driver.c | 31 drivers/media/usb/uvc/uvcvideo.h | 1 drivers/media/v4l2-core/v4l2-subdev.c | 2 drivers/misc/lkdtm/Makefile | 2 drivers/misc/lkdtm/perms.c | 2 drivers/mtd/mtdcore.c | 6 drivers/mtd/nand/raw/nand_hynix.c | 2 drivers/net/dsa/mv88e6xxx/chip.c | 50 drivers/net/dsa/mv88e6xxx/chip.h | 6 drivers/net/dsa/mv88e6xxx/global1.c | 89 + drivers/net/dsa/mv88e6xxx/global1.h | 2 drivers/net/ethernet/cortina/gemini.c | 12 drivers/net/ethernet/freescale/enetc/enetc.c | 2 drivers/net/ethernet/freescale/fec_main.c | 26 drivers/net/ethernet/intel/ice/ice_base.c | 134 + drivers/net/ethernet/intel/ice/ice_base.h | 10 drivers/net/ethernet/intel/ice/ice_common.c | 4 drivers/net/ethernet/intel/ice/ice_ddp.c | 16 drivers/net/ethernet/intel/ice/ice_lag.c | 6 drivers/net/ethernet/intel/ice/ice_lib.c | 129 - drivers/net/ethernet/intel/ice/ice_lib.h | 10 drivers/net/ethernet/intel/ice/ice_sched.c | 4 drivers/net/ethernet/intel/ice/ice_switch.c | 10 drivers/net/ethernet/intel/ice/ice_xsk.c | 22 drivers/net/ethernet/intel/idpf/idpf_ethtool.c | 3 drivers/net/ethernet/mediatek/mtk_eth_soc.c | 240 +- drivers/net/ethernet/mediatek/mtk_eth_soc.h | 29 drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 44 drivers/net/ethernet/mellanox/mlx5/core/en/xsk/setup.c | 6 drivers/net/ethernet/mellanox/mlx5/core/esw/bridge.c | 2 drivers/net/ethernet/mellanox/mlx5/core/eswitch.h | 4 drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c | 28 drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c | 6 drivers/net/ethernet/mellanox/mlx5/core/lag/mpesw.c | 4 drivers/net/ethernet/mellanox/mlx5/core/main.c | 14 drivers/net/ethernet/mellanox/mlx5/core/sf/dev/driver.c | 19 drivers/net/ethernet/microchip/lan966x/lan966x_main.c | 6 drivers/net/ethernet/microsoft/mana/hw_channel.c | 2 drivers/net/ethernet/qlogic/qed/qed_main.c | 9 drivers/net/ethernet/realtek/r8169_main.c | 9 drivers/net/ethernet/smsc/smc91x.h | 4 drivers/net/ethernet/stmicro/stmmac/common.h | 2 drivers/net/ethernet/stmicro/stmmac/stmmac.h | 2 drivers/net/ethernet/stmicro/stmmac/stmmac_est.c | 6 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 22 drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c | 8 drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c | 105 + drivers/net/ethernet/sun/sungem.c | 14 drivers/net/ethernet/ti/icssg/icssg_prueth.c | 14 drivers/net/ethernet/wangxun/libwx/wx_hw.c | 2 drivers/net/ethernet/wangxun/libwx/wx_lib.c | 76 drivers/net/ethernet/wangxun/libwx/wx_lib.h | 2 drivers/net/ethernet/wangxun/libwx/wx_type.h | 23 drivers/net/ethernet/wangxun/ngbe/ngbe_ethtool.c | 18 drivers/net/ethernet/wangxun/ngbe/ngbe_main.c | 1 drivers/net/ethernet/wangxun/txgbe/Makefile | 1 drivers/net/ethernet/wangxun/txgbe/txgbe_ethtool.c | 18 drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c | 269 +++ drivers/net/ethernet/wangxun/txgbe/txgbe_irq.h | 7 drivers/net/ethernet/wangxun/txgbe/txgbe_main.c | 172 -- drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c | 90 - drivers/net/ethernet/wangxun/txgbe/txgbe_phy.h | 3 drivers/net/ethernet/wangxun/txgbe/txgbe_type.h | 18 drivers/net/phy/micrel.c | 3 drivers/net/usb/aqc111.c | 8 drivers/net/usb/qmi_wwan.c | 3 drivers/net/usb/smsc95xx.c | 15 drivers/net/usb/sr9700.c | 10 drivers/net/wireless/ath/ar5523/ar5523.c | 14 drivers/net/wireless/ath/ath10k/core.c | 3 drivers/net/wireless/ath/ath10k/debugfs_sta.c | 2 drivers/net/wireless/ath/ath10k/hw.h | 1 drivers/net/wireless/ath/ath10k/targaddrs.h | 3 drivers/net/wireless/ath/ath10k/wmi.c | 26 drivers/net/wireless/ath/ath11k/mac.c | 9 drivers/net/wireless/ath/ath12k/qmi.c | 3 drivers/net/wireless/ath/ath12k/wmi.c | 2 drivers/net/wireless/ath/carl9170/tx.c | 3 drivers/net/wireless/ath/carl9170/usb.c | 32 drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c | 15 drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 19 drivers/net/wireless/intel/iwlwifi/mvm/mld-mac80211.c | 47 drivers/net/wireless/intel/iwlwifi/mvm/mld-sta.c | 19 drivers/net/wireless/intel/iwlwifi/mvm/mvm.h | 2 drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 7 drivers/net/wireless/marvell/mwl8k.c | 2 drivers/net/wireless/mediatek/mt76/mt7603/dma.c | 46 drivers/net/wireless/mediatek/mt76/mt7603/mac.c | 1 drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c | 1 drivers/net/wireless/mediatek/mt76/mt7915/debugfs.c | 6 drivers/net/wireless/mediatek/mt76/mt7925/mcu.h | 2 drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 12 drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 2 drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 1 drivers/net/wireless/realtek/rtw89/ps.c | 3 drivers/net/wireless/realtek/rtw89/wow.c | 12 drivers/nvme/host/core.c | 21 drivers/nvme/host/multipath.c | 3 drivers/nvme/host/nvme.h | 21 drivers/nvme/host/pci.c | 8 drivers/nvme/host/tcp.c | 10 drivers/nvme/target/auth.c | 8 drivers/nvme/target/configfs.c | 12 drivers/nvme/target/core.c | 5 drivers/nvme/target/nvmet.h | 1 drivers/nvme/target/tcp.c | 11 drivers/of/module.c | 7 drivers/perf/hisilicon/hisi_pcie_pmu.c | 14 drivers/perf/hisilicon/hns3_pmu.c | 16 drivers/platform/x86/intel/speed_select_if/isst_if_common.c | 1 drivers/platform/x86/xiaomi-wmi.c | 18 drivers/ptp/ptp_ocp.c | 6 drivers/pwm/core.c | 852 ++++------ drivers/pwm/pwm-clps711x.c | 1 drivers/pwm/pwm-cros-ec.c | 1 drivers/pwm/pwm-meson.c | 51 drivers/pwm/pwm-pxa.c | 4 drivers/pwm/pwm-sti.c | 46 drivers/pwm/sysfs.c | 4 drivers/regulator/irq_helpers.c | 3 drivers/regulator/qcom-refgen-regulator.c | 1 drivers/regulator/vqmmc-ipq4019-regulator.c | 1 drivers/s390/cio/trace.h | 2 drivers/scsi/bfa/bfad_debugfs.c | 4 drivers/scsi/hpsa.c | 2 drivers/scsi/libsas/sas_expander.c | 3 drivers/scsi/qedf/qedf_debugfs.c | 2 drivers/scsi/qla2xxx/qla_dfs.c | 2 drivers/soc/mediatek/mtk-cmdq-helper.c | 5 drivers/soc/qcom/pmic_glink.c | 26 drivers/staging/media/atomisp/pci/sh_css.c | 1 drivers/staging/media/starfive/camss/stf-camss.c | 6 drivers/thermal/mediatek/lvts_thermal.c | 4 drivers/thermal/qcom/tsens.c | 2 drivers/thermal/thermal_core.c | 12 drivers/thermal/thermal_debugfs.c | 27 drivers/thermal/thermal_debugfs.h | 4 drivers/tty/n_gsm.c | 140 + drivers/tty/serial/8250/8250_bcm7271.c | 101 - drivers/tty/serial/8250/8250_mtk.c | 8 drivers/tty/serial/sc16is7xx.c | 23 drivers/ufs/core/ufs-mcq.c | 3 drivers/ufs/core/ufshcd.c | 6 drivers/ufs/host/cdns-pltfrm.c | 2 drivers/ufs/host/ufs-qcom.c | 7 drivers/ufs/host/ufs-qcom.h | 12 drivers/video/fbdev/Kconfig | 4 drivers/video/fbdev/core/Kconfig | 6 drivers/video/fbdev/sh_mobile_lcdcfb.c | 2 drivers/video/fbdev/sis/init301.c | 3 drivers/virt/acrn/mm.c | 61 fs/btrfs/ioctl.c | 33 fs/btrfs/qgroup.c | 21 fs/dlm/ast.c | 14 fs/dlm/dlm_internal.h | 1 fs/dlm/user.c | 15 fs/ecryptfs/keystore.c | 4 fs/eventpoll.c | 38 fs/exec.c | 11 fs/ext4/inode.c | 3 fs/ext4/mballoc.c | 1 fs/ext4/namei.c | 2 fs/gfs2/glock.c | 91 - fs/gfs2/glock.h | 1 fs/gfs2/glops.c | 3 fs/gfs2/incore.h | 1 fs/gfs2/lock_dlm.c | 32 fs/gfs2/ops_fstype.c | 1 fs/gfs2/super.c | 3 fs/gfs2/util.c | 1 fs/jffs2/xattr.c | 3 fs/libfs.c | 147 + fs/nfsd/nfsctl.c | 4 fs/nilfs2/ioctl.c | 2 fs/nilfs2/segment.c | 63 fs/ntfs3/dir.c | 1 fs/ntfs3/index.c | 6 fs/ntfs3/inode.c | 7 fs/ntfs3/record.c | 11 fs/ntfs3/super.c | 2 fs/openpromfs/inode.c | 8 fs/smb/server/mgmt/share_config.c | 6 fs/smb/server/oplock.c | 21 include/drm/display/drm_dp_helper.h | 6 include/drm/drm_displayid.h | 1 include/drm/drm_mipi_dsi.h | 6 include/linux/acpi.h | 6 include/linux/bitops.h | 1 include/linux/cpu.h | 11 include/linux/dev_printk.h | 25 include/linux/fb.h | 4 include/linux/fs.h | 8 include/linux/ieee80211.h | 2 include/linux/ksm.h | 13 include/linux/maple_tree.h | 7 include/linux/mlx5/driver.h | 1 include/linux/numa.h | 7 include/linux/overflow.h | 25 include/linux/printk.h | 2 include/linux/pwm.h | 7 include/linux/stmmac.h | 2 include/net/ax25.h | 3 include/net/bluetooth/bluetooth.h | 2 include/net/bluetooth/hci.h | 122 - include/net/bluetooth/hci_core.h | 53 include/net/bluetooth/l2cap.h | 11 include/net/mac80211.h | 3 include/net/tcp.h | 5 include/trace/events/asoc.h | 2 include/uapi/linux/bpf.h | 2 include/uapi/linux/virtio_bt.h | 1 io_uring/io-wq.c | 13 io_uring/io_uring.h | 2 io_uring/net.c | 22 io_uring/nop.c | 2 kernel/bpf/syscall.c | 5 kernel/bpf/verifier.c | 29 kernel/cgroup/cpuset.c | 2 kernel/cpu.c | 14 kernel/rcu/tasks.h | 2 kernel/rcu/tree_stall.h | 3 kernel/sched/core.c | 2 kernel/sched/fair.c | 53 kernel/sched/isolation.c | 7 kernel/sched/topology.c | 2 kernel/softirq.c | 12 kernel/trace/ftrace.c | 39 kernel/trace/ring_buffer.c | 9 kernel/trace/trace_events_user.c | 181 +- lib/fortify_kunit.c | 16 lib/kunit/device.c | 2 lib/kunit/test.c | 3 lib/kunit/try-catch.c | 9 lib/maple_tree.c | 93 + lib/overflow_kunit.c | 19 lib/slub_kunit.c | 2 lib/test_hmm.c | 8 mm/shmem.c | 7 mm/userfaultfd.c | 35 net/ax25/ax25_dev.c | 48 net/bluetooth/hci_conn.c | 35 net/bluetooth/hci_core.c | 144 - net/bluetooth/hci_event.c | 313 --- net/bluetooth/hci_sock.c | 9 net/bluetooth/hci_sync.c | 207 -- net/bluetooth/iso.c | 125 - net/bluetooth/l2cap_core.c | 77 net/bluetooth/l2cap_sock.c | 91 - net/bluetooth/mgmt.c | 84 net/bridge/br_device.c | 6 net/bridge/br_mst.c | 16 net/core/dev.c | 3 net/ipv4/tcp_ipv4.c | 13 net/ipv4/udp.c | 21 net/ipv6/reassembly.c | 2 net/ipv6/seg6.c | 5 net/ipv6/udp.c | 20 net/l2tp/l2tp_core.c | 44 net/mac80211/mlme.c | 3 net/mac80211/rate.c | 6 net/mac80211/scan.c | 17 net/mac80211/tx.c | 13 net/mptcp/protocol.c | 54 net/mptcp/protocol.h | 45 net/mptcp/sockopt.c | 129 + net/netrom/nr_route.c | 19 net/openvswitch/flow.c | 3 net/packet/af_packet.c | 3 net/qrtr/ns.c | 27 net/sunrpc/auth_gss/svcauth_gss.c | 10 net/sunrpc/stats.c | 2 net/sunrpc/svc.c | 2 net/unix/af_unix.c | 2 net/wireless/nl80211.c | 14 net/wireless/trace.h | 4 samples/landlock/sandboxer.c | 5 scripts/module.lds.S | 1 sound/core/init.c | 11 sound/hda/intel-dsp-config.c | 27 sound/pci/emu10k1/io.c | 1 sound/pci/hda/cs35l41_hda_property.c | 4 sound/pci/hda/cs35l56_hda.c | 4 sound/pci/hda/patch_realtek.c | 3 sound/soc/amd/yc/acp6x-mach.c | 7 sound/soc/codecs/cs35l41.c | 26 sound/soc/codecs/cs35l56.c | 13 sound/soc/codecs/da7219-aad.c | 6 sound/soc/codecs/rt5645.c | 25 sound/soc/codecs/rt715-sdca.c | 8 sound/soc/codecs/rt715-sdw.c | 1 sound/soc/codecs/rt722-sdca.c | 27 sound/soc/codecs/rt722-sdca.h | 3 sound/soc/intel/avs/boards/ssm4567.c | 1 sound/soc/intel/avs/cldma.c | 2 sound/soc/intel/avs/path.c | 1 sound/soc/intel/avs/pcm.c | 4 sound/soc/intel/avs/probes.c | 14 sound/soc/intel/boards/bxt_da7219_max98357a.c | 1 sound/soc/intel/boards/bxt_rt298.c | 1 sound/soc/intel/boards/bytcr_rt5640.c | 14 sound/soc/intel/boards/glk_rt5682_max98357a.c | 2 sound/soc/intel/boards/kbl_da7219_max98357a.c | 1 sound/soc/intel/boards/kbl_da7219_max98927.c | 4 sound/soc/intel/boards/kbl_rt5660.c | 1 sound/soc/intel/boards/kbl_rt5663_max98927.c | 2 sound/soc/intel/boards/kbl_rt5663_rt5514_max98927.c | 1 sound/soc/intel/boards/skl_hda_dsp_generic.c | 2 sound/soc/intel/boards/skl_nau88l25_max98357a.c | 1 sound/soc/intel/boards/skl_rt286.c | 1 sound/soc/kirkwood/kirkwood-dma.c | 3 sound/soc/mediatek/common/mtk-soundcard-driver.c | 6 sound/soc/sof/intel/hda-dai.c | 31 sound/soc/sof/intel/lnl.c | 3 sound/soc/sof/intel/lnl.h | 15 sound/soc/sof/intel/mtl.c | 42 sound/soc/sof/intel/mtl.h | 4 sound/soc/sof/ipc3-pcm.c | 1 sound/soc/sof/ipc4-pcm.c | 91 - sound/soc/sof/pcm.c | 13 sound/soc/sof/sof-audio.h | 2 tools/arch/x86/lib/x86-opcode-map.txt | 10 tools/bpf/bpftool/common.c | 96 - tools/bpf/bpftool/iter.c | 2 tools/bpf/bpftool/main.h | 3 tools/bpf/bpftool/prog.c | 5 tools/bpf/bpftool/skeleton/pid_iter.bpf.c | 4 tools/bpf/bpftool/struct_ops.c | 2 tools/include/nolibc/stdlib.h | 2 tools/include/uapi/linux/bpf.h | 2 tools/lib/bpf/libbpf.c | 9 tools/testing/selftests/bpf/cgroup_helpers.c | 3 tools/testing/selftests/bpf/network_helpers.c | 2 tools/testing/selftests/bpf/prog_tests/cgroup1_hierarchy.c | 7 tools/testing/selftests/bpf/prog_tests/xdp_do_redirect.c | 4 tools/testing/selftests/bpf/progs/bench_local_storage_create.c | 5 tools/testing/selftests/bpf/progs/local_storage.c | 20 tools/testing/selftests/bpf/progs/lsm_cgroup.c | 8 tools/testing/selftests/bpf/test_sockmap.c | 2 tools/testing/selftests/cgroup/cgroup_util.c | 8 tools/testing/selftests/cgroup/cgroup_util.h | 2 tools/testing/selftests/cgroup/test_core.c | 7 tools/testing/selftests/cgroup/test_cpu.c | 2 tools/testing/selftests/cgroup/test_cpuset.c | 2 tools/testing/selftests/cgroup/test_freezer.c | 2 tools/testing/selftests/cgroup/test_hugetlb_memcg.c | 2 tools/testing/selftests/cgroup/test_kill.c | 2 tools/testing/selftests/cgroup/test_kmem.c | 2 tools/testing/selftests/cgroup/test_memcontrol.c | 2 tools/testing/selftests/cgroup/test_zswap.c | 2 tools/testing/selftests/damon/_damon_sysfs.py | 2 tools/testing/selftests/filesystems/binderfs/Makefile | 2 tools/testing/selftests/ftrace/test.d/dynevent/add_remove_btfarg.tc | 2 tools/testing/selftests/kcmp/kcmp_test.c | 2 tools/testing/selftests/kvm/aarch64/vgic_init.c | 49 tools/testing/selftests/lib.mk | 12 tools/testing/selftests/net/amt.sh | 12 tools/testing/selftests/net/config | 1 tools/testing/selftests/net/forwarding/bridge_igmp.sh | 6 tools/testing/selftests/net/forwarding/bridge_mld.sh | 6 tools/testing/selftests/net/lib.sh | 6 tools/testing/selftests/resctrl/Makefile | 4 tools/testing/selftests/syscall_user_dispatch/sud_test.c | 14 tools/tracing/latency/latency-collector.c | 8 565 files changed, 5947 insertions(+), 3932 deletions(-) Aapo Vienamo (1): mtd: core: Report error if first mtd_otp_size() call fails in mtd_otp_nvmem_add() Abdelrahman Morsy (1): HID: mcp-2221: cancel delayed_work only when CONFIG_IIO is enabled Adam Guerin (2): crypto: qat - improve error message in adf_get_arbiter_mapping() crypto: qat - improve error logging to be consistent across features Adrian Hunter (2): x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map x86/insn: Add VEX versions of VPDPBUSD, VPDPBUSDS, VPDPWSSD and VPDPWSSDS Akiva Goldberger (2): net/mlx5: Add a timeout to acquire the command queue semaphore net/mlx5: Discard command completions in internal error Al Viro (1): parisc: add missing export of __cmpxchg_u8() Aleksandr Aprelkov (1): sunrpc: removed redundant procp check Aleksandr Burakov (1): media: ngene: Add dvb_ca_en50221_init return value check Aleksandr Mishin (6): crypto: bcm - Fix pointer arithmetic cppc_cpufreq: Fix possible null pointer dereference thermal/drivers/tsens: Fix null pointer dereference ASoC: kirkwood: Fix potential NULL dereference drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference drm: vc4: Fix possible null pointer dereference Alexander Aring (1): dlm: fix user space lock decision to copy lvb Alexander Lobakin (1): bitops: add missing prototype check Alexandre Mergnat (1): clk: mediatek: mt8365-mm: fix DPI0 parent Alexei Starovoitov (1): bpf: Fix verifier assumptions about socket->sk Aloka Dixit (1): wifi: ath12k: use correct flag field for 320 MHz channels Amadeusz Sławiński (1): ASoC: Intel: avs: Restore stream decoupling on prepare Andreas Gruenbacher (6): gfs2: Don't forget to complete delayed withdraw gfs2: Fix "ignore unlock failures after withdraw" gfs2: Remove ill-placed consistency check gfs2: Fix potential glock use-after-free on unmount gfs2: finish_xmote cleanup gfs2: do_xmote fixes Andrew Halaney (8): scsi: ufs: qcom: Perform read back after writing reset bit scsi: ufs: qcom: Perform read back after writing REG_UFS_SYS1CLK_1US scsi: ufs: qcom: Perform read back after writing unipro mode scsi: ufs: qcom: Perform read back after writing CGC enable scsi: ufs: cdns-pltfrm: Perform read back after writing HCLKDIV scsi: ufs: core: Perform read back after writing UTP_TASK_REQ_LIST_BASE_H scsi: ufs: core: Perform read back after disabling interrupts scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL Andrii Nakryiko (1): bpf: prevent r10 register from being marked as precise Andy Chi (1): ALSA: hda/realtek: fix mute/micmute LEDs don't work for ProBook 440/460 G11. Andy Shevchenko (1): ACPI: LPSS: Advertise number of chip selects via property AngeloGioacchino Del Regno (1): ASoC: mediatek: Assign dummy when codec not specified for a DAI link Anton Protopopov (1): bpf: Pack struct bpf_fib_lookup Ard Biesheuvel (3): arm64/fpsimd: Avoid erroneous elide of user state reload x86/boot/64: Clear most of CR4 in startup_64(), except PAE, MCE and LA57 x86/purgatory: Switch to the position-independent small code model Armin Wolf (6): ACPI: bus: Indicate support for _TFP thru _OSC ACPI: bus: Indicate support for more than 16 p-states thru _OSC ACPI: bus: Indicate support for the Generic Event Device thru _OSC ACPI: Fix Generic Initiator Affinity _OSC bit ACPI: bus: Indicate support for IRQ ResourceSource thru _OSC platform/x86: xiaomi-wmi: Fix race condition when reporting key events Arnd Bergmann (14): nilfs2: fix out-of-range warning crypto: ccp - drop platform ifdef checks enetc: avoid truncating error message qed: avoid truncating work queue length mlx5: avoid truncating error message mlx5: stop warning for 64KB pages wifi: carl9170: re-fix fortified-memset warning x86/microcode/AMD: Avoid -Wformat warning with clang-15 ACPI: disable -Wstringop-truncation drm/imagination: avoid -Woverflow warning fbdev: shmobile: fix snprintf truncation powerpc/fsl-soc: hide unused const variable fbdev: sisfb: hide unused variables media: rcar-vin: work around -Wenum-compare-conditional warning Ayala Beker (1): wifi: mac80211: don't select link ID if not provided in scan request Baochen Qiang (2): wifi: ath10k: poll service ready message before failing wifi: ath11k: don't force enable power save on non-running vdevs Bart Van Assche (1): scsi: ufs: core: mcq: Fix ufshcd_mcq_sqe_search() Basavaraj Natikar (1): HID: amd_sfh: Handle "no sensors" in PM operations Beau Belgrave (2): tracing/user_events: Prepare find/delete for same name events tracing/user_events: Fix non-spaced field matching Benjamin Berg (1): wifi: iwlwifi: mvm: fix active link counting during recovery Benjamin Marzinski (2): dm-delay: fix workqueue delay_timer race dm-delay: fix max_delay calculations Bibo Mao (1): LoongArch: Lately init pmu after smp is online Binbin Zhou (2): dt-bindings: thermal: loongson,ls2k-thermal: Add Loongson-2K0500 compatible dt-bindings: thermal: loongson,ls2k-thermal: Fix incorrect compatible definition Bjorn Andersson (1): soc: qcom: pmic_glink: Make client-lock non-sleeping Bob Pearson (3): RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt RDMA/rxe: Allow good work requests to be executed RDMA/rxe: Fix incorrect rxe_put in error path Brennan Xavier McManus (1): tools/nolibc/stdlib: fix memory error in realloc() Breno Leitao (1): af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg Brian Kubisiak (1): ecryptfs: Fix buffer size for tag 66 packet Bui Quang Minh (2): scsi: bfa: Ensure the copied buf is NUL terminated scsi: qedf: Ensure the copied buf is NUL terminated Catalin Popescu (1): clk: rs9: fix wrong default value for clock amplitude Cezary Rojewski (5): ASoC: Intel: Disable route checks for Skylake boards ASoC: Intel: avs: ssm4567: Do not ignore route checks ASoC: Intel: avs: Fix ASRC module initialization ASoC: Intel: avs: Fix potential integer overflow ASoC: Intel: avs: Test result of avs_get_module_entry() Chad Monroe (1): wifi: mt76: mt7996: fix size of txpower MCU command Changhuang Liang (1): staging: media: starfive: Remove links when unregistering devices Chen Ni (3): crypto: octeontx2 - add missing check for dma_map_single HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors dpll: fix return value check for kmemdup Cheng Yu (1): sched/core: Fix incorrect initialization of the 'burst' parameter in cpu_max_write() Chengchang Tang (5): RDMA/hns: Fix deadlock on SRQ async events. RDMA/hns: Fix UAF for cq async event RDMA/hns: Fix GMV table pagesize RDMA/hns: Use complete parentheses in macros RDMA/hns: Modify the print level of CQE error Chih-Kang Chang (1): wifi: rtw89: wow: refine WoWLAN flows of HCI interrupts and low power mode Chris Lew (1): net: qrtr: ns: Fix module refcnt Christian Hewitt (1): drm/meson: vclk: fix calculation of 59.94 fractional rates Christoph Hellwig (2): block: refine the EOF check in blkdev_iomap_begin virt: acrn: stop using follow_pfn Christoph Müllner (2): riscv: thead: Rename T-Head PBMT to MAE riscv: T-Head: Test availability bit before enabling MAE errata Christophe JAILLET (1): Bluetooth: Remove usage of the deprecated ida_simple_xx() API Chuck Lever (9): libfs: Re-arrange locking in offset_iterate_dir() libfs: Define a minimum directory offset libfs: Add simple_offset_empty() maple_tree: Add mtree_alloc_cyclic() libfs: Convert simple directory offsets to use a Maple Tree libfs: Fix simple_offset_rename_exchange() libfs: Add simple_offset_rename() API shmem: Fix shmem_rename2() SUNRPC: Fix gss_free_in_token_pages() Chun-Kuang Hu (1): soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE Clément Léger (1): selftests: sud_test: return correct emulated syscall value on RISC-V Dan Carpenter (6): speakup: Fix sizeof() vs ARRAY_SIZE() bug nvmet: prevent sprintf() overflow in nvmet_subsys_nsid_exists() wifi: mwl8k: initialize cmd->addr[] properly Bluetooth: qca: Fix error code in qca_read_fw_build_info() Bluetooth: ISO: Clean up returns values in iso_connect_ind() ext4: fix potential unnitialized variable Dan Nowlin (1): ice: Fix package download algorithm Daniel Golle (1): net: ethernet: mediatek: use ADMAv1 instead of ADMAv2.0 on MT7981 and MT7986 Daniel J Blueman (1): x86/tsc: Trust initial offset in architectural TSC-adjust MSRs Daniel Starke (2): tty: n_gsm: fix possible out-of-bounds in gsm0_receive() tty: n_gsm: fix missing receive state reset after mode switch Daniele Palmas (1): net: usb: qmi_wwan: add Telit FN920C04 compositions David Hildenbrand (3): mm/userfaultfd: Do not place zeropages when zeropages are disallowed s390/mm: Re-enable the shared zeropage for !PV and !skeys KVM guests drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map() Derek Fang (2): ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating ASoC: dt-bindings: rt5645: add cbj sleeve gpio property Derek Foreman (1): drm/etnaviv: fix tx clock gating on some GC7000 variants Detlev Casanova (1): drm/rockchip: vop2: Do not divide height twice for YUV Dmitry Baryshkov (9): soc: qcom: pmic_glink: don't traverse clients list without a lock soc: qcom: pmic_glink: notify clients about the current state wifi: ath10k: populate board data for WCN3990 drm/msm/dp: allow voltage swing / pre emphasis of 3 drm/mipi-dsi: use correct return type for the DSC functions clk: qcom: dispcc-sm8450: fix DisplayPort clocks clk: qcom: dispcc-sm6350: fix DisplayPort clocks clk: qcom: dispcc-sm8550: fix DisplayPort clocks clk: qcom: dispcc-sm8650: fix DisplayPort clocks Dmitry Torokhov (1): Input: try trimming too long modalias strings Doug Berger (1): serial: 8250_bcm7271: use default_mux_rate if possible Douglas Anderson (4): drm/dp: Don't attempt AUX transfers when eDP panels are not powered drm/panel: atna33xc20: Fix unbalanced regulator in the case HPD doesn't assert drm/mediatek: Init `ddp_comp` with devm_kcalloc() drm/msm/dp: Avoid a long timeout for AUX transfer if nothing connected Duanqiang Wen (2): Revert "net: txgbe: fix i2c dev name cannot match clkdev" Revert "net: txgbe: fix clk_name exceed MAX_DEV_ID limits" Duoming Zhou (5): wifi: brcmfmac: pcie: handle randbuf allocation failure ax25: Use kernel universal linked list to implement ax25_dev_list ax25: Fix reference count leak issues of ax25_dev ax25: Fix reference count leak issue of net_device lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure Edward Liaw (1): selftests/kcmp: remove unused open mode Eric Biggers (5): KEYS: asymmetric: Add missing dependency on CRYPTO_SIG KEYS: asymmetric: Add missing dependencies of FIPS_SIGNATURE_SELFTEST crypto: x86/nh-avx2 - add missing vzeroupper crypto: x86/sha256-avx2 - add missing vzeroupper crypto: x86/sha512-avx2 - add missing vzeroupper Eric Dumazet (7): tcp: avoid premature drops in tcp_add_backlog() net: give more chances to rcu in netdev_wait_allrefs_any() usb: aqc111: stop lying about skb->truesize net: usb: sr9700: stop lying about skb->truesize net: usb: smsc95xx: stop lying about skb->truesize netrom: fix possible dead-lock in nr_rt_ioctl() af_packet: do not call packet_read_pending() from tpacket_destruct_skb() Eric Sandeen (1): openpromfs: finish conversion to the new mount API Fabio Estevam (1): media: dt-bindings: ovti,ov2680: Fix the power supply names Felix Fietkau (2): wifi: mt76: mt7603: fix tx queue of loopback packets wifi: mt76: mt7603: add wpdma tx eof flag for PSE client reset Felix Kuehling (1): drm/amdgpu: Update BO eviction priorities Finn Thain (2): macintosh/via-macii: Fix "BUG: sleeping function called from invalid context" m68k: mac: Fix reboot hang on Mac IIci Gabor Juhos (2): clk: qcom: clk-alpha-pll: remove invalid Stromer register offset clk: qcom: apss-ipq-pll: fix PLL rate for IPQ5018 Gabriel Krisman Bertazi (2): io-wq: write next_work before dropping acct_lock udp: Avoid call to compute_score on multiple sites Geert Uytterhoeven (4): sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe() printk: Let no_printk() use _printk() dev_printk: Add and use dev_no_printk() clk: renesas: r8a779a0: Fix CANFD parent clock Geliang Tang (2): selftests/bpf: Fix umount cgroup2 error in test_sockmap selftests/bpf: Fix a fd leak in error paths in open_netns George Stark (2): pwm: meson: Add check for error from clk_round_rate() pwm: meson: Use mul_u64_u64_div_u64() for frequency calculating Giovanni Cabiddu (1): crypto: qat - specify firmware files for 402xx Greg Kroah-Hartman (1): Linux 6.8.12 Guenter Roeck (2): mm/slub, kunit: Use inverted data to corrupt kmem cache Revert "sh: Handle calling csum_partial with misaligned data" Guixiong Wei (1): x86/boot: Ignore relocations in .notes sections in walk_relocs() too Gustavo A. R. Silva (1): Bluetooth: hci_conn, hci_sync: Use __counted_by() to avoid -Wfamnae warnings Hangbin Liu (4): ipv6: sr: add missing seg6_local_exit ipv6: sr: fix incorrect unregister order ipv6: sr: fix invalid unregister error path selftests/net/lib: no need to record ns name if it already exist Hannes Reinecke (1): nvme-tcp: strict pdu pacing to avoid send stalls on TLS Hans de Goede (1): ASoC: Intel: bytcr_rt5640: Apply Asus T100TA quirk to Asus T100TAM too Hao Chen (1): drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() Hechao Li (1): tcp: increase the default TCP scaling ratio Heiko Stuebner (2): drm/panel: ltk050h3146w: add MIPI_DSI_MODE_VIDEO to LTK050H3148W flags drm/panel: ltk050h3146w: drop duplicate commands from LTK050H3148W init Heiner Kallweit (1): Revert "r8169: don't try to disable interrupts if NAPI is, scheduled already" Herve Codina (1): net: lan966x: remove debugfs directory in probe() error path Himanshu Madhani (1): scsi: qla2xxx: Fix debugfs output for fw_resource_count Horatiu Vultur (1): net: micrel: Fix receiving the timestamp in the frame for lan8841 Howard Hsu (1): wifi: mt76: mt7996: fix potential memory leakage when reading chip temperature Hsin-Te Yuan (2): thermal/drivers/mediatek/lvts_thermal: Add coeff for mt8192 drm/bridge: anx7625: Update audio status while detecting Huai-Yuan Liu (1): drm/arm/malidp: fix a possible null pointer dereference Hugo Villeneuve (1): serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler INAGAKI Hiroshi (1): block: fix and simplify blkdevparts= cmdline parsing Igor Artemiev (1): wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class Ilan Peer (1): wifi: iwlwifi: mvm: Do not warn on invalid link on scan complete Ilya Denisyev (1): jffs2: prevent xattr node from overflowing the eraseblock Ilya Leoshkevich (1): s390/bpf: Emit a barrier for BPF_FETCH instructions Ilya Maximets (1): net: openvswitch: fix overwriting ct original tuple for ICMPv6 Iulia Tanasescu (2): Bluetooth: ISO: Add hcon for listening bis sk Bluetooth: ISO: Make iso_get_sock_listen generic Ivanov Mikhail (1): samples/landlock: Fix incorrect free in populate_ruleset_net Jack Xiao (1): drm/amdgpu/mes: fix use-after-free issue Jack Yu (4): ASoC: rt722-sdca: modify channel number to support 4 channels ASoC: rt722-sdca: add headset microphone vrefo setting ASoC: rt715: add vendor clear control register ASoC: rt715-sdca: volume step modification Jaewon Kim (1): clk: samsung: exynosautov9: fix wrong pll clock id value Jagan Teki (1): drm/bridge: Fix improper bridge init order with pre_enable_prev_first Jakub Kicinski (3): eth: sungem: remove .ndo_poll_controller to avoid deadlocks selftests: net: add missing config for amt.sh selftests: net: move amt to socat for better compatibility Jan Kara (1): ext4: avoid excessive credit estimate in ext4_tmpfile() Jason Gunthorpe (1): IB/mlx5: Use __iowrite64_copy() for write combining stores Jens Axboe (3): io_uring: use the right type for work_llist empty check io_uring/net: remove dependency on REQ_F_PARTIAL_IO for sr->done_io io_uring/net: ensure async prep handlers always initialize ->done_io Jiawen Wu (7): net: wangxun: fix to change Rx features net: wangxun: match VLAN CTAG and STAG features net: txgbe: move interrupt codes to a separate file net: txgbe: use irq_domain for interrupt controller net: txgbe: fix to control VLAN strip net: txgbe: fix to clear interrupt status after handling IRQ net: txgbe: fix GPIO interrupt blocking Jim Liu (1): gpio: nuvoton: Fix sgpio irq handle error Jinjiang Tu (1): mm/ksm: fix ksm exec support for prctl Jinjie Ruan (1): arm64: Remove unnecessary irqflags alternative.h include Jiri Olsa (1): libbpf: Fix error message in attach_kprobe_multi Joel Colledge (1): dm-delay: fix hung task introduced by kthread mode Johannes Berg (7): wifi: mac80211: don't use rate mask for scanning wifi: ieee80211: fix ieee80211_mle_basic_sta_prof_size_ok() wifi: iwlwifi: mvm: allocate STA links only for active links wifi: iwlwifi: mvm: select STA mask only for active links wifi: iwlwifi: reconfigure TLC during HW restart wifi: iwlwifi: mvm: fix check in iwl_mvm_sta_fw_id_mask wifi: iwlwifi: mvm: init vif works only once John Hubbard (2): selftests/binderfs: use the Makefile's rules, not Make's implicit rules selftests/resctrl: fix clang build failure: use LOCAL_HDRS Josef Bacik (2): sunrpc: use the struct net as the svc proc private btrfs: take the cleaner_mutex earlier in qgroup disable Joshua Ashton (1): drm/amd/display: Set color_mgmt_changed to true on unsuspend Juergen Gross (3): x86/pat: Introduce lookup_address_in_pgd_attr() x86/pat: Restructure _lookup_address_cpa() x86/pat: Fix W^X violation false-positives when running as Xen PV guest Junhao He (2): drivers/perf: hisi_pcie: Fix out-of-bound access when valid event group drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group Justin Green (1): drm/mediatek: Add 0 size check to mtk_drm_gem_obj Karthikeyan Kathirvel (1): wifi: ath12k: fix out-of-bound access of qmi_invoke_handler() Kees Cook (4): kunit/fortify: Fix mismatched kvalloc()/vfree() usage lkdtm: Disable CFI checking for perms functions wifi: nl80211: Avoid address calculations via out of bounds array indexing overflow: Change DEFINE_FLEX to take __counted_by member Ken Milmore (1): r8169: Fix possible ring buffer corruption on fragmented Tx packets. Konstantin Komarov (4): fs/ntfs3: Remove max link count info display during driver init fs/ntfs3: Taking DOS names into account during link counting fs/ntfs3: Fix case when index is reused during tree transformation fs/ntfs3: Break dir enumeration if directory contents error Konstantin Taranov (3): RDMA/mana_ib: Introduce helpers to create and destroy mana queues RDMA/mana_ib: Use struct mana_ib_queue for CQs RDMA/mana_ib: boundary check before installing cq callbacks Krzysztof Kozlowski (3): regulator: qcom-refgen: fix module autoloading regulator: vqmmc-ipq4019: fix module autoloading firmware: qcom: qcm: fix unused qcom_scm_qseecom_allowlist Lad Prabhakar (1): clk: renesas: r9a07g043: Add clock and reset entry for PLIC Lancelot SIX (1): drm/amdkfd: Flush the process wq before creating a kfd_process Laurent Pinchart (2): firmware: raspberrypi: Use correct device for DMA mappings media: v4l2-subdev: Fix stream handling for crop API Leo Ma (1): drm/amd/display: Fix DC mode screen flickering on DCN321 Leon Romanovsky (1): RDMA/IPoIB: Fix format truncation compilation errors Lijo Lazar (1): drm/amd/pm: Restore config space after reset Linus Torvalds (2): x86/mm: Remove broken vsyscall emulation code from the page fault code epoll: be better about file lifetimes Linus Walleij (1): net: ethernet: cortina: Locking fixes Lorenzo Bianconi (3): wifi: mt76: mt7915: workaround too long expansion sparse warnings wifi: mt76: mt7996: fix uninitialized variable in mt7996_irq_tasklet() net: ethernet: mediatek: split tx and rx fields in mtk_soc_data struct Lucas Segarra Fernandez (1): crypto: qat - validate slices count returned by FW Luiz Augusto von Dentz (2): Bluetooth: HCI: Remove HCI_AMP support Bluetooth: hci_core: Fix not handling hdev->le_num_of_adv_sets=1 Lukas Bulwahn (1): Bluetooth: hci_event: Remove code to removed CONFIG_BT_HS Lyude Paul (1): drm/nouveau/dp: Fix incorrect return code in r535_dp_aux_xfer() Maciej Fijalkowski (2): ice: make ice_vsi_cfg_rxq() static ice: make ice_vsi_cfg_txq() static Maher Sanalla (1): net/mlx5: Reload only IB representors upon lag disable/enable Marc Gonzalez (1): clk: qcom: mmcc-msm8998: fix venus clock issue Marek Vasut (5): hwrng: stm32 - use logical OR in conditional hwrng: stm32 - put IP into RPM suspend on failure hwrng: stm32 - repair clock handling drm/lcdif: Do not disable clocks on already suspended hardware drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector Masami Hiramatsu (Google) (1): selftests/ftrace: Fix BTFARG testcase to check fprobe is enabled correctly Matthias Schiffer (2): net: dsa: mv88e6xxx: Add support for model-specific pre- and post-reset handlers net: dsa: mv88e6xxx: Avoid EEPROM timeout without EEPROM on 88E6250-family switches Matthieu Baerts (NGI0) (2): mptcp: SO_KEEPALIVE: fix getsockopt support mptcp: fix full TCP keep-alive support Matti Vaittinen (1): regulator: irq_helpers: duplicate IRQ name Maurizio Lombardi (2): nvmet-auth: return the error code to the nvmet_auth_host_hash() callers nvmet-auth: replace pr_debug() with pr_err() to report an error. Maxim Korotkov (1): mtd: rawnand: hynix: fixed typo Maxime Ripard (1): ARM: configs: sunxi: Enable DRM_DW_HDMI Meenakshikumar Somasundaram (1): drm/amd/display: Allocate zero bw after bw alloc enable Michael Schmitz (1): m68k: Fix spinlock race in kernel thread creation Michal Schmidt (3): selftests/bpf: Fix pointer arithmetic in test_xdp_do_redirect bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq idpf: don't skip over ethtool tcp-data-split setting Mickaël Salaün (1): kunit: Fix kthread reference Ming Lei (1): io_uring: fail NOP if non-zero op flags is passed in Ming Yen Hsieh (1): wifi: mt76: mt7925: ensure 4-byte alignment for suspend & wow command Miquel Raynal (1): dmaengine: xilinx: xdma: Clarify kdoc in XDMA driver Miri Korenblit (1): wifi: iwlwifi: implement can_activate_links callback Mukesh Ojha (1): firmware: qcom: scm: Fix __scm and waitq completion variable initialization Mukul Joshi (2): drm/amdkfd: Add VRAM accounting for SVM migration drm/amdgpu: Fix VRAM memory accounting Namjae Jeon (1): ksmbd: avoid to send duplicate oplock break notifications Nandor Kracser (1): ksmbd: ignore trailing slashes in share paths Nathan Chancellor (2): clk: qcom: Fix SC_CAMCC_8280XP dependencies clk: qcom: Fix SM_GPUCC_8650 dependencies NeilBrown (1): nfsd: don't create nfsv4recoverydir in nfsdfs when not used. Nikita Kiryushin (2): rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow rcu: Fix buffer overflow in print_cpu_stall_info() Nikita Zhandarovich (2): wifi: carl9170: add a proper sanity check for endpoints wifi: ar5523: enable proper endpoint verification Nikolay Aleksandrov (3): net: bridge: xmit: make sure we have at least eth header len bytes selftests: net: bridge: increase IGMP/MLD exclude timeout membership interval net: bridge: mst: fix vlan use-after-free Nilay Shroff (2): nvme: find numa distance only if controller has valid numa id nvme: cancel pending I/O if nvme controller is in terminal state Nuno Pereira (1): HID: nintendo: Fix N64 controller being identified as mouse Nícolas F. R. A. Prado (9): drm/bridge: anx7625: Don't log an error when DSI host can't be found drm/bridge: icn6211: Don't log an error when DSI host can't be found drm/bridge: lt8912b: Don't log an error when DSI host can't be found drm/bridge: lt9611: Don't log an error when DSI host can't be found drm/bridge: lt9611uxc: Don't log an error when DSI host can't be found drm/bridge: tc358775: Don't log an error when DSI host can't be found drm/bridge: dpc3433: Don't log an error when DSI host can't be found drm/panel: novatek-nt35950: Don't log an error when DSI host can't be found clk: mediatek: pllfh: Don't log error for missing fhctl node Oleg Nesterov (1): sched/isolation: Fix boot crash when maxcpus < first housekeeping CPU Oliver Upton (1): KVM: selftests: Add test for uaccesses to non-existent vgic-v2 CPUIF Or Har-Toov (3): RDMA/mlx5: Uncacheable mkey has neither rb_key or cache_ent RDMA/mlx5: Change check for cacheable mkeys RDMA/mlx5: Adding remote atomic access flag to updatable flags Oswald Buddenhagen (1): ALSA: emu10k1: make E-MU FPGA writes potentially more reliable Paolo Abeni (4): mptcp: cleanup writer wake-up mptcp: avoid some duplicate code in socket option handling mptcp: implement TCP_NOTSENT_LOWAT support mptcp: cleanup SOL_TCP handling Pavel Begunkov (1): io_uring/net: fix sendzc lazy wake polling Peter Colberg (1): fpga: dfl-pci: add PCI subdevice ID for Intel D5005 card Peter Oberparleiter (1): s390/cio: fix tracepoint subchannel type field Peter Ujfalusi (7): ASoC: SOF: ipc4-pcm: Use consistent name for snd_sof_pcm_stream pointer ASoC: SOF: ipc4-pcm: Use consistent name for sof_ipc4_timestamp_info pointer ASoC: SOF: ipc4-pcm: Introduce generic sof_ipc4_pcm_stream_priv ASoC: SOF: Intel: mtl: Correct rom_status_reg ASoC: SOF: Intel: lnl: Correct rom_status_reg ASoC: SOF: Intel: mtl: Disable interrupts when firmware boot failed ASoC: SOF: Intel: mtl: Implement firmware boot state check Petr Pavlu (1): ring-buffer: Fix a race between readers and resize checks Pierre-Louis Bossart (4): ASoC: da7219-aad: fix usage of device_get_named_child_node() ASoC: cs35l56: fix usages of device_get_named_child_node() ALSA: hda: intel-dsp-config: harden I2C/I2S codec detection ASoC: SOF: Intel: hda-dai: fix channel map configuration for aggregated dailink Pin-yen Lin (1): serial: 8520_mtk: Set RTS on shutdown for Rx in-band wakeup Portia Stephens (1): cpufreq: brcmstb-avs-cpufreq: ISO C90 forbids mixed declarations Pratyush Yadav (1): media: cadence: csi2rx: configure DPHY before starting source stream Prike Liang (1): drm/amdgpu: Fix the ring buffer size for queue VM flush Puranjay Mohan (2): bpf, x86: Fix PROBE_MEM runtime load check riscv, bpf: make some atomic operations fully ordered Qiuxu Zhuo (1): EDAC/skx_common: Allow decoding of SGX addresses Quentin Monnet (1): libbpf: Prevent null-pointer dereference when prog to load has no BTF Rafael J. Wysocki (3): thermal/debugfs: Avoid excessive updates of trip point statistics thermal/debugfs: Create records for cdev states as they get used thermal/debugfs: Pass cooling device state to thermal_debug_cdev_add() Randy Dunlap (1): fbdev: sh7760fb: allow modular build Ranjani Sridharan (1): ASoC: SOF: pcm: Restrict DSP D0i3 during S0ix to IPC3 Ricardo Ribalda (2): media: radio-shark2: Avoid led_names truncations media: uvcvideo: Add quirk for Logitech Rally Bar Richard Fitzgerald (1): ALSA: hda: cs35l56: Exit cache-only after cs35l56_wait_for_firmware_boot() Richard Kinder (1): wifi: mac80211: ensure beacon is non-S1G prior to extracting the beacon timestamp field Rob Herring (1): dt-bindings: rockchip: grf: Add missing type to 'pcie-phy' node Robert Richter (1): x86/numa: Fix SRAT lookup of CFMWS ranges with numa_fill_memblks() Rodrigo Siqueira (2): drm/amd/display: Ensure that dmcub support flag is set for DCN20 drm/amd/display: Add VCO speed parameter for DCN31 FPU Rohan G Thomas (3): net: stmmac: Offload queueMaxSDU from tc-taprio net: stmmac: est: Per Tx-queue error count for HLBF net: stmmac: Report taprio offload status Romain Gantois (1): net: ti: icssg_prueth: Fix NULL pointer dereference in prueth_probe() Ryusuke Konishi (3): nilfs2: fix use-after-free of timer for log writer thread nilfs2: fix unexpected freezing of nilfs_segctor_sync() nilfs2: fix potential hang in nilfs_detach_log_writer() Sagi Grimberg (2): nvmet-tcp: fix possible memory leak when tearing down a controller nvmet: fix nvme status code when namespace is disabled Sahil Siddiq (1): bpftool: Mount bpffs on provided dir instead of parent dir Sakari Ailus (1): media: ipu3-cio2: Request IRQ earlier Scott Mayhew (1): kunit: bail out early in __kunit_test_suites_init() if there are no suites to test Sean Christopherson (1): cpu: Ignore "mitigations" kernel parameter if CPU_MITIGATIONS=n Sebastian Urban (1): Bluetooth: compute LE flow credits based on recvbuf space SeongJae Park (1): selftests/damon/_damon_sysfs: check errors from nr_schemes file reads Sergey Shtylyov (1): of: module: add buffer overflow check in of_modalias() Shay Drory (1): net/mlx5: Fix peer devlink set for SF representor devlink port Shrikanth Hegde (1): sched/fair: Add EAS checks before updating root_domain::overutilized Shuah Khan (1): tools/latency-collector: Fix -Wformat-security compile warns Shubhrajyoti Datta (1): EDAC/versal: Do not register for NOC errors Souradeep Chakrabarti (1): net: mana: Fix the extra HZ in mana_hwc_send_request Srinivas Pandruvada (1): platform/x86: ISST: Add Grand Ridge to HPM CPU list Srinivasan Shanmugam (2): drm/amd/display: Fix potential index out of bounds in color transformation function drm/amd/display: Remove redundant condition in dcn35_calc_blocks_to_gate() Stafford Horne (1): openrisc: traps: Don't send signals to kernel mode threads Stanislav Fomichev (1): bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE Stefan Binding (2): ASoC: cs35l41: Update DSP1RX5/6 Sources for DSP config ALSA: hda: cs35l41: Remove Speaker ID for Lenovo Legion slim 7 16ARHA7 Steven Rostedt (1): ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value Su Hui (1): wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() Sung Joon Kim (1): drm/amd/display: Disable seamless boot on 128b/132b encoding Swapnil Patel (1): drm/amd/display: Add dtbclk access to dcn315 Takashi Iwai (2): ALSA: core: Fix NULL module pointer assignment at card init ALSA: Fix deadlocks with kctl removals at disconnection Thorsten Blum (1): net: smc91x: Fix m68k kernel compilation for ColdFire CPU Tianchen Ding (1): selftests: cgroup: skip test_cgcore_lesser_ns_open when cgroup2 mounted without nsdelegate Tom Parkin (1): l2tp: fix ICMP error handling for UDP-encap sockets Tony Lindgren (2): drm/omapdrm: Fix console by implementing fb_dirty drm/omapdrm: Fix console with deferred ops Uros Bizjak (1): locking/atomic/x86: Correct the definition of __arch_try_cmpxchg128() Uwe Kleine-König (12): Input: amimouse - mark driver struct with __refdata to prevent section mismatch pwm: sti: Prepare removing pwm_chip from driver data pwm: sti: Simplify probe function using devm functions pwm: Drop useless member .of_pwm_n_cells of struct pwm_chip pwm: Let the of_xlate callbacks accept references without period pwm: Drop duplicate check against chip->npwm in of_pwm_xlate_with_flags() pwm: Reorder symbols in core.c pwm: Provide an inline function to get the parent device of a given chip pwm: meson: Change prototype of a few helpers to prepare further changes pwm: meson: Make use of pwmchip_parent() accessor media: i2c: et8ek8: Don't strip remove function when driver is builtin pwm: Fix setting period with #pwm-cells = <1> and of_pwm_single_xlate() Vadim Fedorenko (1): ptp: ocp: fix DPLL functions Valentin Obst (1): selftests: default to host arch for LLVM builds Vicki Pfau (1): Input: xpad - add support for ASUS ROG RAIKIRI Vignesh Raman (1): drm/ci: update device type for volteer devices Viktor Malik (1): selftests/bpf: Run cgroup1_hierarchy test in own mount namespace Ville Syrjälä (1): drm/edid: Parse topology block for all DispID structure v1.x Viresh Kumar (1): cpufreq: exit() callback is optional Vitalii Bursov (1): sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level Wander Lairson Costa (1): kunit: unregister the device on error Wang Yao (1): modules: Drop the .export_symbol section from the final modules Wei Fang (1): net: fec: remove .ndo_poll_controller to avoid deadlocks Will Deacon (2): Revert "arm64: fpsimd: Implement lazy restore for kernel mode FPSIMD" Reapply "arm64: fpsimd: Implement lazy restore for kernel mode FPSIMD" Xiaolei Wang (1): net: stmmac: move the EST lock to struct stmmac_priv Xingui Yang (1): scsi: libsas: Fix the failure of adding phy with zero-address to port Yi Liu (1): iommu: Undo pasid attachment only for the devices that have succeeded Yonghong Song (1): bpftool: Fix missing pids during link show Yu Kuai (2): md: fix resync softlockup when bitmap size is less than array size block: support to account io_ticks precisely Yuri Karpov (1): scsi: hpsa: Fix allocation size for Scsi_Host private data Zenghui Yu (2): irqchip/alpine-msi: Fix off-by-one in allocation error path irqchip/loongson-pch-msi: Fix off-by-one on allocation error path Zhang Yi (1): ext4: remove the redundant folio_wait_stable() Zheng Yejian (1): ftrace: Fix possible use-after-free issue in ftrace_location() Zhengchao Shao (1): RDMA/hns: Fix return value in hns_roce_map_mr_sg Zhipeng Lu (1): media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries Zhu Yanjun (2): null_blk: Fix missing mutex_destroy() at module removal RDMA/cma: Fix kmemleak in rdma_core observed during blktests nvme/rdma use siw Zqiang (1): softirq: Fix suspicious RCU usage in __do_softirq() end.to.start (1): ASoC: acp: Support microphone from device Acer 315-24p gaoxingwang (1): net: ipv6: fix wrong start position when receive hop-by-hop fragment

1 year, 3 months

1
1
0 0

Linux 6.9.3

by Greg Kroah-Hartman

I'm announcing the release of the 6.9.3 kernel. All users of the 6.9 kernel series must upgrade. The updated 6.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.9.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/iio/adc/adi,axi-adc.yaml | 5 Documentation/devicetree/bindings/media/i2c/ovti,ov2680.yaml | 18 Documentation/devicetree/bindings/thermal/loongson,ls2k-thermal.yaml | 24 - Makefile | 2 arch/arm/configs/sunxi_defconfig | 1 arch/arm64/include/asm/irqflags.h | 1 arch/arm64/kernel/fpsimd.c | 44 - arch/m68k/Kconfig | 2 arch/m68k/kernel/entry.S | 4 arch/m68k/mac/misc.c | 36 - arch/openrisc/kernel/process.c | 8 arch/openrisc/kernel/traps.c | 48 +- arch/parisc/kernel/parisc_ksyms.c | 1 arch/powerpc/sysdev/fsl_msi.c | 2 arch/riscv/include/asm/csr.h | 2 arch/riscv/net/bpf_jit_comp64.c | 20 arch/s390/include/asm/gmap.h | 2 arch/s390/include/asm/mmu.h | 5 arch/s390/include/asm/mmu_context.h | 1 arch/s390/include/asm/pgtable.h | 16 arch/s390/kernel/vmlinux.lds.S | 2 arch/s390/kvm/kvm-s390.c | 4 arch/s390/mm/gmap.c | 165 +++++- arch/s390/net/bpf_jit_comp.c | 8 arch/sh/kernel/kprobes.c | 7 arch/sh/lib/checksum.S | 67 -- arch/x86/Kconfig | 2 arch/x86/boot/compressed/head_64.S | 5 arch/x86/crypto/nh-avx2-x86_64.S | 1 arch/x86/crypto/sha256-avx2-asm.S | 1 arch/x86/crypto/sha512-avx2-asm.S | 1 arch/x86/include/asm/cmpxchg_64.h | 2 arch/x86/include/asm/pgtable_types.h | 2 arch/x86/include/asm/sparsemem.h | 2 arch/x86/kernel/cpu/microcode/amd.c | 2 arch/x86/kernel/tsc_sync.c | 6 arch/x86/lib/x86-opcode-map.txt | 10 arch/x86/mm/numa.c | 4 arch/x86/mm/pat/set_memory.c | 68 ++ arch/x86/purgatory/Makefile | 3 arch/x86/tools/relocs.c | 9 block/blk-core.c | 9 block/blk-merge.c | 2 block/blk-mq.c | 4 block/blk.h | 1 block/fops.c | 2 block/genhd.c | 2 block/partitions/cmdline.c | 49 -- crypto/asymmetric_keys/Kconfig | 3 drivers/accessibility/speakup/main.c | 2 drivers/acpi/acpi_lpss.c | 1 drivers/acpi/acpica/Makefile | 1 drivers/acpi/bus.c | 5 drivers/acpi/numa/srat.c | 5 drivers/block/null_blk/main.c | 2 drivers/bluetooth/btmrvl_main.c | 9 drivers/bluetooth/btqca.c | 4 drivers/bluetooth/btrsi.c | 1 drivers/bluetooth/btsdio.c | 8 drivers/bluetooth/btusb.c | 5 drivers/bluetooth/hci_bcm4377.c | 1 drivers/bluetooth/hci_ldisc.c | 6 drivers/bluetooth/hci_serdev.c | 5 drivers/bluetooth/hci_uart.h | 1 drivers/bluetooth/hci_vhci.c | 10 drivers/bluetooth/virtio_bt.c | 2 drivers/char/hw_random/stm32-rng.c | 18 drivers/clk/clk-renesas-pcie.c | 10 drivers/clk/mediatek/clk-mt8365-mm.c | 2 drivers/clk/mediatek/clk-pllfh.c | 2 drivers/clk/qcom/Kconfig | 2 drivers/clk/qcom/apss-ipq-pll.c | 3 drivers/clk/qcom/clk-alpha-pll.c | 1 drivers/clk/qcom/dispcc-sm6350.c | 11 drivers/clk/qcom/dispcc-sm8450.c | 20 drivers/clk/qcom/dispcc-sm8550.c | 20 drivers/clk/qcom/dispcc-sm8650.c | 20 drivers/clk/qcom/mmcc-msm8998.c | 8 drivers/clk/renesas/r8a779a0-cpg-mssr.c | 2 drivers/clk/renesas/r9a07g043-cpg.c | 9 drivers/clk/samsung/clk-exynosautov9.c | 8 drivers/clk/samsung/clk-gs101.c | 225 +++++---- drivers/clk/samsung/clk.h | 11 drivers/cpufreq/brcmstb-avs-cpufreq.c | 5 drivers/cpufreq/cppc_cpufreq.c | 14 drivers/cpufreq/cpufreq.c | 11 drivers/crypto/bcm/spu2.c | 2 drivers/crypto/ccp/sp-platform.c | 14 drivers/crypto/intel/qat/qat_420xx/adf_420xx_hw_data.c | 2 drivers/crypto/intel/qat/qat_4xxx/adf_4xxx_hw_data.c | 2 drivers/crypto/intel/qat/qat_4xxx/adf_drv.c | 2 drivers/crypto/intel/qat/qat_common/adf_gen4_tl.c | 1 drivers/crypto/intel/qat/qat_common/adf_rl.c | 2 drivers/crypto/intel/qat/qat_common/adf_telemetry.c | 21 drivers/crypto/intel/qat/qat_common/adf_telemetry.h | 1 drivers/crypto/marvell/octeontx2/cn10k_cpt.c | 4 drivers/dax/bus.c | 66 -- drivers/dpll/dpll_core.c | 2 drivers/edac/skx_common.c | 2 drivers/firmware/qcom/qcom_scm.c | 12 drivers/firmware/raspberrypi.c | 7 drivers/gpio/gpio-npcm-sgpio.c | 10 drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c | 5 drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 3 drivers/gpu/drm/arm/malidp_mw.c | 5 drivers/gpu/drm/bridge/analogix/anx7625.c | 15 drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c | 3 drivers/gpu/drm/bridge/chipone-icn6211.c | 6 drivers/gpu/drm/bridge/lontium-lt8912b.c | 6 drivers/gpu/drm/bridge/lontium-lt9611.c | 6 drivers/gpu/drm/bridge/lontium-lt9611uxc.c | 6 drivers/gpu/drm/bridge/tc358775.c | 6 drivers/gpu/drm/bridge/ti-dlpc3433.c | 17 drivers/gpu/drm/ci/test.yml | 6 drivers/gpu/drm/drm_bridge.c | 10 drivers/gpu/drm/drm_edid.c | 2 drivers/gpu/drm/drm_mipi_dsi.c | 6 drivers/gpu/drm/imagination/pvr_vm_mips.c | 4 drivers/gpu/drm/mediatek/mtk_drm_crtc.c | 8 drivers/gpu/drm/mediatek/mtk_drm_gem.c | 3 drivers/gpu/drm/meson/meson_vclk.c | 6 drivers/gpu/drm/msm/dp/dp_aux.c | 25 - drivers/gpu/drm/msm/dp/dp_aux.h | 1 drivers/gpu/drm/msm/dp/dp_catalog.c | 7 drivers/gpu/drm/msm/dp/dp_catalog.h | 3 drivers/gpu/drm/msm/dp/dp_ctrl.c | 6 drivers/gpu/drm/msm/dp/dp_display.c | 4 drivers/gpu/drm/msm/dp/dp_link.c | 22 drivers/gpu/drm/msm/dp/dp_link.h | 14 drivers/gpu/drm/mxsfb/lcdif_drv.c | 6 drivers/gpu/drm/nouveau/nvkm/engine/disp/r535.c | 2 drivers/gpu/drm/omapdrm/Kconfig | 2 drivers/gpu/drm/omapdrm/omap_fbdev.c | 40 + drivers/gpu/drm/panel/panel-edp.c | 9 drivers/gpu/drm/panel/panel-leadtek-ltk050h3146w.c | 5 drivers/gpu/drm/panel/panel-novatek-nt35950.c | 6 drivers/gpu/drm/panel/panel-samsung-atna33xc20.c | 22 drivers/gpu/drm/panel/panel-simple.c | 3 drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 22 drivers/gpu/drm/vc4/vc4_hdmi.c | 2 drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c | 10 drivers/hid/intel-ish-hid/ipc/pci-ish.c | 5 drivers/infiniband/core/cma.c | 4 drivers/infiniband/hw/bnxt_re/qplib_fp.c | 3 drivers/infiniband/hw/hns/hns_roce_cq.c | 24 - drivers/infiniband/hw/hns/hns_roce_device.h | 3 drivers/infiniband/hw/hns/hns_roce_hem.c | 2 drivers/infiniband/hw/hns/hns_roce_hem.h | 12 drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 9 drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 2 drivers/infiniband/hw/hns/hns_roce_main.c | 8 drivers/infiniband/hw/hns/hns_roce_mr.c | 15 drivers/infiniband/hw/hns/hns_roce_srq.c | 6 drivers/infiniband/hw/mana/cq.c | 54 -- drivers/infiniband/hw/mana/main.c | 43 + drivers/infiniband/hw/mana/mana_ib.h | 14 drivers/infiniband/hw/mana/qp.c | 26 - drivers/infiniband/hw/mlx5/mem.c | 8 drivers/infiniband/hw/mlx5/mlx5_ib.h | 3 drivers/infiniband/hw/mlx5/mr.c | 35 + drivers/infiniband/sw/rxe/rxe_comp.c | 6 drivers/infiniband/sw/rxe/rxe_net.c | 12 drivers/infiniband/sw/rxe/rxe_verbs.c | 6 drivers/infiniband/ulp/ipoib/ipoib_vlan.c | 8 drivers/input/input.c | 104 +++- drivers/iommu/amd/init.c | 4 drivers/iommu/intel/iommu.c | 19 drivers/iommu/iommu.c | 21 drivers/irqchip/irq-alpine-msi.c | 2 drivers/irqchip/irq-loongson-pch-msi.c | 2 drivers/macintosh/via-macii.c | 11 drivers/md/dm-delay.c | 14 drivers/md/md-bitmap.c | 6 drivers/media/i2c/et8ek8/et8ek8_driver.c | 4 drivers/media/pci/intel/ipu3/ipu3-cio2.c | 10 drivers/media/pci/ngene/ngene-core.c | 4 drivers/media/platform/cadence/cdns-csi2rx.c | 26 - drivers/media/platform/renesas/rcar-vin/rcar-vin.h | 2 drivers/media/radio/radio-shark2.c | 2 drivers/media/usb/uvc/uvc_driver.c | 31 + drivers/media/usb/uvc/uvcvideo.h | 1 drivers/media/v4l2-core/v4l2-subdev.c | 2 drivers/misc/lkdtm/Makefile | 2 drivers/misc/lkdtm/perms.c | 2 drivers/mtd/mtdcore.c | 6 drivers/mtd/nand/raw/nand_hynix.c | 2 drivers/net/dsa/mv88e6xxx/chip.c | 50 +- drivers/net/dsa/mv88e6xxx/chip.h | 6 drivers/net/dsa/mv88e6xxx/global1.c | 89 +++ drivers/net/dsa/mv88e6xxx/global1.h | 2 drivers/net/ethernet/cortina/gemini.c | 12 drivers/net/ethernet/freescale/enetc/enetc.c | 2 drivers/net/ethernet/freescale/fec_main.c | 26 - drivers/net/ethernet/intel/ice/ice_ddp.c | 8 drivers/net/ethernet/intel/idpf/idpf_ethtool.c | 3 drivers/net/ethernet/mediatek/mtk_eth_soc.c | 240 +++++----- drivers/net/ethernet/mediatek/mtk_eth_soc.h | 29 - drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 44 + drivers/net/ethernet/mellanox/mlx5/core/en/xsk/setup.c | 6 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 10 drivers/net/ethernet/mellanox/mlx5/core/esw/bridge.c | 2 drivers/net/ethernet/mellanox/mlx5/core/eswitch.h | 4 drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c | 28 - drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c | 6 drivers/net/ethernet/mellanox/mlx5/core/lag/mpesw.c | 4 drivers/net/ethernet/mellanox/mlx5/core/main.c | 14 drivers/net/ethernet/mellanox/mlx5/core/sf/dev/driver.c | 19 drivers/net/ethernet/microchip/lan966x/lan966x_main.c | 6 drivers/net/ethernet/microsoft/mana/hw_channel.c | 2 drivers/net/ethernet/qlogic/qed/qed_main.c | 9 drivers/net/ethernet/realtek/r8169_main.c | 9 drivers/net/ethernet/smsc/smc91x.h | 4 drivers/net/ethernet/stmicro/stmmac/stmmac.h | 2 drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c | 8 drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c | 18 drivers/net/ethernet/sun/sungem.c | 14 drivers/net/ethernet/ti/icssg/icssg_prueth.c | 14 drivers/net/ethernet/wangxun/libwx/wx_hw.c | 2 drivers/net/ethernet/wangxun/libwx/wx_lib.c | 56 ++ drivers/net/ethernet/wangxun/libwx/wx_lib.h | 2 drivers/net/ethernet/wangxun/libwx/wx_type.h | 22 drivers/net/ethernet/wangxun/ngbe/ngbe_ethtool.c | 18 drivers/net/ethernet/wangxun/ngbe/ngbe_main.c | 1 drivers/net/ethernet/wangxun/txgbe/txgbe_ethtool.c | 18 drivers/net/ethernet/wangxun/txgbe/txgbe_main.c | 31 + drivers/net/ethernet/wangxun/txgbe/txgbe_type.h | 1 drivers/net/phy/micrel.c | 3 drivers/net/usb/aqc111.c | 8 drivers/net/usb/smsc95xx.c | 15 drivers/net/usb/sr9700.c | 10 drivers/net/wireless/ath/ar5523/ar5523.c | 14 drivers/net/wireless/ath/ath10k/core.c | 3 drivers/net/wireless/ath/ath10k/debugfs_sta.c | 2 drivers/net/wireless/ath/ath10k/hw.h | 1 drivers/net/wireless/ath/ath10k/targaddrs.h | 3 drivers/net/wireless/ath/ath10k/wmi.c | 26 - drivers/net/wireless/ath/ath11k/mac.c | 9 drivers/net/wireless/ath/ath12k/qmi.c | 3 drivers/net/wireless/ath/ath12k/wmi.c | 2 drivers/net/wireless/ath/carl9170/tx.c | 3 drivers/net/wireless/ath/carl9170/usb.c | 32 + drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c | 15 drivers/net/wireless/intel/iwlwifi/mvm/coex.c | 42 - drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 43 + drivers/net/wireless/intel/iwlwifi/mvm/mld-mac80211.c | 159 ++++-- drivers/net/wireless/intel/iwlwifi/mvm/mld-sta.c | 19 drivers/net/wireless/intel/iwlwifi/mvm/mvm.h | 36 - drivers/net/wireless/intel/iwlwifi/mvm/rx.c | 4 drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 7 drivers/net/wireless/marvell/mwl8k.c | 2 drivers/net/wireless/mediatek/mt76/mt7603/dma.c | 46 + drivers/net/wireless/mediatek/mt76/mt7603/mac.c | 1 drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c | 3 drivers/net/wireless/mediatek/mt76/mt7915/debugfs.c | 6 drivers/net/wireless/mediatek/mt76/mt7925/mcu.h | 2 drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 12 drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 2 drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 1 drivers/net/wireless/realtek/rtw89/ps.c | 3 drivers/net/wireless/realtek/rtw89/wow.c | 12 drivers/of/module.c | 7 drivers/perf/hisilicon/hisi_pcie_pmu.c | 14 drivers/perf/hisilicon/hns3_pmu.c | 16 drivers/perf/riscv_pmu_sbi.c | 2 drivers/platform/x86/xiaomi-wmi.c | 18 drivers/power/supply/power_supply_sysfs.c | 20 drivers/ptp/ptp_ocp.c | 6 drivers/pwm/pwm-meson.c | 15 drivers/pwm/pwm-sti.c | 39 - drivers/s390/cio/trace.h | 2 drivers/scsi/bfa/bfad_debugfs.c | 4 drivers/scsi/hpsa.c | 2 drivers/scsi/libsas/sas_expander.c | 3 drivers/scsi/qedf/qedf_debugfs.c | 2 drivers/scsi/qla2xxx/qla_dfs.c | 2 drivers/soc/mediatek/mtk-cmdq-helper.c | 5 drivers/soc/qcom/pmic_glink.c | 26 - drivers/staging/media/atomisp/pci/sh_css.c | 1 drivers/staging/media/starfive/camss/stf-camss.c | 6 drivers/thermal/mediatek/lvts_thermal.c | 4 drivers/thermal/qcom/tsens.c | 2 drivers/thermal/thermal_core.c | 12 drivers/thermal/thermal_debugfs.c | 27 - drivers/thermal/thermal_debugfs.h | 4 drivers/tty/n_gsm.c | 140 ++++- drivers/tty/serial/8250/8250_bcm7271.c | 101 ++-- drivers/tty/serial/8250/8250_mtk.c | 8 drivers/tty/serial/sc16is7xx.c | 23 drivers/ufs/core/ufs-mcq.c | 3 drivers/ufs/core/ufshcd.c | 6 drivers/ufs/host/cdns-pltfrm.c | 2 drivers/ufs/host/ufs-qcom.c | 7 drivers/ufs/host/ufs-qcom.h | 12 drivers/video/fbdev/Kconfig | 4 drivers/video/fbdev/core/Kconfig | 6 drivers/video/fbdev/sh_mobile_lcdcfb.c | 2 drivers/video/fbdev/sis/init301.c | 3 drivers/virt/acrn/mm.c | 61 ++ fs/btrfs/extent_io.c | 10 fs/dlm/ast.c | 14 fs/dlm/dlm_internal.h | 1 fs/dlm/user.c | 15 fs/ecryptfs/keystore.c | 4 fs/exec.c | 11 fs/ext4/inode.c | 3 fs/ext4/mballoc.c | 1 fs/ext4/namei.c | 2 fs/f2fs/checkpoint.c | 9 fs/gfs2/glock.c | 91 ++- fs/gfs2/glock.h | 1 fs/gfs2/glops.c | 3 fs/gfs2/incore.h | 1 fs/gfs2/lock_dlm.c | 32 - fs/gfs2/ops_fstype.c | 1 fs/gfs2/super.c | 3 fs/gfs2/util.c | 1 fs/jffs2/xattr.c | 3 fs/libfs.c | 55 ++ fs/nfsd/nfsctl.c | 4 fs/nilfs2/ioctl.c | 2 fs/nilfs2/segment.c | 63 ++ fs/ntfs3/dir.c | 1 fs/ntfs3/index.c | 6 fs/ntfs3/inode.c | 7 fs/ntfs3/record.c | 11 fs/ntfs3/super.c | 2 fs/openpromfs/inode.c | 8 fs/smb/server/mgmt/share_config.c | 6 fs/smb/server/oplock.c | 21 include/drm/drm_displayid.h | 1 include/drm/drm_mipi_dsi.h | 6 include/linux/acpi.h | 6 include/linux/bitops.h | 1 include/linux/dev_printk.h | 25 - include/linux/fb.h | 4 include/linux/fortify-string.h | 3 include/linux/fs.h | 2 include/linux/ieee80211.h | 2 include/linux/ksm.h | 13 include/linux/mlx5/driver.h | 1 include/linux/numa.h | 7 include/linux/printk.h | 2 include/linux/stmmac.h | 1 include/net/ax25.h | 3 include/net/bluetooth/bluetooth.h | 2 include/net/bluetooth/hci.h | 122 ----- include/net/bluetooth/hci_core.h | 47 - include/net/bluetooth/l2cap.h | 11 include/net/tcp.h | 5 include/trace/events/asoc.h | 2 include/uapi/linux/bpf.h | 2 include/uapi/linux/virtio_bt.h | 1 io_uring/io-wq.c | 13 io_uring/io_uring.h | 2 io_uring/net.c | 1 io_uring/nop.c | 2 io_uring/sqpoll.c | 6 kernel/bpf/syscall.c | 5 kernel/bpf/verifier.c | 29 - kernel/cgroup/cpuset.c | 2 kernel/rcu/tasks.h | 2 kernel/rcu/tree_stall.h | 3 kernel/sched/core.c | 2 kernel/sched/fair.c | 53 +- kernel/sched/topology.c | 2 kernel/trace/ftrace.c | 39 - kernel/trace/ring_buffer.c | 9 kernel/trace/trace_events_user.c | 76 +++ lib/fortify_kunit.c | 22 lib/kunit/device.c | 2 lib/kunit/test.c | 3 lib/kunit/try-catch.c | 9 lib/slub_kunit.c | 2 lib/test_hmm.c | 8 mm/shmem.c | 3 mm/userfaultfd.c | 35 + net/ax25/ax25_dev.c | 48 -- net/bluetooth/hci_conn.c | 3 net/bluetooth/hci_core.c | 141 ----- net/bluetooth/hci_event.c | 150 ------ net/bluetooth/hci_sock.c | 5 net/bluetooth/hci_sync.c | 207 +------- net/bluetooth/iso.c | 75 +-- net/bluetooth/l2cap_core.c | 77 ++- net/bluetooth/l2cap_sock.c | 91 +++ net/bluetooth/mgmt.c | 84 +-- net/bridge/br_device.c | 6 net/bridge/br_mst.c | 16 net/core/dev.c | 3 net/ipv4/devinet.c | 13 net/ipv4/tcp_ipv4.c | 13 net/ipv4/udp.c | 21 net/ipv6/reassembly.c | 2 net/ipv6/seg6.c | 5 net/ipv6/udp.c | 20 net/l2tp/l2tp_core.c | 44 + net/mac80211/cfg.c | 12 net/mac80211/ieee80211_i.h | 3 net/mac80211/iface.c | 4 net/mac80211/mlme.c | 53 +- net/mac80211/scan.c | 16 net/mptcp/protocol.h | 3 net/mptcp/sockopt.c | 60 ++ net/netrom/nr_route.c | 19 net/openvswitch/flow.c | 3 net/packet/af_packet.c | 3 net/qrtr/ns.c | 27 + net/sunrpc/auth_gss/svcauth_gss.c | 10 net/sunrpc/svc.c | 2 net/unix/af_unix.c | 2 net/wireless/nl80211.c | 14 net/wireless/scan.c | 47 + samples/landlock/sandboxer.c | 5 scripts/module.lds.S | 1 sound/core/init.c | 11 sound/core/timer.c | 8 sound/pci/hda/cs35l41_hda_property.c | 4 sound/pci/hda/patch_realtek.c | 3 sound/soc/intel/avs/boards/ssm4567.c | 1 sound/soc/intel/avs/cldma.c | 2 sound/soc/intel/avs/icl.c | 5 sound/soc/intel/avs/path.c | 1 sound/soc/intel/avs/pcm.c | 4 sound/soc/intel/avs/probes.c | 14 sound/soc/intel/boards/bxt_da7219_max98357a.c | 1 sound/soc/intel/boards/bxt_rt298.c | 1 sound/soc/intel/boards/glk_rt5682_max98357a.c | 2 sound/soc/intel/boards/kbl_da7219_max98357a.c | 1 sound/soc/intel/boards/kbl_da7219_max98927.c | 4 sound/soc/intel/boards/kbl_rt5660.c | 1 sound/soc/intel/boards/kbl_rt5663_max98927.c | 2 sound/soc/intel/boards/kbl_rt5663_rt5514_max98927.c | 1 sound/soc/intel/boards/skl_hda_dsp_generic.c | 2 sound/soc/intel/boards/skl_nau88l25_max98357a.c | 1 sound/soc/intel/boards/skl_rt286.c | 1 sound/soc/kirkwood/kirkwood-dma.c | 3 sound/soc/mediatek/common/mtk-soundcard-driver.c | 6 sound/soc/sof/intel/hda-dai.c | 31 + sound/soc/sof/intel/lnl.c | 3 sound/soc/sof/intel/lnl.h | 15 sound/soc/sof/intel/mtl.c | 42 + sound/soc/sof/intel/mtl.h | 4 tools/arch/x86/lib/x86-opcode-map.txt | 10 tools/bpf/bpftool/common.c | 96 +++- tools/bpf/bpftool/iter.c | 2 tools/bpf/bpftool/main.h | 3 tools/bpf/bpftool/prog.c | 5 tools/bpf/bpftool/skeleton/pid_iter.bpf.c | 4 tools/bpf/bpftool/struct_ops.c | 2 tools/include/nolibc/stdlib.h | 2 tools/include/uapi/linux/bpf.h | 2 tools/lib/bpf/bpf.c | 2 tools/lib/bpf/features.c | 2 tools/lib/bpf/libbpf.c | 9 tools/testing/selftests/bpf/cgroup_helpers.c | 3 tools/testing/selftests/bpf/network_helpers.c | 2 tools/testing/selftests/bpf/prog_tests/cgroup1_hierarchy.c | 7 tools/testing/selftests/bpf/prog_tests/xdp_do_redirect.c | 4 tools/testing/selftests/bpf/progs/bench_local_storage_create.c | 5 tools/testing/selftests/bpf/progs/local_storage.c | 20 tools/testing/selftests/bpf/progs/lsm_cgroup.c | 8 tools/testing/selftests/bpf/test_sockmap.c | 2 tools/testing/selftests/cgroup/cgroup_util.c | 8 tools/testing/selftests/cgroup/cgroup_util.h | 2 tools/testing/selftests/cgroup/test_core.c | 7 tools/testing/selftests/cgroup/test_cpu.c | 2 tools/testing/selftests/cgroup/test_cpuset.c | 2 tools/testing/selftests/cgroup/test_freezer.c | 2 tools/testing/selftests/cgroup/test_hugetlb_memcg.c | 2 tools/testing/selftests/cgroup/test_kill.c | 2 tools/testing/selftests/cgroup/test_kmem.c | 2 tools/testing/selftests/cgroup/test_memcontrol.c | 2 tools/testing/selftests/cgroup/test_zswap.c | 2 tools/testing/selftests/damon/_damon_sysfs.py | 2 tools/testing/selftests/filesystems/binderfs/Makefile | 2 tools/testing/selftests/ftrace/test.d/dynevent/add_remove_btfarg.tc | 2 tools/testing/selftests/ftrace/test.d/dynevent/fprobe_entry_arg.tc | 2 tools/testing/selftests/ftrace/test.d/kprobe/kretprobe_entry_arg.tc | 2 tools/testing/selftests/kcmp/kcmp_test.c | 2 tools/testing/selftests/kselftest/ktap_helpers.sh | 4 tools/testing/selftests/lib.mk | 12 tools/testing/selftests/net/amt.sh | 12 tools/testing/selftests/net/config | 1 tools/testing/selftests/net/forwarding/bridge_igmp.sh | 6 tools/testing/selftests/net/forwarding/bridge_mld.sh | 6 tools/testing/selftests/net/lib.sh | 6 tools/testing/selftests/power_supply/test_power_supply_properties.sh | 2 tools/testing/selftests/resctrl/Makefile | 4 tools/tracing/latency/latency-collector.c | 8 489 files changed, 4171 insertions(+), 2829 deletions(-) Aapo Vienamo (1): mtd: core: Report error if first mtd_otp_size() call fails in mtd_otp_nvmem_add() Adam Guerin (2): crypto: qat - improve error message in adf_get_arbiter_mapping() crypto: qat - improve error logging to be consistent across features Adrian Hunter (2): x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map x86/insn: Add VEX versions of VPDPBUSD, VPDPBUSDS, VPDPWSSD and VPDPWSSDS Akiva Goldberger (2): net/mlx5: Add a timeout to acquire the command queue semaphore net/mlx5: Discard command completions in internal error Al Viro (1): parisc: add missing export of __cmpxchg_u8() Aleksandr Aprelkov (1): sunrpc: removed redundant procp check Aleksandr Burakov (1): media: ngene: Add dvb_ca_en50221_init return value check Aleksandr Mishin (6): crypto: bcm - Fix pointer arithmetic cppc_cpufreq: Fix possible null pointer dereference thermal/drivers/tsens: Fix null pointer dereference ASoC: kirkwood: Fix potential NULL dereference drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference drm: vc4: Fix possible null pointer dereference Alexander Aring (1): dlm: fix user space lock decision to copy lvb Alexander Lobakin (1): bitops: add missing prototype check Alexandre Mergnat (1): clk: mediatek: mt8365-mm: fix DPI0 parent Alexei Starovoitov (1): bpf: Fix verifier assumptions about socket->sk Aloka Dixit (1): wifi: ath12k: use correct flag field for 320 MHz channels Amadeusz Sławiński (1): ASoC: Intel: avs: Restore stream decoupling on prepare Andreas Gruenbacher (6): gfs2: Don't forget to complete delayed withdraw gfs2: Fix "ignore unlock failures after withdraw" gfs2: Remove ill-placed consistency check gfs2: Fix potential glock use-after-free on unmount gfs2: finish_xmote cleanup gfs2: do_xmote fixes Andrew Halaney (8): scsi: ufs: qcom: Perform read back after writing reset bit scsi: ufs: qcom: Perform read back after writing REG_UFS_SYS1CLK_1US scsi: ufs: qcom: Perform read back after writing unipro mode scsi: ufs: qcom: Perform read back after writing CGC enable scsi: ufs: cdns-pltfrm: Perform read back after writing HCLKDIV scsi: ufs: core: Perform read back after writing UTP_TASK_REQ_LIST_BASE_H scsi: ufs: core: Perform read back after disabling interrupts scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL Andrii Nakryiko (2): bpf: prevent r10 register from being marked as precise libbpf: fix feature detectors when using token_fd Andy Chi (1): ALSA: hda/realtek: fix mute/micmute LEDs don't work for ProBook 440/460 G11. Andy Shevchenko (1): ACPI: LPSS: Advertise number of chip selects via property AngeloGioacchino Del Regno (1): ASoC: mediatek: Assign dummy when codec not specified for a DAI link Anton Protopopov (1): bpf: Pack struct bpf_fib_lookup Ard Biesheuvel (3): arm64/fpsimd: Avoid erroneous elide of user state reload x86/boot/64: Clear most of CR4 in startup_64(), except PAE, MCE and LA57 x86/purgatory: Switch to the position-independent small code model Armin Wolf (6): ACPI: bus: Indicate support for _TFP thru _OSC ACPI: bus: Indicate support for more than 16 p-states thru _OSC ACPI: bus: Indicate support for the Generic Event Device thru _OSC ACPI: Fix Generic Initiator Affinity _OSC bit ACPI: bus: Indicate support for IRQ ResourceSource thru _OSC platform/x86: xiaomi-wmi: Fix race condition when reporting key events Arnd Bergmann (14): nilfs2: fix out-of-range warning crypto: ccp - drop platform ifdef checks enetc: avoid truncating error message qed: avoid truncating work queue length mlx5: avoid truncating error message mlx5: stop warning for 64KB pages wifi: carl9170: re-fix fortified-memset warning x86/microcode/AMD: Avoid -Wformat warning with clang-15 ACPI: disable -Wstringop-truncation drm/imagination: avoid -Woverflow warning fbdev: shmobile: fix snprintf truncation powerpc/fsl-soc: hide unused const variable fbdev: sisfb: hide unused variables media: rcar-vin: work around -Wenum-compare-conditional warning Atish Patra (1): RISC-V: Fix the typo in Scountovf CSR name Ayala Beker (1): wifi: mac80211: don't select link ID if not provided in scan request Baochen Qiang (2): wifi: ath10k: poll service ready message before failing wifi: ath11k: don't force enable power save on non-running vdevs Bart Van Assche (1): scsi: ufs: core: mcq: Fix ufshcd_mcq_sqe_search() Basavaraj Natikar (1): HID: amd_sfh: Handle "no sensors" in PM operations Beau Belgrave (1): tracing/user_events: Fix non-spaced field matching Benjamin Berg (2): wifi: cfg80211: ignore non-TX BSSs in per-STA profile wifi: iwlwifi: mvm: fix active link counting during recovery Benjamin Marzinski (2): dm-delay: fix workqueue delay_timer race dm-delay: fix max_delay calculations Binbin Zhou (2): dt-bindings: thermal: loongson,ls2k-thermal: Add Loongson-2K0500 compatible dt-bindings: thermal: loongson,ls2k-thermal: Fix incorrect compatible definition Bjorn Andersson (1): soc: qcom: pmic_glink: Make client-lock non-sleeping Bob Pearson (3): RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt RDMA/rxe: Allow good work requests to be executed RDMA/rxe: Fix incorrect rxe_put in error path Brennan Xavier McManus (1): tools/nolibc/stdlib: fix memory error in realloc() Breno Leitao (1): af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg Brian Kubisiak (1): ecryptfs: Fix buffer size for tag 66 packet Bui Quang Minh (2): scsi: bfa: Ensure the copied buf is NUL terminated scsi: qedf: Ensure the copied buf is NUL terminated Catalin Popescu (1): clk: rs9: fix wrong default value for clock amplitude Cezary Rojewski (6): ASoC: Intel: Disable route checks for Skylake boards ASoC: Intel: avs: ssm4567: Do not ignore route checks ASoC: Intel: avs: Fix debug-slot offset calculation ASoC: Intel: avs: Fix ASRC module initialization ASoC: Intel: avs: Fix potential integer overflow ASoC: Intel: avs: Test result of avs_get_module_entry() Chad Monroe (1): wifi: mt76: mt7996: fix size of txpower MCU command Changhuang Liang (1): staging: media: starfive: Remove links when unregistering devices Chen Ni (3): crypto: octeontx2 - add missing check for dma_map_single HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors dpll: fix return value check for kmemdup Cheng Yu (1): sched/core: Fix incorrect initialization of the 'burst' parameter in cpu_max_write() Chengchang Tang (6): RDMA/hns: Add max_ah and cq moderation capacities in query_device() RDMA/hns: Fix deadlock on SRQ async events. RDMA/hns: Fix UAF for cq async event RDMA/hns: Fix GMV table pagesize RDMA/hns: Use complete parentheses in macros RDMA/hns: Modify the print level of CQE error Chih-Kang Chang (1): wifi: rtw89: wow: refine WoWLAN flows of HCI interrupts and low power mode Chris Lew (1): net: qrtr: ns: Fix module refcnt Christian Hewitt (1): drm/meson: vclk: fix calculation of 59.94 fractional rates Christoph Hellwig (2): block: refine the EOF check in blkdev_iomap_begin virt: acrn: stop using follow_pfn Chuck Lever (4): libfs: Fix simple_offset_rename_exchange() libfs: Add simple_offset_rename() API shmem: Fix shmem_rename2() SUNRPC: Fix gss_free_in_token_pages() Chun-Kuang Hu (1): soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE Dan Carpenter (4): speakup: Fix sizeof() vs ARRAY_SIZE() bug wifi: mwl8k: initialize cmd->addr[] properly Bluetooth: qca: Fix error code in qca_read_fw_build_info() ext4: fix potential unnitialized variable Dan Nowlin (1): ice: Fix package download algorithm Daniel Golle (1): net: ethernet: mediatek: use ADMAv1 instead of ADMAv2.0 on MT7981 and MT7986 Daniel J Blueman (1): x86/tsc: Trust initial offset in architectural TSC-adjust MSRs Daniel Starke (2): tty: n_gsm: fix possible out-of-bounds in gsm0_receive() tty: n_gsm: fix missing receive state reset after mode switch David Hildenbrand (3): mm/userfaultfd: Do not place zeropages when zeropages are disallowed s390/mm: Re-enable the shared zeropage for !PV and !skeys KVM guests drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map() Detlev Casanova (1): drm/rockchip: vop2: Do not divide height twice for YUV Dmitry Baryshkov (9): soc: qcom: pmic_glink: don't traverse clients list without a lock soc: qcom: pmic_glink: notify clients about the current state wifi: ath10k: populate board data for WCN3990 drm/msm/dp: allow voltage swing / pre emphasis of 3 drm/mipi-dsi: use correct return type for the DSC functions clk: qcom: dispcc-sm8450: fix DisplayPort clocks clk: qcom: dispcc-sm6350: fix DisplayPort clocks clk: qcom: dispcc-sm8550: fix DisplayPort clocks clk: qcom: dispcc-sm8650: fix DisplayPort clocks Dmitry Torokhov (1): Input: try trimming too long modalias strings Doug Berger (1): serial: 8250_bcm7271: use default_mux_rate if possible Douglas Anderson (4): drm/panel: atna33xc20: Fix unbalanced regulator in the case HPD doesn't assert drm/mediatek: Init `ddp_comp` with devm_kcalloc() drm/msm/dp: Avoid a long timeout for AUX transfer if nothing connected drm/msm/dp: Account for the timeout in wait_hpd_asserted() callback Duoming Zhou (5): wifi: brcmfmac: pcie: handle randbuf allocation failure ax25: Use kernel universal linked list to implement ax25_dev_list ax25: Fix reference count leak issues of ax25_dev ax25: Fix reference count leak issue of net_device lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure Edward Liaw (3): selftests: Compile kselftest headers with -D_GNU_SOURCE selftests/sgx: Include KHDR_INCLUDES in Makefile selftests/kcmp: remove unused open mode Emmanuel Grumbach (1): wifi: iwlwifi: mvm: introduce esr_disable_reason Eric Biggers (5): KEYS: asymmetric: Add missing dependency on CRYPTO_SIG KEYS: asymmetric: Add missing dependencies of FIPS_SIGNATURE_SELFTEST crypto: x86/nh-avx2 - add missing vzeroupper crypto: x86/sha256-avx2 - add missing vzeroupper crypto: x86/sha512-avx2 - add missing vzeroupper Eric Dumazet (8): tcp: avoid premature drops in tcp_add_backlog() net: give more chances to rcu in netdev_wait_allrefs_any() usb: aqc111: stop lying about skb->truesize net: usb: sr9700: stop lying about skb->truesize net: usb: smsc95xx: stop lying about skb->truesize inet: fix inet_fill_ifaddr() flags truncation netrom: fix possible dead-lock in nr_rt_ioctl() af_packet: do not call packet_read_pending() from tpacket_destruct_skb() Eric Sandeen (1): openpromfs: finish conversion to the new mount API Fabio Estevam (1): media: dt-bindings: ovti,ov2680: Fix the power supply names Felix Fietkau (3): wifi: mt76: mt7603: fix tx queue of loopback packets wifi: mt76: mt7603: add wpdma tx eof flag for PSE client reset wifi: mt76: connac: use muar idx 0xe for non-mt799x as well Finn Thain (2): macintosh/via-macii: Fix "BUG: sleeping function called from invalid context" m68k: mac: Fix reboot hang on Mac IIci Gabor Juhos (2): clk: qcom: clk-alpha-pll: remove invalid Stromer register offset clk: qcom: apss-ipq-pll: fix PLL rate for IPQ5018 Gabriel Krisman Bertazi (2): io-wq: write next_work before dropping acct_lock udp: Avoid call to compute_score on multiple sites Geert Uytterhoeven (5): sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe() m68k: Move ARCH_HAS_CPU_CACHE_ALIASING printk: Let no_printk() use _printk() dev_printk: Add and use dev_no_printk() clk: renesas: r8a779a0: Fix CANFD parent clock Geliang Tang (2): selftests/bpf: Fix umount cgroup2 error in test_sockmap selftests/bpf: Fix a fd leak in error paths in open_netns George Stark (2): pwm: meson: Add check for error from clk_round_rate() pwm: meson: Use mul_u64_u64_div_u64() for frequency calculating Giovanni Cabiddu (1): crypto: qat - specify firmware files for 402xx Greg Kroah-Hartman (1): Linux 6.9.3 Guenter Roeck (2): mm/slub, kunit: Use inverted data to corrupt kmem cache Revert "sh: Handle calling csum_partial with misaligned data" Guixiong Wei (1): x86/boot: Ignore relocations in .notes sections in walk_relocs() too Gustavo A. R. Silva (1): Bluetooth: hci_conn, hci_sync: Use __counted_by() to avoid -Wfamnae warnings Hangbin Liu (4): ipv6: sr: add missing seg6_local_exit ipv6: sr: fix incorrect unregister order ipv6: sr: fix invalid unregister error path selftests/net/lib: no need to record ns name if it already exist Hao Chen (1): drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() Hechao Li (1): tcp: increase the default TCP scaling ratio Heiko Stuebner (2): drm/panel: ltk050h3146w: add MIPI_DSI_MODE_VIDEO to LTK050H3148W flags drm/panel: ltk050h3146w: drop duplicate commands from LTK050H3148W init Heiner Kallweit (1): Revert "r8169: don't try to disable interrupts if NAPI is, scheduled already" Herve Codina (1): net: lan966x: remove debugfs directory in probe() error path Himanshu Madhani (1): scsi: qla2xxx: Fix debugfs output for fw_resource_count Horatiu Vultur (1): net: micrel: Fix receiving the timestamp in the frame for lan8841 Howard Hsu (1): wifi: mt76: mt7996: fix potential memory leakage when reading chip temperature Hsin-Te Yuan (2): thermal/drivers/mediatek/lvts_thermal: Add coeff for mt8192 drm/bridge: anx7625: Update audio status while detecting Huai-Yuan Liu (1): drm/arm/malidp: fix a possible null pointer dereference Hugo Villeneuve (1): serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler INAGAKI Hiroshi (1): block: fix and simplify blkdevparts= cmdline parsing Ilan Peer (1): wifi: iwlwifi: mvm: Do not warn on invalid link on scan complete Ilya Denisyev (1): jffs2: prevent xattr node from overflowing the eraseblock Ilya Leoshkevich (1): s390/bpf: Emit a barrier for BPF_FETCH instructions Ilya Maximets (1): net: openvswitch: fix overwriting ct original tuple for ICMPv6 Iulia Tanasescu (1): Bluetooth: ISO: Make iso_get_sock_listen generic Ivanov Mikhail (1): samples/landlock: Fix incorrect free in populate_ruleset_net Jaegeuk Kim (1): f2fs: fix false alarm on invalid block address Jaewon Kim (1): clk: samsung: exynosautov9: fix wrong pll clock id value Jagan Teki (1): drm/bridge: Fix improper bridge init order with pre_enable_prev_first Jakub Kicinski (3): eth: sungem: remove .ndo_poll_controller to avoid deadlocks selftests: net: add missing config for amt.sh selftests: net: move amt to socat for better compatibility Jan Kara (1): ext4: avoid excessive credit estimate in ext4_tmpfile() Jason Gunthorpe (1): IB/mlx5: Use __iowrite64_copy() for write combining stores Jens Axboe (2): io_uring/sqpoll: ensure that normal task_work is also run timely io_uring: use the right type for work_llist empty check Jiawen Wu (3): net: wangxun: fix to change Rx features net: wangxun: match VLAN CTAG and STAG features net: txgbe: fix to control VLAN strip Jim Liu (1): gpio: nuvoton: Fix sgpio irq handle error Jinjiang Tu (1): mm/ksm: fix ksm exec support for prctl Jinjie Ruan (1): arm64: Remove unnecessary irqflags alternative.h include Jiri Olsa (1): libbpf: Fix error message in attach_kprobe_multi Joel Colledge (1): dm-delay: fix hung task introduced by kthread mode Johannes Berg (8): wifi: ieee80211: fix ieee80211_mle_basic_sta_prof_size_ok() wifi: iwlwifi: mvm: allocate STA links only for active links wifi: iwlwifi: mvm: set wider BW OFDMA ignore correctly wifi: iwlwifi: mvm: select STA mask only for active links wifi: iwlwifi: reconfigure TLC during HW restart wifi: iwlwifi: mvm: fix check in iwl_mvm_sta_fw_id_mask wifi: mac80211: transmit deauth only if link is available wifi: iwlwifi: mvm: init vif works only once John Hubbard (2): selftests/binderfs: use the Makefile's rules, not Make's implicit rules selftests/resctrl: fix clang build failure: use LOCAL_HDRS Josef Bacik (1): btrfs: set start on clone before calling copy_extent_buffer_full Juergen Gross (3): x86/pat: Introduce lookup_address_in_pgd_attr() x86/pat: Restructure _lookup_address_cpa() x86/pat: Fix W^X violation false-positives when running as Xen PV guest Junhao He (2): drivers/perf: hisi_pcie: Fix out-of-bound access when valid event group drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group Justin Green (1): drm/mediatek: Add 0 size check to mtk_drm_gem_obj Karthikeyan Kathirvel (1): wifi: ath12k: fix out-of-bound access of qmi_invoke_handler() Kees Cook (4): kunit/fortify: Fix mismatched kvalloc()/vfree() usage lkdtm: Disable CFI checking for perms functions kunit/fortify: Fix replaced failure path to unbreak __alloc_size wifi: nl80211: Avoid address calculations via out of bounds array indexing Ken Milmore (1): r8169: Fix possible ring buffer corruption on fragmented Tx packets. Konstantin Komarov (4): fs/ntfs3: Remove max link count info display during driver init fs/ntfs3: Taking DOS names into account during link counting fs/ntfs3: Fix case when index is reused during tree transformation fs/ntfs3: Break dir enumeration if directory contents error Konstantin Taranov (3): RDMA/mana_ib: Introduce helpers to create and destroy mana queues RDMA/mana_ib: Use struct mana_ib_queue for CQs RDMA/mana_ib: boundary check before installing cq callbacks Krzysztof Kozlowski (1): firmware: qcom: qcm: fix unused qcom_scm_qseecom_allowlist Lad Prabhakar (1): clk: renesas: r9a07g043: Add clock and reset entry for PLIC Laurent Pinchart (2): firmware: raspberrypi: Use correct device for DMA mappings media: v4l2-subdev: Fix stream handling for crop API Leon Romanovsky (1): RDMA/IPoIB: Fix format truncation compilation errors Linus Walleij (1): net: ethernet: cortina: Locking fixes Lorenzo Bianconi (3): wifi: mt76: mt7915: workaround too long expansion sparse warnings wifi: mt76: mt7996: fix uninitialized variable in mt7996_irq_tasklet() net: ethernet: mediatek: split tx and rx fields in mtk_soc_data struct Lu Baolu (1): iommu/vt-d: Decouple igfx_off from graphic identity mapping Lucas Segarra Fernandez (1): crypto: qat - validate slices count returned by FW Luiz Augusto von Dentz (2): Bluetooth: HCI: Remove HCI_AMP support Bluetooth: hci_core: Fix not handling hdev->le_num_of_adv_sets=1 Lyude Paul (1): drm/nouveau/dp: Fix incorrect return code in r535_dp_aux_xfer() Maher Sanalla (1): net/mlx5: Reload only IB representors upon lag disable/enable Marc Gonzalez (1): clk: qcom: mmcc-msm8998: fix venus clock issue Marek Vasut (5): hwrng: stm32 - use logical OR in conditional hwrng: stm32 - put IP into RPM suspend on failure hwrng: stm32 - repair clock handling drm/lcdif: Do not disable clocks on already suspended hardware drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector Masami Hiramatsu (Google) (2): selftests/ftrace: Fix BTFARG testcase to check fprobe is enabled correctly selftests/ftrace: Fix checkbashisms errors Matthias Schiffer (2): net: dsa: mv88e6xxx: Add support for model-specific pre- and post-reset handlers net: dsa: mv88e6xxx: Avoid EEPROM timeout without EEPROM on 88E6250-family switches Matthieu Baerts (NGI0) (2): mptcp: SO_KEEPALIVE: fix getsockopt support mptcp: fix full TCP keep-alive support Maxim Korotkov (1): mtd: rawnand: hynix: fixed typo Maxime Ripard (1): ARM: configs: sunxi: Enable DRM_DW_HDMI Michael Schmitz (1): m68k: Fix spinlock race in kernel thread creation Michal Schmidt (3): selftests/bpf: Fix pointer arithmetic in test_xdp_do_redirect bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq idpf: don't skip over ethtool tcp-data-split setting Mickaël Salaün (1): kunit: Fix kthread reference Ming Lei (1): io_uring: fail NOP if non-zero op flags is passed in Ming Yen Hsieh (1): wifi: mt76: mt7925: ensure 4-byte alignment for suspend & wow command Miri Korenblit (2): wifi: iwlwifi: mvm: calculate EMLSR mode after connection wifi: iwlwifi: mvm: don't always disable EMLSR due to BT coex Muhammad Usama Anjum (1): wifi: mt76: connac: check for null before dereferencing Mukesh Ojha (1): firmware: qcom: scm: Fix __scm and waitq completion variable initialization Namjae Jeon (1): ksmbd: avoid to send duplicate oplock break notifications Nandor Kracser (1): ksmbd: ignore trailing slashes in share paths Nathan Chancellor (2): clk: qcom: Fix SC_CAMCC_8280XP dependencies clk: qcom: Fix SM_GPUCC_8650 dependencies NeilBrown (1): nfsd: don't create nfsv4recoverydir in nfsdfs when not used. Nikita Kiryushin (2): rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow rcu: Fix buffer overflow in print_cpu_stall_info() Nikita Zhandarovich (2): wifi: carl9170: add a proper sanity check for endpoints wifi: ar5523: enable proper endpoint verification Nikolay Aleksandrov (3): net: bridge: xmit: make sure we have at least eth header len bytes selftests: net: bridge: increase IGMP/MLD exclude timeout membership interval net: bridge: mst: fix vlan use-after-free Nuno Sa (1): dt-bindings: adc: axi-adc: add clocks property Nícolas F. R. A. Prado (11): selftests: ktap_helpers: Make it POSIX-compliant selftests: power_supply: Make it POSIX-compliant drm/bridge: anx7625: Don't log an error when DSI host can't be found drm/bridge: icn6211: Don't log an error when DSI host can't be found drm/bridge: lt8912b: Don't log an error when DSI host can't be found drm/bridge: lt9611: Don't log an error when DSI host can't be found drm/bridge: lt9611uxc: Don't log an error when DSI host can't be found drm/bridge: tc358775: Don't log an error when DSI host can't be found drm/bridge: dpc3433: Don't log an error when DSI host can't be found drm/panel: novatek-nt35950: Don't log an error when DSI host can't be found clk: mediatek: pllfh: Don't log error for missing fhctl node Or Har-Toov (3): RDMA/mlx5: Uncacheable mkey has neither rb_key or cache_ent RDMA/mlx5: Change check for cacheable mkeys RDMA/mlx5: Adding remote atomic access flag to updatable flags Paul Menzel (1): x86/fred: Fix typo in Kconfig description Pavel Begunkov (1): io_uring/net: fix sendzc lazy wake polling Peter Oberparleiter (1): s390/cio: fix tracepoint subchannel type field Peter Ujfalusi (4): ASoC: SOF: Intel: mtl: Correct rom_status_reg ASoC: SOF: Intel: lnl: Correct rom_status_reg ASoC: SOF: Intel: mtl: Disable interrupts when firmware boot failed ASoC: SOF: Intel: mtl: Implement firmware boot state check Petr Pavlu (1): ring-buffer: Fix a race between readers and resize checks Pierre-Louis Bossart (1): ASoC: SOF: Intel: hda-dai: fix channel map configuration for aggregated dailink Pin-yen Lin (1): serial: 8520_mtk: Set RTS on shutdown for Rx in-band wakeup Portia Stephens (1): cpufreq: brcmstb-avs-cpufreq: ISO C90 forbids mixed declarations Pratyush Yadav (1): media: cadence: csi2rx: configure DPHY before starting source stream Puranjay Mohan (1): riscv, bpf: make some atomic operations fully ordered Qiuxu Zhuo (1): EDAC/skx_common: Allow decoding of SGX addresses Quentin Monnet (1): libbpf: Prevent null-pointer dereference when prog to load has no BTF Rafael J. Wysocki (3): thermal/debugfs: Avoid excessive updates of trip point statistics thermal/debugfs: Create records for cdev states as they get used thermal/debugfs: Pass cooling device state to thermal_debug_cdev_add() Randy Dunlap (1): fbdev: sh7760fb: allow modular build Ricardo Ribalda (2): media: radio-shark2: Avoid led_names truncations media: uvcvideo: Add quirk for Logitech Rally Bar Robert Richter (1): x86/numa: Fix SRAT lookup of CFMWS ranges with numa_fill_memblks() Romain Gantois (1): net: ti: icssg_prueth: Fix NULL pointer dereference in prueth_probe() Ryusuke Konishi (3): nilfs2: fix use-after-free of timer for log writer thread nilfs2: fix unexpected freezing of nilfs_segctor_sync() nilfs2: fix potential hang in nilfs_detach_log_writer() Sahil Siddiq (1): bpftool: Mount bpffs on provided dir instead of parent dir Sakari Ailus (1): media: ipu3-cio2: Request IRQ earlier Scott Mayhew (1): kunit: bail out early in __kunit_test_suites_init() if there are no suites to test Sebastian Urban (1): Bluetooth: compute LE flow credits based on recvbuf space SeongJae Park (1): selftests/damon/_damon_sysfs: check errors from nr_schemes file reads Sergey Shtylyov (1): of: module: add buffer overflow check in of_modalias() Shay Drory (2): net/mlx5e: Fix netif state handling net/mlx5: Fix peer devlink set for SF representor devlink port Shrikanth Hegde (1): sched/fair: Add EAS checks before updating root_domain::overutilized Shuah Khan (3): tools/latency-collector: Fix -Wformat-security compile warns Revert "selftests: Compile kselftest headers with -D_GNU_SOURCE" Revert "selftests/sgx: Include KHDR_INCLUDES in Makefile" Souradeep Chakrabarti (1): net: mana: Fix the extra HZ in mana_hwc_send_request Srinivasan Shanmugam (2): drm/amd/display: Fix potential index out of bounds in color transformation function drm/amd/display: Remove redundant condition in dcn35_calc_blocks_to_gate() Stafford Horne (2): openrisc: Use do_kernel_power_off() openrisc: traps: Don't send signals to kernel mode threads Stanislav Fomichev (1): bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE Stefan Binding (1): ALSA: hda: cs35l41: Remove Speaker ID for Lenovo Legion slim 7 16ARHA7 Steven Rostedt (1): ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value Su Hui (1): wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() Sumanth Korikkar (1): s390: vmlinux.lds.S: Drop .hash and .gnu.hash for !CONFIG_PIE_BUILD Takashi Iwai (3): ALSA: core: Fix NULL module pointer assignment at card init ALSA: timer: Set lower bound of start tick time ALSA: Fix deadlocks with kctl removals at disconnection Thomas Weißschuh (1): power: supply: core: simplify charge_behaviour formatting Thorsten Blum (1): net: smc91x: Fix m68k kernel compilation for ColdFire CPU Tianchen Ding (1): selftests: cgroup: skip test_cgcore_lesser_ns_open when cgroup2 mounted without nsdelegate Tom Parkin (1): l2tp: fix ICMP error handling for UDP-encap sockets Tony Lindgren (2): drm/omapdrm: Fix console by implementing fb_dirty drm/omapdrm: Fix console with deferred ops Tudor Ambarus (2): clk: samsung: gs101: propagate PERIC0 USI SPI clock rate clk: samsung: gs101: propagate PERIC1 USI SPI clock rate Uros Bizjak (1): locking/atomic/x86: Correct the definition of __arch_try_cmpxchg128() Uwe Kleine-König (2): pwm: sti: Simplify probe function using devm functions media: i2c: et8ek8: Don't strip remove function when driver is builtin Vadim Fedorenko (1): ptp: ocp: fix DPLL functions Valentin Obst (1): selftests: default to host arch for LLVM builds Vasant Hegde (1): iommu/amd: Enable Guest Translation after reading IOMMU feature register Vignesh Raman (1): drm/ci: update device type for volteer devices Viktor Malik (1): selftests/bpf: Run cgroup1_hierarchy test in own mount namespace Ville Syrjälä (1): drm/edid: Parse topology block for all DispID structure v1.x Viresh Kumar (1): cpufreq: exit() callback is optional Vishal Verma (4): dax/bus.c: replace WARN_ON_ONCE() with lockdep asserts dax/bus.c: fix locking for unregister_dax_dev / unregister_dax_mapping paths dax/bus.c: don't use down_write_killable for non-user processes dax/bus.c: use the right locking mode (read vs write) in size_show Vitalii Bursov (1): sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level Wander Lairson Costa (1): kunit: unregister the device on error Wang Yao (1): modules: Drop the .export_symbol section from the final modules Wei Fang (1): net: fec: remove .ndo_poll_controller to avoid deadlocks Will Deacon (2): Revert "arm64: fpsimd: Implement lazy restore for kernel mode FPSIMD" Reapply "arm64: fpsimd: Implement lazy restore for kernel mode FPSIMD" Xiaolei Wang (1): net: stmmac: move the EST lock to struct stmmac_priv Xingui Yang (1): scsi: libsas: Fix the failure of adding phy with zero-address to port Yi Liu (1): iommu: Undo pasid attachment only for the devices that have succeeded Yonghong Song (1): bpftool: Fix missing pids during link show Yu Kuai (2): md: fix resync softlockup when bitmap size is less than array size block: support to account io_ticks precisely Yuri Karpov (1): scsi: hpsa: Fix allocation size for Scsi_Host private data Zenghui Yu (2): irqchip/alpine-msi: Fix off-by-one in allocation error path irqchip/loongson-pch-msi: Fix off-by-one on allocation error path Zhang Yi (1): ext4: remove the redundant folio_wait_stable() Zheng Yejian (1): ftrace: Fix possible use-after-free issue in ftrace_location() Zhengchao Shao (1): RDMA/hns: Fix return value in hns_roce_map_mr_sg Zhengqiao Xia (1): drm/panel-edp: Add prepare_to_enable to 200ms for MNC207QS1-1 Zhipeng Lu (1): media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries Zhu Yanjun (2): null_blk: Fix missing mutex_destroy() at module removal RDMA/cma: Fix kmemleak in rdma_core observed during blktests nvme/rdma use siw gaoxingwang (1): net: ipv6: fix wrong start position when receive hop-by-hop fragment wenglianfa (1): RDMA/hns: Fix mismatch exception rollback

1 year, 3 months

1
1
0 0

[PATCH v2] hwmon: (nzxt-smart2) Add support for device 1e71:2020

by Aleksandr Mezin

Add support for device with USB ID 1e71:2020. Fan speed control reported to be working with existing userspace (hidraw) software, so I assume it's compatible. Fan channel count is the same. No known differences from already supported devices, at least regarding fan speed control and initialization. Discovered in liquidctl project: https://github.com/liquidctl/liquidctl/pull/702 Signed-off-by: Aleksandr Mezin <mezin.alexander(a)gmail.com> Cc: stable(a)vger.kernel.org # v6.1+ --- v2: Improved the description, changed the subject to include device id (previous subject was "hwmon: (nzxt-smart2) add another USB ID"). drivers/hwmon/nzxt-smart2.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/hwmon/nzxt-smart2.c b/drivers/hwmon/nzxt-smart2.c index 7aa586eb74be..df6fa72a6b59 100644 --- a/drivers/hwmon/nzxt-smart2.c +++ b/drivers/hwmon/nzxt-smart2.c @@ -799,6 +799,7 @@ static const struct hid_device_id nzxt_smart2_hid_id_table[] = { { HID_USB_DEVICE(0x1e71, 0x2010) }, /* NZXT RGB & Fan Controller */ { HID_USB_DEVICE(0x1e71, 0x2011) }, /* NZXT RGB & Fan Controller (6 RGB) */ { HID_USB_DEVICE(0x1e71, 0x2019) }, /* NZXT RGB & Fan Controller (6 RGB) */ + { HID_USB_DEVICE(0x1e71, 0x2020) }, /* NZXT RGB & Fan Controller (6 RGB) */ {}, }; -- 2.45.1

1 year, 3 months

2
1
0 0

[PATCH v2 0/3] device property: introduce fwnode_for_each_available_child_node_scoped()

by Javier Carrasco

The _scoped() version of the fwnode_for_each_available_child_node() follows the approach recently taken for other loops that handle child nodes like for_each_child_of_node_scoped() or device_for_each_child_node_scoped(), which are based on the __free() auto cleanup handler to remove the need for fwnode_handle_put() on early loop exits. This new variant has been tested with the LTC2992, which currently uses the non-scoped variant. There is one error path that does not decrement the refcount of the child node, which can be fixed by using the new macro. The bug was introduced in a later modification of the loop, which shows how useful an automatic cleanup solution can be in many uses of the non-scoped version. In order to provide a backportable patch, the conversion in the LTC2992 driver is carried out in two steps: first the missing fwnode_handle_put() is added, and then the code is refactored to adopt the new, safer approach. @Andy Shevchenko: I kept your Reviewed-by in 3/3, that now also removes the new fwnode_handle_put() and braces added with 1/3. Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> --- Changes in v2: - Fix the memory leak in a backportable patch and tag it for stable. - Refactor 1/3 with 3/3 as well. - Link to v1: https://lore.kernel.org/r/20240522-fwnode_for_each_available_child_node_sco… --- Javier Carrasco (3): hwmon: (ltc2992) Fix memory leak in ltc2992_parse_dt() device property: introduce fwnode_for_each_available_child_node_scoped() hwmon: (ltc2992) Use fwnode_for_each_available_child_node_scoped() drivers/hwmon/ltc2992.c | 11 +++-------- include/linux/property.h | 5 +++++ 2 files changed, 8 insertions(+), 8 deletions(-) --- base-commit: 124cfbcd6d185d4f50be02d5f5afe61578916773 change-id: 20240521-fwnode_for_each_available_child_node_scoped-8f1f09d3a10c Best regards, -- Javier Carrasco <javier.carrasco.cruz(a)gmail.com>

1 year, 3 months

2
2
0 0

[PATCH 6.10] ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension

by Peter Ujfalusi

If a process module does not have base config extension then the same format applies to all of it's inputs and the process->base_config_ext is NULL, causing NULL dereference when specifically crafted topology and sequences used. Fixes: 648fea128476 ("ASoC: SOF: ipc4-topology: set copier output format for process module") Signed-off-by: Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> Reviewed-by: Seppo Ingalsuo <seppo.ingalsuo(a)linux.intel.com> Reviewed-by: Ranjani Sridharan <ranjani.sridharan(a)linux.intel.com> Cc: stable(a)vger.kernel.org --- Hi Mark, Can you please pick this patch for 6.10 as it can fix a potential NULL pointer dereference bug. Thank you, Peter sound/soc/sof/ipc4-topology.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/sound/soc/sof/ipc4-topology.c b/sound/soc/sof/ipc4-topology.c index beff10989324..33e8c5f7d9ca 100644 --- a/sound/soc/sof/ipc4-topology.c +++ b/sound/soc/sof/ipc4-topology.c @@ -217,6 +217,14 @@ sof_ipc4_get_input_pin_audio_fmt(struct snd_sof_widget *swidget, int pin_index) } process = swidget->private; + + /* + * For process modules without base config extension, base module config + * format is used for all input pins + */ + if (process->init_config != SOF_IPC4_MODULE_INIT_CONFIG_TYPE_BASE_CFG_WITH_EXT) + return &process->base_config.audio_fmt; + base_cfg_ext = process->base_config_ext; /* -- 2.45.1

1 year, 3 months

2
1
0 0

[PATCH 1/1] cxl/pci: Convert PCIBIOS_* return codes to errnos

by Ilpo Järvinen

pci_{read,write}_config_*word() and pcie_capability_read_word() return PCIBIOS_* codes, not usual errnos. Fix return value checks to handle PCIBIOS_* return codes correctly by dropping < 0 from the check and convert the PCIBIOS_* return codes into errnos using pcibios_err_to_errno() before returning them. Fixes: ce17ad0d5498 ("cxl: Wait Memory_Info_Valid before access memory related info") Fixes: 34e37b4c432c ("cxl/port: Enable HDM Capability after validating DVSEC Ranges") Fixes: 14d788740774 ("cxl/mem: Consolidate CXL DVSEC Range enumeration in the core") Fixes: 560f78559006 ("cxl/pci: Retrieve CXL DVSEC memory info") Cc: stable(a)vger.kernel.org Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> --- drivers/cxl/core/pci.c | 30 +++++++++++++++--------------- drivers/cxl/pci.c | 2 +- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/drivers/cxl/core/pci.c b/drivers/cxl/core/pci.c index 8567dd11eaac..9ca67d4e0a89 100644 --- a/drivers/cxl/core/pci.c +++ b/drivers/cxl/core/pci.c @@ -121,7 +121,7 @@ static int cxl_dvsec_mem_range_valid(struct cxl_dev_state *cxlds, int id) d + CXL_DVSEC_RANGE_SIZE_LOW(id), &temp); if (rc) - return rc; + return pcibios_err_to_errno(rc); valid = FIELD_GET(CXL_DVSEC_MEM_INFO_VALID, temp); if (valid) @@ -155,7 +155,7 @@ static int cxl_dvsec_mem_range_active(struct cxl_dev_state *cxlds, int id) rc = pci_read_config_dword( pdev, d + CXL_DVSEC_RANGE_SIZE_LOW(id), &temp); if (rc) - return rc; + return pcibios_err_to_errno(rc); active = FIELD_GET(CXL_DVSEC_MEM_ACTIVE, temp); if (active) @@ -188,7 +188,7 @@ int cxl_await_media_ready(struct cxl_dev_state *cxlds) rc = pci_read_config_word(pdev, d + CXL_DVSEC_CAP_OFFSET, &cap); if (rc) - return rc; + return pcibios_err_to_errno(rc); hdm_count = FIELD_GET(CXL_DVSEC_HDM_COUNT_MASK, cap); for (i = 0; i < hdm_count; i++) { @@ -225,7 +225,7 @@ static int wait_for_valid(struct pci_dev *pdev, int d) */ rc = pci_read_config_dword(pdev, d + CXL_DVSEC_RANGE_SIZE_LOW(0), &val); if (rc) - return rc; + return pcibios_err_to_errno(rc); if (val & CXL_DVSEC_MEM_INFO_VALID) return 0; @@ -234,7 +234,7 @@ static int wait_for_valid(struct pci_dev *pdev, int d) rc = pci_read_config_dword(pdev, d + CXL_DVSEC_RANGE_SIZE_LOW(0), &val); if (rc) - return rc; + return pcibios_err_to_errno(rc); if (val & CXL_DVSEC_MEM_INFO_VALID) return 0; @@ -250,8 +250,8 @@ static int cxl_set_mem_enable(struct cxl_dev_state *cxlds, u16 val) int rc; rc = pci_read_config_word(pdev, d + CXL_DVSEC_CTRL_OFFSET, &ctrl); - if (rc < 0) - return rc; + if (rc) + return pcibios_err_to_errno(rc); if ((ctrl & CXL_DVSEC_MEM_ENABLE) == val) return 1; @@ -259,8 +259,8 @@ static int cxl_set_mem_enable(struct cxl_dev_state *cxlds, u16 val) ctrl |= val; rc = pci_write_config_word(pdev, d + CXL_DVSEC_CTRL_OFFSET, ctrl); - if (rc < 0) - return rc; + if (rc) + return pcibios_err_to_errno(rc); return 0; } @@ -336,11 +336,11 @@ int cxl_dvsec_rr_decode(struct device *dev, int d, rc = pci_read_config_word(pdev, d + CXL_DVSEC_CAP_OFFSET, &cap); if (rc) - return rc; + return pcibios_err_to_errno(rc); rc = pci_read_config_word(pdev, d + CXL_DVSEC_CTRL_OFFSET, &ctrl); if (rc) - return rc; + return pcibios_err_to_errno(rc); if (!(cap & CXL_DVSEC_MEM_CAPABLE)) { dev_dbg(dev, "Not MEM Capable\n"); @@ -379,14 +379,14 @@ int cxl_dvsec_rr_decode(struct device *dev, int d, rc = pci_read_config_dword( pdev, d + CXL_DVSEC_RANGE_SIZE_HIGH(i), &temp); if (rc) - return rc; + return pcibios_err_to_errno(rc); size = (u64)temp << 32; rc = pci_read_config_dword( pdev, d + CXL_DVSEC_RANGE_SIZE_LOW(i), &temp); if (rc) - return rc; + return pcibios_err_to_errno(rc); size |= temp & CXL_DVSEC_MEM_SIZE_LOW_MASK; if (!size) { @@ -400,14 +400,14 @@ int cxl_dvsec_rr_decode(struct device *dev, int d, rc = pci_read_config_dword( pdev, d + CXL_DVSEC_RANGE_BASE_HIGH(i), &temp); if (rc) - return rc; + return pcibios_err_to_errno(rc); base = (u64)temp << 32; rc = pci_read_config_dword( pdev, d + CXL_DVSEC_RANGE_BASE_LOW(i), &temp); if (rc) - return rc; + return pcibios_err_to_errno(rc); base |= temp & CXL_DVSEC_MEM_BASE_LOW_MASK; diff --git a/drivers/cxl/pci.c b/drivers/cxl/pci.c index e53646e9f2fb..0ec9cbc64896 100644 --- a/drivers/cxl/pci.c +++ b/drivers/cxl/pci.c @@ -540,7 +540,7 @@ static int cxl_pci_ras_unmask(struct pci_dev *pdev) rc = pcie_capability_read_word(pdev, PCI_EXP_DEVCTL, &cap); if (rc) - return rc; + return pcibios_err_to_errno(rc); if (cap & PCI_EXP_DEVCTL_URRE) { addr = cxlds->regs.ras + CXL_RAS_UNCORRECTABLE_MASK_OFFSET; -- 2.39.2

1 year, 3 months

3
4
0 0

[PATCH 09/13] pinctrl: qcom: spmi-gpio: drop broken pm8008 support

by Johan Hovold

The SPMI GPIO driver assumes that the parent device is an SPMI device and accesses random data when backcasting the parent struct device pointer for non-SPMI devices. Fortunately this does not seem to cause any issues currently when the parent device is an I2C client like the PM8008, but this could change if the structures are reorganised (e.g. using structure randomisation). Notably the interrupt implementation is also broken for non-SPMI devices. Also note that the two GPIO pins on PM8008 are used for interrupts and reset so their practical use should be limited. Drop the broken GPIO support for PM8008 for now. Fixes: ea119e5a482a ("pinctrl: qcom-pmic-gpio: Add support for pm8008") Cc: stable(a)vger.kernel.org # 5.13 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/pinctrl/qcom/pinctrl-spmi-gpio.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/pinctrl/qcom/pinctrl-spmi-gpio.c b/drivers/pinctrl/qcom/pinctrl-spmi-gpio.c index f4e2c88a7c82..e61be7d05494 100644 --- a/drivers/pinctrl/qcom/pinctrl-spmi-gpio.c +++ b/drivers/pinctrl/qcom/pinctrl-spmi-gpio.c @@ -1206,7 +1206,6 @@ static const struct of_device_id pmic_gpio_of_match[] = { { .compatible = "qcom,pm7325-gpio", .data = (void *) 10 }, { .compatible = "qcom,pm7550ba-gpio", .data = (void *) 8}, { .compatible = "qcom,pm8005-gpio", .data = (void *) 4 }, - { .compatible = "qcom,pm8008-gpio", .data = (void *) 2 }, { .compatible = "qcom,pm8019-gpio", .data = (void *) 6 }, /* pm8150 has 10 GPIOs with holes on 2, 5, 7 and 8 */ { .compatible = "qcom,pm8150-gpio", .data = (void *) 10 }, -- 2.43.2

1 year, 3 months

5
4
0 0

[PATCH 6.1] wifi: mac80211: apply mcast rate only if interface is up

by Alexander Ofitserov

From: Johannes Berg <johannes.berg(a)intel.com> If the interface isn't enabled, don't apply multicast rate changes immediately. Reported-by: syzbot+de87c09cc7b964ea2e23(a)syzkaller.appspotmail.com Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Alexander Ofitserov <oficerovas(a)altlinux.org> --- net/mac80211/cfg.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c index 1e57027da2913..2c60fc165801c 100644 --- a/net/mac80211/cfg.c +++ b/net/mac80211/cfg.c @@ -2838,8 +2838,9 @@ static int ieee80211_set_mcast_rate(struct wiphy *wiphy, struct net_device *dev, memcpy(sdata->vif.bss_conf.mcast_rate, rate, sizeof(int) * NUM_NL80211_BANDS); - ieee80211_link_info_change_notify(sdata, &sdata->deflink, - BSS_CHANGED_MCAST_RATE); + if (ieee80211_sdata_running(sdata)) + ieee80211_link_info_change_notify(sdata, &sdata->deflink, + BSS_CHANGED_MCAST_RATE); return 0; } -- 2.42.1

1 year, 3 months

2
1
0 0

[RESEND PATCH] perf/x86/intel/uncore: Fix the bits of the CHA extended umask for SPR

by kan.liang＠linux.intel.com

From: Kan Liang <kan.liang(a)linux.intel.com> The perf stat errors out with UNC_CHA_TOR_INSERTS.IA_HIT_CXL_ACC_LOCAL event. $perf stat -e uncore_cha_55/event=0x35,umask=0x10c0008101/ -a -- ls event syntax error: '..0x35,umask=0x10c0008101/' \___ Bad event or PMU The definition of the CHA umask is config:8-15,32-55, which is 32bit. However, the umask of the event is bigger than 32bit. This is an error in the original uncore spec. Add a new umask_ext5 for the new CHA umask range. Fixes: 949b11381f81 ("perf/x86/intel/uncore: Add Sapphire Rapids server CHA support") Closes: https://lore.kernel.org/linux-perf-users/alpine.LRH.2.20.2401300733310.1135… Reviewed-by: Ian Rogers <irogers(a)google.com> Signed-off-by: Kan Liang <kan.liang(a)linux.intel.com> Cc: stable(a)vger.kernel.org --- arch/x86/events/intel/uncore_snbep.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/x86/events/intel/uncore_snbep.c b/arch/x86/events/intel/uncore_snbep.c index a96496bef678..7924f315269a 100644 --- a/arch/x86/events/intel/uncore_snbep.c +++ b/arch/x86/events/intel/uncore_snbep.c @@ -461,6 +461,7 @@ #define SPR_UBOX_DID 0x3250 /* SPR CHA */ +#define SPR_CHA_EVENT_MASK_EXT 0xffffffff #define SPR_CHA_PMON_CTL_TID_EN (1 << 16) #define SPR_CHA_PMON_EVENT_MASK (SNBEP_PMON_RAW_EVENT_MASK | \ SPR_CHA_PMON_CTL_TID_EN) @@ -477,6 +478,7 @@ DEFINE_UNCORE_FORMAT_ATTR(umask_ext, umask, "config:8-15,32-43,45-55"); DEFINE_UNCORE_FORMAT_ATTR(umask_ext2, umask, "config:8-15,32-57"); DEFINE_UNCORE_FORMAT_ATTR(umask_ext3, umask, "config:8-15,32-39"); DEFINE_UNCORE_FORMAT_ATTR(umask_ext4, umask, "config:8-15,32-55"); +DEFINE_UNCORE_FORMAT_ATTR(umask_ext5, umask, "config:8-15,32-63"); DEFINE_UNCORE_FORMAT_ATTR(qor, qor, "config:16"); DEFINE_UNCORE_FORMAT_ATTR(edge, edge, "config:18"); DEFINE_UNCORE_FORMAT_ATTR(tid_en, tid_en, "config:19"); @@ -5957,7 +5959,7 @@ static struct intel_uncore_ops spr_uncore_chabox_ops = { static struct attribute *spr_uncore_cha_formats_attr[] = { &format_attr_event.attr, - &format_attr_umask_ext4.attr, + &format_attr_umask_ext5.attr, &format_attr_tid_en2.attr, &format_attr_edge.attr, &format_attr_inv.attr, @@ -5993,7 +5995,7 @@ ATTRIBUTE_GROUPS(uncore_alias); static struct intel_uncore_type spr_uncore_chabox = { .name = "cha", .event_mask = SPR_CHA_PMON_EVENT_MASK, - .event_mask_ext = SPR_RAW_EVENT_MASK_EXT, + .event_mask_ext = SPR_CHA_EVENT_MASK_EXT, .num_shared_regs = 1, .constraints = skx_uncore_chabox_constraints, .ops = &spr_uncore_chabox_ops, -- 2.35.1

1 year, 3 months

2
1
0 0

[PATCH 5.10 5.15] wifi: mac80211: apply mcast rate only if interface is up

by Alexander Ofitserov

From: Johannes Berg <johannes.berg(a)intel.com> If the interface isn't enabled, don't apply multicast rate changes immediately. Reported-by: syzbot+de87c09cc7b964ea2e23(a)syzkaller.appspotmail.com Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Backported to 5.10 and 5.15 Signed-off-by: Alexander Ofitserov <oficerovas(a)altlinux.org> --- net/mac80211/cfg.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c index 45bb6f2755987..ccd60c59b3d87 100644 --- a/net/mac80211/cfg.c +++ b/net/mac80211/cfg.c @@ -2561,7 +2561,8 @@ static int ieee80211_set_mcast_rate(struct wiphy *wiphy, struct net_device *dev, memcpy(sdata->vif.bss_conf.mcast_rate, rate, sizeof(int) * NUM_NL80211_BANDS); - ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_MCAST_RATE); + if (ieee80211_sdata_running(sdata)) + ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_MCAST_RATE); return 0; } -- 2.42.1

1 year, 3 months

1
0
0 0

[PATCH v2] kobject_uevent: Fix OOB access within zap_modalias_env()

by Zijun Hu

zap_modalias_env() wrongly calculates size of memory block to move, so will cause OOB memory access issue if variable MODALIAS is not the last one within its @env parameter, fixed by correcting size to memmove. Fixes: 9b3fa47d4a76 ("kobject: fix suppressing modalias in uevents delivered over netlink") Cc: stable(a)vger.kernel.org Signed-off-by: Zijun Hu <quic_zijuhu(a)quicinc.com> --- V1 -> V2: Correct commit messages and add inline comments V1 discussion link: https://lore.kernel.org/lkml/0b916393-eb39-4467-9c99-ac1bc9746512@quicinc.c… lib/kobject_uevent.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/lib/kobject_uevent.c b/lib/kobject_uevent.c index 03b427e2707e..f22366be020c 100644 --- a/lib/kobject_uevent.c +++ b/lib/kobject_uevent.c @@ -433,8 +433,23 @@ static void zap_modalias_env(struct kobj_uevent_env *env) len = strlen(env->envp[i]) + 1; if (i != env->envp_idx - 1) { + /* @env->envp[] contains pointers to @env->buf[] + * with @env->buflen elements, and we want to + * remove variable MODALIAS pointed by + * @env->envp[i] with length @len as shown below: + * + * 0 @env->buf[] @env->buflen + * ---------------------------------------- + * ^ ^ ^ + * |-> @len <-| target block | + * @env->envp[i] @env->envp[i+1] + * + * so the "target block" indicated above is moved + * backward by @len, and its right size is + * (@env->buf + @env->buflen - @env->envp[i + 1]). + */ memmove(env->envp[i], env->envp[i + 1], - env->buflen - len); + env->buf + env->buflen - env->envp[i + 1]); for (j = i; j < env->envp_idx - 1; j++) env->envp[j] = env->envp[j + 1] - len; -- 2.7.4

1 year, 3 months

4
4
0 0

[PATCH stable,5.15 0/2] Revert the patchset for fix CVE-2024-26865

by Zhengchao Shao

There's no "pernet" variable in the struct hashinfo. The "pernet" variable is introduced from v6.1-rc1. Revert pre-patch and post-patch. Zhengchao Shao (2): Revert "tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge()" Revert "tcp: Clean up kernel listener's reqsk in inet_twsk_purge()" net/ipv4/inet_timewait_sock.c | 32 +++++++++++--------------------- 1 file changed, 11 insertions(+), 21 deletions(-) -- 2.34.1

1 year, 3 months

3
10
0 0

[PATCH 5.15.y] mptcp: fix full TCP keep-alive support

by Matthieu Baerts (NGI0)

commit bd11dc4fb969ec148e50cd87f88a78246dbc4d0b upstream. SO_KEEPALIVE support has been added a while ago, as part of a series "adding SOL_SOCKET" support. To have a full control of this keep-alive feature, it is important to also support TCP_KEEP* socket options at the SOL_TCP level. Supporting them on the setsockopt() part is easy, it is just a matter of remembering each value in the MPTCP sock structure, and calling tcp_sock_set_keep*() helpers on each subflow. If the value is not modified (0), calling these helpers will not do anything. For the getsockopt() part, the corresponding value from the MPTCP sock structure or the default one is simply returned. All of this is very similar to other TCP_* socket options supported by MPTCP. It looks important for kernels supporting SO_KEEPALIVE, to also support TCP_KEEP* options as well: some apps seem to (wrongly) consider that if the former is supported, the latter ones will be supported as well. But also, not having this simple and isolated change is preventing MPTCP support in some apps, and libraries like GoLang [1]. This is why this patch is seen as a fix. Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/383 Fixes: 1b3e7ede1365 ("mptcp: setsockopt: handle SO_KEEPALIVE and SO_PRIORITY") Link: https://github.com/golang/go/issues/56539 [1] Acked-by: Paolo Abeni <pabeni(a)redhat.com> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Mat Martineau <martineau(a)kernel.org> Link: https://lore.kernel.org/r/20240514011335.176158-3-martineau@kernel.org Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> [ Conflicts in the same context, because commit 29b5e5ef8739 ("mptcp: implement TCP_NOTSENT_LOWAT support") (new feature), commit 013e3179dbd2 ("mptcp: fix rcv space initialization") (not backported because of the various conflicts, and because the race fixed by this commit "does not produce ill effects in practice"), and commit 4f6e14bd19d6 ("mptcp: support TCP_CORK and TCP_NODELAY") are not in this version. The adaptations done by 7f71a337b515 ("mptcp: cleanup SOL_TCP handling") have been adapted to this case here. Also, TCP_KEEPINTVL and TCP_KEEPCNT value had to be set without lock, the same way it was done on TCP side prior commit 6fd70a6b4e6f ("tcp: set TCP_KEEPINTVL locklessly") and commit 84485080cbc1 ("tcp: set TCP_KEEPCNT locklessly"). ] Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> --- net/mptcp/protocol.h | 3 ++ net/mptcp/sockopt.c | 115 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 118 insertions(+) diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index 78aa6125eafb..b4ccae4f6849 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -250,6 +250,9 @@ struct mptcp_sock { bool use_64bit_ack; /* Set when we received a 64-bit DSN */ bool csum_enabled; spinlock_t join_list_lock; + int keepalive_cnt; + int keepalive_idle; + int keepalive_intvl; struct work_struct work; struct sk_buff *ooo_last_skb; struct rb_root out_of_order_queue; diff --git a/net/mptcp/sockopt.c b/net/mptcp/sockopt.c index bd797d8f72ab..36d85af12e76 100644 --- a/net/mptcp/sockopt.c +++ b/net/mptcp/sockopt.c @@ -593,6 +593,60 @@ static int mptcp_setsockopt_sol_tcp_congestion(struct mptcp_sock *msk, sockptr_t return ret; } +static int __tcp_sock_set_keepintvl(struct sock *sk, int val) +{ + if (val < 1 || val > MAX_TCP_KEEPINTVL) + return -EINVAL; + + WRITE_ONCE(tcp_sk(sk)->keepalive_intvl, val * HZ); + + return 0; +} + +static int __tcp_sock_set_keepcnt(struct sock *sk, int val) +{ + if (val < 1 || val > MAX_TCP_KEEPCNT) + return -EINVAL; + + /* Paired with READ_ONCE() in keepalive_probes() */ + WRITE_ONCE(tcp_sk(sk)->keepalive_probes, val); + + return 0; +} + +static int mptcp_setsockopt_set_val(struct mptcp_sock *msk, int max, + int (*set_val)(struct sock *, int), + int *msk_val, sockptr_t optval, + unsigned int optlen) +{ + struct mptcp_subflow_context *subflow; + struct sock *sk = (struct sock *)msk; + int val, err; + + err = mptcp_get_int_option(msk, optval, optlen, &val); + if (err) + return err; + + lock_sock(sk); + mptcp_for_each_subflow(msk, subflow) { + struct sock *ssk = mptcp_subflow_tcp_sock(subflow); + int ret; + + lock_sock(ssk); + ret = set_val(ssk, val); + err = err ? : ret; + release_sock(ssk); + } + + if (!err) { + *msk_val = val; + sockopt_seq_inc(msk); + } + release_sock(sk); + + return err; +} + static int mptcp_setsockopt_sol_tcp(struct mptcp_sock *msk, int optname, sockptr_t optval, unsigned int optlen) { @@ -601,6 +655,21 @@ static int mptcp_setsockopt_sol_tcp(struct mptcp_sock *msk, int optname, return -EOPNOTSUPP; case TCP_CONGESTION: return mptcp_setsockopt_sol_tcp_congestion(msk, optval, optlen); + case TCP_KEEPIDLE: + return mptcp_setsockopt_set_val(msk, MAX_TCP_KEEPIDLE, + &tcp_sock_set_keepidle_locked, + &msk->keepalive_idle, + optval, optlen); + case TCP_KEEPINTVL: + return mptcp_setsockopt_set_val(msk, MAX_TCP_KEEPINTVL, + &__tcp_sock_set_keepintvl, + &msk->keepalive_intvl, + optval, optlen); + case TCP_KEEPCNT: + return mptcp_setsockopt_set_val(msk, MAX_TCP_KEEPCNT, + &__tcp_sock_set_keepcnt, + &msk->keepalive_cnt, + optval, optlen); } return -EOPNOTSUPP; @@ -667,9 +736,40 @@ static int mptcp_getsockopt_first_sf_only(struct mptcp_sock *msk, int level, int return ret; } +static int mptcp_put_int_option(struct mptcp_sock *msk, char __user *optval, + int __user *optlen, int val) +{ + int len; + + if (get_user(len, optlen)) + return -EFAULT; + if (len < 0) + return -EINVAL; + + if (len < sizeof(int) && len > 0 && val >= 0 && val <= 255) { + unsigned char ucval = (unsigned char)val; + + len = 1; + if (put_user(len, optlen)) + return -EFAULT; + if (copy_to_user(optval, &ucval, 1)) + return -EFAULT; + } else { + len = min_t(unsigned int, len, sizeof(int)); + if (put_user(len, optlen)) + return -EFAULT; + if (copy_to_user(optval, &val, len)) + return -EFAULT; + } + + return 0; +} + static int mptcp_getsockopt_sol_tcp(struct mptcp_sock *msk, int optname, char __user *optval, int __user *optlen) { + struct sock *sk = (void *)msk; + switch (optname) { case TCP_ULP: case TCP_CONGESTION: @@ -677,6 +777,18 @@ static int mptcp_getsockopt_sol_tcp(struct mptcp_sock *msk, int optname, case TCP_CC_INFO: return mptcp_getsockopt_first_sf_only(msk, SOL_TCP, optname, optval, optlen); + case TCP_KEEPIDLE: + return mptcp_put_int_option(msk, optval, optlen, + msk->keepalive_idle ? : + READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_keepalive_time) / HZ); + case TCP_KEEPINTVL: + return mptcp_put_int_option(msk, optval, optlen, + msk->keepalive_intvl ? : + READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_keepalive_intvl) / HZ); + case TCP_KEEPCNT: + return mptcp_put_int_option(msk, optval, optlen, + msk->keepalive_cnt ? : + READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_keepalive_probes)); } return -EOPNOTSUPP; } @@ -746,6 +858,9 @@ static void sync_socket_options(struct mptcp_sock *msk, struct sock *ssk) if (inet_csk(sk)->icsk_ca_ops != inet_csk(ssk)->icsk_ca_ops) tcp_set_congestion_control(ssk, msk->ca_name, false, true); + tcp_sock_set_keepidle_locked(ssk, msk->keepalive_idle); + __tcp_sock_set_keepintvl(ssk, msk->keepalive_intvl); + __tcp_sock_set_keepcnt(ssk, msk->keepalive_cnt); } static void __mptcp_sockopt_sync(struct mptcp_sock *msk, struct sock *ssk) -- 2.43.0

1 year, 3 months

1
0
0 0

[PATCH 6.1.y 0/3] Backport of "mptcp: fix full TCP keep-alive support"

by Matthieu Baerts (NGI0)

It looks like the patch "mptcp: fix full TCP keep-alive support" has been backported up to v6.8 recently (thanks!), but not before due to conflicts. I had to adapt a bit the code not to backport new features, but the modifications were simple, and isolated from the rest. Conflicts have been described in each patch. MPTCP sockopts tests have been executed, and no issues have been reported. Matthieu Baerts (NGI0) (1): mptcp: fix full TCP keep-alive support Paolo Abeni (2): mptcp: avoid some duplicate code in socket option handling mptcp: cleanup SOL_TCP handling net/mptcp/protocol.h | 3 + net/mptcp/sockopt.c | 144 +++++++++++++++++++++++++++++++------------ 2 files changed, 108 insertions(+), 39 deletions(-) -- 2.43.0

1 year, 3 months

1
3
0 0

Proposition for linux-stable-mirror@lists.linaro.org.

by ND

1 year, 3 months

1
0
0 0

[PATCH 2/2] fs/ntfs3: Rename the label end_reply to end_replay

by Huacai Chen

The label end_reply is obviously a typo. It should be "replay" in this context. So rename end_reply to end_replay. Cc: stable(a)vger.kernel.org Fixes: b46acd6a6a627d876898e ("fs/ntfs3: Add NTFS journal") Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- fs/ntfs3/fslog.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/ntfs3/fslog.c b/fs/ntfs3/fslog.c index 19c448093df7..87c0e2b52954 100644 --- a/fs/ntfs3/fslog.c +++ b/fs/ntfs3/fslog.c @@ -4661,7 +4661,7 @@ int log_replay(struct ntfs_inode *ni, bool *initialized) * table are not empty. */ if ((!dptbl || !dptbl->total) && (!trtbl || !trtbl->total)) - goto end_reply; + goto end_replay; sbi->flags |= NTFS_FLAGS_NEED_REPLAY; if (is_ro) @@ -5090,7 +5090,7 @@ int log_replay(struct ntfs_inode *ni, bool *initialized) sbi->flags &= ~NTFS_FLAGS_NEED_REPLAY; -end_reply: +end_replay: err = 0; if (is_ro) -- 2.43.0

1 year, 3 months

1
0
0 0

[PATCH 1/2] fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed

by Huacai Chen

If an NTFS file system is mounted to another system with different PAGE_SIZE from the original system, log->page_size will change in log_replay(), but log->page_{mask,bits} don't change correspondingly. This will cause a panic because "u32 bytes = log->page_size - page_off" will get a negative value in the later read_log_page(). Cc: stable(a)vger.kernel.org Fixes: b46acd6a6a627d876898e ("fs/ntfs3: Add NTFS journal") Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- fs/ntfs3/fslog.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/ntfs3/fslog.c b/fs/ntfs3/fslog.c index 855519713bf7..19c448093df7 100644 --- a/fs/ntfs3/fslog.c +++ b/fs/ntfs3/fslog.c @@ -3914,6 +3914,9 @@ int log_replay(struct ntfs_inode *ni, bool *initialized) goto out; } + log->page_mask = log->page_size - 1; + log->page_bits = blksize_bits(log->page_size); + /* If the file size has shrunk then we won't mount it. */ if (log->l_size < le64_to_cpu(ra2->l_size)) { err = -EINVAL; -- 2.43.0

1 year, 3 months

1
0
0 0

[PATCH 6.9 000/427] 6.9.3-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.9.3 release. There are 427 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 29 May 2024 18:53:20 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.9.3-rc1.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.9.3-rc1 Shuah Khan <skhan(a)linuxfoundation.org> Revert "selftests/sgx: Include KHDR_INCLUDES in Makefile" Shuah Khan <skhan(a)linuxfoundation.org> Revert "selftests: Compile kselftest headers with -D_GNU_SOURCE" Tom Parkin <tparkin(a)katalix.com> l2tp: fix ICMP error handling for UDP-encap sockets Jiawen Wu <jiawenwu(a)trustnetic.com> net: txgbe: fix to control VLAN strip Jiawen Wu <jiawenwu(a)trustnetic.com> net: wangxun: match VLAN CTAG and STAG features Jiawen Wu <jiawenwu(a)trustnetic.com> net: wangxun: fix to change Rx features Cheng Yu <serein.chengyu(a)huawei.com> sched/core: Fix incorrect initialization of the 'burst' parameter in cpu_max_write() Vitalii Bursov <vitaly(a)bursov.com> sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level Eric Dumazet <edumazet(a)google.com> af_packet: do not call packet_read_pending() from tpacket_destruct_skb() Eric Dumazet <edumazet(a)google.com> netrom: fix possible dead-lock in nr_rt_ioctl() Michal Schmidt <mschmidt(a)redhat.com> idpf: don't skip over ethtool tcp-data-split setting Hangbin Liu <liuhangbin(a)gmail.com> selftests/net/lib: no need to record ns name if it already exist Chris Lew <quic_clew(a)quicinc.com> net: qrtr: ns: Fix module refcnt Andrii Nakryiko <andrii(a)kernel.org> libbpf: fix feature detectors when using token_fd Nikolay Aleksandrov <razor(a)blackwall.org> net: bridge: mst: fix vlan use-after-free Nikolay Aleksandrov <razor(a)blackwall.org> selftests: net: bridge: increase IGMP/MLD exclude timeout membership interval Nikolay Aleksandrov <razor(a)blackwall.org> net: bridge: xmit: make sure we have at least eth header len bytes Wang Yao <wangyao(a)lemote.com> modules: Drop the .export_symbol section from the final modules Beau Belgrave <beaub(a)linux.microsoft.com> tracing/user_events: Fix non-spaced field matching Ivanov Mikhail <ivanov.mikhail1(a)huawei-partners.com> samples/landlock: Fix incorrect free in populate_ruleset_net Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/cma: Fix kmemleak in rdma_core observed during blktests nvme/rdma use siw Leon Romanovsky <leon(a)kernel.org> RDMA/IPoIB: Fix format truncation compilation errors Edward Liaw <edliaw(a)google.com> selftests/kcmp: remove unused open mode SeongJae Park <sj(a)kernel.org> selftests/damon/_damon_sysfs: check errors from nr_schemes file reads Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Fix gss_free_in_token_pages() Michal Schmidt <mschmidt(a)redhat.com> bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq Sergey Shtylyov <s.shtylyov(a)omp.ru> of: module: add buffer overflow check in of_modalias() Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: apss-ipq-pll: fix PLL rate for IPQ5018 Nathan Chancellor <nathan(a)kernel.org> clk: qcom: Fix SM_GPUCC_8650 dependencies Nathan Chancellor <nathan(a)kernel.org> clk: qcom: Fix SC_CAMCC_8280XP dependencies Zhang Yi <yi.zhang(a)huawei.com> ext4: remove the redundant folio_wait_stable() Dan Carpenter <dan.carpenter(a)linaro.org> ext4: fix potential unnitialized variable Vishal Verma <vishal.l.verma(a)intel.com> dax/bus.c: use the right locking mode (read vs write) in size_show Vishal Verma <vishal.l.verma(a)intel.com> dax/bus.c: don't use down_write_killable for non-user processes Vishal Verma <vishal.l.verma(a)intel.com> dax/bus.c: fix locking for unregister_dax_dev / unregister_dax_mapping paths Vishal Verma <vishal.l.verma(a)intel.com> dax/bus.c: replace WARN_ON_ONCE() with lockdep asserts NeilBrown <neilb(a)suse.de> nfsd: don't create nfsv4recoverydir in nfsdfs when not used. Aleksandr Aprelkov <aaprelkov(a)usergate.com> sunrpc: removed redundant procp check Vasant Hegde <vasant.hegde(a)amd.com> iommu/amd: Enable Guest Translation after reading IOMMU feature register Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: Decouple igfx_off from graphic identity mapping David Hildenbrand <david(a)redhat.com> drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map() Christoph Hellwig <hch(a)lst.de> virt: acrn: stop using follow_pfn Konstantin Taranov <kotaranov(a)microsoft.com> RDMA/mana_ib: boundary check before installing cq callbacks Konstantin Taranov <kotaranov(a)microsoft.com> RDMA/mana_ib: Use struct mana_ib_queue for CQs Konstantin Taranov <kotaranov(a)microsoft.com> RDMA/mana_ib: Introduce helpers to create and destroy mana queues Jan Kara <jack(a)suse.cz> ext4: avoid excessive credit estimate in ext4_tmpfile() Adrian Hunter <adrian.hunter(a)intel.com> x86/insn: Add VEX versions of VPDPBUSD, VPDPBUSDS, VPDPWSSD and VPDPWSSDS Adrian Hunter <adrian.hunter(a)intel.com> x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map Marc Gonzalez <mgonzalez(a)freebox.fr> clk: qcom: mmcc-msm8998: fix venus clock issue Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: dispcc-sm8650: fix DisplayPort clocks Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: dispcc-sm8550: fix DisplayPort clocks Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: dispcc-sm6350: fix DisplayPort clocks Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: dispcc-sm8450: fix DisplayPort clocks Jinjiang Tu <tujinjiang(a)huawei.com> mm/ksm: fix ksm exec support for prctl Duoming Zhou <duoming(a)zju.edu.cn> lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> clk: renesas: r9a07g043: Add clock and reset entry for PLIC Geert Uytterhoeven <geert+renesas(a)glider.be> clk: renesas: r8a779a0: Fix CANFD parent clock Jason Gunthorpe <jgg(a)ziepe.ca> IB/mlx5: Use __iowrite64_copy() for write combining stores Bob Pearson <rpearsonhpe(a)gmail.com> RDMA/rxe: Fix incorrect rxe_put in error path Bob Pearson <rpearsonhpe(a)gmail.com> RDMA/rxe: Allow good work requests to be executed Bob Pearson <rpearsonhpe(a)gmail.com> RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt Tudor Ambarus <tudor.ambarus(a)linaro.org> clk: samsung: gs101: propagate PERIC1 USI SPI clock rate Tudor Ambarus <tudor.ambarus(a)linaro.org> clk: samsung: gs101: propagate PERIC0 USI SPI clock rate Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: clk-alpha-pll: remove invalid Stromer register offset Catalin Popescu <catalin.popescu(a)leica-geosystems.com> clk: rs9: fix wrong default value for clock amplitude Alexandre Mergnat <amergnat(a)baylibre.com> clk: mediatek: mt8365-mm: fix DPI0 parent Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Modify the print level of CQE error Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Use complete parentheses in macros Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix GMV table pagesize wenglianfa <wenglianfa(a)huawei.com> RDMA/hns: Fix mismatch exception rollback Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix UAF for cq async event Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix deadlock on SRQ async events. Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Add max_ah and cq moderation capacities in query_device() Zhengchao Shao <shaozhengchao(a)huawei.com> RDMA/hns: Fix return value in hns_roce_map_mr_sg Yi Liu <yi.l.liu(a)intel.com> iommu: Undo pasid attachment only for the devices that have succeeded Nícolas F. R. A. Prado <nfraprado(a)collabora.com> clk: mediatek: pllfh: Don't log error for missing fhctl node Or Har-Toov <ohartoov(a)nvidia.com> RDMA/mlx5: Adding remote atomic access flag to updatable flags Or Har-Toov <ohartoov(a)nvidia.com> RDMA/mlx5: Change check for cacheable mkeys Or Har-Toov <ohartoov(a)nvidia.com> RDMA/mlx5: Uncacheable mkey has neither rb_key or cache_ent Jaewon Kim <jaewon02.kim(a)samsung.com> clk: samsung: exynosautov9: fix wrong pll clock id value Thomas Weißschuh <linux(a)weissschuh.net> power: supply: core: simplify charge_behaviour formatting Pratyush Yadav <p.yadav(a)ti.com> media: cadence: csi2rx: configure DPHY before starting source stream Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/edid: Parse topology block for all DispID structure v1.x Atish Patra <atishp(a)rivosinc.com> RISC-V: Fix the typo in Scountovf CSR name Detlev Casanova <detlev.casanova(a)collabora.com> drm/rockchip: vop2: Do not divide height twice for YUV Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Add quirk for Logitech Rally Bar Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/mipi-dsi: use correct return type for the DSC functions Stefan Binding <sbinding(a)opensource.cirrus.com> ALSA: hda: cs35l41: Remove Speaker ID for Lenovo Legion slim 7 16ARHA7 Marek Vasut <marex(a)denx.de> drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector Hsin-Te Yuan <yuanhsinte(a)chromium.org> drm/bridge: anx7625: Update audio status while detecting Nícolas F. R. A. Prado <nfraprado(a)collabora.com> drm/panel: novatek-nt35950: Don't log an error when DSI host can't be found Nícolas F. R. A. Prado <nfraprado(a)collabora.com> drm/bridge: dpc3433: Don't log an error when DSI host can't be found Nícolas F. R. A. Prado <nfraprado(a)collabora.com> drm/bridge: tc358775: Don't log an error when DSI host can't be found Nícolas F. R. A. Prado <nfraprado(a)collabora.com> drm/bridge: lt9611uxc: Don't log an error when DSI host can't be found Nícolas F. R. A. Prado <nfraprado(a)collabora.com> drm/bridge: lt9611: Don't log an error when DSI host can't be found Nícolas F. R. A. Prado <nfraprado(a)collabora.com> drm/bridge: lt8912b: Don't log an error when DSI host can't be found Nícolas F. R. A. Prado <nfraprado(a)collabora.com> drm/bridge: icn6211: Don't log an error when DSI host can't be found Nícolas F. R. A. Prado <nfraprado(a)collabora.com> drm/bridge: anx7625: Don't log an error when DSI host can't be found Steven Rostedt <rostedt(a)goodmis.org> ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value Aleksandr Mishin <amishin(a)t-argos.ru> drm: vc4: Fix possible null pointer dereference Huai-Yuan Liu <qq810974084(a)gmail.com> drm/arm/malidp: fix a possible null pointer dereference Zhipeng Lu <alexious(a)zju.edu.cn> media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries Randy Dunlap <rdunlap(a)infradead.org> fbdev: sh7760fb: allow modular build Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: v4l2-subdev: Fix stream handling for crop API Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> media: i2c: et8ek8: Don't strip remove function when driver is builtin Fabio Estevam <festevam(a)denx.de> media: dt-bindings: ovti,ov2680: Fix the power supply names Sakari Ailus <sakari.ailus(a)linux.intel.com> media: ipu3-cio2: Request IRQ earlier Douglas Anderson <dianders(a)chromium.org> drm/msm/dp: Account for the timeout in wait_hpd_asserted() callback Douglas Anderson <dianders(a)chromium.org> drm/msm/dp: Avoid a long timeout for AUX transfer if nothing connected Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dp: allow voltage swing / pre emphasis of 3 Armin Wolf <W_Armin(a)gmx.de> platform/x86: xiaomi-wmi: Fix race condition when reporting key events Aleksandr Mishin <amishin(a)t-argos.ru> drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference Ricardo Ribalda <ribalda(a)chromium.org> media: radio-shark2: Avoid led_names truncations Arnd Bergmann <arnd(a)arndb.de> media: rcar-vin: work around -Wenum-compare-conditional warning Changhuang Liang <changhuang.liang(a)starfivetech.com> staging: media: starfive: Remove links when unregistering devices Aleksandr Burakov <a.burakov(a)rosalinux.ru> media: ngene: Add dvb_ca_en50221_init return value check Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Test result of avs_get_module_entry() Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Fix potential integer overflow Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Fix ASRC module initialization Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Fix debug-slot offset calculation Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: Intel: avs: Restore stream decoupling on prepare Tianchen Ding <dtcccc(a)linux.alibaba.com> selftests: cgroup: skip test_cgcore_lesser_ns_open when cgroup2 mounted without nsdelegate Arnd Bergmann <arnd(a)arndb.de> fbdev: sisfb: hide unused variables Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: mtl: Implement firmware boot state check Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: mtl: Disable interrupts when firmware boot failed Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: lnl: Correct rom_status_reg Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: mtl: Correct rom_status_reg Arnd Bergmann <arnd(a)arndb.de> powerpc/fsl-soc: hide unused const variable Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: SOF: Intel: hda-dai: fix channel map configuration for aggregated dailink Douglas Anderson <dianders(a)chromium.org> drm/mediatek: Init `ddp_comp` with devm_kcalloc() Justin Green <greenjustin(a)chromium.org> drm/mediatek: Add 0 size check to mtk_drm_gem_obj Christian Hewitt <christianshewitt(a)gmail.com> drm/meson: vclk: fix calculation of 59.94 fractional rates Aleksandr Mishin <amishin(a)t-argos.ru> ASoC: kirkwood: Fix potential NULL dereference Arnd Bergmann <arnd(a)arndb.de> fbdev: shmobile: fix snprintf truncation Heiko Stuebner <heiko.stuebner(a)cherry.de> drm/panel: ltk050h3146w: drop duplicate commands from LTK050H3148W init Heiko Stuebner <heiko.stuebner(a)cherry.de> drm/panel: ltk050h3146w: add MIPI_DSI_MODE_VIDEO to LTK050H3148W flags AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> ASoC: mediatek: Assign dummy when codec not specified for a DAI link Arnd Bergmann <arnd(a)arndb.de> drm/imagination: avoid -Woverflow warning Maxim Korotkov <korotkov.maxim.s(a)gmail.com> mtd: rawnand: hynix: fixed typo Aapo Vienamo <aapo.vienamo(a)linux.intel.com> mtd: core: Report error if first mtd_otp_size() call fails in mtd_otp_nvmem_add() Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: ssm4567: Do not ignore route checks Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: Disable route checks for Skylake boards Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Remove redundant condition in dcn35_calc_blocks_to_gate() Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Fix potential index out of bounds in color transformation function Douglas Anderson <dianders(a)chromium.org> drm/panel: atna33xc20: Fix unbalanced regulator in the case HPD doesn't assert Marek Vasut <marex(a)denx.de> drm/lcdif: Do not disable clocks on already suspended hardware Geert Uytterhoeven <geert+renesas(a)glider.be> dev_printk: Add and use dev_no_printk() Geert Uytterhoeven <geert+renesas(a)glider.be> printk: Let no_printk() use _printk() Tony Lindgren <tony(a)atomide.com> drm/omapdrm: Fix console with deferred ops Tony Lindgren <tony(a)atomide.com> drm/omapdrm: Fix console by implementing fb_dirty Lyude Paul <lyude(a)redhat.com> drm/nouveau/dp: Fix incorrect return code in r535_dp_aux_xfer() Vignesh Raman <vignesh.raman(a)collabora.com> drm/ci: update device type for volteer devices Jagan Teki <jagan(a)amarulasolutions.com> drm/bridge: Fix improper bridge init order with pre_enable_prev_first Zhengqiao Xia <xiazhengqiao(a)huaqin.corp-partner.google.com> drm/panel-edp: Add prepare_to_enable to 200ms for MNC207QS1-1 Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_core: Fix not handling hdev->le_num_of_adv_sets=1 Gustavo A. R. Silva <gustavoars(a)kernel.org> Bluetooth: hci_conn, hci_sync: Use __counted_by() to avoid -Wfamnae warnings Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: HCI: Remove HCI_AMP support Iulia Tanasescu <iulia.tanasescu(a)nxp.com> Bluetooth: ISO: Make iso_get_sock_listen generic Dan Carpenter <dan.carpenter(a)linaro.org> Bluetooth: qca: Fix error code in qca_read_fw_build_info() Sebastian Urban <surban(a)surban.net> Bluetooth: compute LE flow credits based on recvbuf space Horatiu Vultur <horatiu.vultur(a)microchip.com> net: micrel: Fix receiving the timestamp in the frame for lan8841 Xiaolei Wang <xiaolei.wang(a)windriver.com> net: stmmac: move the EST lock to struct stmmac_priv Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: fix full TCP keep-alive support Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: SO_KEEPALIVE: fix getsockopt support Wei Fang <wei.fang(a)nxp.com> net: fec: remove .ndo_poll_controller to avoid deadlocks Chen Ni <nichen(a)iscas.ac.cn> dpll: fix return value check for kmemdup Duoming Zhou <duoming(a)zju.edu.cn> ax25: Fix reference count leak issue of net_device Duoming Zhou <duoming(a)zju.edu.cn> ax25: Fix reference count leak issues of ax25_dev Duoming Zhou <duoming(a)zju.edu.cn> ax25: Use kernel universal linked list to implement ax25_dev_list Eric Dumazet <edumazet(a)google.com> inet: fix inet_fill_ifaddr() flags truncation Puranjay Mohan <puranjay(a)kernel.org> riscv, bpf: make some atomic operations fully ordered Ilya Leoshkevich <iii(a)linux.ibm.com> s390/bpf: Emit a barrier for BPF_FETCH instructions Akiva Goldberger <agoldberger(a)nvidia.com> net/mlx5: Discard command completions in internal error Akiva Goldberger <agoldberger(a)nvidia.com> net/mlx5: Add a timeout to acquire the command queue semaphore Maher Sanalla <msanalla(a)nvidia.com> net/mlx5: Reload only IB representors upon lag disable/enable Shay Drory <shayd(a)nvidia.com> net/mlx5: Fix peer devlink set for SF representor devlink port Shay Drory <shayd(a)nvidia.com> net/mlx5e: Fix netif state handling Hangbin Liu <liuhangbin(a)gmail.com> ipv6: sr: fix invalid unregister error path Hangbin Liu <liuhangbin(a)gmail.com> ipv6: sr: fix incorrect unregister order Hangbin Liu <liuhangbin(a)gmail.com> ipv6: sr: add missing seg6_local_exit Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: fix overwriting ct original tuple for ICMPv6 Eric Dumazet <edumazet(a)google.com> net: usb: smsc95xx: stop lying about skb->truesize Breno Leitao <leitao(a)debian.org> af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg Linus Walleij <linus.walleij(a)linaro.org> net: ethernet: cortina: Locking fixes Dan Nowlin <dan.nowlin(a)intel.com> ice: Fix package download algorithm Daniel Golle <daniel(a)makrotopia.org> net: ethernet: mediatek: use ADMAv1 instead of ADMAv2.0 on MT7981 and MT7986 Lorenzo Bianconi <lorenzo(a)kernel.org> net: ethernet: mediatek: split tx and rx fields in mtk_soc_data struct Jakub Kicinski <kuba(a)kernel.org> selftests: net: move amt to socat for better compatibility Jakub Kicinski <kuba(a)kernel.org> selftests: net: add missing config for amt.sh Jakub Kicinski <kuba(a)kernel.org> eth: sungem: remove .ndo_poll_controller to avoid deadlocks gaoxingwang <gaoxingwang1(a)huawei.com> net: ipv6: fix wrong start position when receive hop-by-hop fragment Vadim Fedorenko <vadim.fedorenko(a)linux.dev> ptp: ocp: fix DPLL functions Benjamin Marzinski <bmarzins(a)redhat.com> dm-delay: fix max_delay calculations Joel Colledge <joel.colledge(a)linbit.com> dm-delay: fix hung task introduced by kthread mode Benjamin Marzinski <bmarzins(a)redhat.com> dm-delay: fix workqueue delay_timer race Edward Liaw <edliaw(a)google.com> selftests/sgx: Include KHDR_INCLUDES in Makefile Edward Liaw <edliaw(a)google.com> selftests: Compile kselftest headers with -D_GNU_SOURCE Geert Uytterhoeven <geert(a)linux-m68k.org> m68k: Move ARCH_HAS_CPU_CACHE_ALIASING Finn Thain <fthain(a)linux-m68k.org> m68k: mac: Fix reboot hang on Mac IIci Michael Schmitz <schmitzmic(a)gmail.com> m68k: Fix spinlock race in kernel thread creation Eric Dumazet <edumazet(a)google.com> net: usb: sr9700: stop lying about skb->truesize Eric Dumazet <edumazet(a)google.com> usb: aqc111: stop lying about skb->truesize Josef Bacik <josef(a)toxicpanda.com> btrfs: set start on clone before calling copy_extent_buffer_full Basavaraj Natikar <Basavaraj.Natikar(a)amd.com> HID: amd_sfh: Handle "no sensors" in PM operations Dan Carpenter <dan.carpenter(a)linaro.org> wifi: mwl8k: initialize cmd->addr[] properly Robert Richter <rrichter(a)amd.com> x86/numa: Fix SRAT lookup of CFMWS ranges with numa_fill_memblks() Jim Liu <jim.t90615(a)gmail.com> gpio: nuvoton: Fix sgpio irq handle error Himanshu Madhani <himanshu.madhani(a)oracle.com> scsi: qla2xxx: Fix debugfs output for fw_resource_count Bui Quang Minh <minhquangbui99(a)gmail.com> scsi: qedf: Ensure the copied buf is NUL terminated Bui Quang Minh <minhquangbui99(a)gmail.com> scsi: bfa: Ensure the copied buf is NUL terminated Chen Ni <nichen(a)iscas.ac.cn> HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors Michal Schmidt <mschmidt(a)redhat.com> selftests/bpf: Fix pointer arithmetic in test_xdp_do_redirect Scott Mayhew <smayhew(a)redhat.com> kunit: bail out early in __kunit_test_suites_init() if there are no suites to test Wander Lairson Costa <wander(a)redhat.com> kunit: unregister the device on error Mickaël Salaün <mic(a)digikod.net> kunit: Fix kthread reference Valentin Obst <kernel(a)valentinobst.de> selftests: default to host arch for LLVM builds John Hubbard <jhubbard(a)nvidia.com> selftests/resctrl: fix clang build failure: use LOCAL_HDRS John Hubbard <jhubbard(a)nvidia.com> selftests/binderfs: use the Makefile's rules, not Make's implicit rules Nícolas F. R. A. Prado <nfraprado(a)collabora.com> selftests: power_supply: Make it POSIX-compliant Nícolas F. R. A. Prado <nfraprado(a)collabora.com> selftests: ktap_helpers: Make it POSIX-compliant Chih-Kang Chang <gary.chang(a)realtek.com> wifi: rtw89: wow: refine WoWLAN flows of HCI interrupts and low power mode Kees Cook <keescook(a)chromium.org> wifi: nl80211: Avoid address calculations via out of bounds array indexing Jiri Olsa <jolsa(a)kernel.org> libbpf: Fix error message in attach_kprobe_multi Felix Fietkau <nbd(a)nbd.name> wifi: mt76: connac: use muar idx 0xe for non-mt799x as well Howard Hsu <howard-yh.hsu(a)mediatek.com> wifi: mt76: mt7996: fix potential memory leakage when reading chip temperature Lorenzo Bianconi <lorenzo(a)kernel.org> wifi: mt76: mt7996: fix uninitialized variable in mt7996_irq_tasklet() Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: ensure 4-byte alignment for suspend & wow command Chad Monroe <chad(a)monroe.io> wifi: mt76: mt7996: fix size of txpower MCU command Muhammad Usama Anjum <usama.anjum(a)collabora.com> wifi: mt76: connac: check for null before dereferencing Felix Fietkau <nbd(a)nbd.name> wifi: mt76: mt7603: add wpdma tx eof flag for PSE client reset Felix Fietkau <nbd(a)nbd.name> wifi: mt76: mt7603: fix tx queue of loopback packets Guenter Roeck <linux(a)roeck-us.net> Revert "sh: Handle calling csum_partial with misaligned data" Geert Uytterhoeven <geert+renesas(a)glider.be> sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe() Stanislav Fomichev <sdf(a)google.com> bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE George Stark <gnstark(a)salutedevices.com> pwm: meson: Use mul_u64_u64_div_u64() for frequency calculating George Stark <gnstark(a)salutedevices.com> pwm: meson: Add check for error from clk_round_rate() Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> wifi: ar5523: enable proper endpoint verification Viktor Malik <vmalik(a)redhat.com> selftests/bpf: Run cgroup1_hierarchy test in own mount namespace Alexei Starovoitov <ast(a)kernel.org> bpf: Fix verifier assumptions about socket->sk Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> wifi: carl9170: add a proper sanity check for endpoints Finn Thain <fthain(a)linux-m68k.org> macintosh/via-macii: Fix "BUG: sleeping function called from invalid context" Eric Dumazet <edumazet(a)google.com> net: give more chances to rcu in netdev_wait_allrefs_any() Hao Chen <chenhao418(a)huawei.com> drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() Junhao He <hejunhao3(a)huawei.com> drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group Junhao He <hejunhao3(a)huawei.com> drivers/perf: hisi_pcie: Fix out-of-bound access when valid event group Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: sti: Simplify probe function using devm functions Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal/debugfs: Pass cooling device state to thermal_debug_cdev_add() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal/debugfs: Create records for cdev states as they get used Eric Dumazet <edumazet(a)google.com> tcp: avoid premature drops in tcp_add_backlog() Matthias Schiffer <matthias.schiffer(a)ew.tq-group.com> net: dsa: mv88e6xxx: Avoid EEPROM timeout without EEPROM on 88E6250-family switches Matthias Schiffer <matthias.schiffer(a)ew.tq-group.com> net: dsa: mv88e6xxx: Add support for model-specific pre- and post-reset handlers Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> wifi: ath10k: populate board data for WCN3990 Portia Stephens <portia.stephens(a)canonical.com> cpufreq: brcmstb-avs-cpufreq: ISO C90 forbids mixed declarations Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: mcq: Fix ufshcd_mcq_sqe_search() Geliang Tang <tanggeliang(a)kylinos.cn> selftests/bpf: Fix a fd leak in error paths in open_netns Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal/debugfs: Avoid excessive updates of trip point statistics Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: do_xmote fixes Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: finish_xmote cleanup Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Fix potential glock use-after-free on unmount Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Remove ill-placed consistency check Su Hui <suhui(a)nfschina.com> wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() Binbin Zhou <zhoubinbin(a)loongson.cn> dt-bindings: thermal: loongson,ls2k-thermal: Fix incorrect compatible definition Binbin Zhou <zhoubinbin(a)loongson.cn> dt-bindings: thermal: loongson,ls2k-thermal: Add Loongson-2K0500 compatible Aleksandr Mishin <amishin(a)t-argos.ru> thermal/drivers/tsens: Fix null pointer dereference Hsin-Te Yuan <yuanhsinte(a)chromium.org> thermal/drivers/mediatek/lvts_thermal: Add coeff for mt8192 Karthikeyan Kathirvel <quic_kathirve(a)quicinc.com> wifi: ath12k: fix out-of-bound access of qmi_invoke_handler() Ard Biesheuvel <ardb(a)kernel.org> x86/purgatory: Switch to the position-independent small code model Yuri Karpov <YKarpov(a)ispras.ru> scsi: hpsa: Fix allocation size for Scsi_Host private data Xingui Yang <yangxingui(a)huawei.com> scsi: libsas: Fix the failure of adding phy with zero-address to port Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: init vif works only once Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: mvm: don't always disable EMLSR due to BT coex Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: mvm: calculate EMLSR mode after connection Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: introduce esr_disable_reason Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: transmit deauth only if link is available Aleksandr Mishin <amishin(a)t-argos.ru> cppc_cpufreq: Fix possible null pointer dereference Stafford Horne <shorne(a)gmail.com> openrisc: traps: Don't send signals to kernel mode threads Stafford Horne <shorne(a)gmail.com> openrisc: Use do_kernel_power_off() Gabriel Krisman Bertazi <krisman(a)suse.de> udp: Avoid call to compute_score on multiple sites Juergen Gross <jgross(a)suse.com> x86/pat: Fix W^X violation false-positives when running as Xen PV guest Juergen Gross <jgross(a)suse.com> x86/pat: Restructure _lookup_address_cpa() Juergen Gross <jgross(a)suse.com> x86/pat: Introduce lookup_address_in_pgd_attr() Viresh Kumar <viresh.kumar(a)linaro.org> cpufreq: exit() callback is optional Hechao Li <hli(a)netflix.com> tcp: increase the default TCP scaling ratio Geliang Tang <tanggeliang(a)kylinos.cn> selftests/bpf: Fix umount cgroup2 error in test_sockmap Ard Biesheuvel <ardb(a)kernel.org> x86/boot/64: Clear most of CR4 in startup_64(), except PAE, MCE and LA57 Jinjie Ruan <ruanjinjie(a)huawei.com> arm64: Remove unnecessary irqflags alternative.h include Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Fix "ignore unlock failures after withdraw" Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Don't forget to complete delayed withdraw Arnd Bergmann <arnd(a)arndb.de> ACPI: disable -Wstringop-truncation Zenghui Yu <yuzenghui(a)huawei.com> irqchip/loongson-pch-msi: Fix off-by-one on allocation error path Zenghui Yu <yuzenghui(a)huawei.com> irqchip/alpine-msi: Fix off-by-one in allocation error path Uros Bizjak <ubizjak(a)gmail.com> locking/atomic/x86: Correct the definition of __arch_try_cmpxchg128() Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/skx_common: Allow decoding of SGX addresses Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> ACPI: LPSS: Advertise number of chip selects via property Andrew Halaney <ahalaney(a)redhat.com> scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL Andrew Halaney <ahalaney(a)redhat.com> scsi: ufs: core: Perform read back after disabling interrupts Andrew Halaney <ahalaney(a)redhat.com> scsi: ufs: core: Perform read back after writing UTP_TASK_REQ_LIST_BASE_H Andrew Halaney <ahalaney(a)redhat.com> scsi: ufs: cdns-pltfrm: Perform read back after writing HCLKDIV Andrew Halaney <ahalaney(a)redhat.com> scsi: ufs: qcom: Perform read back after writing CGC enable Andrew Halaney <ahalaney(a)redhat.com> scsi: ufs: qcom: Perform read back after writing unipro mode Andrew Halaney <ahalaney(a)redhat.com> scsi: ufs: qcom: Perform read back after writing REG_UFS_SYS1CLK_1US Andrew Halaney <ahalaney(a)redhat.com> scsi: ufs: qcom: Perform read back after writing reset bit Arnd Bergmann <arnd(a)arndb.de> x86/microcode/AMD: Avoid -Wformat warning with clang-15 Andrii Nakryiko <andrii(a)kernel.org> bpf: prevent r10 register from being marked as precise Anton Protopopov <aspsk(a)isovalent.com> bpf: Pack struct bpf_fib_lookup Sahil Siddiq <icegambit91(a)gmail.com> bpftool: Mount bpffs on provided dir instead of parent dir Arnd Bergmann <arnd(a)arndb.de> wifi: carl9170: re-fix fortified-memset warning Alexander Aring <aahringo(a)redhat.com> dlm: fix user space lock decision to copy lvb Alexander Lobakin <aleksander.lobakin(a)intel.com> bitops: add missing prototype check Arnd Bergmann <arnd(a)arndb.de> mlx5: stop warning for 64KB pages Arnd Bergmann <arnd(a)arndb.de> mlx5: avoid truncating error message Arnd Bergmann <arnd(a)arndb.de> qed: avoid truncating work queue length Arnd Bergmann <arnd(a)arndb.de> enetc: avoid truncating error message Armin Wolf <W_Armin(a)gmx.de> ACPI: bus: Indicate support for IRQ ResourceSource thru _OSC Armin Wolf <W_Armin(a)gmx.de> ACPI: Fix Generic Initiator Affinity _OSC bit Armin Wolf <W_Armin(a)gmx.de> ACPI: bus: Indicate support for the Generic Event Device thru _OSC Armin Wolf <W_Armin(a)gmx.de> ACPI: bus: Indicate support for more than 16 p-states thru _OSC Armin Wolf <W_Armin(a)gmx.de> ACPI: bus: Indicate support for _TFP thru _OSC Shrikanth Hegde <sshegde(a)linux.ibm.com> sched/fair: Add EAS checks before updating root_domain::overutilized Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: fix check in iwl_mvm_sta_fw_id_mask Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: reconfigure TLC during HW restart Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: select STA mask only for active links Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: set wider BW OFDMA ignore correctly Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: mvm: fix active link counting during recovery Ayala Beker <ayala.beker(a)intel.com> wifi: mac80211: don't select link ID if not provided in scan request Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: allocate STA links only for active links Ilan Peer <ilan.peer(a)intel.com> wifi: iwlwifi: mvm: Do not warn on invalid link on scan complete Benjamin Berg <benjamin.berg(a)intel.com> wifi: cfg80211: ignore non-TX BSSs in per-STA profile Johannes Berg <johannes.berg(a)intel.com> wifi: ieee80211: fix ieee80211_mle_basic_sta_prof_size_ok() Paul Menzel <pmenzel(a)molgen.mpg.de> x86/fred: Fix typo in Kconfig description Guixiong Wei <weiguixiong(a)bytedance.com> x86/boot: Ignore relocations in .notes sections in walk_relocs() too Lorenzo Bianconi <lorenzo(a)kernel.org> wifi: mt76: mt7915: workaround too long expansion sparse warnings Aloka Dixit <quic_alokad(a)quicinc.com> wifi: ath12k: use correct flag field for 320 MHz channels Quentin Monnet <qmo(a)kernel.org> libbpf: Prevent null-pointer dereference when prog to load has no BTF Yonghong Song <yonghong.song(a)linux.dev> bpftool: Fix missing pids during link show Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: don't force enable power save on non-running vdevs Duoming Zhou <duoming(a)zju.edu.cn> wifi: brcmfmac: pcie: handle randbuf allocation failure Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath10k: poll service ready message before failing Yu Kuai <yukuai3(a)huawei.com> block: support to account io_ticks precisely INAGAKI Hiroshi <musashino.open(a)gmail.com> block: fix and simplify blkdevparts= cmdline parsing Christoph Hellwig <hch(a)lst.de> block: refine the EOF check in blkdev_iomap_begin Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> crypto: qat - specify firmware files for 402xx Yu Kuai <yukuai3(a)huawei.com> md: fix resync softlockup when bitmap size is less than array size Kees Cook <keescook(a)chromium.org> kunit/fortify: Fix replaced failure path to unbreak __alloc_size Kees Cook <keescook(a)chromium.org> lkdtm: Disable CFI checking for perms functions Bjorn Andersson <quic_bjorande(a)quicinc.com> soc: qcom: pmic_glink: Make client-lock non-sleeping Pavel Begunkov <asml.silence(a)gmail.com> io_uring/net: fix sendzc lazy wake polling Sumanth Korikkar <sumanthk(a)linux.ibm.com> s390: vmlinux.lds.S: Drop .hash and .gnu.hash for !CONFIG_PIE_BUILD Kees Cook <keescook(a)chromium.org> kunit/fortify: Fix mismatched kvalloc()/vfree() usage Marek Vasut <marex(a)denx.de> hwrng: stm32 - repair clock handling Marek Vasut <marex(a)denx.de> hwrng: stm32 - put IP into RPM suspend on failure Marek Vasut <marex(a)denx.de> hwrng: stm32 - use logical OR in conditional Lucas Segarra Fernandez <lucas.segarra.fernandez(a)intel.com> crypto: qat - validate slices count returned by FW Zhu Yanjun <yanjun.zhu(a)linux.dev> null_blk: Fix missing mutex_destroy() at module removal Chun-Kuang Hu <chunkuang.hu(a)kernel.org> soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE Mukesh Ojha <quic_mojha(a)quicinc.com> firmware: qcom: scm: Fix __scm and waitq completion variable initialization Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> soc: qcom: pmic_glink: notify clients about the current state Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> soc: qcom: pmic_glink: don't traverse clients list without a lock Adam Guerin <adam.guerin(a)intel.com> crypto: qat - improve error logging to be consistent across features Adam Guerin <adam.guerin(a)intel.com> crypto: qat - improve error message in adf_get_arbiter_mapping() Chen Ni <nichen(a)iscas.ac.cn> crypto: octeontx2 - add missing check for dma_map_single David Hildenbrand <david(a)redhat.com> s390/mm: Re-enable the shared zeropage for !PV and !skeys KVM guests David Hildenbrand <david(a)redhat.com> mm/userfaultfd: Do not place zeropages when zeropages are disallowed Gabriel Krisman Bertazi <krisman(a)suse.de> io-wq: write next_work before dropping acct_lock Chuck Lever <chuck.lever(a)oracle.com> shmem: Fix shmem_rename2() Chuck Lever <chuck.lever(a)oracle.com> libfs: Add simple_offset_rename() API Chuck Lever <chuck.lever(a)oracle.com> libfs: Fix simple_offset_rename_exchange() Ilya Denisyev <dev(a)elkcl.ru> jffs2: prevent xattr node from overflowing the eraseblock Maxime Ripard <mripard(a)kernel.org> ARM: configs: sunxi: Enable DRM_DW_HDMI Nikita Kiryushin <kiryushin(a)ancud.ru> rcu: Fix buffer overflow in print_cpu_stall_info() Nikita Kiryushin <kiryushin(a)ancud.ru> rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow Jens Axboe <axboe(a)kernel.dk> io_uring: use the right type for work_llist empty check Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/cio: fix tracepoint subchannel type field Eric Biggers <ebiggers(a)google.com> crypto: x86/sha512-avx2 - add missing vzeroupper Eric Biggers <ebiggers(a)google.com> crypto: x86/sha256-avx2 - add missing vzeroupper Eric Biggers <ebiggers(a)google.com> crypto: x86/nh-avx2 - add missing vzeroupper Arnd Bergmann <arnd(a)arndb.de> crypto: ccp - drop platform ifdef checks Al Viro <viro(a)zeniv.linux.org.uk> parisc: add missing export of __cmpxchg_u8() Arnd Bergmann <arnd(a)arndb.de> nilfs2: fix out-of-range warning Brian Kubisiak <brian(a)kubisiak.com> ecryptfs: Fix buffer size for tag 66 packet Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> firmware: raspberrypi: Use correct device for DMA mappings Guenter Roeck <linux(a)roeck-us.net> mm/slub, kunit: Use inverted data to corrupt kmem cache Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> firmware: qcom: qcm: fix unused qcom_scm_qseecom_allowlist Aleksandr Mishin <amishin(a)t-argos.ru> crypto: bcm - Fix pointer arithmetic Eric Sandeen <sandeen(a)redhat.com> openpromfs: finish conversion to the new mount API Eric Biggers <ebiggers(a)google.com> KEYS: asymmetric: Add missing dependencies of FIPS_SIGNATURE_SELFTEST Eric Biggers <ebiggers(a)google.com> KEYS: asymmetric: Add missing dependency on CRYPTO_SIG Takashi Iwai <tiwai(a)suse.de> ALSA: Fix deadlocks with kctl removals at disconnection Takashi Iwai <tiwai(a)suse.de> ALSA: timer: Set lower bound of start tick time Takashi Iwai <tiwai(a)suse.de> ALSA: core: Fix NULL module pointer assignment at card init Andy Chi <andy.chi(a)canonical.com> ALSA: hda/realtek: fix mute/micmute LEDs don't work for ProBook 440/460 G11. Nandor Kracser <bonifaido(a)gmail.com> ksmbd: ignore trailing slashes in share paths Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: avoid to send duplicate oplock break notifications Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Break dir enumeration if directory contents error Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix case when index is reused during tree transformation Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Taking DOS names into account during link counting Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Remove max link count info display during driver init Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix potential hang in nilfs_detach_log_writer() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix unexpected freezing of nilfs_segctor_sync() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix use-after-free of timer for log writer thread Nuno Sa <nuno.sa(a)analog.com> dt-bindings: adc: axi-adc: add clocks property Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: fix false alarm on invalid block address Thorsten Blum <thorsten.blum(a)toblux.com> net: smc91x: Fix m68k kernel compilation for ColdFire CPU Herve Codina <herve.codina(a)bootlin.com> net: lan966x: remove debugfs directory in probe() error path Romain Gantois <romain.gantois(a)bootlin.com> net: ti: icssg_prueth: Fix NULL pointer dereference in prueth_probe() Brennan Xavier McManus <bxmcmanus(a)gmail.com> tools/nolibc/stdlib: fix memory error in realloc() Shuah Khan <skhan(a)linuxfoundation.org> tools/latency-collector: Fix -Wformat-security compile warns Souradeep Chakrabarti <schakrabarti(a)linux.microsoft.com> net: mana: Fix the extra HZ in mana_hwc_send_request Petr Pavlu <petr.pavlu(a)suse.com> ring-buffer: Fix a race between readers and resize checks Ken Milmore <ken.milmore(a)gmail.com> r8169: Fix possible ring buffer corruption on fragmented Tx packets. Heiner Kallweit <hkallweit1(a)gmail.com> Revert "r8169: don't try to disable interrupts if NAPI is, scheduled already" Jens Axboe <axboe(a)kernel.dk> io_uring/sqpoll: ensure that normal task_work is also run timely Ming Lei <ming.lei(a)redhat.com> io_uring: fail NOP if non-zero op flags is passed in Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: try trimming too long modalias strings Pin-yen Lin <treapking(a)chromium.org> serial: 8520_mtk: Set RTS on shutdown for Rx in-band wakeup Doug Berger <opendmb(a)gmail.com> serial: 8250_bcm7271: use default_mux_rate if possible Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler Dan Carpenter <dan.carpenter(a)linaro.org> speakup: Fix sizeof() vs ARRAY_SIZE() bug Daniel Starke <daniel.starke(a)siemens.com> tty: n_gsm: fix missing receive state reset after mode switch Daniel Starke <daniel.starke(a)siemens.com> tty: n_gsm: fix possible out-of-bounds in gsm0_receive() Will Deacon <will(a)kernel.org> Reapply "arm64: fpsimd: Implement lazy restore for kernel mode FPSIMD" Ard Biesheuvel <ardb(a)kernel.org> arm64/fpsimd: Avoid erroneous elide of user state reload Will Deacon <will(a)kernel.org> Revert "arm64: fpsimd: Implement lazy restore for kernel mode FPSIMD" Zheng Yejian <zhengyejian1(a)huawei.com> ftrace: Fix possible use-after-free issue in ftrace_location() Masami Hiramatsu (Google) <mhiramat(a)kernel.org> selftests/ftrace: Fix checkbashisms errors Masami Hiramatsu (Google) <mhiramat(a)kernel.org> selftests/ftrace: Fix BTFARG testcase to check fprobe is enabled correctly Daniel J Blueman <daniel(a)quora.org> x86/tsc: Trust initial offset in architectural TSC-adjust MSRs ------------- Diffstat: .../devicetree/bindings/iio/adc/adi,axi-adc.yaml | 5 + .../devicetree/bindings/media/i2c/ovti,ov2680.yaml | 18 +- .../bindings/thermal/loongson,ls2k-thermal.yaml | 24 ++- Makefile | 4 +- arch/arm/configs/sunxi_defconfig | 1 + arch/arm64/include/asm/irqflags.h | 1 - arch/arm64/kernel/fpsimd.c | 44 ++-- arch/m68k/Kconfig | 2 +- arch/m68k/kernel/entry.S | 4 +- arch/m68k/mac/misc.c | 36 ++-- arch/openrisc/kernel/process.c | 8 +- arch/openrisc/kernel/traps.c | 42 ++-- arch/parisc/kernel/parisc_ksyms.c | 1 + arch/powerpc/sysdev/fsl_msi.c | 2 + arch/riscv/include/asm/csr.h | 2 +- arch/riscv/net/bpf_jit_comp64.c | 20 +- arch/s390/include/asm/gmap.h | 2 +- arch/s390/include/asm/mmu.h | 5 + arch/s390/include/asm/mmu_context.h | 1 + arch/s390/include/asm/pgtable.h | 16 +- arch/s390/kernel/vmlinux.lds.S | 2 +- arch/s390/kvm/kvm-s390.c | 4 +- arch/s390/mm/gmap.c | 165 ++++++++++---- arch/s390/net/bpf_jit_comp.c | 8 +- arch/sh/kernel/kprobes.c | 7 +- arch/sh/lib/checksum.S | 67 ++---- arch/x86/Kconfig | 2 +- arch/x86/boot/compressed/head_64.S | 5 + arch/x86/crypto/nh-avx2-x86_64.S | 1 + arch/x86/crypto/sha256-avx2-asm.S | 1 + arch/x86/crypto/sha512-avx2-asm.S | 1 + arch/x86/include/asm/cmpxchg_64.h | 2 +- arch/x86/include/asm/pgtable_types.h | 2 + arch/x86/include/asm/sparsemem.h | 2 - arch/x86/kernel/cpu/microcode/amd.c | 2 +- arch/x86/kernel/tsc_sync.c | 6 +- arch/x86/lib/x86-opcode-map.txt | 10 +- arch/x86/mm/numa.c | 4 +- arch/x86/mm/pat/set_memory.c | 68 ++++-- arch/x86/purgatory/Makefile | 3 +- arch/x86/tools/relocs.c | 9 + block/blk-core.c | 9 +- block/blk-merge.c | 2 + block/blk-mq.c | 4 + block/blk.h | 1 + block/fops.c | 2 +- block/genhd.c | 2 +- block/partitions/cmdline.c | 49 ++--- crypto/asymmetric_keys/Kconfig | 3 + drivers/accessibility/speakup/main.c | 2 +- drivers/acpi/acpi_lpss.c | 1 + drivers/acpi/acpica/Makefile | 1 + drivers/acpi/bus.c | 5 + drivers/acpi/numa/srat.c | 5 + drivers/block/null_blk/main.c | 2 + drivers/bluetooth/btmrvl_main.c | 9 - drivers/bluetooth/btqca.c | 4 +- drivers/bluetooth/btrsi.c | 1 - drivers/bluetooth/btsdio.c | 8 - drivers/bluetooth/btusb.c | 5 - drivers/bluetooth/hci_bcm4377.c | 1 - drivers/bluetooth/hci_ldisc.c | 6 - drivers/bluetooth/hci_serdev.c | 5 - drivers/bluetooth/hci_uart.h | 1 - drivers/bluetooth/hci_vhci.c | 10 +- drivers/bluetooth/virtio_bt.c | 2 - drivers/char/hw_random/stm32-rng.c | 18 +- drivers/clk/clk-renesas-pcie.c | 10 +- drivers/clk/mediatek/clk-mt8365-mm.c | 2 +- drivers/clk/mediatek/clk-pllfh.c | 2 +- drivers/clk/qcom/Kconfig | 2 + drivers/clk/qcom/apss-ipq-pll.c | 3 +- drivers/clk/qcom/clk-alpha-pll.c | 1 - drivers/clk/qcom/dispcc-sm6350.c | 11 +- drivers/clk/qcom/dispcc-sm8450.c | 20 +- drivers/clk/qcom/dispcc-sm8550.c | 20 +- drivers/clk/qcom/dispcc-sm8650.c | 20 +- drivers/clk/qcom/mmcc-msm8998.c | 8 + drivers/clk/renesas/r8a779a0-cpg-mssr.c | 2 +- drivers/clk/renesas/r9a07g043-cpg.c | 9 + drivers/clk/samsung/clk-exynosautov9.c | 8 +- drivers/clk/samsung/clk-gs101.c | 225 ++++++++++--------- drivers/clk/samsung/clk.h | 11 +- drivers/cpufreq/brcmstb-avs-cpufreq.c | 5 +- drivers/cpufreq/cppc_cpufreq.c | 14 +- drivers/cpufreq/cpufreq.c | 11 +- drivers/crypto/bcm/spu2.c | 2 +- drivers/crypto/ccp/sp-platform.c | 14 +- .../crypto/intel/qat/qat_420xx/adf_420xx_hw_data.c | 2 +- .../crypto/intel/qat/qat_4xxx/adf_4xxx_hw_data.c | 2 +- drivers/crypto/intel/qat/qat_4xxx/adf_drv.c | 2 + drivers/crypto/intel/qat/qat_common/adf_gen4_tl.c | 1 + drivers/crypto/intel/qat/qat_common/adf_rl.c | 2 +- .../crypto/intel/qat/qat_common/adf_telemetry.c | 21 ++ .../crypto/intel/qat/qat_common/adf_telemetry.h | 1 + drivers/crypto/marvell/octeontx2/cn10k_cpt.c | 4 + drivers/dax/bus.c | 66 ++---- drivers/dpll/dpll_core.c | 2 +- drivers/edac/skx_common.c | 2 +- drivers/firmware/qcom/qcom_scm.c | 12 +- drivers/firmware/raspberrypi.c | 7 +- drivers/gpio/gpio-npcm-sgpio.c | 10 +- .../gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c | 5 + .../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 3 +- drivers/gpu/drm/arm/malidp_mw.c | 5 +- drivers/gpu/drm/bridge/analogix/anx7625.c | 15 +- .../gpu/drm/bridge/cadence/cdns-mhdp8546-core.c | 3 + drivers/gpu/drm/bridge/chipone-icn6211.c | 6 +- drivers/gpu/drm/bridge/lontium-lt8912b.c | 6 +- drivers/gpu/drm/bridge/lontium-lt9611.c | 6 +- drivers/gpu/drm/bridge/lontium-lt9611uxc.c | 6 +- drivers/gpu/drm/bridge/tc358775.c | 6 +- drivers/gpu/drm/bridge/ti-dlpc3433.c | 17 +- drivers/gpu/drm/ci/test.yml | 6 +- drivers/gpu/drm/drm_bridge.c | 10 +- drivers/gpu/drm/drm_edid.c | 2 +- drivers/gpu/drm/drm_mipi_dsi.c | 6 +- drivers/gpu/drm/imagination/pvr_vm_mips.c | 4 +- drivers/gpu/drm/mediatek/mtk_drm_crtc.c | 8 +- drivers/gpu/drm/mediatek/mtk_drm_gem.c | 3 + drivers/gpu/drm/meson/meson_vclk.c | 6 +- drivers/gpu/drm/msm/dp/dp_aux.c | 25 ++- drivers/gpu/drm/msm/dp/dp_aux.h | 1 + drivers/gpu/drm/msm/dp/dp_catalog.c | 7 +- drivers/gpu/drm/msm/dp/dp_catalog.h | 3 +- drivers/gpu/drm/msm/dp/dp_ctrl.c | 6 +- drivers/gpu/drm/msm/dp/dp_display.c | 4 + drivers/gpu/drm/msm/dp/dp_link.c | 22 +- drivers/gpu/drm/msm/dp/dp_link.h | 14 +- drivers/gpu/drm/mxsfb/lcdif_drv.c | 6 +- drivers/gpu/drm/nouveau/nvkm/engine/disp/r535.c | 2 +- drivers/gpu/drm/omapdrm/Kconfig | 2 +- drivers/gpu/drm/omapdrm/omap_fbdev.c | 40 +++- drivers/gpu/drm/panel/panel-edp.c | 9 +- drivers/gpu/drm/panel/panel-leadtek-ltk050h3146w.c | 5 +- drivers/gpu/drm/panel/panel-novatek-nt35950.c | 6 +- drivers/gpu/drm/panel/panel-samsung-atna33xc20.c | 22 +- drivers/gpu/drm/panel/panel-simple.c | 3 + drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 22 +- drivers/gpu/drm/vc4/vc4_hdmi.c | 2 + drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c | 10 + drivers/hid/intel-ish-hid/ipc/pci-ish.c | 5 + drivers/infiniband/core/cma.c | 4 +- drivers/infiniband/hw/bnxt_re/qplib_fp.c | 3 +- drivers/infiniband/hw/hns/hns_roce_cq.c | 24 ++- drivers/infiniband/hw/hns/hns_roce_device.h | 3 + drivers/infiniband/hw/hns/hns_roce_hem.c | 2 +- drivers/infiniband/hw/hns/hns_roce_hem.h | 12 +- drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 9 +- drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 2 +- drivers/infiniband/hw/hns/hns_roce_main.c | 8 + drivers/infiniband/hw/hns/hns_roce_mr.c | 15 +- drivers/infiniband/hw/hns/hns_roce_srq.c | 6 +- drivers/infiniband/hw/mana/cq.c | 54 ++--- drivers/infiniband/hw/mana/main.c | 43 ++++ drivers/infiniband/hw/mana/mana_ib.h | 14 +- drivers/infiniband/hw/mana/qp.c | 26 +-- drivers/infiniband/hw/mlx5/mem.c | 8 +- drivers/infiniband/hw/mlx5/mlx5_ib.h | 3 +- drivers/infiniband/hw/mlx5/mr.c | 35 ++- drivers/infiniband/sw/rxe/rxe_comp.c | 6 +- drivers/infiniband/sw/rxe/rxe_net.c | 12 +- drivers/infiniband/sw/rxe/rxe_verbs.c | 6 +- drivers/infiniband/ulp/ipoib/ipoib_vlan.c | 8 +- drivers/input/input.c | 104 +++++++-- drivers/iommu/amd/init.c | 4 +- drivers/iommu/intel/iommu.c | 19 +- drivers/iommu/iommu.c | 21 +- drivers/irqchip/irq-alpine-msi.c | 2 +- drivers/irqchip/irq-loongson-pch-msi.c | 2 +- drivers/macintosh/via-macii.c | 11 +- drivers/md/dm-delay.c | 14 +- drivers/md/md-bitmap.c | 6 +- drivers/media/i2c/et8ek8/et8ek8_driver.c | 4 +- drivers/media/pci/intel/ipu3/ipu3-cio2.c | 10 +- drivers/media/pci/ngene/ngene-core.c | 4 +- drivers/media/platform/cadence/cdns-csi2rx.c | 26 +-- drivers/media/platform/renesas/rcar-vin/rcar-vin.h | 2 +- drivers/media/radio/radio-shark2.c | 2 +- drivers/media/usb/uvc/uvc_driver.c | 31 +++ drivers/media/usb/uvc/uvcvideo.h | 1 + drivers/media/v4l2-core/v4l2-subdev.c | 2 + drivers/misc/lkdtm/Makefile | 2 +- drivers/misc/lkdtm/perms.c | 2 +- drivers/mtd/mtdcore.c | 6 +- drivers/mtd/nand/raw/nand_hynix.c | 2 +- drivers/net/dsa/mv88e6xxx/chip.c | 50 ++++- drivers/net/dsa/mv88e6xxx/chip.h | 6 + drivers/net/dsa/mv88e6xxx/global1.c | 89 ++++++++ drivers/net/dsa/mv88e6xxx/global1.h | 2 + drivers/net/ethernet/cortina/gemini.c | 12 +- drivers/net/ethernet/freescale/enetc/enetc.c | 2 +- drivers/net/ethernet/freescale/fec_main.c | 26 --- drivers/net/ethernet/intel/ice/ice_ddp.c | 10 +- drivers/net/ethernet/intel/idpf/idpf_ethtool.c | 3 +- drivers/net/ethernet/mediatek/mtk_eth_soc.c | 240 ++++++++++++--------- drivers/net/ethernet/mediatek/mtk_eth_soc.h | 29 +-- drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 46 +++- .../net/ethernet/mellanox/mlx5/core/en/xsk/setup.c | 6 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 10 +- .../net/ethernet/mellanox/mlx5/core/esw/bridge.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/eswitch.h | 4 +- .../ethernet/mellanox/mlx5/core/eswitch_offloads.c | 28 ++- drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c | 6 +- .../net/ethernet/mellanox/mlx5/core/lag/mpesw.c | 4 +- drivers/net/ethernet/mellanox/mlx5/core/main.c | 14 +- .../ethernet/mellanox/mlx5/core/sf/dev/driver.c | 19 +- .../net/ethernet/microchip/lan966x/lan966x_main.c | 6 +- drivers/net/ethernet/microsoft/mana/hw_channel.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_main.c | 9 +- drivers/net/ethernet/realtek/r8169_main.c | 9 +- drivers/net/ethernet/smsc/smc91x.h | 4 +- drivers/net/ethernet/stmicro/stmmac/stmmac.h | 2 + drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c | 8 +- drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c | 18 +- drivers/net/ethernet/sun/sungem.c | 14 -- drivers/net/ethernet/ti/icssg/icssg_prueth.c | 14 +- drivers/net/ethernet/wangxun/libwx/wx_hw.c | 2 + drivers/net/ethernet/wangxun/libwx/wx_lib.c | 56 ++++- drivers/net/ethernet/wangxun/libwx/wx_lib.h | 2 + drivers/net/ethernet/wangxun/libwx/wx_type.h | 22 ++ drivers/net/ethernet/wangxun/ngbe/ngbe_ethtool.c | 18 +- drivers/net/ethernet/wangxun/ngbe/ngbe_main.c | 1 + drivers/net/ethernet/wangxun/txgbe/txgbe_ethtool.c | 18 +- drivers/net/ethernet/wangxun/txgbe/txgbe_main.c | 31 +++ drivers/net/ethernet/wangxun/txgbe/txgbe_type.h | 1 + drivers/net/phy/micrel.c | 3 +- drivers/net/usb/aqc111.c | 8 +- drivers/net/usb/smsc95xx.c | 15 +- drivers/net/usb/sr9700.c | 10 +- drivers/net/wireless/ath/ar5523/ar5523.c | 14 ++ drivers/net/wireless/ath/ath10k/core.c | 3 + drivers/net/wireless/ath/ath10k/debugfs_sta.c | 2 +- drivers/net/wireless/ath/ath10k/hw.h | 1 + drivers/net/wireless/ath/ath10k/targaddrs.h | 3 + drivers/net/wireless/ath/ath10k/wmi.c | 26 ++- drivers/net/wireless/ath/ath11k/mac.c | 9 +- drivers/net/wireless/ath/ath12k/qmi.c | 3 + drivers/net/wireless/ath/ath12k/wmi.c | 2 +- drivers/net/wireless/ath/carl9170/tx.c | 3 +- drivers/net/wireless/ath/carl9170/usb.c | 32 +++ .../wireless/broadcom/brcm80211/brcmfmac/pcie.c | 15 +- drivers/net/wireless/intel/iwlwifi/mvm/coex.c | 42 ++-- drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 43 +++- .../net/wireless/intel/iwlwifi/mvm/mld-mac80211.c | 159 ++++++++------ drivers/net/wireless/intel/iwlwifi/mvm/mld-sta.c | 19 +- drivers/net/wireless/intel/iwlwifi/mvm/mvm.h | 36 ++-- drivers/net/wireless/intel/iwlwifi/mvm/rx.c | 4 +- drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 7 +- drivers/net/wireless/marvell/mwl8k.c | 2 +- drivers/net/wireless/mediatek/mt76/mt7603/dma.c | 46 ++-- drivers/net/wireless/mediatek/mt76/mt7603/mac.c | 1 + .../net/wireless/mediatek/mt76/mt76_connac_mcu.c | 3 +- .../net/wireless/mediatek/mt76/mt7915/debugfs.c | 6 +- drivers/net/wireless/mediatek/mt76/mt7925/mcu.h | 2 +- drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 12 +- drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 2 +- drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 1 + drivers/net/wireless/realtek/rtw89/ps.c | 3 +- drivers/net/wireless/realtek/rtw89/wow.c | 12 +- drivers/of/module.c | 7 +- drivers/perf/hisilicon/hisi_pcie_pmu.c | 14 +- drivers/perf/hisilicon/hns3_pmu.c | 16 +- drivers/perf/riscv_pmu_sbi.c | 2 +- drivers/platform/x86/xiaomi-wmi.c | 18 ++ drivers/power/supply/power_supply_sysfs.c | 20 +- drivers/ptp/ptp_ocp.c | 6 +- drivers/pwm/pwm-meson.c | 15 +- drivers/pwm/pwm-sti.c | 39 +--- drivers/s390/cio/trace.h | 2 +- drivers/scsi/bfa/bfad_debugfs.c | 4 +- drivers/scsi/hpsa.c | 2 +- drivers/scsi/libsas/sas_expander.c | 3 +- drivers/scsi/qedf/qedf_debugfs.c | 2 +- drivers/scsi/qla2xxx/qla_dfs.c | 2 +- drivers/soc/mediatek/mtk-cmdq-helper.c | 5 +- drivers/soc/qcom/pmic_glink.c | 26 ++- drivers/staging/media/atomisp/pci/sh_css.c | 1 + drivers/staging/media/starfive/camss/stf-camss.c | 6 + drivers/thermal/mediatek/lvts_thermal.c | 4 + drivers/thermal/qcom/tsens.c | 2 +- drivers/thermal/thermal_core.c | 12 +- drivers/thermal/thermal_debugfs.c | 27 ++- drivers/thermal/thermal_debugfs.h | 4 +- drivers/tty/n_gsm.c | 140 ++++++++---- drivers/tty/serial/8250/8250_bcm7271.c | 99 +++++---- drivers/tty/serial/8250/8250_mtk.c | 8 +- drivers/tty/serial/sc16is7xx.c | 23 +- drivers/ufs/core/ufs-mcq.c | 3 +- drivers/ufs/core/ufshcd.c | 6 +- drivers/ufs/host/cdns-pltfrm.c | 2 +- drivers/ufs/host/ufs-qcom.c | 7 +- drivers/ufs/host/ufs-qcom.h | 12 +- drivers/video/fbdev/Kconfig | 4 +- drivers/video/fbdev/core/Kconfig | 6 + drivers/video/fbdev/sh_mobile_lcdcfb.c | 2 +- drivers/video/fbdev/sis/init301.c | 3 +- drivers/virt/acrn/mm.c | 61 ++++-- fs/btrfs/extent_io.c | 10 +- fs/dlm/ast.c | 14 ++ fs/dlm/dlm_internal.h | 1 + fs/dlm/user.c | 15 +- fs/ecryptfs/keystore.c | 4 +- fs/exec.c | 11 + fs/ext4/inode.c | 3 - fs/ext4/mballoc.c | 1 + fs/ext4/namei.c | 2 +- fs/f2fs/checkpoint.c | 9 +- fs/gfs2/glock.c | 91 +++++--- fs/gfs2/glock.h | 1 + fs/gfs2/glops.c | 3 + fs/gfs2/incore.h | 1 + fs/gfs2/lock_dlm.c | 32 ++- fs/gfs2/ops_fstype.c | 1 + fs/gfs2/super.c | 3 - fs/gfs2/util.c | 1 - fs/jffs2/xattr.c | 3 + fs/libfs.c | 55 ++++- fs/nfsd/nfsctl.c | 4 +- fs/nilfs2/ioctl.c | 2 +- fs/nilfs2/segment.c | 63 ++++-- fs/ntfs3/dir.c | 1 + fs/ntfs3/index.c | 6 + fs/ntfs3/inode.c | 7 +- fs/ntfs3/record.c | 11 +- fs/ntfs3/super.c | 2 - fs/openpromfs/inode.c | 8 +- fs/smb/server/mgmt/share_config.c | 6 +- fs/smb/server/oplock.c | 21 +- include/drm/drm_displayid.h | 1 - include/drm/drm_mipi_dsi.h | 6 +- include/linux/acpi.h | 6 +- include/linux/bitops.h | 1 + include/linux/dev_printk.h | 25 +-- include/linux/fb.h | 4 + include/linux/fortify-string.h | 3 +- include/linux/fs.h | 2 + include/linux/ieee80211.h | 2 +- include/linux/ksm.h | 13 ++ include/linux/mlx5/driver.h | 1 + include/linux/numa.h | 7 +- include/linux/printk.h | 2 +- include/linux/stmmac.h | 1 - include/net/ax25.h | 3 +- include/net/bluetooth/bluetooth.h | 2 +- include/net/bluetooth/hci.h | 122 +---------- include/net/bluetooth/hci_core.h | 47 +--- include/net/bluetooth/l2cap.h | 11 +- include/net/tcp.h | 5 +- include/trace/events/asoc.h | 2 + include/uapi/linux/bpf.h | 2 +- include/uapi/linux/virtio_bt.h | 1 - io_uring/io-wq.c | 13 +- io_uring/io_uring.h | 2 +- io_uring/net.c | 1 + io_uring/nop.c | 2 + io_uring/sqpoll.c | 6 +- kernel/bpf/syscall.c | 5 + kernel/bpf/verifier.c | 29 ++- kernel/cgroup/cpuset.c | 2 +- kernel/rcu/tasks.h | 2 +- kernel/rcu/tree_stall.h | 3 +- kernel/sched/core.c | 2 +- kernel/sched/fair.c | 53 +++-- kernel/sched/topology.c | 2 +- kernel/trace/ftrace.c | 39 ++-- kernel/trace/ring_buffer.c | 9 + kernel/trace/trace_events_user.c | 76 ++++++- lib/fortify_kunit.c | 22 +- lib/kunit/device.c | 2 +- lib/kunit/test.c | 3 + lib/kunit/try-catch.c | 9 +- lib/slub_kunit.c | 2 +- lib/test_hmm.c | 8 +- mm/shmem.c | 3 +- mm/userfaultfd.c | 35 +++ net/ax25/ax25_dev.c | 48 ++--- net/bluetooth/hci_conn.c | 3 +- net/bluetooth/hci_core.c | 141 ++---------- net/bluetooth/hci_event.c | 150 +------------ net/bluetooth/hci_sock.c | 5 +- net/bluetooth/hci_sync.c | 207 ++++-------------- net/bluetooth/iso.c | 75 ++++--- net/bluetooth/l2cap_core.c | 77 ++++--- net/bluetooth/l2cap_sock.c | 91 ++++++-- net/bluetooth/mgmt.c | 84 +++----- net/bridge/br_device.c | 6 + net/bridge/br_mst.c | 16 +- net/core/dev.c | 3 +- net/ipv4/devinet.c | 13 +- net/ipv4/tcp_ipv4.c | 13 +- net/ipv4/udp.c | 21 +- net/ipv6/reassembly.c | 2 +- net/ipv6/seg6.c | 5 +- net/ipv6/udp.c | 20 +- net/l2tp/l2tp_core.c | 44 +++- net/mac80211/cfg.c | 12 +- net/mac80211/ieee80211_i.h | 3 +- net/mac80211/iface.c | 4 +- net/mac80211/mlme.c | 53 +++-- net/mac80211/scan.c | 16 +- net/mptcp/protocol.h | 3 + net/mptcp/sockopt.c | 60 +++++- net/netrom/nr_route.c | 19 +- net/openvswitch/flow.c | 3 +- net/packet/af_packet.c | 3 +- net/qrtr/ns.c | 27 +++ net/sunrpc/auth_gss/svcauth_gss.c | 10 +- net/sunrpc/svc.c | 2 - net/unix/af_unix.c | 2 +- net/wireless/nl80211.c | 14 +- net/wireless/scan.c | 47 +++- samples/landlock/sandboxer.c | 5 +- scripts/module.lds.S | 1 + sound/core/init.c | 11 +- sound/core/timer.c | 8 + sound/pci/hda/cs35l41_hda_property.c | 4 +- sound/pci/hda/patch_realtek.c | 3 + sound/soc/intel/avs/boards/ssm4567.c | 1 - sound/soc/intel/avs/cldma.c | 2 +- sound/soc/intel/avs/icl.c | 5 +- sound/soc/intel/avs/path.c | 1 + sound/soc/intel/avs/pcm.c | 4 + sound/soc/intel/avs/probes.c | 14 +- sound/soc/intel/boards/bxt_da7219_max98357a.c | 1 + sound/soc/intel/boards/bxt_rt298.c | 1 + sound/soc/intel/boards/glk_rt5682_max98357a.c | 2 + sound/soc/intel/boards/kbl_da7219_max98357a.c | 1 + sound/soc/intel/boards/kbl_da7219_max98927.c | 4 + sound/soc/intel/boards/kbl_rt5660.c | 1 + sound/soc/intel/boards/kbl_rt5663_max98927.c | 2 + .../soc/intel/boards/kbl_rt5663_rt5514_max98927.c | 1 + sound/soc/intel/boards/skl_hda_dsp_generic.c | 2 + sound/soc/intel/boards/skl_nau88l25_max98357a.c | 1 + sound/soc/intel/boards/skl_rt286.c | 1 + sound/soc/kirkwood/kirkwood-dma.c | 3 + sound/soc/mediatek/common/mtk-soundcard-driver.c | 6 +- sound/soc/sof/intel/hda-dai.c | 31 ++- sound/soc/sof/intel/lnl.c | 3 +- sound/soc/sof/intel/lnl.h | 15 ++ sound/soc/sof/intel/mtl.c | 46 +++- sound/soc/sof/intel/mtl.h | 4 +- tools/arch/x86/lib/x86-opcode-map.txt | 10 +- tools/bpf/bpftool/common.c | 96 +++++++-- tools/bpf/bpftool/iter.c | 2 +- tools/bpf/bpftool/main.h | 3 +- tools/bpf/bpftool/prog.c | 5 +- tools/bpf/bpftool/skeleton/pid_iter.bpf.c | 4 +- tools/bpf/bpftool/struct_ops.c | 2 +- tools/include/nolibc/stdlib.h | 2 +- tools/include/uapi/linux/bpf.h | 2 +- tools/lib/bpf/bpf.c | 2 +- tools/lib/bpf/features.c | 2 +- tools/lib/bpf/libbpf.c | 9 +- tools/testing/selftests/bpf/cgroup_helpers.c | 3 + tools/testing/selftests/bpf/network_helpers.c | 2 + .../selftests/bpf/prog_tests/cgroup1_hierarchy.c | 7 +- .../selftests/bpf/prog_tests/xdp_do_redirect.c | 4 +- .../bpf/progs/bench_local_storage_create.c | 5 +- tools/testing/selftests/bpf/progs/local_storage.c | 20 +- tools/testing/selftests/bpf/progs/lsm_cgroup.c | 8 +- tools/testing/selftests/bpf/test_sockmap.c | 2 +- tools/testing/selftests/cgroup/cgroup_util.c | 8 +- tools/testing/selftests/cgroup/cgroup_util.h | 2 +- tools/testing/selftests/cgroup/test_core.c | 7 +- tools/testing/selftests/cgroup/test_cpu.c | 2 +- tools/testing/selftests/cgroup/test_cpuset.c | 2 +- tools/testing/selftests/cgroup/test_freezer.c | 2 +- .../testing/selftests/cgroup/test_hugetlb_memcg.c | 2 +- tools/testing/selftests/cgroup/test_kill.c | 2 +- tools/testing/selftests/cgroup/test_kmem.c | 2 +- tools/testing/selftests/cgroup/test_memcontrol.c | 2 +- tools/testing/selftests/cgroup/test_zswap.c | 2 +- tools/testing/selftests/damon/_damon_sysfs.py | 2 + .../selftests/filesystems/binderfs/Makefile | 2 - .../ftrace/test.d/dynevent/add_remove_btfarg.tc | 2 +- .../ftrace/test.d/dynevent/fprobe_entry_arg.tc | 2 +- .../ftrace/test.d/kprobe/kretprobe_entry_arg.tc | 2 +- tools/testing/selftests/kcmp/kcmp_test.c | 2 +- tools/testing/selftests/kselftest/ktap_helpers.sh | 4 +- tools/testing/selftests/lib.mk | 12 +- tools/testing/selftests/net/amt.sh | 12 +- tools/testing/selftests/net/config | 1 + .../selftests/net/forwarding/bridge_igmp.sh | 6 +- .../testing/selftests/net/forwarding/bridge_mld.sh | 6 +- tools/testing/selftests/net/lib.sh | 6 +- .../power_supply/test_power_supply_properties.sh | 2 +- tools/testing/selftests/resctrl/Makefile | 4 +- tools/tracing/latency/latency-collector.c | 8 +- 489 files changed, 4172 insertions(+), 2830 deletions(-)

1 year, 3 months

11
437
0 0

Seeking Explanation on an Unknown Transaction from Your Store

by linda＠thomadevelopment.com

Hello, I hope this note finds you well. I recently checked my account statement and observed a expense from your shop that I do not remember. The expense appears strange to me, and I would value your assistance in clarifying it. Could you please offer clarification on this charge? Any information you can give would be greatly valued. Thank you for your prompt response to this concern. Best regards, Linda Smith

1 year, 3 months

1
0
0 0

[PATCH v3 2/2] xhci: Apply broken streams quirk to Etron EJ188 xHCI host

by Kuangyi Chiang

As described in commit 8f873c1ff4ca ("xhci: Blacklist using streams on the Etron EJ168 controller"), EJ188 have the same issue as EJ168, where Streams do not work reliable on EJ188. So apply XHCI_BROKEN_STREAMS quirk to EJ188 as well. Cc: <stable(a)vger.kernel.org> Signed-off-by: Kuangyi Chiang <ki.chiang65(a)gmail.com> --- Changes in v3: - Fix coding style Changes in v2: - Porting to latest release drivers/usb/host/xhci-pci.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c index dd8256e4e02a..05881153883e 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -397,8 +397,10 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) xhci->quirks |= XHCI_BROKEN_STREAMS; } if (pdev->vendor == PCI_VENDOR_ID_ETRON && - pdev->device == PCI_DEVICE_ID_EJ188) + pdev->device == PCI_DEVICE_ID_EJ188) { xhci->quirks |= XHCI_RESET_ON_RESUME; + xhci->quirks |= XHCI_BROKEN_STREAMS; + } if (pdev->vendor == PCI_VENDOR_ID_RENESAS && pdev->device == 0x0014) { -- 2.25.1

1 year, 3 months

1
1
0 0

[PATCH v3] clk: qcom: gcc-ipq9574: Add BRANCH_HALT_VOTED flag

by Md Sadre Alam

The crypto_ahb and crypto_axi clks are hardware voteable. This means that the halt bit isn't reliable because some other voter in the system, e.g. TrustZone, could be keeping the clk enabled when the kernel turns it off from clk_disable(). Make these clks use voting mode by changing the halt check to BRANCH_HALT_VOTED and toggle the voting bit in the voting register instead of directly controlling the branch by writing to the branch register. This fixes stuck clk warnings seen on ipq9574 and saves power by actually turning the clk off. Also changes the CRYPTO_AHB_CLK_ENA & CRYPTO_AXI_CLK_ENA offset to 0xb004 from 0x16014. Cc: stable(a)vger.kernel.org Fixes: f6b2bd9cb29a ("clk: qcom: gcc-ipq9574: Enable crypto clocks") Signed-off-by: Md Sadre Alam <quic_mdalam(a)quicinc.com> --- Change in [v3] * Updated commit message Change in [v2] * Added Fixes tag and stable kernel tag * updated commit message about offset change drivers/clk/qcom/gcc-ipq9574.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/drivers/clk/qcom/gcc-ipq9574.c b/drivers/clk/qcom/gcc-ipq9574.c index 0a3f846695b8..f8b9a1e93bef 100644 --- a/drivers/clk/qcom/gcc-ipq9574.c +++ b/drivers/clk/qcom/gcc-ipq9574.c @@ -2140,9 +2140,10 @@ static struct clk_rcg2 pcnoc_bfdcd_clk_src = { static struct clk_branch gcc_crypto_axi_clk = { .halt_reg = 0x16010, + .halt_check = BRANCH_HALT_VOTED, .clkr = { - .enable_reg = 0x16010, - .enable_mask = BIT(0), + .enable_reg = 0xb004, + .enable_mask = BIT(15), .hw.init = &(const struct clk_init_data) { .name = "gcc_crypto_axi_clk", .parent_hws = (const struct clk_hw *[]) { @@ -2156,9 +2157,10 @@ static struct clk_branch gcc_crypto_axi_clk = { static struct clk_branch gcc_crypto_ahb_clk = { .halt_reg = 0x16014, + .halt_check = BRANCH_HALT_VOTED, .clkr = { - .enable_reg = 0x16014, - .enable_mask = BIT(0), + .enable_reg = 0xb004, + .enable_mask = BIT(16), .hw.init = &(const struct clk_init_data) { .name = "gcc_crypto_ahb_clk", .parent_hws = (const struct clk_hw *[]) { -- 2.34.1

1 year, 3 months

2
1
0 0

+ mm-hugetlb-do-not-call-vma_add_reservation-upon-enomem.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/hugetlb: do not call vma_add_reservation upon ENOMEM has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-hugetlb-do-not-call-vma_add_reservation-upon-enomem.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Oscar Salvador <osalvador(a)suse.de> Subject: mm/hugetlb: do not call vma_add_reservation upon ENOMEM Date: Tue, 28 May 2024 22:53:23 +0200 sysbot reported a splat [1] on __unmap_hugepage_range(). This is because vma_needs_reservation() can return -ENOMEM if allocate_file_region_entries() fails to allocate the file_region struct for the reservation. Check for that and do not call vma_add_reservation() if that is the case, otherwise region_abort() and region_del() will see that we do not have any file_regions. If we detect that vma_needs_reservation() returned -ENOMEM, we clear the hugetlb_restore_reserve flag as if this reservation was still consumed, so free_huge_folio() will not increment the resv count. [1] https://lore.kernel.org/linux-mm/0000000000004096100617c58d54@google.com/T/… Link: https://lkml.kernel.org/r/20240528205323.20439-1-osalvador@suse.de Fixes: df7a6d1f6405 ("mm/hugetlb: restore the reservation if needed") Signed-off-by: Oscar Salvador <osalvador(a)suse.de> Reported-and-tested-by: syzbot+d3fe2dc5ffe9380b714b(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/linux-mm/0000000000004096100617c58d54@google.com/ Cc: Breno Leitao <leitao(a)debian.org> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) --- a/mm/hugetlb.c~mm-hugetlb-do-not-call-vma_add_reservation-upon-enomem +++ a/mm/hugetlb.c @@ -5768,8 +5768,20 @@ void __unmap_hugepage_range(struct mmu_g * do_exit() will not see it, and will keep the reservation * forever. */ - if (adjust_reservation && vma_needs_reservation(h, vma, address)) - vma_add_reservation(h, vma, address); + if (adjust_reservation) { + int rc = vma_needs_reservation(h, vma, address); + + if (rc < 0) + /* Pressumably allocate_file_region_entries failed + * to allocate a file_region struct. Clear + * hugetlb_restore_reserve so that global reserve + * count will not be incremented by free_huge_folio. + * Act as if we consumed the reservation. + */ + folio_clear_hugetlb_restore_reserve(page_folio(page)); + else if (rc) + vma_add_reservation(h, vma, address); + } tlb_remove_page_size(tlb, page, huge_page_size(h)); /* _ Patches currently in -mm which might be from osalvador(a)suse.de are mm-hugetlb-do-not-call-vma_add_reservation-upon-enomem.patch mm-hugetlb-drop-node_alloc_noretry-from-alloc_fresh_hugetlb_folio.patch

1 year, 3 months

1
0
0 0

+ mm-ksm-fix-ksm_zero_pages-accounting.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/ksm: fix ksm_zero_pages accounting has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-ksm-fix-ksm_zero_pages-accounting.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Chengming Zhou <chengming.zhou(a)linux.dev> Subject: mm/ksm: fix ksm_zero_pages accounting Date: Tue, 28 May 2024 13:15:22 +0800 We normally ksm_zero_pages++ in ksmd when page is merged with zero page, but ksm_zero_pages-- is done from page tables side, where there is no any accessing protection of ksm_zero_pages. So we can read very exceptional value of ksm_zero_pages in rare cases, such as -1, which is very confusing to users. Fix it by changing to use atomic_long_t, and the same case with the mm->ksm_zero_pages. Link: https://lkml.kernel.org/r/20240528-b4-ksm-counters-v3-2-34bb358fdc13@linux.… Fixes: e2942062e01d ("ksm: count all zero pages placed by KSM") Fixes: 6080d19f0704 ("ksm: add ksm zero pages for each process") Signed-off-by: Chengming Zhou <chengming.zhou(a)linux.dev> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Ran Xiaokai <ran.xiaokai(a)zte.com.cn> Cc: Stefan Roesch <shr(a)devkernel.io> Cc: xu xin <xu.xin16(a)zte.com.cn> Cc: Yang Yang <yang.yang29(a)zte.com.cn> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/base.c | 2 +- include/linux/ksm.h | 17 ++++++++++++++--- include/linux/mm_types.h | 2 +- mm/ksm.c | 11 +++++------ 4 files changed, 21 insertions(+), 11 deletions(-) --- a/fs/proc/base.c~mm-ksm-fix-ksm_zero_pages-accounting +++ a/fs/proc/base.c @@ -3214,7 +3214,7 @@ static int proc_pid_ksm_stat(struct seq_ mm = get_task_mm(task); if (mm) { seq_printf(m, "ksm_rmap_items %lu\n", mm->ksm_rmap_items); - seq_printf(m, "ksm_zero_pages %lu\n", mm->ksm_zero_pages); + seq_printf(m, "ksm_zero_pages %ld\n", mm_ksm_zero_pages(mm)); seq_printf(m, "ksm_merging_pages %lu\n", mm->ksm_merging_pages); seq_printf(m, "ksm_process_profit %ld\n", ksm_process_profit(mm)); mmput(mm); --- a/include/linux/ksm.h~mm-ksm-fix-ksm_zero_pages-accounting +++ a/include/linux/ksm.h @@ -33,16 +33,27 @@ void __ksm_exit(struct mm_struct *mm); */ #define is_ksm_zero_pte(pte) (is_zero_pfn(pte_pfn(pte)) && pte_dirty(pte)) -extern unsigned long ksm_zero_pages; +extern atomic_long_t ksm_zero_pages; + +static inline void ksm_map_zero_page(struct mm_struct *mm) +{ + atomic_long_inc(&ksm_zero_pages); + atomic_long_inc(&mm->ksm_zero_pages); +} static inline void ksm_might_unmap_zero_page(struct mm_struct *mm, pte_t pte) { if (is_ksm_zero_pte(pte)) { - ksm_zero_pages--; - mm->ksm_zero_pages--; + atomic_long_dec(&ksm_zero_pages); + atomic_long_dec(&mm->ksm_zero_pages); } } +static inline long mm_ksm_zero_pages(struct mm_struct *mm) +{ + return atomic_long_read(&mm->ksm_zero_pages); +} + static inline int ksm_fork(struct mm_struct *mm, struct mm_struct *oldmm) { if (test_bit(MMF_VM_MERGEABLE, &oldmm->flags)) --- a/include/linux/mm_types.h~mm-ksm-fix-ksm_zero_pages-accounting +++ a/include/linux/mm_types.h @@ -985,7 +985,7 @@ struct mm_struct { * Represent how many empty pages are merged with kernel zero * pages when enabling KSM use_zero_pages. */ - unsigned long ksm_zero_pages; + atomic_long_t ksm_zero_pages; #endif /* CONFIG_KSM */ #ifdef CONFIG_LRU_GEN_WALKS_MMU struct { --- a/mm/ksm.c~mm-ksm-fix-ksm_zero_pages-accounting +++ a/mm/ksm.c @@ -296,7 +296,7 @@ static bool ksm_use_zero_pages __read_mo static bool ksm_smart_scan = true; /* The number of zero pages which is placed by KSM */ -unsigned long ksm_zero_pages; +atomic_long_t ksm_zero_pages = ATOMIC_LONG_INIT(0); /* The number of pages that have been skipped due to "smart scanning" */ static unsigned long ksm_pages_skipped; @@ -1429,8 +1429,7 @@ static int replace_page(struct vm_area_s * the dirty bit in zero page's PTE is set. */ newpte = pte_mkdirty(pte_mkspecial(pfn_pte(page_to_pfn(kpage), vma->vm_page_prot))); - ksm_zero_pages++; - mm->ksm_zero_pages++; + ksm_map_zero_page(mm); /* * We're replacing an anonymous page with a zero page, which is * not anonymous. We need to do proper accounting otherwise we @@ -3373,7 +3372,7 @@ static void wait_while_offlining(void) #ifdef CONFIG_PROC_FS long ksm_process_profit(struct mm_struct *mm) { - return (long)(mm->ksm_merging_pages + mm->ksm_zero_pages) * PAGE_SIZE - + return (long)(mm->ksm_merging_pages + mm_ksm_zero_pages(mm)) * PAGE_SIZE - mm->ksm_rmap_items * sizeof(struct ksm_rmap_item); } #endif /* CONFIG_PROC_FS */ @@ -3662,7 +3661,7 @@ KSM_ATTR_RO(pages_skipped); static ssize_t ksm_zero_pages_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf) { - return sysfs_emit(buf, "%ld\n", ksm_zero_pages); + return sysfs_emit(buf, "%ld\n", atomic_long_read(&ksm_zero_pages)); } KSM_ATTR_RO(ksm_zero_pages); @@ -3671,7 +3670,7 @@ static ssize_t general_profit_show(struc { long general_profit; - general_profit = (ksm_pages_sharing + ksm_zero_pages) * PAGE_SIZE - + general_profit = (ksm_pages_sharing + atomic_long_read(&ksm_zero_pages)) * PAGE_SIZE - ksm_rmap_items * sizeof(struct ksm_rmap_item); return sysfs_emit(buf, "%ld\n", general_profit); _ Patches currently in -mm which might be from chengming.zhou(a)linux.dev are mm-ksm-fix-ksm_pages_scanned-accounting.patch mm-ksm-fix-ksm_zero_pages-accounting.patch

1 year, 3 months

1
0
0 0

+ mm-ksm-fix-ksm_pages_scanned-accounting.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/ksm: fix ksm_pages_scanned accounting has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-ksm-fix-ksm_pages_scanned-accounting.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Chengming Zhou <chengming.zhou(a)linux.dev> Subject: mm/ksm: fix ksm_pages_scanned accounting Date: Tue, 28 May 2024 13:15:21 +0800 Patch series "mm/ksm: fix some accounting problems", v3. We encountered some abnormal ksm_pages_scanned and ksm_zero_pages during some random tests. 1. ksm_pages_scanned unchanged even ksmd scanning has progress. 2. ksm_zero_pages maybe -1 in some rare cases. This patch (of 2): During testing, I found ksm_pages_scanned is unchanged although the scan_get_next_rmap_item() did return valid rmap_item that is not NULL. The reason is the scan_get_next_rmap_item() will return NULL after a full scan, so ksm_do_scan() just return without accounting of the ksm_pages_scanned. Fix it by just putting ksm_pages_scanned accounting in that loop, and it will be accounted more timely if that loop would last for a long time. Link: https://lkml.kernel.org/r/20240528-b4-ksm-counters-v3-0-34bb358fdc13@linux.… Link: https://lkml.kernel.org/r/20240528-b4-ksm-counters-v3-1-34bb358fdc13@linux.… Fixes: b348b5fe2b5f ("mm/ksm: add pages scanned metric") Signed-off-by: Chengming Zhou <chengming.zhou(a)linux.dev> Acked-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: xu xin <xu.xin16(a)zte.com.cn> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Ran Xiaokai <ran.xiaokai(a)zte.com.cn> Cc: Stefan Roesch <shr(a)devkernel.io> Cc: Yang Yang <yang.yang29(a)zte.com.cn> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/ksm.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) --- a/mm/ksm.c~mm-ksm-fix-ksm_pages_scanned-accounting +++ a/mm/ksm.c @@ -2753,18 +2753,16 @@ static void ksm_do_scan(unsigned int sca { struct ksm_rmap_item *rmap_item; struct page *page; - unsigned int npages = scan_npages; - while (npages-- && likely(!freezing(current))) { + while (scan_npages-- && likely(!freezing(current))) { cond_resched(); rmap_item = scan_get_next_rmap_item(&page); if (!rmap_item) return; cmp_and_merge_page(page, rmap_item); put_page(page); + ksm_pages_scanned++; } - - ksm_pages_scanned += scan_npages - npages; } static int ksmd_should_run(void) _ Patches currently in -mm which might be from chengming.zhou(a)linux.dev are mm-ksm-fix-ksm_pages_scanned-accounting.patch mm-ksm-fix-ksm_zero_pages-accounting.patch

1 year, 3 months

1
0
0 0

[PATCH net v2] sock_map: avoid race between sock_map_close and sk_psock_put

by Thadeu Lima de Souza Cascardo

sk_psock_get will return NULL if the refcount of psock has gone to 0, which will happen when the last call of sk_psock_put is done. However, sk_psock_drop may not have finished yet, so the close callback will still point to sock_map_close despite psock being NULL. This can be reproduced with a thread deleting an element from the sock map, while the second one creates a socket, adds it to the map and closes it. That will trigger the WARN_ON_ONCE: ------------[ cut here ]------------ WARNING: CPU: 1 PID: 7220 at net/core/sock_map.c:1701 sock_map_close+0x2a2/0x2d0 net/core/sock_map.c:1701 Modules linked in: CPU: 1 PID: 7220 Comm: syz-executor380 Not tainted 6.9.0-syzkaller-07726-g3c999d1ae3c7 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 RIP: 0010:sock_map_close+0x2a2/0x2d0 net/core/sock_map.c:1701 Code: df e8 92 29 88 f8 48 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 79 29 88 f8 4c 8b 23 eb 89 e8 4f 15 23 f8 90 <0f> 0b 90 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d e9 13 26 3d 02 RSP: 0018:ffffc9000441fda8 EFLAGS: 00010293 RAX: ffffffff89731ae1 RBX: ffffffff94b87540 RCX: ffff888029470000 RDX: 0000000000000000 RSI: ffffffff8bcab5c0 RDI: ffffffff8c1faba0 RBP: 0000000000000000 R08: ffffffff92f9b61f R09: 1ffffffff25f36c3 R10: dffffc0000000000 R11: fffffbfff25f36c4 R12: ffffffff89731840 R13: ffff88804b587000 R14: ffff88804b587000 R15: ffffffff89731870 FS: 000055555e080380(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 00000000207d4000 CR4: 0000000000350ef0 Call Trace: <TASK> unix_release+0x87/0xc0 net/unix/af_unix.c:1048 __sock_release net/socket.c:659 [inline] sock_close+0xbe/0x240 net/socket.c:1421 __fput+0x42b/0x8a0 fs/file_table.c:422 __do_sys_close fs/open.c:1556 [inline] __se_sys_close fs/open.c:1541 [inline] __x64_sys_close+0x7f/0x110 fs/open.c:1541 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fb37d618070 Code: 00 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d4 e8 10 2c 00 00 80 3d 31 f0 07 00 00 74 17 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c RSP: 002b:00007ffcd4a525d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000003 RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007fb37d618070 RDX: 0000000000000010 RSI: 00000000200001c0 RDI: 0000000000000004 RBP: 0000000000000000 R08: 0000000100000000 R09: 0000000100000000 R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 </TASK> Use sk_psock, which will only check that the pointer is not been set to NULL yet, which should only happen after the callbacks are restored. If, then, a reference can still be gotten, we may call sk_psock_stop and cancel psock->work. As suggested by Paolo Abeni, reorder the condition so the control flow is less convoluted. After that change, the reproducer does not trigger the WARN_ON_ONCE anymore. Suggested-by: Paolo Abeni <pabeni(a)redhat.com> Reported-by: syzbot+07a2e4a1a57118ef7355(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=07a2e4a1a57118ef7355 Fixes: aadb2bb83ff7 ("sock_map: Fix a potential use-after-free in sock_map_close()") Fixes: 5b4a79ba65a1 ("bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself") Cc: stable(a)vger.kernel.org Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> --- v2: change control flow as suggested by Paolo Abeni v1: https://lore.kernel.org/netdev/20240520214153.847619-1-cascardo@igalia.com/ --- net/core/sock_map.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/net/core/sock_map.c b/net/core/sock_map.c index 9402889840bf..c3179567a99a 100644 --- a/net/core/sock_map.c +++ b/net/core/sock_map.c @@ -1680,19 +1680,23 @@ void sock_map_close(struct sock *sk, long timeout) lock_sock(sk); rcu_read_lock(); - psock = sk_psock_get(sk); - if (unlikely(!psock)) { - rcu_read_unlock(); - release_sock(sk); - saved_close = READ_ONCE(sk->sk_prot)->close; - } else { + psock = sk_psock(sk); + if (likely(psock)) { saved_close = psock->saved_close; sock_map_remove_links(sk, psock); + psock = sk_psock_get(sk); + if (unlikely(!psock)) + goto no_psock; rcu_read_unlock(); sk_psock_stop(psock); release_sock(sk); cancel_delayed_work_sync(&psock->work); sk_psock_put(sk, psock); + } else { + saved_close = READ_ONCE(sk->sk_prot)->close; +no_psock: + rcu_read_unlock(); + release_sock(sk); } /* Make sure we do not recurse. This is a bug. -- 2.34.1

1 year, 3 months

4
3
0 0

+ kmsan-do-not-wipe-out-origin-when-doing-partial-unpoisoning.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: kmsan: do not wipe out origin when doing partial unpoisoning has been added to the -mm mm-hotfixes-unstable branch. Its filename is kmsan-do-not-wipe-out-origin-when-doing-partial-unpoisoning.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Alexander Potapenko <glider(a)google.com> Subject: kmsan: do not wipe out origin when doing partial unpoisoning Date: Tue, 28 May 2024 12:48:06 +0200 As noticed by Brian, KMSAN should not be zeroing the origin when unpoisoning parts of a four-byte uninitialized value, e.g.: char a[4]; kmsan_unpoison_memory(a, 1); This led to false negatives, as certain poisoned values could receive zero origins, preventing those values from being reported. To fix the problem, check that kmsan_internal_set_shadow_origin() writes zero origins only to slots which have zero shadow. Link: https://lkml.kernel.org/r/20240528104807.738758-1-glider@google.com Fixes: f80be4571b19 ("kmsan: add KMSAN runtime core") Signed-off-by: Alexander Potapenko <glider(a)google.com> Reported-by: Brian Johannesmeyer <bjohannesmeyer(a)gmail.com> Link: https://lore.kernel.org/lkml/20240524232804.1984355-1-bjohannesmeyer@gmail.… Reviewed-by: Marco Elver <elver(a)google.com> Tested-by: Brian Johannesmeyer <bjohannesmeyer(a)gmail.com> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: Kees Cook <keescook(a)chromium.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/kmsan/core.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) --- a/mm/kmsan/core.c~kmsan-do-not-wipe-out-origin-when-doing-partial-unpoisoning +++ a/mm/kmsan/core.c @@ -196,8 +196,7 @@ void kmsan_internal_set_shadow_origin(vo u32 origin, bool checked) { u64 address = (u64)addr; - void *shadow_start; - u32 *origin_start; + u32 *shadow_start, *origin_start; size_t pad = 0; KMSAN_WARN_ON(!kmsan_metadata_is_contiguous(addr, size)); @@ -225,8 +224,16 @@ void kmsan_internal_set_shadow_origin(vo origin_start = (u32 *)kmsan_get_metadata((void *)address, KMSAN_META_ORIGIN); - for (int i = 0; i < size / KMSAN_ORIGIN_SIZE; i++) - origin_start[i] = origin; + /* + * If the new origin is non-zero, assume that the shadow byte is also non-zero, + * and unconditionally overwrite the old origin slot. + * If the new origin is zero, overwrite the old origin slot iff the + * corresponding shadow slot is zero. + */ + for (int i = 0; i < size / KMSAN_ORIGIN_SIZE; i++) { + if (origin || !shadow_start[i]) + origin_start[i] = origin; + } } struct page *kmsan_vmalloc_to_page_or_null(void *vaddr) _ Patches currently in -mm which might be from glider(a)google.com are kmsan-do-not-wipe-out-origin-when-doing-partial-unpoisoning.patch

1 year, 3 months

1
0
0 0

[PATCH] fs/netfs/fscache_cookie: add missing "n_accesses" check

by Max Kellermann

This fixes a NULL pointer dereference bug due to a data race which looks like this: BUG: kernel NULL pointer dereference, address: 0000000000000008 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] SMP PTI CPU: 33 PID: 16573 Comm: kworker/u97:799 Not tainted 6.8.7-cm4all1-hp+ #43 Hardware name: HP ProLiant DL380 Gen9/ProLiant DL380 Gen9, BIOS P89 10/17/2018 Workqueue: events_unbound netfs_rreq_write_to_cache_work RIP: 0010:cachefiles_prepare_write+0x30/0xa0 Code: 57 41 56 45 89 ce 41 55 49 89 cd 41 54 49 89 d4 55 53 48 89 fb 48 83 ec 08 48 8b 47 08 48 83 7f 10 00 48 89 34 24 48 8b 68 20 <48> 8b 45 08 4c 8b 38 74 45 49 8b 7f 50 e8 4e a9 b0 ff 48 8b 73 10 RSP: 0018:ffffb4e78113bde0 EFLAGS: 00010286 RAX: ffff976126be6d10 RBX: ffff97615cdb8438 RCX: 0000000000020000 RDX: ffff97605e6c4c68 RSI: ffff97605e6c4c60 RDI: ffff97615cdb8438 RBP: 0000000000000000 R08: 0000000000278333 R09: 0000000000000001 R10: ffff97605e6c4600 R11: 0000000000000001 R12: ffff97605e6c4c68 R13: 0000000000020000 R14: 0000000000000001 R15: ffff976064fe2c00 FS: 0000000000000000(0000) GS:ffff9776dfd40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000008 CR3: 000000005942c002 CR4: 00000000001706f0 Call Trace: <TASK> ? __die+0x1f/0x70 ? page_fault_oops+0x15d/0x440 ? search_module_extables+0xe/0x40 ? fixup_exception+0x22/0x2f0 ? exc_page_fault+0x5f/0x100 ? asm_exc_page_fault+0x22/0x30 ? cachefiles_prepare_write+0x30/0xa0 netfs_rreq_write_to_cache_work+0x135/0x2e0 process_one_work+0x137/0x2c0 worker_thread+0x2e9/0x400 ? __pfx_worker_thread+0x10/0x10 kthread+0xcc/0x100 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x30/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> Modules linked in: CR2: 0000000000000008 ---[ end trace 0000000000000000 ]--- This happened because fscache_cookie_state_machine() was slow and was still running while another process invoked fscache_unuse_cookie(); this led to a fscache_cookie_lru_do_one() call, setting the FSCACHE_COOKIE_DO_LRU_DISCARD flag, which was picked up by fscache_cookie_state_machine(), withdrawing the cookie via cachefiles_withdraw_cookie(), clearing cookie->cache_priv. At the same time, yet another process invoked cachefiles_prepare_write(), which found a NULL pointer in this code line: struct cachefiles_object *object = cachefiles_cres_object(cres); The next line crashes, obviously: struct cachefiles_cache *cache = object->volume->cache; During cachefiles_prepare_write(), the "n_accesses" counter is non-zero (via fscache_begin_operation()). The cookie must not be withdrawn until it drops to zero. The counter is checked by fscache_cookie_state_machine() before switching to FSCACHE_COOKIE_STATE_RELINQUISHING and FSCACHE_COOKIE_STATE_WITHDRAWING (in "case FSCACHE_COOKIE_STATE_FAILED"), but not for FSCACHE_COOKIES_TATE_LRU_DISCARDING ("case FSCACHE_COOKIE_STATE_ACTIVE"). This patch adds the missing check. With a non-zero access counter, the function returns and the next fscache_end_cookie_access() call will queue another fscache_cookie_state_machine() call to handle the still-pending FSCACHE_COOKIE_DO_LRU_DISCARD. Cc: <stable(a)vger.kernel.org> Signed-off-by: Max Kellermann <max.kellermann(a)ionos.com> --- fs/netfs/fscache_cookie.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fs/netfs/fscache_cookie.c b/fs/netfs/fscache_cookie.c index bce2492186d0..d4d4b3a8b106 100644 --- a/fs/netfs/fscache_cookie.c +++ b/fs/netfs/fscache_cookie.c @@ -741,6 +741,10 @@ static void fscache_cookie_state_machine(struct fscache_cookie *cookie) spin_lock(&cookie->lock); } if (test_bit(FSCACHE_COOKIE_DO_LRU_DISCARD, &cookie->flags)) { + if (atomic_read(&cookie->n_accesses) != 0) + /* still being accessed: postpone it */ + break; + __fscache_set_cookie_state(cookie, FSCACHE_COOKIE_STATE_LRU_DISCARDING); wake = true; -- 2.39.2

1 year, 3 months

1
0
0 0

Re: [PATCH v3] af_packet: Handle outgoing VLAN packets without hardware offloading

by Willem de Bruijn

On Mon, May 27, 2024 at 11:40 PM Chengen Du <chengen.du(a)canonical.com> wrote: > > Hi Willem, > > Thank you for your suggestions on the patch. > However, there are some parts I am not familiar with, and I would appreciate more detailed information from your side. Please respond with plain-text email. This message did not make it to the list. Also no top posting. https://docs.kernel.org/process/submitting-patches.html https://subspace.kernel.org/etiquette.html > > > @@ -2457,7 +2465,8 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, > > > sll->sll_halen = dev_parse_header(skb, sll->sll_addr); > > > sll->sll_family = AF_PACKET; > > > sll->sll_hatype = dev->type; > > > - sll->sll_protocol = skb->protocol; > > > + sll->sll_protocol = (skb->protocol == htons(ETH_P_8021Q)) ? > > > + vlan_eth_hdr(skb)->h_vlan_encapsulated_proto : skb->protocol; > > > > In SOCK_RAW mode, the VLAN tag will be present, so should be returned. > > Based on libpcap's handling, the SLL may not be used in SOCK_RAW mode. The kernel fills in the sockaddr_ll fields in tpacket_rcv for both SOCK_RAW and SOCK_DGRAM. Libpcap already can use both SOCK_RAW and SOCK_DGRAM. And constructs the sll2_header pseudo header that tcpdump sees itself, in pcap_handle_packet_mmap. > Do you recommend evaluating the mode and maintaining the original logic in SOCK_RAW mode, > or should we use the same logic for both SOCK_DGRAM and SOCK_RAW modes? I suggest keeping as is for SOCK_RAW, as returning data that starts at a VLAN header together with skb->protocol of ETH_P_IPV6 would be just as confusing as the inverse that we do today on SOCK_DGRAM. > > > > I'm concerned about returning a different value between SOCK_RAW and > > SOCK_DGRAM. But don't immediately see a better option. And for > > SOCK_DGRAM this approach is indistinguishable from the result on a > > device with hardware offload, so is acceptable. > > > > This test for ETH_P_8021Q ignores the QinQ stacked VLAN case. When > > fixing VLAN encap, both variants should be addressed at the same time. > > Note that ETH_P_8021AD is included in the eth_type_vlan test you call > > above. > > In patch 1, the eth_type_vlan() function is used to determine if we need to set the sll_protocol to the VLAN-encapsulated protocol, which includes both ETH_P_8021Q and ETH_P_8021AD. > You mentioned previously that we might want the true network protocol instead of the inner VLAN tag in the QinQ case (which means 802.1ad?). > I believe I may have misunderstood your point. I mean that if SOCK_DGRAM strips all VLAN headers to return the data from the start of the true network header, then skb->protocol should return that network protocol. With vlan stacking, your patch currently returns ETH_P_8021Q. See the packet formats in https://en.wikipedia.org/wiki/IEEE_802.1ad#Frame_format if you're confused about how stacking works. > Could you please confirm if both ETH_P_8021Q and ETH_P_8021AD should use the VLAN-encapsulated protocol when VLAN hardware offloading is unavailable? > Or are there other aspects that this judgment does not handle correctly?

1 year, 3 months

1
0
0 0

[PATCH] Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591

by WangYuli

Add the support ID(0x13d3, 0x3591) to usb_device_id table for Realtek RTL8852BE. The device table is as follows: T: Bus=01 Lev=02 Prnt=03 Port=00 Cnt=01 Dev#= 5 Spd=12 MxCh= 0 D: Ver= 1.00 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=13d3 ProdID=3591 Rev= 0.00 S: Manufacturer=Realtek S: Product=Bluetooth Radio S: SerialNumber=00e04c000001 C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=500mA I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=1ms E: Ad=02(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms I: If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms I: If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms I: If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 25 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 25 Ivl=1ms I: If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 33 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 33 Ivl=1ms I: If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 49 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 49 Ivl=1ms Cc: stable(a)vger.kernel.org Signed-off-by: Wentao Guan <guanwentao(a)uniontech.com> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> --- drivers/bluetooth/btusb.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index 79aefdb3324d..7b9421423ebc 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c @@ -555,6 +555,8 @@ static const struct usb_device_id quirks_table[] = { BTUSB_WIDEBAND_SPEECH }, { USB_DEVICE(0x13d3, 0x3572), .driver_info = BTUSB_REALTEK | BTUSB_WIDEBAND_SPEECH }, + { USB_DEVICE(0x13d3, 0x3591), .driver_info = BTUSB_REALTEK | + BTUSB_WIDEBAND_SPEECH }, /* Realtek 8852BT/8852BE-VT Bluetooth devices */ { USB_DEVICE(0x0bda, 0x8520), .driver_info = BTUSB_REALTEK | -- 2.45.1

1 year, 3 months

1
0
0 0

[PATCH 1/1] j1939: recover socket queue on CAN bus error during BAM transmission

by Oleksij Rempel

Addresses an issue where a CAN bus error during a BAM transmission could stall the socket queue, preventing further transmissions even after the bus error is resolved. The fix activates the next queued session after the error recovery, allowing communication to continue. Fixes: 9d71dd0c70099 ("can: add support of SAE J1939 protocol") Cc: stable(a)vger.kernel.org Reported-by: Alexander Hölzl <alexander.hoelzl(a)gmx.net> Tested-by: Alexander Hölzl <alexander.hoelzl(a)gmx.net> Signed-off-by: Oleksij Rempel <o.rempel(a)pengutronix.de> --- net/can/j1939/transport.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/can/j1939/transport.c b/net/can/j1939/transport.c index fe3df23a25957..9805124d16763 100644 --- a/net/can/j1939/transport.c +++ b/net/can/j1939/transport.c @@ -1681,6 +1681,8 @@ static int j1939_xtp_rx_rts_session_active(struct j1939_session *session, j1939_session_timers_cancel(session); j1939_session_cancel(session, J1939_XTP_ABORT_BUSY); + if (session->transmission) + j1939_session_deactivate_activate_next(session); return -EBUSY; } -- 2.39.2

1 year, 3 months

2
1
0 0

Quick note, current 6.1 q successful test

by Eddie Chapman

Just a quick note to say I've just booted 6.1.92, plus the 274 patches in the current stable queue applied, on an x86-64 workstation and no problems or issues to report, no unexpected errors in dmesg. (AMD Ryzen, 3 x AMD gpu, sata, nvme, lots of USB, Gentoo, SELinux, KDE) Eddie

1 year, 3 months

1
0
0 0

[PATCH V3 1/8] clk: qcom: clk-alpha-pll: Fix CAL_L_VAL override for LUCID EVO PLL

by Ajit Pandey

In LUCID EVO PLL CAL_L_VAL and L_VAL bitfields are part of single PLL_L_VAL register. Update for L_VAL bitfield values in PLL_L_VAL register using regmap_write() API in __alpha_pll_trion_set_rate callback will override LUCID EVO PLL initial configuration related to PLL_CAL_L_VAL bit fields in PLL_L_VAL register. Observed random PLL lock failures during PLL enable due to such override in PLL calibration value. Use regmap_update_bits() with L_VAL bitfield mask instead of regmap_write() API to update only PLL_L_VAL bitfields in __alpha_pll_trion_set_rate callback. Fixes: 260e36606a03 ("clk: qcom: clk-alpha-pll: add Lucid EVO PLL configuration interfaces") Cc: stable(a)vger.kernel.org Signed-off-by: Ajit Pandey <quic_ajipan(a)quicinc.com> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> --- drivers/clk/qcom/clk-alpha-pll.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/clk/qcom/clk-alpha-pll.c b/drivers/clk/qcom/clk-alpha-pll.c index d4227909d1fe..62138ed3df88 100644 --- a/drivers/clk/qcom/clk-alpha-pll.c +++ b/drivers/clk/qcom/clk-alpha-pll.c @@ -1665,7 +1665,7 @@ static int __alpha_pll_trion_set_rate(struct clk_hw *hw, unsigned long rate, if (ret < 0) return ret; - regmap_write(pll->clkr.regmap, PLL_L_VAL(pll), l); + regmap_update_bits(pll->clkr.regmap, PLL_L_VAL(pll), LUCID_EVO_PLL_L_VAL_MASK, l); regmap_write(pll->clkr.regmap, PLL_ALPHA_VAL(pll), a); /* Latch the PLL input */ -- 2.25.1

1 year, 3 months

1
0
0 0

[PATCH v2 2/2] xhci: Apply broken streams quirk to Etron EJ188 xHCI host

by Kuangyi Chiang

As described in commit 8f873c1ff4ca ("xhci: Blacklist using streams on the Etron EJ168 controller"), EJ188 have the same issue as EJ168, where Streams do not work reliable on EJ188. So apply XHCI_BROKEN_STREAMS quirk to EJ188 as well. Cc: <stable(a)vger.kernel.org> Signed-off-by: Kuangyi Chiang <ki.chiang65(a)gmail.com> --- Changes in v2: - Porting to latest release drivers/usb/host/xhci-pci.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c index b47d57d80b96..effeec5cf1fa 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -399,6 +399,7 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) if (pdev->vendor == PCI_VENDOR_ID_ETRON && pdev->device == PCI_DEVICE_ID_EJ188) { xhci->quirks |= XHCI_RESET_ON_RESUME; + xhci->quirks |= XHCI_BROKEN_STREAMS; } if (pdev->vendor == PCI_VENDOR_ID_RENESAS && pdev->device == 0x0014) { -- 2.25.1

1 year, 3 months

3
3
0 0

[PATCH 0/2] cpufreq: qcom-nvmem: fix memory leaks and add auto device node cleanup

by Javier Carrasco

There are a number of error paths in the probe function that do not call of_node_put() to decrement the np device node refcount, leading to memory leaks if those errors occur. In order to ease backporting, the fix has been divided into two patches: the first one simply adds the missing calls to of_node_put(), and the second one adds the __free() macro to the existing device nodes to remove the need for of_node_put(), ensuring that the same bug will not arise in the future. The issue was found by chance while analyzing the code, and I do not have the hardware to test it beyond compiling and static analysis tools. Although the issue is clear and the fix too, if someone wants to volunteer to test the series with real hardware, it would be great. Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> --- Javier Carrasco (2): cpufreq: qcom-nvmem: fix memory leaks in probe error paths cpufreq: qcom-nvmem: eliminate uses of of_node_put() drivers/cpufreq/qcom-cpufreq-nvmem.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) --- base-commit: 3689b0ef08b70e4e03b82ebd37730a03a672853a change-id: 20240523-qcom-cpufreq-nvmem_memleak-6b6821db52b1 Best regards, -- Javier Carrasco <javier.carrasco.cruz(a)gmail.com>

1 year, 3 months

2
2
0 0

[PATCH v2 2/2] xhci: Apply broken streams quirk to Etron EJ188 xHCI host

by Kuangyi Chiang

As described in commit 8f873c1ff4ca ("xhci: Blacklist using streams on the Etron EJ168 controller"), EJ188 have the same issue as EJ168, where Streams do not work reliable on EJ188. So apply XHCI_BROKEN_STREAMS quirk to EJ188 as well. Cc: <stable(a)vger.kernel.org> Signed-off-by: Kuangyi Chiang <ki.chiang65(a)gmail.com> --- Changes in v2: - Porting to latest release drivers/usb/host/xhci-pci.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c index b47d57d80b96..effeec5cf1fa 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -399,6 +399,7 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) if (pdev->vendor == PCI_VENDOR_ID_ETRON && pdev->device == PCI_DEVICE_ID_EJ188) { xhci->quirks |= XHCI_RESET_ON_RESUME; + xhci->quirks |= XHCI_BROKEN_STREAMS; } if (pdev->vendor == PCI_VENDOR_ID_RENESAS && pdev->device == 0x0014) { -- 2.25.1

1 year, 3 months

1
1
0 0

[PATCH AUTOSEL 4.19] power: supply: cros_usbpd: provide ID table for avoiding fallback match

by Sasha Levin

From: Tzung-Bi Shih <tzungbi(a)kernel.org> [ Upstream commit 0f8678c34cbfdc63569a9b0ede1fe235ec6ec693 ] Instead of using fallback driver name match, provide ID table[1] for the primary match. [1]: https://elixir.bootlin.com/linux/v6.8/source/drivers/base/platform.c#L1353 Reviewed-by: Benson Leung <bleung(a)chromium.org> Reviewed-by: Prashant Malani <pmalani(a)chromium.org> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Signed-off-by: Tzung-Bi Shih <tzungbi(a)kernel.org> Link: https://lore.kernel.org/r/20240401030052.2887845-4-tzungbi@kernel.org Signed-off-by: Sebastian Reichel <sebastian.reichel(a)collabora.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/power/supply/cros_usbpd-charger.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/power/supply/cros_usbpd-charger.c b/drivers/power/supply/cros_usbpd-charger.c index 74b5914abbf7e..123a5572fe5b1 100644 --- a/drivers/power/supply/cros_usbpd-charger.c +++ b/drivers/power/supply/cros_usbpd-charger.c @@ -5,6 +5,7 @@ * Copyright (c) 2014 - 2018 Google, Inc */ +#include <linux/mod_devicetable.h> #include <linux/module.h> #include <linux/mfd/cros_ec.h> #include <linux/mfd/cros_ec_commands.h> @@ -530,16 +531,22 @@ static int cros_usbpd_charger_resume(struct device *dev) static SIMPLE_DEV_PM_OPS(cros_usbpd_charger_pm_ops, NULL, cros_usbpd_charger_resume); +static const struct platform_device_id cros_usbpd_charger_id[] = { + { DRV_NAME, 0 }, + {} +}; +MODULE_DEVICE_TABLE(platform, cros_usbpd_charger_id); + static struct platform_driver cros_usbpd_charger_driver = { .driver = { .name = DRV_NAME, .pm = &cros_usbpd_charger_pm_ops, }, - .probe = cros_usbpd_charger_probe + .probe = cros_usbpd_charger_probe, + .id_table = cros_usbpd_charger_id, }; module_platform_driver(cros_usbpd_charger_driver); MODULE_LICENSE("GPL"); MODULE_DESCRIPTION("ChromeOS EC USBPD charger"); -MODULE_ALIAS("platform:" DRV_NAME); -- 2.43.0

1 year, 3 months

1
0
0 0

[PATCH AUTOSEL 5.10 1/2] power: supply: cros_usbpd: provide ID table for avoiding fallback match

by Sasha Levin

From: Tzung-Bi Shih <tzungbi(a)kernel.org> [ Upstream commit 0f8678c34cbfdc63569a9b0ede1fe235ec6ec693 ] Instead of using fallback driver name match, provide ID table[1] for the primary match. [1]: https://elixir.bootlin.com/linux/v6.8/source/drivers/base/platform.c#L1353 Reviewed-by: Benson Leung <bleung(a)chromium.org> Reviewed-by: Prashant Malani <pmalani(a)chromium.org> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Signed-off-by: Tzung-Bi Shih <tzungbi(a)kernel.org> Link: https://lore.kernel.org/r/20240401030052.2887845-4-tzungbi@kernel.org Signed-off-by: Sebastian Reichel <sebastian.reichel(a)collabora.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/power/supply/cros_usbpd-charger.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/power/supply/cros_usbpd-charger.c b/drivers/power/supply/cros_usbpd-charger.c index 0a4f02e4ae7ba..d7ee1eb9ca880 100644 --- a/drivers/power/supply/cros_usbpd-charger.c +++ b/drivers/power/supply/cros_usbpd-charger.c @@ -5,6 +5,7 @@ * Copyright (c) 2014 - 2018 Google, Inc */ +#include <linux/mod_devicetable.h> #include <linux/module.h> #include <linux/platform_data/cros_ec_commands.h> #include <linux/platform_data/cros_ec_proto.h> @@ -711,16 +712,22 @@ static int cros_usbpd_charger_resume(struct device *dev) static SIMPLE_DEV_PM_OPS(cros_usbpd_charger_pm_ops, NULL, cros_usbpd_charger_resume); +static const struct platform_device_id cros_usbpd_charger_id[] = { + { DRV_NAME, 0 }, + {} +}; +MODULE_DEVICE_TABLE(platform, cros_usbpd_charger_id); + static struct platform_driver cros_usbpd_charger_driver = { .driver = { .name = DRV_NAME, .pm = &cros_usbpd_charger_pm_ops, }, - .probe = cros_usbpd_charger_probe + .probe = cros_usbpd_charger_probe, + .id_table = cros_usbpd_charger_id, }; module_platform_driver(cros_usbpd_charger_driver); MODULE_LICENSE("GPL"); MODULE_DESCRIPTION("ChromeOS EC USBPD charger"); -MODULE_ALIAS("platform:" DRV_NAME); -- 2.43.0

1 year, 3 months

1
1
0 0

[PATCH AUTOSEL 5.15 1/2] power: supply: cros_usbpd: provide ID table for avoiding fallback match

by Sasha Levin

From: Tzung-Bi Shih <tzungbi(a)kernel.org> [ Upstream commit 0f8678c34cbfdc63569a9b0ede1fe235ec6ec693 ] Instead of using fallback driver name match, provide ID table[1] for the primary match. [1]: https://elixir.bootlin.com/linux/v6.8/source/drivers/base/platform.c#L1353 Reviewed-by: Benson Leung <bleung(a)chromium.org> Reviewed-by: Prashant Malani <pmalani(a)chromium.org> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Signed-off-by: Tzung-Bi Shih <tzungbi(a)kernel.org> Link: https://lore.kernel.org/r/20240401030052.2887845-4-tzungbi@kernel.org Signed-off-by: Sebastian Reichel <sebastian.reichel(a)collabora.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/power/supply/cros_usbpd-charger.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/power/supply/cros_usbpd-charger.c b/drivers/power/supply/cros_usbpd-charger.c index 0a4f02e4ae7ba..d7ee1eb9ca880 100644 --- a/drivers/power/supply/cros_usbpd-charger.c +++ b/drivers/power/supply/cros_usbpd-charger.c @@ -5,6 +5,7 @@ * Copyright (c) 2014 - 2018 Google, Inc */ +#include <linux/mod_devicetable.h> #include <linux/module.h> #include <linux/platform_data/cros_ec_commands.h> #include <linux/platform_data/cros_ec_proto.h> @@ -711,16 +712,22 @@ static int cros_usbpd_charger_resume(struct device *dev) static SIMPLE_DEV_PM_OPS(cros_usbpd_charger_pm_ops, NULL, cros_usbpd_charger_resume); +static const struct platform_device_id cros_usbpd_charger_id[] = { + { DRV_NAME, 0 }, + {} +}; +MODULE_DEVICE_TABLE(platform, cros_usbpd_charger_id); + static struct platform_driver cros_usbpd_charger_driver = { .driver = { .name = DRV_NAME, .pm = &cros_usbpd_charger_pm_ops, }, - .probe = cros_usbpd_charger_probe + .probe = cros_usbpd_charger_probe, + .id_table = cros_usbpd_charger_id, }; module_platform_driver(cros_usbpd_charger_driver); MODULE_LICENSE("GPL"); MODULE_DESCRIPTION("ChromeOS EC USBPD charger"); -MODULE_ALIAS("platform:" DRV_NAME); -- 2.43.0

1 year, 3 months

1
1
0 0

[PATCH AUTOSEL 6.1 1/2] power: supply: cros_usbpd: provide ID table for avoiding fallback match

by Sasha Levin

From: Tzung-Bi Shih <tzungbi(a)kernel.org> [ Upstream commit 0f8678c34cbfdc63569a9b0ede1fe235ec6ec693 ] Instead of using fallback driver name match, provide ID table[1] for the primary match. [1]: https://elixir.bootlin.com/linux/v6.8/source/drivers/base/platform.c#L1353 Reviewed-by: Benson Leung <bleung(a)chromium.org> Reviewed-by: Prashant Malani <pmalani(a)chromium.org> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Signed-off-by: Tzung-Bi Shih <tzungbi(a)kernel.org> Link: https://lore.kernel.org/r/20240401030052.2887845-4-tzungbi@kernel.org Signed-off-by: Sebastian Reichel <sebastian.reichel(a)collabora.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/power/supply/cros_usbpd-charger.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/power/supply/cros_usbpd-charger.c b/drivers/power/supply/cros_usbpd-charger.c index b6c96376776a9..8008e31c0c098 100644 --- a/drivers/power/supply/cros_usbpd-charger.c +++ b/drivers/power/supply/cros_usbpd-charger.c @@ -5,6 +5,7 @@ * Copyright (c) 2014 - 2018 Google, Inc */ +#include <linux/mod_devicetable.h> #include <linux/module.h> #include <linux/platform_data/cros_ec_commands.h> #include <linux/platform_data/cros_ec_proto.h> @@ -711,16 +712,22 @@ static int cros_usbpd_charger_resume(struct device *dev) static SIMPLE_DEV_PM_OPS(cros_usbpd_charger_pm_ops, NULL, cros_usbpd_charger_resume); +static const struct platform_device_id cros_usbpd_charger_id[] = { + { DRV_NAME, 0 }, + {} +}; +MODULE_DEVICE_TABLE(platform, cros_usbpd_charger_id); + static struct platform_driver cros_usbpd_charger_driver = { .driver = { .name = DRV_NAME, .pm = &cros_usbpd_charger_pm_ops, }, - .probe = cros_usbpd_charger_probe + .probe = cros_usbpd_charger_probe, + .id_table = cros_usbpd_charger_id, }; module_platform_driver(cros_usbpd_charger_driver); MODULE_LICENSE("GPL"); MODULE_DESCRIPTION("ChromeOS EC USBPD charger"); -MODULE_ALIAS("platform:" DRV_NAME); -- 2.43.0

1 year, 3 months

1
1
0 0

[PATCH AUTOSEL 6.6 1/4] power: supply: cros_usbpd: provide ID table for avoiding fallback match

by Sasha Levin

From: Tzung-Bi Shih <tzungbi(a)kernel.org> [ Upstream commit 0f8678c34cbfdc63569a9b0ede1fe235ec6ec693 ] Instead of using fallback driver name match, provide ID table[1] for the primary match. [1]: https://elixir.bootlin.com/linux/v6.8/source/drivers/base/platform.c#L1353 Reviewed-by: Benson Leung <bleung(a)chromium.org> Reviewed-by: Prashant Malani <pmalani(a)chromium.org> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Signed-off-by: Tzung-Bi Shih <tzungbi(a)kernel.org> Link: https://lore.kernel.org/r/20240401030052.2887845-4-tzungbi@kernel.org Signed-off-by: Sebastian Reichel <sebastian.reichel(a)collabora.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/power/supply/cros_usbpd-charger.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/power/supply/cros_usbpd-charger.c b/drivers/power/supply/cros_usbpd-charger.c index b6c96376776a9..8008e31c0c098 100644 --- a/drivers/power/supply/cros_usbpd-charger.c +++ b/drivers/power/supply/cros_usbpd-charger.c @@ -5,6 +5,7 @@ * Copyright (c) 2014 - 2018 Google, Inc */ +#include <linux/mod_devicetable.h> #include <linux/module.h> #include <linux/platform_data/cros_ec_commands.h> #include <linux/platform_data/cros_ec_proto.h> @@ -711,16 +712,22 @@ static int cros_usbpd_charger_resume(struct device *dev) static SIMPLE_DEV_PM_OPS(cros_usbpd_charger_pm_ops, NULL, cros_usbpd_charger_resume); +static const struct platform_device_id cros_usbpd_charger_id[] = { + { DRV_NAME, 0 }, + {} +}; +MODULE_DEVICE_TABLE(platform, cros_usbpd_charger_id); + static struct platform_driver cros_usbpd_charger_driver = { .driver = { .name = DRV_NAME, .pm = &cros_usbpd_charger_pm_ops, }, - .probe = cros_usbpd_charger_probe + .probe = cros_usbpd_charger_probe, + .id_table = cros_usbpd_charger_id, }; module_platform_driver(cros_usbpd_charger_driver); MODULE_LICENSE("GPL"); MODULE_DESCRIPTION("ChromeOS EC USBPD charger"); -MODULE_ALIAS("platform:" DRV_NAME); -- 2.43.0

1 year, 3 months

1
3
0 0

[PATCH AUTOSEL 6.8 1/4] power: supply: cros_usbpd: provide ID table for avoiding fallback match

by Sasha Levin

From: Tzung-Bi Shih <tzungbi(a)kernel.org> [ Upstream commit 0f8678c34cbfdc63569a9b0ede1fe235ec6ec693 ] Instead of using fallback driver name match, provide ID table[1] for the primary match. [1]: https://elixir.bootlin.com/linux/v6.8/source/drivers/base/platform.c#L1353 Reviewed-by: Benson Leung <bleung(a)chromium.org> Reviewed-by: Prashant Malani <pmalani(a)chromium.org> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Signed-off-by: Tzung-Bi Shih <tzungbi(a)kernel.org> Link: https://lore.kernel.org/r/20240401030052.2887845-4-tzungbi@kernel.org Signed-off-by: Sebastian Reichel <sebastian.reichel(a)collabora.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/power/supply/cros_usbpd-charger.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/power/supply/cros_usbpd-charger.c b/drivers/power/supply/cros_usbpd-charger.c index b6c96376776a9..8008e31c0c098 100644 --- a/drivers/power/supply/cros_usbpd-charger.c +++ b/drivers/power/supply/cros_usbpd-charger.c @@ -5,6 +5,7 @@ * Copyright (c) 2014 - 2018 Google, Inc */ +#include <linux/mod_devicetable.h> #include <linux/module.h> #include <linux/platform_data/cros_ec_commands.h> #include <linux/platform_data/cros_ec_proto.h> @@ -711,16 +712,22 @@ static int cros_usbpd_charger_resume(struct device *dev) static SIMPLE_DEV_PM_OPS(cros_usbpd_charger_pm_ops, NULL, cros_usbpd_charger_resume); +static const struct platform_device_id cros_usbpd_charger_id[] = { + { DRV_NAME, 0 }, + {} +}; +MODULE_DEVICE_TABLE(platform, cros_usbpd_charger_id); + static struct platform_driver cros_usbpd_charger_driver = { .driver = { .name = DRV_NAME, .pm = &cros_usbpd_charger_pm_ops, }, - .probe = cros_usbpd_charger_probe + .probe = cros_usbpd_charger_probe, + .id_table = cros_usbpd_charger_id, }; module_platform_driver(cros_usbpd_charger_driver); MODULE_LICENSE("GPL"); MODULE_DESCRIPTION("ChromeOS EC USBPD charger"); -MODULE_ALIAS("platform:" DRV_NAME); -- 2.43.0

1 year, 3 months

1
3
0 0

[PATCH AUTOSEL 6.9 1/5] power: supply: cros_usbpd: provide ID table for avoiding fallback match

by Sasha Levin

From: Tzung-Bi Shih <tzungbi(a)kernel.org> [ Upstream commit 0f8678c34cbfdc63569a9b0ede1fe235ec6ec693 ] Instead of using fallback driver name match, provide ID table[1] for the primary match. [1]: https://elixir.bootlin.com/linux/v6.8/source/drivers/base/platform.c#L1353 Reviewed-by: Benson Leung <bleung(a)chromium.org> Reviewed-by: Prashant Malani <pmalani(a)chromium.org> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Signed-off-by: Tzung-Bi Shih <tzungbi(a)kernel.org> Link: https://lore.kernel.org/r/20240401030052.2887845-4-tzungbi@kernel.org Signed-off-by: Sebastian Reichel <sebastian.reichel(a)collabora.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/power/supply/cros_usbpd-charger.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/power/supply/cros_usbpd-charger.c b/drivers/power/supply/cros_usbpd-charger.c index b6c96376776a9..8008e31c0c098 100644 --- a/drivers/power/supply/cros_usbpd-charger.c +++ b/drivers/power/supply/cros_usbpd-charger.c @@ -5,6 +5,7 @@ * Copyright (c) 2014 - 2018 Google, Inc */ +#include <linux/mod_devicetable.h> #include <linux/module.h> #include <linux/platform_data/cros_ec_commands.h> #include <linux/platform_data/cros_ec_proto.h> @@ -711,16 +712,22 @@ static int cros_usbpd_charger_resume(struct device *dev) static SIMPLE_DEV_PM_OPS(cros_usbpd_charger_pm_ops, NULL, cros_usbpd_charger_resume); +static const struct platform_device_id cros_usbpd_charger_id[] = { + { DRV_NAME, 0 }, + {} +}; +MODULE_DEVICE_TABLE(platform, cros_usbpd_charger_id); + static struct platform_driver cros_usbpd_charger_driver = { .driver = { .name = DRV_NAME, .pm = &cros_usbpd_charger_pm_ops, }, - .probe = cros_usbpd_charger_probe + .probe = cros_usbpd_charger_probe, + .id_table = cros_usbpd_charger_id, }; module_platform_driver(cros_usbpd_charger_driver); MODULE_LICENSE("GPL"); MODULE_DESCRIPTION("ChromeOS EC USBPD charger"); -MODULE_ALIAS("platform:" DRV_NAME); -- 2.43.0

1 year, 3 months

1
4
0 0

Linux 6.9.2

by Greg Kroah-Hartman

I'm announcing the release of the 6.9.2 kernel. All users of the 6.9 kernel series must upgrade. The updated 6.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.9.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/stable/sysfs-block | 10 ++ Documentation/admin-guide/hw-vuln/core-scheduling.rst | 4 Documentation/admin-guide/mm/damon/usage.rst | 6 - Documentation/sphinx/kernel_include.py | 1 Makefile | 2 arch/x86/include/asm/percpu.h | 6 - block/genhd.c | 15 ++- block/partitions/core.c | 5 - drivers/android/binder.c | 2 drivers/android/binder_internal.h | 2 drivers/bluetooth/btusb.c | 1 drivers/cpufreq/amd-pstate.c | 22 ++++- drivers/gpu/drm/amd/display/dc/dsc/dc_dsc.c | 7 + drivers/media/v4l2-core/v4l2-ctrls-core.c | 18 +--- drivers/net/ethernet/micrel/ks8851_common.c | 18 ---- drivers/net/usb/ax88179_178a.c | 37 ++++++-- drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 10 -- drivers/remoteproc/mtk_scp.c | 10 ++ drivers/tty/serial/kgdboc.c | 30 ++++++- drivers/usb/dwc3/gadget.c | 4 drivers/usb/typec/tipd/core.c | 51 ++++++++---- drivers/usb/typec/tipd/tps6598x.h | 11 ++ drivers/usb/typec/ucsi/displayport.c | 4 include/linux/blkdev.h | 13 +++ include/net/bluetooth/hci.h | 9 ++ include/net/bluetooth/hci_core.h | 1 net/bluetooth/hci_conn.c | 75 ++++++++++++------ net/bluetooth/hci_event.c | 31 ++++--- net/bluetooth/iso.c | 2 net/bluetooth/l2cap_core.c | 17 ---- net/bluetooth/sco.c | 6 - security/keys/trusted-keys/trusted_tpm2.c | 25 ++++-- sound/soc/intel/boards/Makefile | 1 sound/soc/intel/boards/sof_sdw.c | 12 +- sound/soc/intel/boards/sof_sdw_common.h | 1 sound/soc/intel/boards/sof_sdw_rt_dmic.c | 52 ++++++++++++ 36 files changed, 356 insertions(+), 165 deletions(-) Akira Yokosawa (1): docs: kernel_include.py: Cope with docutils 0.21 AngeloGioacchino Del Regno (1): remoteproc: mediatek: Make sure IPI buffer fits in L2TCM Bard Liao (1): ASoC: Intel: sof_sdw: use generic rtd_init function for Realtek SDW DMICs Ben Greear (1): wifi: iwlwifi: Use request_module_nowait Carlos Llamas (1): binder: fix max_thread type inconsistency Christoph Hellwig (2): block: add a disk_has_partscan helper block: add a partscan sysfs attribute for disks Daniel Thompson (1): serial: kgdboc: Fix NMI-safety problems from keyboard reset code Greg Kroah-Hartman (1): Linux 6.9.2 Hans Verkuil (1): Revert "media: v4l2-ctrls: show all owned controls in log_status" Heikki Krogerus (1): usb: typec: ucsi: displayport: Fix potential deadlock Jarkko Sakkinen (2): KEYS: trusted: Fix memory leak in tpm2_key_encode() KEYS: trusted: Do not use WARN when encode fails Javier Carrasco (2): usb: typec: tipd: fix event checking for tps25750 usb: typec: tipd: fix event checking for tps6598x Jose Fernandez (1): drm/amd/display: Fix division by zero in setup_dsc_config Jose Ignacio Tornos Martinez (1): net: usb: ax88179_178a: fix link status when link is set to down/up Perry Yuan (1): cpufreq: amd-pstate: fix the highest frequency issue which limits performance Peter Tsao (1): Bluetooth: btusb: Fix the patch for MT7920 the affected to MT7921 Prashanth K (1): usb: dwc3: Wait unconditionally after issuing EndXfer command Ronald Wahl (1): net: ks8851: Fix another TX stall caused by wrong ISR flag handling SeongJae Park (2): Docs/admin-guide/mm/damon/usage: fix wrong example of DAMOS filter matching sysfs file Docs/admin-guide/mm/damon/usage: fix wrong schemes effective quota update command Sungwoo Kim (1): Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() Thomas Weißschuh (1): admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET Uros Bizjak (1): x86/percpu: Use __force to cast from __percpu address space

1 year, 3 months

3
3
0 0

[PATCH v3] mei: vsc: Don't stop/restart mei device during system suspend/resume

by Wentong Wu

The dynamically created mei client device (mei csi) is used as one V4L2 sub device of the whole video pipeline, and the V4L2 connection graph is built by software node. The mei_stop() and mei_restart() will delete the old mei csi client device and create a new mei client device, which will cause the software node information saved in old mei csi device lost and the whole video pipeline will be broken. Removing mei_stop()/mei_restart() during system suspend/resume can fix the issue above and won't impact hardware actual power saving logic. Fixes: f6085a96c973 ("mei: vsc: Unregister interrupt handler for system suspend") Cc: stable(a)vger.kernel.org # for 6.8+ Reported-by: Hao Yao <hao.yao(a)intel.com> Signed-off-by: Wentong Wu <wentong.wu(a)intel.com> Reviewed-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> Tested-by: Jason Chen <jason.z.chen(a)intel.com> Tested-by: Sakari Ailus <sakari.ailus(a)linux.intel.com> --- Changes since v2: - add change log which is not covered by v2, and no code change Changes since v1: - correct Fixes commit id in commit message, and no code change --- drivers/misc/mei/platform-vsc.c | 39 +++++++++++++-------------------- 1 file changed, 15 insertions(+), 24 deletions(-) diff --git a/drivers/misc/mei/platform-vsc.c b/drivers/misc/mei/platform-vsc.c index b543e6b9f3cf..1ec65d87488a 100644 --- a/drivers/misc/mei/platform-vsc.c +++ b/drivers/misc/mei/platform-vsc.c @@ -399,41 +399,32 @@ static void mei_vsc_remove(struct platform_device *pdev) static int mei_vsc_suspend(struct device *dev) { - struct mei_device *mei_dev = dev_get_drvdata(dev); - struct mei_vsc_hw *hw = mei_dev_to_vsc_hw(mei_dev); + struct mei_device *mei_dev; + int ret = 0; - mei_stop(mei_dev); + mei_dev = dev_get_drvdata(dev); + if (!mei_dev) + return -ENODEV; - mei_disable_interrupts(mei_dev); + mutex_lock(&mei_dev->device_lock); - vsc_tp_free_irq(hw->tp); + if (!mei_write_is_idle(mei_dev)) + ret = -EAGAIN; - return 0; + mutex_unlock(&mei_dev->device_lock); + + return ret; } static int mei_vsc_resume(struct device *dev) { - struct mei_device *mei_dev = dev_get_drvdata(dev); - struct mei_vsc_hw *hw = mei_dev_to_vsc_hw(mei_dev); - int ret; - - ret = vsc_tp_request_irq(hw->tp); - if (ret) - return ret; - - ret = mei_restart(mei_dev); - if (ret) - goto err_free; + struct mei_device *mei_dev; - /* start timer if stopped in suspend */ - schedule_delayed_work(&mei_dev->timer_work, HZ); + mei_dev = dev_get_drvdata(dev); + if (!mei_dev) + return -ENODEV; return 0; - -err_free: - vsc_tp_free_irq(hw->tp); - - return ret; } static DEFINE_SIMPLE_DEV_PM_OPS(mei_vsc_pm_ops, mei_vsc_suspend, mei_vsc_resume); -- 2.34.1

1 year, 3 months

3
2
0 0

[PATCH 1/2] drm/rockchip: vop: clear DMA stop bit on flush on RK3066

by Val Packett

On the RK3066, there is a bit that must be cleared on flush, otherwise we do not get display output (at least for RGB). Signed-off-by: Val Packett <val(a)packett.cool> Cc: stable(a)vger.kernel.org --- Hi! This was required to get display working on an old RK3066 tablet, along with the next tiny patch in the series enabling the RGB output. I have spent quite a lot of time banging my head against the wall debugging that display (especially since at the same time a scaler chip is used for LVDS encoding), but finally adding debug prints showed that RK3066_SYS_CTRL0 ended up being reset to all-zero after being written correctly upon init. Looking at the register definitions in the vendor driver revealed that the reason was pretty self-explanatory: "dma_stop". --- drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 3 +++ drivers/gpu/drm/rockchip/rockchip_drm_vop.h | 1 + drivers/gpu/drm/rockchip/rockchip_vop_reg.c | 1 + 3 files changed, 5 insertions(+) diff --git a/drivers/gpu/drm/rockchip/rockchip_drm_vop.c b/drivers/gpu/drm/rockchip/rockchip_drm_vop.c index a13473b2d..d4daeba74 100644 --- a/drivers/gpu/drm/rockchip/rockchip_drm_vop.c +++ b/drivers/gpu/drm/rockchip/rockchip_drm_vop.c @@ -1578,6 +1578,9 @@ static void vop_crtc_atomic_flush(struct drm_crtc *crtc, spin_lock(&vop->reg_lock); + /* If the chip has a DMA stop bit (RK3066), it must be cleared. */ + VOP_REG_SET(vop, common, dma_stop, 0); + /* Enable AFBC if there is some AFBC window, disable otherwise. */ s = to_rockchip_crtc_state(crtc->state); VOP_AFBC_SET(vop, enable, s->enable_afbc); diff --git a/drivers/gpu/drm/rockchip/rockchip_drm_vop.h b/drivers/gpu/drm/rockchip/rockchip_drm_vop.h index b33e5bdc2..0cf512cc1 100644 --- a/drivers/gpu/drm/rockchip/rockchip_drm_vop.h +++ b/drivers/gpu/drm/rockchip/rockchip_drm_vop.h @@ -122,6 +122,7 @@ struct vop_common { struct vop_reg lut_buffer_index; struct vop_reg gate_en; struct vop_reg mmu_en; + struct vop_reg dma_stop; struct vop_reg out_mode; struct vop_reg standby; }; diff --git a/drivers/gpu/drm/rockchip/rockchip_vop_reg.c b/drivers/gpu/drm/rockchip/rockchip_vop_reg.c index b9ee02061..9bcb40a64 100644 --- a/drivers/gpu/drm/rockchip/rockchip_vop_reg.c +++ b/drivers/gpu/drm/rockchip/rockchip_vop_reg.c @@ -466,6 +466,7 @@ static const struct vop_output rk3066_output = { }; static const struct vop_common rk3066_common = { + .dma_stop = VOP_REG(RK3066_SYS_CTRL0, 0x1, 0), .standby = VOP_REG(RK3066_SYS_CTRL0, 0x1, 1), .out_mode = VOP_REG(RK3066_DSP_CTRL0, 0xf, 0), .cfg_done = VOP_REG(RK3066_REG_CFG_DONE, 0x1, 0), -- 2.45.0

1 year, 3 months

3
10
0 0

[PATCH] iio: imu: inv_icm42600: delete unneeded update watermark call

by inv.git-commit＠tdk.com

From: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> Update watermark will be done inside the hwfifo_set_watermark callback just after the update_scan_mode. It is useless to do it here. Fixes: 7f85e42a6c54 ("iio: imu: inv_icm42600: add buffer support in iio devices") Cc: stable(a)vger.kernel.org Signed-off-by: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> --- drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c | 4 ---- drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c | 4 ---- 2 files changed, 8 deletions(-) diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c index 83d8504ebfff..4b2566693614 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c @@ -130,10 +130,6 @@ static int inv_icm42600_accel_update_scan_mode(struct iio_dev *indio_dev, /* update data FIFO write */ inv_sensors_timestamp_apply_odr(ts, 0, 0, 0); ret = inv_icm42600_buffer_set_fifo_en(st, fifo_en | st->fifo.en); - if (ret) - goto out_unlock; - - ret = inv_icm42600_buffer_update_watermark(st); out_unlock: mutex_unlock(&st->lock); diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c index e6f8de80128c..938af5b640b0 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c @@ -130,10 +130,6 @@ static int inv_icm42600_gyro_update_scan_mode(struct iio_dev *indio_dev, /* update data FIFO write */ inv_sensors_timestamp_apply_odr(ts, 0, 0, 0); ret = inv_icm42600_buffer_set_fifo_en(st, fifo_en | st->fifo.en); - if (ret) - goto out_unlock; - - ret = inv_icm42600_buffer_update_watermark(st); out_unlock: mutex_unlock(&st->lock); -- 2.34.1

1 year, 3 months

1
0
0 0

Re: [PATCH 6.9 000/427] 6.9.3-rc1 review

by Ronald Warsow

Hi Greg *no* regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

1 year, 3 months

1
0
0 0

Re: Patch "nilfs2: make superblock data array index computation sparse friendly" has been added to the 6.9-stable tree

by Ryusuke Konishi

On Mon, May 27, 2024 at 2:21 AM Sasha Levin wrote: > > This is a note to let you know that I've just added the patch titled > > nilfs2: make superblock data array index computation sparse friendly > > to the 6.9-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > nilfs2-make-superblock-data-array-index-computation-.patch > and it can be found in the queue-6.9 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit 5017482ff3b29550015cce7f81279dc69aefd6fe > Author: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> > Date: Tue Apr 30 17:00:19 2024 +0900 > > nilfs2: make superblock data array index computation sparse friendly > > [ Upstream commit 91d743a9c8299de1fc1b47428d8bb4c85face00f ] > > Upon running sparse, "warning: dubious: x & !y" is output at an array > index calculation within nilfs_load_super_block(). > > The calculation is not wrong, but to eliminate the sparse warning, replace > it with an equivalent calculation. > > Also, add a comment to make it easier to understand what the unintuitive > array index calculation is doing and whether it's correct. > > Link: https://lkml.kernel.org/r/20240430080019.4242-3-konishi.ryusuke@gmail.com > Fixes: e339ad31f599 ("nilfs2: introduce secondary super block") > Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> > Cc: Bart Van Assche <bvanassche(a)acm.org> > Cc: Jens Axboe <axboe(a)kernel.dk> > Cc: kernel test robot <lkp(a)intel.com> > Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/fs/nilfs2/the_nilfs.c b/fs/nilfs2/the_nilfs.c > index 2ae2c1bbf6d17..adbc6e87471ab 100644 > --- a/fs/nilfs2/the_nilfs.c > +++ b/fs/nilfs2/the_nilfs.c > @@ -592,7 +592,7 @@ static int nilfs_load_super_block(struct the_nilfs *nilfs, > struct nilfs_super_block **sbp = nilfs->ns_sbp; > struct buffer_head **sbh = nilfs->ns_sbh; > u64 sb2off, devsize = bdev_nr_bytes(nilfs->ns_bdev); > - int valid[2], swp = 0; > + int valid[2], swp = 0, older; > > if (devsize < NILFS_SEG_MIN_BLOCKS * NILFS_MIN_BLOCK_SIZE + 4096) { > nilfs_err(sb, "device size too small"); > @@ -648,9 +648,25 @@ static int nilfs_load_super_block(struct the_nilfs *nilfs, > if (swp) > nilfs_swap_super_block(nilfs); > > + /* > + * Calculate the array index of the older superblock data. > + * If one has been dropped, set index 0 pointing to the remaining one, > + * otherwise set index 1 pointing to the old one (including if both > + * are the same). > + * > + * Divided case valid[0] valid[1] swp -> older > + * ------------------------------------------------------------- > + * Both SBs are invalid 0 0 N/A (Error) > + * SB1 is invalid 0 1 1 0 > + * SB2 is invalid 1 0 0 0 > + * SB2 is newer 1 1 1 0 > + * SB2 is older or the same 1 1 0 1 > + */ > + older = valid[1] ^ swp; > + > nilfs->ns_sbwcount = 0; > nilfs->ns_sbwtime = le64_to_cpu(sbp[0]->s_wtime); > - nilfs->ns_prot_seq = le64_to_cpu(sbp[valid[1] & !swp]->s_last_seq); > + nilfs->ns_prot_seq = le64_to_cpu(sbp[older]->s_last_seq); > *sbpp = sbp[0]; > return 0; > } This commit fixes the sparse warning output by build "make C=1" with the sparse check, but does not fix any operational bugs. Therefore, if fixing a harmless sparse warning does not meet the requirements for backporting to stable trees (I assume it does), please drop it as it is a false positive pickup. Sorry if the "Fixes:" tag is confusing. The same goes for the same patch queued to other stable-trees. Thanks, Ryusuke Konishi

1 year, 3 months

2
1
0 0

FAILED: patch "[PATCH] ftrace: Fix possible use-after-free issue in" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x e60b613df8b6253def41215402f72986fee3fc8d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052700-ferry-breeder-caa8@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e60b613df8b6253def41215402f72986fee3fc8d Mon Sep 17 00:00:00 2001 From: Zheng Yejian <zhengyejian1(a)huawei.com> Date: Fri, 10 May 2024 03:28:59 +0800 Subject: [PATCH] ftrace: Fix possible use-after-free issue in ftrace_location() KASAN reports a bug: BUG: KASAN: use-after-free in ftrace_location+0x90/0x120 Read of size 8 at addr ffff888141d40010 by task insmod/424 CPU: 8 PID: 424 Comm: insmod Tainted: G W 6.9.0-rc2+ [...] Call Trace: <TASK> dump_stack_lvl+0x68/0xa0 print_report+0xcf/0x610 kasan_report+0xb5/0xe0 ftrace_location+0x90/0x120 register_kprobe+0x14b/0xa40 kprobe_init+0x2d/0xff0 [kprobe_example] do_one_initcall+0x8f/0x2d0 do_init_module+0x13a/0x3c0 load_module+0x3082/0x33d0 init_module_from_file+0xd2/0x130 __x64_sys_finit_module+0x306/0x440 do_syscall_64+0x68/0x140 entry_SYSCALL_64_after_hwframe+0x71/0x79 The root cause is that, in lookup_rec(), ftrace record of some address is being searched in ftrace pages of some module, but those ftrace pages at the same time is being freed in ftrace_release_mod() as the corresponding module is being deleted: CPU1 | CPU2 register_kprobes() { | delete_module() { check_kprobe_address_safe() { | arch_check_ftrace_location() { | ftrace_location() { | lookup_rec() // USE! | ftrace_release_mod() // Free! To fix this issue: 1. Hold rcu lock as accessing ftrace pages in ftrace_location_range(); 2. Use ftrace_location_range() instead of lookup_rec() in ftrace_location(); 3. Call synchronize_rcu() before freeing any ftrace pages both in ftrace_process_locs()/ftrace_release_mod()/ftrace_free_mem(). Link: https://lore.kernel.org/linux-trace-kernel/20240509192859.1273558-1-zhengye… Cc: stable(a)vger.kernel.org Cc: <mhiramat(a)kernel.org> Cc: <mark.rutland(a)arm.com> Cc: <mathieu.desnoyers(a)efficios.com> Fixes: ae6aa16fdc16 ("kprobes: introduce ftrace based optimization") Suggested-by: Steven Rostedt <rostedt(a)goodmis.org> Signed-off-by: Zheng Yejian <zhengyejian1(a)huawei.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c index 5a01d72f66db..2308c0a2fd29 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c @@ -1595,12 +1595,15 @@ static struct dyn_ftrace *lookup_rec(unsigned long start, unsigned long end) unsigned long ftrace_location_range(unsigned long start, unsigned long end) { struct dyn_ftrace *rec; + unsigned long ip = 0; + rcu_read_lock(); rec = lookup_rec(start, end); if (rec) - return rec->ip; + ip = rec->ip; + rcu_read_unlock(); - return 0; + return ip; } /** @@ -1614,25 +1617,22 @@ unsigned long ftrace_location_range(unsigned long start, unsigned long end) */ unsigned long ftrace_location(unsigned long ip) { - struct dyn_ftrace *rec; + unsigned long loc; unsigned long offset; unsigned long size; - rec = lookup_rec(ip, ip); - if (!rec) { + loc = ftrace_location_range(ip, ip); + if (!loc) { if (!kallsyms_lookup_size_offset(ip, &size, &offset)) goto out; /* map sym+0 to __fentry__ */ if (!offset) - rec = lookup_rec(ip, ip + size - 1); + loc = ftrace_location_range(ip, ip + size - 1); } - if (rec) - return rec->ip; - out: - return 0; + return loc; } /** @@ -6591,6 +6591,8 @@ static int ftrace_process_locs(struct module *mod, /* We should have used all pages unless we skipped some */ if (pg_unuse) { WARN_ON(!skipped); + /* Need to synchronize with ftrace_location_range() */ + synchronize_rcu(); ftrace_free_pages(pg_unuse); } return ret; @@ -6804,6 +6806,9 @@ void ftrace_release_mod(struct module *mod) out_unlock: mutex_unlock(&ftrace_lock); + /* Need to synchronize with ftrace_location_range() */ + if (tmp_page) + synchronize_rcu(); for (pg = tmp_page; pg; pg = tmp_page) { /* Needs to be called outside of ftrace_lock */ @@ -7137,6 +7142,7 @@ void ftrace_free_mem(struct module *mod, void *start_ptr, void *end_ptr) unsigned long start = (unsigned long)(start_ptr); unsigned long end = (unsigned long)(end_ptr); struct ftrace_page **last_pg = &ftrace_pages_start; + struct ftrace_page *tmp_page = NULL; struct ftrace_page *pg; struct dyn_ftrace *rec; struct dyn_ftrace key; @@ -7178,12 +7184,8 @@ void ftrace_free_mem(struct module *mod, void *start_ptr, void *end_ptr) ftrace_update_tot_cnt--; if (!pg->index) { *last_pg = pg->next; - if (pg->records) { - free_pages((unsigned long)pg->records, pg->order); - ftrace_number_of_pages -= 1 << pg->order; - } - ftrace_number_of_groups--; - kfree(pg); + pg->next = tmp_page; + tmp_page = pg; pg = container_of(last_pg, struct ftrace_page, next); if (!(*last_pg)) ftrace_pages = pg; @@ -7200,6 +7202,11 @@ void ftrace_free_mem(struct module *mod, void *start_ptr, void *end_ptr) clear_func_from_hashes(func); kfree(func); } + /* Need to synchronize with ftrace_location_range() */ + if (tmp_page) { + synchronize_rcu(); + ftrace_free_pages(tmp_page); + } } void __init ftrace_free_init_mem(void)

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] ftrace: Fix possible use-after-free issue in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x e60b613df8b6253def41215402f72986fee3fc8d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052759-earmark-vagrantly-05cf@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e60b613df8b6253def41215402f72986fee3fc8d Mon Sep 17 00:00:00 2001 From: Zheng Yejian <zhengyejian1(a)huawei.com> Date: Fri, 10 May 2024 03:28:59 +0800 Subject: [PATCH] ftrace: Fix possible use-after-free issue in ftrace_location() KASAN reports a bug: BUG: KASAN: use-after-free in ftrace_location+0x90/0x120 Read of size 8 at addr ffff888141d40010 by task insmod/424 CPU: 8 PID: 424 Comm: insmod Tainted: G W 6.9.0-rc2+ [...] Call Trace: <TASK> dump_stack_lvl+0x68/0xa0 print_report+0xcf/0x610 kasan_report+0xb5/0xe0 ftrace_location+0x90/0x120 register_kprobe+0x14b/0xa40 kprobe_init+0x2d/0xff0 [kprobe_example] do_one_initcall+0x8f/0x2d0 do_init_module+0x13a/0x3c0 load_module+0x3082/0x33d0 init_module_from_file+0xd2/0x130 __x64_sys_finit_module+0x306/0x440 do_syscall_64+0x68/0x140 entry_SYSCALL_64_after_hwframe+0x71/0x79 The root cause is that, in lookup_rec(), ftrace record of some address is being searched in ftrace pages of some module, but those ftrace pages at the same time is being freed in ftrace_release_mod() as the corresponding module is being deleted: CPU1 | CPU2 register_kprobes() { | delete_module() { check_kprobe_address_safe() { | arch_check_ftrace_location() { | ftrace_location() { | lookup_rec() // USE! | ftrace_release_mod() // Free! To fix this issue: 1. Hold rcu lock as accessing ftrace pages in ftrace_location_range(); 2. Use ftrace_location_range() instead of lookup_rec() in ftrace_location(); 3. Call synchronize_rcu() before freeing any ftrace pages both in ftrace_process_locs()/ftrace_release_mod()/ftrace_free_mem(). Link: https://lore.kernel.org/linux-trace-kernel/20240509192859.1273558-1-zhengye… Cc: stable(a)vger.kernel.org Cc: <mhiramat(a)kernel.org> Cc: <mark.rutland(a)arm.com> Cc: <mathieu.desnoyers(a)efficios.com> Fixes: ae6aa16fdc16 ("kprobes: introduce ftrace based optimization") Suggested-by: Steven Rostedt <rostedt(a)goodmis.org> Signed-off-by: Zheng Yejian <zhengyejian1(a)huawei.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c index 5a01d72f66db..2308c0a2fd29 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c @@ -1595,12 +1595,15 @@ static struct dyn_ftrace *lookup_rec(unsigned long start, unsigned long end) unsigned long ftrace_location_range(unsigned long start, unsigned long end) { struct dyn_ftrace *rec; + unsigned long ip = 0; + rcu_read_lock(); rec = lookup_rec(start, end); if (rec) - return rec->ip; + ip = rec->ip; + rcu_read_unlock(); - return 0; + return ip; } /** @@ -1614,25 +1617,22 @@ unsigned long ftrace_location_range(unsigned long start, unsigned long end) */ unsigned long ftrace_location(unsigned long ip) { - struct dyn_ftrace *rec; + unsigned long loc; unsigned long offset; unsigned long size; - rec = lookup_rec(ip, ip); - if (!rec) { + loc = ftrace_location_range(ip, ip); + if (!loc) { if (!kallsyms_lookup_size_offset(ip, &size, &offset)) goto out; /* map sym+0 to __fentry__ */ if (!offset) - rec = lookup_rec(ip, ip + size - 1); + loc = ftrace_location_range(ip, ip + size - 1); } - if (rec) - return rec->ip; - out: - return 0; + return loc; } /** @@ -6591,6 +6591,8 @@ static int ftrace_process_locs(struct module *mod, /* We should have used all pages unless we skipped some */ if (pg_unuse) { WARN_ON(!skipped); + /* Need to synchronize with ftrace_location_range() */ + synchronize_rcu(); ftrace_free_pages(pg_unuse); } return ret; @@ -6804,6 +6806,9 @@ void ftrace_release_mod(struct module *mod) out_unlock: mutex_unlock(&ftrace_lock); + /* Need to synchronize with ftrace_location_range() */ + if (tmp_page) + synchronize_rcu(); for (pg = tmp_page; pg; pg = tmp_page) { /* Needs to be called outside of ftrace_lock */ @@ -7137,6 +7142,7 @@ void ftrace_free_mem(struct module *mod, void *start_ptr, void *end_ptr) unsigned long start = (unsigned long)(start_ptr); unsigned long end = (unsigned long)(end_ptr); struct ftrace_page **last_pg = &ftrace_pages_start; + struct ftrace_page *tmp_page = NULL; struct ftrace_page *pg; struct dyn_ftrace *rec; struct dyn_ftrace key; @@ -7178,12 +7184,8 @@ void ftrace_free_mem(struct module *mod, void *start_ptr, void *end_ptr) ftrace_update_tot_cnt--; if (!pg->index) { *last_pg = pg->next; - if (pg->records) { - free_pages((unsigned long)pg->records, pg->order); - ftrace_number_of_pages -= 1 << pg->order; - } - ftrace_number_of_groups--; - kfree(pg); + pg->next = tmp_page; + tmp_page = pg; pg = container_of(last_pg, struct ftrace_page, next); if (!(*last_pg)) ftrace_pages = pg; @@ -7200,6 +7202,11 @@ void ftrace_free_mem(struct module *mod, void *start_ptr, void *end_ptr) clear_func_from_hashes(func); kfree(func); } + /* Need to synchronize with ftrace_location_range() */ + if (tmp_page) { + synchronize_rcu(); + ftrace_free_pages(tmp_page); + } } void __init ftrace_free_init_mem(void)

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] ftrace: Fix possible use-after-free issue in" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x e60b613df8b6253def41215402f72986fee3fc8d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052758-tweezers-sassy-6775@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e60b613df8b6253def41215402f72986fee3fc8d Mon Sep 17 00:00:00 2001 From: Zheng Yejian <zhengyejian1(a)huawei.com> Date: Fri, 10 May 2024 03:28:59 +0800 Subject: [PATCH] ftrace: Fix possible use-after-free issue in ftrace_location() KASAN reports a bug: BUG: KASAN: use-after-free in ftrace_location+0x90/0x120 Read of size 8 at addr ffff888141d40010 by task insmod/424 CPU: 8 PID: 424 Comm: insmod Tainted: G W 6.9.0-rc2+ [...] Call Trace: <TASK> dump_stack_lvl+0x68/0xa0 print_report+0xcf/0x610 kasan_report+0xb5/0xe0 ftrace_location+0x90/0x120 register_kprobe+0x14b/0xa40 kprobe_init+0x2d/0xff0 [kprobe_example] do_one_initcall+0x8f/0x2d0 do_init_module+0x13a/0x3c0 load_module+0x3082/0x33d0 init_module_from_file+0xd2/0x130 __x64_sys_finit_module+0x306/0x440 do_syscall_64+0x68/0x140 entry_SYSCALL_64_after_hwframe+0x71/0x79 The root cause is that, in lookup_rec(), ftrace record of some address is being searched in ftrace pages of some module, but those ftrace pages at the same time is being freed in ftrace_release_mod() as the corresponding module is being deleted: CPU1 | CPU2 register_kprobes() { | delete_module() { check_kprobe_address_safe() { | arch_check_ftrace_location() { | ftrace_location() { | lookup_rec() // USE! | ftrace_release_mod() // Free! To fix this issue: 1. Hold rcu lock as accessing ftrace pages in ftrace_location_range(); 2. Use ftrace_location_range() instead of lookup_rec() in ftrace_location(); 3. Call synchronize_rcu() before freeing any ftrace pages both in ftrace_process_locs()/ftrace_release_mod()/ftrace_free_mem(). Link: https://lore.kernel.org/linux-trace-kernel/20240509192859.1273558-1-zhengye… Cc: stable(a)vger.kernel.org Cc: <mhiramat(a)kernel.org> Cc: <mark.rutland(a)arm.com> Cc: <mathieu.desnoyers(a)efficios.com> Fixes: ae6aa16fdc16 ("kprobes: introduce ftrace based optimization") Suggested-by: Steven Rostedt <rostedt(a)goodmis.org> Signed-off-by: Zheng Yejian <zhengyejian1(a)huawei.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c index 5a01d72f66db..2308c0a2fd29 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c @@ -1595,12 +1595,15 @@ static struct dyn_ftrace *lookup_rec(unsigned long start, unsigned long end) unsigned long ftrace_location_range(unsigned long start, unsigned long end) { struct dyn_ftrace *rec; + unsigned long ip = 0; + rcu_read_lock(); rec = lookup_rec(start, end); if (rec) - return rec->ip; + ip = rec->ip; + rcu_read_unlock(); - return 0; + return ip; } /** @@ -1614,25 +1617,22 @@ unsigned long ftrace_location_range(unsigned long start, unsigned long end) */ unsigned long ftrace_location(unsigned long ip) { - struct dyn_ftrace *rec; + unsigned long loc; unsigned long offset; unsigned long size; - rec = lookup_rec(ip, ip); - if (!rec) { + loc = ftrace_location_range(ip, ip); + if (!loc) { if (!kallsyms_lookup_size_offset(ip, &size, &offset)) goto out; /* map sym+0 to __fentry__ */ if (!offset) - rec = lookup_rec(ip, ip + size - 1); + loc = ftrace_location_range(ip, ip + size - 1); } - if (rec) - return rec->ip; - out: - return 0; + return loc; } /** @@ -6591,6 +6591,8 @@ static int ftrace_process_locs(struct module *mod, /* We should have used all pages unless we skipped some */ if (pg_unuse) { WARN_ON(!skipped); + /* Need to synchronize with ftrace_location_range() */ + synchronize_rcu(); ftrace_free_pages(pg_unuse); } return ret; @@ -6804,6 +6806,9 @@ void ftrace_release_mod(struct module *mod) out_unlock: mutex_unlock(&ftrace_lock); + /* Need to synchronize with ftrace_location_range() */ + if (tmp_page) + synchronize_rcu(); for (pg = tmp_page; pg; pg = tmp_page) { /* Needs to be called outside of ftrace_lock */ @@ -7137,6 +7142,7 @@ void ftrace_free_mem(struct module *mod, void *start_ptr, void *end_ptr) unsigned long start = (unsigned long)(start_ptr); unsigned long end = (unsigned long)(end_ptr); struct ftrace_page **last_pg = &ftrace_pages_start; + struct ftrace_page *tmp_page = NULL; struct ftrace_page *pg; struct dyn_ftrace *rec; struct dyn_ftrace key; @@ -7178,12 +7184,8 @@ void ftrace_free_mem(struct module *mod, void *start_ptr, void *end_ptr) ftrace_update_tot_cnt--; if (!pg->index) { *last_pg = pg->next; - if (pg->records) { - free_pages((unsigned long)pg->records, pg->order); - ftrace_number_of_pages -= 1 << pg->order; - } - ftrace_number_of_groups--; - kfree(pg); + pg->next = tmp_page; + tmp_page = pg; pg = container_of(last_pg, struct ftrace_page, next); if (!(*last_pg)) ftrace_pages = pg; @@ -7200,6 +7202,11 @@ void ftrace_free_mem(struct module *mod, void *start_ptr, void *end_ptr) clear_func_from_hashes(func); kfree(func); } + /* Need to synchronize with ftrace_location_range() */ + if (tmp_page) { + synchronize_rcu(); + ftrace_free_pages(tmp_page); + } } void __init ftrace_free_init_mem(void)

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] ftrace: Fix possible use-after-free issue in" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x e60b613df8b6253def41215402f72986fee3fc8d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024052757-fantasy-resent-77c6@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e60b613df8b6253def41215402f72986fee3fc8d Mon Sep 17 00:00:00 2001 From: Zheng Yejian <zhengyejian1(a)huawei.com> Date: Fri, 10 May 2024 03:28:59 +0800 Subject: [PATCH] ftrace: Fix possible use-after-free issue in ftrace_location() KASAN reports a bug: BUG: KASAN: use-after-free in ftrace_location+0x90/0x120 Read of size 8 at addr ffff888141d40010 by task insmod/424 CPU: 8 PID: 424 Comm: insmod Tainted: G W 6.9.0-rc2+ [...] Call Trace: <TASK> dump_stack_lvl+0x68/0xa0 print_report+0xcf/0x610 kasan_report+0xb5/0xe0 ftrace_location+0x90/0x120 register_kprobe+0x14b/0xa40 kprobe_init+0x2d/0xff0 [kprobe_example] do_one_initcall+0x8f/0x2d0 do_init_module+0x13a/0x3c0 load_module+0x3082/0x33d0 init_module_from_file+0xd2/0x130 __x64_sys_finit_module+0x306/0x440 do_syscall_64+0x68/0x140 entry_SYSCALL_64_after_hwframe+0x71/0x79 The root cause is that, in lookup_rec(), ftrace record of some address is being searched in ftrace pages of some module, but those ftrace pages at the same time is being freed in ftrace_release_mod() as the corresponding module is being deleted: CPU1 | CPU2 register_kprobes() { | delete_module() { check_kprobe_address_safe() { | arch_check_ftrace_location() { | ftrace_location() { | lookup_rec() // USE! | ftrace_release_mod() // Free! To fix this issue: 1. Hold rcu lock as accessing ftrace pages in ftrace_location_range(); 2. Use ftrace_location_range() instead of lookup_rec() in ftrace_location(); 3. Call synchronize_rcu() before freeing any ftrace pages both in ftrace_process_locs()/ftrace_release_mod()/ftrace_free_mem(). Link: https://lore.kernel.org/linux-trace-kernel/20240509192859.1273558-1-zhengye… Cc: stable(a)vger.kernel.org Cc: <mhiramat(a)kernel.org> Cc: <mark.rutland(a)arm.com> Cc: <mathieu.desnoyers(a)efficios.com> Fixes: ae6aa16fdc16 ("kprobes: introduce ftrace based optimization") Suggested-by: Steven Rostedt <rostedt(a)goodmis.org> Signed-off-by: Zheng Yejian <zhengyejian1(a)huawei.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c index 5a01d72f66db..2308c0a2fd29 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c @@ -1595,12 +1595,15 @@ static struct dyn_ftrace *lookup_rec(unsigned long start, unsigned long end) unsigned long ftrace_location_range(unsigned long start, unsigned long end) { struct dyn_ftrace *rec; + unsigned long ip = 0; + rcu_read_lock(); rec = lookup_rec(start, end); if (rec) - return rec->ip; + ip = rec->ip; + rcu_read_unlock(); - return 0; + return ip; } /** @@ -1614,25 +1617,22 @@ unsigned long ftrace_location_range(unsigned long start, unsigned long end) */ unsigned long ftrace_location(unsigned long ip) { - struct dyn_ftrace *rec; + unsigned long loc; unsigned long offset; unsigned long size; - rec = lookup_rec(ip, ip); - if (!rec) { + loc = ftrace_location_range(ip, ip); + if (!loc) { if (!kallsyms_lookup_size_offset(ip, &size, &offset)) goto out; /* map sym+0 to __fentry__ */ if (!offset) - rec = lookup_rec(ip, ip + size - 1); + loc = ftrace_location_range(ip, ip + size - 1); } - if (rec) - return rec->ip; - out: - return 0; + return loc; } /** @@ -6591,6 +6591,8 @@ static int ftrace_process_locs(struct module *mod, /* We should have used all pages unless we skipped some */ if (pg_unuse) { WARN_ON(!skipped); + /* Need to synchronize with ftrace_location_range() */ + synchronize_rcu(); ftrace_free_pages(pg_unuse); } return ret; @@ -6804,6 +6806,9 @@ void ftrace_release_mod(struct module *mod) out_unlock: mutex_unlock(&ftrace_lock); + /* Need to synchronize with ftrace_location_range() */ + if (tmp_page) + synchronize_rcu(); for (pg = tmp_page; pg; pg = tmp_page) { /* Needs to be called outside of ftrace_lock */ @@ -7137,6 +7142,7 @@ void ftrace_free_mem(struct module *mod, void *start_ptr, void *end_ptr) unsigned long start = (unsigned long)(start_ptr); unsigned long end = (unsigned long)(end_ptr); struct ftrace_page **last_pg = &ftrace_pages_start; + struct ftrace_page *tmp_page = NULL; struct ftrace_page *pg; struct dyn_ftrace *rec; struct dyn_ftrace key; @@ -7178,12 +7184,8 @@ void ftrace_free_mem(struct module *mod, void *start_ptr, void *end_ptr) ftrace_update_tot_cnt--; if (!pg->index) { *last_pg = pg->next; - if (pg->records) { - free_pages((unsigned long)pg->records, pg->order); - ftrace_number_of_pages -= 1 << pg->order; - } - ftrace_number_of_groups--; - kfree(pg); + pg->next = tmp_page; + tmp_page = pg; pg = container_of(last_pg, struct ftrace_page, next); if (!(*last_pg)) ftrace_pages = pg; @@ -7200,6 +7202,11 @@ void ftrace_free_mem(struct module *mod, void *start_ptr, void *end_ptr) clear_func_from_hashes(func); kfree(func); } + /* Need to synchronize with ftrace_location_range() */ + if (tmp_page) { + synchronize_rcu(); + ftrace_free_pages(tmp_page); + } } void __init ftrace_free_init_mem(void)

1 year, 3 months

1
0
0 0

[PATCH 6.8.y] sunrpc: use the struct net as the svc proc private

by cel＠kernel.org

From: Josef Bacik <josef(a)toxicpanda.com> [ Upstream commit 418b9687dece5bd763c09b5c27a801a7e3387be9 ] nfsd is the only thing using this helper, and it doesn't use the private currently. When we switch to per-network namespace stats we will need the struct net * in order to get to the nfsd_net. Use the net as the proc private so we can utilize this when we make the switch over. Signed-off-by: Josef Bacik <josef(a)toxicpanda.com> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> --- net/sunrpc/stats.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) This pre-requisite is needed for upstream commit 4b14885411f7 ("nfsd: make all of the nfsd stats per-network namespace"). diff --git a/net/sunrpc/stats.c b/net/sunrpc/stats.c index 65fc1297c6df..383860cb1d5b 100644 --- a/net/sunrpc/stats.c +++ b/net/sunrpc/stats.c @@ -314,7 +314,7 @@ EXPORT_SYMBOL_GPL(rpc_proc_unregister); struct proc_dir_entry * svc_proc_register(struct net *net, struct svc_stat *statp, const struct proc_ops *proc_ops) { - return do_register(net, statp->program->pg_name, statp, proc_ops); + return do_register(net, statp->program->pg_name, net, proc_ops); } EXPORT_SYMBOL_GPL(svc_proc_register); -- 2.45.1

1 year, 3 months

2
1
0 0

x86/tsc: Trust initial offset in architectural TSC-adjust MSRs

by Daniel J Blueman

On present kernels, HPET fallback occurs on some 8-16 socket x86 systems due to the TSC adjust architectural MSR not being respected. This was fixed upstream in commit 455f9075f14484f358b3c1d6845b4a438de198a7. Please backport this fix to -stable for 6.9, 6.8, 6.6, 6.1, 5.15, 5.10, 5.4 and 4.19 branches to allow correct TSC operation on existing distros using these kernels. The patch cleanly applies to all of these latest -stable branches. Many thanks, Daniel -- Daniel J Blueman

1 year, 3 months

2
1
0 0

[PATCH v3] kcov, usb: disable interrupts in kcov_remote_start_usb_softirq

by andrey.konovalov＠linux.dev

From: Andrey Konovalov <andreyknvl(a)gmail.com> After commit 8fea0c8fda30 ("usb: core: hcd: Convert from tasklet to BH workqueue"), usb_giveback_urb_bh() runs in the BH workqueue with interrupts enabled. Thus, the remote coverage collection section in usb_giveback_urb_bh()-> __usb_hcd_giveback_urb() might be interrupted, and the interrupt handler might invoke __usb_hcd_giveback_urb() again. This breaks KCOV, as it does not support nested remote coverage collection sections within the same context (neither in task nor in softirq). Update kcov_remote_start/stop_usb_softirq() to disable interrupts for the duration of the coverage collection section to avoid nested sections in the softirq context (in addition to such in the task context, which are already handled). Reported-by: Tetsuo Handa <penguin-kernel(a)i-love.sakura.ne.jp> Closes: https://lore.kernel.org/linux-usb/0f4d1964-7397-485b-bc48-11c01e2fcbca@I-lo… Closes: https://syzkaller.appspot.com/bug?extid=0438378d6f157baae1a2 Suggested-by: Alan Stern <stern(a)rowland.harvard.edu> Fixes: 8fea0c8fda30 ("usb: core: hcd: Convert from tasklet to BH workqueue") Cc: stable(a)vger.kernel.org Acked-by: Dmitry Vyukov <dvyukov(a)google.com> Signed-off-by: Andrey Konovalov <andreyknvl(a)gmail.com> --- Changes v2->v3: - Cc: stable(a)vger.kernel.org. --- drivers/usb/core/hcd.c | 12 ++++++----- include/linux/kcov.h | 47 ++++++++++++++++++++++++++++++++++-------- 2 files changed, 45 insertions(+), 14 deletions(-) diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c index c0e005670d67..fb1aa0d4fc28 100644 --- a/drivers/usb/core/hcd.c +++ b/drivers/usb/core/hcd.c @@ -1623,6 +1623,7 @@ static void __usb_hcd_giveback_urb(struct urb *urb) struct usb_hcd *hcd = bus_to_hcd(urb->dev->bus); struct usb_anchor *anchor = urb->anchor; int status = urb->unlinked; + unsigned long flags; urb->hcpriv = NULL; if (unlikely((urb->transfer_flags & URB_SHORT_NOT_OK) && @@ -1640,13 +1641,14 @@ static void __usb_hcd_giveback_urb(struct urb *urb) /* pass ownership to the completion handler */ urb->status = status; /* - * This function can be called in task context inside another remote - * coverage collection section, but kcov doesn't support that kind of - * recursion yet. Only collect coverage in softirq context for now. + * Only collect coverage in the softirq context and disable interrupts + * to avoid scenarios with nested remote coverage collection sections + * that KCOV does not support. + * See the comment next to kcov_remote_start_usb_softirq() for details. */ - kcov_remote_start_usb_softirq((u64)urb->dev->bus->busnum); + flags = kcov_remote_start_usb_softirq((u64)urb->dev->bus->busnum); urb->complete(urb); - kcov_remote_stop_softirq(); + kcov_remote_stop_softirq(flags); usb_anchor_resume_wakeups(anchor); atomic_dec(&urb->use_count); diff --git a/include/linux/kcov.h b/include/linux/kcov.h index b851ba415e03..1068a7318d89 100644 --- a/include/linux/kcov.h +++ b/include/linux/kcov.h @@ -55,21 +55,47 @@ static inline void kcov_remote_start_usb(u64 id) /* * The softirq flavor of kcov_remote_*() functions is introduced as a temporary - * work around for kcov's lack of nested remote coverage sections support in - * task context. Adding support for nested sections is tracked in: - * https://bugzilla.kernel.org/show_bug.cgi?id=210337 + * workaround for KCOV's lack of nested remote coverage sections support. + * + * Adding support is tracked in https://bugzilla.kernel.org/show_bug.cgi?id=210337. + * + * kcov_remote_start_usb_softirq(): + * + * 1. Only collects coverage when called in the softirq context. This allows + * avoiding nested remote coverage collection sections in the task context. + * For example, USB/IP calls usb_hcd_giveback_urb() in the task context + * within an existing remote coverage collection section. Thus, KCOV should + * not attempt to start collecting coverage within the coverage collection + * section in __usb_hcd_giveback_urb() in this case. + * + * 2. Disables interrupts for the duration of the coverage collection section. + * This allows avoiding nested remote coverage collection sections in the + * softirq context (a softirq might occur during the execution of a work in + * the BH workqueue, which runs with in_serving_softirq() > 0). + * For example, usb_giveback_urb_bh() runs in the BH workqueue with + * interrupts enabled, so __usb_hcd_giveback_urb() might be interrupted in + * the middle of its remote coverage collection section, and the interrupt + * handler might invoke __usb_hcd_giveback_urb() again. */ -static inline void kcov_remote_start_usb_softirq(u64 id) +static inline unsigned long kcov_remote_start_usb_softirq(u64 id) { - if (in_serving_softirq()) + unsigned long flags = 0; + + if (in_serving_softirq()) { + local_irq_save(flags); kcov_remote_start_usb(id); + } + + return flags; } -static inline void kcov_remote_stop_softirq(void) +static inline void kcov_remote_stop_softirq(unsigned long flags) { - if (in_serving_softirq()) + if (in_serving_softirq()) { kcov_remote_stop(); + local_irq_restore(flags); + } } #ifdef CONFIG_64BIT @@ -103,8 +129,11 @@ static inline u64 kcov_common_handle(void) } static inline void kcov_remote_start_common(u64 id) {} static inline void kcov_remote_start_usb(u64 id) {} -static inline void kcov_remote_start_usb_softirq(u64 id) {} -static inline void kcov_remote_stop_softirq(void) {} +static inline unsigned long kcov_remote_start_usb_softirq(u64 id) +{ + return 0; +} +static inline void kcov_remote_stop_softirq(unsigned long flags) {} #endif /* CONFIG_KCOV */ #endif /* _LINUX_KCOV_H */ -- 2.25.1

1 year, 3 months

1
0
0 0

Re: [regression] nfsstat/nfsd crash system "general protection fault, probably for non-canonical address ..." after 6.8.9->6.8.10 update

by Linux regression tracking (Thorsten Leemhuis)

[CCing Greg and stable and regressions list] Hi, Thorsten here, the Linux kernel's regression tracker. Top-posting for once, to make this easily accessible to everyone. Please correct me if I'm wrong, but since 6.8.10 we afaics have below regression report about a general protection fault as well as two reports about NFSd related NULL pointer dereferences[1] that got some attention[2]. From a quick look I saw no fixes for those queued for the next 6.8.y release. And the series might be EOL soon. Hmmm. That sounds not really good. Is there some easy way to fix this? Chuck, you earlier mentioned (see quote below) that Greg pulled in three changes as dep into 6.8.10 that might be unneeded. Might reverting all three be the best way forward? Ciao, Thorsten [1] https://lore.kernel.org/all/CAK2bqVJoT3yy2m0OmTnqH9EAKkj6O1iTk42EyyMtvvxKh6… and https://lore.kernel.org/all/A8DQDS.ZXN0FMYZ3DIM1@gmail.com/ [2] https://x.com/spendergrsec/status/1793489498443252143 On 24.05.24 20:21, Chuck Lever III wrote: >> On May 24, 2024, at 4:59 AM, Jaroslav Pulchart <jaroslav.pulchart(a)gooddata.com> wrote: >> >>> >>>> >>>> On Wed, May 22, 2024 at 04:36:57AM -0400, Jaroslav Pulchart wrote: >>>>> Hello, >>>>> >>>>> I would like to report some issue causing a "general protection fault" >>>>> crash (constantly) after we updated the kernel from 6.8.9 to 6.8.10. >>>>> This is triggered when monitoring is using nfsstat on a server where >>>>> nfsd is running. >>>>> >>>>> [ 3049.260633] general protection fault, probably for non-canonical >>>>> address 0x66fb103e19e9cc89: 0000 [#1] PREEMPT SMP NOPTI >>>>> [ 3049.261628] CPU: 22 PID: 74991 Comm: nfsstat Tainted: G >>>>> E 6.8.10-1.gdc.el9.x86_64 #1 >>>>> [ 3049.262336] Hardware name: RDO OpenStack Compute/RHEL, BIOS >>>>> edk2-20240214-2.el9 02/14/2024 >>>>> [ 3049.263003] RIP: 0010:_raw_spin_lock_irqsave+0x19/0x40 >>>>> [ 3049.263487] Code: cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 >>>>> 90 0f 1f 44 00 00 41 54 9c 41 5c fa 65 ff 05 a6 92 f5 42 31 c0 ba 01 >>>>> 00 00 00 <f0> 0f b1 17 75 0a 4c 89 e0 41 5c c3 cc cc cc cc 89 c6 e8 d0 >>>>> 07 00 >>>>> [ 3049.264882] RSP: 0018:ffffb1bca6b9bd00 EFLAGS: 00010046 >>>>> [ 3049.265365] RAX: 0000000000000000 RBX: 66fb103e19e9c989 RCX: 0000000000000001 >>>>> [ 3049.265953] RDX: 0000000000000001 RSI: 0000000000000001 RDI: 66fb103e19e9cc89 >>>>> [ 3049.266542] RBP: ffffffffc15df280 R08: 0000000000000001 R09: ffffa049a1785cb8 >>>>> [ 3049.267112] R10: ffffb1bca6b9bd70 R11: ffffa04964e49000 R12: 0000000000000246 >>>>> [ 3049.267702] R13: 66fb103e19e9cc89 R14: ffffa048445590a0 R15: 0000000000000001 >>>>> [ 3049.268278] FS: 00007fa3ddf03740(0000) GS:ffffa05703d00000(0000) >>>>> knlGS:0000000000000000 >>>>> [ 3049.268928] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 >>>>> [ 3049.269443] CR2: 00007fa3dddfca50 CR3: 0000000342d1e004 CR4: 0000000000770ef0 >>>>> [ 3049.270025] PKRU: 55555554 >>>>> [ 3049.270371] Call Trace: >>>>> [ 3049.270723] <TASK> >>>>> [ 3049.271035] ? die_addr+0x33/0x90 >>>>> [ 3049.271423] ? exc_general_protection+0x1ea/0x450 >>>>> [ 3049.271879] ? asm_exc_general_protection+0x22/0x30 >>>>> [ 3049.272344] ? _raw_spin_lock_irqsave+0x19/0x40 >>>>> [ 3049.272803] __percpu_counter_sum+0xd/0x70 >>>>> [ 3049.273219] nfsd_show+0x4f/0x1d0 [nfsd] >>>>> [ 3049.273666] seq_read_iter+0x11d/0x4d0 >>>>> [ 3049.274073] ? avc_has_perm+0x42/0xc0 >>>>> [ 3049.274489] seq_read+0xfe/0x140 >>>>> [ 3049.274866] proc_reg_read+0x56/0xa0 >>>>> [ 3049.275257] vfs_read+0xa7/0x340 >>>>> [ 3049.275647] ? __do_sys_newfstat+0x57/0x60 >>>>> [ 3049.276059] ksys_read+0x5f/0xe0 >>>>> [ 3049.276439] do_syscall_64+0x5e/0x170 >>>>> [ 3049.276836] entry_SYSCALL_64_after_hwframe+0x78/0x80 >>>>> [ 3049.277296] RIP: 0033:0x7fa3ddcfd9b2 >>>>> [ 3049.277719] Code: c0 e9 b2 fe ff ff 50 48 8d 3d ea 1d 0c 00 e8 c5 >>>>> fd 01 00 0f 1f 44 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 >>>>> 10 0f 05 <48> 3d 00 f0 ff ff 77 56 c3 0f 1f 44 00 00 48 83 ec 28 48 89 >>>>> 54 24 >>>>> [ 3049.279139] RSP: 002b:00007ffd930672e8 EFLAGS: 00000246 ORIG_RAX: >>>>> 0000000000000000 >>>>> [ 3049.279788] RAX: ffffffffffffffda RBX: 0000555ded47c2a0 RCX: 00007fa3ddcfd9b2 >>>>> [ 3049.280402] RDX: 0000000000000400 RSI: 0000555ded47c480 RDI: 0000000000000003 >>>>> [ 3049.281046] RBP: 00007fa3dddf75e0 R08: 0000000000000003 R09: 0000000000000077 >>>>> [ 3049.281673] R10: 000000000000005d R11: 0000000000000246 R12: 0000555ded47c2a0 >>>>> [ 3049.282307] R13: 0000000000000d68 R14: 00007fa3dddf69e0 R15: 0000000000000d68 >>>>> [ 3049.282928] </TASK> >>>>> [ 3049.283310] Modules linked in: mptcp_diag(E) xsk_diag(E) >>>>> raw_diag(E) unix_diag(E) af_packet_diag(E) netlink_diag(E) udp_diag(E) >>>>> tcp_diag(E) inet_diag(E) tun(E) br_netfilter(E) bridge(E) stp(E) >>>>> llc(E) nfsd(E) auth_rpcgss(E) nfs_acl(E) lockd(E) grace(E) sunrpc(E) >>>>> nf_conntrack(E) nf_defrag_ipv6(E) nf_defrag_ipv4(E) binfmt_misc(E) >>>>> zram(E) tls(E) isofs(E) vfat(E) fat(E) intel_rapl_msr(E) >>>>> intel_rapl_common(E) kvm_amd(E) ccp(E) kvm(E) irqbypass(E) >>>>> virtio_net(E) i2c_i801(E) virtio_gpu(E) i2c_smbus(E) net_failover(E) >>>>> virtio_balloon(E) failover(E) virtio_dma_buf(E) fuse(E) ext4(E) >>>>> mbcache(E) jbd2(E) sr_mod(E) cdrom(E) sg(E) ahci(E) libahci(E) >>>>> crct10dif_pclmul(E) crc32_pclmul(Ea) polyval_clmulni(E) >>>>> polyval_generic(E) libata(E) ghash_clmulni_intel(E) sha512_ssse3(E) >>>>> virtio_blk(E) serio_raw(E) btrfs(E) xor(E) zstd_compress(E) >>>>> raid6_pq(E) libcrc32c(E) crc32c_intel(E) dm_mirror(E) >>>>> dm_region_hash(E) dm_log(E) dm_mod(E) >>>>> [ 3049.283345] Unloaded tainted modules: edac_mce_amd(E):1 padlock_aes(E) >>>>> >>>>> Any suggestion on how to fix it is appreciated. >>>> >>>> Bisect between v6.8.9 and v6.8.10 would give us the exact point >>>> where the failures were introduced. >>>> >>>> I see that GregKH pulled in: >>>> >>>> 26a0ddb04230 ("nfsd: rename NFSD_NET_* to NFSD_STATS_*") >>>> b7b05f98f3f0 ("nfsd: expose /proc/net/sunrpc/nfsd in net namespaces") >>>> abf5fb593c90 ("nfsd: make all of the nfsd stats per-network namespace") >>>> >>>> for v6.8.10 as a Stable-Dep-of: 18180a4550d0 ("NFSD: Fix nfsd4_encode_fattr4() crasher") >>>> >>>> Which is a little baffling, I don't see how those two change sets >>>> are mechanically related to each other. But I suspect the culprit is >>>> one of those three stat-related patches. >>>> >>>> >>>> -- >>>> Chuck Lever >>> >>> >>> Hello, >>> >>> I run bisecting. It was easy to reproduce, simple execution of >>> "nfsstat" from terminal stuck the server: >>> >>> abf5fb593c90d3ab55d6cf1dea7bec8ee0bf3566 is the first bad commit >>> >>> >>> $ git bisect bad >>> abf5fb593c90d3ab55d6cf1dea7bec8ee0bf3566 is the first bad commit >>> commit abf5fb593c90d3ab55d6cf1dea7bec8ee0bf3566 (HEAD) >>> Author: Josef Bacik <josef(a)toxicpanda.com> >>> Date: Fri Jan 26 10:39:47 2024 -0500 >>> >>> nfsd: make all of the nfsd stats per-network namespace >>> >>> [ Upstream commit 4b14885411f74b2b0ce0eb2b39d0fffe54e5ca0d ] >>> >>> We have a global set of counters that we modify for all of the nfsd >>> operations, but now that we're exposing these stats across all network >>> namespaces we need to make the stats also be per-network namespace. We >>> already have some caching stats that are per-network namespace, so move >>> these definitions into the same counter and then adjust all the helpers >>> and users of these stats to provide the appropriate nfsd_net struct so >>> that the stats are maintained for the per-network namespace objects. >>> >>> Signed-off-by: Josef Bacik <josef(a)toxicpanda.com> >>> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> >>> Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> >>> Stable-dep-of: 18180a4550d0 ("NFSD: Fix nfsd4_encode_fattr4() crasher") >>> Signed-off-by: Sasha Levin <sashal(a)kernel.org> >>> >>> fs/nfsd/cache.h | 2 -- >>> fs/nfsd/netns.h | 17 +++++++++++++++-- >>> fs/nfsd/nfs4proc.c | 6 +++--- >>> fs/nfsd/nfs4state.c | 3 ++- >>> fs/nfsd/nfscache.c | 36 +++++++----------------------------- >>> fs/nfsd/nfsctl.c | 12 +++--------- >>> fs/nfsd/nfsfh.c | 3 ++- >>> fs/nfsd/stats.c | 26 ++++++++++++++------------ >>> fs/nfsd/stats.h | 54 +++++++++++++++++++----------------------------------- >>> fs/nfsd/vfs.c | 6 ++++-- >>> 10 files changed, 69 insertions(+), 96 deletions(-) >>> >>> $ git bisect log >>> git bisect start >>> # status: waiting for both good and bad commits >>> # good: [f3d61438b613b87afb63118bea6fb18c50ba7a6b] Linux 6.8.9 >>> git bisect good f3d61438b613b87afb63118bea6fb18c50ba7a6b >>> # status: waiting for bad commit, 1 good commit known >>> # bad: [a0c69a570e420e86c7569b8c052913213eef2b45] Linux 6.8.10 >>> git bisect bad a0c69a570e420e86c7569b8c052913213eef2b45 >>> # bad: [4aaed9dbe8acd2b6114458f0498a617283d6275b] hv_netvsc: Don't >>> free decrypted memory >>> git bisect bad 4aaed9dbe8acd2b6114458f0498a617283d6275b >>> # bad: [ee190d04c2f99c8e557b00e997621c04592baed1] net: gro: add flush >>> check in udp_gro_receive_segment >>> git bisect bad ee190d04c2f99c8e557b00e997621c04592baed1 >>> # bad: [781e34b736014188ba9e46a71535237313dcda81] efi/unaccepted: >>> touch soft lockup during memory accept >>> git bisect bad 781e34b736014188ba9e46a71535237313dcda81 >>> # bad: [6a7b07689af6e4e023404bf69b1230f43b2a15bc] NFSD: Fix >>> nfsd4_encode_fattr4() crasher >>> git bisect bad 6a7b07689af6e4e023404bf69b1230f43b2a15bc >>> # good: [e05194baae299f2148ab5f6bab659c6ce8d1f6d3] nfs: expose >>> /proc/net/sunrpc/nfs in net namespaces >>> git bisect good e05194baae299f2148ab5f6bab659c6ce8d1f6d3 >>> # good: [946ab150335d92f852288c1c6b0f0466b5d6e97f] power: supply: >>> mt6360_charger: Fix of_match for usb-otg-vbus regulator >>> git bisect good 946ab150335d92f852288c1c6b0f0466b5d6e97f >>> # good: [b7b05f98f3f06fea3986b46e5c7fe2928676b02d] nfsd: expose >>> /proc/net/sunrpc/nfsd in net namespaces >>> git bisect good b7b05f98f3f06fea3986b46e5c7fe2928676b02d >>> # bad: [0e8003af77879572dbc1df56860cbe2bfa8498f0] NFSD: add support >>> for CB_GETATTR callback >>> git bisect bad 0e8003af77879572dbc1df56860cbe2bfa8498f0 >>> # bad: [abf5fb593c90d3ab55d6cf1dea7bec8ee0bf3566] nfsd: make all of >>> the nfsd stats per-network namespace >>> git bisect bad abf5fb593c90d3ab55d6cf1dea7bec8ee0bf3566 >>> # first bad commit: [abf5fb593c90d3ab55d6cf1dea7bec8ee0bf3566] nfsd: >>> make all of the nfsd stats per-network namespace >> >> I built a full 6.8.10 with reverted single commit >> "abf5fb593c90d3ab55d6cf1dea7bec8ee0bf3566". The server does not get >> stuck when calling "nfsstat". > > Good to know, but I don't think it's entirely safe to revert > only that patch -- all three would have to come off. > > I can't seem to get nfsstat to trigger a problem on my > server. > > > -- > Chuck Lever > >

1 year, 3 months

2
2
0 0

[PATCH 1/1] Bluetooth: hci_bcm4377: Convert PCIBIOS_* return codes to errnos

by Ilpo Järvinen

bcm4377_init_cfg() uses pci_{read,write}_config_dword() that return PCIBIOS_* codes. The return codes are returned into the calling bcm4377_probe() which directly returns the error which is of incorrect type (a probe should return normal errnos). Convert PCIBIOS_* returns code using pcibios_err_to_errno() into normal errno before returning it from bcm4377_init_cfg. This conversion is the easiest by adding a label next to return and doing the conversion there once rather than adding pcibios_err_to_errno() into every single return statement. Fixes: 8a06127602de ("Bluetooth: hci_bcm4377: Add new driver for BCM4377 PCIe boards") Cc: stable(a)vger.kernel.org Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> --- drivers/bluetooth/hci_bcm4377.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/drivers/bluetooth/hci_bcm4377.c b/drivers/bluetooth/hci_bcm4377.c index 0c2f15235b4c..b00240109dc3 100644 --- a/drivers/bluetooth/hci_bcm4377.c +++ b/drivers/bluetooth/hci_bcm4377.c @@ -2134,44 +2134,46 @@ static int bcm4377_init_cfg(struct bcm4377_data *bcm4377) BCM4377_PCIECFG_BAR0_WINDOW1, bcm4377->hw->bar0_window1); if (ret) - return ret; + goto fail; ret = pci_write_config_dword(bcm4377->pdev, BCM4377_PCIECFG_BAR0_WINDOW2, bcm4377->hw->bar0_window2); if (ret) - return ret; + goto fail; ret = pci_write_config_dword( bcm4377->pdev, BCM4377_PCIECFG_BAR0_CORE2_WINDOW1, BCM4377_PCIECFG_BAR0_CORE2_WINDOW1_DEFAULT); if (ret) - return ret; + goto fail; if (bcm4377->hw->has_bar0_core2_window2) { ret = pci_write_config_dword(bcm4377->pdev, BCM4377_PCIECFG_BAR0_CORE2_WINDOW2, bcm4377->hw->bar0_core2_window2); if (ret) - return ret; + goto fail; } ret = pci_write_config_dword(bcm4377->pdev, BCM4377_PCIECFG_BAR2_WINDOW, BCM4377_PCIECFG_BAR2_WINDOW_DEFAULT); if (ret) - return ret; + goto fail; ret = pci_read_config_dword(bcm4377->pdev, BCM4377_PCIECFG_SUBSYSTEM_CTRL, &ctrl); if (ret) - return ret; + goto fail; if (bcm4377->hw->clear_pciecfg_subsystem_ctrl_bit19) ctrl &= ~BIT(19); ctrl |= BIT(16); - return pci_write_config_dword(bcm4377->pdev, - BCM4377_PCIECFG_SUBSYSTEM_CTRL, ctrl); + ret = pci_write_config_dword(bcm4377->pdev, + BCM4377_PCIECFG_SUBSYSTEM_CTRL, ctrl); +fail: + return pcibios_err_to_errno(ret); } static int bcm4377_probe_dmi(struct bcm4377_data *bcm4377) -- 2.39.2

1 year, 3 months

2
1
0 0

[PATCH AUTOSEL 4.19 1/2] powerpc/pseries: Enforce hcall result buffer validity and size

by Sasha Levin

From: Nathan Lynch <nathanl(a)linux.ibm.com> [ Upstream commit ff2e185cf73df480ec69675936c4ee75a445c3e4 ] plpar_hcall(), plpar_hcall9(), and related functions expect callers to provide valid result buffers of certain minimum size. Currently this is communicated only through comments in the code and the compiler has no idea. For example, if I write a bug like this: long retbuf[PLPAR_HCALL_BUFSIZE]; // should be PLPAR_HCALL9_BUFSIZE plpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf, ...); This compiles with no diagnostics emitted, but likely results in stack corruption at runtime when plpar_hcall9() stores results past the end of the array. (To be clear this is a contrived example and I have not found a real instance yet.) To make this class of error less likely, we can use explicitly-sized array parameters instead of pointers in the declarations for the hcall APIs. When compiled with -Warray-bounds[1], the code above now provokes a diagnostic like this: error: array argument is too small; is of size 32, callee requires at least 72 [-Werror,-Warray-bounds] 60 | plpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf, | ^ ~~~~~~ [1] Enabled for LLVM builds but not GCC for now. See commit 0da6e5fd6c37 ("gcc: disable '-Warray-bounds' for gcc-13 too") and related changes. Signed-off-by: Nathan Lynch <nathanl(a)linux.ibm.com> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Link: https://msgid.link/20240408-pseries-hvcall-retbuf-v1-1-ebc73d7253cf@linux.i… Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- arch/powerpc/include/asm/hvcall.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/powerpc/include/asm/hvcall.h b/arch/powerpc/include/asm/hvcall.h index a0b17f9f1ea4e..8347f57e1c6a3 100644 --- a/arch/powerpc/include/asm/hvcall.h +++ b/arch/powerpc/include/asm/hvcall.h @@ -383,7 +383,7 @@ long plpar_hcall_norets(unsigned long opcode, ...); * Used for all but the craziest of phyp interfaces (see plpar_hcall9) */ #define PLPAR_HCALL_BUFSIZE 4 -long plpar_hcall(unsigned long opcode, unsigned long *retbuf, ...); +long plpar_hcall(unsigned long opcode, unsigned long retbuf[static PLPAR_HCALL_BUFSIZE], ...); /** * plpar_hcall_raw: - Make a hypervisor call without calculating hcall stats @@ -397,7 +397,7 @@ long plpar_hcall(unsigned long opcode, unsigned long *retbuf, ...); * plpar_hcall, but plpar_hcall_raw works in real mode and does not * calculate hypervisor call statistics. */ -long plpar_hcall_raw(unsigned long opcode, unsigned long *retbuf, ...); +long plpar_hcall_raw(unsigned long opcode, unsigned long retbuf[static PLPAR_HCALL_BUFSIZE], ...); /** * plpar_hcall9: - Make a pseries hypervisor call with up to 9 return arguments @@ -408,8 +408,8 @@ long plpar_hcall_raw(unsigned long opcode, unsigned long *retbuf, ...); * PLPAR_HCALL9_BUFSIZE to size the return argument buffer. */ #define PLPAR_HCALL9_BUFSIZE 9 -long plpar_hcall9(unsigned long opcode, unsigned long *retbuf, ...); -long plpar_hcall9_raw(unsigned long opcode, unsigned long *retbuf, ...); +long plpar_hcall9(unsigned long opcode, unsigned long retbuf[static PLPAR_HCALL9_BUFSIZE], ...); +long plpar_hcall9_raw(unsigned long opcode, unsigned long retbuf[static PLPAR_HCALL9_BUFSIZE], ...); struct hvcall_mpp_data { unsigned long entitled_mem; -- 2.43.0

1 year, 3 months

1
1
0 0

[PATCH AUTOSEL 5.4 1/3] media: lgdt3306a: Add a check against null-pointer-def

by Sasha Levin

From: Zheyu Ma <zheyuma97(a)gmail.com> [ Upstream commit c1115ddbda9c930fba0fdd062e7a8873ebaf898d ] The driver should check whether the client provides the platform_data. The following log reveals it: [ 29.610324] BUG: KASAN: null-ptr-deref in kmemdup+0x30/0x40 [ 29.610730] Read of size 40 at addr 0000000000000000 by task bash/414 [ 29.612820] Call Trace: [ 29.613030] <TASK> [ 29.613201] dump_stack_lvl+0x56/0x6f [ 29.613496] ? kmemdup+0x30/0x40 [ 29.613754] print_report.cold+0x494/0x6b7 [ 29.614082] ? kmemdup+0x30/0x40 [ 29.614340] kasan_report+0x8a/0x190 [ 29.614628] ? kmemdup+0x30/0x40 [ 29.614888] kasan_check_range+0x14d/0x1d0 [ 29.615213] memcpy+0x20/0x60 [ 29.615454] kmemdup+0x30/0x40 [ 29.615700] lgdt3306a_probe+0x52/0x310 [ 29.616339] i2c_device_probe+0x951/0xa90 Link: https://lore.kernel.org/linux-media/20220405095018.3993578-1-zheyuma97@gmai… Signed-off-by: Zheyu Ma <zheyuma97(a)gmail.com> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/media/dvb-frontends/lgdt3306a.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/media/dvb-frontends/lgdt3306a.c b/drivers/media/dvb-frontends/lgdt3306a.c index 0e7d97e7b0f50..a4d881c721b82 100644 --- a/drivers/media/dvb-frontends/lgdt3306a.c +++ b/drivers/media/dvb-frontends/lgdt3306a.c @@ -2199,6 +2199,11 @@ static int lgdt3306a_probe(struct i2c_client *client, struct dvb_frontend *fe; int ret; + if (!client->dev.platform_data) { + dev_err(&client->dev, "platform data is mandatory\n"); + return -EINVAL; + } + config = kmemdup(client->dev.platform_data, sizeof(struct lgdt3306a_config), GFP_KERNEL); if (config == NULL) { -- 2.43.0

1 year, 3 months

1
2
0 0

[PATCH AUTOSEL 5.15 1/6] drm/amd/display: Exit idle optimizations before HDCP execution

by Sasha Levin

From: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> [ Upstream commit f30a3bea92bdab398531129d187629fb1d28f598 ] [WHY] PSP can access DCN registers during command submission and we need to ensure that DCN is not in PG before doing so. [HOW] Add a callback to DM to lock and notify DC for idle optimization exit. It can't be DC directly because of a potential race condition with the link protection thread and the rest of DM operation. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Reviewed-by: Charlene Liu <charlene.liu(a)amd.com> Acked-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c | 10 ++++++++++ drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h | 8 ++++++++ 2 files changed, 18 insertions(+) diff --git a/drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c b/drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c index 3e81850a7ffe3..47bb973669d85 100644 --- a/drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c +++ b/drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c @@ -88,6 +88,14 @@ static uint8_t is_cp_desired_hdcp2(struct mod_hdcp *hdcp) !hdcp->connection.is_hdcp2_revoked; } +static void exit_idle_optimizations(struct mod_hdcp *hdcp) +{ + struct mod_hdcp_dm *dm = &hdcp->config.dm; + + if (dm->funcs.exit_idle_optimizations) + dm->funcs.exit_idle_optimizations(dm->handle); +} + static enum mod_hdcp_status execution(struct mod_hdcp *hdcp, struct mod_hdcp_event_context *event_ctx, union mod_hdcp_transition_input *input) @@ -507,6 +515,8 @@ enum mod_hdcp_status mod_hdcp_process_event(struct mod_hdcp *hdcp, memset(&event_ctx, 0, sizeof(struct mod_hdcp_event_context)); event_ctx.event = event; + exit_idle_optimizations(hdcp); + /* execute and transition */ exec_status = execution(hdcp, &event_ctx, &hdcp->auth.trans_input); trans_status = transition( diff --git a/drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h b/drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h index f37101f5a7777..8a620c34396c7 100644 --- a/drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h +++ b/drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h @@ -154,6 +154,13 @@ struct mod_hdcp_ddc { } funcs; }; +struct mod_hdcp_dm { + void *handle; + struct { + void (*exit_idle_optimizations)(void *handle); + } funcs; +}; + struct mod_hdcp_psp { void *handle; void *funcs; @@ -269,6 +276,7 @@ struct mod_hdcp_display_query { struct mod_hdcp_config { struct mod_hdcp_psp psp; struct mod_hdcp_ddc ddc; + struct mod_hdcp_dm dm; uint8_t index; }; -- 2.43.0

1 year, 3 months

1
5
0 0

[PATCH AUTOSEL 6.1 01/11] drm/amd/display: Exit idle optimizations before HDCP execution

by Sasha Levin

From: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> [ Upstream commit f30a3bea92bdab398531129d187629fb1d28f598 ] [WHY] PSP can access DCN registers during command submission and we need to ensure that DCN is not in PG before doing so. [HOW] Add a callback to DM to lock and notify DC for idle optimization exit. It can't be DC directly because of a potential race condition with the link protection thread and the rest of DM operation. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Reviewed-by: Charlene Liu <charlene.liu(a)amd.com> Acked-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c | 10 ++++++++++ drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h | 8 ++++++++ 2 files changed, 18 insertions(+) diff --git a/drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c b/drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c index 5e01c6e24cbc8..9a5a1726acaf8 100644 --- a/drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c +++ b/drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c @@ -88,6 +88,14 @@ static uint8_t is_cp_desired_hdcp2(struct mod_hdcp *hdcp) !hdcp->connection.is_hdcp2_revoked; } +static void exit_idle_optimizations(struct mod_hdcp *hdcp) +{ + struct mod_hdcp_dm *dm = &hdcp->config.dm; + + if (dm->funcs.exit_idle_optimizations) + dm->funcs.exit_idle_optimizations(dm->handle); +} + static enum mod_hdcp_status execution(struct mod_hdcp *hdcp, struct mod_hdcp_event_context *event_ctx, union mod_hdcp_transition_input *input) @@ -543,6 +551,8 @@ enum mod_hdcp_status mod_hdcp_process_event(struct mod_hdcp *hdcp, memset(&event_ctx, 0, sizeof(struct mod_hdcp_event_context)); event_ctx.event = event; + exit_idle_optimizations(hdcp); + /* execute and transition */ exec_status = execution(hdcp, &event_ctx, &hdcp->auth.trans_input); trans_status = transition( diff --git a/drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h b/drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h index 3348bb97ef81a..dfa8168e51890 100644 --- a/drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h +++ b/drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h @@ -155,6 +155,13 @@ struct mod_hdcp_ddc { } funcs; }; +struct mod_hdcp_dm { + void *handle; + struct { + void (*exit_idle_optimizations)(void *handle); + } funcs; +}; + struct mod_hdcp_psp { void *handle; void *funcs; @@ -271,6 +278,7 @@ struct mod_hdcp_display_query { struct mod_hdcp_config { struct mod_hdcp_psp psp; struct mod_hdcp_ddc ddc; + struct mod_hdcp_dm dm; uint8_t index; }; -- 2.43.0

1 year, 3 months

1
10
0 0

[PATCH AUTOSEL 6.6 01/16] drm/amd/display: Exit idle optimizations before HDCP execution

by Sasha Levin

From: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> [ Upstream commit f30a3bea92bdab398531129d187629fb1d28f598 ] [WHY] PSP can access DCN registers during command submission and we need to ensure that DCN is not in PG before doing so. [HOW] Add a callback to DM to lock and notify DC for idle optimization exit. It can't be DC directly because of a potential race condition with the link protection thread and the rest of DM operation. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Reviewed-by: Charlene Liu <charlene.liu(a)amd.com> Acked-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c | 10 ++++++++++ drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h | 8 ++++++++ 2 files changed, 18 insertions(+) diff --git a/drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c b/drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c index 5e01c6e24cbc8..9a5a1726acaf8 100644 --- a/drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c +++ b/drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c @@ -88,6 +88,14 @@ static uint8_t is_cp_desired_hdcp2(struct mod_hdcp *hdcp) !hdcp->connection.is_hdcp2_revoked; } +static void exit_idle_optimizations(struct mod_hdcp *hdcp) +{ + struct mod_hdcp_dm *dm = &hdcp->config.dm; + + if (dm->funcs.exit_idle_optimizations) + dm->funcs.exit_idle_optimizations(dm->handle); +} + static enum mod_hdcp_status execution(struct mod_hdcp *hdcp, struct mod_hdcp_event_context *event_ctx, union mod_hdcp_transition_input *input) @@ -543,6 +551,8 @@ enum mod_hdcp_status mod_hdcp_process_event(struct mod_hdcp *hdcp, memset(&event_ctx, 0, sizeof(struct mod_hdcp_event_context)); event_ctx.event = event; + exit_idle_optimizations(hdcp); + /* execute and transition */ exec_status = execution(hdcp, &event_ctx, &hdcp->auth.trans_input); trans_status = transition( diff --git a/drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h b/drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h index a4d344a4db9e1..cdb17b093f2b8 100644 --- a/drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h +++ b/drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h @@ -156,6 +156,13 @@ struct mod_hdcp_ddc { } funcs; }; +struct mod_hdcp_dm { + void *handle; + struct { + void (*exit_idle_optimizations)(void *handle); + } funcs; +}; + struct mod_hdcp_psp { void *handle; void *funcs; @@ -272,6 +279,7 @@ struct mod_hdcp_display_query { struct mod_hdcp_config { struct mod_hdcp_psp psp; struct mod_hdcp_ddc ddc; + struct mod_hdcp_dm dm; uint8_t index; }; -- 2.43.0

1 year, 3 months

1
15
0 0

[PATCH AUTOSEL 6.8 01/20] drm/amd/display: Exit idle optimizations before HDCP execution

by Sasha Levin

From: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> [ Upstream commit f30a3bea92bdab398531129d187629fb1d28f598 ] [WHY] PSP can access DCN registers during command submission and we need to ensure that DCN is not in PG before doing so. [HOW] Add a callback to DM to lock and notify DC for idle optimization exit. It can't be DC directly because of a potential race condition with the link protection thread and the rest of DM operation. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Reviewed-by: Charlene Liu <charlene.liu(a)amd.com> Acked-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c | 10 ++++++++++ drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h | 8 ++++++++ 2 files changed, 18 insertions(+) diff --git a/drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c b/drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c index 5e01c6e24cbc8..9a5a1726acaf8 100644 --- a/drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c +++ b/drivers/gpu/drm/amd/display/modules/hdcp/hdcp.c @@ -88,6 +88,14 @@ static uint8_t is_cp_desired_hdcp2(struct mod_hdcp *hdcp) !hdcp->connection.is_hdcp2_revoked; } +static void exit_idle_optimizations(struct mod_hdcp *hdcp) +{ + struct mod_hdcp_dm *dm = &hdcp->config.dm; + + if (dm->funcs.exit_idle_optimizations) + dm->funcs.exit_idle_optimizations(dm->handle); +} + static enum mod_hdcp_status execution(struct mod_hdcp *hdcp, struct mod_hdcp_event_context *event_ctx, union mod_hdcp_transition_input *input) @@ -543,6 +551,8 @@ enum mod_hdcp_status mod_hdcp_process_event(struct mod_hdcp *hdcp, memset(&event_ctx, 0, sizeof(struct mod_hdcp_event_context)); event_ctx.event = event; + exit_idle_optimizations(hdcp); + /* execute and transition */ exec_status = execution(hdcp, &event_ctx, &hdcp->auth.trans_input); trans_status = transition( diff --git a/drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h b/drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h index a4d344a4db9e1..cdb17b093f2b8 100644 --- a/drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h +++ b/drivers/gpu/drm/amd/display/modules/inc/mod_hdcp.h @@ -156,6 +156,13 @@ struct mod_hdcp_ddc { } funcs; }; +struct mod_hdcp_dm { + void *handle; + struct { + void (*exit_idle_optimizations)(void *handle); + } funcs; +}; + struct mod_hdcp_psp { void *handle; void *funcs; @@ -272,6 +279,7 @@ struct mod_hdcp_display_query { struct mod_hdcp_config { struct mod_hdcp_psp psp; struct mod_hdcp_ddc ddc; + struct mod_hdcp_dm dm; uint8_t index; }; -- 2.43.0

1 year, 3 months

1
19
0 0

[PATCH v2] dma-buf: handle testing kthreads creation failure

by Fedor Pchelkin

kthread creation may possibly fail inside race_signal_callback(). In such a case stop the already started threads, put the already taken references to them and return with error code. Found by Linux Verification Center (linuxtesting.org). Fixes: 2989f6451084 ("dma-buf: Add selftests for dma-fence") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- v2: use kthread_stop_put() to actually put the last reference as T.J. Mercier noticed; link to v1: https://lore.kernel.org/lkml/20240522122326.696928-1-pchelkin@ispras.ru/ drivers/dma-buf/st-dma-fence.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/dma-buf/st-dma-fence.c b/drivers/dma-buf/st-dma-fence.c index b7c6f7ea9e0c..6a1bfcd0cc21 100644 --- a/drivers/dma-buf/st-dma-fence.c +++ b/drivers/dma-buf/st-dma-fence.c @@ -540,6 +540,12 @@ static int race_signal_callback(void *arg) t[i].before = pass; t[i].task = kthread_run(thread_signal_callback, &t[i], "dma-fence:%d", i); + if (IS_ERR(t[i].task)) { + ret = PTR_ERR(t[i].task); + while (--i >= 0) + kthread_stop_put(t[i].task); + return ret; + } get_task_struct(t[i].task); } -- 2.39.2

1 year, 3 months

3
2
0 0

[PATCH AUTOSEL 6.8 01/30] ssb: Fix potential NULL pointer dereference in ssb_device_uevent()

by Sasha Levin

From: Rand Deeb <rand.sec96(a)gmail.com> [ Upstream commit 789c17185fb0f39560496c2beab9b57ce1d0cbe7 ] The ssb_device_uevent() function first attempts to convert the 'dev' pointer to 'struct ssb_device *'. However, it mistakenly dereferences 'dev' before performing the NULL check, potentially leading to a NULL pointer dereference if 'dev' is NULL. To fix this issue, move the NULL check before dereferencing the 'dev' pointer, ensuring that the pointer is valid before attempting to use it. Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by: Rand Deeb <rand.sec96(a)gmail.com> Signed-off-by: Kalle Valo <kvalo(a)kernel.org> Link: https://msgid.link/20240306123028.164155-1-rand.sec96@gmail.com Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/ssb/main.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/ssb/main.c b/drivers/ssb/main.c index b9934b9c2d708..070a99a4180cc 100644 --- a/drivers/ssb/main.c +++ b/drivers/ssb/main.c @@ -341,11 +341,13 @@ static int ssb_bus_match(struct device *dev, struct device_driver *drv) static int ssb_device_uevent(const struct device *dev, struct kobj_uevent_env *env) { - const struct ssb_device *ssb_dev = dev_to_ssb_dev(dev); + const struct ssb_device *ssb_dev; if (!dev) return -ENODEV; + ssb_dev = dev_to_ssb_dev(dev); + return add_uevent_var(env, "MODALIAS=ssb:v%04Xid%04Xrev%02X", ssb_dev->id.vendor, ssb_dev->id.coreid, -- 2.43.0

1 year, 3 months

2
30
0 0

[PATCH AUTOSEL 6.6 01/21] ssb: Fix potential NULL pointer dereference in ssb_device_uevent()

by Sasha Levin

From: Rand Deeb <rand.sec96(a)gmail.com> [ Upstream commit 789c17185fb0f39560496c2beab9b57ce1d0cbe7 ] The ssb_device_uevent() function first attempts to convert the 'dev' pointer to 'struct ssb_device *'. However, it mistakenly dereferences 'dev' before performing the NULL check, potentially leading to a NULL pointer dereference if 'dev' is NULL. To fix this issue, move the NULL check before dereferencing the 'dev' pointer, ensuring that the pointer is valid before attempting to use it. Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by: Rand Deeb <rand.sec96(a)gmail.com> Signed-off-by: Kalle Valo <kvalo(a)kernel.org> Link: https://msgid.link/20240306123028.164155-1-rand.sec96@gmail.com Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/ssb/main.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/ssb/main.c b/drivers/ssb/main.c index ab080cf26c9ff..0c736d51566dc 100644 --- a/drivers/ssb/main.c +++ b/drivers/ssb/main.c @@ -341,11 +341,13 @@ static int ssb_bus_match(struct device *dev, struct device_driver *drv) static int ssb_device_uevent(const struct device *dev, struct kobj_uevent_env *env) { - const struct ssb_device *ssb_dev = dev_to_ssb_dev(dev); + const struct ssb_device *ssb_dev; if (!dev) return -ENODEV; + ssb_dev = dev_to_ssb_dev(dev); + return add_uevent_var(env, "MODALIAS=ssb:v%04Xid%04Xrev%02X", ssb_dev->id.vendor, ssb_dev->id.coreid, -- 2.43.0

1 year, 3 months

2
21
0 0

[PATCH AUTOSEL 6.1 01/17] selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh

by Sasha Levin

From: "Alessandro Carminati (Red Hat)" <alessandro.carminati(a)gmail.com> [ Upstream commit f803bcf9208a2540acb4c32bdc3616673169f490 ] In some systems, the netcat server can incur in delay to start listening. When this happens, the test can randomly fail in various points. This is an example error message: # ip gre none gso # encap 192.168.1.1 to 192.168.1.2, type gre, mac none len 2000 # test basic connectivity # Ncat: Connection refused. The issue stems from a race condition between the netcat client and server. The test author had addressed this problem by implementing a sleep, which I have removed in this patch. This patch introduces a function capable of sleeping for up to two seconds. However, it can terminate the waiting period early if the port is reported to be listening. Signed-off-by: Alessandro Carminati (Red Hat) <alessandro.carminati(a)gmail.com> Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Link: https://lore.kernel.org/bpf/20240314105911.213411-1-alessandro.carminati@gm… Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/bpf/test_tc_tunnel.sh | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/bpf/test_tc_tunnel.sh b/tools/testing/selftests/bpf/test_tc_tunnel.sh index 334bdfeab9403..365a2c7a89bad 100755 --- a/tools/testing/selftests/bpf/test_tc_tunnel.sh +++ b/tools/testing/selftests/bpf/test_tc_tunnel.sh @@ -72,7 +72,6 @@ cleanup() { server_listen() { ip netns exec "${ns2}" nc "${netcat_opt}" -l "${port}" > "${outfile}" & server_pid=$! - sleep 0.2 } client_connect() { @@ -93,6 +92,16 @@ verify_data() { fi } +wait_for_port() { + for i in $(seq 20); do + if ip netns exec "${ns2}" ss ${2:--4}OHntl | grep -q "$1"; then + return 0 + fi + sleep 0.1 + done + return 1 +} + set -e # no arguments: automated test, run all @@ -190,6 +199,7 @@ setup # basic communication works echo "test basic connectivity" server_listen +wait_for_port ${port} ${netcat_opt} client_connect verify_data @@ -201,6 +211,7 @@ ip netns exec "${ns1}" tc filter add dev veth1 egress \ section "encap_${tuntype}_${mac}" echo "test bpf encap without decap (expect failure)" server_listen +wait_for_port ${port} ${netcat_opt} ! client_connect if [[ "$tuntype" =~ "udp" ]]; then -- 2.43.0

1 year, 3 months

2
17
0 0

[PATCH AUTOSEL 5.15 01/13] selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh

by Sasha Levin

From: "Alessandro Carminati (Red Hat)" <alessandro.carminati(a)gmail.com> [ Upstream commit f803bcf9208a2540acb4c32bdc3616673169f490 ] In some systems, the netcat server can incur in delay to start listening. When this happens, the test can randomly fail in various points. This is an example error message: # ip gre none gso # encap 192.168.1.1 to 192.168.1.2, type gre, mac none len 2000 # test basic connectivity # Ncat: Connection refused. The issue stems from a race condition between the netcat client and server. The test author had addressed this problem by implementing a sleep, which I have removed in this patch. This patch introduces a function capable of sleeping for up to two seconds. However, it can terminate the waiting period early if the port is reported to be listening. Signed-off-by: Alessandro Carminati (Red Hat) <alessandro.carminati(a)gmail.com> Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Link: https://lore.kernel.org/bpf/20240314105911.213411-1-alessandro.carminati@gm… Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/bpf/test_tc_tunnel.sh | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/bpf/test_tc_tunnel.sh b/tools/testing/selftests/bpf/test_tc_tunnel.sh index 088fcad138c98..38c6e9f16f41e 100755 --- a/tools/testing/selftests/bpf/test_tc_tunnel.sh +++ b/tools/testing/selftests/bpf/test_tc_tunnel.sh @@ -71,7 +71,6 @@ cleanup() { server_listen() { ip netns exec "${ns2}" nc "${netcat_opt}" -l "${port}" > "${outfile}" & server_pid=$! - sleep 0.2 } client_connect() { @@ -92,6 +91,16 @@ verify_data() { fi } +wait_for_port() { + for i in $(seq 20); do + if ip netns exec "${ns2}" ss ${2:--4}OHntl | grep -q "$1"; then + return 0 + fi + sleep 0.1 + done + return 1 +} + set -e # no arguments: automated test, run all @@ -189,6 +198,7 @@ setup # basic communication works echo "test basic connectivity" server_listen +wait_for_port ${port} ${netcat_opt} client_connect verify_data @@ -200,6 +210,7 @@ ip netns exec "${ns1}" tc filter add dev veth1 egress \ section "encap_${tuntype}_${mac}" echo "test bpf encap without decap (expect failure)" server_listen +wait_for_port ${port} ${netcat_opt} ! client_connect if [[ "$tuntype" =~ "udp" ]]; then -- 2.43.0

1 year, 3 months

2
13
0 0

[PATCH AUTOSEL 5.10 01/13] selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh

by Sasha Levin

From: "Alessandro Carminati (Red Hat)" <alessandro.carminati(a)gmail.com> [ Upstream commit f803bcf9208a2540acb4c32bdc3616673169f490 ] In some systems, the netcat server can incur in delay to start listening. When this happens, the test can randomly fail in various points. This is an example error message: # ip gre none gso # encap 192.168.1.1 to 192.168.1.2, type gre, mac none len 2000 # test basic connectivity # Ncat: Connection refused. The issue stems from a race condition between the netcat client and server. The test author had addressed this problem by implementing a sleep, which I have removed in this patch. This patch introduces a function capable of sleeping for up to two seconds. However, it can terminate the waiting period early if the port is reported to be listening. Signed-off-by: Alessandro Carminati (Red Hat) <alessandro.carminati(a)gmail.com> Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Link: https://lore.kernel.org/bpf/20240314105911.213411-1-alessandro.carminati@gm… Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/bpf/test_tc_tunnel.sh | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/bpf/test_tc_tunnel.sh b/tools/testing/selftests/bpf/test_tc_tunnel.sh index 7c76b841b17bb..21bde60c95230 100755 --- a/tools/testing/selftests/bpf/test_tc_tunnel.sh +++ b/tools/testing/selftests/bpf/test_tc_tunnel.sh @@ -71,7 +71,6 @@ cleanup() { server_listen() { ip netns exec "${ns2}" nc "${netcat_opt}" -l -p "${port}" > "${outfile}" & server_pid=$! - sleep 0.2 } client_connect() { @@ -92,6 +91,16 @@ verify_data() { fi } +wait_for_port() { + for i in $(seq 20); do + if ip netns exec "${ns2}" ss ${2:--4}OHntl | grep -q "$1"; then + return 0 + fi + sleep 0.1 + done + return 1 +} + set -e # no arguments: automated test, run all @@ -183,6 +192,7 @@ setup # basic communication works echo "test basic connectivity" server_listen +wait_for_port ${port} ${netcat_opt} client_connect verify_data @@ -194,6 +204,7 @@ ip netns exec "${ns1}" tc filter add dev veth1 egress \ section "encap_${tuntype}_${mac}" echo "test bpf encap without decap (expect failure)" server_listen +wait_for_port ${port} ${netcat_opt} ! client_connect if [[ "$tuntype" =~ "udp" ]]; then -- 2.43.0

1 year, 3 months

2
13
0 0

[PATCH AUTOSEL 4.19 1/3] batman-adv: bypass empty buckets in batadv_purge_orig_ref()

by Sasha Levin

From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit 40dc8ab605894acae1473e434944924a22cfaaa0 ] Many syzbot reports are pointing to soft lockups in batadv_purge_orig_ref() [1] Root cause is unknown, but we can avoid spending too much time there and perhaps get more interesting reports. [1] watchdog: BUG: soft lockup - CPU#0 stuck for 27s! [kworker/u4:6:621] Modules linked in: irq event stamp: 6182794 hardirqs last enabled at (6182793): [<ffff8000801dae10>] __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:386 hardirqs last disabled at (6182794): [<ffff80008ad66a78>] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline] hardirqs last disabled at (6182794): [<ffff80008ad66a78>] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551 softirqs last enabled at (6182792): [<ffff80008aab71c4>] spin_unlock_bh include/linux/spinlock.h:396 [inline] softirqs last enabled at (6182792): [<ffff80008aab71c4>] batadv_purge_orig_ref+0x114c/0x1228 net/batman-adv/originator.c:1287 softirqs last disabled at (6182790): [<ffff80008aab61dc>] spin_lock_bh include/linux/spinlock.h:356 [inline] softirqs last disabled at (6182790): [<ffff80008aab61dc>] batadv_purge_orig_ref+0x164/0x1228 net/batman-adv/originator.c:1271 CPU: 0 PID: 621 Comm: kworker/u4:6 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 Workqueue: bat_events batadv_purge_orig pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : should_resched arch/arm64/include/asm/preempt.h:79 [inline] pc : __local_bh_enable_ip+0x228/0x44c kernel/softirq.c:388 lr : __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:386 sp : ffff800099007970 x29: ffff800099007980 x28: 1fffe00018fce1bd x27: dfff800000000000 x26: ffff0000d2620008 x25: ffff0000c7e70de8 x24: 0000000000000001 x23: 1fffe00018e57781 x22: dfff800000000000 x21: ffff80008aab71c4 x20: ffff0001b40136c0 x19: ffff0000c72bbc08 x18: 1fffe0001a817bb0 x17: ffff800125414000 x16: ffff80008032116c x15: 0000000000000001 x14: 1fffe0001ee9d610 x13: 0000000000000000 x12: 0000000000000003 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 0000000000000000 x8 : 00000000005e5789 x7 : ffff80008aab61dc x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000 x2 : 0000000000000006 x1 : 0000000000000080 x0 : ffff800125414000 Call trace: __daif_local_irq_enable arch/arm64/include/asm/irqflags.h:27 [inline] arch_local_irq_enable arch/arm64/include/asm/irqflags.h:49 [inline] __local_bh_enable_ip+0x228/0x44c kernel/softirq.c:386 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline] _raw_spin_unlock_bh+0x3c/0x4c kernel/locking/spinlock.c:210 spin_unlock_bh include/linux/spinlock.h:396 [inline] batadv_purge_orig_ref+0x114c/0x1228 net/batman-adv/originator.c:1287 batadv_purge_orig+0x20/0x70 net/batman-adv/originator.c:1300 process_one_work+0x694/0x1204 kernel/workqueue.c:2633 process_scheduled_works kernel/workqueue.c:2706 [inline] worker_thread+0x938/0xef4 kernel/workqueue.c:2787 kthread+0x288/0x310 kernel/kthread.c:388 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : arch_local_irq_enable+0x8/0xc arch/arm64/include/asm/irqflags.h:51 lr : default_idle_call+0xf8/0x128 kernel/sched/idle.c:103 sp : ffff800093a17d30 x29: ffff800093a17d30 x28: dfff800000000000 x27: 1ffff00012742fb4 x26: ffff80008ec9d000 x25: 0000000000000000 x24: 0000000000000002 x23: 1ffff00011d93a74 x22: ffff80008ec9d3a0 x21: 0000000000000000 x20: ffff0000c19dbc00 x19: ffff8000802d0fd8 x18: 1fffe00036804396 x17: ffff80008ec9d000 x16: ffff8000802d089c x15: 0000000000000001 x14: 1fffe00036805f10 x13: 0000000000000000 x12: 0000000000000003 x11: 0000000000000001 x10: 0000000000000003 x9 : 0000000000000000 x8 : 00000000000ce8d1 x7 : ffff8000804609e4 x6 : 0000000000000000 x5 : 0000000000000001 x4 : 0000000000000001 x3 : ffff80008ad6aac0 x2 : 0000000000000000 x1 : ffff80008aedea60 x0 : ffff800125436000 Call trace: __daif_local_irq_enable arch/arm64/include/asm/irqflags.h:27 [inline] arch_local_irq_enable+0x8/0xc arch/arm64/include/asm/irqflags.h:49 cpuidle_idle_call kernel/sched/idle.c:170 [inline] do_idle+0x1f0/0x4e8 kernel/sched/idle.c:312 cpu_startup_entry+0x5c/0x74 kernel/sched/idle.c:410 secondary_start_kernel+0x198/0x1c0 arch/arm64/kernel/smp.c:272 __secondary_switched+0xb8/0xbc arch/arm64/kernel/head.S:404 Signed-off-by: Eric Dumazet <edumazet(a)google.com> Signed-off-by: Sven Eckelmann <sven(a)narfation.org> Signed-off-by: Simon Wunderlich <sw(a)simonwunderlich.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/batman-adv/originator.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/batman-adv/originator.c b/net/batman-adv/originator.c index 1d295da3e342b..c1ad1ae21eeac 100644 --- a/net/batman-adv/originator.c +++ b/net/batman-adv/originator.c @@ -1358,6 +1358,8 @@ void batadv_purge_orig_ref(struct batadv_priv *bat_priv) /* for all origins... */ for (i = 0; i < hash->size; i++) { head = &hash->table[i]; + if (hlist_empty(head)) + continue; list_lock = &hash->list_locks[i]; spin_lock_bh(list_lock); -- 2.43.0

1 year, 3 months

2
3
0 0

[PATCH v3] af_packet: Handle outgoing VLAN packets without hardware offloading

by Chengen Du

The issue initially stems from libpcap [1]. In the outbound packet path, if hardware VLAN offloading is unavailable, the VLAN tag is inserted into the payload but then cleared from the sk_buff struct. Consequently, this can lead to a false negative when checking for the presence of a VLAN tag, causing the packet sniffing outcome to lack VLAN tag information (i.e., TCI-TPID). As a result, the packet capturing tool may be unable to parse packets as expected. The TCI-TPID is missing because the prb_fill_vlan_info() function does not modify the tp_vlan_tci/tp_vlan_tpid values, as the information is in the payload and not in the sk_buff struct. The skb_vlan_tag_present() function only checks vlan_all in the sk_buff struct. In cooked mode, the L2 header is stripped, preventing the packet capturing tool from determining the correct TCI-TPID value. Additionally, the protocol in SLL is incorrect, which means the packet capturing tool cannot parse the L3 header correctly. [1] https://github.com/the-tcpdump-group/libpcap/issues/1105 Fixes: f6fb8f100b80 ("af-packet: TPACKET_V3 flexible buffer implementation.") Cc: stable(a)vger.kernel.org Signed-off-by: Chengen Du <chengen.du(a)canonical.com> --- net/packet/af_packet.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c index ea3ebc160e25..82b36e90d73b 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c @@ -1011,6 +1011,10 @@ static void prb_fill_vlan_info(struct tpacket_kbdq_core *pkc, ppd->hv1.tp_vlan_tci = skb_vlan_tag_get(pkc->skb); ppd->hv1.tp_vlan_tpid = ntohs(pkc->skb->vlan_proto); ppd->tp_status = TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; + } else if (eth_type_vlan(pkc->skb->protocol)) { + ppd->hv1.tp_vlan_tci = ntohs(vlan_eth_hdr(pkc->skb)->h_vlan_TCI); + ppd->hv1.tp_vlan_tpid = ntohs(pkc->skb->protocol); + ppd->tp_status = TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; } else { ppd->hv1.tp_vlan_tci = 0; ppd->hv1.tp_vlan_tpid = 0; @@ -2428,6 +2432,10 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, h.h2->tp_vlan_tci = skb_vlan_tag_get(skb); h.h2->tp_vlan_tpid = ntohs(skb->vlan_proto); status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; + } else if (eth_type_vlan(skb->protocol)) { + h.h2->tp_vlan_tci = ntohs(vlan_eth_hdr(skb)->h_vlan_TCI); + h.h2->tp_vlan_tpid = ntohs(skb->protocol); + status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; } else { h.h2->tp_vlan_tci = 0; h.h2->tp_vlan_tpid = 0; @@ -2457,7 +2465,8 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, sll->sll_halen = dev_parse_header(skb, sll->sll_addr); sll->sll_family = AF_PACKET; sll->sll_hatype = dev->type; - sll->sll_protocol = skb->protocol; + sll->sll_protocol = (skb->protocol == htons(ETH_P_8021Q)) ? + vlan_eth_hdr(skb)->h_vlan_encapsulated_proto : skb->protocol; sll->sll_pkttype = skb->pkt_type; if (unlikely(packet_sock_flag(po, PACKET_SOCK_ORIGDEV))) sll->sll_ifindex = orig_dev->ifindex; @@ -3482,7 +3491,8 @@ static int packet_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, /* Original length was stored in sockaddr_ll fields */ origlen = PACKET_SKB_CB(skb)->sa.origlen; sll->sll_family = AF_PACKET; - sll->sll_protocol = skb->protocol; + sll->sll_protocol = (skb->protocol == htons(ETH_P_8021Q)) ? + vlan_eth_hdr(skb)->h_vlan_encapsulated_proto : skb->protocol; } sock_recv_cmsgs(msg, sk, skb); @@ -3539,6 +3549,10 @@ static int packet_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, aux.tp_vlan_tci = skb_vlan_tag_get(skb); aux.tp_vlan_tpid = ntohs(skb->vlan_proto); aux.tp_status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; + } else if (eth_type_vlan(skb->protocol)) { + aux.tp_vlan_tci = ntohs(vlan_eth_hdr(skb)->h_vlan_TCI); + aux.tp_vlan_tpid = ntohs(skb->protocol); + aux.tp_status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; } else { aux.tp_vlan_tci = 0; aux.tp_vlan_tpid = 0; -- 2.40.1

1 year, 3 months

2
1
0 0

[PATCH AUTOSEL 5.4 1/6] selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh

by Sasha Levin

From: "Alessandro Carminati (Red Hat)" <alessandro.carminati(a)gmail.com> [ Upstream commit f803bcf9208a2540acb4c32bdc3616673169f490 ] In some systems, the netcat server can incur in delay to start listening. When this happens, the test can randomly fail in various points. This is an example error message: # ip gre none gso # encap 192.168.1.1 to 192.168.1.2, type gre, mac none len 2000 # test basic connectivity # Ncat: Connection refused. The issue stems from a race condition between the netcat client and server. The test author had addressed this problem by implementing a sleep, which I have removed in this patch. This patch introduces a function capable of sleeping for up to two seconds. However, it can terminate the waiting period early if the port is reported to be listening. Signed-off-by: Alessandro Carminati (Red Hat) <alessandro.carminati(a)gmail.com> Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Link: https://lore.kernel.org/bpf/20240314105911.213411-1-alessandro.carminati@gm… Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/bpf/test_tc_tunnel.sh | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/bpf/test_tc_tunnel.sh b/tools/testing/selftests/bpf/test_tc_tunnel.sh index 7c76b841b17bb..21bde60c95230 100755 --- a/tools/testing/selftests/bpf/test_tc_tunnel.sh +++ b/tools/testing/selftests/bpf/test_tc_tunnel.sh @@ -71,7 +71,6 @@ cleanup() { server_listen() { ip netns exec "${ns2}" nc "${netcat_opt}" -l -p "${port}" > "${outfile}" & server_pid=$! - sleep 0.2 } client_connect() { @@ -92,6 +91,16 @@ verify_data() { fi } +wait_for_port() { + for i in $(seq 20); do + if ip netns exec "${ns2}" ss ${2:--4}OHntl | grep -q "$1"; then + return 0 + fi + sleep 0.1 + done + return 1 +} + set -e # no arguments: automated test, run all @@ -183,6 +192,7 @@ setup # basic communication works echo "test basic connectivity" server_listen +wait_for_port ${port} ${netcat_opt} client_connect verify_data @@ -194,6 +204,7 @@ ip netns exec "${ns1}" tc filter add dev veth1 egress \ section "encap_${tuntype}_${mac}" echo "test bpf encap without decap (expect failure)" server_listen +wait_for_port ${port} ${netcat_opt} ! client_connect if [[ "$tuntype" =~ "udp" ]]; then -- 2.43.0

1 year, 3 months

2
6
0 0

[PATCH 1/1] intel_th: pci: Convert PCIBIOS_* return codes to errnos

by Ilpo Järvinen

intel_th_pci_activate() uses pci_{read,write}_config_dword() that return PCIBIOS_* codes. The value is returned as is to the caller. The non-errno return value is returned all the way to active_store() which then returns the value like it is an error. PCIBIOS_* return codes, however, are positive (0x8X) so the return value of the store function is treated as the length consumed from the write buffer which can confuse the userspace writer. Convert PCIBIOS_* returns code using pcibios_err_to_errno() into normal errno before returning it from intel_th_pci_activate(). Fixes: a0e7df335afd ("intel_th: Perform time resync on capture start") Cc: stable(a)vger.kernel.org Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> --- drivers/hwtracing/intel_th/pci.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/hwtracing/intel_th/pci.c b/drivers/hwtracing/intel_th/pci.c index 147d338c191e..40e2c922fbe7 100644 --- a/drivers/hwtracing/intel_th/pci.c +++ b/drivers/hwtracing/intel_th/pci.c @@ -46,7 +46,7 @@ static int intel_th_pci_activate(struct intel_th *th) if (err) dev_err(&pdev->dev, "failed to read NPKDSC register\n"); - return err; + return pcibios_err_to_errno(err); } static void intel_th_pci_deactivate(struct intel_th *th) -- 2.39.2

1 year, 3 months

1
0
0 0

[PATCH] drm/dp_mst: Fix all mstb marked as not probed after suspend/resume

by Wayne Lin

[Why] After supend/resume, with topology unchanged, observe that link_address_sent of all mstb are marked as false even the topology probing is done without any error. It is caused by wrongly also include "ret == 0" case as a probing failure case. [How] Remove inappropriate checking conditions. Cc: Lyude Paul <lyude(a)redhat.com> Cc: Harry Wentland <hwentlan(a)amd.com> Cc: Jani Nikula <jani.nikula(a)intel.com> Cc: stable(a)vger.kernel.org Fixes: 37dfdc55ffeb ("drm/dp_mst: Cleanup drm_dp_send_link_address() a bit") Signed-off-by: Wayne Lin <Wayne.Lin(a)amd.com> --- drivers/gpu/drm/display/drm_dp_mst_topology.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/display/drm_dp_mst_topology.c b/drivers/gpu/drm/display/drm_dp_mst_topology.c index 7f8e1cfbe19d..68831f4e502a 100644 --- a/drivers/gpu/drm/display/drm_dp_mst_topology.c +++ b/drivers/gpu/drm/display/drm_dp_mst_topology.c @@ -2929,7 +2929,7 @@ static int drm_dp_send_link_address(struct drm_dp_mst_topology_mgr *mgr, /* FIXME: Actually do some real error handling here */ ret = drm_dp_mst_wait_tx_reply(mstb, txmsg); - if (ret <= 0) { + if (ret < 0) { drm_err(mgr->dev, "Sending link address failed with %d\n", ret); goto out; } @@ -2981,7 +2981,7 @@ static int drm_dp_send_link_address(struct drm_dp_mst_topology_mgr *mgr, mutex_unlock(&mgr->lock); out: - if (ret <= 0) + if (ret < 0) mstb->link_address_sent = false; kfree(txmsg); return ret < 0 ? ret : changed; -- 2.37.3

1 year, 3 months

1
0
0 0

[PATCH] mtd: rawnand: Ensure ECC configuration is propagated to upper layers

by Miquel Raynal

Until recently the "upper layer" was MTD. But following incremental reworks to bring spi-nand support and more recently generic ECC support, there is now an intermediate "generic NAND" layer that also needs to get access to some values. When using "converted" ECC engines, like the software ones, these values are already propagated correctly. But otherwise when using good old raw NAND controller drivers, we need to manually set these values ourselves at the end of the "scan" operation, once these values have been negotiated. Without this propagation, later (generic) checks like the one warning users that the ECC strength is not high enough might simply no longer work. Fixes: 8c126720fe10 ("mtd: rawnand: Use the ECC framework nand_ecc_is_strong_enough() helper") Cc: stable(a)vger.kernel.org Reported-by: Sascha Hauer <s.hauer(a)pengutronix.de> Closes: https://lore.kernel.org/all/Zhe2JtvvN1M4Ompw@pengutronix.de/ Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> --- Hello Sascha, this is only compile tested, would you mind checking if that fixes your setup? Thanks, Miquèl drivers/mtd/nand/raw/nand_base.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/drivers/mtd/nand/raw/nand_base.c b/drivers/mtd/nand/raw/nand_base.c index d7dbbd469b89..acd137dd0957 100644 --- a/drivers/mtd/nand/raw/nand_base.c +++ b/drivers/mtd/nand/raw/nand_base.c @@ -6301,6 +6301,7 @@ static const struct nand_ops rawnand_ops = { static int nand_scan_tail(struct nand_chip *chip) { struct mtd_info *mtd = nand_to_mtd(chip); + struct nand_device *base = &chip->base; struct nand_ecc_ctrl *ecc = &chip->ecc; int ret, i; @@ -6445,9 +6446,13 @@ static int nand_scan_tail(struct nand_chip *chip) if (!ecc->write_oob_raw) ecc->write_oob_raw = ecc->write_oob; - /* propagate ecc info to mtd_info */ + /* Propagate ECC info to the generic NAND and MTD layers */ mtd->ecc_strength = ecc->strength; + if (!base->ecc.ctx.conf.strength) + base->ecc.ctx.conf.strength = ecc->strength; mtd->ecc_step_size = ecc->size; + if (!base->ecc.ctx.conf.step_size) + base->ecc.ctx.conf.step_size = ecc->size; /* * Set the number of read / write steps for one page depending on ECC @@ -6455,6 +6460,8 @@ static int nand_scan_tail(struct nand_chip *chip) */ if (!ecc->steps) ecc->steps = mtd->writesize / ecc->size; + if (!base->ecc.ctx.nsteps) + base->ecc.ctx.nsteps = ecc->steps; if (ecc->steps * ecc->size != mtd->writesize) { WARN(1, "Invalid ECC parameters\n"); ret = -EINVAL; -- 2.40.1

1 year, 3 months

2
2
0 0

[PATCH v2 1/2] mtd: rawnand: Fix the nand_read_data_op() early check

by Miquel Raynal

The nand_read_data_op() operation, which only consists in DATA_IN cycles, is sadly not supported by all controllers despite being very basic. The core, for some time, supposed all drivers would support it. An improvement to this situation for supporting more constrained controller added a check to verify if the operation was supported before attempting it by running the function with the check_only boolean set first, and then possibly falling back to another (possibly slightly less optimized) alternative. An even newer addition moved that check very early and probe time, in order to perform the check only once. The content of the operation was not so important, as long as the controller driver would tell whether such operation on the NAND bus would be possible or not. In practice, no buffer was provided (no fake buffer or whatever) as it is anyway not relevant for the "check_only" condition. Unfortunately, early in the function, there is an if statement verifying that the input parameters are right for normal use, making the early check always unsuccessful. Fixes: 9f820fc0651c ("mtd: rawnand: Check the data only read pattern only once") Cc: stable(a)vger.kernel.org Reported-by: Alexander Dahl <ada(a)thorsis.com> Closes: https://lore.kernel.org/linux-mtd/20240306-shaky-bunion-d28b65ea97d7@thorsi… Reported-by: Steven Seeger <steven.seeger(a)flightsystems.net> Closes: https://lore.kernel.org/linux-mtd/DM6PR05MB4506554457CF95191A670BDEF7062@DM… Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Reviewed-by: Alexander Dahl <ada(a)thorsis.com> --- drivers/mtd/nand/raw/nand_base.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mtd/nand/raw/nand_base.c b/drivers/mtd/nand/raw/nand_base.c index acd137dd0957..248e654ecefd 100644 --- a/drivers/mtd/nand/raw/nand_base.c +++ b/drivers/mtd/nand/raw/nand_base.c @@ -2173,7 +2173,7 @@ EXPORT_SYMBOL_GPL(nand_reset_op); int nand_read_data_op(struct nand_chip *chip, void *buf, unsigned int len, bool force_8bit, bool check_only) { - if (!len || !buf) + if (!len || (!check_only && !buf)) return -EINVAL; if (nand_has_exec_op(chip)) { -- 2.40.1

1 year, 3 months

1
1
0 0

[PATCH v2 2/2] mtd: rawnand: Bypass a couple of sanity checks during NAND identification

by Miquel Raynal

Early during NAND identification, mtd_info fields have not yet been initialized (namely, writesize and oobsize) and thus cannot be used for sanity checks yet. Of course if there is a misuse of nand_change_read_column_op() so early we won't be warned, but there is anyway no actual check to perform at this stage as we do not yet know the NAND geometry. So, if the fields are empty, especially mtd->writesize which is *always* set quite rapidly after identification, let's skip the sanity checks. nand_change_read_column_op() is subject to be used early for ONFI/JEDEC identification in the very unlikely case of: - bitflips appearing in the parameter page, - the controller driver not supporting simple DATA_IN cycles. As nand_change_read_column_op() uses nand_fill_column_cycles() the logic explaind above also applies in this secondary helper. Fixes: c27842e7e11f ("mtd: rawnand: onfi: Adapt the parameter page read to constraint controllers") Fixes: daca31765e8b ("mtd: rawnand: jedec: Adapt the parameter page read to constraint controllers") Cc: stable(a)vger.kernel.org Reported-by: Alexander Dahl <ada(a)thorsis.com> Closes: https://lore.kernel.org/linux-mtd/20240306-shaky-bunion-d28b65ea97d7@thorsi… Reported-by: Steven Seeger <steven.seeger(a)flightsystems.net> Closes: https://lore.kernel.org/linux-mtd/DM6PR05MB4506554457CF95191A670BDEF7062@DM… Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> --- Changes in v2: * Dropped the double (( )) * Fixed nand_fill_column_cycles() as well. --- drivers/mtd/nand/raw/nand_base.c | 57 ++++++++++++++++++-------------- 1 file changed, 32 insertions(+), 25 deletions(-) diff --git a/drivers/mtd/nand/raw/nand_base.c b/drivers/mtd/nand/raw/nand_base.c index 248e654ecefd..53e16d39af4b 100644 --- a/drivers/mtd/nand/raw/nand_base.c +++ b/drivers/mtd/nand/raw/nand_base.c @@ -1093,28 +1093,32 @@ static int nand_fill_column_cycles(struct nand_chip *chip, u8 *addrs, unsigned int offset_in_page) { struct mtd_info *mtd = nand_to_mtd(chip); + bool ident_stage = !mtd->writesize; - /* Make sure the offset is less than the actual page size. */ - if (offset_in_page > mtd->writesize + mtd->oobsize) - return -EINVAL; - - /* - * On small page NANDs, there's a dedicated command to access the OOB - * area, and the column address is relative to the start of the OOB - * area, not the start of the page. Asjust the address accordingly. - */ - if (mtd->writesize <= 512 && offset_in_page >= mtd->writesize) - offset_in_page -= mtd->writesize; - - /* - * The offset in page is expressed in bytes, if the NAND bus is 16-bit - * wide, then it must be divided by 2. - */ - if (chip->options & NAND_BUSWIDTH_16) { - if (WARN_ON(offset_in_page % 2)) + /* Bypass all checks during NAND identification */ + if (likely(!ident_stage)) { + /* Make sure the offset is less than the actual page size. */ + if (offset_in_page > mtd->writesize + mtd->oobsize) return -EINVAL; - offset_in_page /= 2; + /* + * On small page NANDs, there's a dedicated command to access the OOB + * area, and the column address is relative to the start of the OOB + * area, not the start of the page. Asjust the address accordingly. + */ + if (mtd->writesize <= 512 && offset_in_page >= mtd->writesize) + offset_in_page -= mtd->writesize; + + /* + * The offset in page is expressed in bytes, if the NAND bus is 16-bit + * wide, then it must be divided by 2. + */ + if (chip->options & NAND_BUSWIDTH_16) { + if (WARN_ON(offset_in_page % 2)) + return -EINVAL; + + offset_in_page /= 2; + } } addrs[0] = offset_in_page; @@ -1123,7 +1127,7 @@ static int nand_fill_column_cycles(struct nand_chip *chip, u8 *addrs, * Small page NANDs use 1 cycle for the columns, while large page NANDs * need 2 */ - if (mtd->writesize <= 512) + if (!ident_stage && mtd->writesize <= 512) return 1; addrs[1] = offset_in_page >> 8; @@ -1436,16 +1440,19 @@ int nand_change_read_column_op(struct nand_chip *chip, unsigned int len, bool force_8bit) { struct mtd_info *mtd = nand_to_mtd(chip); + bool ident_stage = !mtd->writesize; if (len && !buf) return -EINVAL; - if (offset_in_page + len > mtd->writesize + mtd->oobsize) - return -EINVAL; + if (!ident_stage) { + if (offset_in_page + len > mtd->writesize + mtd->oobsize) + return -EINVAL; - /* Small page NANDs do not support column change. */ - if (mtd->writesize <= 512) - return -ENOTSUPP; + /* Small page NANDs do not support column change. */ + if (mtd->writesize <= 512) + return -ENOTSUPP; + } if (nand_has_exec_op(chip)) { const struct nand_interface_config *conf = -- 2.40.1

1 year, 3 months

2
3
0 0

[PATCH v2] mtd: rawnand: rockchip: ensure NVDDR timings are rejected

by Val Packett

.setup_interface first gets called with a "target" value of NAND_DATA_IFACE_CHECK_ONLY, in which case an error is expected if the controller driver does not support the timing mode (NVDDR). Fixes: a9ecc8c814e9 ("mtd: rawnand: Choose the best timings, NV-DDR included") Signed-off-by: Val Packett <val(a)packett.cool> Cc: stable(a)vger.kernel.org --- drivers/mtd/nand/raw/rockchip-nand-controller.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/mtd/nand/raw/rockchip-nand-controller.c b/drivers/mtd/nand/raw/rockchip-nand-controller.c index 7baaef69d..555804476 100644 --- a/drivers/mtd/nand/raw/rockchip-nand-controller.c +++ b/drivers/mtd/nand/raw/rockchip-nand-controller.c @@ -420,13 +420,13 @@ static int rk_nfc_setup_interface(struct nand_chip *chip, int target, u32 rate, tc2rw, trwpw, trw2c; u32 temp; - if (target < 0) - return 0; - timings = nand_get_sdr_timings(conf); if (IS_ERR(timings)) return -EOPNOTSUPP; + if (target < 0) + return 0; + if (IS_ERR(nfc->nfc_clk)) rate = clk_get_rate(nfc->ahb_clk); else -- 2.45.0

1 year, 3 months

2
1
0 0

[PATCH] ACPI: APEI: EINJ: Fix einj_dev release leak

by Dan Williams

The platform driver conversion of EINJ mistakenly used platform_device_del() to unwind platform_device_register_full() at module exit. This leads to a small leak of one 'struct platform_device' instance per module load/unload cycle. Switch to platform_device_unregister() which performs both device_del() and final put_device(). Fixes: 5621fafaac00 ("EINJ: Migrate to a platform driver") Cc: <stable(a)vger.kernel.org> Cc: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Cc: Ben Cheatham <Benjamin.Cheatham(a)amd.com> Signed-off-by: Dan Williams <dan.j.williams(a)intel.com> --- drivers/acpi/apei/einj-core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/acpi/apei/einj-core.c b/drivers/acpi/apei/einj-core.c index 01faca3a238a..bb9f8475ce59 100644 --- a/drivers/acpi/apei/einj-core.c +++ b/drivers/acpi/apei/einj-core.c @@ -903,7 +903,7 @@ static void __exit einj_exit(void) if (einj_initialized) platform_driver_unregister(&einj_driver); - platform_device_del(einj_dev); + platform_device_unregister(einj_dev); } module_init(einj_init);

1 year, 3 months

3
2
0 0

[git:media_stage/fixes] media: mgb4: Fix double debugfs remove

by Hans Verkuil

This is an automatic generated email to let you know that the following patch were queued: Subject: media: mgb4: Fix double debugfs remove Author: Martin Tůma <martin.tuma(a)digiteqautomotive.com> Date: Tue May 21 18:22:54 2024 +0200 Fixes an error where debugfs_remove_recursive() is called first on a parent directory and then again on a child which causes a kernel panic. Signed-off-by: Martin Tůma <martin.tuma(a)digiteqautomotive.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> Fixes: 0ab13674a9bd ("media: pci: mgb4: Added Digiteq Automotive MGB4 driver") Cc: <stable(a)vger.kernel.org> [hverkuil: added Fixes/Cc tags] drivers/media/pci/mgb4/mgb4_core.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) --- diff --git a/drivers/media/pci/mgb4/mgb4_core.c b/drivers/media/pci/mgb4/mgb4_core.c index 60498a5abebf..ab4f07e2e560 100644 --- a/drivers/media/pci/mgb4/mgb4_core.c +++ b/drivers/media/pci/mgb4/mgb4_core.c @@ -642,9 +642,6 @@ static void mgb4_remove(struct pci_dev *pdev) struct mgb4_dev *mgbdev = pci_get_drvdata(pdev); int i; -#ifdef CONFIG_DEBUG_FS - debugfs_remove_recursive(mgbdev->debugfs); -#endif #if IS_REACHABLE(CONFIG_HWMON) hwmon_device_unregister(mgbdev->hwmon_dev); #endif @@ -659,6 +656,10 @@ static void mgb4_remove(struct pci_dev *pdev) if (mgbdev->vin[i]) mgb4_vin_free(mgbdev->vin[i]); +#ifdef CONFIG_DEBUG_FS + debugfs_remove_recursive(mgbdev->debugfs); +#endif + device_remove_groups(&mgbdev->pdev->dev, mgb4_pci_groups); free_spi(mgbdev); free_i2c(mgbdev);

1 year, 3 months

1
0
0 0

[PATCH] xhci: Handle TD clearing for multiple streams case

by Hector Martin

When multiple streams are in use, multiple TDs might be in flight when an endpoint is stopped. We need to issue a Set TR Dequeue Pointer for each, to ensure everything is reset properly and the caches cleared. Change the logic so that any N>1 TDs found active for different streams are deferred until after the first one is processed, calling xhci_invalidate_cancelled_tds() again from xhci_handle_cmd_set_deq() to queue another command until we are done with all of them. Also change the error/"should never happen" paths to ensure we at least clear any affected TDs, even if we can't issue a command to clear the hardware cache, and complain loudly with an xhci_warn() if this ever happens. This problem case dates back to commit e9df17eb1408 ("USB: xhci: Correct assumptions about number of rings per endpoint.") early on in the XHCI driver's life, when stream support was first added. At that point, this condition would cause TDs to not be given back at all, causing hanging transfers - but no security bug. It was then identified but not fixed nor made into a warning in commit 674f8438c121 ("xhci: split handling halted endpoints into two steps"), which added a FIXME comment for the problem case (without materially changing the behavior as far as I can tell, though the new logic made the problem more obvious). Then later, in commit 94f339147fc3 ("xhci: Fix failure to give back some cached cancelled URBs."), it was acknowledged again. This commit was unfortunately not reviewed at all, as it was authored by the maintainer directly. Had it been, perhaps a second set of eyes would've noticed that it does not fix the bug, but rather just makes it (much) worse. It turns the "transfers hang" bug into a "random memory corruption" bug, by blindly marking TDs as complete without actually clearing them at all nor moving the dequeue pointer past them, which means they aren't actually complete, and the xHC will try to transfer data to/from them when the endpoint resumes, now to freed memory buffers. This could have been a legitimate oversight, but apparently the commit author was aware of the problem (yet still chose to submit it): It was still mentioned as a FIXME, an xhci_dbg() was added to log the problem condition, and the remaining issue was mentioned in the commit description. The choice of making the log type xhci_dbg() for what is, at this point, a completely unhandled and known broken condition is puzzling and unfortunate, as it guarantees that no actual users would see the log in production, thereby making it nigh undebuggable (indeed, even if you turn on DEBUG, the message doesn't really hint at there being a problem at all). It took me *months* of random xHC crashes to finally find a reliable repro and be able to do a deep dive debug session, which could all have been avoided had this unhandled, broken condition been actually reported with a warning, as it should have been as a bug intentionally left in unfixed (never mind that it shouldn't have been left in at all). > Another fix to solve clearing the caches of all stream rings with > cancelled TDs is needed, but not as urgent. 3 years after that statement and 14 years after the original bug was introduced, I think it's finally time to fix it. And maybe next time let's not leave bugs unfixed (that are actually worse than the original bug), and let's actually get people to review kernel commits please. Fixes xHC crashes and IOMMU faults with UAS devices when handling errors/faults. Easiest repro is to use `hdparm` to mark an early sector (e.g. 1024) on a disk as bad, then `cat /dev/sdX > /dev/null` in a loop. At least in the case of JMicron controllers, the read errors end up having to cancel two TDs (for two queued requests to different streams) and the one that didn't get cleared properly ends up faulting the xHC entirely when it tries to access DMA pages that have since been unmapped, referred to by the stale TDs. This normally happens quickly (after two or three loops). After this fix, I left the `cat` in a loop running overnight and experienced no xHC failures, with all read errors recovered properly. Repro'd and tested on an Apple M1 Mac Mini (dwc3 host). On systems without an IOMMU, this bug would instead silently corrupt freed memory, making this a security bug (even on systems with IOMMUs this could silently corrupt memory belonging to other USB devices on the same controller, so it's still a security bug). Given that the kernel autoprobes partition tables, I'm pretty sure a malicious USB device pretending to be a UAS device and reporting an error with the right timing could deliberately trigger a UAF and write to freed memory, with no user action. Fixes: e9df17eb1408 ("USB: xhci: Correct assumptions about number of rings per endpoint.") Fixes: 94f339147fc3 ("xhci: Fix failure to give back some cached cancelled URBs.") Fixes: 674f8438c121 ("xhci: split handling halted endpoints into two steps") Cc: stable(a)vger.kernel.org Cc: security(a)kernel.org Signed-off-by: Hector Martin <marcan(a)marcan.st> --- drivers/usb/host/xhci-ring.c | 54 +++++++++++++++++++++++++++++++++++--------- drivers/usb/host/xhci.h | 1 + 2 files changed, 44 insertions(+), 11 deletions(-) diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c index 575f0fd9c9f1..9c06502be098 100644 --- a/drivers/usb/host/xhci-ring.c +++ b/drivers/usb/host/xhci-ring.c @@ -1034,13 +1034,27 @@ static int xhci_invalidate_cancelled_tds(struct xhci_virt_ep *ep) break; case TD_DIRTY: /* TD is cached, clear it */ case TD_HALTED: + case TD_CLEARING_CACHE_DEFERRED: + if (cached_td) { + if (cached_td->urb->stream_id != td->urb->stream_id) { + /* Multiple streams case, defer move dq */ + xhci_dbg(xhci, + "Move dq deferred: stream %u URB %p\n", + td->urb->stream_id, td->urb); + td->cancel_status = TD_CLEARING_CACHE_DEFERRED; + break; + } + + /* Should never happen, at least try to clear the TD if it does */ + xhci_warn(xhci, + "Found multiple active URBs %p and %p in stream %u?\n", + td->urb, cached_td->urb, + td->urb->stream_id); + td_to_noop(xhci, ring, cached_td, false); + cached_td->cancel_status = TD_CLEARED; + } + td->cancel_status = TD_CLEARING_CACHE; - if (cached_td) - /* FIXME stream case, several stopped rings */ - xhci_dbg(xhci, - "Move dq past stream %u URB %p instead of stream %u URB %p\n", - td->urb->stream_id, td->urb, - cached_td->urb->stream_id, cached_td->urb); cached_td = td; break; } @@ -1060,10 +1074,16 @@ static int xhci_invalidate_cancelled_tds(struct xhci_virt_ep *ep) if (err) { /* Failed to move past cached td, just set cached TDs to no-op */ list_for_each_entry_safe(td, tmp_td, &ep->cancelled_td_list, cancelled_td_list) { - if (td->cancel_status != TD_CLEARING_CACHE) + /* + * Deferred TDs need to have the deq pointer set after the above command + * completes, so if that failed we just give up on all of them (and + * complain loudly since this could cause issues due to caching). + */ + if (td->cancel_status != TD_CLEARING_CACHE && + td->cancel_status != TD_CLEARING_CACHE_DEFERRED) continue; - xhci_dbg(xhci, "Failed to clear cancelled cached URB %p, mark clear anyway\n", - td->urb); + xhci_warn(xhci, "Failed to clear cancelled cached URB %p, mark clear anyway\n", + td->urb); td_to_noop(xhci, ring, td, false); td->cancel_status = TD_CLEARED; } @@ -1350,6 +1370,7 @@ static void xhci_handle_cmd_set_deq(struct xhci_hcd *xhci, int slot_id, struct xhci_ep_ctx *ep_ctx; struct xhci_slot_ctx *slot_ctx; struct xhci_td *td, *tmp_td; + bool deferred = false; ep_index = TRB_TO_EP_INDEX(le32_to_cpu(trb->generic.field[3])); stream_id = TRB_TO_STREAM_ID(le32_to_cpu(trb->generic.field[2])); @@ -1436,6 +1457,8 @@ static void xhci_handle_cmd_set_deq(struct xhci_hcd *xhci, int slot_id, xhci_dbg(ep->xhci, "%s: Giveback cancelled URB %p TD\n", __func__, td->urb); xhci_td_cleanup(ep->xhci, td, ep_ring, td->status); + } else if (td->cancel_status == TD_CLEARING_CACHE_DEFERRED) { + deferred = true; } else { xhci_dbg(ep->xhci, "%s: Keep cancelled URB %p TD as cancel_status is %d\n", __func__, td->urb, td->cancel_status); @@ -1445,8 +1468,17 @@ static void xhci_handle_cmd_set_deq(struct xhci_hcd *xhci, int slot_id, ep->ep_state &= ~SET_DEQ_PENDING; ep->queued_deq_seg = NULL; ep->queued_deq_ptr = NULL; - /* Restart any rings with pending URBs */ - ring_doorbell_for_active_rings(xhci, slot_id, ep_index); + + if (deferred) { + /* We have more streams to clear */ + xhci_dbg(ep->xhci, "%s: Pending TDs to clear, continuing with invalidation\n", + __func__); + xhci_invalidate_cancelled_tds(ep); + } else { + /* Restart any rings with pending URBs */ + xhci_dbg(ep->xhci, "%s: All TDs cleared, ring doorbell\n", __func__); + ring_doorbell_for_active_rings(xhci, slot_id, ep_index); + } } static void xhci_handle_cmd_reset_ep(struct xhci_hcd *xhci, int slot_id, diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h index 6f4bf98a6282..aa4379bdb90c 100644 --- a/drivers/usb/host/xhci.h +++ b/drivers/usb/host/xhci.h @@ -1276,6 +1276,7 @@ enum xhci_cancelled_td_status { TD_DIRTY = 0, TD_HALTED, TD_CLEARING_CACHE, + TD_CLEARING_CACHE_DEFERRED, TD_CLEARED, }; --- base-commit: a38297e3fb012ddfa7ce0321a7e5a8daeb1872b6 change-id: 20240524-xhci-streams-124e88db52e6 Best regards, -- Hector Martin <marcan(a)marcan.st>

1 year, 3 months

3
2
0 0

[PATCH v3] af_packet: Handle outgoing VLAN packets without hardware offloading

by Chengen Du

The issue initially stems from libpcap [1]. In the outbound packet path, if hardware VLAN offloading is unavailable, the VLAN tag is inserted into the payload but then cleared from the sk_buff struct. Consequently, this can lead to a false negative when checking for the presence of a VLAN tag, causing the packet sniffing outcome to lack VLAN tag information (i.e., TCI-TPID). As a result, the packet capturing tool may be unable to parse packets as expected. The TCI-TPID is missing because the prb_fill_vlan_info() function does not modify the tp_vlan_tci/tp_vlan_tpid values, as the information is in the payload and not in the sk_buff struct. The skb_vlan_tag_present() function only checks vlan_all in the sk_buff struct. In cooked mode, the L2 header is stripped, preventing the packet capturing tool from determining the correct TCI-TPID value. Additionally, the protocol in SLL is incorrect, which means the packet capturing tool cannot parse the L3 header correctly. [1] https://github.com/the-tcpdump-group/libpcap/issues/1105 Fixes: f6fb8f100b80 ("af-packet: TPACKET_V3 flexible buffer implementation.") Cc: stable(a)vger.kernel.org Signed-off-by: Chengen Du <chengen.du(a)canonical.com> --- net/packet/af_packet.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c index ea3ebc160e25..82b36e90d73b 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c @@ -1011,6 +1011,10 @@ static void prb_fill_vlan_info(struct tpacket_kbdq_core *pkc, ppd->hv1.tp_vlan_tci = skb_vlan_tag_get(pkc->skb); ppd->hv1.tp_vlan_tpid = ntohs(pkc->skb->vlan_proto); ppd->tp_status = TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; + } else if (eth_type_vlan(pkc->skb->protocol)) { + ppd->hv1.tp_vlan_tci = ntohs(vlan_eth_hdr(pkc->skb)->h_vlan_TCI); + ppd->hv1.tp_vlan_tpid = ntohs(pkc->skb->protocol); + ppd->tp_status = TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; } else { ppd->hv1.tp_vlan_tci = 0; ppd->hv1.tp_vlan_tpid = 0; @@ -2428,6 +2432,10 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, h.h2->tp_vlan_tci = skb_vlan_tag_get(skb); h.h2->tp_vlan_tpid = ntohs(skb->vlan_proto); status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; + } else if (eth_type_vlan(skb->protocol)) { + h.h2->tp_vlan_tci = ntohs(vlan_eth_hdr(skb)->h_vlan_TCI); + h.h2->tp_vlan_tpid = ntohs(skb->protocol); + status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; } else { h.h2->tp_vlan_tci = 0; h.h2->tp_vlan_tpid = 0; @@ -2457,7 +2465,8 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, sll->sll_halen = dev_parse_header(skb, sll->sll_addr); sll->sll_family = AF_PACKET; sll->sll_hatype = dev->type; - sll->sll_protocol = skb->protocol; + sll->sll_protocol = (skb->protocol == htons(ETH_P_8021Q)) ? + vlan_eth_hdr(skb)->h_vlan_encapsulated_proto : skb->protocol; sll->sll_pkttype = skb->pkt_type; if (unlikely(packet_sock_flag(po, PACKET_SOCK_ORIGDEV))) sll->sll_ifindex = orig_dev->ifindex; @@ -3482,7 +3491,8 @@ static int packet_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, /* Original length was stored in sockaddr_ll fields */ origlen = PACKET_SKB_CB(skb)->sa.origlen; sll->sll_family = AF_PACKET; - sll->sll_protocol = skb->protocol; + sll->sll_protocol = (skb->protocol == htons(ETH_P_8021Q)) ? + vlan_eth_hdr(skb)->h_vlan_encapsulated_proto : skb->protocol; } sock_recv_cmsgs(msg, sk, skb); @@ -3539,6 +3549,10 @@ static int packet_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, aux.tp_vlan_tci = skb_vlan_tag_get(skb); aux.tp_vlan_tpid = ntohs(skb->vlan_proto); aux.tp_status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; + } else if (eth_type_vlan(skb->protocol)) { + aux.tp_vlan_tci = ntohs(vlan_eth_hdr(skb)->h_vlan_TCI); + aux.tp_vlan_tpid = ntohs(skb->protocol); + aux.tp_status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; } else { aux.tp_vlan_tci = 0; aux.tp_vlan_tpid = 0; -- 2.40.1

1 year, 3 months

1
0
0 0

[PATCH v2] af_packet: Handle outgoing VLAN packets without hardware offloading

by Chengen Du

The issue initially stems from libpcap [1]. In the outbound packet path, if hardware VLAN offloading is unavailable, the VLAN tag is inserted into the payload but then cleared from the sk_buff struct. Consequently, this can lead to a false negative when checking for the presence of a VLAN tag, causing the packet sniffing outcome to lack VLAN tag information (i.e., TCI-TPID). As a result, the packet capturing tool may be unable to parse packets as expected. The TCI-TPID is missing because the prb_fill_vlan_info() function does not modify the tp_vlan_tci/tp_vlan_tpid values, as the information is in the payload and not in the sk_buff struct. The skb_vlan_tag_present() function only checks vlan_all in the sk_buff struct. In cooked mode, the L2 header is stripped, preventing the packet capturing tool from determining the correct TCI-TPID value. Additionally, the protocol in SLL is incorrect, which means the packet capturing tool cannot parse the L3 header correctly. [1] https://github.com/the-tcpdump-group/libpcap/issues/1105 Fixes: f6fb8f100b80 ("af-packet: TPACKET_V3 flexible buffer implementation.") Signed-off-by: Chengen Du <chengen.du(a)canonical.com> --- net/packet/af_packet.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c index ea3ebc160e25..82b36e90d73b 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c @@ -1011,6 +1011,10 @@ static void prb_fill_vlan_info(struct tpacket_kbdq_core *pkc, ppd->hv1.tp_vlan_tci = skb_vlan_tag_get(pkc->skb); ppd->hv1.tp_vlan_tpid = ntohs(pkc->skb->vlan_proto); ppd->tp_status = TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; + } else if (eth_type_vlan(pkc->skb->protocol)) { + ppd->hv1.tp_vlan_tci = ntohs(vlan_eth_hdr(pkc->skb)->h_vlan_TCI); + ppd->hv1.tp_vlan_tpid = ntohs(pkc->skb->protocol); + ppd->tp_status = TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; } else { ppd->hv1.tp_vlan_tci = 0; ppd->hv1.tp_vlan_tpid = 0; @@ -2428,6 +2432,10 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, h.h2->tp_vlan_tci = skb_vlan_tag_get(skb); h.h2->tp_vlan_tpid = ntohs(skb->vlan_proto); status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; + } else if (eth_type_vlan(skb->protocol)) { + h.h2->tp_vlan_tci = ntohs(vlan_eth_hdr(skb)->h_vlan_TCI); + h.h2->tp_vlan_tpid = ntohs(skb->protocol); + status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; } else { h.h2->tp_vlan_tci = 0; h.h2->tp_vlan_tpid = 0; @@ -2457,7 +2465,8 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, sll->sll_halen = dev_parse_header(skb, sll->sll_addr); sll->sll_family = AF_PACKET; sll->sll_hatype = dev->type; - sll->sll_protocol = skb->protocol; + sll->sll_protocol = (skb->protocol == htons(ETH_P_8021Q)) ? + vlan_eth_hdr(skb)->h_vlan_encapsulated_proto : skb->protocol; sll->sll_pkttype = skb->pkt_type; if (unlikely(packet_sock_flag(po, PACKET_SOCK_ORIGDEV))) sll->sll_ifindex = orig_dev->ifindex; @@ -3482,7 +3491,8 @@ static int packet_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, /* Original length was stored in sockaddr_ll fields */ origlen = PACKET_SKB_CB(skb)->sa.origlen; sll->sll_family = AF_PACKET; - sll->sll_protocol = skb->protocol; + sll->sll_protocol = (skb->protocol == htons(ETH_P_8021Q)) ? + vlan_eth_hdr(skb)->h_vlan_encapsulated_proto : skb->protocol; } sock_recv_cmsgs(msg, sk, skb); @@ -3539,6 +3549,10 @@ static int packet_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, aux.tp_vlan_tci = skb_vlan_tag_get(skb); aux.tp_vlan_tpid = ntohs(skb->vlan_proto); aux.tp_status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; + } else if (eth_type_vlan(skb->protocol)) { + aux.tp_vlan_tci = ntohs(vlan_eth_hdr(skb)->h_vlan_TCI); + aux.tp_vlan_tpid = ntohs(skb->protocol); + aux.tp_status |= TP_STATUS_VLAN_VALID | TP_STATUS_VLAN_TPID_VALID; } else { aux.tp_vlan_tci = 0; aux.tp_vlan_tpid = 0; -- 2.40.1

1 year, 3 months

2
2
0 0

RE: [PATCH] Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading

by Bough Chen

> -----Original Message----- > From: Luke Wang <ziniu.wang_1(a)nxp.com> > Sent: 2024年5月17日 19:16 > To: marcel(a)holtmann.org; luiz.dentz(a)gmail.com > Cc: linux-bluetooth(a)vger.kernel.org; linux-kernel(a)vger.kernel.org; Amitkumar > Karwar <amitkumar.karwar(a)nxp.com>; Rohit Fule <rohit.fule(a)nxp.com>; > Neeraj Sanjay Kale <neeraj.sanjaykale(a)nxp.com>; Sherry Sun > <sherry.sun(a)nxp.com>; Bough Chen <haibo.chen(a)nxp.com>; Jun Li > <jun.li(a)nxp.com>; Guillaume Legoupil <guillaume.legoupil(a)nxp.com>; Salim > Chebbo <salim.chebbo(a)nxp.com>; imx(a)lists.linux.dev > Subject: [PATCH] Bluetooth: btnxpuart: Shutdown timer and prevent rearming > when driver unloading > > From: Luke Wang <ziniu.wang_1(a)nxp.com> > > When unload the btnxpuart driver, its associated timer will be deleted. > If the timer happens to be modified at this moment, it leads to the kernel call > this timer even after the driver unloaded, resulting in kernel panic. > Use timer_shutdown_sync() instead of del_timer_sync() to prevent rearming. > > panic log: > Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP > Modules linked in: algif_hash algif_skcipher af_alg moal(O) mlan(O) > crct10dif_ce polyval_ce polyval_generic snd_soc_imx_card > snd_soc_fsl_asoc_card snd_soc_imx_audmux mxc_jpeg_encdec v4l2_jpeg > snd_soc_wm8962 snd_soc_fsl_micfil snd_soc_fsl_sai flexcan snd_soc_fsl_utils > ap130x rpmsg_ctrl imx_pcm_dma can_dev rpmsg_char pwm_fan fuse [last > unloaded: btnxpuart] > CPU: 5 PID: 723 Comm: memtester Tainted: G O > 6.6.23-lts-next-06207-g4aef2658ac28 #1 > Hardware name: NXP i.MX95 19X19 board (DT) > pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) > pc : 0xffff80007a2cf464 > lr : call_timer_fn.isra.0+0x24/0x80 > ... > Call trace: > 0xffff80007a2cf464 > __run_timers+0x234/0x280 > run_timer_softirq+0x20/0x40 > __do_softirq+0x100/0x26c > ____do_softirq+0x10/0x1c > call_on_irq_stack+0x24/0x4c > do_softirq_own_stack+0x1c/0x2c > irq_exit_rcu+0xc0/0xdc > el0_interrupt+0x54/0xd8 > __el0_irq_handler_common+0x18/0x24 > el0t_64_irq_handler+0x10/0x1c > el0t_64_irq+0x190/0x194 > Code: ???????? ???????? ???????? ???????? (????????) > ---[ end trace 0000000000000000 ]--- > Kernel panic - not syncing: Oops: Fatal exception in interrupt > SMP: stopping secondary CPUs > Kernel Offset: disabled > CPU features: 0x0,c0000000,40028143,1000721b > Memory Limit: none > ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]--- Hi all, This patch is already accepted, but I notice it lack fix tag, can anyone help add the following fix tag? Fixes: 689ca16e5232 ("Bluetooth: NXP: Add protocol support for NXP Bluetooth chipsets") Cc: stable(a)vger.kernel.org This patch should also put into stable tree. I add the stable tree mail list here. Best Regards Haibo Chen > > Signed-off-by: Luke Wang <ziniu.wang_1(a)nxp.com> > --- > drivers/bluetooth/btnxpuart.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/bluetooth/btnxpuart.c b/drivers/bluetooth/btnxpuart.c index > 7f88b6f52f26..77f974a5251b 100644 > --- a/drivers/bluetooth/btnxpuart.c > +++ b/drivers/bluetooth/btnxpuart.c > @@ -328,7 +328,7 @@ static void ps_cancel_timer(struct btnxpuart_dev > *nxpdev) > struct ps_data *psdata = &nxpdev->psdata; > > flush_work(&psdata->work); > - del_timer_sync(&psdata->ps_timer); > + timer_shutdown_sync(&psdata->ps_timer); > } > > static void ps_control(struct hci_dev *hdev, u8 ps_state) > -- > 2.34.1

1 year, 3 months

1
0
0 0

Re: Patch "platform/x86: xiaomi-wmi: Fix race condition when reporting key events" has been added to the 5.4-stable tree

by Armin Wolf

Am 26.05.24 um 22:19 schrieb Sasha Levin: > This is a note to let you know that I've just added the patch titled > > platform/x86: xiaomi-wmi: Fix race condition when reporting key events > > to the 5.4-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > platform-x86-xiaomi-wmi-fix-race-condition-when-repo.patch > and it can be found in the queue-5.4 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > Hi, the underlying race condition can only be triggered since commit e2ffcda16290 ("ACPI: OSL: Allow Notify () handlers to run on all CPUs"), which afaik was introduced with kernel 6.8. Because of this, i do not think that we have to backport this commit to kernels before 6.8. Thanks, Armin Wolf > > commit 7217162b48f60edc29afbeff641b7de02076bb86 > Author: Armin Wolf <W_Armin(a)gmx.de> > Date: Tue Apr 2 16:30:57 2024 +0200 > > platform/x86: xiaomi-wmi: Fix race condition when reporting key events > > [ Upstream commit 290680c2da8061e410bcaec4b21584ed951479af ] > > Multiple WMI events can be received concurrently, so multiple instances > of xiaomi_wmi_notify() can be active at the same time. Since the input > device is shared between those handlers, the key input sequence can be > disturbed. > > Fix this by protecting the key input sequence with a mutex. > > Compile-tested only. > > Fixes: edb73f4f0247 ("platform/x86: wmi: add Xiaomi WMI key driver") > Signed-off-by: Armin Wolf <W_Armin(a)gmx.de> > Link: https://lore.kernel.org/r/20240402143059.8456-2-W_Armin@gmx.de > Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> > Reviewed-by: Hans de Goede <hdegoede(a)redhat.com> > Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/drivers/platform/x86/xiaomi-wmi.c b/drivers/platform/x86/xiaomi-wmi.c > index 54a2546bb93bf..be80f0bda9484 100644 > --- a/drivers/platform/x86/xiaomi-wmi.c > +++ b/drivers/platform/x86/xiaomi-wmi.c > @@ -2,8 +2,10 @@ > /* WMI driver for Xiaomi Laptops */ > > #include <linux/acpi.h> > +#include <linux/device.h> > #include <linux/input.h> > #include <linux/module.h> > +#include <linux/mutex.h> > #include <linux/wmi.h> > > #include <uapi/linux/input-event-codes.h> > @@ -20,12 +22,21 @@ > > struct xiaomi_wmi { > struct input_dev *input_dev; > + struct mutex key_lock; /* Protects the key event sequence */ > unsigned int key_code; > }; > > +static void xiaomi_mutex_destroy(void *data) > +{ > + struct mutex *lock = data; > + > + mutex_destroy(lock); > +} > + > static int xiaomi_wmi_probe(struct wmi_device *wdev, const void *context) > { > struct xiaomi_wmi *data; > + int ret; > > if (wdev == NULL || context == NULL) > return -EINVAL; > @@ -35,6 +46,11 @@ static int xiaomi_wmi_probe(struct wmi_device *wdev, const void *context) > return -ENOMEM; > dev_set_drvdata(&wdev->dev, data); > > + mutex_init(&data->key_lock); > + ret = devm_add_action_or_reset(&wdev->dev, xiaomi_mutex_destroy, &data->key_lock); > + if (ret < 0) > + return ret; > + > data->input_dev = devm_input_allocate_device(&wdev->dev); > if (data->input_dev == NULL) > return -ENOMEM; > @@ -59,10 +75,12 @@ static void xiaomi_wmi_notify(struct wmi_device *wdev, union acpi_object *dummy) > if (data == NULL) > return; > > + mutex_lock(&data->key_lock); > input_report_key(data->input_dev, data->key_code, 1); > input_sync(data->input_dev); > input_report_key(data->input_dev, data->key_code, 0); > input_sync(data->input_dev); > + mutex_unlock(&data->key_lock); > } > > static const struct wmi_device_id xiaomi_wmi_id_table[] = {

1 year, 3 months

1
0
0 0

Re: Patch "platform/x86: xiaomi-wmi: Fix race condition when reporting key events" has been added to the 5.10-stable tree

by Armin Wolf

Am 26.05.24 um 22:14 schrieb Sasha Levin: > This is a note to let you know that I've just added the patch titled > > platform/x86: xiaomi-wmi: Fix race condition when reporting key events > > to the 5.10-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > platform-x86-xiaomi-wmi-fix-race-condition-when-repo.patch > and it can be found in the queue-5.10 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > Hi, the underlying race condition can only be triggered since commit e2ffcda16290 ("ACPI: OSL: Allow Notify () handlers to run on all CPUs"), which afaik was introduced with kernel 6.8. Because of this, i do not think that we have to backport this commit to kernels before 6.8. Thanks, Armin Wolf > > commit 6f4e7901c3ed3c0bd3da7af5854dbb765fad2e00 > Author: Armin Wolf <W_Armin(a)gmx.de> > Date: Tue Apr 2 16:30:57 2024 +0200 > > platform/x86: xiaomi-wmi: Fix race condition when reporting key events > > [ Upstream commit 290680c2da8061e410bcaec4b21584ed951479af ] > > Multiple WMI events can be received concurrently, so multiple instances > of xiaomi_wmi_notify() can be active at the same time. Since the input > device is shared between those handlers, the key input sequence can be > disturbed. > > Fix this by protecting the key input sequence with a mutex. > > Compile-tested only. > > Fixes: edb73f4f0247 ("platform/x86: wmi: add Xiaomi WMI key driver") > Signed-off-by: Armin Wolf <W_Armin(a)gmx.de> > Link: https://lore.kernel.org/r/20240402143059.8456-2-W_Armin@gmx.de > Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> > Reviewed-by: Hans de Goede <hdegoede(a)redhat.com> > Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/drivers/platform/x86/xiaomi-wmi.c b/drivers/platform/x86/xiaomi-wmi.c > index 54a2546bb93bf..be80f0bda9484 100644 > --- a/drivers/platform/x86/xiaomi-wmi.c > +++ b/drivers/platform/x86/xiaomi-wmi.c > @@ -2,8 +2,10 @@ > /* WMI driver for Xiaomi Laptops */ > > #include <linux/acpi.h> > +#include <linux/device.h> > #include <linux/input.h> > #include <linux/module.h> > +#include <linux/mutex.h> > #include <linux/wmi.h> > > #include <uapi/linux/input-event-codes.h> > @@ -20,12 +22,21 @@ > > struct xiaomi_wmi { > struct input_dev *input_dev; > + struct mutex key_lock; /* Protects the key event sequence */ > unsigned int key_code; > }; > > +static void xiaomi_mutex_destroy(void *data) > +{ > + struct mutex *lock = data; > + > + mutex_destroy(lock); > +} > + > static int xiaomi_wmi_probe(struct wmi_device *wdev, const void *context) > { > struct xiaomi_wmi *data; > + int ret; > > if (wdev == NULL || context == NULL) > return -EINVAL; > @@ -35,6 +46,11 @@ static int xiaomi_wmi_probe(struct wmi_device *wdev, const void *context) > return -ENOMEM; > dev_set_drvdata(&wdev->dev, data); > > + mutex_init(&data->key_lock); > + ret = devm_add_action_or_reset(&wdev->dev, xiaomi_mutex_destroy, &data->key_lock); > + if (ret < 0) > + return ret; > + > data->input_dev = devm_input_allocate_device(&wdev->dev); > if (data->input_dev == NULL) > return -ENOMEM; > @@ -59,10 +75,12 @@ static void xiaomi_wmi_notify(struct wmi_device *wdev, union acpi_object *dummy) > if (data == NULL) > return; > > + mutex_lock(&data->key_lock); > input_report_key(data->input_dev, data->key_code, 1); > input_sync(data->input_dev); > input_report_key(data->input_dev, data->key_code, 0); > input_sync(data->input_dev); > + mutex_unlock(&data->key_lock); > } > > static const struct wmi_device_id xiaomi_wmi_id_table[] = {

1 year, 3 months

1
0
0 0

Re: Patch "platform/x86: xiaomi-wmi: Fix race condition when reporting key events" has been added to the 5.15-stable tree

by Armin Wolf

Am 26.05.24 um 22:07 schrieb Sasha Levin: > This is a note to let you know that I've just added the patch titled > > platform/x86: xiaomi-wmi: Fix race condition when reporting key events > > to the 5.15-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > platform-x86-xiaomi-wmi-fix-race-condition-when-repo.patch > and it can be found in the queue-5.15 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > Hi, the underlying race condition can only be triggered since commit e2ffcda16290 ("ACPI: OSL: Allow Notify () handlers to run on all CPUs"), which afaik was introduced with kernel 6.8. Because of this, i do not think that we have to backport this commit to kernels before 6.8. Thanks, Armin Wolf > > commit 1f436551dd453c28c23f800e7273136e526197cb > Author: Armin Wolf <W_Armin(a)gmx.de> > Date: Tue Apr 2 16:30:57 2024 +0200 > > platform/x86: xiaomi-wmi: Fix race condition when reporting key events > > [ Upstream commit 290680c2da8061e410bcaec4b21584ed951479af ] > > Multiple WMI events can be received concurrently, so multiple instances > of xiaomi_wmi_notify() can be active at the same time. Since the input > device is shared between those handlers, the key input sequence can be > disturbed. > > Fix this by protecting the key input sequence with a mutex. > > Compile-tested only. > > Fixes: edb73f4f0247 ("platform/x86: wmi: add Xiaomi WMI key driver") > Signed-off-by: Armin Wolf <W_Armin(a)gmx.de> > Link: https://lore.kernel.org/r/20240402143059.8456-2-W_Armin@gmx.de > Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> > Reviewed-by: Hans de Goede <hdegoede(a)redhat.com> > Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/drivers/platform/x86/xiaomi-wmi.c b/drivers/platform/x86/xiaomi-wmi.c > index 54a2546bb93bf..be80f0bda9484 100644 > --- a/drivers/platform/x86/xiaomi-wmi.c > +++ b/drivers/platform/x86/xiaomi-wmi.c > @@ -2,8 +2,10 @@ > /* WMI driver for Xiaomi Laptops */ > > #include <linux/acpi.h> > +#include <linux/device.h> > #include <linux/input.h> > #include <linux/module.h> > +#include <linux/mutex.h> > #include <linux/wmi.h> > > #include <uapi/linux/input-event-codes.h> > @@ -20,12 +22,21 @@ > > struct xiaomi_wmi { > struct input_dev *input_dev; > + struct mutex key_lock; /* Protects the key event sequence */ > unsigned int key_code; > }; > > +static void xiaomi_mutex_destroy(void *data) > +{ > + struct mutex *lock = data; > + > + mutex_destroy(lock); > +} > + > static int xiaomi_wmi_probe(struct wmi_device *wdev, const void *context) > { > struct xiaomi_wmi *data; > + int ret; > > if (wdev == NULL || context == NULL) > return -EINVAL; > @@ -35,6 +46,11 @@ static int xiaomi_wmi_probe(struct wmi_device *wdev, const void *context) > return -ENOMEM; > dev_set_drvdata(&wdev->dev, data); > > + mutex_init(&data->key_lock); > + ret = devm_add_action_or_reset(&wdev->dev, xiaomi_mutex_destroy, &data->key_lock); > + if (ret < 0) > + return ret; > + > data->input_dev = devm_input_allocate_device(&wdev->dev); > if (data->input_dev == NULL) > return -ENOMEM; > @@ -59,10 +75,12 @@ static void xiaomi_wmi_notify(struct wmi_device *wdev, union acpi_object *dummy) > if (data == NULL) > return; > > + mutex_lock(&data->key_lock); > input_report_key(data->input_dev, data->key_code, 1); > input_sync(data->input_dev); > input_report_key(data->input_dev, data->key_code, 0); > input_sync(data->input_dev); > + mutex_unlock(&data->key_lock); > } > > static const struct wmi_device_id xiaomi_wmi_id_table[] = {

1 year, 3 months

1
0
0 0