- Linux-stable-mirror - lists.linaro.org

[PATCH 1/2] selftests/mm: compaction_test: Fix incorrect write of zero to nr_hugepages

by Dev Jain

nr_hugepages is not set to zero because the file offset has not been reset after read(). Fix that using lseek(). Fixes: bd67d5c15cc1 ("Test compaction of mlocked memory") Cc: stable(a)vger.kernel.org Signed-off-by: Dev Jain <dev.jain(a)arm.com> --- Merge dependency: https://lore.kernel.org/all/20240513082842.4117782-1-dev.jain@arm.com/ Andrew, does it sound reasonable to have the fixes tag in the above patch too, along with this series? tools/testing/selftests/mm/compaction_test.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/testing/selftests/mm/compaction_test.c b/tools/testing/selftests/mm/compaction_test.c index 533999b6c284..c5be395f8363 100644 --- a/tools/testing/selftests/mm/compaction_test.c +++ b/tools/testing/selftests/mm/compaction_test.c @@ -107,6 +107,8 @@ int check_compaction(unsigned long mem_free, unsigned int hugepage_size) goto close_fd; } + lseek(fd, 0, SEEK_SET); + /* Start with the initial condition of 0 huge pages*/ if (write(fd, "0", sizeof(char)) != sizeof(char)) { ksft_print_msg("Failed to write 0 to /proc/sys/vm/nr_hugepages: %s\n", -- 2.30.2

1 year, 3 months

2
2
0 0

[PATCH 3/3] KEYS: trusted: Do not use WARN when encode fails

by Jarkko Sakkinen

When asn1_encode_sequence() fails, WARN is not the correct solution. 1. asn1_encode_sequence() is not an internal function (located in lib/asn1_encode.c). 2. Location is known, which makes the stack trace useless. 3. Results a crash if panic_on_warn is set. It is also noteworthy that the use of WARN is undocumented, and it should be avoided unless there is a carefully considered rationale to use it. Replace WARN with pr_err, and print the return value instead, which is only useful piece of information. Cc: stable(a)vger.kernel.org # v5.13+ Fixes: f2219745250f ("security: keys: trusted: use ASN.1 TPM2 key format for the blobs") Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- security/keys/trusted-keys/trusted_tpm2.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c index c6882f5d094f..8b7dd73d94c1 100644 --- a/security/keys/trusted-keys/trusted_tpm2.c +++ b/security/keys/trusted-keys/trusted_tpm2.c @@ -84,8 +84,9 @@ static int tpm2_key_encode(struct trusted_key_payload *payload, work1 = payload->blob; work1 = asn1_encode_sequence(work1, work1 + sizeof(payload->blob), scratch, work - scratch); - if (WARN(IS_ERR(work1), "BUG: ASN.1 encoder failed")) { + if (IS_ERR(work1)) { ret = PTR_ERR(work1); + pr_err("BUG: ASN.1 encoder failed with %d\n", ret); goto err; } -- 2.45.1

1 year, 3 months

1
0
0 0

[PATCH 2/3] KEYS: trusted: Fix memory leak in tpm2_key_encode()

by Jarkko Sakkinen

'scratch' is never freed. Fix this by calling kfree() in the success, and in the error case. Cc: stable(a)vger.kernel.org # +v5.13 Fixes: f2219745250f ("security: keys: trusted: use ASN.1 TPM2 key format for the blobs") Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- security/keys/trusted-keys/trusted_tpm2.c | 24 +++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c index dfeec06301ce..c6882f5d094f 100644 --- a/security/keys/trusted-keys/trusted_tpm2.c +++ b/security/keys/trusted-keys/trusted_tpm2.c @@ -38,6 +38,7 @@ static int tpm2_key_encode(struct trusted_key_payload *payload, u8 *end_work = scratch + SCRATCH_SIZE; u8 *priv, *pub; u16 priv_len, pub_len; + int ret; priv_len = get_unaligned_be16(src) + 2; priv = src; @@ -57,8 +58,10 @@ static int tpm2_key_encode(struct trusted_key_payload *payload, unsigned char bool[3], *w = bool; /* tag 0 is emptyAuth */ w = asn1_encode_boolean(w, w + sizeof(bool), true); - if (WARN(IS_ERR(w), "BUG: Boolean failed to encode")) - return PTR_ERR(w); + if (WARN(IS_ERR(w), "BUG: Boolean failed to encode")) { + ret = PTR_ERR(w); + goto err; + } work = asn1_encode_tag(work, end_work, 0, bool, w - bool); } @@ -69,8 +72,10 @@ static int tpm2_key_encode(struct trusted_key_payload *payload, * trigger, so if it does there's something nefarious going on */ if (WARN(work - scratch + pub_len + priv_len + 14 > SCRATCH_SIZE, - "BUG: scratch buffer is too small")) - return -EINVAL; + "BUG: scratch buffer is too small")) { + ret = -EINVAL; + goto err; + } work = asn1_encode_integer(work, end_work, options->keyhandle); work = asn1_encode_octet_string(work, end_work, pub, pub_len); @@ -79,10 +84,17 @@ static int tpm2_key_encode(struct trusted_key_payload *payload, work1 = payload->blob; work1 = asn1_encode_sequence(work1, work1 + sizeof(payload->blob), scratch, work - scratch); - if (WARN(IS_ERR(work1), "BUG: ASN.1 encoder failed")) - return PTR_ERR(work1); + if (WARN(IS_ERR(work1), "BUG: ASN.1 encoder failed")) { + ret = PTR_ERR(work1); + goto err; + } + kfree(scratch); return work1 - payload->blob; + +err: + kfree(scratch); + return ret; } struct tpm2_key_context { -- 2.45.1

1 year, 3 months

1
0
0 0

+ mm-huge_memory-dont-unpoison-huge_zero_folio.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/huge_memory: don't unpoison huge_zero_folio has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-huge_memory-dont-unpoison-huge_zero_folio.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Miaohe Lin <linmiaohe(a)huawei.com> Subject: mm/huge_memory: don't unpoison huge_zero_folio Date: Thu, 16 May 2024 20:26:08 +0800 When I did memory failure tests recently, below panic occurs: kernel BUG at include/linux/mm.h:1135! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 9 PID: 137 Comm: kswapd1 Not tainted 6.9.0-rc4-00491-gd5ce28f156fe-dirty #14 RIP: 0010:shrink_huge_zero_page_scan+0x168/0x1a0 RSP: 0018:ffff9933c6c57bd0 EFLAGS: 00000246 RAX: 000000000000003e RBX: 0000000000000000 RCX: ffff88f61fc5c9c8 RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff88f61fc5c9c0 RBP: ffffcd7c446b0000 R08: ffffffff9a9405f0 R09: 0000000000005492 R10: 00000000000030ea R11: ffffffff9a9405f0 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88e703c4ac00 FS: 0000000000000000(0000) GS:ffff88f61fc40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055f4da6e9878 CR3: 0000000c71048000 CR4: 00000000000006f0 Call Trace: <TASK> do_shrink_slab+0x14f/0x6a0 shrink_slab+0xca/0x8c0 shrink_node+0x2d0/0x7d0 balance_pgdat+0x33a/0x720 kswapd+0x1f3/0x410 kthread+0xd5/0x100 ret_from_fork+0x2f/0x50 ret_from_fork_asm+0x1a/0x30 </TASK> Modules linked in: mce_inject hwpoison_inject ---[ end trace 0000000000000000 ]--- RIP: 0010:shrink_huge_zero_page_scan+0x168/0x1a0 RSP: 0018:ffff9933c6c57bd0 EFLAGS: 00000246 RAX: 000000000000003e RBX: 0000000000000000 RCX: ffff88f61fc5c9c8 RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff88f61fc5c9c0 RBP: ffffcd7c446b0000 R08: ffffffff9a9405f0 R09: 0000000000005492 R10: 00000000000030ea R11: ffffffff9a9405f0 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88e703c4ac00 FS: 0000000000000000(0000) GS:ffff88f61fc40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055f4da6e9878 CR3: 0000000c71048000 CR4: 00000000000006f0 The root cause is that HWPoison flag will be set for huge_zero_folio without increasing the folio refcnt. But then unpoison_memory() will decrease the folio refcnt unexpectedly as it appears like a successfully hwpoisoned folio leading to VM_BUG_ON_PAGE(page_ref_count(page) == 0) when releasing huge_zero_folio. Skip unpoisoning huge_zero_folio in unpoison_memory() to fix this issue. We're not prepared to unpoison huge_zero_folio yet. Link: https://lkml.kernel.org/r/20240516122608.22610-1-linmiaohe@huawei.com Fixes: 478d134e9506 ("mm/huge_memory: do not overkill when splitting huge_zero_page") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Acked-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Yang Shi <shy828301(a)gmail.com> Reviewed-by: Oscar Salvador <osalvador(a)suse.de> Reviewed-by: Anshuman Khandual <anshuman.khandual(a)arm.com> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Xu Yu <xuyu(a)linux.alibaba.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory-failure.c | 7 +++++++ 1 file changed, 7 insertions(+) --- a/mm/memory-failure.c~mm-huge_memory-dont-unpoison-huge_zero_folio +++ a/mm/memory-failure.c @@ -2546,6 +2546,13 @@ int unpoison_memory(unsigned long pfn) goto unlock_mutex; } + if (is_huge_zero_folio(folio)) { + unpoison_pr_info("Unpoison: huge zero page is not supported %#lx\n", + pfn, &unpoison_rs); + ret = -EOPNOTSUPP; + goto unlock_mutex; + } + if (!PageHWPoison(p)) { unpoison_pr_info("Unpoison: Page was already unpoisoned %#lx\n", pfn, &unpoison_rs); _ Patches currently in -mm which might be from linmiaohe(a)huawei.com are mm-huge_memory-dont-unpoison-huge_zero_folio.patch

1 year, 3 months

1
0
0 0

[PATCH v2] serial: core: only stop transmit when HW fifo is empty

by Jonas Gorski

If the circular buffer is empty, it just means we fit all characters to send into the HW fifo, but not that the hardware finished transmitting them. So if we immediately call stop_tx() after that, this may abort any pending characters in the HW fifo, and cause dropped characters on the console. Fix this by only stopping tx when the tx HW fifo is actually empty. Fixes: 8275b48b2780 ("tty: serial: introduce transmit helpers") Cc: stable(a)vger.kernel.org Signed-off-by: Jonas Gorski <jonas.gorski(a)gmail.com> --- (this is v2 of the bcm63xx-uart fix attempt) v1 -> v2 * replace workaround with fix for core issue * add Cc: for stable I'm somewhat confident this is the core issue causing the broken output with bcm63xx-uart, and there is no actual need for the UART_TX_NOSTOP. I wouldn't be surprised if this also fixes mxs-uart for which UART_TX_NOSTOP was introduced. If it does, there is no need for the flag anymore. include/linux/serial_core.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/linux/serial_core.h b/include/linux/serial_core.h index 55b1f3ba48ac..bb0f2d4ac62f 100644 --- a/include/linux/serial_core.h +++ b/include/linux/serial_core.h @@ -786,7 +786,8 @@ enum UART_TX_FLAGS { if (pending < WAKEUP_CHARS) { \ uart_write_wakeup(__port); \ \ - if (!((flags) & UART_TX_NOSTOP) && pending == 0) \ + if (!((flags) & UART_TX_NOSTOP) && pending == 0 && \ + __port->ops->tx_empty(__port)) \ __port->ops->stop_tx(__port); \ } \ \ -- 2.34.1

1 year, 4 months

2
2
0 0

Re: [PATCH] cpufreq: amd-pstate: fix the highest frequency issue which limit performance

by Thomas Weißschuh

Hi stable team, Please backport the mainline commit bf202e654bfa ("cpufreq: amd-pstate: fix the highest frequency issue which limits performance") to the 6.9 stable series. It fixes a performance regression on AMD Phoenix platforms. It was meant to get into the 6.9 release or the stable branch shortly after, but apparently that didn't happen. On 2024-05-08 13:47:03+0000, Perry Yuan wrote: > To address the performance drop issue, an optimization has been > implemented. The incorrect highest performance value previously set by the > low-level power firmware for AMD CPUs with Family ID 0x19 and Model ID > ranging from 0x70 to 0x7F series has been identified as the cause. > > To resolve this, a check has been implemented to accurately determine the > CPU family and model ID. The correct highest performance value is now set > and the performance drop caused by the incorrect highest performance value > are eliminated. > > Before the fix, the highest frequency was set to 4200MHz, now it is set > to 4971MHz which is correct. > > CPU NODE SOCKET CORE L1d:L1i:L2:L3 ONLINE MAXMHZ MINMHZ MHZ > 0 0 0 0 0:0:0:0 yes 4971.0000 400.0000 400.0000 > 1 0 0 0 0:0:0:0 yes 4971.0000 400.0000 400.0000 > 2 0 0 1 1:1:1:0 yes 4971.0000 400.0000 4865.8140 > 3 0 0 1 1:1:1:0 yes 4971.0000 400.0000 400.0000 > > v1->v2: > * add test by flag from Gaha Bana > > Fixes: f3a052391822 ("cpufreq: amd-pstate: Enable amd-pstate preferred core support") > Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218759 > Signed-off-by: Perry Yuan <perry.yuan(a)amd.com> > Co-developed-by: Mario Limonciello <mario.limonciello(a)amd.com> > Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> > Tested-by: Gaha Bana <gahabana(a)gmail.com> > --- > drivers/cpufreq/amd-pstate.c | 22 +++++++++++++++++++--- > 1 file changed, 19 insertions(+), 3 deletions(-) > > diff --git a/drivers/cpufreq/amd-pstate.c b/drivers/cpufreq/amd-pstate.c > index 2db095867d03..6a342b0c0140 100644 > --- a/drivers/cpufreq/amd-pstate.c > +++ b/drivers/cpufreq/amd-pstate.c > @@ -50,7 +50,8 @@ > > #define AMD_PSTATE_TRANSITION_LATENCY 20000 > #define AMD_PSTATE_TRANSITION_DELAY 1000 > -#define AMD_PSTATE_PREFCORE_THRESHOLD 166 > +#define CPPC_HIGHEST_PERF_PERFORMANCE 196 > +#define CPPC_HIGHEST_PERF_DEFAULT 166 > > /* > * TODO: We need more time to fine tune processors with shared memory solution > @@ -326,6 +327,21 @@ static inline int amd_pstate_enable(bool enable) > return static_call(amd_pstate_enable)(enable); > } > > +static u32 amd_pstate_highest_perf_set(struct amd_cpudata *cpudata) > +{ > + struct cpuinfo_x86 *c = &cpu_data(0); > + > + /* > + * For AMD CPUs with Family ID 19H and Model ID range 0x70 to 0x7f, > + * the highest performance level is set to 196. > + * https://bugzilla.kernel.org/show_bug.cgi?id=218759 > + */ > + if (c->x86 == 0x19 && (c->x86_model >= 0x70 && c->x86_model <= 0x7f)) > + return CPPC_HIGHEST_PERF_PERFORMANCE; > + > + return CPPC_HIGHEST_PERF_DEFAULT; > +} > + > static int pstate_init_perf(struct amd_cpudata *cpudata) > { > u64 cap1; > @@ -342,7 +358,7 @@ static int pstate_init_perf(struct amd_cpudata *cpudata) > * the default max perf. > */ > if (cpudata->hw_prefcore) > - highest_perf = AMD_PSTATE_PREFCORE_THRESHOLD; > + highest_perf = amd_pstate_highest_perf_set(cpudata); > else > highest_perf = AMD_CPPC_HIGHEST_PERF(cap1); > > @@ -366,7 +382,7 @@ static int cppc_init_perf(struct amd_cpudata *cpudata) > return ret; > > if (cpudata->hw_prefcore) > - highest_perf = AMD_PSTATE_PREFCORE_THRESHOLD; > + highest_perf = amd_pstate_highest_perf_set(cpudata); > else > highest_perf = cppc_perf.highest_perf; > > -- > 2.34.1 >

1 year, 4 months

2
1
0 0

[PATCH RFC v2 3/5] KEYS: trusted: Do not use WARN when encode fails

by Jarkko Sakkinen

When asn1_encode_sequence() fails, WARN is not the correct solution. 1. asn1_encode_sequence() is not an internal function (located in lib/asn1_encode.c). 2. Location is known, which makes the stack trace useless. 3. Results a crash if panic_on_warn is set. It is also noteworthy that the use of WARN is undocumented, and it should be avoided unless there is a carefully considered rationale to use it. Replace WARN with pr_err, and print the return value instead, which is only useful piece of information. Cc: stable(a)vger.kernel.org # v5.13+ Fixes: f2219745250f ("security: keys: trusted: use ASN.1 TPM2 key format for the blobs") Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- security/keys/trusted-keys/trusted_tpm2.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c index dfeec06301ce..dbdd6a318b8b 100644 --- a/security/keys/trusted-keys/trusted_tpm2.c +++ b/security/keys/trusted-keys/trusted_tpm2.c @@ -38,6 +38,7 @@ static int tpm2_key_encode(struct trusted_key_payload *payload, u8 *end_work = scratch + SCRATCH_SIZE; u8 *priv, *pub; u16 priv_len, pub_len; + int ret; priv_len = get_unaligned_be16(src) + 2; priv = src; @@ -79,8 +80,11 @@ static int tpm2_key_encode(struct trusted_key_payload *payload, work1 = payload->blob; work1 = asn1_encode_sequence(work1, work1 + sizeof(payload->blob), scratch, work - scratch); - if (WARN(IS_ERR(work1), "BUG: ASN.1 encoder failed")) - return PTR_ERR(work1); + if (IS_ERR(work1)) { + ret = PTR_ERR(work1); + pr_err("ASN.1 encode error %d\n", ret); + return ret; + } return work1 - payload->blob; } -- 2.45.1

1 year, 4 months

1
0
0 0

[PATCH RFC 3/5] KEYS: trusted: Do not use WARN when encode fails

by Jarkko Sakkinen

When asn1_encode_sequence() fails, WARN is not the correct solution. 1. asn1_encode_sequence() is not an internal function (located in lib/asn1_encode.c). 2. Location is known, which makes the stack trace useless. 3. Results a crash if panic_on_warn is set. It is also noteworthy that the use of WARN is undocumented, and it should be avoided unless there is a carefully considered rationale to use it. Replace WARN with pr_err, and print the return value instead, which is only useful piece of information. Cc: stable(a)vger.kernel.org # v5.13+ Fixes: f2219745250f ("security: keys: trusted: use ASN.1 TPM2 key format for the blobs") Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- security/keys/trusted-keys/trusted_tpm2.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c index dfeec06301ce..dbdd6a318b8b 100644 --- a/security/keys/trusted-keys/trusted_tpm2.c +++ b/security/keys/trusted-keys/trusted_tpm2.c @@ -38,6 +38,7 @@ static int tpm2_key_encode(struct trusted_key_payload *payload, u8 *end_work = scratch + SCRATCH_SIZE; u8 *priv, *pub; u16 priv_len, pub_len; + int ret; priv_len = get_unaligned_be16(src) + 2; priv = src; @@ -79,8 +80,11 @@ static int tpm2_key_encode(struct trusted_key_payload *payload, work1 = payload->blob; work1 = asn1_encode_sequence(work1, work1 + sizeof(payload->blob), scratch, work - scratch); - if (WARN(IS_ERR(work1), "BUG: ASN.1 encoder failed")) - return PTR_ERR(work1); + if (IS_ERR(work1)) { + ret = PTR_ERR(work1); + pr_err("ASN.1 encode error %d\n", ret); + return ret; + } return work1 - payload->blob; } -- 2.45.1

1 year, 4 months

1
0
0 0

From Financial Crimes Enforcement Network

by Financial Crimes Enforcement Network

Notice... Your fund that was stopped from completion has been released and ready to be transferred indicate if this email id is active for more details Regards Mr. Rowland Cole

1 year, 4 months

1
0
0 0

[PATCH 5.15] nfsd: don't allow nfsd threads to be signalled.

by cel＠kernel.org

From: NeilBrown <neilb(a)suse.de> [ Upstream commit 3903902401451b1cd9d797a8c79769eb26ac7fe5 ] The original implementation of nfsd used signals to stop threads during shutdown. In Linux 2.3.46pre5 nfsd gained the ability to shutdown threads internally it if was asked to run "0" threads. After this user-space transitioned to using "rpc.nfsd 0" to stop nfsd and sending signals to threads was no longer an important part of the API. In commit 3ebdbe5203a8 ("SUNRPC: discard svo_setup and rename svc_set_num_threads_sync()") (v5.17-rc1~75^2~41) we finally removed the use of signals for stopping threads, using kthread_stop() instead. This patch makes the "obvious" next step and removes the ability to signal nfsd threads - or any svc threads. nfsd stops allowing signals and we don't check for their delivery any more. This will allow for some simplification in later patches. A change worth noting is in nfsd4_ssc_setup_dul(). There was previously a signal_pending() check which would only succeed when the thread was being shut down. It should really have tested kthread_should_stop() as well. Now it just does the latter, not the former. Signed-off-by: NeilBrown <neilb(a)suse.de> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> --- fs/nfs/callback.c | 9 +-------- fs/nfsd/nfs4proc.c | 5 ++--- fs/nfsd/nfssvc.c | 12 ------------ net/sunrpc/svc_xprt.c | 16 ++++++---------- 4 files changed, 9 insertions(+), 33 deletions(-) Greg, Sasha - This is the third resend for this fix. Why isn't it applied to origin/linux-5.15.y yet? diff --git a/fs/nfs/callback.c b/fs/nfs/callback.c index 456af7d230cf..46a0a2d6962e 100644 --- a/fs/nfs/callback.c +++ b/fs/nfs/callback.c @@ -80,9 +80,6 @@ nfs4_callback_svc(void *vrqstp) set_freezable(); while (!kthread_freezable_should_stop(NULL)) { - - if (signal_pending(current)) - flush_signals(current); /* * Listen for a request on the socket */ @@ -112,11 +109,7 @@ nfs41_callback_svc(void *vrqstp) set_freezable(); while (!kthread_freezable_should_stop(NULL)) { - - if (signal_pending(current)) - flush_signals(current); - - prepare_to_wait(&serv->sv_cb_waitq, &wq, TASK_INTERRUPTIBLE); + prepare_to_wait(&serv->sv_cb_waitq, &wq, TASK_IDLE); spin_lock_bh(&serv->sv_cb_lock); if (!list_empty(&serv->sv_cb_list)) { req = list_first_entry(&serv->sv_cb_list, diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c index c14f5ac1484c..6779291efca9 100644 --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c @@ -1317,12 +1317,11 @@ static __be32 nfsd4_ssc_setup_dul(struct nfsd_net *nn, char *ipaddr, /* found a match */ if (ni->nsui_busy) { /* wait - and try again */ - prepare_to_wait(&nn->nfsd_ssc_waitq, &wait, - TASK_INTERRUPTIBLE); + prepare_to_wait(&nn->nfsd_ssc_waitq, &wait, TASK_IDLE); spin_unlock(&nn->nfsd_ssc_lock); /* allow 20secs for mount/unmount for now - revisit */ - if (signal_pending(current) || + if (kthread_should_stop() || (schedule_timeout(20*HZ) == 0)) { finish_wait(&nn->nfsd_ssc_waitq, &wait); kfree(work); diff --git a/fs/nfsd/nfssvc.c b/fs/nfsd/nfssvc.c index 4c1a0a1623e5..3d4fd40c987b 100644 --- a/fs/nfsd/nfssvc.c +++ b/fs/nfsd/nfssvc.c @@ -938,15 +938,6 @@ nfsd(void *vrqstp) current->fs->umask = 0; - /* - * thread is spawned with all signals set to SIG_IGN, re-enable - * the ones that will bring down the thread - */ - allow_signal(SIGKILL); - allow_signal(SIGHUP); - allow_signal(SIGINT); - allow_signal(SIGQUIT); - atomic_inc(&nfsdstats.th_cnt); set_freezable(); @@ -971,9 +962,6 @@ nfsd(void *vrqstp) validate_process_creds(); } - /* Clear signals before calling svc_exit_thread() */ - flush_signals(current); - atomic_dec(&nfsdstats.th_cnt); out: diff --git a/net/sunrpc/svc_xprt.c b/net/sunrpc/svc_xprt.c index 67ccf1a6459a..b19592673eef 100644 --- a/net/sunrpc/svc_xprt.c +++ b/net/sunrpc/svc_xprt.c @@ -700,8 +700,8 @@ static int svc_alloc_arg(struct svc_rqst *rqstp) /* Made progress, don't sleep yet */ continue; - set_current_state(TASK_INTERRUPTIBLE); - if (signalled() || kthread_should_stop()) { + set_current_state(TASK_IDLE); + if (kthread_should_stop()) { set_current_state(TASK_RUNNING); return -EINTR; } @@ -736,7 +736,7 @@ rqst_should_sleep(struct svc_rqst *rqstp) return false; /* are we shutting down? */ - if (signalled() || kthread_should_stop()) + if (kthread_should_stop()) return false; /* are we freezing? */ @@ -758,11 +758,7 @@ static struct svc_xprt *svc_get_next_xprt(struct svc_rqst *rqstp, long timeout) if (rqstp->rq_xprt) goto out_found; - /* - * We have to be able to interrupt this wait - * to bring down the daemons ... - */ - set_current_state(TASK_INTERRUPTIBLE); + set_current_state(TASK_IDLE); smp_mb__before_atomic(); clear_bit(SP_CONGESTED, &pool->sp_flags); clear_bit(RQ_BUSY, &rqstp->rq_flags); @@ -784,7 +780,7 @@ static struct svc_xprt *svc_get_next_xprt(struct svc_rqst *rqstp, long timeout) if (!time_left) atomic_long_inc(&pool->sp_stats.threads_timedout); - if (signalled() || kthread_should_stop()) + if (kthread_should_stop()) return ERR_PTR(-EINTR); return ERR_PTR(-EAGAIN); out_found: @@ -882,7 +878,7 @@ int svc_recv(struct svc_rqst *rqstp, long timeout) try_to_freeze(); cond_resched(); err = -EINTR; - if (signalled() || kthread_should_stop()) + if (kthread_should_stop()) goto out; xprt = svc_get_next_xprt(rqstp, timeout); base-commit: 284087d4f7d57502b5a41b423b771f16cc6d157a -- 2.44.0

1 year, 4 months

3
2
0 0

[BUG] Linux 6.8.10 NPE

by Chris Rankin

Hi, I am using vanilla Linux 6.8.10, and I've just noticed this BUG in my dmesg log. I have no idea what triggered it, and especially since I have not even mounted any NFS filesystems?! Cheers, Chris [ 9114.607417] BUG: kernel NULL pointer dereference, address: 0000000000000068 [ 9114.613082] #PF: supervisor read access in kernel mode [ 9114.616929] #PF: error_code(0x0000) - not-present page [ 9114.620775] PGD 0 P4D 0 [ 9114.622013] Oops: 0000 [#16] PREEMPT SMP PTI [ 9114.624987] CPU: 2 PID: 16501 Comm: sadc Tainted: G D I 6.8.10 #1 [ 9114.630993] Hardware name: Gigabyte Technology Co., Ltd. EX58-UD3R/EX58-UD3R, BIOS FB 05/04/2009 [ 9114.638561] RIP: 0010:nfsd_show+0x39/0x18e [nfsd] [ 9114.642026] Code: fb 48 83 ec 10 48 8b 47 70 8b 2d 34 9b 03 00 48 8b 80 b0 00 00 00 4c 8b a0 60 02 00 00 e8 99 84 f2 df 49 8b 84 24 f8 0b 00 00 <48> 8b 2c e8 e8 6d c0 f2 df 48 8d bd 00 03 00 00 e8 8f ff ff ff 48 [ 9114.659472] RSP: 0018:ffffc9000b1afcf8 EFLAGS: 00010202 [ 9114.663405] RAX: 0000000000000000 RBX: ffff88810cd5de80 RCX: 0000000000001000 [ 9114.669239] RDX: ffff88813f45b900 RSI: 0000000000000001 RDI: ffff88810cd5de80 [ 9114.675069] RBP: 000000000000000d R08: 0000000000400cc0 R09: 00000000ffffffff [ 9114.680905] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffffa11e51e0 [ 9114.686737] R13: ffffc9000b1afef8 R14: ffff88810cd5de80 R15: ffffffff81a2a520 [ 9114.692586] FS: 00007f3637e49740(0000) GS:ffff888343c80000(0000) knlGS:0000000000000000 [ 9114.699370] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 9114.703809] CR2: 0000000000000068 CR3: 000000027a18c000 CR4: 00000000000006f0 [ 9114.709642] Call Trace: [ 9114.710798] <TASK> [ 9114.711602] ? __die_body+0x1a/0x5c [ 9114.713802] ? page_fault_oops+0x321/0x36e [ 9114.716636] ? exc_page_fault+0x105/0x117 [ 9114.719348] ? asm_exc_page_fault+0x22/0x30 [ 9114.722237] ? nfsd_show+0x39/0x18e [nfsd] [ 9114.725103] ? nfsd_show+0x31/0x18e [nfsd] [ 9114.727954] seq_read_iter+0x171/0x353 [ 9114.730410] seq_read+0xe0/0x108 [ 9114.732350] ? startup_64+0x1/0x60 [ 9114.734458] proc_reg_read+0x8c/0xa7 [ 9114.736746] vfs_read+0xa6/0x1bf [ 9114.738685] ? __do_sys_newfstat+0x34/0x5c [ 9114.741486] ksys_read+0x74/0xc0 [ 9114.743418] do_syscall_64+0x6c/0xdc [ 9114.745695] entry_SYSCALL_64_after_hwframe+0x60/0x68 [ 9114.749449] RIP: 0033:0x7f3638039cc1 [ 9114.751752] Code: 00 48 8b 15 59 81 0d 00 f7 d8 64 89 02 b8 ff ff ff ff eb bd e8 b0 aa 01 00 f3 0f 1e fa 80 3d 85 03 0e 00 00 74 13 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 4f c3 66 0f 1f 44 00 00 55 48 89 e5 48 83 ec [ 9114.769198] RSP: 002b:00007ffec523c288 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 9114.775499] RAX: ffffffffffffffda RBX: 000055619e0982e0 RCX: 00007f3638039cc1 [ 9114.781332] RDX: 0000000000000400 RSI: 000055619e0a3b70 RDI: 0000000000000004 [ 9114.787166] RBP: 00007ffec523c2c0 R08: 0000000000000001 R09: 0000000000000000 [ 9114.792997] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3638111050 [ 9114.798830] R13: 00007f3638110f00 R14: 0000000000000000 R15: 000055619e0982e0 [ 9114.804668] </TASK> [ 9114.805559] Modules linked in: udf usb_storage snd_seq_dummy rpcrdma rdma_cm iw_cm ib_cm ib_core nf_nat_ftp nf_conntrack_ftp cfg80211 af_packet nf_conntrack_netbios_ns nf_conntrack_broadcast nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_tables ebtable_nat ebtable_broute ip6table_nat ip6table_mangle ip6table_raw ip6table_security iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c iptable_mangle iptable_raw iptable_security ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter ip_tables x_tables it87 hwmon_vid bnep binfmt_misc snd_hda_codec_realtek snd_hda_codec_generic snd_hda_codec_hdmi snd_hda_intel uvcvideo btusb uvc btintel btbcm videobuf2_vmalloc snd_intel_dspcfg videobuf2_memops bluetooth videobuf2_v4l2 snd_hda_codec videodev snd_usb_audio intel_powerclamp coretemp snd_virtuoso snd_hda_core kvm_intel snd_oxygen_lib videobuf2_common ecdh_generic snd_usbmidi_lib snd_mpu401_uart snd_hwdep mc snd_rawmidi [ 9114.805644] input_leds joydev led_class snd_seq rfkill kvm ecc snd_seq_device gpio_ich pktcdvd snd_pcm iTCO_wdt r8169 irqbypass i2c_i801 snd_hrtimer realtek snd_timer mdio_devres intel_cstate snd libphy acpi_cpufreq i2c_smbus pcspkr intel_uncore psmouse lpc_ich i7core_edac mxm_wmi soundcore tiny_power_button button nfsd auth_rpcgss nfs_acl lockd grace sunrpc dm_mod loop fuse dax configfs nfnetlink zram zsmalloc ext4 crc32c_generic crc16 mbcache jbd2 amdgpu video amdxcp i2c_algo_bit mfd_core drm_ttm_helper ttm hid_microsoft drm_exec gpu_sched drm_suballoc_helper drm_buddy drm_display_helper sr_mod usbhid sd_mod cdrom drm_kms_helper ahci pata_jmicron libahci drm uhci_hcd libata ehci_pci ehci_hcd xhci_pci firewire_ohci xhci_hcd firewire_core scsi_mod crc32c_intel sha512_ssse3 usbcore drm_panel_orientation_quirks sha256_ssse3 cec serio_raw sha1_ssse3 rc_core crc_itu_t bsg usb_common scsi_common wmi msr [last unloaded: sg] [ 9114.974386] CR2: 0000000000000068 [ 9114.976469] ---[ end trace 0000000000000000 ]--- [ 9114.979859] RIP: 0010:nfsd_show+0x39/0x18e [nfsd] [ 9114.983413] Code: fb 48 83 ec 10 48 8b 47 70 8b 2d 34 9b 03 00 48 8b 80 b0 00 00 00 4c 8b a0 60 02 00 00 e8 99 84 f2 df 49 8b 84 24 f8 0b 00 00 <48> 8b 2c e8 e8 6d c0 f2 df 48 8d bd 00 03 00 00 e8 8f ff ff ff 48 [ 9115.000909] RSP: 0018:ffffc90002edfcf8 EFLAGS: 00010202 [ 9115.004850] RAX: 0000000000000000 RBX: ffff88813fee9780 RCX: 0000000000001000 [ 9115.010725] RDX: ffff88810b474740 RSI: 0000000000000001 RDI: ffff88813fee9780 [ 9115.016621] RBP: 000000000000000d R08: 0000000000400cc0 R09: 00000000ffffffff [ 9115.022507] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffffa11e51e0 [ 9115.028414] R13: ffffc90002edfef8 R14: ffff88813fee9780 R15: ffffffff81a2a520 [ 9115.034338] FS: 00007f3637e49740(0000) GS:ffff888343c00000(0000) knlGS:0000000000000000 [ 9115.041191] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 9115.045739] CR2: 00007f7171a17ef0 CR3: 000000027a18c000 CR4: 00000000000006f0

1 year, 4 months

1
0
0 0

[PATCH stable] block/mq-deadline: fix different priority request on the same zone

by Wu Bo

Zoned devices request sequential writing on the same zone. That means if 2 requests on the saem zone, the lower pos request need to dispatch to device first. While different priority has it's own tree & list, request with high priority will be disptch first. So if requestA & requestB are on the same zone. RequestA is BE and pos is X+0. ReqeustB is RT and pos is X+1. RequestB will be disptched before requestA, which got an ERROR from zoned device. This is found in a practice scenario when using F2FS on zoned device. And it is very easy to reproduce: 1. Use fsstress to run 8 test processes 2. Use ionice to change 4/8 processes to RT priority Fixes: c807ab520fc3 ("block/mq-deadline: Add I/O priority support") Cc: <stable(a)vger.kernel.org> Signed-off-by: Wu Bo <bo.wu(a)vivo.com> --- block/mq-deadline.c | 31 +++++++++++++++++++++++++++++++ include/linux/blk-mq.h | 15 +++++++++++++++ 2 files changed, 46 insertions(+) diff --git a/block/mq-deadline.c b/block/mq-deadline.c index 02a916ba62ee..6a05dd86e8ca 100644 --- a/block/mq-deadline.c +++ b/block/mq-deadline.c @@ -539,6 +539,37 @@ static struct request *__dd_dispatch_request(struct deadline_data *dd, if (started_after(dd, rq, latest_start)) return NULL; + if (!blk_rq_is_seq_zoned_write(rq)) + goto skip_check; + /* + * To ensure sequential writing, check the lower priority class to see + * if there is a request on the same zone and need to be dispatched + * first + */ + ioprio_class = dd_rq_ioclass(rq); + prio = ioprio_class_to_prio[ioprio_class]; + prio++; + for (; prio <= DD_PRIO_MAX; prio++) { + struct request *temp_rq; + unsigned long flags; + bool can_dispatch; + + if (!dd_queued(dd, prio)) + continue; + + temp_rq = deadline_from_pos(&dd->per_prio[prio], data_dir, blk_rq_pos(rq)); + if (temp_rq && blk_req_zone_in_one(temp_rq, rq) && + blk_rq_pos(temp_rq) < blk_rq_pos(rq)) { + spin_lock_irqsave(&dd->zone_lock, flags); + can_dispatch = blk_req_can_dispatch_to_zone(temp_rq); + spin_unlock_irqrestore(&dd->zone_lock, flags); + if (!can_dispatch) + return NULL; + rq = temp_rq; + per_prio = &dd->per_prio[prio]; + } + } +skip_check: /* * rq is the selected appropriate request. */ diff --git a/include/linux/blk-mq.h b/include/linux/blk-mq.h index d3d8fd8e229b..bca1e639e0f3 100644 --- a/include/linux/blk-mq.h +++ b/include/linux/blk-mq.h @@ -1202,6 +1202,15 @@ static inline bool blk_req_can_dispatch_to_zone(struct request *rq) return true; return !blk_req_zone_is_write_locked(rq); } + +static inline bool blk_req_zone_in_one(struct request *rq_a, + struct request *rq_b) +{ + unsigned int zone_sectors = rq_a->q->limits.chunk_sectors; + + return round_down(blk_rq_pos(rq_a), zone_sectors) == + round_down(blk_rq_pos(rq_b), zone_sectors); +} #else /* CONFIG_BLK_DEV_ZONED */ static inline bool blk_rq_is_seq_zoned_write(struct request *rq) { @@ -1229,6 +1238,12 @@ static inline bool blk_req_can_dispatch_to_zone(struct request *rq) { return true; } + +static inline bool blk_req_zone_in_one(struct request *rq_a, + struct request *rq_b) +{ + return false; +} #endif /* CONFIG_BLK_DEV_ZONED */ #endif /* BLK_MQ_H */ -- 2.35.3

1 year, 4 months

3
5
0 0

[PATCH] net: ks8851: Fix another TX stall caused by wrong ISR flag handling

by Ronald Wahl

From: Ronald Wahl <ronald.wahl(a)raritan.com> Under some circumstances it may happen that the ks8851 Ethernet driver stops sending data. Currently the interrupt handler resets the interrupt status flags in the hardware after handling TX. With this approach we may lose interrupts in the time window between handling the TX interrupt and resetting the TX interrupt status bit. When all of the three following conditions are true then transmitting data stops: - TX queue is stopped to wait for room in the hardware TX buffer - no queued SKBs in the driver (txq) that wait for being written to hw - hardware TX buffer is empty and the last TX interrupt was lost This is because reenabling the TX queue happens when handling the TX interrupt status but if the TX status bit has already been cleared then this interrupt will never come. With this commit the interrupt status flags will be cleared before they are handled. That way we stop losing interrupts. The wrong handling of the ISR flags was there from the beginning but with commit 3dc5d4454545 ("net: ks8851: Fix TX stall caused by TX buffer overrun") the issue becomes apparent. Fixes: 3dc5d4454545 ("net: ks8851: Fix TX stall caused by TX buffer overrun") Cc: "David S. Miller" <davem(a)davemloft.net> Cc: Eric Dumazet <edumazet(a)google.com> Cc: Jakub Kicinski <kuba(a)kernel.org> Cc: Paolo Abeni <pabeni(a)redhat.com> Cc: Simon Horman <horms(a)kernel.org> Cc: netdev(a)vger.kernel.org Cc: stable(a)vger.kernel.org # 5.10+ Signed-off-by: Ronald Wahl <ronald.wahl(a)raritan.com> --- drivers/net/ethernet/micrel/ks8851_common.c | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-) diff --git a/drivers/net/ethernet/micrel/ks8851_common.c b/drivers/net/ethernet/micrel/ks8851_common.c index 502518cdb461..6453c92f0fa7 100644 --- a/drivers/net/ethernet/micrel/ks8851_common.c +++ b/drivers/net/ethernet/micrel/ks8851_common.c @@ -328,7 +328,6 @@ static irqreturn_t ks8851_irq(int irq, void *_ks) { struct ks8851_net *ks = _ks; struct sk_buff_head rxq; - unsigned handled = 0; unsigned long flags; unsigned int status; struct sk_buff *skb; @@ -336,24 +335,17 @@ static irqreturn_t ks8851_irq(int irq, void *_ks) ks8851_lock(ks, &flags); status = ks8851_rdreg16(ks, KS_ISR); + ks8851_wrreg16(ks, KS_ISR, status); netif_dbg(ks, intr, ks->netdev, "%s: status 0x%04x\n", __func__, status); - if (status & IRQ_LCI) - handled |= IRQ_LCI; - if (status & IRQ_LDI) { u16 pmecr = ks8851_rdreg16(ks, KS_PMECR); pmecr &= ~PMECR_WKEVT_MASK; ks8851_wrreg16(ks, KS_PMECR, pmecr | PMECR_WKEVT_LINK); - - handled |= IRQ_LDI; } - if (status & IRQ_RXPSI) - handled |= IRQ_RXPSI; - if (status & IRQ_TXI) { unsigned short tx_space = ks8851_rdreg16(ks, KS_TXMIR); @@ -365,20 +357,12 @@ static irqreturn_t ks8851_irq(int irq, void *_ks) if (netif_queue_stopped(ks->netdev)) netif_wake_queue(ks->netdev); spin_unlock(&ks->statelock); - - handled |= IRQ_TXI; } - if (status & IRQ_RXI) - handled |= IRQ_RXI; - if (status & IRQ_SPIBEI) { netdev_err(ks->netdev, "%s: spi bus error\n", __func__); - handled |= IRQ_SPIBEI; } - ks8851_wrreg16(ks, KS_ISR, handled); - if (status & IRQ_RXI) { /* the datasheet says to disable the rx interrupt during * packet read-out, however we're masking the interrupt -- 2.45.0

1 year, 4 months

3
2
0 0

[PATCH v1 1/1] x86/cpu: Fix boot on Intel Quark X1000

by Andy Shevchenko

The initial change to set x86_virt_bits to the correct value straight away broke boot on Intel Quark X1000 CPUs (which are family 5, model 9, stepping 0) With deeper investigation it appears that the Quark doesn't have the bit 19 set in 0x01 CPUID leaf, which means it doesn't provide any clflush instructions and hence the cache alignment is set to 0. The actual cache line size is 16 bytes, hence we may set the alignment accordingly. At the same time the physical and virtual address bits are retrieved via 0x80000008 CPUID leaf. Note, we don't really care about the value of x86_clflush_size as it is either used with a proper check for the instruction to be present, or, like in PCI case, it assumes 32 bytes for all supported 32-bit CPUs that have actually smaller cache line sizes and don't advertise it. The commit fbf6449f84bf ("x86/sev-es: Set x86_virt_bits to the correct value straight away, instead of a two-phase approach") basically revealed the issue that has been present from day 1 of introducing the Quark support. Fixes: aece118e487a ("x86: Add cpu_detect_cache_sizes to init_intel() add Quark legacy_cache()") Cc: stable(a)vger.kernel.org Signed-off-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> --- arch/x86/kernel/cpu/intel.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c index be30d7fa2e66..2bffae158dd5 100644 --- a/arch/x86/kernel/cpu/intel.c +++ b/arch/x86/kernel/cpu/intel.c @@ -321,6 +321,15 @@ static void early_init_intel(struct cpuinfo_x86 *c) #ifdef CONFIG_X86_64 set_cpu_cap(c, X86_FEATURE_SYSENTER32); #else + /* + * The Quark doesn't have bit 19 set in 0x01 CPUID leaf, which means + * it doesn't provide any clflush instructions and hence the cache + * alignment is set to 0. The actual cache line size is 16 bytes, + * hence set the alignment accordingly. At the same time the physical + * and virtual address bits are retrieved via 0x80000008 CPUID leaf. + */ + if (c->x86 == 5 && c->x86_model == 9) + c->x86_cache_alignment = 16; /* Netburst reports 64 bytes clflush size, but does IO in 128 bytes */ if (c->x86 == 15 && c->x86_cache_alignment == 64) c->x86_cache_alignment = 128; -- 2.43.0.rc1.1336.g36b5255a03ac

1 year, 4 months

2
2
0 0

Re: [PATCH 6.9 0/5] 6.9.1-rc1 review

by Ronald Warsow

Hi Greg *no* regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

1 year, 4 months

1
0
0 0

Linux 6.9.1

by Greg Kroah-Hartman

I'm announcing the release of the 6.9.1 kernel. All users of the 6.9 kernel series must upgrade. The updated 6.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.9.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 drivers/dma/idxd/cdev.c | 77 +++++++++++++++++++++++ drivers/dma/idxd/idxd.h | 3 drivers/dma/idxd/init.c | 4 + drivers/dma/idxd/registers.h | 3 drivers/dma/idxd/sysfs.c | 27 +++++++- drivers/net/wireless/mediatek/mt76/mt7915/main.c | 4 + drivers/vfio/pci/vfio_pci.c | 2 include/linux/pci_ids.h | 2 security/keys/key.c | 3 10 files changed, 120 insertions(+), 7 deletions(-) Arjan van de Ven (2): VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist dmaengine: idxd: add a new security check to deal with a hardware erratum Ben Greear (1): wifi: mt76: mt7915: add missing chanctx ops Greg Kroah-Hartman (1): Linux 6.9.1 Nikhil Rao (1): dmaengine: idxd: add a write() method for applications to submit work Silvio Gissi (1): keys: Fix overwrite of key expiration on instantiation

1 year, 4 months

1
1
0 0

Linux 6.8.10

by Greg Kroah-Hartman

I'm announcing the release of the 6.8.10 kernel. All users of the 6.8 kernel series must upgrade. The updated 6.8.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.8.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/iio/health/maxim,max30102.yaml | 2 Documentation/devicetree/bindings/net/mediatek,net.yaml | 22 - Documentation/netlink/specs/rt_link.yaml | 6 Makefile | 2 arch/arm/kernel/sleep.S | 4 arch/arm/net/bpf_jit_32.c | 56 ++- arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-pico6.dts | 3 arch/arm64/boot/dts/qcom/sa8155p-adp.dts | 30 - arch/arm64/kvm/vgic/vgic-kvm-device.c | 8 arch/arm64/net/bpf_jit_comp.c | 6 arch/mips/include/asm/ptrace.h | 2 arch/mips/kernel/asm-offsets.c | 1 arch/mips/kernel/ptrace.c | 15 arch/mips/kernel/scall32-o32.S | 23 - arch/mips/kernel/scall64-n32.S | 3 arch/mips/kernel/scall64-n64.S | 3 arch/mips/kernel/scall64-o32.S | 33 - arch/powerpc/crypto/chacha-p10-glue.c | 8 arch/powerpc/include/asm/plpks.h | 5 arch/powerpc/platforms/pseries/iommu.c | 8 arch/powerpc/platforms/pseries/plpks.c | 10 arch/riscv/net/bpf_jit_comp64.c | 6 arch/s390/include/asm/dwarf.h | 1 arch/s390/kernel/vdso64/vdso_user_wrapper.S | 2 arch/s390/mm/gmap.c | 2 arch/s390/mm/hugetlbpage.c | 2 arch/x86/kernel/apic/apic.c | 16 arch/xtensa/include/asm/processor.h | 8 arch/xtensa/include/asm/ptrace.h | 2 arch/xtensa/kernel/process.c | 5 arch/xtensa/kernel/stacktrace.c | 3 block/blk-iocost.c | 14 block/ioctl.c | 5 drivers/accel/ivpu/ivpu_drv.c | 20 - drivers/accel/ivpu/ivpu_drv.h | 3 drivers/accel/ivpu/ivpu_hw_37xx.c | 4 drivers/accel/ivpu/ivpu_mmu.c | 8 drivers/accel/ivpu/ivpu_pm.c | 9 drivers/ata/sata_gemini.c | 5 drivers/base/regmap/regmap.c | 37 ++ drivers/bluetooth/btqca.c | 138 ++++++- drivers/bluetooth/btqca.h | 3 drivers/bluetooth/hci_qca.c | 2 drivers/clk/clk.c | 12 drivers/clk/qcom/clk-smd-rpm.c | 1 drivers/clk/samsung/clk-exynos-clkout.c | 13 drivers/clk/sunxi-ng/ccu-sun50i-a64.c | 2 drivers/clk/sunxi-ng/ccu-sun50i-h6.c | 19 - drivers/clk/sunxi-ng/ccu_common.c | 19 + drivers/clk/sunxi-ng/ccu_common.h | 3 drivers/dma/idxd/cdev.c | 77 ++++ drivers/dma/idxd/idxd.h | 3 drivers/dma/idxd/init.c | 4 drivers/dma/idxd/registers.h | 3 drivers/dma/idxd/sysfs.c | 27 + drivers/edac/versal_edac.c | 4 drivers/firewire/nosy.c | 6 drivers/firewire/ohci.c | 14 drivers/firmware/efi/unaccepted_memory.c | 4 drivers/firmware/microchip/mpfs-auto-update.c | 2 drivers/gpio/gpio-crystalcove.c | 2 drivers/gpio/gpio-lpc32xx.c | 1 drivers/gpio/gpio-wcove.c | 2 drivers/gpio/gpiolib-cdev.c | 16 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 26 - drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 7 drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 14 drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 52 +- drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c | 15 drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c | 16 drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 11 drivers/gpu/drm/amd/amdkfd/kfd_device.c | 17 drivers/gpu/drm/amd/amdkfd/kfd_int_process_v10.c | 3 drivers/gpu/drm/amd/amdkfd/kfd_int_process_v11.c | 3 drivers/gpu/drm/amd/amdkfd/kfd_int_process_v9.c | 3 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 15 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 48 +- drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 1 drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hpo_dp_link_encoder.c | 6 drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 33 + drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 27 + drivers/gpu/drm/amd/pm/swsmu/inc/amdgpu_smu.h | 1 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 8 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c | 2 drivers/gpu/drm/drm_connector.c | 2 drivers/gpu/drm/i915/display/intel_audio.c | 113 ------ drivers/gpu/drm/i915/display/intel_bios.c | 19 - drivers/gpu/drm/i915/display/intel_vbt_defs.h | 5 drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c | 6 drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h | 2 drivers/gpu/drm/i915/gt/intel_workarounds.c | 4 drivers/gpu/drm/imagination/pvr_fw_mips.h | 5 drivers/gpu/drm/meson/meson_dw_hdmi.c | 70 +-- drivers/gpu/drm/nouveau/include/nvkm/subdev/gsp.h | 4 drivers/gpu/drm/nouveau/nouveau_dp.c | 13 drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 79 ++-- drivers/gpu/drm/panel/Kconfig | 2 drivers/gpu/drm/panel/panel-ilitek-ili9341.c | 13 drivers/gpu/drm/qxl/qxl_release.c | 50 -- drivers/gpu/drm/radeon/pptable.h | 10 drivers/gpu/drm/ttm/ttm_tt.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 1 drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 drivers/gpu/drm/xe/compat-i915-headers/i915_drv.h | 3 drivers/gpu/drm/xe/regs/xe_engine_regs.h | 2 drivers/gpu/drm/xe/xe_lrc.c | 25 - drivers/gpu/drm/xe/xe_migrate.c | 8 drivers/gpu/host1x/bus.c | 8 drivers/hv/channel.c | 29 + drivers/hv/connection.c | 29 + drivers/hwmon/corsair-cpro.c | 45 +- drivers/hwmon/pmbus/ucd9000.c | 6 drivers/iio/accel/mxc4005.c | 92 ++++ drivers/iio/imu/adis16475.c | 4 drivers/iio/pressure/bmp280-core.c | 1 drivers/iio/pressure/bmp280-spi.c | 13 drivers/iio/pressure/bmp280.h | 1 drivers/infiniband/hw/qib/qib_fs.c | 1 drivers/iommu/amd/iommu.c | 4 drivers/iommu/arm/arm-smmu/arm-smmu-nvidia.c | 4 drivers/iommu/mtk_iommu.c | 1 drivers/iommu/mtk_iommu_v1.c | 1 drivers/misc/mei/hw-me-regs.h | 2 drivers/misc/mei/pci-me.c | 2 drivers/misc/pvpanic/pvpanic-pci.c | 4 drivers/net/dsa/mv88e6xxx/chip.c | 20 - drivers/net/ethernet/broadcom/genet/bcmgenet.c | 32 + drivers/net/ethernet/broadcom/genet/bcmgenet.h | 4 drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 8 drivers/net/ethernet/broadcom/genet/bcmmii.c | 6 drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 4 drivers/net/ethernet/chelsio/cxgb4/sge.c | 6 drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 52 +- drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.h | 5 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 7 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 20 - drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 2 drivers/net/ethernet/intel/e1000e/phy.c | 8 drivers/net/ethernet/intel/ice/ice_debugfs.c | 8 drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c | 4 drivers/net/ethernet/micrel/ks8851_common.c | 16 drivers/net/ethernet/qlogic/qede/qede_filter.c | 14 drivers/net/hyperv/netvsc.c | 7 drivers/net/usb/qmi_wwan.c | 1 drivers/net/vxlan/vxlan_core.c | 49 +- drivers/net/wireless/intel/iwlwifi/mvm/mld-sta.c | 7 drivers/net/wireless/intel/iwlwifi/queue/tx.c | 2 drivers/nvme/host/core.c | 2 drivers/nvme/host/nvme.h | 5 drivers/nvme/host/pci.c | 14 drivers/pinctrl/aspeed/pinctrl-aspeed-g6.c | 34 - drivers/pinctrl/core.c | 8 drivers/pinctrl/devicetree.c | 10 drivers/pinctrl/intel/pinctrl-baytrail.c | 74 ++-- drivers/pinctrl/intel/pinctrl-intel.h | 4 drivers/pinctrl/mediatek/pinctrl-paris.c | 40 -- drivers/pinctrl/meson/pinctrl-meson-a1.c | 6 drivers/platform/x86/acer-wmi.c | 9 drivers/platform/x86/amd/pmf/acpi.c | 2 drivers/platform/x86/intel/speed_select_if/isst_if_common.c | 1 drivers/power/supply/mt6360_charger.c | 2 drivers/power/supply/rt9455_charger.c | 2 drivers/regulator/core.c | 27 - drivers/regulator/mt6360-regulator.c | 32 + drivers/regulator/tps65132-regulator.c | 7 drivers/s390/cio/cio_inject.c | 2 drivers/s390/net/qeth_core_main.c | 61 +-- drivers/scsi/bnx2fc/bnx2fc_tgt.c | 2 drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 10 drivers/scsi/libsas/sas_expander.c | 2 drivers/scsi/lpfc/lpfc.h | 2 drivers/scsi/lpfc/lpfc_attr.c | 4 drivers/scsi/lpfc/lpfc_bsg.c | 20 - drivers/scsi/lpfc/lpfc_debugfs.c | 12 drivers/scsi/lpfc/lpfc_els.c | 20 - drivers/scsi/lpfc/lpfc_hbadisc.c | 5 drivers/scsi/lpfc/lpfc_init.c | 5 drivers/scsi/lpfc/lpfc_nvme.c | 4 drivers/scsi/lpfc/lpfc_scsi.c | 13 drivers/scsi/lpfc/lpfc_sli.c | 34 - drivers/scsi/lpfc/lpfc_vport.c | 8 drivers/scsi/mpi3mr/mpi3mr_app.c | 2 drivers/slimbus/qcom-ngd-ctrl.c | 6 drivers/spi/spi-axi-spi-engine.c | 19 - drivers/spi/spi-hisi-kunpeng.c | 2 drivers/spi/spi-microchip-core-qspi.c | 1 drivers/spi/spi.c | 1 drivers/target/target_core_configfs.c | 12 drivers/thermal/thermal_debugfs.c | 59 ++- drivers/ufs/core/ufs-mcq.c | 2 drivers/ufs/core/ufshcd.c | 9 drivers/uio/uio_hv_generic.c | 12 drivers/usb/core/hub.c | 5 drivers/usb/core/port.c | 8 drivers/usb/dwc3/core.c | 90 ++-- drivers/usb/dwc3/core.h | 1 drivers/usb/dwc3/gadget.c | 2 drivers/usb/dwc3/host.c | 27 + drivers/usb/gadget/composite.c | 6 drivers/usb/gadget/function/f_fs.c | 9 drivers/usb/gadget/function/uvc_configfs.c | 4 drivers/usb/host/ohci-hcd.c | 8 drivers/usb/host/xhci-plat.h | 4 drivers/usb/host/xhci-rzv2m.c | 1 drivers/usb/typec/tcpm/tcpm.c | 36 + drivers/usb/typec/ucsi/ucsi.c | 12 drivers/vfio/pci/vfio_pci.c | 2 fs/9p/fid.h | 3 fs/9p/vfs_file.c | 2 fs/9p/vfs_inode.c | 23 - fs/9p/vfs_super.c | 1 fs/btrfs/inode.c | 2 fs/btrfs/ordered-data.c | 1 fs/btrfs/qgroup.c | 2 fs/btrfs/transaction.c | 2 fs/btrfs/tree-checker.c | 30 - fs/btrfs/tree-checker.h | 1 fs/btrfs/volumes.c | 18 fs/exfat/file.c | 7 fs/gfs2/bmap.c | 5 fs/nfs/client.c | 5 fs/nfs/inode.c | 13 fs/nfs/internal.h | 2 fs/nfs/netns.h | 2 fs/nfsd/cache.h | 2 fs/nfsd/netns.h | 21 - fs/nfsd/nfs4callback.c | 97 +++++ fs/nfsd/nfs4proc.c | 6 fs/nfsd/nfs4state.c | 3 fs/nfsd/nfs4xdr.c | 2 fs/nfsd/nfscache.c | 40 -- fs/nfsd/nfsctl.c | 14 fs/nfsd/nfsfh.c | 3 fs/nfsd/state.h | 14 fs/nfsd/stats.c | 43 -- fs/nfsd/stats.h | 62 +-- fs/nfsd/vfs.c | 6 fs/nfsd/xdr4cb.h | 18 fs/proc/task_mmu.c | 24 - fs/smb/client/cifsglob.h | 1 fs/smb/client/connect.c | 8 fs/smb/client/fs_context.c | 21 + fs/smb/client/fs_context.h | 2 fs/smb/client/misc.c | 1 fs/smb/client/smb2pdu.c | 11 fs/smb/server/oplock.c | 35 + fs/smb/server/transport_tcp.c | 4 fs/tracefs/event_inode.c | 45 +- fs/tracefs/inode.c | 92 ++++ fs/tracefs/internal.h | 7 fs/userfaultfd.c | 4 fs/vboxsf/file.c | 1 include/linux/compiler_types.h | 11 include/linux/dma-fence.h | 7 include/linux/gfp_types.h | 2 include/linux/hyperv.h | 1 include/linux/pci_ids.h | 2 include/linux/regmap.h | 8 include/linux/regulator/consumer.h | 4 include/linux/skbuff.h | 15 include/linux/skmsg.h | 2 include/linux/slab.h | 4 include/linux/sockptr.h | 25 + include/linux/sunrpc/clnt.h | 1 include/net/gro.h | 9 include/net/xfrm.h | 3 include/sound/emu10k1.h | 3 include/trace/events/rxrpc.h | 2 include/uapi/linux/kfd_ioctl.h | 17 include/uapi/scsi/scsi_bsg_mpi3mr.h | 2 kernel/bpf/bloom_filter.c | 13 kernel/bpf/verifier.c | 3 kernel/dma/swiotlb.c | 1 kernel/workqueue.c | 8 lib/Kconfig.debug | 5 lib/dynamic_debug.c | 6 lib/maple_tree.c | 16 lib/scatterlist.c | 2 mm/readahead.c | 4 mm/slub.c | 52 +- net/8021q/vlan_core.c | 2 net/bluetooth/hci_core.c | 3 net/bluetooth/hci_event.c | 2 net/bluetooth/l2cap_core.c | 3 net/bluetooth/msft.c | 2 net/bluetooth/msft.h | 4 net/bluetooth/sco.c | 4 net/bridge/br_forward.c | 9 net/bridge/br_netlink.c | 3 net/core/filter.c | 42 +- net/core/gro.c | 1 net/core/link_watch.c | 4 net/core/net-sysfs.c | 4 net/core/net_namespace.c | 13 net/core/rtnetlink.c | 6 net/core/skbuff.c | 27 + net/core/skmsg.c | 5 net/core/sock.c | 4 net/hsr/hsr_device.c | 31 - net/ipv4/af_inet.c | 1 net/ipv4/ip_output.c | 2 net/ipv4/raw.c | 3 net/ipv4/tcp.c | 4 net/ipv4/tcp_input.c | 2 net/ipv4/tcp_ipv4.c | 8 net/ipv4/tcp_output.c | 4 net/ipv4/udp.c | 3 net/ipv4/udp_offload.c | 15 net/ipv4/xfrm4_input.c | 6 net/ipv6/addrconf.c | 11 net/ipv6/fib6_rules.c | 6 net/ipv6/ip6_input.c | 4 net/ipv6/ip6_offload.c | 1 net/ipv6/ip6_output.c | 4 net/ipv6/udp.c | 3 net/ipv6/udp_offload.c | 3 net/ipv6/xfrm6_input.c | 6 net/l2tp/l2tp_eth.c | 3 net/mac80211/ieee80211_i.h | 4 net/mac80211/mlme.c | 5 net/mptcp/ctrl.c | 39 ++ net/mptcp/protocol.c | 3 net/nfc/llcp_sock.c | 12 net/nfc/nci/core.c | 1 net/nsh/nsh.c | 14 net/phonet/pn_netlink.c | 2 net/rxrpc/ar-internal.h | 2 net/rxrpc/call_object.c | 7 net/rxrpc/conn_event.c | 16 net/rxrpc/conn_object.c | 9 net/rxrpc/input.c | 71 ++- net/rxrpc/output.c | 14 net/rxrpc/protocol.h | 6 net/smc/smc_ib.c | 19 - net/sunrpc/clnt.c | 5 net/sunrpc/xprtsock.c | 1 net/tipc/msg.c | 8 net/wireless/nl80211.c | 2 net/wireless/trace.h | 2 net/xfrm/xfrm_input.c | 8 rust/macros/module.rs | 185 ++++++---- scripts/Makefile.modfinal | 2 security/keys/key.c | 3 sound/hda/intel-sdw-acpi.c | 2 sound/oss/dmasound/dmasound_paula.c | 8 sound/pci/emu10k1/emu10k1.c | 3 sound/pci/emu10k1/emu10k1_main.c | 139 ++++--- sound/pci/hda/patch_realtek.c | 25 + sound/soc/codecs/es8326.c | 30 - sound/soc/codecs/es8326.h | 2 sound/soc/codecs/wsa881x.c | 1 sound/soc/intel/avs/topology.c | 2 sound/soc/meson/Kconfig | 1 sound/soc/meson/axg-card.c | 1 sound/soc/meson/axg-fifo.c | 52 +- sound/soc/meson/axg-fifo.h | 12 sound/soc/meson/axg-frddr.c | 5 sound/soc/meson/axg-tdm-interface.c | 34 + sound/soc/meson/axg-toddr.c | 22 - sound/soc/sof/intel/hda-dsp.c | 20 - sound/soc/sof/intel/pci-lnl.c | 3 sound/soc/tegra/tegra186_dspk.c | 7 sound/soc/ti/davinci-mcasp.c | 12 sound/usb/line6/driver.c | 6 tools/include/linux/kernel.h | 1 tools/include/linux/mm.h | 5 tools/include/linux/panic.h | 19 + tools/power/x86/turbostat/turbostat.8 | 2 tools/power/x86/turbostat/turbostat.c | 159 ++++++-- tools/testing/selftests/bpf/prog_tests/bloom_filter_map.c | 6 tools/testing/selftests/ftrace/test.d/filter/event-filter-function.tc | 2 tools/testing/selftests/mm/Makefile | 6 tools/testing/selftests/net/test_bridge_neigh_suppress.sh | 14 tools/testing/selftests/timers/valid-adjtimex.c | 73 +-- 377 files changed, 3360 insertions(+), 1832 deletions(-) Adam Goldman (1): firewire: ohci: mask bus reset interrupts between ISR and bottom half Adam Skladowski (1): clk: qcom: smd-rpm: Restore msm8976 num_clk Al Viro (1): qibfs: fix dentry leak Alan Stern (2): usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device USB: core: Fix access violation during port device removal Aleksa Savic (3): hwmon: (corsair-cpro) Use a separate buffer for sending commands hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock Alex Deucher (2): drm/radeon: silence UBSAN warning (v3) drm/amdkfd: don't allow mapping the MMIO HDP page with large pages Alex Hung (1): drm/amd/display: Skip on writeback when it's not applicable Alexander Potapenko (1): kmsan: compiler_types: declare __no_sanitize_or_inline Alexander Usyskin (1): mei: me: add lunar lake point M DID Alexandra Winter (1): s390/qeth: Fix kernel panic after setting hsuid Amadeusz Sławiński (1): ASoC: Intel: avs: Set name of control as in topology Aman Dhoot (1): ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU Amit Sunil Dhamne (1): usb: typec: tcpm: unregister existing source caps before re-registration Anand Jain (1): btrfs: return accurate error code on open failure in open_fs_devices() Andi Shyti (1): drm/i915/gt: Automate CCS Mode setting during engine resets Andrei Matei (1): bpf: Check bloom filter map value size Andrew Price (1): gfs2: Fix invalid metadata access in punch_hole Andrii Nakryiko (1): bpf, kconfig: Fix DEBUG_INFO_BTF_MODULES Kconfig definition André Apitzsch (1): regulator: tps65132: Add of_match table Andy Shevchenko (5): drm/panel: ili9341: Correct use of device property APIs drm/panel: ili9341: Respect deferred probe drm/panel: ili9341: Use predefined error codes gpio: wcove: Use -ENOTSUPP consistently gpio: crystalcove: Use -ENOTSUPP consistently AngeloGioacchino Del Regno (2): power: supply: mt6360_charger: Fix of_match for usb-otg-vbus regulator regulator: mt6360: De-capitalize devicetree regulator subnodes Anton Protopopov (1): bpf: Fix a verifier verbose message Arjan van de Ven (2): VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist dmaengine: idxd: add a new security check to deal with a hardware erratum Arnd Bergmann (1): power: rt9455: hide unused rt9455_boost_voltage_values Asbjørn Sloth Tønnesen (4): net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() net: qede: use return from qede_parse_flow_attr() for flower net: qede: use return from qede_parse_flow_attr() for flow_spec net: qede: use return from qede_parse_actions() Ashutosh Dixit (1): drm/xe: Label RING_CONTEXT_CONTROL as masked Badhri Jagan Sridharan (1): usb: typec: tcpm: Check for port partner validity before consuming it Benjamin Berg (1): wifi: iwlwifi: mvm: guard against invalid STA ID on removal Benno Lossin (1): rust: macros: fix soundness issue in `module!` macro Bernhard Rosenkränzer (1): platform/x86: acer-wmi: Add support for Acer PH18-71 Billy Tsai (1): pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T Boris Burkov (2): btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve btrfs: always clear PERTRANS metadata during commit Borislav Petkov (AMD) (1): kbuild: Disable KCSAN for autogenerated *.mod.c intermediaries Boy.Wu (1): ARM: 9381/1: kasan: clear stale stack poison Bui Quang Minh (4): ice: ensure the copied buf is NUL terminated bna: ensure the copied buf is NUL terminated octeontx2-af: avoid off-by-one read from userspace s390/cio: Ensure the copied buf is NUL terminated Chaitanya Kumar Borah (1): drm/i915/audio: Fix audio time stamp programming for DP Chen Ni (1): ata: sata_gemini: Check clk_enable() result Chen Yu (2): efi/unaccepted: touch soft lockup during memory accept tools/power turbostat: Do not print negative LPI residency Chen-Yu Tsai (3): pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE arm64: dts: mediatek: mt8183-pico6: Fix bluetooth node Chris Wulff (1): usb: gadget: f_fs: Fix a race condition when processing setup packets. Christian A. Ehrhardt (2): usb: typec: ucsi: Check for notifications after init usb: typec: ucsi: Fix connector check on init Christian König (1): drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 Chuck Lever (1): NFSD: Fix nfsd4_encode_fattr4() crasher Claudio Imbrenda (2): s390/mm: Fix storage key clearing for guest huge pages s390/mm: Fix clearing storage keys for huge pages Conor Dooley (2): firmware: microchip: don't unconditionally print validation success spi: microchip-core-qspi: fix setting spi bus clock rate Dai Ngo (1): NFSD: add support for CB_GETATTR callback Dan Carpenter (2): pinctrl: core: delete incorrect free in pinctrl_enable() mm/slab: make __free(kfree) accept error pointers Daniel Golle (1): dt-bindings: net: mediatek: remove wrongly added clocks and SerDes Dave Airlie (1): Revert "drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()" David Bauer (1): net l2tp: drop flow hash on forward David Howells (4): Fix a potential infinite loop in extract_user_to_sg() rxrpc: Fix the names of the fields in the ACK trailer struct rxrpc: Fix congestion control algorithm rxrpc: Only transmit one ACK per jumbo packet received David Lechner (2): spi: axi-spi-engine: use common AXI macros spi: axi-spi-engine: fix version format string Devyn Liu (1): spi: hisi-kunpeng: Delete the dump interface of data registers in debugfs Dominique Martinet (1): btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() Donald Hunter (1): netlink: specs: Add missing bridge linkinfo attrs Doug Berger (3): net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() net: bcmgenet: synchronize UMAC_CMD access Doug Smythies (1): tools/power turbostat: Fix added raw MSR output Douglas Anderson (1): drm/connector: Add \n to message about demoting connector force-probes Duoming Zhou (2): Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout Eric Dumazet (8): net: add copy_safe_from_sockptr() helper nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets phonet: fix rtm_phonet_notify() skb allocation ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() net-sysfs: convert dev->operstate reads to lockless ones ipv6: annotate data-races around cnf.disable_ipv6 ipv6: prevent NULL dereference in ip6_output() Eric Van Hensbergen (2): fs/9p: fix uninitialized values during inode evict fs/9p: remove erroneous nlink init from legacy stat2inode Felix Fietkau (3): net: bridge: fix multicast-to-unicast with fraglist GSO net: core: reject skb_copy(_expand) for fraglist GSO skbs net: bridge: fix corrupted ethernet header on multicast-to-unicast Frank Oltmanns (2): clk: sunxi-ng: common: Support minimum and maximum rate clk: sunxi-ng: a64: Set minimum and maximum rate for PLL-MIPI Gabe Teeger (1): drm/amd/display: Atom Integrated System Info v2_2 for DCN35 Gaurav Batra (1): powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE George Shen (1): drm/amd/display: Handle Y carry-over in VCP X.Y calculation Greg Kroah-Hartman (1): Linux 6.8.10 Gregory Detal (1): mptcp: only allow set existing scheduler for net.mptcp.scheduler Guenter Roeck (1): usb: ohci: Prevent missed ohci interrupts Guillaume Nault (3): vxlan: Fix racy device stats updates. vxlan: Add missing VNI filter counter update in arp_reduce(). vxlan: Pull inner IP header in vxlan_rcv(). Hans de Goede (3): pinctrl: baytrail: Fix selecting gpio pinctrl state iio: accel: mxc4005: Interrupt handling fixes iio: accel: mxc4005: Reset chip on probe() and resume() Hersen Wu (1): drm/amd/display: Fix incorrect DSC instance for MST Himal Prasad Ghimiray (1): drm/xe/xe_migrate: Cast to output precision before multiplying operands Ian Forbes (1): drm/vmwgfx: Fix Legacy Display Unit Ido Schimmel (1): selftests: test_bridge_neigh_suppress.sh: Fix failures due to duplicate MAC Igor Artemiev (1): wifi: cfg80211: fix rdev_dump_mpp() arguments order Ivan Avdeev (1): usb: gadget: uvc: use correct buffer size when parsing configfs lists Jacek Lawrynowicz (2): accel/ivpu: Remove d3hot_after_power_off WA accel/ivpu: Fix missed error message after VPU rename Jan Dakinevich (1): pinctrl/meson: fix typo in PDM's pin name Jason Gunthorpe (1): iommu/arm-smmu: Use the correct type in nvidia_smmu_context_fault() Jason Xing (1): bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Javier Carrasco (1): dt-bindings: iio: health: maxim,max30102: fix compatible check Jeff Johnson (1): wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc Jeff Layton (2): vboxsf: explicitly deny setlease attempts 9p: explicitly deny setlease attempts Jeffrey Altman (1): rxrpc: Clients must accept conn from any address Jens Remus (1): s390/vdso: Add CFI for RA register to asm macro vdso_func Jernej Skrabec (1): clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change Jerome Brunet (7): ASoC: meson: axg-fifo: use FIELD helpers ASoC: meson: axg-fifo: use threaded irq to check periods ASoC: meson: axg-card: make links nonatomic ASoC: meson: axg-tdm-interface: manage formatters in trigger ASoC: meson: cards: select SND_DYNAMIC_MINORS drm/meson: dw-hdmi: power up phy on device init drm/meson: dw-hdmi: add bandgap setting for g12 Jian Shen (1): net: hns3: direct return when receive a unknown mailbox message Jiaxun Yang (1): MIPS: scall: Save thread_info.syscall unconditionally on entry Jim Cromie (1): dyndbg: fix old BUG_ON in >control parser Joakim Sindholt (4): fs/9p: only translate RWX permissions for plain 9P2000 fs/9p: translate O_TRUNC into OTRUNC fs/9p: fix the cache always being enabled on files with qid flags fs/9p: drop inodes immediately on non-.L too Joao Paulo Goncalves (1): ASoC: ti: davinci-mcasp: Fix race condition during probe Johan Hovold (9): regulator: core: fix debugfs creation regression Bluetooth: qca: fix invalid device address check Bluetooth: qca: fix wcn3991 device address check Bluetooth: qca: add missing firmware sanity checks Bluetooth: qca: fix NVM configuration parsing Bluetooth: qca: generalise device address check Bluetooth: qca: fix info leak when fetching board id Bluetooth: qca: fix info leak when fetching fw build id Bluetooth: qca: fix firmware check error path Johannes Berg (3): wifi: nl80211: don't free NULL coalescing rule wifi: mac80211: fix prep_connection error path wifi: iwlwifi: read txq->read_ptr under lock John Stultz (1): selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior Jonathan Kim (1): drm/amdkfd: range check cp bad op exception interrupts Josef Bacik (7): sunrpc: add a struct rpc_stats arg to rpc_create_args nfs: expose /proc/net/sunrpc/nfs in net namespaces nfs: make the rpc_stat per net namespace nfsd: rename NFSD_NET_* to NFSD_STATS_* nfsd: expose /proc/net/sunrpc/nfsd in net namespaces nfsd: make all of the nfsd stats per-network namespace btrfs: make sure that WRITTEN is set on all metadata blocks Justin Ernst (1): tools/power/turbostat: Fix uncore frequency file string Justin Tee (6): scsi: lpfc: Move NPIV's transport unregistration to after resource clean up scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() scsi: lpfc: Use a dedicated lock for ras_fwlog state Karthikeyan Ramasubramanian (1): drm/i915/bios: Fix parsing backlight BDB data Kees Cook (1): nouveau/gsp: Avoid addressing beyond end of rpc->entries Kefeng Wang (1): mm: use memalloc_nofs_save() in page_cache_ra_order() Kenneth Feng (1): drm/amd/pm: fix the high voltage issue after unload Kent Gibson (1): gpiolib: cdev: fix uninitialised kfifo Krzysztof Kozlowski (2): iommu: mtk: fix module autoloading gpio: lpc32xx: fix module autoloading Kuniyuki Iwashima (3): nfs: Handle error of rpc_proc_register() in nfs_net_init(). nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Lakshmi Yadlapati (1): hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us Len Brown (2): tools/power turbostat: Expand probe_intel_uncore_frequency() tools/power turbostat: Fix warning upon failed /dev/cpu_dma_latency read Li Ma (1): drm/amd/display: add DCN 351 version for microcode load Li Nan (2): block: fix overflow in blk_ioctl_discard() blk-iocost: do not WARN if iocg was already offlined Liam R. Howlett (1): maple_tree: fix mas_empty_area_rev() null pointer dereference Lijo Lazar (2): drm/amdgpu: Refine IB schedule error logging drm/amdgpu: Fix VCN allocation in CPX partition Linus Torvalds (1): Reapply "drm/qxl: simplify qxl_fence_wait" Lucas De Marchi (2): drm/xe/display: Fix ADL-N detection drm/xe: Fix END redefinition Lukasz Majewski (1): hsr: Simplify code for announcing HSR nodes timer setup Lyude Paul (3): drm/nouveau/dp: Don't probe eDP ports twice harder drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor() drm/nouveau/gsp: Use the sg allocator for level 2 of radix3 Mans Rullgard (1): spi: fix null pointer dereference within spi_sync Marek Behún (1): net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 Marek Szyprowski (1): clk: samsung: Revert "clk: Use device_get_match_data()" Marek Vasut (1): net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs Mario Limonciello (2): platform/x86/amd: pmf: Decrease error message to debug dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users Mark Rutland (1): selftests/ftrace: Fix event filter target_func selection Matt Coster (1): drm/imagination: Ensure PVR_MIPS_PT_PAGE_COUNT is never zero Matti Vaittinen (2): regulator: change stubbed devm_regulator_get_enable to return Ok regulator: change devm_regulator_get_enable_optional() stub to return Ok Maurizio Lombardi (1): scsi: target: Fix SELinux error when systemd-modules loads the target module Max Filippov (1): xtensa: fix MAKE_PC_FROM_RA second argument Michael Ellerman (2): powerpc/crypto/chacha-p10: Fix failure on non Power10 selftests/mm: fix powerpc ARCH check Michael Kelley (1): Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted Michel Dänzer (1): drm/amdgpu: Fix comparison in amdgpu_res_cpu_visible Mukul Joshi (1): drm/amdkfd: Check cgroup when returning DMABuf info Namjae Jeon (3): ksmbd: off ipv6only for both ipv4/ipv6 binding ksmbd: avoid to send duplicate lease break notifications ksmbd: do not grant v2 lease if parent lease key and epoch are not set Nayna Jain (1): powerpc/pseries: make max polling consistent for longer H_CALLs Nicholas Kazlauskas (1): drm/amd/display: Fix idle optimization checks for multi-display and dual eDP Nicolas Bouchinet (1): mm/slub: avoid zeroing outside-object freepointer for single free Nikhil Rao (1): dmaengine: idxd: add a write() method for applications to submit work Olga Kornievskaia (1): SUNRPC: add a missing rpc_stat for TCP TLS Oliver Upton (1): KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() Oswald Buddenhagen (4): ALSA: emu10k1: fix E-MU card dock presence monitoring ALSA: emu10k1: factor out snd_emu1010_load_dock_firmware() ALSA: emu10k1: move the whole GPIO event handling to the workqueue ALSA: emu10k1: fix E-MU dock initialization Paolo Abeni (2): mptcp: ensure snd_nxt is properly initialized on connect tipc: fix UAF in error path Patryk Wlazlyn (1): tools/power turbostat: Print ucode revision only if valid Paul Davey (1): xfrm: Preserve vlan tags for transport mode software GRO Peiyang Wang (4): net: hns3: using user configure after hardware reset net: hns3: change type of numa_node_mask as nodemask_t net: hns3: release PTP resources if pf initialization failed net: hns3: use appropriate barrier function after setting a bit value Peng Liu (1): tools/power turbostat: Fix Bzy_MHz documentation typo Peter Korsgaard (1): usb: gadget: composite: fix OS descriptors w_value logic Peter Ujfalusi (1): ASoC: SOF: Intel: hda-dsp: Skip IMR boot on ACE platforms in case of S3 suspend Peter Wang (2): scsi: ufs: core: WLUN suspend dev/link state error recovery scsi: ufs: core: Fix MCQ mode dev command timeout Peter Xu (1): mm/userfaultfd: reset ptes when close() for wr-protected ones Phil Elwell (1): net: bcmgenet: Reset RBUF on first open Pierre-Louis Bossart (2): ASoC: SOF: Intel: add default firmware library path for LNL ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() Puranjay Mohan (1): arm32, bpf: Reimplement sign-extension mov instruction Qu Wenruo (2): btrfs: set correct ram_bytes when splitting ordered extent btrfs: qgroup: do not check qgroup inherit if qgroup is disabled RD Babiera (1): usb: typec: tcpm: clear pd_event queue in PORT_RESET Rafael J. Wysocki (3): thermal/debugfs: Free all thermal zone debug memory on zone removal thermal/debugfs: Fix two locking issues with thermal zone debug thermal/debugfs: Prevent use-after-free from occurring after cdev removal Ramona Gradinariu (1): iio:imu: adis16475: Fix sync mode setting Richard Fitzgerald (1): regmap: Add regmap_read_bypassed() Richard Gobert (2): net: gro: fix udp bad offset in socket lookup by adding {inner_}network_offset to napi_gro_cb net: gro: add flush check in udp_gro_receive_segment Rick Edgecombe (4): Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl hv_netvsc: Don't free decrypted memory uio_hv_generic: Don't free decrypted memory Rik van Riel (1): blk-iocost: avoid out of bounds shift Roded Zats (1): rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Rohit Ner (1): scsi: ufs: core: Fix MCQ MAC configuration Ryan Roberts (2): fs/proc/task_mmu: fix loss of young/dirty bits during pagemap scan fs/proc/task_mmu: fix uffd-wp confusion in pagemap_scan_pmd_entry() Sameer Pujar (1): ASoC: tegra: Fix DSPK 16-bit playback Saurav Kashyap (1): scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload Sean Anderson (1): nvme-pci: Add quirk for broken MSIs Sebastian Andrzej Siewior (1): cxgb4: Properly lock TX queue for the selftest. Shashank Sharma (1): drm/amdgpu: fix doorbell regression Shigeru Yoshida (2): ipv4: Fix uninit-value access in __ip_make_skb() ipv6: Fix potential uninit-value access in __ip6_make_skb() Shin'ichiro Kawasaki (1): scsi: mpi3mr: Avoid memcpy field-spanning write WARNING Shubhrajyoti Datta (1): EDAC/versal: Do not log total error counts Silvio Gissi (1): keys: Fix overwrite of key expiration on instantiation Srinivas Kandagatla (1): ASoC: codecs: wsa881x: set clk_stop_mode1 flag Srinivas Pandruvada (1): platform/x86: ISST: Add Granite Rapids-D to HPM CPU list Steffen Bätz (1): net: dsa: mv88e6xxx: add phylink_get_caps for the mv88e6320/21 family Stephen Boyd (1): clk: Don't hold prepare_lock when calling kref_put() Steve French (1): smb3: fix broken reconnect when password changing on the server by allowing password rotation Steven Rostedt (Google) (3): tracefs: Reset permissions on remount if permissions are options tracefs: Still use mount point as default permissions for instances eventfs: Do not treat events directory different than other directories Sungwoo Kim (2): Bluetooth: msft: fix slab-use-after-free in msft_do_close() Bluetooth: HCI: Fix potential null-ptr-deref Sven Schnelle (1): workqueue: Fix selection of wake_cpu in kick_pool() Takashi Iwai (2): ALSA: line6: Zero-initialize message buffers ALSA: hda/realtek: Fix conflicting PCI SSID 17aa:386f for Lenovo Legion models Takashi Sakamoto (1): firewire: ohci: fulfill timestamp for some local asynchronous transaction Tao Zhou (1): drm/amdgpu: implement IRQ_STATE_ENABLE for SDMA v4.4.2 Tetsuo Handa (1): nfc: nci: Fix kcov check in nci_rx_work() Thadeu Lima de Souza Cascardo (1): net: fix out-of-bounds access in ops_init Thanassis Avgerinos (1): firewire: nosy: ensure user_length is taken into account when fetching packet contents Thierry Reding (1): gpu: host1x: Do not setup DMA for virtual devices Thinh Nguyen (2): usb: xhci-plat: Don't include xhci.h usb: dwc3: core: Prevent phy suspend during init Thomas Bertschinger (1): rust: module: place generated init_module() function in .init.text Thomas Gleixner (1): x86/apic: Don't access the APIC when disabling x2APIC Thomas Weißschuh (1): misc/pvpanic-pci: register attributes via pci_driver Toke Høiland-Jørgensen (1): xdp: use flags field to disambiguate broadcast redirect Uwe Kleine-König (1): OSS: dmasound/paula: Mark driver struct with __refdata to prevent section mismatch Vanillan Wang (1): net:usb:qmi_wwan: support Rolling modules Vasant Hegde (1): iommu/amd: Enhance def_domain_type to handle untrusted device Vasileios Amoiridis (2): iio: pressure: Fixes BME280 SPI driver data iio: pressure: Fixes SPI support for BMP3xx devices Viken Dadhaniya (1): slimbus: qcom-ngd-ctrl: Add timeout for wait operation Vitaly Lifshits (1): e1000e: change usleep_range to udelay in PHY mdic access Volodymyr Babchuk (1): arm64: dts: qcom: sa8155p-adp: fix SDHC2 CD pin configuration Wachowski, Karol (1): accel/ivpu: Improve clarity of MMU error messages Wei Yang (3): memblock tests: fix undefined reference to `early_pfn_to_nid' memblock tests: fix undefined reference to `panic' memblock tests: fix undefined reference to `BIT' Wen Gu (1): net/smc: fix neighbour and rtable leak in smc_ib_find_route() Wesley Cheng (1): usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete Will Deacon (1): swiotlb: initialise restricted pool list_head when SWIOTLB_DYNAMIC=y Wyes Karny (1): tools/power turbostat: Increase the limit for fd opened Xiang Chen (1): scsi: hisi_sas: Handle the NCQ error returned by D2H frame Xin Long (1): tipc: fix a possible memleak in tipc_buf_append Xu Kuohai (2): bpf, arm64: Fix incorrect runtime stats riscv, bpf: Fix incorrect runtime stats Yi Zhang (1): nvme: fix warn output about shared namespaces without CONFIG_NVME_MULTIPATH Yifan Zhang (1): drm/amdgpu: add smu 14.0.1 discovery support Yihang Li (1): scsi: libsas: Align SMP request allocation to ARCH_DMA_MINALIGN Yonglong Liu (2): net: hns3: fix port vlan filter not disabled issue net: hns3: fix kernel crash when devlink reload during initialization Yuezhang Mo (1): exfat: fix timing of synchronizing bitmap and inode Zack Rusin (2): drm/ttm: Print the memory decryption status just once drm/vmwgfx: Fix invalid reads in fence signaled events Zeng Heng (1): pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() Zhang Yi (2): ASoC: codecs: ES8326: Solve error interruption issue ASoC: codecs: ES8326: modify clock table Zhigang Luo (1): amd/amdkfd: sync all devices to wait all processes being evicted Zhongqiu Han (1): gpiolib: cdev: Fix use after free in lineinfo_changed_notify linke li (1): net: mark racy access on sk->sk_rcvbuf

1 year, 4 months

1
1
0 0

Linux 6.6.31

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.31 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/iio/health/maxim,max30102.yaml | 2 Documentation/devicetree/bindings/net/mediatek,net.yaml | 22 Makefile | 2 arch/arm/kernel/sleep.S | 4 arch/arm64/boot/dts/qcom/sa8155p-adp.dts | 30 arch/arm64/kvm/vgic/vgic-kvm-device.c | 12 arch/arm64/net/bpf_jit_comp.c | 6 arch/mips/include/asm/ptrace.h | 2 arch/mips/kernel/asm-offsets.c | 1 arch/mips/kernel/ptrace.c | 15 arch/mips/kernel/scall32-o32.S | 23 arch/mips/kernel/scall64-n32.S | 3 arch/mips/kernel/scall64-n64.S | 3 arch/mips/kernel/scall64-o32.S | 33 arch/powerpc/crypto/chacha-p10-glue.c | 8 arch/powerpc/include/asm/plpks.h | 5 arch/powerpc/platforms/pseries/iommu.c | 8 arch/powerpc/platforms/pseries/plpks.c | 10 arch/riscv/net/bpf_jit_comp64.c | 6 arch/s390/include/asm/dwarf.h | 1 arch/s390/kernel/vdso64/vdso_user_wrapper.S | 2 arch/s390/mm/gmap.c | 2 arch/s390/mm/hugetlbpage.c | 2 arch/x86/kernel/apic/apic.c | 16 arch/xtensa/include/asm/processor.h | 8 arch/xtensa/include/asm/ptrace.h | 2 arch/xtensa/kernel/process.c | 5 arch/xtensa/kernel/stacktrace.c | 3 block/blk-iocost.c | 14 block/ioctl.c | 5 drivers/ata/sata_gemini.c | 5 drivers/base/regmap/regmap.c | 37 + drivers/bluetooth/btqca.c | 206 +++++- drivers/bluetooth/btqca.h | 8 drivers/bluetooth/hci_qca.c | 13 drivers/clk/clk.c | 12 drivers/clk/qcom/clk-smd-rpm.c | 1 drivers/clk/sunxi-ng/ccu-sun50i-a64.c | 2 drivers/clk/sunxi-ng/ccu-sun50i-h6.c | 19 drivers/clk/sunxi-ng/ccu_common.c | 19 drivers/clk/sunxi-ng/ccu_common.h | 3 drivers/dma/idxd/cdev.c | 77 ++ drivers/dma/idxd/idxd.h | 3 drivers/dma/idxd/init.c | 4 drivers/dma/idxd/registers.h | 3 drivers/dma/idxd/sysfs.c | 27 drivers/firewire/nosy.c | 6 drivers/firewire/ohci.c | 14 drivers/gpio/gpio-crystalcove.c | 2 drivers/gpio/gpio-lpc32xx.c | 1 drivers/gpio/gpio-wcove.c | 2 drivers/gpio/gpiolib-cdev.c | 181 ++++- drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 7 drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 14 drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 52 - drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c | 15 drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c | 16 drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 11 drivers/gpu/drm/amd/amdkfd/kfd_device.c | 17 drivers/gpu/drm/amd/amdkfd/kfd_int_process_v10.c | 3 drivers/gpu/drm/amd/amdkfd/kfd_int_process_v11.c | 3 drivers/gpu/drm/amd/amdkfd/kfd_int_process_v9.c | 3 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 10 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 48 + drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 1 drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hpo_dp_link_encoder.c | 6 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c | 2 drivers/gpu/drm/drm_connector.c | 2 drivers/gpu/drm/i915/display/intel_audio.c | 113 --- drivers/gpu/drm/i915/display/intel_bios.c | 19 drivers/gpu/drm/i915/display/intel_vbt_defs.h | 5 drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c | 6 drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h | 2 drivers/gpu/drm/i915/gt/intel_workarounds.c | 4 drivers/gpu/drm/meson/meson_dw_hdmi.c | 70 -- drivers/gpu/drm/nouveau/nouveau_dp.c | 13 drivers/gpu/drm/panel/Kconfig | 2 drivers/gpu/drm/panel/panel-ilitek-ili9341.c | 13 drivers/gpu/drm/qxl/qxl_release.c | 50 - drivers/gpu/drm/radeon/pptable.h | 10 drivers/gpu/drm/ttm/ttm_tt.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 1 drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 drivers/gpu/host1x/bus.c | 8 drivers/hv/channel.c | 29 drivers/hv/connection.c | 29 drivers/hwmon/corsair-cpro.c | 45 - drivers/hwmon/pmbus/ucd9000.c | 6 drivers/iio/accel/mxc4005.c | 24 drivers/iio/imu/adis16475.c | 4 drivers/iio/pressure/bmp280-spi.c | 4 drivers/infiniband/hw/qib/qib_fs.c | 1 drivers/iommu/mtk_iommu.c | 1 drivers/iommu/mtk_iommu_v1.c | 1 drivers/md/md.c | 1 drivers/misc/eeprom/at24.c | 47 + drivers/misc/mei/hw-me-regs.h | 2 drivers/misc/mei/pci-me.c | 2 drivers/mtd/mtdcore.c | 2 drivers/net/dsa/mv88e6xxx/chip.c | 20 drivers/net/ethernet/broadcom/genet/bcmgenet.c | 32 drivers/net/ethernet/broadcom/genet/bcmgenet.h | 4 drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 8 drivers/net/ethernet/broadcom/genet/bcmmii.c | 6 drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 4 drivers/net/ethernet/chelsio/cxgb4/sge.c | 6 drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 52 - drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.h | 5 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 7 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 20 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 2 drivers/net/ethernet/intel/e1000e/phy.c | 8 drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c | 4 drivers/net/ethernet/micrel/ks8851_common.c | 16 drivers/net/ethernet/qlogic/qede/qede_filter.c | 14 drivers/net/hyperv/netvsc.c | 7 drivers/net/usb/qmi_wwan.c | 1 drivers/net/vxlan/vxlan_core.c | 49 + drivers/net/wireless/intel/iwlwifi/mvm/mld-sta.c | 7 drivers/net/wireless/intel/iwlwifi/queue/tx.c | 2 drivers/nvme/host/core.c | 2 drivers/nvme/host/nvme.h | 5 drivers/nvme/host/pci.c | 14 drivers/nvmem/apple-efuses.c | 1 drivers/nvmem/core.c | 8 drivers/nvmem/imx-ocotp-scu.c | 1 drivers/nvmem/imx-ocotp.c | 1 drivers/nvmem/meson-efuse.c | 1 drivers/nvmem/meson-mx-efuse.c | 1 drivers/nvmem/microchip-otpc.c | 1 drivers/nvmem/mtk-efuse.c | 1 drivers/nvmem/qcom-spmi-sdam.c | 1 drivers/nvmem/qfprom.c | 1 drivers/nvmem/rave-sp-eeprom.c | 1 drivers/nvmem/rockchip-efuse.c | 1 drivers/nvmem/sc27xx-efuse.c | 1 drivers/nvmem/sec-qfprom.c | 1 drivers/nvmem/sprd-efuse.c | 1 drivers/nvmem/stm32-romem.c | 1 drivers/nvmem/sunplus-ocotp.c | 1 drivers/nvmem/sunxi_sid.c | 1 drivers/nvmem/uniphier-efuse.c | 1 drivers/nvmem/zynqmp_nvmem.c | 1 drivers/pinctrl/aspeed/pinctrl-aspeed-g6.c | 34 - drivers/pinctrl/core.c | 8 drivers/pinctrl/devicetree.c | 10 drivers/pinctrl/intel/pinctrl-baytrail.c | 74 +- drivers/pinctrl/intel/pinctrl-intel.h | 4 drivers/pinctrl/mediatek/pinctrl-paris.c | 40 - drivers/pinctrl/meson/pinctrl-meson-a1.c | 6 drivers/platform/x86/intel/speed_select_if/isst_if_common.c | 1 drivers/power/supply/mt6360_charger.c | 2 drivers/power/supply/rt9455_charger.c | 2 drivers/regulator/core.c | 27 drivers/regulator/mt6360-regulator.c | 32 drivers/regulator/tps65132-regulator.c | 7 drivers/rtc/nvmem.c | 1 drivers/s390/cio/cio_inject.c | 2 drivers/s390/net/qeth_core_main.c | 61 - drivers/scsi/bnx2fc/bnx2fc_tgt.c | 2 drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 10 drivers/scsi/libsas/sas_expander.c | 2 drivers/scsi/lpfc/lpfc.h | 2 drivers/scsi/lpfc/lpfc_attr.c | 4 drivers/scsi/lpfc/lpfc_bsg.c | 20 drivers/scsi/lpfc/lpfc_debugfs.c | 12 drivers/scsi/lpfc/lpfc_els.c | 20 drivers/scsi/lpfc/lpfc_hbadisc.c | 5 drivers/scsi/lpfc/lpfc_init.c | 5 drivers/scsi/lpfc/lpfc_nvme.c | 4 drivers/scsi/lpfc/lpfc_scsi.c | 13 drivers/scsi/lpfc/lpfc_sli.c | 34 - drivers/scsi/lpfc/lpfc_vport.c | 8 drivers/scsi/mpi3mr/mpi3mr_app.c | 2 drivers/slimbus/qcom-ngd-ctrl.c | 6 drivers/spi/spi-axi-spi-engine.c | 227 +++--- drivers/spi/spi-hisi-kunpeng.c | 2 drivers/spi/spi-microchip-core-qspi.c | 1 drivers/spi/spi.c | 1 drivers/target/target_core_configfs.c | 12 drivers/ufs/core/ufs-mcq.c | 2 drivers/ufs/core/ufshcd.c | 9 drivers/uio/uio_hv_generic.c | 12 drivers/usb/core/hub.c | 5 drivers/usb/core/port.c | 8 drivers/usb/dwc3/core.c | 90 +- drivers/usb/dwc3/core.h | 1 drivers/usb/dwc3/gadget.c | 2 drivers/usb/dwc3/host.c | 27 drivers/usb/gadget/composite.c | 6 drivers/usb/gadget/function/f_fs.c | 9 drivers/usb/gadget/function/uvc_configfs.c | 4 drivers/usb/host/ohci-hcd.c | 8 drivers/usb/host/xhci-plat.h | 4 drivers/usb/host/xhci-rzv2m.c | 1 drivers/usb/typec/tcpm/tcpm.c | 36 - drivers/usb/typec/ucsi/ucsi.c | 12 drivers/vfio/pci/vfio_pci.c | 2 drivers/w1/slaves/w1_ds250x.c | 1 fs/9p/fid.h | 3 fs/9p/vfs_file.c | 2 fs/9p/vfs_inode.c | 5 fs/9p/vfs_super.c | 1 fs/btrfs/extent_io.c | 14 fs/btrfs/inode.c | 2 fs/btrfs/ordered-data.c | 1 fs/btrfs/send.c | 4 fs/btrfs/transaction.c | 2 fs/btrfs/volumes.c | 18 fs/gfs2/bmap.c | 5 fs/nfs/client.c | 5 fs/nfs/inode.c | 13 fs/nfs/internal.h | 2 fs/nfs/netns.h | 2 fs/smb/client/cifsglob.h | 1 fs/smb/client/connect.c | 8 fs/smb/client/fs_context.c | 21 fs/smb/client/fs_context.h | 2 fs/smb/client/misc.c | 1 fs/smb/client/smb2pdu.c | 11 fs/smb/server/oplock.c | 35 - fs/smb/server/transport_tcp.c | 4 fs/tracefs/event_inode.c | 45 - fs/tracefs/inode.c | 92 ++ fs/tracefs/internal.h | 7 fs/userfaultfd.c | 4 fs/vboxsf/file.c | 1 include/linux/compiler_types.h | 11 include/linux/dma-fence.h | 7 include/linux/gfp_types.h | 2 include/linux/hyperv.h | 1 include/linux/nvmem-provider.h | 2 include/linux/pci_ids.h | 2 include/linux/regmap.h | 8 include/linux/regulator/consumer.h | 4 include/linux/skbuff.h | 15 include/linux/skmsg.h | 2 include/linux/slab.h | 2 include/linux/sunrpc/clnt.h | 1 include/net/gro.h | 9 include/net/xfrm.h | 3 include/sound/emu10k1.h | 3 include/sound/sof.h | 7 include/trace/events/rxrpc.h | 2 include/uapi/linux/kfd_ioctl.h | 17 include/uapi/scsi/scsi_bsg_mpi3mr.h | 2 kernel/bpf/bloom_filter.c | 13 kernel/bpf/verifier.c | 3 kernel/dma/swiotlb.c | 1 kernel/workqueue.c | 8 lib/Kconfig.debug | 5 lib/dynamic_debug.c | 6 lib/maple_tree.c | 16 lib/scatterlist.c | 2 mm/hugetlb.c | 4 mm/readahead.c | 4 net/8021q/vlan_core.c | 2 net/bluetooth/hci_core.c | 3 net/bluetooth/hci_event.c | 2 net/bluetooth/l2cap_core.c | 3 net/bluetooth/msft.c | 2 net/bluetooth/msft.h | 4 net/bluetooth/sco.c | 4 net/bridge/br_forward.c | 9 net/bridge/br_netlink.c | 3 net/core/filter.c | 42 - net/core/gro.c | 1 net/core/link_watch.c | 4 net/core/net-sysfs.c | 4 net/core/net_namespace.c | 13 net/core/rtnetlink.c | 6 net/core/skbuff.c | 27 net/core/skmsg.c | 5 net/core/sock.c | 4 net/hsr/hsr_device.c | 31 net/ipv4/af_inet.c | 1 net/ipv4/ip_output.c | 2 net/ipv4/raw.c | 3 net/ipv4/tcp.c | 4 net/ipv4/tcp_input.c | 2 net/ipv4/tcp_ipv4.c | 8 net/ipv4/tcp_output.c | 4 net/ipv4/udp.c | 3 net/ipv4/udp_offload.c | 15 net/ipv4/xfrm4_input.c | 6 net/ipv6/addrconf.c | 11 net/ipv6/fib6_rules.c | 6 net/ipv6/ip6_input.c | 4 net/ipv6/ip6_offload.c | 52 + net/ipv6/ip6_output.c | 4 net/ipv6/udp.c | 3 net/ipv6/udp_offload.c | 3 net/ipv6/xfrm6_input.c | 6 net/l2tp/l2tp_eth.c | 3 net/mac80211/ieee80211_i.h | 4 net/mac80211/mlme.c | 5 net/mptcp/ctrl.c | 39 + net/mptcp/protocol.c | 3 net/nfc/nci/core.c | 1 net/nsh/nsh.c | 14 net/phonet/pn_netlink.c | 2 net/rxrpc/ar-internal.h | 2 net/rxrpc/call_object.c | 7 net/rxrpc/conn_event.c | 16 net/rxrpc/conn_object.c | 9 net/rxrpc/input.c | 71 +- net/rxrpc/output.c | 14 net/rxrpc/protocol.h | 6 net/smc/smc_ib.c | 19 net/sunrpc/clnt.c | 5 net/sunrpc/xprtsock.c | 1 net/tipc/msg.c | 8 net/wireless/nl80211.c | 2 net/wireless/trace.h | 2 net/xfrm/xfrm_input.c | 8 rust/kernel/lib.rs | 2 rust/macros/module.rs | 185 +++-- scripts/Makefile.modfinal | 2 security/keys/key.c | 3 sound/hda/intel-sdw-acpi.c | 2 sound/pci/emu10k1/emu10k1.c | 3 sound/pci/emu10k1/emu10k1_main.c | 139 ++-- sound/pci/hda/patch_realtek.c | 1 sound/soc/codecs/wsa881x.c | 1 sound/soc/intel/avs/topology.c | 2 sound/soc/meson/Kconfig | 1 sound/soc/meson/axg-card.c | 1 sound/soc/meson/axg-fifo.c | 52 - sound/soc/meson/axg-fifo.h | 12 sound/soc/meson/axg-frddr.c | 5 sound/soc/meson/axg-tdm-interface.c | 34 - sound/soc/meson/axg-toddr.c | 22 sound/soc/sof/intel/hda-dsp.c | 20 sound/soc/sof/intel/pci-lnl.c | 3 sound/soc/tegra/tegra186_dspk.c | 7 sound/soc/ti/davinci-mcasp.c | 12 sound/usb/line6/driver.c | 6 tools/include/linux/kernel.h | 1 tools/include/linux/mm.h | 5 tools/include/linux/panic.h | 19 tools/power/x86/turbostat/turbostat.8 | 2 tools/power/x86/turbostat/turbostat.c | 45 + tools/testing/selftests/bpf/prog_tests/bloom_filter_map.c | 6 tools/testing/selftests/bpf/prog_tests/tc_redirect.c | 52 - tools/testing/selftests/ftrace/test.d/filter/event-filter-function.tc | 2 tools/testing/selftests/mm/Makefile | 6 tools/testing/selftests/net/test_bridge_neigh_suppress.sh | 333 ++++------ tools/testing/selftests/timers/valid-adjtimex.c | 73 +- 350 files changed, 3141 insertions(+), 1836 deletions(-) Adam Goldman (1): firewire: ohci: mask bus reset interrupts between ISR and bottom half Adam Skladowski (1): clk: qcom: smd-rpm: Restore msm8976 num_clk Al Viro (1): qibfs: fix dentry leak Alan Stern (2): usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device USB: core: Fix access violation during port device removal Aleksa Savic (3): hwmon: (corsair-cpro) Use a separate buffer for sending commands hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock Alex Deucher (2): drm/radeon: silence UBSAN warning (v3) drm/amdkfd: don't allow mapping the MMIO HDP page with large pages Alex Hung (1): drm/amd/display: Skip on writeback when it's not applicable Alexander Potapenko (1): kmsan: compiler_types: declare __no_sanitize_or_inline Alexander Usyskin (1): mei: me: add lunar lake point M DID Alexandra Winter (1): s390/qeth: Fix kernel panic after setting hsuid Amadeusz Sławiński (1): ASoC: Intel: avs: Set name of control as in topology Aman Dhoot (1): ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU Amit Sunil Dhamne (1): usb: typec: tcpm: unregister existing source caps before re-registration Anand Jain (1): btrfs: return accurate error code on open failure in open_fs_devices() Andi Shyti (1): drm/i915/gt: Automate CCS Mode setting during engine resets Andrei Matei (1): bpf: Check bloom filter map value size Andrew Price (1): gfs2: Fix invalid metadata access in punch_hole Andrii Nakryiko (1): bpf, kconfig: Fix DEBUG_INFO_BTF_MODULES Kconfig definition André Apitzsch (1): regulator: tps65132: Add of_match table Andy Shevchenko (5): drm/panel: ili9341: Correct use of device property APIs drm/panel: ili9341: Respect deferred probe drm/panel: ili9341: Use predefined error codes gpio: wcove: Use -ENOTSUPP consistently gpio: crystalcove: Use -ENOTSUPP consistently AngeloGioacchino Del Regno (2): power: supply: mt6360_charger: Fix of_match for usb-otg-vbus regulator regulator: mt6360: De-capitalize devicetree regulator subnodes Anton Protopopov (1): bpf: Fix a verifier verbose message Arjan van de Ven (2): VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist dmaengine: idxd: add a new security check to deal with a hardware erratum Arnd Bergmann (1): power: rt9455: hide unused rt9455_boost_voltage_values Asbjørn Sloth Tønnesen (4): net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() net: qede: use return from qede_parse_flow_attr() for flower net: qede: use return from qede_parse_flow_attr() for flow_spec net: qede: use return from qede_parse_actions() Badhri Jagan Sridharan (1): usb: typec: tcpm: Check for port partner validity before consuming it Benjamin Berg (1): wifi: iwlwifi: mvm: guard against invalid STA ID on removal Benno Lossin (1): rust: macros: fix soundness issue in `module!` macro Billy Tsai (1): pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T Boris Burkov (2): btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve btrfs: always clear PERTRANS metadata during commit Borislav Petkov (AMD) (1): kbuild: Disable KCSAN for autogenerated *.mod.c intermediaries Boy.Wu (1): ARM: 9381/1: kasan: clear stale stack poison Bui Quang Minh (3): bna: ensure the copied buf is NUL terminated octeontx2-af: avoid off-by-one read from userspace s390/cio: Ensure the copied buf is NUL terminated Bumyong Lee (1): dmaengine: pl330: issue_pending waits until WFP state Chaitanya Kumar Borah (1): drm/i915/audio: Fix audio time stamp programming for DP Chen Ni (1): ata: sata_gemini: Check clk_enable() result Chen-Yu Tsai (2): pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE Chris Wulff (1): usb: gadget: f_fs: Fix a race condition when processing setup packets. Christian A. Ehrhardt (2): usb: typec: ucsi: Check for notifications after init usb: typec: ucsi: Fix connector check on init Christian König (1): drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 Christian Marangi (1): mtd: limit OTP NVMEM cell parse to non-NAND devices Claudio Imbrenda (2): s390/mm: Fix storage key clearing for guest huge pages s390/mm: Fix clearing storage keys for huge pages Conor Dooley (1): spi: microchip-core-qspi: fix setting spi bus clock rate Dan Carpenter (2): pinctrl: core: delete incorrect free in pinctrl_enable() mm/slab: make __free(kfree) accept error pointers Daniel Golle (1): dt-bindings: net: mediatek: remove wrongly added clocks and SerDes Daniel Okazaki (1): eeprom: at24: fix memory corruption race condition Dave Airlie (1): Revert "drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()" David Bauer (1): net l2tp: drop flow hash on forward David Howells (4): Fix a potential infinite loop in extract_user_to_sg() rxrpc: Fix the names of the fields in the ACK trailer struct rxrpc: Fix congestion control algorithm rxrpc: Only transmit one ACK per jumbo packet received David Lechner (5): spi: axi-spi-engine: simplify driver data allocation spi: axi-spi-engine: use devm_spi_alloc_host() spi: axi-spi-engine: move msg state to new struct spi: axi-spi-engine: use common AXI macros spi: axi-spi-engine: fix version format string Devyn Liu (1): spi: hisi-kunpeng: Delete the dump interface of data registers in debugfs Dmitry Antipov (1): btrfs: fix kvcalloc() arguments order in btrfs_ioctl_send() Dominique Martinet (1): btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() Doug Berger (3): net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() net: bcmgenet: synchronize UMAC_CMD access Doug Smythies (1): tools/power turbostat: Fix added raw MSR output Douglas Anderson (1): drm/connector: Add \n to message about demoting connector force-probes Duoming Zhou (2): Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout Eric Dumazet (6): tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets phonet: fix rtm_phonet_notify() skb allocation ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() net-sysfs: convert dev->operstate reads to lockless ones ipv6: annotate data-races around cnf.disable_ipv6 ipv6: prevent NULL dereference in ip6_output() Felix Fietkau (3): net: bridge: fix multicast-to-unicast with fraglist GSO net: core: reject skb_copy(_expand) for fraglist GSO skbs net: bridge: fix corrupted ethernet header on multicast-to-unicast Frank Oltmanns (2): clk: sunxi-ng: common: Support minimum and maximum rate clk: sunxi-ng: a64: Set minimum and maximum rate for PLL-MIPI Gabe Teeger (1): drm/amd/display: Atom Integrated System Info v2_2 for DCN35 Gaurav Batra (1): powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE George Shen (1): drm/amd/display: Handle Y carry-over in VCP X.Y calculation Greg Kroah-Hartman (1): Linux 6.6.31 Gregory Detal (1): mptcp: only allow set existing scheduler for net.mptcp.scheduler Guenter Roeck (1): usb: ohci: Prevent missed ohci interrupts Guillaume Nault (3): vxlan: Fix racy device stats updates. vxlan: Add missing VNI filter counter update in arp_reduce(). vxlan: Pull inner IP header in vxlan_rcv(). Hangbin Liu (1): selftests/net: convert test_bridge_neigh_suppress.sh to run it in unique namespace Hans de Goede (2): pinctrl: baytrail: Fix selecting gpio pinctrl state iio: accel: mxc4005: Interrupt handling fixes Heiner Kallweit (1): eeprom: at24: Probe for DDR3 thermal sensor in the SPD case Hersen Wu (1): drm/amd/display: Fix incorrect DSC instance for MST Ian Forbes (1): drm/vmwgfx: Fix Legacy Display Unit Ido Schimmel (1): selftests: test_bridge_neigh_suppress.sh: Fix failures due to duplicate MAC Igor Artemiev (1): wifi: cfg80211: fix rdev_dump_mpp() arguments order Ivan Avdeev (1): usb: gadget: uvc: use correct buffer size when parsing configfs lists Jan Dakinevich (1): pinctrl/meson: fix typo in PDM's pin name Jason Xing (1): bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Javier Carrasco (1): dt-bindings: iio: health: maxim,max30102: fix compatible check Jeff Johnson (1): wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc Jeff Layton (2): vboxsf: explicitly deny setlease attempts 9p: explicitly deny setlease attempts Jeffrey Altman (1): rxrpc: Clients must accept conn from any address Jens Remus (1): s390/vdso: Add CFI for RA register to asm macro vdso_func Jernej Skrabec (1): clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change Jerome Brunet (7): ASoC: meson: axg-fifo: use FIELD helpers ASoC: meson: axg-fifo: use threaded irq to check periods ASoC: meson: axg-card: make links nonatomic ASoC: meson: axg-tdm-interface: manage formatters in trigger ASoC: meson: cards: select SND_DYNAMIC_MINORS drm/meson: dw-hdmi: power up phy on device init drm/meson: dw-hdmi: add bandgap setting for g12 Jian Shen (1): net: hns3: direct return when receive a unknown mailbox message Jiaxun Yang (1): MIPS: scall: Save thread_info.syscall unconditionally on entry Jim Cromie (1): dyndbg: fix old BUG_ON in >control parser Joakim Sindholt (4): fs/9p: only translate RWX permissions for plain 9P2000 fs/9p: translate O_TRUNC into OTRUNC fs/9p: fix the cache always being enabled on files with qid flags fs/9p: drop inodes immediately on non-.L too Joao Paulo Goncalves (1): ASoC: ti: davinci-mcasp: Fix race condition during probe Johan Hovold (9): regulator: core: fix debugfs creation regression Bluetooth: qca: fix invalid device address check Bluetooth: qca: fix wcn3991 device address check Bluetooth: qca: add missing firmware sanity checks Bluetooth: qca: fix NVM configuration parsing Bluetooth: qca: generalise device address check Bluetooth: qca: fix info leak when fetching board id Bluetooth: qca: fix info leak when fetching fw build id Bluetooth: qca: fix firmware check error path Johannes Berg (3): wifi: nl80211: don't free NULL coalescing rule wifi: mac80211: fix prep_connection error path wifi: iwlwifi: read txq->read_ptr under lock John Stultz (1): selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior Jonathan Kim (1): drm/amdkfd: range check cp bad op exception interrupts Josef Bacik (3): sunrpc: add a struct rpc_stats arg to rpc_create_args nfs: expose /proc/net/sunrpc/nfs in net namespaces nfs: make the rpc_stat per net namespace Justin Ernst (1): tools/power/turbostat: Fix uncore frequency file string Justin Tee (6): scsi: lpfc: Move NPIV's transport unregistration to after resource clean up scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() scsi: lpfc: Use a dedicated lock for ras_fwlog state Karthikeyan Ramasubramanian (1): drm/i915/bios: Fix parsing backlight BDB data Kefeng Wang (1): mm: use memalloc_nofs_save() in page_cache_ra_order() Kent Gibson (2): gpiolib: cdev: relocate debounce_period_us from struct gpio_desc gpiolib: cdev: fix uninitialised kfifo Krzysztof Kozlowski (2): iommu: mtk: fix module autoloading gpio: lpc32xx: fix module autoloading Kuniyuki Iwashima (3): nfs: Handle error of rpc_proc_register() in nfs_net_init(). nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Lakshmi Yadlapati (1): hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us Len Brown (1): tools/power turbostat: Fix warning upon failed /dev/cpu_dma_latency read Li Nan (3): block: fix overflow in blk_ioctl_discard() blk-iocost: do not WARN if iocg was already offlined md: fix kmemleak of rdev->serial Li Zetao (1): spi: spi-axi-spi-engine: Use helper function devm_clk_get_enabled() Liam R. Howlett (1): maple_tree: fix mas_empty_area_rev() null pointer dereference Lijo Lazar (2): drm/amdgpu: Refine IB schedule error logging drm/amdgpu: Fix VCN allocation in CPX partition Linus Torvalds (1): Reapply "drm/qxl: simplify qxl_fence_wait" Lukasz Majewski (1): hsr: Simplify code for announcing HSR nodes timer setup Lyude Paul (2): drm/nouveau/dp: Don't probe eDP ports twice harder drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor() Mans Rullgard (1): spi: fix null pointer dereference within spi_sync Marc Zyngier (1): KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id Marek Behún (1): net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 Marek Vasut (1): net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs Mario Limonciello (1): dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users Mark Rutland (1): selftests/ftrace: Fix event filter target_func selection Matti Vaittinen (2): regulator: change stubbed devm_regulator_get_enable to return Ok regulator: change devm_regulator_get_enable_optional() stub to return Ok Maurizio Lombardi (1): scsi: target: Fix SELinux error when systemd-modules loads the target module Max Filippov (1): xtensa: fix MAKE_PC_FROM_RA second argument Miaohe Lin (1): mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() Michael Ellerman (2): powerpc/crypto/chacha-p10: Fix failure on non Power10 selftests/mm: fix powerpc ARCH check Michael Kelley (1): Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted Michel Dänzer (1): drm/amdgpu: Fix comparison in amdgpu_res_cpu_visible Mukul Joshi (1): drm/amdkfd: Check cgroup when returning DMABuf info Namjae Jeon (3): ksmbd: off ipv6only for both ipv4/ipv6 binding ksmbd: avoid to send duplicate lease break notifications ksmbd: do not grant v2 lease if parent lease key and epoch are not set Nayna Jain (1): powerpc/pseries: make max polling consistent for longer H_CALLs Nikhil Rao (1): dmaengine: idxd: add a write() method for applications to submit work Olga Kornievskaia (1): SUNRPC: add a missing rpc_stat for TCP TLS Oliver Upton (1): KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() Oswald Buddenhagen (4): ALSA: emu10k1: fix E-MU card dock presence monitoring ALSA: emu10k1: factor out snd_emu1010_load_dock_firmware() ALSA: emu10k1: move the whole GPIO event handling to the workqueue ALSA: emu10k1: fix E-MU dock initialization Paolo Abeni (2): mptcp: ensure snd_nxt is properly initialized on connect tipc: fix UAF in error path Patryk Wlazlyn (1): tools/power turbostat: Print ucode revision only if valid Paul Davey (1): xfrm: Preserve vlan tags for transport mode software GRO Pei Xiao (1): Revert "selftests/bpf: Add netkit to tc_redirect selftest" Peiyang Wang (4): net: hns3: using user configure after hardware reset net: hns3: change type of numa_node_mask as nodemask_t net: hns3: release PTP resources if pf initialization failed net: hns3: use appropriate barrier function after setting a bit value Peng Liu (1): tools/power turbostat: Fix Bzy_MHz documentation typo Peter Korsgaard (1): usb: gadget: composite: fix OS descriptors w_value logic Peter Ujfalusi (2): ASoC: SOF: Introduce generic names for IPC types ASoC: SOF: Intel: hda-dsp: Skip IMR boot on ACE platforms in case of S3 suspend Peter Wang (2): scsi: ufs: core: WLUN suspend dev/link state error recovery scsi: ufs: core: Fix MCQ mode dev command timeout Peter Xu (1): mm/userfaultfd: reset ptes when close() for wr-protected ones Phil Elwell (1): net: bcmgenet: Reset RBUF on first open Pierre-Louis Bossart (2): ASoC: SOF: Intel: add default firmware library path for LNL ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() Qu Wenruo (2): btrfs: set correct ram_bytes when splitting ordered extent btrfs: do not wait for short bulk allocation RD Babiera (1): usb: typec: tcpm: clear pd_event queue in PORT_RESET Rafał Miłecki (1): nvmem: add explicit config option to read old syntax fixed OF cells Ramona Gradinariu (1): iio:imu: adis16475: Fix sync mode setting Richard Fitzgerald (1): regmap: Add regmap_read_bypassed() Richard Gobert (3): net: gro: parse ipv6 ext headers without frag0 invalidation net: gro: fix udp bad offset in socket lookup by adding {inner_}network_offset to napi_gro_cb net: gro: add flush check in udp_gro_receive_segment Rick Edgecombe (4): Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl hv_netvsc: Don't free decrypted memory uio_hv_generic: Don't free decrypted memory Rik van Riel (1): blk-iocost: avoid out of bounds shift Roded Zats (1): rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Rohit Ner (1): scsi: ufs: core: Fix MCQ MAC configuration Sameer Pujar (1): ASoC: tegra: Fix DSPK 16-bit playback Saurav Kashyap (1): scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload Sean Anderson (1): nvme-pci: Add quirk for broken MSIs Sebastian Andrzej Siewior (1): cxgb4: Properly lock TX queue for the selftest. Shashank Sharma (1): drm/amdgpu: fix doorbell regression Shigeru Yoshida (2): ipv4: Fix uninit-value access in __ip_make_skb() ipv6: Fix potential uninit-value access in __ip6_make_skb() Shin'ichiro Kawasaki (1): scsi: mpi3mr: Avoid memcpy field-spanning write WARNING Silvio Gissi (1): keys: Fix overwrite of key expiration on instantiation Srinivas Kandagatla (1): ASoC: codecs: wsa881x: set clk_stop_mode1 flag Srinivas Pandruvada (1): platform/x86: ISST: Add Granite Rapids-D to HPM CPU list Steffen Bätz (1): net: dsa: mv88e6xxx: add phylink_get_caps for the mv88e6320/21 family Stephen Boyd (1): clk: Don't hold prepare_lock when calling kref_put() Steve French (1): smb3: fix broken reconnect when password changing on the server by allowing password rotation Steven Rostedt (Google) (3): tracefs: Reset permissions on remount if permissions are options tracefs: Still use mount point as default permissions for instances eventfs: Do not treat events directory different than other directories Sungwoo Kim (2): Bluetooth: msft: fix slab-use-after-free in msft_do_close() Bluetooth: HCI: Fix potential null-ptr-deref Sven Schnelle (1): workqueue: Fix selection of wake_cpu in kick_pool() Takashi Iwai (1): ALSA: line6: Zero-initialize message buffers Takashi Sakamoto (1): firewire: ohci: fulfill timestamp for some local asynchronous transaction Tao Zhou (1): drm/amdgpu: implement IRQ_STATE_ENABLE for SDMA v4.4.2 Tetsuo Handa (1): nfc: nci: Fix kcov check in nci_rx_work() Thadeu Lima de Souza Cascardo (1): net: fix out-of-bounds access in ops_init Thanassis Avgerinos (1): firewire: nosy: ensure user_length is taken into account when fetching packet contents Thierry Reding (1): gpu: host1x: Do not setup DMA for virtual devices Thinh Nguyen (2): usb: xhci-plat: Don't include xhci.h usb: dwc3: core: Prevent phy suspend during init Thomas Bertschinger (1): rust: module: place generated init_module() function in .init.text Thomas Gleixner (1): x86/apic: Don't access the APIC when disabling x2APIC Tim Jiang (1): Bluetooth: qca: add support for QCA2066 Toke Høiland-Jørgensen (1): xdp: use flags field to disambiguate broadcast redirect Vanillan Wang (1): net:usb:qmi_wwan: support Rolling modules Vasileios Amoiridis (1): iio: pressure: Fixes BME280 SPI driver data Viken Dadhaniya (1): slimbus: qcom-ngd-ctrl: Add timeout for wait operation Vinod Koul (1): dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state" Vitaly Lifshits (1): e1000e: change usleep_range to udelay in PHY mdic access Volodymyr Babchuk (1): arm64: dts: qcom: sa8155p-adp: fix SDHC2 CD pin configuration Wedson Almeida Filho (1): rust: kernel: require `Send` for `Module` implementations Wei Yang (3): memblock tests: fix undefined reference to `early_pfn_to_nid' memblock tests: fix undefined reference to `panic' memblock tests: fix undefined reference to `BIT' Wen Gu (1): net/smc: fix neighbour and rtable leak in smc_ib_find_route() Wesley Cheng (1): usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete Will Deacon (1): swiotlb: initialise restricted pool list_head when SWIOTLB_DYNAMIC=y Wyes Karny (1): tools/power turbostat: Increase the limit for fd opened Xiang Chen (1): scsi: hisi_sas: Handle the NCQ error returned by D2H frame Xin Long (1): tipc: fix a possible memleak in tipc_buf_append Xu Kuohai (2): bpf, arm64: Fix incorrect runtime stats riscv, bpf: Fix incorrect runtime stats Yi Zhang (1): nvme: fix warn output about shared namespaces without CONFIG_NVME_MULTIPATH Yihang Li (1): scsi: libsas: Align SMP request allocation to ARCH_DMA_MINALIGN Yonglong Liu (2): net: hns3: fix port vlan filter not disabled issue net: hns3: fix kernel crash when devlink reload during initialization Zack Rusin (2): drm/ttm: Print the memory decryption status just once drm/vmwgfx: Fix invalid reads in fence signaled events Zeng Heng (1): pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() Zhigang Luo (1): amd/amdkfd: sync all devices to wait all processes being evicted Zhongqiu Han (1): gpiolib: cdev: Fix use after free in lineinfo_changed_notify linke li (1): net: mark racy access on sk->sk_rcvbuf

1 year, 4 months

1
1
0 0

Linux 6.1.91

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.91 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/iio/health/maxim,max30102.yaml | 2 MAINTAINERS | 1 Makefile | 2 arch/arm/kernel/sleep.S | 4 arch/arm64/kvm/vgic/vgic-kvm-device.c | 12 arch/arm64/net/bpf_jit_comp.c | 6 arch/mips/include/asm/ptrace.h | 2 arch/mips/kernel/asm-offsets.c | 1 arch/mips/kernel/ptrace.c | 15 arch/mips/kernel/scall32-o32.S | 23 arch/mips/kernel/scall64-n32.S | 3 arch/mips/kernel/scall64-n64.S | 3 arch/mips/kernel/scall64-o32.S | 33 - arch/powerpc/platforms/pseries/iommu.c | 8 arch/powerpc/platforms/pseries/plpks.c | 62 -- arch/powerpc/platforms/pseries/plpks.h | 35 + arch/s390/include/asm/dwarf.h | 1 arch/s390/kernel/vdso64/vdso_user_wrapper.S | 2 arch/s390/mm/gmap.c | 2 arch/s390/mm/hugetlbpage.c | 2 block/blk-iocost.c | 7 block/ioctl.c | 5 drivers/ata/sata_gemini.c | 5 drivers/bluetooth/btqca.c | 160 +++++ drivers/bluetooth/btqca.h | 6 drivers/bluetooth/hci_qca.c | 11 drivers/char/tpm/tpm-dev-common.c | 4 drivers/clk/clk.c | 12 drivers/clk/sunxi-ng/ccu-sun50i-h6.c | 19 drivers/dma/idxd/cdev.c | 77 ++ drivers/dma/idxd/idxd.h | 3 drivers/dma/idxd/init.c | 4 drivers/dma/idxd/registers.h | 3 drivers/dma/idxd/sysfs.c | 27 drivers/firewire/nosy.c | 6 drivers/firewire/ohci.c | 6 drivers/gpio/gpio-crystalcove.c | 2 drivers/gpio/gpio-wcove.c | 2 drivers/gpio/gpiolib-cdev.c | 183 +++++- drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 7 drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 14 drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 48 - drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 7 drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 1 drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hpo_dp_link_encoder.c | 6 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c | 2 drivers/gpu/drm/drm_connector.c | 2 drivers/gpu/drm/i915/display/intel_bios.c | 19 drivers/gpu/drm/i915/display/intel_vbt_defs.h | 5 drivers/gpu/drm/meson/meson_dw_hdmi.c | 70 +- drivers/gpu/drm/nouveau/nouveau_dp.c | 13 drivers/gpu/drm/panel/panel-ilitek-ili9341.c | 8 drivers/gpu/drm/qxl/qxl_release.c | 50 - drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 drivers/gpu/host1x/bus.c | 8 drivers/hv/channel.c | 29 - drivers/hwmon/corsair-cpro.c | 45 + drivers/hwmon/pmbus/ucd9000.c | 6 drivers/iio/accel/mxc4005.c | 24 drivers/iio/imu/adis16475.c | 4 drivers/infiniband/hw/qib/qib_fs.c | 1 drivers/iommu/mtk_iommu.c | 1 drivers/iommu/mtk_iommu_v1.c | 1 drivers/md/md.c | 1 drivers/misc/eeprom/at24.c | 46 + drivers/misc/mei/hw-me-regs.h | 2 drivers/misc/mei/pci-me.c | 2 drivers/net/dsa/mv88e6xxx/chip.c | 4 drivers/net/ethernet/broadcom/genet/bcmgenet.c | 32 - drivers/net/ethernet/broadcom/genet/bcmgenet.h | 4 drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 8 drivers/net/ethernet/broadcom/genet/bcmmii.c | 25 drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 4 drivers/net/ethernet/chelsio/cxgb4/sge.c | 6 drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 52 + drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.h | 5 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 7 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 20 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 2 drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c | 4 drivers/net/ethernet/micrel/ks8851_common.c | 16 drivers/net/ethernet/qlogic/qede/qede_filter.c | 14 drivers/net/usb/qmi_wwan.c | 1 drivers/net/vxlan/vxlan_core.c | 19 drivers/nvme/host/core.c | 2 drivers/pinctrl/aspeed/pinctrl-aspeed-g6.c | 34 - drivers/pinctrl/core.c | 8 drivers/pinctrl/devicetree.c | 10 drivers/pinctrl/intel/pinctrl-baytrail.c | 74 +- drivers/pinctrl/intel/pinctrl-intel.c | 6 drivers/pinctrl/intel/pinctrl-intel.h | 17 drivers/pinctrl/mediatek/pinctrl-paris.c | 40 - drivers/pinctrl/meson/pinctrl-meson-a1.c | 6 drivers/power/supply/mt6360_charger.c | 2 drivers/power/supply/rt9455_charger.c | 2 drivers/regulator/core.c | 27 drivers/regulator/mt6360-regulator.c | 32 - drivers/s390/cio/cio_inject.c | 2 drivers/s390/net/qeth_core_main.c | 61 -- drivers/scsi/bnx2fc/bnx2fc_tgt.c | 2 drivers/scsi/lpfc/lpfc.h | 1 drivers/scsi/lpfc/lpfc_els.c | 20 drivers/scsi/lpfc/lpfc_hbadisc.c | 5 drivers/scsi/lpfc/lpfc_nvme.c | 4 drivers/scsi/lpfc/lpfc_scsi.c | 13 drivers/scsi/lpfc/lpfc_sli.c | 14 drivers/scsi/lpfc/lpfc_vport.c | 8 drivers/scsi/mpi3mr/mpi3mr_app.c | 2 drivers/slimbus/qcom-ngd-ctrl.c | 6 drivers/spi/spi-axi-spi-engine.c | 273 +++++----- drivers/spi/spi-hisi-kunpeng.c | 2 drivers/spi/spi-microchip-core-qspi.c | 1 drivers/spi/spi.c | 12 drivers/staging/wlan-ng/hfa384x_usb.c | 4 drivers/staging/wlan-ng/prism2usb.c | 6 drivers/target/target_core_configfs.c | 12 drivers/ufs/core/ufshcd.c | 5 drivers/uio/uio_hv_generic.c | 12 drivers/usb/core/hub.c | 5 drivers/usb/core/port.c | 8 drivers/usb/dwc3/core.c | 90 +-- drivers/usb/dwc3/core.h | 1 drivers/usb/dwc3/gadget.c | 2 drivers/usb/dwc3/host.c | 27 drivers/usb/gadget/composite.c | 6 drivers/usb/gadget/function/f_fs.c | 2 drivers/usb/host/ohci-hcd.c | 8 drivers/usb/host/xhci-plat.h | 4 drivers/usb/typec/tcpm/tcpm.c | 35 - drivers/usb/typec/ucsi/ucsi.c | 12 drivers/vfio/pci/vfio_pci.c | 2 fs/9p/vfs_file.c | 2 fs/9p/vfs_inode.c | 5 fs/9p/vfs_super.c | 1 fs/btrfs/extent_io.c | 19 fs/btrfs/inode.c | 2 fs/btrfs/send.c | 4 fs/btrfs/transaction.c | 2 fs/btrfs/volumes.c | 18 fs/gfs2/bmap.c | 5 fs/hugetlbfs/inode.c | 8 fs/nfs/client.c | 5 fs/nfs/inode.c | 13 fs/nfs/internal.h | 2 fs/nfs/netns.h | 2 fs/smb/client/transport.c | 37 + fs/smb/server/oplock.c | 35 - fs/smb/server/transport_tcp.c | 4 include/linux/compiler_types.h | 11 include/linux/dma-fence.h | 7 include/linux/gfp_types.h | 2 include/linux/hugetlb.h | 53 + include/linux/hugetlb_cgroup.h | 69 +- include/linux/hyperv.h | 1 include/linux/mm_types.h | 14 include/linux/pci_ids.h | 2 include/linux/pinctrl/pinctrl.h | 20 include/linux/regulator/consumer.h | 4 include/linux/skbuff.h | 15 include/linux/skmsg.h | 2 include/linux/slab.h | 2 include/linux/spi/spi.h | 51 + include/linux/sunrpc/clnt.h | 1 include/linux/swapops.h | 105 +-- include/linux/timer.h | 15 include/net/xfrm.h | 3 include/uapi/scsi/scsi_bsg_mpi3mr.h | 2 kernel/bpf/bloom_filter.c | 13 kernel/bpf/verifier.c | 3 kernel/time/timer.c | 8 lib/Kconfig.debug | 5 lib/dynamic_debug.c | 6 mm/hugetlb.c | 55 +- mm/hugetlb_cgroup.c | 34 - mm/migrate.c | 2 mm/readahead.c | 4 net/bluetooth/hci_core.c | 3 net/bluetooth/l2cap_core.c | 3 net/bluetooth/msft.c | 2 net/bluetooth/msft.h | 4 net/bluetooth/sco.c | 4 net/bridge/br_forward.c | 9 net/bridge/br_netlink.c | 3 net/core/filter.c | 42 + net/core/link_watch.c | 4 net/core/net-sysfs.c | 4 net/core/net_namespace.c | 13 net/core/rtnetlink.c | 6 net/core/skbuff.c | 27 net/core/skmsg.c | 5 net/core/sock.c | 4 net/hsr/hsr_device.c | 31 - net/ipv4/tcp.c | 4 net/ipv4/tcp_input.c | 2 net/ipv4/tcp_ipv4.c | 8 net/ipv4/tcp_output.c | 4 net/ipv4/udp_offload.c | 12 net/ipv4/xfrm4_input.c | 6 net/ipv6/addrconf.c | 11 net/ipv6/fib6_rules.c | 6 net/ipv6/ip6_input.c | 4 net/ipv6/ip6_output.c | 2 net/ipv6/xfrm6_input.c | 6 net/l2tp/l2tp_eth.c | 3 net/mac80211/ieee80211_i.h | 4 net/mptcp/protocol.c | 3 net/nsh/nsh.c | 14 net/phonet/pn_netlink.c | 2 net/smc/smc_ib.c | 19 net/sunrpc/clnt.c | 5 net/sunrpc/xprt.c | 2 net/tipc/msg.c | 8 net/wireless/nl80211.c | 2 net/wireless/trace.h | 2 net/xfrm/xfrm_input.c | 8 rust/Makefile | 11 rust/kernel/error.rs | 2 rust/kernel/lib.rs | 2 rust/macros/module.rs | 185 ++++-- scripts/Makefile.build | 17 scripts/Makefile.host | 27 scripts/Makefile.modfinal | 4 scripts/is_rust_module.sh | 16 security/keys/key.c | 3 sound/hda/intel-sdw-acpi.c | 2 sound/pci/hda/patch_realtek.c | 1 sound/soc/meson/Kconfig | 1 sound/soc/meson/axg-card.c | 1 sound/soc/meson/axg-fifo.c | 52 + sound/soc/meson/axg-fifo.h | 12 sound/soc/meson/axg-frddr.c | 5 sound/soc/meson/axg-tdm-interface.c | 34 - sound/soc/meson/axg-toddr.c | 22 sound/soc/tegra/tegra186_dspk.c | 7 sound/soc/ti/davinci-mcasp.c | 12 sound/usb/line6/driver.c | 6 tools/include/linux/kernel.h | 1 tools/include/linux/mm.h | 5 tools/include/linux/panic.h | 19 tools/perf/util/unwind-libdw.c | 21 tools/perf/util/unwind-libunwind-local.c | 2 tools/power/x86/turbostat/turbostat.8 | 2 tools/power/x86/turbostat/turbostat.c | 30 - tools/testing/selftests/bpf/prog_tests/bloom_filter_map.c | 6 tools/testing/selftests/timers/valid-adjtimex.c | 73 +- 247 files changed, 2505 insertions(+), 1391 deletions(-) Adam Goldman (1): firewire: ohci: mask bus reset interrupts between ISR and bottom half Al Viro (1): qibfs: fix dentry leak Alan Stern (2): usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device USB: core: Fix access violation during port device removal Aleksa Savic (3): hwmon: (corsair-cpro) Use a separate buffer for sending commands hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock Alex Deucher (1): drm/amdkfd: don't allow mapping the MMIO HDP page with large pages Alexander Potapenko (1): kmsan: compiler_types: declare __no_sanitize_or_inline Alexander Stein (1): eeprom: at24: Use dev_err_probe for nvmem register failure Alexander Usyskin (1): mei: me: add lunar lake point M DID Alexandra Winter (1): s390/qeth: Fix kernel panic after setting hsuid Aman Dhoot (1): ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU Amit Sunil Dhamne (1): usb: typec: tcpm: unregister existing source caps before re-registration Anand Jain (1): btrfs: return accurate error code on open failure in open_fs_devices() Andrea Righi (2): rust: fix regexp in scripts/is_rust_module.sh btf, scripts: rust: drop is_rust_module.sh Andrei Matei (1): bpf: Check bloom filter map value size Andrew Price (1): gfs2: Fix invalid metadata access in punch_hole Andrii Nakryiko (1): bpf, kconfig: Fix DEBUG_INFO_BTF_MODULES Kconfig definition Andy Shevchenko (7): pinctrl: Introduce struct pinfunction and PINCTRL_PINFUNCTION() macro pinctrl: intel: Make use of struct pinfunction and PINCTRL_PINFUNCTION() drm/panel: ili9341: Respect deferred probe drm/panel: ili9341: Use predefined error codes gpio: wcove: Use -ENOTSUPP consistently gpio: crystalcove: Use -ENOTSUPP consistently gpiolib: cdev: Add missing header(s) AngeloGioacchino Del Regno (2): power: supply: mt6360_charger: Fix of_match for usb-otg-vbus regulator regulator: mt6360: De-capitalize devicetree regulator subnodes Anton Protopopov (1): bpf: Fix a verifier verbose message Arjan van de Ven (2): VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist dmaengine: idxd: add a new security check to deal with a hardware erratum Arnd Bergmann (1): power: rt9455: hide unused rt9455_boost_voltage_values Asahi Lina (1): rust: error: Rename to_kernel_errno() -> to_errno() Asbjørn Sloth Tønnesen (4): net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() net: qede: use return from qede_parse_flow_attr() for flower net: qede: use return from qede_parse_flow_attr() for flow_spec net: qede: use return from qede_parse_actions() Badhri Jagan Sridharan (1): usb: typec: tcpm: Check for port partner validity before consuming it Benno Lossin (1): rust: macros: fix soundness issue in `module!` macro Billy Tsai (1): pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T Boris Burkov (2): btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve btrfs: always clear PERTRANS metadata during commit Borislav Petkov (AMD) (1): kbuild: Disable KCSAN for autogenerated *.mod.c intermediaries Boy.Wu (1): ARM: 9381/1: kasan: clear stale stack poison Bui Quang Minh (3): bna: ensure the copied buf is NUL terminated octeontx2-af: avoid off-by-one read from userspace s390/cio: Ensure the copied buf is NUL terminated Bumyong Lee (1): dmaengine: pl330: issue_pending waits until WFP state Chen Ni (1): ata: sata_gemini: Check clk_enable() result Chen-Yu Tsai (2): pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE Chris Wulff (1): usb: gadget: f_fs: Fix a race condition when processing setup packets. Christian A. Ehrhardt (2): usb: typec: ucsi: Check for notifications after init usb: typec: ucsi: Fix connector check on init Christian König (1): drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 Claudio Imbrenda (2): s390/mm: Fix storage key clearing for guest huge pages s390/mm: Fix clearing storage keys for huge pages Conor Dooley (1): spi: microchip-core-qspi: fix setting spi bus clock rate Dan Carpenter (2): pinctrl: core: delete incorrect free in pinctrl_enable() mm/slab: make __free(kfree) accept error pointers Daniel Okazaki (1): eeprom: at24: fix memory corruption race condition David Bauer (1): net l2tp: drop flow hash on forward David Lechner (5): spi: axi-spi-engine: simplify driver data allocation spi: axi-spi-engine: use devm_spi_alloc_host() spi: axi-spi-engine: move msg state to new struct spi: axi-spi-engine: use common AXI macros spi: axi-spi-engine: fix version format string Devyn Liu (1): spi: hisi-kunpeng: Delete the dump interface of data registers in debugfs Dmitry Antipov (1): btrfs: fix kvcalloc() arguments order in btrfs_ioctl_send() Dominique Martinet (1): btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() Doug Berger (3): net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() net: bcmgenet: synchronize UMAC_CMD access Doug Smythies (1): tools/power turbostat: Fix added raw MSR output Douglas Anderson (1): drm/connector: Add \n to message about demoting connector force-probes Duoming Zhou (2): Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout Eric Dumazet (6): tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets phonet: fix rtm_phonet_notify() skb allocation ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() net-sysfs: convert dev->operstate reads to lockless ones ipv6: annotate data-races around cnf.disable_ipv6 ipv6: prevent NULL dereference in ip6_output() Felix Fietkau (3): net: bridge: fix multicast-to-unicast with fraglist GSO net: core: reject skb_copy(_expand) for fraglist GSO skbs net: bridge: fix corrupted ethernet header on multicast-to-unicast Florian Fainelli (1): net: bcmgenet: Clear RGMII_LINK upon link down Gabe Teeger (1): drm/amd/display: Atom Integrated System Info v2_2 for DCN35 Gaurav Batra (1): powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE Geert Uytterhoeven (1): spi: Merge spi_controller.{slave,target}_abort() George Shen (1): drm/amd/display: Handle Y carry-over in VCP X.Y calculation Greg Kroah-Hartman (1): Linux 6.1.91 Guenter Roeck (1): usb: ohci: Prevent missed ohci interrupts Guillaume Nault (1): vxlan: Pull inner IP header in vxlan_rcv(). Hans de Goede (2): pinctrl: baytrail: Fix selecting gpio pinctrl state iio: accel: mxc4005: Interrupt handling fixes Heiner Kallweit (1): eeprom: at24: Probe for DDR3 thermal sensor in the SPD case Igor Artemiev (1): wifi: cfg80211: fix rdev_dump_mpp() arguments order Jan Dakinevich (1): pinctrl/meson: fix typo in PDM's pin name Jason Xing (1): bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Javier Carrasco (1): dt-bindings: iio: health: maxim,max30102: fix compatible check Jeff Johnson (1): wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc Jeff Layton (1): 9p: explicitly deny setlease attempts Jens Remus (1): s390/vdso: Add CFI for RA register to asm macro vdso_func Jernej Skrabec (1): clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change Jerome Brunet (7): ASoC: meson: axg-fifo: use FIELD helpers ASoC: meson: axg-fifo: use threaded irq to check periods ASoC: meson: axg-card: make links nonatomic ASoC: meson: axg-tdm-interface: manage formatters in trigger ASoC: meson: cards: select SND_DYNAMIC_MINORS drm/meson: dw-hdmi: power up phy on device init drm/meson: dw-hdmi: add bandgap setting for g12 Jian Shen (1): net: hns3: direct return when receive a unknown mailbox message Jiaxun Yang (1): MIPS: scall: Save thread_info.syscall unconditionally on entry Jim Cromie (1): dyndbg: fix old BUG_ON in >control parser Joakim Sindholt (3): fs/9p: only translate RWX permissions for plain 9P2000 fs/9p: translate O_TRUNC into OTRUNC fs/9p: drop inodes immediately on non-.L too Joao Paulo Goncalves (1): ASoC: ti: davinci-mcasp: Fix race condition during probe Johan Hovold (6): regulator: core: fix debugfs creation regression Bluetooth: qca: add missing firmware sanity checks Bluetooth: qca: fix NVM configuration parsing Bluetooth: qca: fix info leak when fetching board id Bluetooth: qca: fix info leak when fetching fw build id Bluetooth: qca: fix firmware check error path Johannes Berg (1): wifi: nl80211: don't free NULL coalescing rule John Stultz (1): selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior Josef Bacik (3): sunrpc: add a struct rpc_stats arg to rpc_create_args nfs: expose /proc/net/sunrpc/nfs in net namespaces nfs: make the rpc_stat per net namespace Justin Ernst (1): tools/power/turbostat: Fix uncore frequency file string Justin Tee (4): scsi: lpfc: Move NPIV's transport unregistration to after resource clean up scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() Karthikeyan Ramasubramanian (1): drm/i915/bios: Fix parsing backlight BDB data Kefeng Wang (1): mm: use memalloc_nofs_save() in page_cache_ra_order() Kent Gibson (2): gpiolib: cdev: relocate debounce_period_us from struct gpio_desc gpiolib: cdev: fix uninitialised kfifo Krzysztof Kozlowski (1): iommu: mtk: fix module autoloading Kuniyuki Iwashima (3): nfs: Handle error of rpc_proc_register() in nfs_net_init(). nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Lakshmi Yadlapati (1): hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us Leah Rumancik (1): MAINTAINERS: add leah to 6.1 MAINTAINERS file Li Nan (2): block: fix overflow in blk_ioctl_discard() md: fix kmemleak of rdev->serial Li Zetao (1): spi: spi-axi-spi-engine: Use helper function devm_clk_get_enabled() Lijo Lazar (1): drm/amdgpu: Refine IB schedule error logging Linus Torvalds (1): Reapply "drm/qxl: simplify qxl_fence_wait" Lukasz Majewski (1): hsr: Simplify code for announcing HSR nodes timer setup Lyude Paul (1): drm/nouveau/dp: Don't probe eDP ports twice harder Mans Rullgard (1): spi: fix null pointer dereference within spi_sync Marc Zyngier (1): KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id Marek Behún (1): net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 Marek Vasut (1): net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs Mario Limonciello (1): dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users Masahiro Yamada (2): kbuild: refactor host*_flags kbuild: specify output names separately for each emission type from rustc Matti Vaittinen (2): regulator: change stubbed devm_regulator_get_enable to return Ok regulator: change devm_regulator_get_enable_optional() stub to return Ok Maurizio Lombardi (1): scsi: target: Fix SELinux error when systemd-modules loads the target module Miaohe Lin (1): mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() Michael Kelley (1): Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted Miguel Ojeda (1): kbuild: rust: avoid creating temporary files Namhyung Kim (2): perf unwind-libunwind: Fix base address for .eh_frame perf unwind-libdw: Handle JIT-generated DSOs properly Namjae Jeon (3): ksmbd: off ipv6only for both ipv4/ipv6 binding ksmbd: avoid to send duplicate lease break notifications ksmbd: do not grant v2 lease if parent lease key and epoch are not set Nayna Jain (2): powerpc/pseries: replace kmalloc with kzalloc in PLPKS driver powerpc/pseries: make max polling consistent for longer H_CALLs Nikhil Rao (1): dmaengine: idxd: add a write() method for applications to submit work Oliver Upton (1): KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() Oscar Salvador (1): mm,swapops: update check in is_pfn_swap_entry for hwpoison entries Paolo Abeni (2): mptcp: ensure snd_nxt is properly initialized on connect tipc: fix UAF in error path Paul Davey (1): xfrm: Preserve vlan tags for transport mode software GRO Peiyang Wang (4): net: hns3: using user configure after hardware reset net: hns3: change type of numa_node_mask as nodemask_t net: hns3: release PTP resources if pf initialization failed net: hns3: use appropriate barrier function after setting a bit value Peng Liu (1): tools/power turbostat: Fix Bzy_MHz documentation typo Peter Korsgaard (1): usb: gadget: composite: fix OS descriptors w_value logic Peter Wang (1): scsi: ufs: core: WLUN suspend dev/link state error recovery Peter Xu (1): mm/hugetlb: fix missing hugetlb_lock for resv uncharge Phil Elwell (1): net: bcmgenet: Reset RBUF on first open Pierre-Louis Bossart (1): ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() Qu Wenruo (1): btrfs: do not wait for short bulk allocation Ramona Gradinariu (1): iio:imu: adis16475: Fix sync mode setting Richard Gobert (1): net: gro: add flush check in udp_gro_receive_segment Rick Edgecombe (2): Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl uio_hv_generic: Don't free decrypted memory Rik van Riel (1): blk-iocost: avoid out of bounds shift Roded Zats (1): rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Russell Currey (1): powerpc/pseries: Move PLPKS constants to header file Sameer Pujar (1): ASoC: tegra: Fix DSPK 16-bit playback Saurav Kashyap (1): scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload Sebastian Andrzej Siewior (1): cxgb4: Properly lock TX queue for the selftest. Shin'ichiro Kawasaki (1): scsi: mpi3mr: Avoid memcpy field-spanning write WARNING Shyam Prasad N (1): cifs: use the least loaded channel for sending requests Sidhartha Kumar (8): mm/hugetlb: add folio support to hugetlb specific flag macros mm: add private field of first tail to struct page and struct folio mm/hugetlb: add hugetlb_folio_subpool() helpers mm/hugetlb: add folio_hstate() mm/hugetlb_cgroup: convert __set_hugetlb_cgroup() to folios mm/hugetlb_cgroup: convert hugetlb_cgroup_from_page() to folios mm/hugetlb: convert free_huge_page to folios mm/hugetlb_cgroup: convert hugetlb_cgroup_uncharge_page() to folios Silvio Gissi (1): keys: Fix overwrite of key expiration on instantiation Stephen Boyd (1): clk: Don't hold prepare_lock when calling kref_put() Steve French (1): smb3: missing lock when picking channel Sungwoo Kim (1): Bluetooth: msft: fix slab-use-after-free in msft_do_close() Takashi Iwai (1): ALSA: line6: Zero-initialize message buffers Thadeu Lima de Souza Cascardo (1): net: fix out-of-bounds access in ops_init Thanassis Avgerinos (1): firewire: nosy: ensure user_length is taken into account when fetching packet contents Thierry Reding (1): gpu: host1x: Do not setup DMA for virtual devices Thinh Nguyen (2): usb: xhci-plat: Don't include xhci.h usb: dwc3: core: Prevent phy suspend during init Thomas Bertschinger (1): rust: module: place generated init_module() function in .init.text Thomas Gleixner (2): timers: Get rid of del_singleshot_timer_sync() timers: Rename del_timer() to timer_delete() Tim Jiang (1): Bluetooth: qca: add support for QCA2066 Toke Høiland-Jørgensen (1): xdp: use flags field to disambiguate broadcast redirect Uwe Kleine-König (1): spi: axi-spi-engine: Convert to platform remove callback returning void Vanillan Wang (1): net:usb:qmi_wwan: support Rolling modules Viken Dadhaniya (1): slimbus: qcom-ngd-ctrl: Add timeout for wait operation Vinod Koul (1): dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state" Wedson Almeida Filho (1): rust: kernel: require `Send` for `Module` implementations Wei Yang (3): memblock tests: fix undefined reference to `early_pfn_to_nid' memblock tests: fix undefined reference to `panic' memblock tests: fix undefined reference to `BIT' Wen Gu (1): net/smc: fix neighbour and rtable leak in smc_ib_find_route() Wyes Karny (1): tools/power turbostat: Increase the limit for fd opened Xin Long (1): tipc: fix a possible memleak in tipc_buf_append Xu Kuohai (1): bpf, arm64: Fix incorrect runtime stats Yang Yingliang (2): spi: introduce new helpers with using modern naming spi: spi-axi-spi-engine: switch to use modern name Yi Zhang (1): nvme: fix warn output about shared namespaces without CONFIG_NVME_MULTIPATH Yonglong Liu (2): net: hns3: fix port vlan filter not disabled issue net: hns3: fix kernel crash when devlink reload during initialization Zack Rusin (1): drm/vmwgfx: Fix invalid reads in fence signaled events Zeng Heng (1): pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() linke li (1): net: mark racy access on sk->sk_rcvbuf

1 year, 4 months

1
1
0 0

Linux 5.15.159

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.159 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/iio/health/maxim,max30102.yaml | 2 Makefile | 2 arch/arm/kernel/sleep.S | 4 arch/arm64/boot/dts/qcom/msm8998.dtsi | 8 arch/arm64/boot/dts/qcom/sdm845.dtsi | 16 arch/arm64/kvm/vgic/vgic-kvm-device.c | 12 arch/mips/include/asm/ptrace.h | 2 arch/mips/kernel/asm-offsets.c | 1 arch/mips/kernel/ptrace.c | 15 arch/mips/kernel/scall32-o32.S | 23 arch/mips/kernel/scall64-n32.S | 3 arch/mips/kernel/scall64-n64.S | 3 arch/mips/kernel/scall64-o32.S | 33 arch/s390/include/asm/dwarf.h | 1 arch/s390/kernel/vdso64/vdso_user_wrapper.S | 2 arch/s390/mm/gmap.c | 2 arch/s390/mm/hugetlbpage.c | 2 block/blk-iocost.c | 7 drivers/acpi/cppc_acpi.c | 67 + drivers/ata/sata_gemini.c | 5 drivers/bluetooth/btqca.c | 62 + drivers/clk/clk.c | 12 drivers/clk/sunxi-ng/ccu-sun50i-h6.c | 19 drivers/firewire/nosy.c | 6 drivers/firewire/ohci.c | 6 drivers/gpio/gpio-crystalcove.c | 2 drivers/gpio/gpio-wcove.c | 2 drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 1 drivers/gpu/drm/drm_connector.c | 2 drivers/gpu/drm/meson/meson_dw_hdmi.c | 70 - drivers/gpu/drm/nouveau/nouveau_dp.c | 13 drivers/gpu/drm/panel/panel-ilitek-ili9341.c | 8 drivers/gpu/drm/qxl/qxl_release.c | 50 - drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 drivers/gpu/host1x/bus.c | 8 drivers/hwmon/corsair-cpro.c | 45 drivers/hwmon/pmbus/ucd9000.c | 6 drivers/iio/accel/mxc4005.c | 24 drivers/iio/imu/adis16475.c | 4 drivers/infiniband/hw/qib/qib_fs.c | 1 drivers/iommu/mtk_iommu.c | 1 drivers/iommu/mtk_iommu_v1.c | 1 drivers/md/md.c | 1 drivers/misc/eeprom/at24.c | 46 drivers/misc/mei/hw-me-regs.h | 2 drivers/misc/mei/pci-me.c | 2 drivers/net/dsa/mv88e6xxx/chip.c | 4 drivers/net/ethernet/broadcom/genet/bcmgenet.c | 20 drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 4 drivers/net/ethernet/chelsio/cxgb4/sge.c | 6 drivers/net/ethernet/hisilicon/hns3/Makefile | 18 drivers/net/ethernet/hisilicon/hns3/hclge_mbx.h | 15 drivers/net/ethernet/hisilicon/hns3/hnae3.h | 3 drivers/net/ethernet/hisilicon/hns3/hns3_common/hclge_comm_cmd.c | 259 +++++ drivers/net/ethernet/hisilicon/hns3/hns3_common/hclge_comm_cmd.h | 121 ++ drivers/net/ethernet/hisilicon/hns3/hns3_debugfs.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3pf/Makefile | 12 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_cmd.c | 311 ------ drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_cmd.h | 85 - drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 215 ++-- drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.h | 17 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 486 +++++++--- drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_mdio.c | 4 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3vf/Makefile | 10 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 10 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 2 drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c | 4 drivers/net/ethernet/qlogic/qede/qede_filter.c | 14 drivers/net/usb/qmi_wwan.c | 1 drivers/pinctrl/aspeed/pinctrl-aspeed-g6.c | 34 drivers/pinctrl/core.c | 8 drivers/pinctrl/devicetree.c | 10 drivers/pinctrl/mediatek/pinctrl-paris.c | 180 +-- drivers/pinctrl/meson/pinctrl-meson-a1.c | 6 drivers/power/supply/mt6360_charger.c | 2 drivers/power/supply/rt9455_charger.c | 2 drivers/regulator/core.c | 27 drivers/regulator/mt6360-regulator.c | 32 drivers/s390/cio/cio_inject.c | 2 drivers/s390/net/qeth_core.h | 1 drivers/s390/net/qeth_core_main.c | 78 - drivers/scsi/bnx2fc/bnx2fc_tgt.c | 2 drivers/scsi/lpfc/lpfc.h | 1 drivers/scsi/lpfc/lpfc_nvme.c | 4 drivers/scsi/lpfc/lpfc_scsi.c | 13 drivers/scsi/lpfc/lpfc_vport.c | 8 drivers/slimbus/qcom-ngd-ctrl.c | 6 drivers/spi/spi-hisi-kunpeng.c | 2 drivers/target/target_core_configfs.c | 12 drivers/usb/core/hub.c | 5 drivers/usb/dwc3/core.c | 90 - drivers/usb/dwc3/core.h | 1 drivers/usb/dwc3/gadget.c | 2 drivers/usb/dwc3/host.c | 27 drivers/usb/gadget/composite.c | 6 drivers/usb/gadget/function/f_fs.c | 2 drivers/usb/host/ohci-hcd.c | 8 drivers/usb/host/xhci-plat.h | 4 drivers/usb/typec/ucsi/ucsi.c | 12 fs/9p/vfs_file.c | 2 fs/9p/vfs_inode.c | 5 fs/9p/vfs_super.c | 1 fs/btrfs/inode.c | 2 fs/btrfs/send.c | 4 fs/btrfs/transaction.c | 2 fs/btrfs/volumes.c | 18 fs/gfs2/bmap.c | 5 fs/ksmbd/server.c | 13 fs/ksmbd/smb2pdu.c | 4 fs/ksmbd/vfs.c | 5 fs/nfs/client.c | 5 fs/nfs/inode.c | 13 fs/nfs/internal.h | 2 fs/nfs/netns.h | 2 include/linux/bpf.h | 20 include/linux/dma-fence.h | 7 include/linux/filter.h | 4 include/linux/skbuff.h | 15 include/linux/skmsg.h | 5 include/linux/sunrpc/clnt.h | 1 include/net/xfrm.h | 3 kernel/bpf/cpumap.c | 8 kernel/bpf/devmap.c | 32 kernel/bpf/verifier.c | 3 lib/Kconfig.debug | 5 lib/dynamic_debug.c | 6 net/bluetooth/l2cap_core.c | 3 net/bluetooth/sco.c | 4 net/bridge/br_forward.c | 9 net/core/filter.c | 115 +- net/core/net_namespace.c | 13 net/core/rtnetlink.c | 2 net/core/skbuff.c | 27 net/core/skmsg.c | 53 - net/core/sock.c | 4 net/core/sock_map.c | 3 net/ipv4/tcp.c | 4 net/ipv4/tcp_bpf.c | 51 + net/ipv4/tcp_input.c | 2 net/ipv4/tcp_ipv4.c | 8 net/ipv4/tcp_output.c | 4 net/ipv4/udp_offload.c | 12 net/ipv4/xfrm4_input.c | 6 net/ipv6/fib6_rules.c | 6 net/ipv6/xfrm6_input.c | 6 net/l2tp/l2tp_eth.c | 3 net/mac80211/ieee80211_i.h | 4 net/mptcp/protocol.c | 3 net/nsh/nsh.c | 14 net/phonet/pn_netlink.c | 2 net/sunrpc/clnt.c | 5 net/tipc/msg.c | 8 net/wireless/nl80211.c | 2 net/wireless/trace.h | 2 net/xfrm/xfrm_input.c | 8 scripts/Makefile.modfinal | 2 security/keys/key.c | 3 sound/hda/intel-sdw-acpi.c | 2 sound/pci/hda/patch_realtek.c | 1 sound/soc/meson/Kconfig | 1 sound/soc/meson/axg-card.c | 1 sound/soc/meson/axg-fifo.c | 52 - sound/soc/meson/axg-fifo.h | 12 sound/soc/meson/axg-frddr.c | 5 sound/soc/meson/axg-tdm-interface.c | 26 sound/soc/meson/axg-toddr.c | 22 sound/soc/tegra/tegra186_dspk.c | 7 sound/soc/ti/davinci-mcasp.c | 12 sound/usb/line6/driver.c | 6 tools/power/x86/turbostat/turbostat.8 | 2 tools/power/x86/turbostat/turbostat.c | 7 tools/testing/selftests/timers/valid-adjtimex.c | 73 - 173 files changed, 2214 insertions(+), 1413 deletions(-) Adam Goldman (1): firewire: ohci: mask bus reset interrupts between ISR and bottom half Al Viro (1): qibfs: fix dentry leak Alan Stern (1): usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device Aleksa Savic (3): hwmon: (corsair-cpro) Use a separate buffer for sending commands hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock Alexander Stein (1): eeprom: at24: Use dev_err_probe for nvmem register failure Alexander Usyskin (1): mei: me: add lunar lake point M DID Alexandra Winter (1): s390/qeth: Fix kernel panic after setting hsuid Aman Dhoot (1): ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU Anand Jain (1): btrfs: return accurate error code on open failure in open_fs_devices() Andrew Price (1): gfs2: Fix invalid metadata access in punch_hole Andrii Nakryiko (1): bpf, kconfig: Fix DEBUG_INFO_BTF_MODULES Kconfig definition Andy Shevchenko (4): drm/panel: ili9341: Respect deferred probe drm/panel: ili9341: Use predefined error codes gpio: wcove: Use -ENOTSUPP consistently gpio: crystalcove: Use -ENOTSUPP consistently AngeloGioacchino Del Regno (2): power: supply: mt6360_charger: Fix of_match for usb-otg-vbus regulator regulator: mt6360: De-capitalize devicetree regulator subnodes Anton Protopopov (1): bpf: Fix a verifier verbose message Arnd Bergmann (1): power: rt9455: hide unused rt9455_boost_voltage_values Asbjørn Sloth Tønnesen (4): net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() net: qede: use return from qede_parse_flow_attr() for flower net: qede: use return from qede_parse_flow_attr() for flow_spec net: qede: use return from qede_parse_actions() Billy Tsai (1): pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T Boris Burkov (2): btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve btrfs: always clear PERTRANS metadata during commit Borislav Petkov (AMD) (1): kbuild: Disable KCSAN for autogenerated *.mod.c intermediaries Boy.Wu (1): ARM: 9381/1: kasan: clear stale stack poison Bui Quang Minh (3): bna: ensure the copied buf is NUL terminated octeontx2-af: avoid off-by-one read from userspace s390/cio: Ensure the copied buf is NUL terminated Bumyong Lee (1): dmaengine: pl330: issue_pending waits until WFP state Chen Ni (1): ata: sata_gemini: Check clk_enable() result Chen-Yu Tsai (3): pinctrl: mediatek: paris: Rework mtk_pinconf_{get,set} switch/case logic pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE Chris Wulff (1): usb: gadget: f_fs: Fix a race condition when processing setup packets. Christian A. Ehrhardt (2): usb: typec: ucsi: Check for notifications after init usb: typec: ucsi: Fix connector check on init Claudio Imbrenda (2): s390/mm: Fix storage key clearing for guest huge pages s390/mm: Fix clearing storage keys for huge pages Dan Carpenter (1): pinctrl: core: delete incorrect free in pinctrl_enable() Daniel Okazaki (1): eeprom: at24: fix memory corruption race condition David Bauer (1): net l2tp: drop flow hash on forward Devyn Liu (1): spi: hisi-kunpeng: Delete the dump interface of data registers in debugfs Dmitry Antipov (1): btrfs: fix kvcalloc() arguments order in btrfs_ioctl_send() Dominique Martinet (1): btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() Doug Berger (1): net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() Doug Smythies (1): tools/power turbostat: Fix added raw MSR output Douglas Anderson (1): drm/connector: Add \n to message about demoting connector force-probes Duoming Zhou (2): Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout Easwar Hariharan (1): Revert "Revert "ACPI: CPPC: Use access_width over bit_width for system memory accesses"" Eric Dumazet (3): tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets phonet: fix rtm_phonet_notify() skb allocation ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() Felix Fietkau (3): net: bridge: fix multicast-to-unicast with fraglist GSO net: core: reject skb_copy(_expand) for fraglist GSO skbs net: bridge: fix corrupted ethernet header on multicast-to-unicast Gabe Teeger (1): drm/amd/display: Atom Integrated System Info v2_2 for DCN35 Greg Kroah-Hartman (1): Linux 5.15.159 Guangbin Huang (2): net: hns3: PF support get unicast MAC address space assigned by firmware net: hns3: add query vf ring and vector map relation Guenter Roeck (1): usb: ohci: Prevent missed ohci interrupts Hans de Goede (1): iio: accel: mxc4005: Interrupt handling fixes Hao Lan (1): net: hns3: refactor function hclge_mbx_handler() Heiner Kallweit (1): eeprom: at24: Probe for DDR3 thermal sensor in the SPD case Igor Artemiev (1): wifi: cfg80211: fix rdev_dump_mpp() arguments order Jan Dakinevich (1): pinctrl/meson: fix typo in PDM's pin name Jarred White (1): ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro Jason Xing (1): bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Javier Carrasco (1): dt-bindings: iio: health: maxim,max30102: fix compatible check Jeff Johnson (1): wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc Jeff Layton (1): 9p: explicitly deny setlease attempts Jens Remus (1): s390/vdso: Add CFI for RA register to asm macro vdso_func Jernej Skrabec (1): clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change Jerome Brunet (7): ASoC: meson: axg-fifo: use FIELD helpers ASoC: meson: axg-fifo: use threaded irq to check periods ASoC: meson: axg-card: make links nonatomic ASoC: meson: axg-tdm-interface: manage formatters in trigger ASoC: meson: cards: select SND_DYNAMIC_MINORS drm/meson: dw-hdmi: power up phy on device init drm/meson: dw-hdmi: add bandgap setting for g12 Jian Shen (2): net: hns3: direct return when receive a unknown mailbox message net: hns3: split function hclge_init_vlan_config() Jiaxun Yang (1): MIPS: scall: Save thread_info.syscall unconditionally on entry Jie Wang (4): net: hns3: refactor hns3 makefile to support hns3_common module net: hns3: create new cmdq hardware description structure hclge_comm_hw net: hns3: create new set of unified hclge_comm_cmd_send APIs net: hns3: refactor hclge_cmd_send with new hclge_comm_cmd_send API Jim Cromie (1): dyndbg: fix old BUG_ON in >control parser Joakim Sindholt (3): fs/9p: only translate RWX permissions for plain 9P2000 fs/9p: translate O_TRUNC into OTRUNC fs/9p: drop inodes immediately on non-.L too Joao Paulo Goncalves (1): ASoC: ti: davinci-mcasp: Fix race condition during probe Johan Hovold (4): regulator: core: fix debugfs creation regression Bluetooth: qca: add missing firmware sanity checks Bluetooth: qca: fix NVM configuration parsing Bluetooth: qca: fix firmware check error path Johannes Berg (1): wifi: nl80211: don't free NULL coalescing rule John Fastabend (5): bpf, sockmap: TCP data stall on recv before accept bpf, sockmap: Handle fin correctly bpf, sockmap: Convert schedule_work into delayed_work bpf, sockmap: Reschedule is now done through backlog bpf, sockmap: Improved check for empty queue John Stultz (1): selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior Josef Bacik (3): sunrpc: add a struct rpc_stats arg to rpc_create_args nfs: expose /proc/net/sunrpc/nfs in net namespaces nfs: make the rpc_stat per net namespace Julian Wiedmann (1): s390/qeth: don't keep track of Input Queue count Justin Tee (3): scsi: lpfc: Move NPIV's transport unregistration to after resource clean up scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() Krzysztof Kozlowski (1): iommu: mtk: fix module autoloading Kuniyuki Iwashima (3): nfs: Handle error of rpc_proc_register() in nfs_net_init(). nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Lakshmi Yadlapati (1): hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us Li Nan (1): md: fix kmemleak of rdev->serial Linus Torvalds (1): Reapply "drm/qxl: simplify qxl_fence_wait" Lyude Paul (1): drm/nouveau/dp: Don't probe eDP ports twice harder Marc Zyngier (1): KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id Marek Behún (1): net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 Marios Makassikis (1): ksmbd: clear RENAME_NOREPLACE before calling vfs_rename Maurizio Lombardi (1): scsi: target: Fix SELinux error when systemd-modules loads the target module Namjae Jeon (2): ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf ksmbd: validate request buffer size in smb2_allocate_rsp_buf() Oliver Upton (1): KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() Paolo Abeni (2): mptcp: ensure snd_nxt is properly initialized on connect tipc: fix UAF in error path Paul Davey (1): xfrm: Preserve vlan tags for transport mode software GRO Peiyang Wang (3): net: hns3: using user configure after hardware reset net: hns3: change type of numa_node_mask as nodemask_t net: hns3: use appropriate barrier function after setting a bit value Peng Liu (1): tools/power turbostat: Fix Bzy_MHz documentation typo Peter Korsgaard (1): usb: gadget: composite: fix OS descriptors w_value logic Phil Elwell (1): net: bcmgenet: Reset RBUF on first open Pierre-Louis Bossart (1): ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() Ramona Gradinariu (1): iio:imu: adis16475: Fix sync mode setting Richard Gobert (1): net: gro: add flush check in udp_gro_receive_segment Rik van Riel (1): blk-iocost: avoid out of bounds shift Rob Herring (1): arm64: dts: qcom: Fix 'interrupt-map' parent address cells Roded Zats (1): rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Sameer Pujar (1): ASoC: tegra: Fix DSPK 16-bit playback Saurav Kashyap (1): scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload Sebastian Andrzej Siewior (1): cxgb4: Properly lock TX queue for the selftest. Silvio Gissi (1): keys: Fix overwrite of key expiration on instantiation Stephen Boyd (1): clk: Don't hold prepare_lock when calling kref_put() Takashi Iwai (1): ALSA: line6: Zero-initialize message buffers Thadeu Lima de Souza Cascardo (1): net: fix out-of-bounds access in ops_init Thanassis Avgerinos (1): firewire: nosy: ensure user_length is taken into account when fetching packet contents Thierry Reding (1): gpu: host1x: Do not setup DMA for virtual devices Thinh Nguyen (2): usb: xhci-plat: Don't include xhci.h usb: dwc3: core: Prevent phy suspend during init Toke Høiland-Jørgensen (3): xdp: Move conversion to xdp_frame out of map functions xdp: Add xdp_do_redirect_frame() for pre-computed xdp_frames xdp: use flags field to disambiguate broadcast redirect Vanillan Wang (1): net:usb:qmi_wwan: support Rolling modules Vanshidhar Konda (1): ACPI: CPPC: Fix access width used for PCC registers Viken Dadhaniya (1): slimbus: qcom-ngd-ctrl: Add timeout for wait operation Vinod Koul (1): dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state" Xin Long (1): tipc: fix a possible memleak in tipc_buf_append Yonglong Liu (1): net: hns3: fix port vlan filter not disabled issue Yufeng Mo (1): net: hns3: add log for workqueue scheduled late Zack Rusin (1): drm/vmwgfx: Fix invalid reads in fence signaled events Zeng Heng (1): pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() linke li (1): net: mark racy access on sk->sk_rcvbuf

1 year, 4 months

1
1
0 0

Linux 5.10.217

by Greg Kroah-Hartman

I'm announcing the release of the 5.10.217 kernel. All users of the 5.10 kernel series must upgrade. The updated 5.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm64/boot/dts/qcom/msm8998.dtsi | 8 arch/arm64/boot/dts/qcom/sdm845.dtsi | 16 - arch/arm64/kvm/vgic/vgic-kvm-device.c | 12 arch/mips/include/asm/ptrace.h | 2 arch/mips/kernel/asm-offsets.c | 1 arch/mips/kernel/ptrace.c | 15 - arch/mips/kernel/scall32-o32.S | 23 + arch/mips/kernel/scall64-n32.S | 3 arch/mips/kernel/scall64-n64.S | 3 arch/mips/kernel/scall64-o32.S | 33 +- arch/s390/include/asm/dwarf.h | 1 arch/s390/kernel/vdso64/vdso_user_wrapper.S | 2 arch/s390/mm/gmap.c | 2 arch/s390/mm/hugetlbpage.c | 2 block/blk-iocost.c | 7 drivers/ata/sata_gemini.c | 5 drivers/clk/clk.c | 12 drivers/clk/sunxi-ng/ccu-sun50i-h6.c | 19 + drivers/firewire/nosy.c | 6 drivers/firewire/ohci.c | 6 drivers/gpio/gpio-crystalcove.c | 2 drivers/gpio/gpio-wcove.c | 2 drivers/gpu/drm/nouveau/nouveau_dp.c | 13 - drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 drivers/gpu/host1x/bus.c | 8 drivers/hwmon/corsair-cpro.c | 45 ++- drivers/hwmon/pmbus/ucd9000.c | 6 drivers/iio/accel/mxc4005.c | 24 + drivers/iio/imu/adis16475.c | 4 drivers/md/md.c | 1 drivers/misc/eeprom/at24.c | 46 ++- drivers/misc/mei/hw-me-regs.h | 2 drivers/misc/mei/pci-me.c | 2 drivers/net/dsa/mv88e6xxx/chip.c | 4 drivers/net/ethernet/broadcom/genet/bcmgenet.c | 20 + drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 4 drivers/net/ethernet/chelsio/cxgb4/sge.c | 6 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 3 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 3 drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c | 4 drivers/net/ethernet/qlogic/qede/qede_filter.c | 14 - drivers/net/usb/qmi_wwan.c | 1 drivers/pinctrl/aspeed/pinctrl-aspeed-g6.c | 34 +- drivers/pinctrl/core.c | 8 drivers/pinctrl/devicetree.c | 10 drivers/pinctrl/mediatek/pinctrl-paris.c | 180 +++++--------- drivers/pinctrl/meson/pinctrl-meson-a1.c | 6 drivers/power/supply/rt9455_charger.c | 2 drivers/regulator/core.c | 27 +- drivers/regulator/mt6360-regulator.c | 32 +- drivers/scsi/bnx2fc/bnx2fc_tgt.c | 2 drivers/scsi/lpfc/lpfc.h | 1 drivers/scsi/lpfc/lpfc_scsi.c | 13 - drivers/target/target_core_configfs.c | 12 drivers/usb/core/hub.c | 5 drivers/usb/dwc3/core.c | 90 ++----- drivers/usb/dwc3/core.h | 1 drivers/usb/dwc3/gadget.c | 2 drivers/usb/dwc3/host.c | 27 ++ drivers/usb/gadget/composite.c | 6 drivers/usb/gadget/function/f_fs.c | 2 drivers/usb/host/ohci-hcd.c | 8 drivers/usb/host/xhci-plat.h | 4 drivers/usb/typec/ucsi/ucsi.c | 12 drivers/usb/usbip/usbip_common.h | 1 fs/9p/vfs_file.c | 2 fs/9p/vfs_inode.c | 5 fs/9p/vfs_super.c | 1 fs/btrfs/inode.c | 2 fs/btrfs/send.c | 4 fs/btrfs/transaction.c | 2 fs/btrfs/volumes.c | 17 - fs/gfs2/bmap.c | 5 fs/nfs/client.c | 5 fs/nfs/inode.c | 13 - fs/nfs/internal.h | 2 fs/nfs/netns.h | 2 include/linux/kcov.h | 1 include/linux/sched.h | 1 include/linux/skbuff.h | 15 + include/linux/sunrpc/clnt.h | 1 include/net/xfrm.h | 3 lib/dynamic_debug.c | 6 net/bluetooth/l2cap_core.c | 3 net/bluetooth/sco.c | 4 net/bridge/br_forward.c | 9 net/core/net_namespace.c | 13 - net/core/rtnetlink.c | 2 net/core/skbuff.c | 28 +- net/core/sock.c | 4 net/ipv4/tcp.c | 4 net/ipv4/tcp_input.c | 2 net/ipv4/tcp_ipv4.c | 8 net/ipv4/tcp_output.c | 4 net/ipv4/udp_offload.c | 12 net/ipv4/xfrm4_input.c | 6 net/ipv6/fib6_rules.c | 6 net/ipv6/xfrm6_input.c | 6 net/l2tp/l2tp_eth.c | 3 net/mac80211/ieee80211_i.h | 4 net/mac80211/iface.c | 1 net/mac80211/rx.c | 1 net/nsh/nsh.c | 14 - net/phonet/pn_netlink.c | 2 net/sunrpc/clnt.c | 5 net/tipc/msg.c | 8 net/wireless/nl80211.c | 2 net/wireless/trace.h | 2 net/xfrm/xfrm_input.c | 8 security/keys/key.c | 3 sound/pci/hda/patch_realtek.c | 1 sound/soc/codecs/Kconfig | 18 - sound/soc/generic/Kconfig | 2 sound/soc/intel/boards/Kconfig | 2 sound/soc/meson/Kconfig | 3 sound/soc/pxa/Kconfig | 14 - sound/soc/tegra/tegra186_dspk.c | 7 sound/usb/line6/driver.c | 6 tools/power/x86/turbostat/turbostat.8 | 2 tools/power/x86/turbostat/turbostat.c | 7 tools/testing/selftests/timers/valid-adjtimex.c | 73 ++--- 122 files changed, 757 insertions(+), 510 deletions(-) Adam Goldman (1): firewire: ohci: mask bus reset interrupts between ISR and bottom half Alan Stern (1): usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device Aleksa Savic (3): hwmon: (corsair-cpro) Use a separate buffer for sending commands hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock Alexander Stein (1): eeprom: at24: Use dev_err_probe for nvmem register failure Alexander Usyskin (1): mei: me: add lunar lake point M DID Aman Dhoot (1): ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU Anand Jain (1): btrfs: return accurate error code on open failure in open_fs_devices() Andrew Price (1): gfs2: Fix invalid metadata access in punch_hole Andy Shevchenko (2): gpio: wcove: Use -ENOTSUPP consistently gpio: crystalcove: Use -ENOTSUPP consistently AngeloGioacchino Del Regno (1): regulator: mt6360: De-capitalize devicetree regulator subnodes Arnd Bergmann (1): power: rt9455: hide unused rt9455_boost_voltage_values Asbjørn Sloth Tønnesen (4): net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() net: qede: use return from qede_parse_flow_attr() for flower net: qede: use return from qede_parse_flow_attr() for flow_spec net: qede: use return from qede_parse_actions() Billy Tsai (1): pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T Boris Burkov (2): btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve btrfs: always clear PERTRANS metadata during commit Bui Quang Minh (2): bna: ensure the copied buf is NUL terminated octeontx2-af: avoid off-by-one read from userspace Bumyong Lee (1): dmaengine: pl330: issue_pending waits until WFP state Chen Ni (1): ata: sata_gemini: Check clk_enable() result Chen-Yu Tsai (3): pinctrl: mediatek: paris: Rework mtk_pinconf_{get,set} switch/case logic pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE Chris Wulff (1): usb: gadget: f_fs: Fix a race condition when processing setup packets. Christian A. Ehrhardt (2): usb: typec: ucsi: Check for notifications after init usb: typec: ucsi: Fix connector check on init Claudio Imbrenda (2): s390/mm: Fix storage key clearing for guest huge pages s390/mm: Fix clearing storage keys for huge pages Dan Carpenter (1): pinctrl: core: delete incorrect free in pinctrl_enable() Daniel Okazaki (1): eeprom: at24: fix memory corruption race condition David Bauer (1): net l2tp: drop flow hash on forward Dmitry Antipov (1): btrfs: fix kvcalloc() arguments order in btrfs_ioctl_send() Doug Berger (1): net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() Doug Smythies (1): tools/power turbostat: Fix added raw MSR output Duoming Zhou (2): Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout Eric Dumazet (3): tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets phonet: fix rtm_phonet_notify() skb allocation ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() Felix Fietkau (3): net: bridge: fix multicast-to-unicast with fraglist GSO net: core: reject skb_copy(_expand) for fraglist GSO skbs net: bridge: fix corrupted ethernet header on multicast-to-unicast Geert Uytterhoeven (1): ASoC: Fix 7/8 spaces indentation in Kconfig Greg Kroah-Hartman (1): Linux 5.10.217 Guenter Roeck (1): usb: ohci: Prevent missed ohci interrupts Hans de Goede (1): iio: accel: mxc4005: Interrupt handling fixes Heiner Kallweit (1): eeprom: at24: Probe for DDR3 thermal sensor in the SPD case Igor Artemiev (1): wifi: cfg80211: fix rdev_dump_mpp() arguments order Jan Dakinevich (1): pinctrl/meson: fix typo in PDM's pin name Jeff Johnson (1): wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc Jeff Layton (1): 9p: explicitly deny setlease attempts Jens Remus (1): s390/vdso: Add CFI for RA register to asm macro vdso_func Jernej Skrabec (1): clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change Jerome Brunet (1): ASoC: meson: cards: select SND_DYNAMIC_MINORS Jiaxun Yang (1): MIPS: scall: Save thread_info.syscall unconditionally on entry Jim Cromie (1): dyndbg: fix old BUG_ON in >control parser Joakim Sindholt (3): fs/9p: only translate RWX permissions for plain 9P2000 fs/9p: translate O_TRUNC into OTRUNC fs/9p: drop inodes immediately on non-.L too Johan Hovold (1): regulator: core: fix debugfs creation regression Johannes Berg (1): wifi: nl80211: don't free NULL coalescing rule John Stultz (1): selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior Josef Bacik (3): sunrpc: add a struct rpc_stats arg to rpc_create_args nfs: expose /proc/net/sunrpc/nfs in net namespaces nfs: make the rpc_stat per net namespace Justin Tee (1): scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic Kuniyuki Iwashima (3): nfs: Handle error of rpc_proc_register() in nfs_net_init(). nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Lakshmi Yadlapati (1): hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us Li Nan (1): md: fix kmemleak of rdev->serial Lyude Paul (1): drm/nouveau/dp: Don't probe eDP ports twice harder Marc Zyngier (1): KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id Marek Behún (1): net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 Maurizio Lombardi (1): scsi: target: Fix SELinux error when systemd-modules loads the target module Oliver Upton (1): KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() Paolo Abeni (1): tipc: fix UAF in error path Paul Davey (1): xfrm: Preserve vlan tags for transport mode software GRO Peiyang Wang (1): net: hns3: use appropriate barrier function after setting a bit value Peng Liu (1): tools/power turbostat: Fix Bzy_MHz documentation typo Peter Korsgaard (1): usb: gadget: composite: fix OS descriptors w_value logic Phil Elwell (1): net: bcmgenet: Reset RBUF on first open Ramona Gradinariu (1): iio:imu: adis16475: Fix sync mode setting Richard Gobert (1): net: gro: add flush check in udp_gro_receive_segment Rik van Riel (1): blk-iocost: avoid out of bounds shift Rob Herring (1): arm64: dts: qcom: Fix 'interrupt-map' parent address cells Roded Zats (1): rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Sameer Pujar (1): ASoC: tegra: Fix DSPK 16-bit playback Saurav Kashyap (1): scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload Sebastian Andrzej Siewior (2): cxgb4: Properly lock TX queue for the selftest. kcov: Remove kcov include from sched.h and move it to its users. Silvio Gissi (1): keys: Fix overwrite of key expiration on instantiation Stephen Boyd (1): clk: Don't hold prepare_lock when calling kref_put() Takashi Iwai (1): ALSA: line6: Zero-initialize message buffers Thadeu Lima de Souza Cascardo (1): net: fix out-of-bounds access in ops_init Thanassis Avgerinos (1): firewire: nosy: ensure user_length is taken into account when fetching packet contents Thierry Reding (1): gpu: host1x: Do not setup DMA for virtual devices Thinh Nguyen (2): usb: xhci-plat: Don't include xhci.h usb: dwc3: core: Prevent phy suspend during init Vanillan Wang (1): net:usb:qmi_wwan: support Rolling modules Vinod Koul (1): dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state" Xin Long (1): tipc: fix a possible memleak in tipc_buf_append Zack Rusin (1): drm/vmwgfx: Fix invalid reads in fence signaled events Zeng Heng (1): pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() linke li (1): net: mark racy access on sk->sk_rcvbuf

1 year, 4 months

1
1
0 0

Linux 5.4.276

by Greg Kroah-Hartman

I'm announcing the release of the 5.4.276 kernel. All users of the 5.4 kernel series must upgrade. The updated 5.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.4.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/mips/include/asm/ptrace.h | 2 arch/mips/kernel/asm-offsets.c | 1 arch/mips/kernel/ptrace.c | 15 - arch/mips/kernel/scall32-o32.S | 23 + arch/mips/kernel/scall64-n32.S | 3 arch/mips/kernel/scall64-n64.S | 3 arch/mips/kernel/scall64-o32.S | 33 +- arch/s390/mm/gmap.c | 2 arch/s390/mm/hugetlbpage.c | 2 drivers/ata/sata_gemini.c | 5 drivers/clk/clk.c | 12 drivers/clk/sunxi-ng/ccu-sun50i-h6.c | 19 + drivers/firewire/nosy.c | 6 drivers/firewire/ohci.c | 6 drivers/gpio/gpio-crystalcove.c | 2 drivers/gpio/gpio-wcove.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 drivers/gpu/host1x/bus.c | 8 drivers/net/dsa/mv88e6xxx/chip.c | 29 ++ drivers/net/dsa/mv88e6xxx/chip.h | 6 drivers/net/ethernet/broadcom/genet/bcmgenet.c | 16 - drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 4 drivers/net/ethernet/qlogic/qede/qede_filter.c | 15 - drivers/net/usb/qmi_wwan.c | 1 drivers/pinctrl/core.c | 8 drivers/pinctrl/devicetree.c | 10 drivers/pinctrl/mediatek/pinctrl-mt6765.c | 11 drivers/pinctrl/mediatek/pinctrl-mt8183.c | 7 drivers/pinctrl/mediatek/pinctrl-mtk-common-v2.c | 268 +++++++++++++++++++++ drivers/pinctrl/mediatek/pinctrl-mtk-common-v2.h | 16 + drivers/pinctrl/mediatek/pinctrl-paris.c | 281 +++++++++-------------- drivers/power/supply/rt9455_charger.c | 2 drivers/regulator/core.c | 27 +- drivers/scsi/bnx2fc/bnx2fc_tgt.c | 2 drivers/scsi/lpfc/lpfc.h | 1 drivers/scsi/lpfc/lpfc_scsi.c | 13 - drivers/target/target_core_configfs.c | 12 drivers/usb/gadget/composite.c | 6 drivers/usb/gadget/function/f_fs.c | 2 fs/9p/vfs_file.c | 2 fs/9p/vfs_inode.c | 5 fs/9p/vfs_super.c | 1 fs/btrfs/inode.c | 2 fs/btrfs/transaction.c | 2 fs/gfs2/bmap.c | 5 fs/nfs/client.c | 5 fs/nfs/inode.c | 13 - fs/nfs/internal.h | 2 fs/nfs/netns.h | 2 include/linux/skbuff.h | 15 + include/linux/sunrpc/clnt.h | 1 include/net/xfrm.h | 3 lib/dynamic_debug.c | 6 net/bluetooth/l2cap_core.c | 3 net/bluetooth/sco.c | 4 net/bridge/br_forward.c | 9 net/core/net_namespace.c | 13 - net/core/rtnetlink.c | 2 net/core/sock.c | 4 net/ipv4/tcp.c | 4 net/ipv4/tcp_input.c | 2 net/ipv4/tcp_ipv4.c | 8 net/ipv4/tcp_output.c | 4 net/ipv4/xfrm4_input.c | 6 net/ipv6/fib6_rules.c | 6 net/ipv6/xfrm6_input.c | 6 net/l2tp/l2tp_eth.c | 3 net/mac80211/ieee80211_i.h | 4 net/nsh/nsh.c | 14 - net/phonet/pn_netlink.c | 2 net/sunrpc/clnt.c | 5 net/tipc/msg.c | 8 net/wireless/nl80211.c | 2 net/wireless/trace.h | 2 net/xfrm/xfrm_input.c | 8 sound/usb/line6/driver.c | 6 tools/power/x86/turbostat/turbostat.8 | 2 tools/power/x86/turbostat/turbostat.c | 7 tools/testing/selftests/timers/valid-adjtimex.c | 73 ++--- 80 files changed, 762 insertions(+), 394 deletions(-) Adam Goldman (1): firewire: ohci: mask bus reset interrupts between ISR and bottom half Andrew Lunn (1): net: dsa: mv88e6xxx: Add number of MACs in the ATU Andrew Price (1): gfs2: Fix invalid metadata access in punch_hole Andy Shevchenko (2): gpio: wcove: Use -ENOTSUPP consistently gpio: crystalcove: Use -ENOTSUPP consistently Arnd Bergmann (1): power: rt9455: hide unused rt9455_boost_voltage_values Asbjørn Sloth Tønnesen (3): net: qede: use return from qede_parse_flow_attr() for flow_spec net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() net: qede: use return from qede_parse_flow_attr() for flower Boris Burkov (2): btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve btrfs: always clear PERTRANS metadata during commit Bui Quang Minh (1): bna: ensure the copied buf is NUL terminated Bumyong Lee (1): dmaengine: pl330: issue_pending waits until WFP state Chen Ni (1): ata: sata_gemini: Check clk_enable() result Chen-Yu Tsai (4): pinctrl: mediatek: paris: Fix PIN_CONFIG_BIAS_* readback pinctrl: mediatek: paris: Rework mtk_pinconf_{get,set} switch/case logic pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback Chris Wulff (1): usb: gadget: f_fs: Fix a race condition when processing setup packets. Claudio Imbrenda (2): s390/mm: Fix storage key clearing for guest huge pages s390/mm: Fix clearing storage keys for huge pages Dan Carpenter (2): pinctrl: core: delete incorrect free in pinctrl_enable() pinctrl: mediatek: Fix some off by one bugs David Bauer (1): net l2tp: drop flow hash on forward Doug Smythies (1): tools/power turbostat: Fix added raw MSR output Duoming Zhou (2): Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout Eric Dumazet (3): tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets phonet: fix rtm_phonet_notify() skb allocation ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() Felix Fietkau (2): net: bridge: fix multicast-to-unicast with fraglist GSO net: bridge: fix corrupted ethernet header on multicast-to-unicast Greg Kroah-Hartman (1): Linux 5.4.276 Hsin-Yi Wang (2): pinctrl: mediatek: Fix fallback call path pinctrl: mediatek: Fix fallback behavior for bias_set_combo Igor Artemiev (1): wifi: cfg80211: fix rdev_dump_mpp() arguments order Jeff Johnson (1): wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc Jeff Layton (1): 9p: explicitly deny setlease attempts Jernej Skrabec (1): clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change Jiaxun Yang (1): MIPS: scall: Save thread_info.syscall unconditionally on entry Jim Cromie (1): dyndbg: fix old BUG_ON in >control parser Joakim Sindholt (3): fs/9p: only translate RWX permissions for plain 9P2000 fs/9p: translate O_TRUNC into OTRUNC fs/9p: drop inodes immediately on non-.L too Johan Hovold (1): regulator: core: fix debugfs creation regression Johannes Berg (1): wifi: nl80211: don't free NULL coalescing rule John Stultz (1): selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior Josef Bacik (3): sunrpc: add a struct rpc_stats arg to rpc_create_args nfs: expose /proc/net/sunrpc/nfs in net namespaces nfs: make the rpc_stat per net namespace Justin Tee (1): scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic Kuniyuki Iwashima (3): nfs: Handle error of rpc_proc_register() in nfs_net_init(). nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Light Hsieh (6): pinctrl: mediatek: Check gpio pin number and use binary search in mtk_hw_pin_field_lookup() pinctrl: mediatek: Supporting driving setting without mapping current to register value pinctrl: mediatek: Refine mtk_pinconf_get() and mtk_pinconf_set() pinctrl: mediatek: Refine mtk_pinconf_get() pinctrl: mediatek: Backward compatible to previous Mediatek's bias-pull usage pinctrl: mediatek: remove shadow variable declaration Marek Behún (1): net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 Maurizio Lombardi (1): scsi: target: Fix SELinux error when systemd-modules loads the target module Paolo Abeni (1): tipc: fix UAF in error path Paul Davey (1): xfrm: Preserve vlan tags for transport mode software GRO Peng Liu (1): tools/power turbostat: Fix Bzy_MHz documentation typo Peter Korsgaard (1): usb: gadget: composite: fix OS descriptors w_value logic Phil Elwell (1): net: bcmgenet: Reset RBUF on first open Roded Zats (1): rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Saurav Kashyap (1): scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload Stephen Boyd (1): clk: Don't hold prepare_lock when calling kref_put() Takashi Iwai (1): ALSA: line6: Zero-initialize message buffers Thadeu Lima de Souza Cascardo (1): net: fix out-of-bounds access in ops_init Thanassis Avgerinos (1): firewire: nosy: ensure user_length is taken into account when fetching packet contents Thierry Reding (1): gpu: host1x: Do not setup DMA for virtual devices Vanillan Wang (1): net:usb:qmi_wwan: support Rolling modules Vinod Koul (1): dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state" Xin Long (1): tipc: fix a possible memleak in tipc_buf_append YueHaibing (1): pinctrl: mediatek: remove set but not used variable 'e' Zack Rusin (1): drm/vmwgfx: Fix invalid reads in fence signaled events Zeng Heng (1): pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() linke li (1): net: mark racy access on sk->sk_rcvbuf

1 year, 4 months

1
1
0 0

Linux 4.19.314

by Greg Kroah-Hartman

I'm announcing the release of the 4.19.314 kernel. All users of the 4.19 kernel series must upgrade. The updated 4.19.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.19.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/s390/mm/gmap.c | 2 arch/s390/mm/hugetlbpage.c | 2 drivers/ata/sata_gemini.c | 5 - drivers/firewire/nosy.c | 6 - drivers/firewire/ohci.c | 6 + drivers/gpio/gpio-crystalcove.c | 2 drivers/gpio/gpio-wcove.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 100 +++++++++++++---------- drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 drivers/net/dsa/mv88e6xxx/chip.c | 29 ++++++ drivers/net/dsa/mv88e6xxx/chip.h | 6 + drivers/net/ethernet/broadcom/genet/bcmgenet.c | 16 ++- drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 4 drivers/net/usb/qmi_wwan.c | 1 drivers/pinctrl/core.c | 8 - drivers/pinctrl/devicetree.c | 10 +- drivers/power/supply/rt9455_charger.c | 2 drivers/scsi/bnx2fc/bnx2fc_tgt.c | 2 drivers/scsi/lpfc/lpfc.h | 1 drivers/scsi/lpfc/lpfc_scsi.c | 13 -- drivers/target/target_core_configfs.c | 12 ++ drivers/usb/gadget/composite.c | 6 - drivers/usb/gadget/function/f_fs.c | 2 fs/9p/vfs_file.c | 2 fs/9p/vfs_inode.c | 5 - fs/9p/vfs_super.c | 1 fs/btrfs/inode.c | 2 fs/btrfs/transaction.c | 2 fs/gfs2/bmap.c | 5 - include/linux/etherdevice.h | 46 ++++++++++ include/net/af_unix.h | 5 - lib/dynamic_debug.c | 6 + net/bluetooth/l2cap_core.c | 3 net/bluetooth/sco.c | 4 net/bridge/br_forward.c | 9 +- net/core/net_namespace.c | 13 ++ net/core/rtnetlink.c | 2 net/core/sock.c | 4 net/ethernet/eth.c | 10 -- net/ipv4/tcp.c | 4 net/ipv4/tcp_input.c | 2 net/ipv4/tcp_ipv4.c | 8 + net/ipv4/tcp_output.c | 11 +- net/ipv6/fib6_rules.c | 6 + net/l2tp/l2tp_eth.c | 3 net/mac80211/ieee80211_i.h | 4 net/nsh/nsh.c | 14 +-- net/phonet/pn_netlink.c | 2 net/tipc/msg.c | 8 + net/unix/af_unix.c | 4 net/unix/garbage.c | 35 +++++--- net/unix/scm.c | 8 + net/wireless/nl80211.c | 2 sound/usb/line6/driver.c | 6 - tools/power/x86/turbostat/turbostat.8 | 2 tools/power/x86/turbostat/turbostat.c | 7 - tools/testing/selftests/timers/valid-adjtimex.c | 73 ++++++++-------- 58 files changed, 369 insertions(+), 190 deletions(-) Adam Goldman (1): firewire: ohci: mask bus reset interrupts between ISR and bottom half Andrew Lunn (1): net: dsa: mv88e6xxx: Add number of MACs in the ATU Andrew Price (1): gfs2: Fix invalid metadata access in punch_hole Andy Shevchenko (2): gpio: wcove: Use -ENOTSUPP consistently gpio: crystalcove: Use -ENOTSUPP consistently Arnd Bergmann (1): power: rt9455: hide unused rt9455_boost_voltage_values Boris Burkov (2): btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve btrfs: always clear PERTRANS metadata during commit Bui Quang Minh (1): bna: ensure the copied buf is NUL terminated Bumyong Lee (1): dmaengine: pl330: issue_pending waits until WFP state Chen Ni (1): ata: sata_gemini: Check clk_enable() result Chris Wulff (1): usb: gadget: f_fs: Fix a race condition when processing setup packets. Claudio Imbrenda (2): s390/mm: Fix storage key clearing for guest huge pages s390/mm: Fix clearing storage keys for huge pages Colin Ian King (1): tcp: remove redundant check on tskb Dan Carpenter (1): pinctrl: core: delete incorrect free in pinctrl_enable() David Bauer (1): net l2tp: drop flow hash on forward Doug Smythies (1): tools/power turbostat: Fix added raw MSR output Duoming Zhou (2): Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout Eric Dumazet (3): tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets phonet: fix rtm_phonet_notify() skb allocation ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() Eric Huang (1): drm/amdkfd: change system memory overcommit limit Felix Fietkau (2): net: bridge: fix multicast-to-unicast with fraglist GSO net: bridge: fix corrupted ethernet header on multicast-to-unicast Greg Kroah-Hartman (1): Linux 4.19.314 Jakub Kicinski (1): ethernet: add a helper for assigning port addresses Jeff Johnson (1): wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc Jeff Layton (1): 9p: explicitly deny setlease attempts Jim Cromie (1): dyndbg: fix old BUG_ON in >control parser Joakim Sindholt (3): fs/9p: only translate RWX permissions for plain 9P2000 fs/9p: translate O_TRUNC into OTRUNC fs/9p: drop inodes immediately on non-.L too Johannes Berg (1): wifi: nl80211: don't free NULL coalescing rule John Stultz (1): selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior Justin Tee (1): scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic Kuniyuki Iwashima (4): nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). af_unix: Do not use atomic ops for unix_sk(sk)->inflight. af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc(). Li RongQing (1): net: slightly optimize eth_type_trans Marek Behún (1): net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 Maurizio Lombardi (1): scsi: target: Fix SELinux error when systemd-modules loads the target module Michal Luczaj (1): af_unix: Fix garbage collector racing against connect() Mukul Joshi (1): drm/amdgpu: Fix leak when GPU memory allocation fails Paolo Abeni (1): tipc: fix UAF in error path Peng Liu (1): tools/power turbostat: Fix Bzy_MHz documentation typo Peter Korsgaard (1): usb: gadget: composite: fix OS descriptors w_value logic Phil Elwell (1): net: bcmgenet: Reset RBUF on first open Rahul Rameshbabu (1): ethernet: Add helper for assigning packet type when dest address does not match device address Roded Zats (1): rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Saurav Kashyap (1): scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload Takashi Iwai (1): ALSA: line6: Zero-initialize message buffers Thadeu Lima de Souza Cascardo (1): net: fix out-of-bounds access in ops_init Thanassis Avgerinos (1): firewire: nosy: ensure user_length is taken into account when fetching packet contents Vanillan Wang (1): net:usb:qmi_wwan: support Rolling modules Vinod Koul (1): dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state" Xin Long (1): tipc: fix a possible memleak in tipc_buf_append Zack Rusin (1): drm/vmwgfx: Fix invalid reads in fence signaled events Zeng Heng (1): pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() linke li (1): net: mark racy access on sk->sk_rcvbuf

1 year, 4 months

1
1
0 0

[PATCH] USB: xen-hcd: Traverse host/ when CONFIG_USB_XEN_HCD is selected

by John Ernberg

If no other USB HCDs are selected when compiling a small pure virutal machine, the Xen HCD driver cannot be built. Fix it by traversing down host/ if CONFIG_USB_XEN_HCD is selected. Fixes: 494ed3997d75 ("usb: Introduce Xen pvUSB frontend (xen hcd)") Cc: stable(a)vger.kernel.org # v5.17+ Signed-off-by: John Ernberg <john.ernberg(a)actia.se> --- drivers/usb/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/usb/Makefile b/drivers/usb/Makefile index 3a9a0dd4be70..949eca0adebe 100644 --- a/drivers/usb/Makefile +++ b/drivers/usb/Makefile @@ -35,6 +35,7 @@ obj-$(CONFIG_USB_R8A66597_HCD) += host/ obj-$(CONFIG_USB_FSL_USB2) += host/ obj-$(CONFIG_USB_FOTG210_HCD) += host/ obj-$(CONFIG_USB_MAX3421_HCD) += host/ +obj-$(CONFIG_USB_XEN_HCD) += host/ obj-$(CONFIG_USB_C67X00_HCD) += c67x00/ -- 2.45.0

1 year, 4 months

1
0
0 0

[PATCH v3] PCI: dw-rockchip: Fix initial PERST# GPIO value

by Niklas Cassel

PERST# is active low according to the PCIe specification. However, the existing pcie-dw-rockchip.c driver does: gpiod_set_value(..., 0); msleep(100); gpiod_set_value(..., 1); When asserting + deasserting PERST#. This is of course wrong, but because all the device trees for this compatible string have also incorrectly marked this GPIO as ACTIVE_HIGH: $ git grep -B 10 reset-gpios arch/arm64/boot/dts/rockchip/rk3568* $ git grep -B 10 reset-gpios arch/arm64/boot/dts/rockchip/rk3588* The actual toggling of PERST# is correct. (And we cannot change it anyway, since that would break device tree compatibility.) However, this driver does request the GPIO to be initialized as GPIOD_OUT_HIGH, which does cause a silly sequence where PERST# gets toggled back and forth for no good reason. Fix this by requesting the GPIO to be initialized as GPIOD_OUT_LOW (which for this driver means PERST# asserted). This will avoid an unnecessary signal change where PERST# gets deasserted (by devm_gpiod_get_optional()) and then gets asserted (by rockchip_pcie_start_link()) just a few instructions later. Before patch, debug prints on EP side, when booting RC: [ 845.606810] pci: PERST# asserted by host! [ 852.483985] pci: PERST# de-asserted by host! [ 852.503041] pci: PERST# asserted by host! [ 852.610318] pci: PERST# de-asserted by host! After patch, debug prints on EP side, when booting RC: [ 125.107921] pci: PERST# asserted by host! [ 132.111429] pci: PERST# de-asserted by host! This extra, very short, PERST# assertion + deassertion has been reported to cause issues with certain WLAN controllers, e.g. RTL8822CE. Fixes: 0e898eb8df4e ("PCI: rockchip-dwc: Add Rockchip RK356X host controller driver") Tested-by: Jianfeng Liu <liujianfeng1994(a)gmail.com> Tested-by: Heiko Stuebner <heiko(a)sntech.de> Signed-off-by: Niklas Cassel <cassel(a)kernel.org> Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Cc: stable(a)vger.kernel.org # 5.15+ --- Changes since v2: -Picked up tag from Heiko. -Change subject (Bjorn). -s/PERST/PERST#/ (Bjorn). drivers/pci/controller/dwc/pcie-dw-rockchip.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/pci/controller/dwc/pcie-dw-rockchip.c b/drivers/pci/controller/dwc/pcie-dw-rockchip.c index d6842141d384..a909e42b4273 100644 --- a/drivers/pci/controller/dwc/pcie-dw-rockchip.c +++ b/drivers/pci/controller/dwc/pcie-dw-rockchip.c @@ -240,7 +240,7 @@ static int rockchip_pcie_resource_get(struct platform_device *pdev, return PTR_ERR(rockchip->apb_base); rockchip->rst_gpio = devm_gpiod_get_optional(&pdev->dev, "reset", - GPIOD_OUT_HIGH); + GPIOD_OUT_LOW); if (IS_ERR(rockchip->rst_gpio)) return PTR_ERR(rockchip->rst_gpio); -- 2.44.0

1 year, 4 months

4
3
0 0

[PATCH] PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio

by Manivannan Sadhasivam

Rockchip platforms use 'GPIO_ACTIVE_HIGH' flag in the devicetree definition for ep_gpio. This means, whatever the logical value set by the driver for the ep_gpio, physical line will output the same logic level. For instance, gpiod_set_value_cansleep(rockchip->ep_gpio, 0); --> Level low gpiod_set_value_cansleep(rockchip->ep_gpio, 1); --> Level high But while requesting the ep_gpio, GPIOD_OUT_HIGH flag is currently used. Now, this also causes the physical line to output 'high' creating trouble for endpoint devices during host reboot. When host reboot happens, the ep_gpio will initially output 'low' due to the GPIO getting reset to its POR value. Then during host controller probe, it will output 'high' due to GPIOD_OUT_HIGH flag. Then during rockchip_pcie_host_init_port(), it will first output 'low' and then 'high' indicating the completion of controller initialization. On the endpoint side, each output 'low' of ep_gpio is accounted for PERST# assert and 'high' for PERST# deassert. With the above mentioned flow during host reboot, endpoint will witness below state changes for PERST#: (1) PERST# assert - GPIO POR state (2) PERST# deassert - GPIOD_OUT_HIGH while requesting GPIO (3) PERST# assert - rockchip_pcie_host_init_port() (4) PERST# deassert - rockchip_pcie_host_init_port() Now the time interval between (2) and (3) is very short as both happen during the driver probe(), and this results in a race in the endpoint. Because, before completing the PERST# deassertion in (2), endpoint got another PERST# assert in (3). A proper way to fix this issue is to change the GPIOD_OUT_HIGH flag in (2) to GPIOD_OUT_LOW. Because the usual convention is to request the GPIO with a state corresponding to its 'initial/default' value and let the driver change the state of the GPIO when required. As per that, the ep_gpio should be requested with GPIOD_OUT_LOW as it corresponds to the POR value of '0' (PERST# assert in the endpoint). Then the driver can change the state of the ep_gpio later in rockchip_pcie_host_init_port() as per the initialization sequence. This fixes the firmware crash issue in Qcom based modems connected to Rockpro64 based board. Cc: <stable(a)vger.kernel.org> # 4.9 Reported-by: Slark Xiao <slark_xiao(a)163.com> Closes: https://lore.kernel.org/mhi/20240402045647.GG2933@thinkpad/ Fixes: e77f847df54c ("PCI: rockchip: Add Rockchip PCIe controller support") Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> --- drivers/pci/controller/pcie-rockchip.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/pci/controller/pcie-rockchip.c b/drivers/pci/controller/pcie-rockchip.c index 0ef2e622d36e..c07d7129f1c7 100644 --- a/drivers/pci/controller/pcie-rockchip.c +++ b/drivers/pci/controller/pcie-rockchip.c @@ -121,7 +121,7 @@ int rockchip_pcie_parse_dt(struct rockchip_pcie *rockchip) if (rockchip->is_rc) { rockchip->ep_gpio = devm_gpiod_get_optional(dev, "ep", - GPIOD_OUT_HIGH); + GPIOD_OUT_LOW); if (IS_ERR(rockchip->ep_gpio)) return dev_err_probe(dev, PTR_ERR(rockchip->ep_gpio), "failed to get ep GPIO\n"); --- base-commit: 4cece764965020c22cff7665b18a012006359095 change-id: 20240416-pci-rockchip-perst-fix-88c922621d9a Best regards, -- Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org>

1 year, 4 months

4
4
0 0

[PATCH] PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id

by Rick Wertenbroek

Remove wrong mask on subsys_vendor_id. Both the Vendor ID and Subsystem Vendor ID are u16 variables and are written to a u32 register of the controller. The Subsystem Vendor ID was always 0 because the u16 value was masked incorrectly with GENMASK(31,16) resulting in all lower 16 bits being set to 0 prior to the shift. Remove both masks as they are unnecessary and set the register correctly i.e., the lower 16-bits are the Vendor ID and the upper 16-bits are the Subsystem Vendor ID. This is documented in the RK3399 TRM section 17.6.7.1.17 Fixes: cf590b078391 ("PCI: rockchip: Add EP driver for Rockchip PCIe controller") Signed-off-by: Rick Wertenbroek <rick.wertenbroek(a)gmail.com> Cc: stable(a)vger.kernel.org --- drivers/pci/controller/pcie-rockchip-ep.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/drivers/pci/controller/pcie-rockchip-ep.c b/drivers/pci/controller/pcie-rockchip-ep.c index c9046e97a1d2..37d4bcb8bd5b 100644 --- a/drivers/pci/controller/pcie-rockchip-ep.c +++ b/drivers/pci/controller/pcie-rockchip-ep.c @@ -98,10 +98,9 @@ static int rockchip_pcie_ep_write_header(struct pci_epc *epc, u8 fn, u8 vfn, /* All functions share the same vendor ID with function 0 */ if (fn == 0) { - u32 vid_regs = (hdr->vendorid & GENMASK(15, 0)) | - (hdr->subsys_vendor_id & GENMASK(31, 16)) << 16; - - rockchip_pcie_write(rockchip, vid_regs, + rockchip_pcie_write(rockchip, + hdr->vendorid | + hdr->subsys_vendor_id << 16, PCIE_CORE_CONFIG_VENDOR); } -- 2.25.1

1 year, 4 months

4
5
0 0

[PATCH v3 1/2] x86/sgx: Resolve EAUG race where losing thread returns SIGBUS

by Dmitrii Kuvaiskii

Imagine an mmap()'d file. Two threads touch the same address at the same time and fault. Both allocate a physical page and race to install a PTE for that page. Only one will win the race. The loser frees its page, but still continues handling the fault as a success and returns VM_FAULT_NOPAGE from the fault handler. The same race can happen with SGX. But there's a bug: the loser in the SGX steers into a failure path. The loser EREMOVE's the winner's EPC page, then returns SIGBUS, likely killing the app. Fix the SGX loser's behavior. Change the return code to VM_FAULT_NOPAGE to avoid SIGBUS and call sgx_free_epc_page() which avoids EREMOVE'ing the winner's page and only frees the page that the loser allocated. The race can be illustrated as follows: /* /* * Fault on CPU1 * Fault on CPU2 * on enclave page X * on enclave page X */ */ sgx_vma_fault() { sgx_vma_fault() { xa_load(&encl->page_array) xa_load(&encl->page_array) == NULL --> == NULL --> sgx_encl_eaug_page() { sgx_encl_eaug_page() { ... ... /* /* * alloc encl_page * alloc encl_page */ */ mutex_lock(&encl->lock); /* * alloc EPC page */ epc_page = sgx_alloc_epc_page(...); /* * add page to enclave's xarray */ xa_insert(&encl->page_array, ...); /* * add page to enclave via EAUG * (page is in pending state) */ /* * add PTE entry */ vmf_insert_pfn(...); mutex_unlock(&encl->lock); return VM_FAULT_NOPAGE; } } /* * All good up to here: enclave page * successfully added to enclave, * ready for EACCEPT from user space */ mutex_lock(&encl->lock); /* * alloc EPC page */ epc_page = sgx_alloc_epc_page(...); /* * add page to enclave's xarray, * this fails with -EBUSY as this * page was already added by CPU2 */ xa_insert(&encl->page_array, ...); err_out_shrink: sgx_encl_free_epc_page(epc_page) { /* * remove page via EREMOVE * * *BUG*: page added by CPU2 is * yanked from enclave while it * remains accessible from OS * perspective (PTE installed) */ /* * free EPC page */ sgx_free_epc_page(epc_page); } mutex_unlock(&encl->lock); /* * *BUG*: SIGBUS is returned * for a valid enclave page */ return VM_FAULT_SIGBUS; } } Fixes: 5a90d2c3f5ef ("x86/sgx: Support adding of pages to an initialized enclave") Cc: stable(a)vger.kernel.org Reported-by: Marcelina Kościelnicka <mwk(a)invisiblethingslab.com> Suggested-by: Reinette Chatre <reinette.chatre(a)intel.com> Signed-off-by: Dmitrii Kuvaiskii <dmitrii.kuvaiskii(a)intel.com> Reviewed-by: Haitao Huang <haitao.huang(a)linux.intel.com> Reviewed-by: Jarkko Sakkinen <jarkko(a)kernel.org> Reviewed-by: Reinette Chatre <reinette.chatre(a)intel.com> --- arch/x86/kernel/cpu/sgx/encl.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c index 279148e72459..41f14b1a3025 100644 --- a/arch/x86/kernel/cpu/sgx/encl.c +++ b/arch/x86/kernel/cpu/sgx/encl.c @@ -382,8 +382,11 @@ static vm_fault_t sgx_encl_eaug_page(struct vm_area_struct *vma, * If ret == -EBUSY then page was created in another flow while * running without encl->lock */ - if (ret) + if (ret) { + if (ret == -EBUSY) + vmret = VM_FAULT_NOPAGE; goto err_out_shrink; + } pginfo.secs = (unsigned long)sgx_get_epc_virt_addr(encl->secs.epc_page); pginfo.addr = encl_page->desc & PAGE_MASK; @@ -419,7 +422,7 @@ static vm_fault_t sgx_encl_eaug_page(struct vm_area_struct *vma, err_out_shrink: sgx_encl_shrink(encl, va_page); err_out_epc: - sgx_encl_free_epc_page(epc_page); + sgx_free_epc_page(epc_page); err_out_unlock: mutex_unlock(&encl->lock); kfree(encl_page); -- 2.34.1

1 year, 4 months

1
0
0 0

[PATCH 6.1 000/244] 6.1.91-rc3 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.91 release. There are 244 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 18 May 2024 09:11:43 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.91-rc3… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.91-rc3 Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize UMAC_CMD access Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access Florian Fainelli <f.fainelli(a)gmail.com> net: bcmgenet: Clear RGMII_LINK upon link down Li Nan <linan122(a)huawei.com> md: fix kmemleak of rdev->serial Oscar Salvador <osalvador(a)suse.de> mm,swapops: update check in is_pfn_swap_entry for hwpoison entries Miaohe Lin <linmiaohe(a)huawei.com> mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() Qu Wenruo <wqu(a)suse.com> btrfs: do not wait for short bulk allocation Silvio Gissi <sifonsec(a)amazon.com> keys: Fix overwrite of key expiration on instantiation Nikhil Rao <nikhil.rao(a)intel.com> dmaengine: idxd: add a write() method for applications to submit work Arjan van de Ven <arjan(a)linux.intel.com> dmaengine: idxd: add a new security check to deal with a hardware erratum Arjan van de Ven <arjan(a)linux.intel.com> VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix firmware check error path Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix info leak when fetching fw build id Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix info leak when fetching board id Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix NVM configuration parsing Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: add missing firmware sanity checks Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: do not grant v2 lease if parent lease key and epoch are not set Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: avoid to send duplicate lease break notifications Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: off ipv6only for both ipv4/ipv6 binding Conor Dooley <conor.dooley(a)microchip.com> spi: microchip-core-qspi: fix setting spi bus clock rate Johan Hovold <johan+linaro(a)kernel.org> regulator: core: fix debugfs creation regression Kefeng Wang <wangkefeng.wang(a)huawei.com> mm: use memalloc_nofs_save() in page_cache_ra_order() Lakshmi Yadlapati <lakshmiy(a)us.ibm.com> hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> net: fix out-of-bounds access in ops_init George Shen <george.shen(a)amd.com> drm/amd/display: Handle Y carry-over in VCP X.Y calculation Karthikeyan Ramasubramanian <kramasub(a)chromium.org> drm/i915/bios: Fix parsing backlight BDB data Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix invalid reads in fence signaled events Alex Deucher <alexander.deucher(a)amd.com> drm/amdkfd: don't allow mapping the MMIO HDP page with large pages Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add lunar lake point M DID Viken Dadhaniya <quic_vdadhani(a)quicinc.com> slimbus: qcom-ngd-ctrl: Add timeout for wait operation Jim Cromie <jim.cromie(a)gmail.com> dyndbg: fix old BUG_ON in >control parser Joao Paulo Goncalves <joao.goncalves(a)toradex.com> ASoC: ti: davinci-mcasp: Fix race condition during probe Sameer Pujar <spujar(a)nvidia.com> ASoC: tegra: Fix DSPK 16-bit playback Paolo Abeni <pabeni(a)redhat.com> tipc: fix UAF in error path Alexander Potapenko <glider(a)google.com> kmsan: compiler_types: declare __no_sanitize_or_inline Hans de Goede <hdegoede(a)redhat.com> iio: accel: mxc4005: Interrupt handling fixes Ramona Gradinariu <ramona.bolboaca13(a)gmail.com> iio:imu: adis16475: Fix sync mode setting Javier Carrasco <javier.carrasco.cruz(a)gmail.com> dt-bindings: iio: health: maxim,max30102: fix compatible check Paolo Abeni <pabeni(a)redhat.com> mptcp: ensure snd_nxt is properly initialized on connect Dan Carpenter <dan.carpenter(a)linaro.org> mm/slab: make __free(kfree) accept error pointers Dominique Martinet <dominique.martinet(a)atmark-techno.com> btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() Aman Dhoot <amandhoot12(a)gmail.com> ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU Badhri Jagan Sridharan <badhri(a)google.com> usb: typec: tcpm: Check for port partner validity before consuming it Amit Sunil Dhamne <amitsd(a)google.com> usb: typec: tcpm: unregister existing source caps before re-registration Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: core: Prevent phy suspend during init Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: xhci-plat: Don't include xhci.h Chris Wulff <Chris.Wulff(a)biamp.com> usb: gadget: f_fs: Fix a race condition when processing setup packets. Peter Korsgaard <peter(a)korsgaard.com> usb: gadget: composite: fix OS descriptors w_value logic Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix access violation during port device removal Guenter Roeck <linux(a)roeck-us.net> usb: ohci: Prevent missed ohci interrupts Alan Stern <stern(a)rowland.harvard.edu> usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Fix connector check on init Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Check for notifications after init Benno Lossin <benno.lossin(a)proton.me> rust: macros: fix soundness issue in `module!` macro Thomas Bertschinger <tahbertschinger(a)gmail.com> rust: module: place generated init_module() function in .init.text Andrea Righi <andrea.righi(a)canonical.com> btf, scripts: rust: drop is_rust_module.sh Andrea Righi <andrea.righi(a)canonical.com> rust: fix regexp in scripts/is_rust_module.sh Asahi Lina <lina(a)asahilina.net> rust: error: Rename to_kernel_errno() -> to_errno() Linus Torvalds <torvalds(a)linux-foundation.org> Reapply "drm/qxl: simplify qxl_fence_wait" Thanassis Avgerinos <thanassis.avgerinos(a)gmail.com> firewire: nosy: ensure user_length is taken into account when fetching packet contents Dmitry Antipov <dmantipov(a)yandex.ru> btrfs: fix kvcalloc() arguments order in btrfs_ioctl_send() Christian König <christian.koenig(a)amd.com> drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 Leah Rumancik <leah.rumancik(a)gmail.com> MAINTAINERS: add leah to 6.1 MAINTAINERS file Gabe Teeger <gabe.teeger(a)amd.com> drm/amd/display: Atom Integrated System Info v2_2 for DCN35 Kent Gibson <warthog618(a)gmail.com> gpiolib: cdev: fix uninitialised kfifo Kent Gibson <warthog618(a)gmail.com> gpiolib: cdev: relocate debounce_period_us from struct gpio_desc Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: cdev: Add missing header(s) Mario Limonciello <mario.limonciello(a)amd.com> dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users Douglas Anderson <dianders(a)chromium.org> drm/connector: Add \n to message about demoting connector force-probes Jerome Brunet <jbrunet(a)baylibre.com> drm/meson: dw-hdmi: add bandgap setting for g12 Jerome Brunet <jbrunet(a)baylibre.com> drm/meson: dw-hdmi: power up phy on device init Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix kernel crash when devlink reload during initialization Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix port vlan filter not disabled issue Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: use appropriate barrier function after setting a bit value Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: release PTP resources if pf initialization failed Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: change type of numa_node_mask as nodemask_t Jian Shen <shenjian15(a)huawei.com> net: hns3: direct return when receive a unknown mailbox message Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: using user configure after hardware reset Wen Gu <guwen(a)linux.alibaba.com> net/smc: fix neighbour and rtable leak in smc_ib_find_route() Eric Dumazet <edumazet(a)google.com> ipv6: prevent NULL dereference in ip6_output() Eric Dumazet <edumazet(a)google.com> ipv6: annotate data-races around cnf.disable_ipv6 Lukasz Majewski <lukma(a)denx.de> hsr: Simplify code for announcing HSR nodes timer setup Eric Dumazet <edumazet(a)google.com> net-sysfs: convert dev->operstate reads to lockless ones Thomas Gleixner <tglx(a)linutronix.de> timers: Rename del_timer() to timer_delete() Thomas Gleixner <tglx(a)linutronix.de> timers: Get rid of del_singleshot_timer_sync() Eric Dumazet <edumazet(a)google.com> ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() Felix Fietkau <nbd(a)nbd.name> net: bridge: fix corrupted ethernet header on multicast-to-unicast Eric Dumazet <edumazet(a)google.com> phonet: fix rtm_phonet_notify() skb allocation Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use a separate buffer for sending commands Roded Zats <rzats(a)paloaltonetworks.com> rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Marek Vasut <marex(a)denx.de> net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout Sungwoo Kim <iam(a)sung-woo.kim> Bluetooth: msft: fix slab-use-after-free in msft_do_close() Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Eric Dumazet <edumazet(a)google.com> tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets Boy.Wu <boy.wu(a)mediatek.com> ARM: 9381/1: kasan: clear stale stack poison Paul Davey <paul.davey(a)alliedtelesis.co.nz> xfrm: Preserve vlan tags for transport mode software GRO Al Viro <viro(a)zeniv.linux.org.uk> qibfs: fix dentry leak Namhyung Kim <namhyung(a)kernel.org> perf unwind-libdw: Handle JIT-generated DSOs properly Namhyung Kim <namhyung(a)kernel.org> perf unwind-libunwind: Fix base address for .eh_frame Geert Uytterhoeven <geert+renesas(a)glider.be> spi: Merge spi_controller.{slave,target}_abort() Miguel Ojeda <ojeda(a)kernel.org> kbuild: rust: avoid creating temporary files Vanillan Wang <vanillanwang(a)163.com> net:usb:qmi_wwan: support Rolling modules Lyude Paul <lyude(a)redhat.com> drm/nouveau/dp: Don't probe eDP ports twice harder Joakim Sindholt <opensource(a)zhasha.com> fs/9p: drop inodes immediately on non-.L too Stephen Boyd <sboyd(a)kernel.org> clk: Don't hold prepare_lock when calling kref_put() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: crystalcove: Use -ENOTSUPP consistently Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: wcove: Use -ENOTSUPP consistently Jeff Layton <jlayton(a)kernel.org> 9p: explicitly deny setlease attempts Joakim Sindholt <opensource(a)zhasha.com> fs/9p: translate O_TRUNC into OTRUNC Joakim Sindholt <opensource(a)zhasha.com> fs/9p: only translate RWX permissions for plain 9P2000 Krzysztof Kozlowski <krzk(a)kernel.org> iommu: mtk: fix module autoloading Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted Rick Edgecombe <rick.p.edgecombe(a)intel.com> uio_hv_generic: Don't free decrypted memory Rick Edgecombe <rick.p.edgecombe(a)intel.com> Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl John Stultz <jstultz(a)google.com> selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Refine IB schedule error logging Justin Ernst <justin.ernst(a)hpe.com> tools/power/turbostat: Fix uncore frequency file string Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: scall: Save thread_info.syscall unconditionally on entry Thierry Reding <treding(a)nvidia.com> gpu: host1x: Do not setup DMA for virtual devices Rik van Riel <riel(a)surriel.com> blk-iocost: avoid out of bounds shift Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix SELinux error when systemd-modules loads the target module Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `BIT' Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `panic' Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `early_pfn_to_nid' Boris Burkov <boris(a)bur.io> btrfs: always clear PERTRANS metadata during commit Boris Burkov <boris(a)bur.io> btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve Peng Liu <liupeng17(a)lenovo.com> tools/power turbostat: Fix Bzy_MHz documentation typo Wyes Karny <wyes.karny(a)amd.com> tools/power turbostat: Increase the limit for fd opened Doug Smythies <dsmythies(a)telus.net> tools/power turbostat: Fix added raw MSR output Adam Goldman <adamg(a)pobox.com> firewire: ohci: mask bus reset interrupts between ISR and bottom half Chen Ni <nichen(a)iscas.ac.cn> ata: sata_gemini: Check clk_enable() result Phil Elwell <phil(a)raspberrypi.com> net: bcmgenet: Reset RBUF on first open Li Nan <linan122(a)huawei.com> block: fix overflow in blk_ioctl_discard() Takashi Iwai <tiwai(a)suse.de> ALSA: line6: Zero-initialize message buffers Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: WLUN suspend dev/link state error recovery Borislav Petkov (AMD) <bp(a)alien8.de> kbuild: Disable KCSAN for autogenerated *.mod.c intermediaries Andrei Matei <andreimatei1(a)gmail.com> bpf: Check bloom filter map value size Anand Jain <anand.jain(a)oracle.com> btrfs: return accurate error code on open failure in open_fs_devices() Saurav Kashyap <skashyap(a)marvell.com> scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> scsi: mpi3mr: Avoid memcpy field-spanning write WARNING linke li <lilinke99(a)qq.com> net: mark racy access on sk->sk_rcvbuf Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> wifi: cfg80211: fix rdev_dump_mpp() arguments order Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc Andrew Price <anprice(a)redhat.com> gfs2: Fix invalid metadata access in punch_hole Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Move NPIV's transport unregistration to after resource clean up Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() Marc Zyngier <maz(a)kernel.org> KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id Gaurav Batra <gbatra(a)linux.ibm.com> powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE Nayna Jain <nayna(a)linux.ibm.com> powerpc/pseries: make max polling consistent for longer H_CALLs Russell Currey <ruscur(a)russell.cc> powerpc/pseries: Move PLPKS constants to header file Nayna Jain <nayna(a)linux.ibm.com> powerpc/pseries: replace kmalloc with kzalloc in PLPKS driver Jernej Skrabec <jernej.skrabec(a)gmail.com> clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change Richard Gobert <richardbgobert(a)gmail.com> net: gro: add flush check in udp_gro_receive_segment Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Use predefined error codes Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Respect deferred probe Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: Fix kernel panic after setting hsuid Guillaume Nault <gnault(a)redhat.com> vxlan: Pull inner IP header in vxlan_rcv(). Xin Long <lucien.xin(a)gmail.com> tipc: fix a possible memleak in tipc_buf_append Felix Fietkau <nbd(a)nbd.name> net: core: reject skb_copy(_expand) for fraglist GSO skbs Felix Fietkau <nbd(a)nbd.name> net: bridge: fix multicast-to-unicast with fraglist GSO Mans Rullgard <mans(a)mansr.com> spi: fix null pointer dereference within spi_sync Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> cxgb4: Properly lock TX queue for the selftest. Bui Quang Minh <minhquangbui99(a)gmail.com> s390/cio: Ensure the copied buf is NUL terminated Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: cards: select SND_DYNAMIC_MINORS Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-tdm-interface: manage formatters in trigger Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-card: make links nonatomic Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-fifo: use threaded irq to check periods Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-fifo: use FIELD helpers Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_actions() Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flow_spec Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flower Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() Jens Remus <jremus(a)linux.ibm.com> s390/vdso: Add CFI for RA register to asm macro vdso_func David Bauer <mail(a)david-bauer.net> net l2tp: drop flow hash on forward Kuniyuki Iwashima <kuniyu(a)amazon.com> nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). Bui Quang Minh <minhquangbui99(a)gmail.com> octeontx2-af: avoid off-by-one read from userspace Bui Quang Minh <minhquangbui99(a)gmail.com> bna: ensure the copied buf is NUL terminated Toke Høiland-Jørgensen <toke(a)redhat.com> xdp: use flags field to disambiguate broadcast redirect Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix clearing storage keys for huge pages Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix storage key clearing for guest huge pages Xu Kuohai <xukuohai(a)huawei.com> bpf, arm64: Fix incorrect runtime stats Devyn Liu <liudingyuan(a)huawei.com> spi: hisi-kunpeng: Delete the dump interface of data registers in debugfs David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: fix version format string David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: use common AXI macros David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: move msg state to new struct David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: use devm_spi_alloc_host() David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: simplify driver data allocation Li Zetao <lizetao1(a)huawei.com> spi: spi-axi-spi-engine: Use helper function devm_clk_get_enabled() Yang Yingliang <yangyingliang(a)huawei.com> spi: spi-axi-spi-engine: switch to use modern name Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> spi: axi-spi-engine: Convert to platform remove callback returning void Yang Yingliang <yangyingliang(a)huawei.com> spi: introduce new helpers with using modern naming Anton Protopopov <aspsk(a)isovalent.com> bpf: Fix a verifier verbose message Yi Zhang <yi.zhang(a)redhat.com> nvme: fix warn output about shared namespaces without CONFIG_NVME_MULTIPATH Jason Xing <kernelxing(a)tencent.com> bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Andrii Nakryiko <andrii(a)kernel.org> bpf, kconfig: Fix DEBUG_INFO_BTF_MODULES Kconfig definition Matti Vaittinen <mazziesaccount(a)gmail.com> regulator: change devm_regulator_get_enable_optional() stub to return Ok Matti Vaittinen <mazziesaccount(a)gmail.com> regulator: change stubbed devm_regulator_get_enable to return Ok AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> regulator: mt6360: De-capitalize devicetree regulator subnodes Zeng Heng <zengheng4(a)huawei.com> pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> power: supply: mt6360_charger: Fix of_match for usb-otg-vbus regulator Arnd Bergmann <arnd(a)arndb.de> power: rt9455: hide unused rt9455_boost_voltage_values Hans de Goede <hdegoede(a)redhat.com> pinctrl: baytrail: Fix selecting gpio pinctrl state Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: intel: Make use of struct pinfunction and PINCTRL_PINFUNCTION() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: Introduce struct pinfunction and PINCTRL_PINFUNCTION() macro Kuniyuki Iwashima <kuniyu(a)amazon.com> nfs: Handle error of rpc_proc_register() in nfs_net_init(). Josef Bacik <josef(a)toxicpanda.com> nfs: make the rpc_stat per net namespace Josef Bacik <josef(a)toxicpanda.com> nfs: expose /proc/net/sunrpc/nfs in net namespaces Josef Bacik <josef(a)toxicpanda.com> sunrpc: add a struct rpc_stats arg to rpc_create_args Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback Dan Carpenter <dan.carpenter(a)linaro.org> pinctrl: core: delete incorrect free in pinctrl_enable() Jan Dakinevich <jan.dakinevich(a)salutedevices.com> pinctrl/meson: fix typo in PDM's pin name Billy Tsai <billy_tsai(a)aspeedtech.com> pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T Steve French <stfrench(a)microsoft.com> smb3: missing lock when picking channel Shyam Prasad N <sprasad(a)microsoft.com> cifs: use the least loaded channel for sending requests Masahiro Yamada <masahiroy(a)kernel.org> kbuild: specify output names separately for each emission type from rustc Masahiro Yamada <masahiroy(a)kernel.org> kbuild: refactor host*_flags Peter Xu <peterx(a)redhat.com> mm/hugetlb: fix missing hugetlb_lock for resv uncharge Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm/hugetlb_cgroup: convert hugetlb_cgroup_uncharge_page() to folios Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm/hugetlb: convert free_huge_page to folios Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm/hugetlb_cgroup: convert hugetlb_cgroup_from_page() to folios Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm/hugetlb_cgroup: convert __set_hugetlb_cgroup() to folios Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm/hugetlb: add folio_hstate() Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm/hugetlb: add hugetlb_folio_subpool() helpers Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm: add private field of first tail to struct page and struct folio Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm/hugetlb: add folio support to hugetlb specific flag macros Tim Jiang <quic_tjiang(a)quicinc.com> Bluetooth: qca: add support for QCA2066 Daniel Okazaki <dtokazaki(a)google.com> eeprom: at24: fix memory corruption race condition Heiner Kallweit <hkallweit1(a)gmail.com> eeprom: at24: Probe for DDR3 thermal sensor in the SPD case Alexander Stein <alexander.stein(a)ew.tq-group.com> eeprom: at24: Use dev_err_probe for nvmem register failure Wedson Almeida Filho <walmeida(a)microsoft.com> rust: kernel: require `Send` for `Module` implementations Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: don't free NULL coalescing rule Vinod Koul <vkoul(a)kernel.org> dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state" Bumyong Lee <bumyong.lee(a)samsung.com> dmaengine: pl330: issue_pending waits until WFP state ------------- Diffstat: .../bindings/iio/health/maxim,max30102.yaml | 2 +- MAINTAINERS | 1 + Makefile | 4 +- arch/arm/kernel/sleep.S | 4 + arch/arm64/kvm/vgic/vgic-kvm-device.c | 12 +- arch/arm64/net/bpf_jit_comp.c | 6 +- arch/mips/include/asm/ptrace.h | 2 +- arch/mips/kernel/asm-offsets.c | 1 + arch/mips/kernel/ptrace.c | 15 +- arch/mips/kernel/scall32-o32.S | 23 +- arch/mips/kernel/scall64-n32.S | 3 +- arch/mips/kernel/scall64-n64.S | 3 +- arch/mips/kernel/scall64-o32.S | 33 +-- arch/powerpc/platforms/pseries/iommu.c | 8 + arch/powerpc/platforms/pseries/plpks.c | 62 ++--- arch/powerpc/platforms/pseries/plpks.h | 35 ++- arch/s390/include/asm/dwarf.h | 1 + arch/s390/kernel/vdso64/vdso_user_wrapper.S | 2 + arch/s390/mm/gmap.c | 2 +- arch/s390/mm/hugetlbpage.c | 2 +- block/blk-iocost.c | 7 +- block/ioctl.c | 5 +- drivers/ata/sata_gemini.c | 5 +- drivers/bluetooth/btqca.c | 162 +++++++++++- drivers/bluetooth/btqca.h | 6 +- drivers/bluetooth/hci_qca.c | 11 + drivers/char/tpm/tpm-dev-common.c | 4 +- drivers/clk/clk.c | 12 +- drivers/clk/sunxi-ng/ccu-sun50i-h6.c | 19 +- drivers/dma/idxd/cdev.c | 77 ++++++ drivers/dma/idxd/idxd.h | 3 + drivers/dma/idxd/init.c | 4 + drivers/dma/idxd/registers.h | 3 - drivers/dma/idxd/sysfs.c | 27 +- drivers/firewire/nosy.c | 6 +- drivers/firewire/ohci.c | 6 +- drivers/gpio/gpio-crystalcove.c | 2 +- drivers/gpio/gpio-wcove.c | 2 +- drivers/gpio/gpiolib-cdev.c | 183 ++++++++++++-- drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 14 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 52 ++-- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 7 +- drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 1 + .../display/dc/dcn31/dcn31_hpo_dp_link_encoder.c | 6 + .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c | 2 +- drivers/gpu/drm/drm_connector.c | 2 +- drivers/gpu/drm/i915/display/intel_bios.c | 19 +- drivers/gpu/drm/i915/display/intel_vbt_defs.h | 5 - drivers/gpu/drm/meson/meson_dw_hdmi.c | 70 +++--- drivers/gpu/drm/nouveau/nouveau_dp.c | 13 +- drivers/gpu/drm/panel/panel-ilitek-ili9341.c | 8 +- drivers/gpu/drm/qxl/qxl_release.c | 50 +--- drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 +- drivers/gpu/host1x/bus.c | 8 - drivers/hv/channel.c | 29 ++- drivers/hwmon/corsair-cpro.c | 43 +++- drivers/hwmon/pmbus/ucd9000.c | 6 +- drivers/iio/accel/mxc4005.c | 24 +- drivers/iio/imu/adis16475.c | 4 +- drivers/infiniband/hw/qib/qib_fs.c | 1 + drivers/iommu/mtk_iommu.c | 1 + drivers/iommu/mtk_iommu_v1.c | 1 + drivers/md/md.c | 1 + drivers/misc/eeprom/at24.c | 46 +++- drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/net/dsa/mv88e6xxx/chip.c | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 32 ++- drivers/net/ethernet/broadcom/genet/bcmgenet.h | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 8 +- drivers/net/ethernet/broadcom/genet/bcmmii.c | 25 +- drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 4 +- drivers/net/ethernet/chelsio/cxgb4/sge.c | 6 +- drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 52 ++-- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.h | 5 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 7 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 20 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 2 +- .../ethernet/marvell/octeontx2/af/rvu_debugfs.c | 4 +- drivers/net/ethernet/micrel/ks8851_common.c | 16 +- drivers/net/ethernet/qlogic/qede/qede_filter.c | 14 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/vxlan/vxlan_core.c | 19 +- drivers/nvme/host/core.c | 2 +- drivers/pinctrl/aspeed/pinctrl-aspeed-g6.c | 34 +-- drivers/pinctrl/core.c | 8 +- drivers/pinctrl/devicetree.c | 10 +- drivers/pinctrl/intel/pinctrl-baytrail.c | 74 +++--- drivers/pinctrl/intel/pinctrl-intel.c | 6 +- drivers/pinctrl/intel/pinctrl-intel.h | 17 +- drivers/pinctrl/mediatek/pinctrl-paris.c | 40 +-- drivers/pinctrl/meson/pinctrl-meson-a1.c | 6 +- drivers/power/supply/mt6360_charger.c | 2 +- drivers/power/supply/rt9455_charger.c | 2 + drivers/regulator/core.c | 27 +- drivers/regulator/mt6360-regulator.c | 32 ++- drivers/s390/cio/cio_inject.c | 2 +- drivers/s390/net/qeth_core_main.c | 69 +++--- drivers/scsi/bnx2fc/bnx2fc_tgt.c | 2 - drivers/scsi/lpfc/lpfc.h | 1 - drivers/scsi/lpfc/lpfc_els.c | 20 +- drivers/scsi/lpfc/lpfc_hbadisc.c | 5 +- drivers/scsi/lpfc/lpfc_nvme.c | 4 +- drivers/scsi/lpfc/lpfc_scsi.c | 13 +- drivers/scsi/lpfc/lpfc_sli.c | 14 +- drivers/scsi/lpfc/lpfc_vport.c | 8 +- drivers/scsi/mpi3mr/mpi3mr_app.c | 2 +- drivers/slimbus/qcom-ngd-ctrl.c | 6 +- drivers/spi/spi-axi-spi-engine.c | 275 +++++++++++---------- drivers/spi/spi-hisi-kunpeng.c | 2 - drivers/spi/spi-microchip-core-qspi.c | 1 + drivers/spi/spi.c | 12 + drivers/staging/wlan-ng/hfa384x_usb.c | 4 +- drivers/staging/wlan-ng/prism2usb.c | 6 +- drivers/target/target_core_configfs.c | 12 + drivers/ufs/core/ufshcd.c | 5 +- drivers/uio/uio_hv_generic.c | 12 +- drivers/usb/core/hub.c | 5 +- drivers/usb/core/port.c | 8 +- drivers/usb/dwc3/core.c | 90 +++---- drivers/usb/dwc3/core.h | 1 + drivers/usb/dwc3/gadget.c | 2 + drivers/usb/dwc3/host.c | 27 ++ drivers/usb/gadget/composite.c | 6 +- drivers/usb/gadget/function/f_fs.c | 2 +- drivers/usb/host/ohci-hcd.c | 8 + drivers/usb/host/xhci-plat.h | 4 +- drivers/usb/typec/tcpm/tcpm.c | 35 ++- drivers/usb/typec/ucsi/ucsi.c | 12 +- drivers/vfio/pci/vfio_pci.c | 2 + fs/9p/vfs_file.c | 2 + fs/9p/vfs_inode.c | 5 +- fs/9p/vfs_super.c | 1 + fs/btrfs/extent_io.c | 19 +- fs/btrfs/inode.c | 2 +- fs/btrfs/send.c | 4 +- fs/btrfs/transaction.c | 2 +- fs/btrfs/volumes.c | 18 +- fs/gfs2/bmap.c | 5 +- fs/hugetlbfs/inode.c | 8 +- fs/nfs/client.c | 5 +- fs/nfs/inode.c | 13 +- fs/nfs/internal.h | 2 - fs/nfs/netns.h | 2 + fs/smb/client/transport.c | 37 ++- fs/smb/server/oplock.c | 35 ++- fs/smb/server/transport_tcp.c | 4 + include/linux/compiler_types.h | 11 + include/linux/dma-fence.h | 7 - include/linux/gfp_types.h | 2 + include/linux/hugetlb.h | 53 +++- include/linux/hugetlb_cgroup.h | 69 +++--- include/linux/hyperv.h | 1 + include/linux/mm_types.h | 14 ++ include/linux/pci_ids.h | 2 + include/linux/pinctrl/pinctrl.h | 20 ++ include/linux/regulator/consumer.h | 4 +- include/linux/skbuff.h | 15 ++ include/linux/skmsg.h | 2 + include/linux/slab.h | 2 +- include/linux/spi/spi.h | 51 +++- include/linux/sunrpc/clnt.h | 1 + include/linux/swapops.h | 105 ++++---- include/linux/timer.h | 15 +- include/net/xfrm.h | 3 + include/uapi/scsi/scsi_bsg_mpi3mr.h | 2 +- kernel/bpf/bloom_filter.c | 13 + kernel/bpf/verifier.c | 3 +- kernel/time/timer.c | 8 +- lib/Kconfig.debug | 5 +- lib/dynamic_debug.c | 6 +- mm/hugetlb.c | 55 +++-- mm/hugetlb_cgroup.c | 34 +-- mm/migrate.c | 2 +- mm/readahead.c | 4 + net/bluetooth/hci_core.c | 3 +- net/bluetooth/l2cap_core.c | 3 + net/bluetooth/msft.c | 2 +- net/bluetooth/msft.h | 4 +- net/bluetooth/sco.c | 4 + net/bridge/br_forward.c | 9 +- net/bridge/br_netlink.c | 3 +- net/core/filter.c | 42 +++- net/core/link_watch.c | 4 +- net/core/net-sysfs.c | 4 +- net/core/net_namespace.c | 13 +- net/core/rtnetlink.c | 6 +- net/core/skbuff.c | 27 +- net/core/skmsg.c | 5 +- net/core/sock.c | 4 +- net/hsr/hsr_device.c | 31 ++- net/ipv4/tcp.c | 4 +- net/ipv4/tcp_input.c | 2 + net/ipv4/tcp_ipv4.c | 8 +- net/ipv4/tcp_output.c | 4 +- net/ipv4/udp_offload.c | 12 +- net/ipv4/xfrm4_input.c | 6 +- net/ipv6/addrconf.c | 11 +- net/ipv6/fib6_rules.c | 6 +- net/ipv6/ip6_input.c | 4 +- net/ipv6/ip6_output.c | 2 +- net/ipv6/xfrm6_input.c | 6 +- net/l2tp/l2tp_eth.c | 3 + net/mac80211/ieee80211_i.h | 4 +- net/mptcp/protocol.c | 3 + net/nsh/nsh.c | 14 +- net/phonet/pn_netlink.c | 2 +- net/smc/smc_ib.c | 19 +- net/sunrpc/clnt.c | 5 +- net/sunrpc/xprt.c | 2 +- net/tipc/msg.c | 8 +- net/wireless/nl80211.c | 2 + net/wireless/trace.h | 2 +- net/xfrm/xfrm_input.c | 8 + rust/Makefile | 11 +- rust/kernel/error.rs | 2 +- rust/kernel/lib.rs | 2 +- rust/macros/module.rs | 185 ++++++++------ scripts/Makefile.build | 17 +- scripts/Makefile.host | 27 +- scripts/Makefile.modfinal | 4 +- scripts/is_rust_module.sh | 16 -- security/keys/key.c | 3 +- sound/hda/intel-sdw-acpi.c | 2 + sound/pci/hda/patch_realtek.c | 1 + sound/soc/meson/Kconfig | 1 + sound/soc/meson/axg-card.c | 1 + sound/soc/meson/axg-fifo.c | 56 +++-- sound/soc/meson/axg-fifo.h | 12 +- sound/soc/meson/axg-frddr.c | 5 +- sound/soc/meson/axg-tdm-interface.c | 34 +-- sound/soc/meson/axg-toddr.c | 22 +- sound/soc/tegra/tegra186_dspk.c | 7 +- sound/soc/ti/davinci-mcasp.c | 12 +- sound/usb/line6/driver.c | 6 +- tools/include/linux/kernel.h | 1 + tools/include/linux/mm.h | 5 + tools/include/linux/panic.h | 19 ++ tools/perf/util/unwind-libdw.c | 21 +- tools/perf/util/unwind-libunwind-local.c | 2 +- tools/power/x86/turbostat/turbostat.8 | 2 +- tools/power/x86/turbostat/turbostat.c | 30 ++- .../selftests/bpf/prog_tests/bloom_filter_map.c | 6 + tools/testing/selftests/timers/valid-adjtimex.c | 73 +++--- 247 files changed, 2515 insertions(+), 1401 deletions(-)

1 year, 4 months

10
10
0 0

three commits you might or might not want to pick up for 6.9.y

by Thorsten Leemhuis

Hi Greg. Here are three reports for regressions introduced during the 6.9 cycle that were not fixed for 6.9 for one reason or another, but are fixed in mainline now. So they might be good candidates to pick up early for 6.9.y -- or maybe not, not sure. You are the better judge here. I just thought you might wanted to know about them. * net: Bluetooth: firmware loading problems with older firmware: https://lore.kernel.org/lkml/20240401144424.1714-1-mike@fireburn.co.uk/ Fixed by 958cd6beab693f ("Bluetooth: btusb: Fix the patch for MT7920 the affected to MT7921") – which likely should have gone into 6.9, but did not due to lack of fixes: an stable tags: https://lore.kernel.org/all/CABBYNZK1QWNHpmXUyne1Vmqqvy7csmivL7q7N2Mu=2fmrU… * leds/iwlwifi: hangs on boot: https://lore.kernel.org/lkml/30f757e3-73c5-5473-c1f8-328bab98fd7d@candelate… Fixed by 3d913719df14c2 ("wifi: iwlwifi: Use request_module_nowait") – not sure if that one is worth it, the regression might be an exotic corner case. * Ryzen 7840HS CPU single core never boosts to max frequency: https://bugzilla.kernel.org/show_bug.cgi?id=218759 Fixed by bf202e654bfa57 ("cpufreq: amd-pstate: fix the highest frequency issue which limits performance") – which was broken out of a patch-set by the developers to send it in for 6.9, but then was only merged for 6.10 by the maintainer. Ciao, Thorsten

1 year, 4 months

2
2
0 0

[PATCH 6.6 000/308] 6.6.31-rc3 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.31 release. There are 308 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 18 May 2024 12:12:33 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.31-rc3… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.31-rc3 Li Nan <linan122(a)huawei.com> md: fix kmemleak of rdev->serial Pei Xiao <xiaopei01(a)kylinos.cn> Revert "selftests/bpf: Add netkit to tc_redirect selftest" Miaohe Lin <linmiaohe(a)huawei.com> mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() Qu Wenruo <wqu(a)suse.com> btrfs: do not wait for short bulk allocation Silvio Gissi <sifonsec(a)amazon.com> keys: Fix overwrite of key expiration on instantiation Nikhil Rao <nikhil.rao(a)intel.com> dmaengine: idxd: add a write() method for applications to submit work Arjan van de Ven <arjan(a)linux.intel.com> dmaengine: idxd: add a new security check to deal with a hardware erratum Arjan van de Ven <arjan(a)linux.intel.com> VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix firmware check error path Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix info leak when fetching fw build id Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix info leak when fetching board id Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: generalise device address check Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix NVM configuration parsing Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: add missing firmware sanity checks Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix wcn3991 device address check Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix invalid device address check Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Do not treat events directory different than other directories Steven Rostedt (Google) <rostedt(a)goodmis.org> tracefs: Still use mount point as default permissions for instances Steven Rostedt (Google) <rostedt(a)goodmis.org> tracefs: Reset permissions on remount if permissions are options Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: do not grant v2 lease if parent lease key and epoch are not set Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: avoid to send duplicate lease break notifications Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: off ipv6only for both ipv4/ipv6 binding Conor Dooley <conor.dooley(a)microchip.com> spi: microchip-core-qspi: fix setting spi bus clock rate Johan Hovold <johan+linaro(a)kernel.org> regulator: core: fix debugfs creation regression Sean Anderson <sean.anderson(a)linux.dev> nvme-pci: Add quirk for broken MSIs Peter Xu <peterx(a)redhat.com> mm/userfaultfd: reset ptes when close() for wr-protected ones Kefeng Wang <wangkefeng.wang(a)huawei.com> mm: use memalloc_nofs_save() in page_cache_ra_order() Michael Ellerman <mpe(a)ellerman.id.au> selftests/mm: fix powerpc ARCH check Thomas Gleixner <tglx(a)linutronix.de> x86/apic: Don't access the APIC when disabling x2APIC Lakshmi Yadlapati <lakshmiy(a)us.ibm.com> hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> net: fix out-of-bounds access in ops_init Volodymyr Babchuk <Volodymyr_Babchuk(a)epam.com> arm64: dts: qcom: sa8155p-adp: fix SDHC2 CD pin configuration Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Fix incorrect DSC instance for MST George Shen <george.shen(a)amd.com> drm/amd/display: Handle Y carry-over in VCP X.Y calculation Karthikeyan Ramasubramanian <kramasub(a)chromium.org> drm/i915/bios: Fix parsing backlight BDB data Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Automate CCS Mode setting during engine resets Chaitanya Kumar Borah <chaitanya.kumar.borah(a)intel.com> drm/i915/audio: Fix audio time stamp programming for DP Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix invalid reads in fence signaled events Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Fix Legacy Display Unit Zack Rusin <zack.rusin(a)broadcom.com> drm/ttm: Print the memory decryption status just once Alex Deucher <alexander.deucher(a)amd.com> drm/amdkfd: don't allow mapping the MMIO HDP page with large pages Dave Airlie <airlied(a)redhat.com> Revert "drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()" Lyude Paul <lyude(a)redhat.com> drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor() Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add lunar lake point M DID Frank Oltmanns <frank(a)oltmanns.dev> clk: sunxi-ng: a64: Set minimum and maximum rate for PLL-MIPI Frank Oltmanns <frank(a)oltmanns.dev> clk: sunxi-ng: common: Support minimum and maximum rate Viken Dadhaniya <quic_vdadhani(a)quicinc.com> slimbus: qcom-ngd-ctrl: Add timeout for wait operation Jim Cromie <jim.cromie(a)gmail.com> dyndbg: fix old BUG_ON in >control parser Joao Paulo Goncalves <joao.goncalves(a)toradex.com> ASoC: ti: davinci-mcasp: Fix race condition during probe Sameer Pujar <spujar(a)nvidia.com> ASoC: tegra: Fix DSPK 16-bit playback Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize UMAC_CMD access Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access Max Filippov <jcmvbkbc(a)gmail.com> xtensa: fix MAKE_PC_FROM_RA second argument Paolo Abeni <pabeni(a)redhat.com> tipc: fix UAF in error path Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: change usleep_range to udelay in PHY mdic access Alexander Potapenko <glider(a)google.com> kmsan: compiler_types: declare __no_sanitize_or_inline Hans de Goede <hdegoede(a)redhat.com> iio: accel: mxc4005: Interrupt handling fixes Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: pressure: Fixes BME280 SPI driver data Ramona Gradinariu <ramona.bolboaca13(a)gmail.com> iio:imu: adis16475: Fix sync mode setting Javier Carrasco <javier.carrasco.cruz(a)gmail.com> dt-bindings: iio: health: maxim,max30102: fix compatible check Sven Schnelle <svens(a)linux.ibm.com> workqueue: Fix selection of wake_cpu in kick_pool() Gregory Detal <gregory.detal(a)gmail.com> mptcp: only allow set existing scheduler for net.mptcp.scheduler Paolo Abeni <pabeni(a)redhat.com> mptcp: ensure snd_nxt is properly initialized on connect Dan Carpenter <dan.carpenter(a)linaro.org> mm/slab: make __free(kfree) accept error pointers Liam R. Howlett <Liam.Howlett(a)oracle.com> maple_tree: fix mas_empty_area_rev() null pointer dereference Qu Wenruo <wqu(a)suse.com> btrfs: set correct ram_bytes when splitting ordered extent Dominique Martinet <dominique.martinet(a)atmark-techno.com> btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: ohci: fulfill timestamp for some local asynchronous transaction Aman Dhoot <amandhoot12(a)gmail.com> ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU Badhri Jagan Sridharan <badhri(a)google.com> usb: typec: tcpm: Check for port partner validity before consuming it Amit Sunil Dhamne <amitsd(a)google.com> usb: typec: tcpm: unregister existing source caps before re-registration RD Babiera <rdbabiera(a)google.com> usb: typec: tcpm: clear pd_event queue in PORT_RESET Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: core: Prevent phy suspend during init Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: xhci-plat: Don't include xhci.h Chris Wulff <Chris.Wulff(a)biamp.com> usb: gadget: f_fs: Fix a race condition when processing setup packets. Wesley Cheng <quic_wcheng(a)quicinc.com> usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete Ivan Avdeev <me(a)provod.works> usb: gadget: uvc: use correct buffer size when parsing configfs lists Peter Korsgaard <peter(a)korsgaard.com> usb: gadget: composite: fix OS descriptors w_value logic Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix access violation during port device removal Guenter Roeck <linux(a)roeck-us.net> usb: ohci: Prevent missed ohci interrupts Alan Stern <stern(a)rowland.harvard.edu> usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Fix connector check on init Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Check for notifications after init Linus Torvalds <torvalds(a)linux-foundation.org> Reapply "drm/qxl: simplify qxl_fence_wait" Thanassis Avgerinos <thanassis.avgerinos(a)gmail.com> firewire: nosy: ensure user_length is taken into account when fetching packet contents Dmitry Antipov <dmantipov(a)yandex.ru> btrfs: fix kvcalloc() arguments order in btrfs_ioctl_send() Christian König <christian.koenig(a)amd.com> drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 Michel Dänzer <mdaenzer(a)redhat.com> drm/amdgpu: Fix comparison in amdgpu_res_cpu_visible Gabe Teeger <gabe.teeger(a)amd.com> drm/amd/display: Atom Integrated System Info v2_2 for DCN35 Kent Gibson <warthog618(a)gmail.com> gpiolib: cdev: fix uninitialised kfifo Kent Gibson <warthog618(a)gmail.com> gpiolib: cdev: relocate debounce_period_us from struct gpio_desc Zhongqiu Han <quic_zhonhan(a)quicinc.com> gpiolib: cdev: Fix use after free in lineinfo_changed_notify Mario Limonciello <mario.limonciello(a)amd.com> dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users Douglas Anderson <dianders(a)chromium.org> drm/connector: Add \n to message about demoting connector force-probes Jerome Brunet <jbrunet(a)baylibre.com> drm/meson: dw-hdmi: add bandgap setting for g12 Jerome Brunet <jbrunet(a)baylibre.com> drm/meson: dw-hdmi: power up phy on device init Steffen Bätz <steffen(a)innosonix.de> net: dsa: mv88e6xxx: add phylink_get_caps for the mv88e6320/21 family Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix kernel crash when devlink reload during initialization Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix port vlan filter not disabled issue Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: use appropriate barrier function after setting a bit value Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: release PTP resources if pf initialization failed Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: change type of numa_node_mask as nodemask_t Jian Shen <shenjian15(a)huawei.com> net: hns3: direct return when receive a unknown mailbox message Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: using user configure after hardware reset Wen Gu <guwen(a)linux.alibaba.com> net/smc: fix neighbour and rtable leak in smc_ib_find_route() Eric Dumazet <edumazet(a)google.com> ipv6: prevent NULL dereference in ip6_output() Eric Dumazet <edumazet(a)google.com> ipv6: annotate data-races around cnf.disable_ipv6 Lukasz Majewski <lukma(a)denx.de> hsr: Simplify code for announcing HSR nodes timer setup Eric Dumazet <edumazet(a)google.com> net-sysfs: convert dev->operstate reads to lockless ones Eric Dumazet <edumazet(a)google.com> ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() Daniel Golle <daniel(a)makrotopia.org> dt-bindings: net: mediatek: remove wrongly added clocks and SerDes David Howells <dhowells(a)redhat.com> rxrpc: Only transmit one ACK per jumbo packet received David Howells <dhowells(a)redhat.com> rxrpc: Fix congestion control algorithm David Howells <dhowells(a)redhat.com> rxrpc: Fix the names of the fields in the ACK trailer struct Ido Schimmel <idosch(a)nvidia.com> selftests: test_bridge_neigh_suppress.sh: Fix failures due to duplicate MAC Hangbin Liu <liuhangbin(a)gmail.com> selftests/net: convert test_bridge_neigh_suppress.sh to run it in unique namespace Shigeru Yoshida <syoshida(a)redhat.com> ipv6: Fix potential uninit-value access in __ip6_make_skb() Felix Fietkau <nbd(a)nbd.name> net: bridge: fix corrupted ethernet header on multicast-to-unicast Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> nfc: nci: Fix kcov check in nci_rx_work() Eric Dumazet <edumazet(a)google.com> phonet: fix rtm_phonet_notify() skb allocation Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use a separate buffer for sending commands Roded Zats <rzats(a)paloaltonetworks.com> rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Marek Vasut <marex(a)denx.de> net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout Sungwoo Kim <iam(a)sung-woo.kim> Bluetooth: HCI: Fix potential null-ptr-deref Sungwoo Kim <iam(a)sung-woo.kim> Bluetooth: msft: fix slab-use-after-free in msft_do_close() Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Eric Dumazet <edumazet(a)google.com> tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets Boy.Wu <boy.wu(a)mediatek.com> ARM: 9381/1: kasan: clear stale stack poison Paul Davey <paul.davey(a)alliedtelesis.co.nz> xfrm: Preserve vlan tags for transport mode software GRO Al Viro <viro(a)zeniv.linux.org.uk> qibfs: fix dentry leak Olga Kornievskaia <kolga(a)netapp.com> SUNRPC: add a missing rpc_stat for TCP TLS Li Nan <linan122(a)huawei.com> blk-iocost: do not WARN if iocg was already offlined Vanillan Wang <vanillanwang(a)163.com> net:usb:qmi_wwan: support Rolling modules Alex Deucher <alexander.deucher(a)amd.com> drm/radeon: silence UBSAN warning (v3) Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> platform/x86: ISST: Add Granite Rapids-D to HPM CPU list Lyude Paul <lyude(a)redhat.com> drm/nouveau/dp: Don't probe eDP ports twice harder Krzysztof Kozlowski <krzk(a)kernel.org> gpio: lpc32xx: fix module autoloading Joakim Sindholt <opensource(a)zhasha.com> fs/9p: drop inodes immediately on non-.L too Stephen Boyd <sboyd(a)kernel.org> clk: Don't hold prepare_lock when calling kref_put() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: crystalcove: Use -ENOTSUPP consistently Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: wcove: Use -ENOTSUPP consistently Michael Ellerman <mpe(a)ellerman.id.au> powerpc/crypto/chacha-p10: Fix failure on non Power10 Jeff Layton <jlayton(a)kernel.org> 9p: explicitly deny setlease attempts Joakim Sindholt <opensource(a)zhasha.com> fs/9p: fix the cache always being enabled on files with qid flags Joakim Sindholt <opensource(a)zhasha.com> fs/9p: translate O_TRUNC into OTRUNC Joakim Sindholt <opensource(a)zhasha.com> fs/9p: only translate RWX permissions for plain 9P2000 Krzysztof Kozlowski <krzk(a)kernel.org> iommu: mtk: fix module autoloading Steve French <stfrench(a)microsoft.com> smb3: fix broken reconnect when password changing on the server by allowing password rotation Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted Rick Edgecombe <rick.p.edgecombe(a)intel.com> uio_hv_generic: Don't free decrypted memory Rick Edgecombe <rick.p.edgecombe(a)intel.com> hv_netvsc: Don't free decrypted memory Rick Edgecombe <rick.p.edgecombe(a)intel.com> Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl Rick Edgecombe <rick.p.edgecombe(a)intel.com> Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails John Stultz <jstultz(a)google.com> selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior Zhigang Luo <Zhigang.Luo(a)amd.com> amd/amdkfd: sync all devices to wait all processes being evicted Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Fix VCN allocation in CPX partition Alex Hung <alex.hung(a)amd.com> drm/amd/display: Skip on writeback when it's not applicable Tao Zhou <tao.zhou1(a)amd.com> drm/amdgpu: implement IRQ_STATE_ENABLE for SDMA v4.4.2 Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Refine IB schedule error logging Justin Ernst <justin.ernst(a)hpe.com> tools/power/turbostat: Fix uncore frequency file string Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: scall: Save thread_info.syscall unconditionally on entry Thierry Reding <treding(a)nvidia.com> gpu: host1x: Do not setup DMA for virtual devices Rik van Riel <riel(a)surriel.com> blk-iocost: avoid out of bounds shift Xiang Chen <chenxiang66(a)hisilicon.com> scsi: hisi_sas: Handle the NCQ error returned by D2H frame Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix SELinux error when systemd-modules loads the target module Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `BIT' Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `panic' Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `early_pfn_to_nid' Boris Burkov <boris(a)bur.io> btrfs: always clear PERTRANS metadata during commit Boris Burkov <boris(a)bur.io> btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve Len Brown <len.brown(a)intel.com> tools/power turbostat: Fix warning upon failed /dev/cpu_dma_latency read Patryk Wlazlyn <patryk.wlazlyn(a)linux.intel.com> tools/power turbostat: Print ucode revision only if valid Peng Liu <liupeng17(a)lenovo.com> tools/power turbostat: Fix Bzy_MHz documentation typo Wyes Karny <wyes.karny(a)amd.com> tools/power turbostat: Increase the limit for fd opened Doug Smythies <dsmythies(a)telus.net> tools/power turbostat: Fix added raw MSR output Adam Goldman <adamg(a)pobox.com> firewire: ohci: mask bus reset interrupts between ISR and bottom half Chen Ni <nichen(a)iscas.ac.cn> ata: sata_gemini: Check clk_enable() result Jeff Layton <jlayton(a)kernel.org> vboxsf: explicitly deny setlease attempts Phil Elwell <phil(a)raspberrypi.com> net: bcmgenet: Reset RBUF on first open Li Nan <linan122(a)huawei.com> block: fix overflow in blk_ioctl_discard() Takashi Iwai <tiwai(a)suse.de> ALSA: line6: Zero-initialize message buffers Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: Fix MCQ mode dev command timeout Yihang Li <liyihang9(a)huawei.com> scsi: libsas: Align SMP request allocation to ARCH_DMA_MINALIGN Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: WLUN suspend dev/link state error recovery André Apitzsch <git(a)apitzsch.eu> regulator: tps65132: Add of_match table Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda-dsp: Skip IMR boot on ACE platforms in case of S3 suspend Borislav Petkov (AMD) <bp(a)alien8.de> kbuild: Disable KCSAN for autogenerated *.mod.c intermediaries Mark Rutland <mark.rutland(a)arm.com> selftests/ftrace: Fix event filter target_func selection Andrei Matei <andreimatei1(a)gmail.com> bpf: Check bloom filter map value size Jonathan Kim <Jonathan.Kim(a)amd.com> drm/amdkfd: range check cp bad op exception interrupts Mukul Joshi <mukul.joshi(a)amd.com> drm/amdkfd: Check cgroup when returning DMABuf info Anand Jain <anand.jain(a)oracle.com> btrfs: return accurate error code on open failure in open_fs_devices() Saurav Kashyap <skashyap(a)marvell.com> scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> scsi: mpi3mr: Avoid memcpy field-spanning write WARNING linke li <lilinke99(a)qq.com> net: mark racy access on sk->sk_rcvbuf Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: mvm: guard against invalid STA ID on removal Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: read txq->read_ptr under lock Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix prep_connection error path Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> wifi: cfg80211: fix rdev_dump_mpp() arguments order Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc Andrew Price <anprice(a)redhat.com> gfs2: Fix invalid metadata access in punch_hole Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Use a dedicated lock for ras_fwlog state Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Move NPIV's transport unregistration to after resource clean up Rohit Ner <rohitner(a)google.com> scsi: ufs: core: Fix MCQ MAC configuration Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() Marc Zyngier <maz(a)kernel.org> KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id Will Deacon <will(a)kernel.org> swiotlb: initialise restricted pool list_head when SWIOTLB_DYNAMIC=y Gaurav Batra <gbatra(a)linux.ibm.com> powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE Nayna Jain <nayna(a)linux.ibm.com> powerpc/pseries: make max polling consistent for longer H_CALLs Jernej Skrabec <jernej.skrabec(a)gmail.com> clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change Adam Skladowski <a39.skl(a)gmail.com> clk: qcom: smd-rpm: Restore msm8976 num_clk Richard Gobert <richardbgobert(a)gmail.com> net: gro: add flush check in udp_gro_receive_segment Richard Gobert <richardbgobert(a)gmail.com> net: gro: fix udp bad offset in socket lookup by adding {inner_}network_offset to napi_gro_cb Richard Gobert <richardbgobert(a)gmail.com> net: gro: parse ipv6 ext headers without frag0 invalidation Shigeru Yoshida <syoshida(a)redhat.com> ipv4: Fix uninit-value access in __ip_make_skb() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Use predefined error codes Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Respect deferred probe Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Correct use of device property APIs Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: Fix kernel panic after setting hsuid Guillaume Nault <gnault(a)redhat.com> vxlan: Pull inner IP header in vxlan_rcv(). Xin Long <lucien.xin(a)gmail.com> tipc: fix a possible memleak in tipc_buf_append Jeffrey Altman <jaltman(a)auristor.com> rxrpc: Clients must accept conn from any address Felix Fietkau <nbd(a)nbd.name> net: core: reject skb_copy(_expand) for fraglist GSO skbs Felix Fietkau <nbd(a)nbd.name> net: bridge: fix multicast-to-unicast with fraglist GSO Mans Rullgard <mans(a)mansr.com> spi: fix null pointer dereference within spi_sync Shashank Sharma <shashank.sharma(a)amd.com> drm/amdgpu: fix doorbell regression Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> cxgb4: Properly lock TX queue for the selftest. Bui Quang Minh <minhquangbui99(a)gmail.com> s390/cio: Ensure the copied buf is NUL terminated Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: cards: select SND_DYNAMIC_MINORS Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-tdm-interface: manage formatters in trigger Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-card: make links nonatomic Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-fifo: use threaded irq to check periods Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-fifo: use FIELD helpers Guillaume Nault <gnault(a)redhat.com> vxlan: Add missing VNI filter counter update in arp_reduce(). Guillaume Nault <gnault(a)redhat.com> vxlan: Fix racy device stats updates. Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_actions() Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flow_spec Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flower Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: fix E-MU dock initialization Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: move the whole GPIO event handling to the workqueue Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: factor out snd_emu1010_load_dock_firmware() Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: fix E-MU card dock presence monitoring David Howells <dhowells(a)redhat.com> Fix a potential infinite loop in extract_user_to_sg() Jens Remus <jremus(a)linux.ibm.com> s390/vdso: Add CFI for RA register to asm macro vdso_func David Bauer <mail(a)david-bauer.net> net l2tp: drop flow hash on forward Kuniyuki Iwashima <kuniyu(a)amazon.com> nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). Bui Quang Minh <minhquangbui99(a)gmail.com> octeontx2-af: avoid off-by-one read from userspace Bui Quang Minh <minhquangbui99(a)gmail.com> bna: ensure the copied buf is NUL terminated Toke Høiland-Jørgensen <toke(a)redhat.com> xdp: use flags field to disambiguate broadcast redirect Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix clearing storage keys for huge pages Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix storage key clearing for guest huge pages Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: codecs: wsa881x: set clk_stop_mode1 flag Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: Intel: avs: Set name of control as in topology Xu Kuohai <xukuohai(a)huawei.com> riscv, bpf: Fix incorrect runtime stats Xu Kuohai <xukuohai(a)huawei.com> bpf, arm64: Fix incorrect runtime stats Devyn Liu <liudingyuan(a)huawei.com> spi: hisi-kunpeng: Delete the dump interface of data registers in debugfs David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: fix version format string David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: use common AXI macros David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: move msg state to new struct David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: use devm_spi_alloc_host() David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: simplify driver data allocation Li Zetao <lizetao1(a)huawei.com> spi: spi-axi-spi-engine: Use helper function devm_clk_get_enabled() Anton Protopopov <aspsk(a)isovalent.com> bpf: Fix a verifier verbose message Yi Zhang <yi.zhang(a)redhat.com> nvme: fix warn output about shared namespaces without CONFIG_NVME_MULTIPATH Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: SOF: Intel: add default firmware library path for LNL Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Introduce generic names for IPC types Richard Fitzgerald <rf(a)opensource.cirrus.com> regmap: Add regmap_read_bypassed() Jason Xing <kernelxing(a)tencent.com> bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Andrii Nakryiko <andrii(a)kernel.org> bpf, kconfig: Fix DEBUG_INFO_BTF_MODULES Kconfig definition Matti Vaittinen <mazziesaccount(a)gmail.com> regulator: change devm_regulator_get_enable_optional() stub to return Ok Matti Vaittinen <mazziesaccount(a)gmail.com> regulator: change stubbed devm_regulator_get_enable to return Ok AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> regulator: mt6360: De-capitalize devicetree regulator subnodes Zeng Heng <zengheng4(a)huawei.com> pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> power: supply: mt6360_charger: Fix of_match for usb-otg-vbus regulator Arnd Bergmann <arnd(a)arndb.de> power: rt9455: hide unused rt9455_boost_voltage_values Hans de Goede <hdegoede(a)redhat.com> pinctrl: baytrail: Fix selecting gpio pinctrl state Kuniyuki Iwashima <kuniyu(a)amazon.com> nfs: Handle error of rpc_proc_register() in nfs_net_init(). Josef Bacik <josef(a)toxicpanda.com> nfs: make the rpc_stat per net namespace Josef Bacik <josef(a)toxicpanda.com> nfs: expose /proc/net/sunrpc/nfs in net namespaces Josef Bacik <josef(a)toxicpanda.com> sunrpc: add a struct rpc_stats arg to rpc_create_args Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback Dan Carpenter <dan.carpenter(a)linaro.org> pinctrl: core: delete incorrect free in pinctrl_enable() Jan Dakinevich <jan.dakinevich(a)salutedevices.com> pinctrl/meson: fix typo in PDM's pin name Billy Tsai <billy_tsai(a)aspeedtech.com> pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T Tim Jiang <quic_tjiang(a)quicinc.com> Bluetooth: qca: add support for QCA2066 Daniel Okazaki <dtokazaki(a)google.com> eeprom: at24: fix memory corruption race condition Heiner Kallweit <hkallweit1(a)gmail.com> eeprom: at24: Probe for DDR3 thermal sensor in the SPD case Wedson Almeida Filho <walmeida(a)microsoft.com> rust: kernel: require `Send` for `Module` implementations Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: don't free NULL coalescing rule Benno Lossin <benno.lossin(a)proton.me> rust: macros: fix soundness issue in `module!` macro Thomas Bertschinger <tahbertschinger(a)gmail.com> rust: module: place generated init_module() function in .init.text Christian Marangi <ansuelsmth(a)gmail.com> mtd: limit OTP NVMEM cell parse to non-NAND devices Rafał Miłecki <rafal(a)milecki.pl> nvmem: add explicit config option to read old syntax fixed OF cells Vinod Koul <vkoul(a)kernel.org> dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state" Bumyong Lee <bumyong.lee(a)samsung.com> dmaengine: pl330: issue_pending waits until WFP state ------------- Diffstat: .../bindings/iio/health/maxim,max30102.yaml | 2 +- .../devicetree/bindings/net/mediatek,net.yaml | 22 +- Makefile | 4 +- arch/arm/kernel/sleep.S | 4 + arch/arm64/boot/dts/qcom/sa8155p-adp.dts | 30 +- arch/arm64/kvm/vgic/vgic-kvm-device.c | 12 +- arch/arm64/net/bpf_jit_comp.c | 6 +- arch/mips/include/asm/ptrace.h | 2 +- arch/mips/kernel/asm-offsets.c | 1 + arch/mips/kernel/ptrace.c | 15 +- arch/mips/kernel/scall32-o32.S | 23 +- arch/mips/kernel/scall64-n32.S | 3 +- arch/mips/kernel/scall64-n64.S | 3 +- arch/mips/kernel/scall64-o32.S | 33 +- arch/powerpc/crypto/chacha-p10-glue.c | 8 +- arch/powerpc/include/asm/plpks.h | 5 +- arch/powerpc/platforms/pseries/iommu.c | 8 + arch/powerpc/platforms/pseries/plpks.c | 10 +- arch/riscv/net/bpf_jit_comp64.c | 6 +- arch/s390/include/asm/dwarf.h | 1 + arch/s390/kernel/vdso64/vdso_user_wrapper.S | 2 + arch/s390/mm/gmap.c | 2 +- arch/s390/mm/hugetlbpage.c | 2 +- arch/x86/kernel/apic/apic.c | 16 +- arch/xtensa/include/asm/processor.h | 8 +- arch/xtensa/include/asm/ptrace.h | 2 +- arch/xtensa/kernel/process.c | 5 +- arch/xtensa/kernel/stacktrace.c | 3 +- block/blk-iocost.c | 14 +- block/ioctl.c | 5 +- drivers/ata/sata_gemini.c | 5 +- drivers/base/regmap/regmap.c | 37 +++ drivers/bluetooth/btqca.c | 208 ++++++++++++- drivers/bluetooth/btqca.h | 8 +- drivers/bluetooth/hci_qca.c | 13 +- drivers/clk/clk.c | 12 +- drivers/clk/qcom/clk-smd-rpm.c | 1 + drivers/clk/sunxi-ng/ccu-sun50i-a64.c | 2 + drivers/clk/sunxi-ng/ccu-sun50i-h6.c | 19 +- drivers/clk/sunxi-ng/ccu_common.c | 19 ++ drivers/clk/sunxi-ng/ccu_common.h | 3 + drivers/dma/idxd/cdev.c | 77 +++++ drivers/dma/idxd/idxd.h | 3 + drivers/dma/idxd/init.c | 4 + drivers/dma/idxd/registers.h | 3 - drivers/dma/idxd/sysfs.c | 27 +- drivers/firewire/nosy.c | 6 +- drivers/firewire/ohci.c | 14 +- drivers/gpio/gpio-crystalcove.c | 2 +- drivers/gpio/gpio-lpc32xx.c | 1 + drivers/gpio/gpio-wcove.c | 2 +- drivers/gpio/gpiolib-cdev.c | 181 +++++++++-- drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 14 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 56 ++-- drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c | 15 +- drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c | 16 +- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 11 +- drivers/gpu/drm/amd/amdkfd/kfd_device.c | 17 +- drivers/gpu/drm/amd/amdkfd/kfd_int_process_v10.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_int_process_v11.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_int_process_v9.c | 3 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 10 + .../drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 48 ++- drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 1 + .../display/dc/dcn31/dcn31_hpo_dp_link_encoder.c | 6 + .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c | 2 +- drivers/gpu/drm/drm_connector.c | 2 +- drivers/gpu/drm/i915/display/intel_audio.c | 113 +------ drivers/gpu/drm/i915/display/intel_bios.c | 19 +- drivers/gpu/drm/i915/display/intel_vbt_defs.h | 5 - drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c | 6 +- drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h | 2 +- drivers/gpu/drm/i915/gt/intel_workarounds.c | 4 +- drivers/gpu/drm/meson/meson_dw_hdmi.c | 70 ++--- drivers/gpu/drm/nouveau/nouveau_dp.c | 13 +- drivers/gpu/drm/panel/Kconfig | 2 +- drivers/gpu/drm/panel/panel-ilitek-ili9341.c | 13 +- drivers/gpu/drm/qxl/qxl_release.c | 50 +--- drivers/gpu/drm/radeon/pptable.h | 10 +- drivers/gpu/drm/ttm/ttm_tt.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 1 + drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 +- drivers/gpu/host1x/bus.c | 8 - drivers/hv/channel.c | 29 +- drivers/hv/connection.c | 29 +- drivers/hwmon/corsair-cpro.c | 43 ++- drivers/hwmon/pmbus/ucd9000.c | 6 +- drivers/iio/accel/mxc4005.c | 24 +- drivers/iio/imu/adis16475.c | 4 +- drivers/iio/pressure/bmp280-spi.c | 4 +- drivers/infiniband/hw/qib/qib_fs.c | 1 + drivers/iommu/mtk_iommu.c | 1 + drivers/iommu/mtk_iommu_v1.c | 1 + drivers/md/md.c | 1 + drivers/misc/eeprom/at24.c | 47 ++- drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/mtd/mtdcore.c | 2 + drivers/net/dsa/mv88e6xxx/chip.c | 20 +- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 32 +- drivers/net/ethernet/broadcom/genet/bcmgenet.h | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 8 +- drivers/net/ethernet/broadcom/genet/bcmmii.c | 6 +- drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 4 +- drivers/net/ethernet/chelsio/cxgb4/sge.c | 6 +- drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 52 ++-- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.h | 5 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 7 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 20 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 2 +- drivers/net/ethernet/intel/e1000e/phy.c | 8 +- .../ethernet/marvell/octeontx2/af/rvu_debugfs.c | 4 +- drivers/net/ethernet/micrel/ks8851_common.c | 16 +- drivers/net/ethernet/qlogic/qede/qede_filter.c | 14 +- drivers/net/hyperv/netvsc.c | 7 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/vxlan/vxlan_core.c | 49 ++- drivers/net/wireless/intel/iwlwifi/mvm/mld-sta.c | 7 +- drivers/net/wireless/intel/iwlwifi/queue/tx.c | 2 +- drivers/nvme/host/core.c | 2 +- drivers/nvme/host/nvme.h | 5 + drivers/nvme/host/pci.c | 14 +- drivers/nvmem/apple-efuses.c | 1 + drivers/nvmem/core.c | 8 +- drivers/nvmem/imx-ocotp-scu.c | 1 + drivers/nvmem/imx-ocotp.c | 1 + drivers/nvmem/meson-efuse.c | 1 + drivers/nvmem/meson-mx-efuse.c | 1 + drivers/nvmem/microchip-otpc.c | 1 + drivers/nvmem/mtk-efuse.c | 1 + drivers/nvmem/qcom-spmi-sdam.c | 1 + drivers/nvmem/qfprom.c | 1 + drivers/nvmem/rave-sp-eeprom.c | 1 + drivers/nvmem/rockchip-efuse.c | 1 + drivers/nvmem/sc27xx-efuse.c | 1 + drivers/nvmem/sec-qfprom.c | 1 + drivers/nvmem/sprd-efuse.c | 1 + drivers/nvmem/stm32-romem.c | 1 + drivers/nvmem/sunplus-ocotp.c | 1 + drivers/nvmem/sunxi_sid.c | 1 + drivers/nvmem/uniphier-efuse.c | 1 + drivers/nvmem/zynqmp_nvmem.c | 1 + drivers/pinctrl/aspeed/pinctrl-aspeed-g6.c | 34 +-- drivers/pinctrl/core.c | 8 +- drivers/pinctrl/devicetree.c | 10 +- drivers/pinctrl/intel/pinctrl-baytrail.c | 74 ++--- drivers/pinctrl/intel/pinctrl-intel.h | 4 + drivers/pinctrl/mediatek/pinctrl-paris.c | 40 +-- drivers/pinctrl/meson/pinctrl-meson-a1.c | 6 +- .../x86/intel/speed_select_if/isst_if_common.c | 1 + drivers/power/supply/mt6360_charger.c | 2 +- drivers/power/supply/rt9455_charger.c | 2 + drivers/regulator/core.c | 27 +- drivers/regulator/mt6360-regulator.c | 32 +- drivers/regulator/tps65132-regulator.c | 7 + drivers/rtc/nvmem.c | 1 + drivers/s390/cio/cio_inject.c | 2 +- drivers/s390/net/qeth_core_main.c | 69 ++--- drivers/scsi/bnx2fc/bnx2fc_tgt.c | 2 - drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 10 +- drivers/scsi/libsas/sas_expander.c | 2 +- drivers/scsi/lpfc/lpfc.h | 2 +- drivers/scsi/lpfc/lpfc_attr.c | 4 +- drivers/scsi/lpfc/lpfc_bsg.c | 20 +- drivers/scsi/lpfc/lpfc_debugfs.c | 12 +- drivers/scsi/lpfc/lpfc_els.c | 20 +- drivers/scsi/lpfc/lpfc_hbadisc.c | 5 +- drivers/scsi/lpfc/lpfc_init.c | 5 +- drivers/scsi/lpfc/lpfc_nvme.c | 4 +- drivers/scsi/lpfc/lpfc_scsi.c | 13 +- drivers/scsi/lpfc/lpfc_sli.c | 34 +-- drivers/scsi/lpfc/lpfc_vport.c | 8 +- drivers/scsi/mpi3mr/mpi3mr_app.c | 2 +- drivers/slimbus/qcom-ngd-ctrl.c | 6 +- drivers/spi/spi-axi-spi-engine.c | 229 +++++++------- drivers/spi/spi-hisi-kunpeng.c | 2 - drivers/spi/spi-microchip-core-qspi.c | 1 + drivers/spi/spi.c | 1 + drivers/target/target_core_configfs.c | 12 + drivers/ufs/core/ufs-mcq.c | 2 +- drivers/ufs/core/ufshcd.c | 9 +- drivers/uio/uio_hv_generic.c | 12 +- drivers/usb/core/hub.c | 5 +- drivers/usb/core/port.c | 8 +- drivers/usb/dwc3/core.c | 90 +++--- drivers/usb/dwc3/core.h | 1 + drivers/usb/dwc3/gadget.c | 2 + drivers/usb/dwc3/host.c | 27 ++ drivers/usb/gadget/composite.c | 6 +- drivers/usb/gadget/function/f_fs.c | 9 +- drivers/usb/gadget/function/uvc_configfs.c | 4 +- drivers/usb/host/ohci-hcd.c | 8 + drivers/usb/host/xhci-plat.h | 4 +- drivers/usb/host/xhci-rzv2m.c | 1 + drivers/usb/typec/tcpm/tcpm.c | 36 ++- drivers/usb/typec/ucsi/ucsi.c | 12 +- drivers/vfio/pci/vfio_pci.c | 2 + drivers/w1/slaves/w1_ds250x.c | 1 + fs/9p/fid.h | 3 - fs/9p/vfs_file.c | 2 + fs/9p/vfs_inode.c | 5 +- fs/9p/vfs_super.c | 1 + fs/btrfs/extent_io.c | 14 +- fs/btrfs/inode.c | 2 +- fs/btrfs/ordered-data.c | 1 + fs/btrfs/send.c | 4 +- fs/btrfs/transaction.c | 2 +- fs/btrfs/volumes.c | 18 +- fs/gfs2/bmap.c | 5 +- fs/nfs/client.c | 5 +- fs/nfs/inode.c | 13 +- fs/nfs/internal.h | 2 - fs/nfs/netns.h | 2 + fs/smb/client/cifsglob.h | 1 + fs/smb/client/connect.c | 8 + fs/smb/client/fs_context.c | 21 ++ fs/smb/client/fs_context.h | 2 + fs/smb/client/misc.c | 1 + fs/smb/client/smb2pdu.c | 11 + fs/smb/server/oplock.c | 35 ++- fs/smb/server/transport_tcp.c | 4 + fs/tracefs/event_inode.c | 45 ++- fs/tracefs/inode.c | 92 +++++- fs/tracefs/internal.h | 7 +- fs/userfaultfd.c | 4 + fs/vboxsf/file.c | 1 + include/linux/compiler_types.h | 11 + include/linux/dma-fence.h | 7 - include/linux/gfp_types.h | 2 + include/linux/hyperv.h | 1 + include/linux/nvmem-provider.h | 2 + include/linux/pci_ids.h | 2 + include/linux/regmap.h | 8 + include/linux/regulator/consumer.h | 4 +- include/linux/skbuff.h | 15 + include/linux/skmsg.h | 2 + include/linux/slab.h | 2 +- include/linux/sunrpc/clnt.h | 1 + include/net/gro.h | 9 + include/net/xfrm.h | 3 + include/sound/emu10k1.h | 3 +- include/sound/sof.h | 7 +- include/trace/events/rxrpc.h | 2 +- include/uapi/linux/kfd_ioctl.h | 17 +- include/uapi/scsi/scsi_bsg_mpi3mr.h | 2 +- kernel/bpf/bloom_filter.c | 13 + kernel/bpf/verifier.c | 3 +- kernel/dma/swiotlb.c | 1 + kernel/workqueue.c | 8 +- lib/Kconfig.debug | 5 +- lib/dynamic_debug.c | 6 +- lib/maple_tree.c | 16 +- lib/scatterlist.c | 2 +- mm/hugetlb.c | 4 +- mm/readahead.c | 4 + net/8021q/vlan_core.c | 2 + net/bluetooth/hci_core.c | 3 +- net/bluetooth/hci_event.c | 2 + net/bluetooth/l2cap_core.c | 3 + net/bluetooth/msft.c | 2 +- net/bluetooth/msft.h | 4 +- net/bluetooth/sco.c | 4 + net/bridge/br_forward.c | 9 +- net/bridge/br_netlink.c | 3 +- net/core/filter.c | 42 ++- net/core/gro.c | 1 + net/core/link_watch.c | 4 +- net/core/net-sysfs.c | 4 +- net/core/net_namespace.c | 13 +- net/core/rtnetlink.c | 6 +- net/core/skbuff.c | 27 +- net/core/skmsg.c | 5 +- net/core/sock.c | 4 +- net/hsr/hsr_device.c | 31 +- net/ipv4/af_inet.c | 1 + net/ipv4/ip_output.c | 2 +- net/ipv4/raw.c | 3 + net/ipv4/tcp.c | 4 +- net/ipv4/tcp_input.c | 2 + net/ipv4/tcp_ipv4.c | 8 +- net/ipv4/tcp_output.c | 4 +- net/ipv4/udp.c | 3 +- net/ipv4/udp_offload.c | 15 +- net/ipv4/xfrm4_input.c | 6 +- net/ipv6/addrconf.c | 11 +- net/ipv6/fib6_rules.c | 6 +- net/ipv6/ip6_input.c | 4 +- net/ipv6/ip6_offload.c | 52 +++- net/ipv6/ip6_output.c | 4 +- net/ipv6/udp.c | 3 +- net/ipv6/udp_offload.c | 3 +- net/ipv6/xfrm6_input.c | 6 +- net/l2tp/l2tp_eth.c | 3 + net/mac80211/ieee80211_i.h | 4 +- net/mac80211/mlme.c | 5 +- net/mptcp/ctrl.c | 39 ++- net/mptcp/protocol.c | 3 + net/nfc/nci/core.c | 1 + net/nsh/nsh.c | 14 +- net/phonet/pn_netlink.c | 2 +- net/rxrpc/ar-internal.h | 2 +- net/rxrpc/call_object.c | 7 +- net/rxrpc/conn_event.c | 16 +- net/rxrpc/conn_object.c | 9 +- net/rxrpc/input.c | 71 +++-- net/rxrpc/output.c | 14 +- net/rxrpc/protocol.h | 6 +- net/smc/smc_ib.c | 19 +- net/sunrpc/clnt.c | 5 +- net/sunrpc/xprtsock.c | 1 + net/tipc/msg.c | 8 +- net/wireless/nl80211.c | 2 + net/wireless/trace.h | 2 +- net/xfrm/xfrm_input.c | 8 + rust/kernel/lib.rs | 2 +- rust/macros/module.rs | 185 +++++++----- scripts/Makefile.modfinal | 2 +- security/keys/key.c | 3 +- sound/hda/intel-sdw-acpi.c | 2 + sound/pci/emu10k1/emu10k1.c | 3 +- sound/pci/emu10k1/emu10k1_main.c | 139 +++++---- sound/pci/hda/patch_realtek.c | 1 + sound/soc/codecs/wsa881x.c | 1 + sound/soc/intel/avs/topology.c | 2 + sound/soc/meson/Kconfig | 1 + sound/soc/meson/axg-card.c | 1 + sound/soc/meson/axg-fifo.c | 56 ++-- sound/soc/meson/axg-fifo.h | 12 +- sound/soc/meson/axg-frddr.c | 5 +- sound/soc/meson/axg-tdm-interface.c | 34 ++- sound/soc/meson/axg-toddr.c | 22 +- sound/soc/sof/intel/hda-dsp.c | 20 +- sound/soc/sof/intel/pci-lnl.c | 3 + sound/soc/tegra/tegra186_dspk.c | 7 +- sound/soc/ti/davinci-mcasp.c | 12 +- sound/usb/line6/driver.c | 6 +- tools/include/linux/kernel.h | 1 + tools/include/linux/mm.h | 5 + tools/include/linux/panic.h | 19 ++ tools/power/x86/turbostat/turbostat.8 | 2 +- tools/power/x86/turbostat/turbostat.c | 45 ++- .../selftests/bpf/prog_tests/bloom_filter_map.c | 6 + .../testing/selftests/bpf/prog_tests/tc_redirect.c | 52 ---- .../ftrace/test.d/filter/event-filter-function.tc | 2 +- tools/testing/selftests/mm/Makefile | 6 +- .../selftests/net/test_bridge_neigh_suppress.sh | 333 ++++++++++----------- tools/testing/selftests/timers/valid-adjtimex.c | 73 +++-- 350 files changed, 3151 insertions(+), 1846 deletions(-)

1 year, 4 months

9
9
0 0

[PATCH v1] wifi: mwifiex: Fix interface type change

by Francesco Dolcini

From: Rafael Beims <rafael.beims(a)toradex.com> When changing the interface type we also need to update the bss_num, the driver private data is searched based on a unique (bss_type, bss_num) tuple, therefore every time bss_type changes, bss_num must also change. This fixes for example an issue in which, after the mode changed, a wireless scan on the changed interface would not finish, leading to repeated -EBUSY messages to userspace when other scan requests were sent. Fixes: c606008b7062 ("mwifiex: Properly initialize private structure on interface type changes") Cc: stable(a)vger.kernel.org Signed-off-by: Rafael Beims <rafael.beims(a)toradex.com> Reviewed-by: Francesco Dolcini <francesco.dolcini(a)toradex.com> Signed-off-by: Francesco Dolcini <francesco.dolcini(a)toradex.com> --- drivers/net/wireless/marvell/mwifiex/cfg80211.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/wireless/marvell/mwifiex/cfg80211.c b/drivers/net/wireless/marvell/mwifiex/cfg80211.c index b909a7665e9c..155eb0fab12a 100644 --- a/drivers/net/wireless/marvell/mwifiex/cfg80211.c +++ b/drivers/net/wireless/marvell/mwifiex/cfg80211.c @@ -926,6 +926,8 @@ mwifiex_init_new_priv_params(struct mwifiex_private *priv, return -EOPNOTSUPP; } + priv->bss_num = mwifiex_get_unused_bss_num(adapter, priv->bss_type); + spin_lock_irqsave(&adapter->main_proc_lock, flags); adapter->main_locked = false; spin_unlock_irqrestore(&adapter->main_proc_lock, flags); -- 2.39.2

1 year, 4 months

2
4
0 0

[PATCH 6.9 0/5] 6.9.1-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.9.1 release. There are 5 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 17 May 2024 08:23:27 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.9.1-rc1.… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.9.1-rc1 Ben Greear <greearb(a)candelatech.com> wifi: mt76: mt7915: add missing chanctx ops Silvio Gissi <sifonsec(a)amazon.com> keys: Fix overwrite of key expiration on instantiation Nikhil Rao <nikhil.rao(a)intel.com> dmaengine: idxd: add a write() method for applications to submit work Arjan van de Ven <arjan(a)linux.intel.com> dmaengine: idxd: add a new security check to deal with a hardware erratum Arjan van de Ven <arjan(a)linux.intel.com> VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist ------------- Diffstat: Makefile | 4 +- drivers/dma/idxd/cdev.c | 77 ++++++++++++++++++++++++ drivers/dma/idxd/idxd.h | 3 + drivers/dma/idxd/init.c | 4 ++ drivers/dma/idxd/registers.h | 3 - drivers/dma/idxd/sysfs.c | 27 ++++++++- drivers/net/wireless/mediatek/mt76/mt7915/main.c | 4 ++ drivers/vfio/pci/vfio_pci.c | 2 + include/linux/pci_ids.h | 2 + security/keys/key.c | 3 +- 10 files changed, 121 insertions(+), 8 deletions(-)

1 year, 4 months

8
12
0 0

[PATCH 6.8 000/339] 6.8.10-rc3 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.8.10 release. There are 339 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 18 May 2024 12:12:41 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.8.10-rc3… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.8.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.8.10-rc3 Silvio Gissi <sifonsec(a)amazon.com> keys: Fix overwrite of key expiration on instantiation Nikhil Rao <nikhil.rao(a)intel.com> dmaengine: idxd: add a write() method for applications to submit work Arjan van de Ven <arjan(a)linux.intel.com> dmaengine: idxd: add a new security check to deal with a hardware erratum Arjan van de Ven <arjan(a)linux.intel.com> VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix firmware check error path Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix info leak when fetching fw build id Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix info leak when fetching board id Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: generalise device address check Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix NVM configuration parsing Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: add missing firmware sanity checks Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix wcn3991 device address check Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix invalid device address check Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Do not treat events directory different than other directories Steven Rostedt (Google) <rostedt(a)goodmis.org> tracefs: Still use mount point as default permissions for instances Steven Rostedt (Google) <rostedt(a)goodmis.org> tracefs: Reset permissions on remount if permissions are options Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: do not grant v2 lease if parent lease key and epoch are not set Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: avoid to send duplicate lease break notifications Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: off ipv6only for both ipv4/ipv6 binding Conor Dooley <conor.dooley(a)microchip.com> spi: microchip-core-qspi: fix setting spi bus clock rate Johan Hovold <johan+linaro(a)kernel.org> regulator: core: fix debugfs creation regression Sean Anderson <sean.anderson(a)linux.dev> nvme-pci: Add quirk for broken MSIs Ryan Roberts <ryan.roberts(a)arm.com> fs/proc/task_mmu: fix uffd-wp confusion in pagemap_scan_pmd_entry() Ryan Roberts <ryan.roberts(a)arm.com> fs/proc/task_mmu: fix loss of young/dirty bits during pagemap scan Vasant Hegde <vasant.hegde(a)amd.com> iommu/amd: Enhance def_domain_type to handle untrusted device Peter Xu <peterx(a)redhat.com> mm/userfaultfd: reset ptes when close() for wr-protected ones Kefeng Wang <wangkefeng.wang(a)huawei.com> mm: use memalloc_nofs_save() in page_cache_ra_order() Michael Ellerman <mpe(a)ellerman.id.au> selftests/mm: fix powerpc ARCH check Thomas Gleixner <tglx(a)linutronix.de> x86/apic: Don't access the APIC when disabling x2APIC Thomas Weißschuh <linux(a)weissschuh.net> misc/pvpanic-pci: register attributes via pci_driver Lakshmi Yadlapati <lakshmiy(a)us.ibm.com> hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> net: fix out-of-bounds access in ops_init Jason Gunthorpe <jgg(a)ziepe.ca> iommu/arm-smmu: Use the correct type in nvidia_smmu_context_fault() Volodymyr Babchuk <Volodymyr_Babchuk(a)epam.com> arm64: dts: qcom: sa8155p-adp: fix SDHC2 CD pin configuration Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Fix incorrect DSC instance for MST George Shen <george.shen(a)amd.com> drm/amd/display: Handle Y carry-over in VCP X.Y calculation Karthikeyan Ramasubramanian <kramasub(a)chromium.org> drm/i915/bios: Fix parsing backlight BDB data Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Automate CCS Mode setting during engine resets Chaitanya Kumar Borah <chaitanya.kumar.borah(a)intel.com> drm/i915/audio: Fix audio time stamp programming for DP Lyude Paul <lyude(a)redhat.com> drm/nouveau/gsp: Use the sg allocator for level 2 of radix3 Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Fix idle optimization checks for multi-display and dual eDP Matt Coster <matt.coster(a)imgtec.com> drm/imagination: Ensure PVR_MIPS_PT_PAGE_COUNT is never zero Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix invalid reads in fence signaled events Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Fix Legacy Display Unit Zack Rusin <zack.rusin(a)broadcom.com> drm/ttm: Print the memory decryption status just once Alex Deucher <alexander.deucher(a)amd.com> drm/amdkfd: don't allow mapping the MMIO HDP page with large pages Dave Airlie <airlied(a)redhat.com> Revert "drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()" Lyude Paul <lyude(a)redhat.com> drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor() Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add lunar lake point M DID Frank Oltmanns <frank(a)oltmanns.dev> clk: sunxi-ng: a64: Set minimum and maximum rate for PLL-MIPI Frank Oltmanns <frank(a)oltmanns.dev> clk: sunxi-ng: common: Support minimum and maximum rate Marek Szyprowski <m.szyprowski(a)samsung.com> clk: samsung: Revert "clk: Use device_get_match_data()" Viken Dadhaniya <quic_vdadhani(a)quicinc.com> slimbus: qcom-ngd-ctrl: Add timeout for wait operation Jim Cromie <jim.cromie(a)gmail.com> dyndbg: fix old BUG_ON in >control parser Joao Paulo Goncalves <joao.goncalves(a)toradex.com> ASoC: ti: davinci-mcasp: Fix race condition during probe Sameer Pujar <spujar(a)nvidia.com> ASoC: tegra: Fix DSPK 16-bit playback Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize UMAC_CMD access Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access Max Filippov <jcmvbkbc(a)gmail.com> xtensa: fix MAKE_PC_FROM_RA second argument Paolo Abeni <pabeni(a)redhat.com> tipc: fix UAF in error path Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: change usleep_range to udelay in PHY mdic access Alexander Potapenko <glider(a)google.com> kmsan: compiler_types: declare __no_sanitize_or_inline Hans de Goede <hdegoede(a)redhat.com> iio: accel: mxc4005: Reset chip on probe() and resume() Hans de Goede <hdegoede(a)redhat.com> iio: accel: mxc4005: Interrupt handling fixes Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: pressure: Fixes SPI support for BMP3xx devices Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: pressure: Fixes BME280 SPI driver data Ramona Gradinariu <ramona.bolboaca13(a)gmail.com> iio:imu: adis16475: Fix sync mode setting Javier Carrasco <javier.carrasco.cruz(a)gmail.com> dt-bindings: iio: health: maxim,max30102: fix compatible check Sven Schnelle <svens(a)linux.ibm.com> workqueue: Fix selection of wake_cpu in kick_pool() Gregory Detal <gregory.detal(a)gmail.com> mptcp: only allow set existing scheduler for net.mptcp.scheduler Paolo Abeni <pabeni(a)redhat.com> mptcp: ensure snd_nxt is properly initialized on connect Dan Carpenter <dan.carpenter(a)linaro.org> mm/slab: make __free(kfree) accept error pointers Liam R. Howlett <Liam.Howlett(a)oracle.com> maple_tree: fix mas_empty_area_rev() null pointer dereference Josef Bacik <josef(a)toxicpanda.com> btrfs: make sure that WRITTEN is set on all metadata blocks Qu Wenruo <wqu(a)suse.com> btrfs: qgroup: do not check qgroup inherit if qgroup is disabled Qu Wenruo <wqu(a)suse.com> btrfs: set correct ram_bytes when splitting ordered extent Dominique Martinet <dominique.martinet(a)atmark-techno.com> btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() Nicolas Bouchinet <nicolas.bouchinet(a)ssi.gouv.fr> mm/slub: avoid zeroing outside-object freepointer for single free Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: ohci: fulfill timestamp for some local asynchronous transaction Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Fix conflicting PCI SSID 17aa:386f for Lenovo Legion models Aman Dhoot <amandhoot12(a)gmail.com> ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU Badhri Jagan Sridharan <badhri(a)google.com> usb: typec: tcpm: Check for port partner validity before consuming it Amit Sunil Dhamne <amitsd(a)google.com> usb: typec: tcpm: unregister existing source caps before re-registration RD Babiera <rdbabiera(a)google.com> usb: typec: tcpm: clear pd_event queue in PORT_RESET Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: core: Prevent phy suspend during init Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: xhci-plat: Don't include xhci.h Chris Wulff <Chris.Wulff(a)biamp.com> usb: gadget: f_fs: Fix a race condition when processing setup packets. Wesley Cheng <quic_wcheng(a)quicinc.com> usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete Ivan Avdeev <me(a)provod.works> usb: gadget: uvc: use correct buffer size when parsing configfs lists Peter Korsgaard <peter(a)korsgaard.com> usb: gadget: composite: fix OS descriptors w_value logic Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix access violation during port device removal Guenter Roeck <linux(a)roeck-us.net> usb: ohci: Prevent missed ohci interrupts Alan Stern <stern(a)rowland.harvard.edu> usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Fix connector check on init Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Check for notifications after init Linus Torvalds <torvalds(a)linux-foundation.org> Reapply "drm/qxl: simplify qxl_fence_wait" Thanassis Avgerinos <thanassis.avgerinos(a)gmail.com> firewire: nosy: ensure user_length is taken into account when fetching packet contents Christian König <christian.koenig(a)amd.com> drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 Michel Dänzer <mdaenzer(a)redhat.com> drm/amdgpu: Fix comparison in amdgpu_res_cpu_visible Gabe Teeger <gabe.teeger(a)amd.com> drm/amd/display: Atom Integrated System Info v2_2 for DCN35 Kent Gibson <warthog618(a)gmail.com> gpiolib: cdev: fix uninitialised kfifo Zhongqiu Han <quic_zhonhan(a)quicinc.com> gpiolib: cdev: Fix use after free in lineinfo_changed_notify Mario Limonciello <mario.limonciello(a)amd.com> dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users Douglas Anderson <dianders(a)chromium.org> drm/connector: Add \n to message about demoting connector force-probes Jerome Brunet <jbrunet(a)baylibre.com> drm/meson: dw-hdmi: add bandgap setting for g12 Jerome Brunet <jbrunet(a)baylibre.com> drm/meson: dw-hdmi: power up phy on device init Steffen Bätz <steffen(a)innosonix.de> net: dsa: mv88e6xxx: add phylink_get_caps for the mv88e6320/21 family Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix kernel crash when devlink reload during initialization Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix port vlan filter not disabled issue Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: use appropriate barrier function after setting a bit value Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: release PTP resources if pf initialization failed Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: change type of numa_node_mask as nodemask_t Jian Shen <shenjian15(a)huawei.com> net: hns3: direct return when receive a unknown mailbox message Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: using user configure after hardware reset Wen Gu <guwen(a)linux.alibaba.com> net/smc: fix neighbour and rtable leak in smc_ib_find_route() Eric Dumazet <edumazet(a)google.com> ipv6: prevent NULL dereference in ip6_output() Eric Dumazet <edumazet(a)google.com> ipv6: annotate data-races around cnf.disable_ipv6 Lukasz Majewski <lukma(a)denx.de> hsr: Simplify code for announcing HSR nodes timer setup Eric Dumazet <edumazet(a)google.com> net-sysfs: convert dev->operstate reads to lockless ones Eric Dumazet <edumazet(a)google.com> ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() Daniel Golle <daniel(a)makrotopia.org> dt-bindings: net: mediatek: remove wrongly added clocks and SerDes David Howells <dhowells(a)redhat.com> rxrpc: Only transmit one ACK per jumbo packet received David Howells <dhowells(a)redhat.com> rxrpc: Fix congestion control algorithm David Howells <dhowells(a)redhat.com> rxrpc: Fix the names of the fields in the ACK trailer struct Ido Schimmel <idosch(a)nvidia.com> selftests: test_bridge_neigh_suppress.sh: Fix failures due to duplicate MAC Shigeru Yoshida <syoshida(a)redhat.com> ipv6: Fix potential uninit-value access in __ip6_make_skb() Felix Fietkau <nbd(a)nbd.name> net: bridge: fix corrupted ethernet header on multicast-to-unicast Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> nfc: nci: Fix kcov check in nci_rx_work() Donald Hunter <donald.hunter(a)gmail.com> netlink: specs: Add missing bridge linkinfo attrs Eric Dumazet <edumazet(a)google.com> phonet: fix rtm_phonet_notify() skb allocation Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use a separate buffer for sending commands Roded Zats <rzats(a)paloaltonetworks.com> rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Marek Vasut <marex(a)denx.de> net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout Sungwoo Kim <iam(a)sung-woo.kim> Bluetooth: HCI: Fix potential null-ptr-deref Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183-pico6: Fix bluetooth node Sungwoo Kim <iam(a)sung-woo.kim> Bluetooth: msft: fix slab-use-after-free in msft_do_close() Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Eric Dumazet <edumazet(a)google.com> tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets Boy.Wu <boy.wu(a)mediatek.com> ARM: 9381/1: kasan: clear stale stack poison Paul Davey <paul.davey(a)alliedtelesis.co.nz> xfrm: Preserve vlan tags for transport mode software GRO Al Viro <viro(a)zeniv.linux.org.uk> qibfs: fix dentry leak Olga Kornievskaia <kolga(a)netapp.com> SUNRPC: add a missing rpc_stat for TCP TLS Li Nan <linan122(a)huawei.com> blk-iocost: do not WARN if iocg was already offlined Vanillan Wang <vanillanwang(a)163.com> net:usb:qmi_wwan: support Rolling modules Alex Deucher <alexander.deucher(a)amd.com> drm/radeon: silence UBSAN warning (v3) Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> platform/x86: ISST: Add Granite Rapids-D to HPM CPU list Mario Limonciello <mario.limonciello(a)amd.com> platform/x86/amd: pmf: Decrease error message to debug Lyude Paul <lyude(a)redhat.com> drm/nouveau/dp: Don't probe eDP ports twice harder Krzysztof Kozlowski <krzk(a)kernel.org> gpio: lpc32xx: fix module autoloading Joakim Sindholt <opensource(a)zhasha.com> fs/9p: drop inodes immediately on non-.L too Eric Van Hensbergen <ericvh(a)kernel.org> fs/9p: remove erroneous nlink init from legacy stat2inode Stephen Boyd <sboyd(a)kernel.org> clk: Don't hold prepare_lock when calling kref_put() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: crystalcove: Use -ENOTSUPP consistently Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: wcove: Use -ENOTSUPP consistently Michael Ellerman <mpe(a)ellerman.id.au> powerpc/crypto/chacha-p10: Fix failure on non Power10 Jeff Layton <jlayton(a)kernel.org> 9p: explicitly deny setlease attempts Joakim Sindholt <opensource(a)zhasha.com> fs/9p: fix the cache always being enabled on files with qid flags Joakim Sindholt <opensource(a)zhasha.com> fs/9p: translate O_TRUNC into OTRUNC Joakim Sindholt <opensource(a)zhasha.com> fs/9p: only translate RWX permissions for plain 9P2000 Krzysztof Kozlowski <krzk(a)kernel.org> iommu: mtk: fix module autoloading Steve French <stfrench(a)microsoft.com> smb3: fix broken reconnect when password changing on the server by allowing password rotation Ashutosh Dixit <ashutosh.dixit(a)intel.com> drm/xe: Label RING_CONTEXT_CONTROL as masked Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> drm/xe/xe_migrate: Cast to output precision before multiplying operands Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted Rick Edgecombe <rick.p.edgecombe(a)intel.com> uio_hv_generic: Don't free decrypted memory Rick Edgecombe <rick.p.edgecombe(a)intel.com> hv_netvsc: Don't free decrypted memory Rick Edgecombe <rick.p.edgecombe(a)intel.com> Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl Rick Edgecombe <rick.p.edgecombe(a)intel.com> Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails John Stultz <jstultz(a)google.com> selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior Zhigang Luo <Zhigang.Luo(a)amd.com> amd/amdkfd: sync all devices to wait all processes being evicted Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Fix VCN allocation in CPX partition Kenneth Feng <kenneth.feng(a)amd.com> drm/amd/pm: fix the high voltage issue after unload Alex Hung <alex.hung(a)amd.com> drm/amd/display: Skip on writeback when it's not applicable Tao Zhou <tao.zhou1(a)amd.com> drm/amdgpu: implement IRQ_STATE_ENABLE for SDMA v4.4.2 Yifan Zhang <yifan1.zhang(a)amd.com> drm/amdgpu: add smu 14.0.1 discovery support Li Ma <li.ma(a)amd.com> drm/amd/display: add DCN 351 version for microcode load Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Refine IB schedule error logging Eric Dumazet <edumazet(a)google.com> nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies Eric Dumazet <edumazet(a)google.com> net: add copy_safe_from_sockptr() helper Justin Ernst <justin.ernst(a)hpe.com> tools/power/turbostat: Fix uncore frequency file string Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: scall: Save thread_info.syscall unconditionally on entry Thierry Reding <treding(a)nvidia.com> gpu: host1x: Do not setup DMA for virtual devices Bernhard Rosenkränzer <bero(a)baylibre.com> platform/x86: acer-wmi: Add support for Acer PH18-71 Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Fix missed error message after VPU rename Wachowski, Karol <karol.wachowski(a)intel.com> accel/ivpu: Improve clarity of MMU error messages Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Remove d3hot_after_power_off WA Rik van Riel <riel(a)surriel.com> blk-iocost: avoid out of bounds shift Xiang Chen <chenxiang66(a)hisilicon.com> scsi: hisi_sas: Handle the NCQ error returned by D2H frame Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix SELinux error when systemd-modules loads the target module Kees Cook <keescook(a)chromium.org> nouveau/gsp: Avoid addressing beyond end of rpc->entries Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `BIT' Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `panic' Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `early_pfn_to_nid' Boris Burkov <boris(a)bur.io> btrfs: always clear PERTRANS metadata during commit Boris Burkov <boris(a)bur.io> btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve Len Brown <len.brown(a)intel.com> tools/power turbostat: Fix warning upon failed /dev/cpu_dma_latency read Patryk Wlazlyn <patryk.wlazlyn(a)linux.intel.com> tools/power turbostat: Print ucode revision only if valid Len Brown <len.brown(a)intel.com> tools/power turbostat: Expand probe_intel_uncore_frequency() Chen Yu <yu.c.chen(a)intel.com> tools/power turbostat: Do not print negative LPI residency Peng Liu <liupeng17(a)lenovo.com> tools/power turbostat: Fix Bzy_MHz documentation typo Wyes Karny <wyes.karny(a)amd.com> tools/power turbostat: Increase the limit for fd opened Doug Smythies <dsmythies(a)telus.net> tools/power turbostat: Fix added raw MSR output Adam Goldman <adamg(a)pobox.com> firewire: ohci: mask bus reset interrupts between ISR and bottom half Chen Ni <nichen(a)iscas.ac.cn> ata: sata_gemini: Check clk_enable() result Jeff Layton <jlayton(a)kernel.org> vboxsf: explicitly deny setlease attempts Phil Elwell <phil(a)raspberrypi.com> net: bcmgenet: Reset RBUF on first open Zhang Yi <zhangyi(a)everest-semi.com> ASoC: codecs: ES8326: modify clock table Zhang Yi <zhangyi(a)everest-semi.com> ASoC: codecs: ES8326: Solve error interruption issue Li Nan <linan122(a)huawei.com> block: fix overflow in blk_ioctl_discard() Takashi Iwai <tiwai(a)suse.de> ALSA: line6: Zero-initialize message buffers Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: Fix MCQ mode dev command timeout Yihang Li <liyihang9(a)huawei.com> scsi: libsas: Align SMP request allocation to ARCH_DMA_MINALIGN Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: WLUN suspend dev/link state error recovery Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> OSS: dmasound/paula: Mark driver struct with __refdata to prevent section mismatch André Apitzsch <git(a)apitzsch.eu> regulator: tps65132: Add of_match table Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda-dsp: Skip IMR boot on ACE platforms in case of S3 suspend Borislav Petkov (AMD) <bp(a)alien8.de> kbuild: Disable KCSAN for autogenerated *.mod.c intermediaries Mark Rutland <mark.rutland(a)arm.com> selftests/ftrace: Fix event filter target_func selection Andrei Matei <andreimatei1(a)gmail.com> bpf: Check bloom filter map value size Jonathan Kim <Jonathan.Kim(a)amd.com> drm/amdkfd: range check cp bad op exception interrupts Mukul Joshi <mukul.joshi(a)amd.com> drm/amdkfd: Check cgroup when returning DMABuf info Anand Jain <anand.jain(a)oracle.com> btrfs: return accurate error code on open failure in open_fs_devices() Saurav Kashyap <skashyap(a)marvell.com> scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> scsi: mpi3mr: Avoid memcpy field-spanning write WARNING Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe: Fix END redefinition linke li <lilinke99(a)qq.com> net: mark racy access on sk->sk_rcvbuf Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: mvm: guard against invalid STA ID on removal Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: read txq->read_ptr under lock Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix prep_connection error path Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> wifi: cfg80211: fix rdev_dump_mpp() arguments order Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc Eric Van Hensbergen <ericvh(a)kernel.org> fs/9p: fix uninitialized values during inode evict Andrew Price <anprice(a)redhat.com> gfs2: Fix invalid metadata access in punch_hole Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Use a dedicated lock for ras_fwlog state Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Move NPIV's transport unregistration to after resource clean up Rohit Ner <rohitner(a)google.com> scsi: ufs: core: Fix MCQ MAC configuration Conor Dooley <conor.dooley(a)microchip.com> firmware: microchip: don't unconditionally print validation success Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: fix timing of synchronizing bitmap and inode Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() Will Deacon <will(a)kernel.org> swiotlb: initialise restricted pool list_head when SWIOTLB_DYNAMIC=y Shubhrajyoti Datta <shubhrajyoti.datta(a)amd.com> EDAC/versal: Do not log total error counts Gaurav Batra <gbatra(a)linux.ibm.com> powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE Nayna Jain <nayna(a)linux.ibm.com> powerpc/pseries: make max polling consistent for longer H_CALLs Jernej Skrabec <jernej.skrabec(a)gmail.com> clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change Adam Skladowski <a39.skl(a)gmail.com> clk: qcom: smd-rpm: Restore msm8976 num_clk Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe/display: Fix ADL-N detection Richard Gobert <richardbgobert(a)gmail.com> net: gro: add flush check in udp_gro_receive_segment Richard Gobert <richardbgobert(a)gmail.com> net: gro: fix udp bad offset in socket lookup by adding {inner_}network_offset to napi_gro_cb Shigeru Yoshida <syoshida(a)redhat.com> ipv4: Fix uninit-value access in __ip_make_skb() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Use predefined error codes Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Respect deferred probe Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Correct use of device property APIs Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: Fix kernel panic after setting hsuid Guillaume Nault <gnault(a)redhat.com> vxlan: Pull inner IP header in vxlan_rcv(). Xin Long <lucien.xin(a)gmail.com> tipc: fix a possible memleak in tipc_buf_append Jeffrey Altman <jaltman(a)auristor.com> rxrpc: Clients must accept conn from any address Felix Fietkau <nbd(a)nbd.name> net: core: reject skb_copy(_expand) for fraglist GSO skbs Felix Fietkau <nbd(a)nbd.name> net: bridge: fix multicast-to-unicast with fraglist GSO Mans Rullgard <mans(a)mansr.com> spi: fix null pointer dereference within spi_sync Shashank Sharma <shashank.sharma(a)amd.com> drm/amdgpu: fix doorbell regression Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> cxgb4: Properly lock TX queue for the selftest. Bui Quang Minh <minhquangbui99(a)gmail.com> s390/cio: Ensure the copied buf is NUL terminated Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: cards: select SND_DYNAMIC_MINORS Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-tdm-interface: manage formatters in trigger Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-card: make links nonatomic Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-fifo: use threaded irq to check periods Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-fifo: use FIELD helpers Guillaume Nault <gnault(a)redhat.com> vxlan: Add missing VNI filter counter update in arp_reduce(). Guillaume Nault <gnault(a)redhat.com> vxlan: Fix racy device stats updates. Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_actions() Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flow_spec Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flower Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: fix E-MU dock initialization Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: move the whole GPIO event handling to the workqueue Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: factor out snd_emu1010_load_dock_firmware() Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: fix E-MU card dock presence monitoring David Howells <dhowells(a)redhat.com> Fix a potential infinite loop in extract_user_to_sg() Jens Remus <jremus(a)linux.ibm.com> s390/vdso: Add CFI for RA register to asm macro vdso_func Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal/debugfs: Prevent use-after-free from occurring after cdev removal David Bauer <mail(a)david-bauer.net> net l2tp: drop flow hash on forward Kuniyuki Iwashima <kuniyu(a)amazon.com> nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal/debugfs: Fix two locking issues with thermal zone debug Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal/debugfs: Free all thermal zone debug memory on zone removal Bui Quang Minh <minhquangbui99(a)gmail.com> octeontx2-af: avoid off-by-one read from userspace Bui Quang Minh <minhquangbui99(a)gmail.com> bna: ensure the copied buf is NUL terminated Bui Quang Minh <minhquangbui99(a)gmail.com> ice: ensure the copied buf is NUL terminated Chen Yu <yu.c.chen(a)intel.com> efi/unaccepted: touch soft lockup during memory accept Toke Høiland-Jørgensen <toke(a)redhat.com> xdp: use flags field to disambiguate broadcast redirect Puranjay Mohan <puranjay(a)kernel.org> arm32, bpf: Reimplement sign-extension mov instruction Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix clearing storage keys for huge pages Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix storage key clearing for guest huge pages Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: codecs: wsa881x: set clk_stop_mode1 flag Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: Intel: avs: Set name of control as in topology Xu Kuohai <xukuohai(a)huawei.com> riscv, bpf: Fix incorrect runtime stats Xu Kuohai <xukuohai(a)huawei.com> bpf, arm64: Fix incorrect runtime stats Devyn Liu <liudingyuan(a)huawei.com> spi: hisi-kunpeng: Delete the dump interface of data registers in debugfs David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: fix version format string David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: use common AXI macros Anton Protopopov <aspsk(a)isovalent.com> bpf: Fix a verifier verbose message Yi Zhang <yi.zhang(a)redhat.com> nvme: fix warn output about shared namespaces without CONFIG_NVME_MULTIPATH Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: SOF: Intel: add default firmware library path for LNL Richard Fitzgerald <rf(a)opensource.cirrus.com> regmap: Add regmap_read_bypassed() Jason Xing <kernelxing(a)tencent.com> bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Andrii Nakryiko <andrii(a)kernel.org> bpf, kconfig: Fix DEBUG_INFO_BTF_MODULES Kconfig definition Matti Vaittinen <mazziesaccount(a)gmail.com> regulator: change devm_regulator_get_enable_optional() stub to return Ok Matti Vaittinen <mazziesaccount(a)gmail.com> regulator: change stubbed devm_regulator_get_enable to return Ok AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> regulator: mt6360: De-capitalize devicetree regulator subnodes Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix nfsd4_encode_fattr4() crasher Dai Ngo <dai.ngo(a)oracle.com> NFSD: add support for CB_GETATTR callback Josef Bacik <josef(a)toxicpanda.com> nfsd: make all of the nfsd stats per-network namespace Josef Bacik <josef(a)toxicpanda.com> nfsd: expose /proc/net/sunrpc/nfsd in net namespaces Josef Bacik <josef(a)toxicpanda.com> nfsd: rename NFSD_NET_* to NFSD_STATS_* Zeng Heng <zengheng4(a)huawei.com> pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> power: supply: mt6360_charger: Fix of_match for usb-otg-vbus regulator Arnd Bergmann <arnd(a)arndb.de> power: rt9455: hide unused rt9455_boost_voltage_values Hans de Goede <hdegoede(a)redhat.com> pinctrl: baytrail: Fix selecting gpio pinctrl state Kuniyuki Iwashima <kuniyu(a)amazon.com> nfs: Handle error of rpc_proc_register() in nfs_net_init(). Josef Bacik <josef(a)toxicpanda.com> nfs: make the rpc_stat per net namespace Josef Bacik <josef(a)toxicpanda.com> nfs: expose /proc/net/sunrpc/nfs in net namespaces Josef Bacik <josef(a)toxicpanda.com> sunrpc: add a struct rpc_stats arg to rpc_create_args Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback Dan Carpenter <dan.carpenter(a)linaro.org> pinctrl: core: delete incorrect free in pinctrl_enable() Jan Dakinevich <jan.dakinevich(a)salutedevices.com> pinctrl/meson: fix typo in PDM's pin name Billy Tsai <billy_tsai(a)aspeedtech.com> pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: don't free NULL coalescing rule Benno Lossin <benno.lossin(a)proton.me> rust: macros: fix soundness issue in `module!` macro Thomas Bertschinger <tahbertschinger(a)gmail.com> rust: module: place generated init_module() function in .init.text ------------- Diffstat: .../bindings/iio/health/maxim,max30102.yaml | 2 +- .../devicetree/bindings/net/mediatek,net.yaml | 22 +-- Documentation/netlink/specs/rt_link.yaml | 6 + Makefile | 4 +- arch/arm/kernel/sleep.S | 4 + arch/arm/net/bpf_jit_32.c | 56 +++++-- .../dts/mediatek/mt8183-kukui-jacuzzi-pico6.dts | 3 +- arch/arm64/boot/dts/qcom/sa8155p-adp.dts | 30 ++-- arch/arm64/kvm/vgic/vgic-kvm-device.c | 8 +- arch/arm64/net/bpf_jit_comp.c | 6 +- arch/mips/include/asm/ptrace.h | 2 +- arch/mips/kernel/asm-offsets.c | 1 + arch/mips/kernel/ptrace.c | 15 +- arch/mips/kernel/scall32-o32.S | 23 +-- arch/mips/kernel/scall64-n32.S | 3 +- arch/mips/kernel/scall64-n64.S | 3 +- arch/mips/kernel/scall64-o32.S | 33 ++-- arch/powerpc/crypto/chacha-p10-glue.c | 8 +- arch/powerpc/include/asm/plpks.h | 5 +- arch/powerpc/platforms/pseries/iommu.c | 8 + arch/powerpc/platforms/pseries/plpks.c | 10 +- arch/riscv/net/bpf_jit_comp64.c | 6 +- arch/s390/include/asm/dwarf.h | 1 + arch/s390/kernel/vdso64/vdso_user_wrapper.S | 2 + arch/s390/mm/gmap.c | 2 +- arch/s390/mm/hugetlbpage.c | 2 +- arch/x86/kernel/apic/apic.c | 16 +- arch/xtensa/include/asm/processor.h | 8 +- arch/xtensa/include/asm/ptrace.h | 2 +- arch/xtensa/kernel/process.c | 5 +- arch/xtensa/kernel/stacktrace.c | 3 +- block/blk-iocost.c | 14 +- block/ioctl.c | 5 +- drivers/accel/ivpu/ivpu_drv.c | 20 +-- drivers/accel/ivpu/ivpu_drv.h | 3 +- drivers/accel/ivpu/ivpu_hw_37xx.c | 4 +- drivers/accel/ivpu/ivpu_mmu.c | 8 +- drivers/accel/ivpu/ivpu_pm.c | 9 +- drivers/ata/sata_gemini.c | 5 +- drivers/base/regmap/regmap.c | 37 +++++ drivers/bluetooth/btqca.c | 140 ++++++++++++++-- drivers/bluetooth/btqca.h | 3 +- drivers/bluetooth/hci_qca.c | 2 - drivers/clk/clk.c | 12 +- drivers/clk/qcom/clk-smd-rpm.c | 1 + drivers/clk/samsung/clk-exynos-clkout.c | 13 +- drivers/clk/sunxi-ng/ccu-sun50i-a64.c | 2 + drivers/clk/sunxi-ng/ccu-sun50i-h6.c | 19 ++- drivers/clk/sunxi-ng/ccu_common.c | 19 +++ drivers/clk/sunxi-ng/ccu_common.h | 3 + drivers/dma/idxd/cdev.c | 77 +++++++++ drivers/dma/idxd/idxd.h | 3 + drivers/dma/idxd/init.c | 4 + drivers/dma/idxd/registers.h | 3 - drivers/dma/idxd/sysfs.c | 27 ++- drivers/edac/versal_edac.c | 4 +- drivers/firewire/nosy.c | 6 +- drivers/firewire/ohci.c | 14 +- drivers/firmware/efi/unaccepted_memory.c | 4 + drivers/firmware/microchip/mpfs-auto-update.c | 2 + drivers/gpio/gpio-crystalcove.c | 2 +- drivers/gpio/gpio-lpc32xx.c | 1 + drivers/gpio/gpio-wcove.c | 2 +- drivers/gpio/gpiolib-cdev.c | 16 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 26 +-- drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 14 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 56 ++++--- drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c | 15 +- drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c | 16 +- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 11 +- drivers/gpu/drm/amd/amdkfd/kfd_device.c | 17 +- drivers/gpu/drm/amd/amdkfd/kfd_int_process_v10.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_int_process_v11.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_int_process_v9.c | 3 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 15 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 48 ++++-- drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 1 + .../display/dc/dcn31/dcn31_hpo_dp_link_encoder.c | 6 + .../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 33 +++- drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 27 ++- drivers/gpu/drm/amd/pm/swsmu/inc/amdgpu_smu.h | 1 + .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 8 +- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c | 2 +- drivers/gpu/drm/drm_connector.c | 2 +- drivers/gpu/drm/i915/display/intel_audio.c | 113 +------------ drivers/gpu/drm/i915/display/intel_bios.c | 19 +-- drivers/gpu/drm/i915/display/intel_vbt_defs.h | 5 - drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c | 6 +- drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h | 2 +- drivers/gpu/drm/i915/gt/intel_workarounds.c | 4 +- drivers/gpu/drm/imagination/pvr_fw_mips.h | 5 +- drivers/gpu/drm/meson/meson_dw_hdmi.c | 70 ++++---- drivers/gpu/drm/nouveau/include/nvkm/subdev/gsp.h | 4 +- drivers/gpu/drm/nouveau/nouveau_dp.c | 13 +- drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 81 +++++---- drivers/gpu/drm/panel/Kconfig | 2 +- drivers/gpu/drm/panel/panel-ilitek-ili9341.c | 13 +- drivers/gpu/drm/qxl/qxl_release.c | 50 +----- drivers/gpu/drm/radeon/pptable.h | 10 +- drivers/gpu/drm/ttm/ttm_tt.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 1 + drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 +- drivers/gpu/drm/xe/compat-i915-headers/i915_drv.h | 3 +- drivers/gpu/drm/xe/regs/xe_engine_regs.h | 2 +- drivers/gpu/drm/xe/xe_lrc.c | 25 ++- drivers/gpu/drm/xe/xe_migrate.c | 8 +- drivers/gpu/host1x/bus.c | 8 - drivers/hv/channel.c | 29 +++- drivers/hv/connection.c | 29 +++- drivers/hwmon/corsair-cpro.c | 43 +++-- drivers/hwmon/pmbus/ucd9000.c | 6 +- drivers/iio/accel/mxc4005.c | 92 +++++++++- drivers/iio/imu/adis16475.c | 4 +- drivers/iio/pressure/bmp280-core.c | 1 + drivers/iio/pressure/bmp280-spi.c | 13 +- drivers/iio/pressure/bmp280.h | 1 + drivers/infiniband/hw/qib/qib_fs.c | 1 + drivers/iommu/amd/iommu.c | 4 + drivers/iommu/arm/arm-smmu/arm-smmu-nvidia.c | 4 +- drivers/iommu/mtk_iommu.c | 1 + drivers/iommu/mtk_iommu_v1.c | 1 + drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/misc/pvpanic/pvpanic-pci.c | 4 +- drivers/net/dsa/mv88e6xxx/chip.c | 20 ++- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 32 +++- drivers/net/ethernet/broadcom/genet/bcmgenet.h | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 8 +- drivers/net/ethernet/broadcom/genet/bcmmii.c | 6 +- drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 4 +- drivers/net/ethernet/chelsio/cxgb4/sge.c | 6 +- drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 52 +++--- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.h | 5 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 7 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 20 +-- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 2 +- drivers/net/ethernet/intel/e1000e/phy.c | 8 +- drivers/net/ethernet/intel/ice/ice_debugfs.c | 8 +- .../ethernet/marvell/octeontx2/af/rvu_debugfs.c | 4 +- drivers/net/ethernet/micrel/ks8851_common.c | 16 +- drivers/net/ethernet/qlogic/qede/qede_filter.c | 14 +- drivers/net/hyperv/netvsc.c | 7 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/vxlan/vxlan_core.c | 49 ++++-- drivers/net/wireless/intel/iwlwifi/mvm/mld-sta.c | 7 +- drivers/net/wireless/intel/iwlwifi/queue/tx.c | 2 +- drivers/nvme/host/core.c | 2 +- drivers/nvme/host/nvme.h | 5 + drivers/nvme/host/pci.c | 14 +- drivers/pinctrl/aspeed/pinctrl-aspeed-g6.c | 34 ++-- drivers/pinctrl/core.c | 8 +- drivers/pinctrl/devicetree.c | 10 +- drivers/pinctrl/intel/pinctrl-baytrail.c | 74 +++++---- drivers/pinctrl/intel/pinctrl-intel.h | 4 + drivers/pinctrl/mediatek/pinctrl-paris.c | 40 ++--- drivers/pinctrl/meson/pinctrl-meson-a1.c | 6 +- drivers/platform/x86/acer-wmi.c | 9 + drivers/platform/x86/amd/pmf/acpi.c | 2 +- .../x86/intel/speed_select_if/isst_if_common.c | 1 + drivers/power/supply/mt6360_charger.c | 2 +- drivers/power/supply/rt9455_charger.c | 2 + drivers/regulator/core.c | 27 +-- drivers/regulator/mt6360-regulator.c | 32 ++-- drivers/regulator/tps65132-regulator.c | 7 + drivers/s390/cio/cio_inject.c | 2 +- drivers/s390/net/qeth_core_main.c | 69 ++++---- drivers/scsi/bnx2fc/bnx2fc_tgt.c | 2 - drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 10 +- drivers/scsi/libsas/sas_expander.c | 2 +- drivers/scsi/lpfc/lpfc.h | 2 +- drivers/scsi/lpfc/lpfc_attr.c | 4 +- drivers/scsi/lpfc/lpfc_bsg.c | 20 +-- drivers/scsi/lpfc/lpfc_debugfs.c | 12 +- drivers/scsi/lpfc/lpfc_els.c | 20 +-- drivers/scsi/lpfc/lpfc_hbadisc.c | 5 +- drivers/scsi/lpfc/lpfc_init.c | 5 +- drivers/scsi/lpfc/lpfc_nvme.c | 4 +- drivers/scsi/lpfc/lpfc_scsi.c | 13 +- drivers/scsi/lpfc/lpfc_sli.c | 34 ++-- drivers/scsi/lpfc/lpfc_vport.c | 8 +- drivers/scsi/mpi3mr/mpi3mr_app.c | 2 +- drivers/slimbus/qcom-ngd-ctrl.c | 6 +- drivers/spi/spi-axi-spi-engine.c | 19 +-- drivers/spi/spi-hisi-kunpeng.c | 2 - drivers/spi/spi-microchip-core-qspi.c | 1 + drivers/spi/spi.c | 1 + drivers/target/target_core_configfs.c | 12 ++ drivers/thermal/thermal_debugfs.c | 59 +++++-- drivers/ufs/core/ufs-mcq.c | 2 +- drivers/ufs/core/ufshcd.c | 9 +- drivers/uio/uio_hv_generic.c | 12 +- drivers/usb/core/hub.c | 5 +- drivers/usb/core/port.c | 8 +- drivers/usb/dwc3/core.c | 90 +++++----- drivers/usb/dwc3/core.h | 1 + drivers/usb/dwc3/gadget.c | 2 + drivers/usb/dwc3/host.c | 27 +++ drivers/usb/gadget/composite.c | 6 +- drivers/usb/gadget/function/f_fs.c | 9 +- drivers/usb/gadget/function/uvc_configfs.c | 4 +- drivers/usb/host/ohci-hcd.c | 8 + drivers/usb/host/xhci-plat.h | 4 +- drivers/usb/host/xhci-rzv2m.c | 1 + drivers/usb/typec/tcpm/tcpm.c | 36 +++- drivers/usb/typec/ucsi/ucsi.c | 12 +- drivers/vfio/pci/vfio_pci.c | 2 + fs/9p/fid.h | 3 - fs/9p/vfs_file.c | 2 + fs/9p/vfs_inode.c | 23 ++- fs/9p/vfs_super.c | 1 + fs/btrfs/inode.c | 2 +- fs/btrfs/ordered-data.c | 1 + fs/btrfs/qgroup.c | 2 + fs/btrfs/transaction.c | 2 +- fs/btrfs/tree-checker.c | 30 ++-- fs/btrfs/tree-checker.h | 1 + fs/btrfs/volumes.c | 18 +- fs/exfat/file.c | 9 +- fs/gfs2/bmap.c | 5 +- fs/nfs/client.c | 5 +- fs/nfs/inode.c | 13 +- fs/nfs/internal.h | 2 - fs/nfs/netns.h | 2 + fs/nfsd/cache.h | 2 - fs/nfsd/netns.h | 21 ++- fs/nfsd/nfs4callback.c | 97 ++++++++++- fs/nfsd/nfs4proc.c | 6 +- fs/nfsd/nfs4state.c | 3 +- fs/nfsd/nfs4xdr.c | 2 +- fs/nfsd/nfscache.c | 40 +---- fs/nfsd/nfsctl.c | 14 +- fs/nfsd/nfsfh.c | 3 +- fs/nfsd/state.h | 14 ++ fs/nfsd/stats.c | 43 ++--- fs/nfsd/stats.h | 62 +++---- fs/nfsd/vfs.c | 6 +- fs/nfsd/xdr4cb.h | 18 ++ fs/proc/task_mmu.c | 24 +-- fs/smb/client/cifsglob.h | 1 + fs/smb/client/connect.c | 8 + fs/smb/client/fs_context.c | 21 +++ fs/smb/client/fs_context.h | 2 + fs/smb/client/misc.c | 1 + fs/smb/client/smb2pdu.c | 11 ++ fs/smb/server/oplock.c | 35 ++-- fs/smb/server/transport_tcp.c | 4 + fs/tracefs/event_inode.c | 45 +++-- fs/tracefs/inode.c | 92 +++++++++- fs/tracefs/internal.h | 7 +- fs/userfaultfd.c | 4 + fs/vboxsf/file.c | 1 + include/linux/compiler_types.h | 11 ++ include/linux/dma-fence.h | 7 - include/linux/gfp_types.h | 2 + include/linux/hyperv.h | 1 + include/linux/pci_ids.h | 2 + include/linux/regmap.h | 8 + include/linux/regulator/consumer.h | 4 +- include/linux/skbuff.h | 15 ++ include/linux/skmsg.h | 2 + include/linux/slab.h | 4 +- include/linux/sockptr.h | 25 +++ include/linux/sunrpc/clnt.h | 1 + include/net/gro.h | 9 + include/net/xfrm.h | 3 + include/sound/emu10k1.h | 3 +- include/trace/events/rxrpc.h | 2 +- include/uapi/linux/kfd_ioctl.h | 17 +- include/uapi/scsi/scsi_bsg_mpi3mr.h | 2 +- kernel/bpf/bloom_filter.c | 13 ++ kernel/bpf/verifier.c | 3 +- kernel/dma/swiotlb.c | 1 + kernel/workqueue.c | 8 +- lib/Kconfig.debug | 5 +- lib/dynamic_debug.c | 6 +- lib/maple_tree.c | 16 +- lib/scatterlist.c | 2 +- mm/readahead.c | 4 + mm/slub.c | 52 +++--- net/8021q/vlan_core.c | 2 + net/bluetooth/hci_core.c | 3 +- net/bluetooth/hci_event.c | 2 + net/bluetooth/l2cap_core.c | 3 + net/bluetooth/msft.c | 2 +- net/bluetooth/msft.h | 4 +- net/bluetooth/sco.c | 4 + net/bridge/br_forward.c | 9 +- net/bridge/br_netlink.c | 3 +- net/core/filter.c | 42 +++-- net/core/gro.c | 1 + net/core/link_watch.c | 4 +- net/core/net-sysfs.c | 4 +- net/core/net_namespace.c | 13 +- net/core/rtnetlink.c | 6 +- net/core/skbuff.c | 27 ++- net/core/skmsg.c | 5 +- net/core/sock.c | 4 +- net/hsr/hsr_device.c | 31 ++-- net/ipv4/af_inet.c | 1 + net/ipv4/ip_output.c | 2 +- net/ipv4/raw.c | 3 + net/ipv4/tcp.c | 4 +- net/ipv4/tcp_input.c | 2 + net/ipv4/tcp_ipv4.c | 8 +- net/ipv4/tcp_output.c | 4 +- net/ipv4/udp.c | 3 +- net/ipv4/udp_offload.c | 15 +- net/ipv4/xfrm4_input.c | 6 +- net/ipv6/addrconf.c | 11 +- net/ipv6/fib6_rules.c | 6 +- net/ipv6/ip6_input.c | 4 +- net/ipv6/ip6_offload.c | 1 + net/ipv6/ip6_output.c | 4 +- net/ipv6/udp.c | 3 +- net/ipv6/udp_offload.c | 3 +- net/ipv6/xfrm6_input.c | 6 +- net/l2tp/l2tp_eth.c | 3 + net/mac80211/ieee80211_i.h | 4 +- net/mac80211/mlme.c | 5 +- net/mptcp/ctrl.c | 39 ++++- net/mptcp/protocol.c | 3 + net/nfc/llcp_sock.c | 12 +- net/nfc/nci/core.c | 1 + net/nsh/nsh.c | 14 +- net/phonet/pn_netlink.c | 2 +- net/rxrpc/ar-internal.h | 2 +- net/rxrpc/call_object.c | 7 +- net/rxrpc/conn_event.c | 16 +- net/rxrpc/conn_object.c | 9 +- net/rxrpc/input.c | 71 +++++--- net/rxrpc/output.c | 14 +- net/rxrpc/protocol.h | 6 +- net/smc/smc_ib.c | 19 ++- net/sunrpc/clnt.c | 5 +- net/sunrpc/xprtsock.c | 1 + net/tipc/msg.c | 8 +- net/wireless/nl80211.c | 2 + net/wireless/trace.h | 2 +- net/xfrm/xfrm_input.c | 8 + rust/macros/module.rs | 185 +++++++++++++-------- scripts/Makefile.modfinal | 2 +- security/keys/key.c | 3 +- sound/hda/intel-sdw-acpi.c | 2 + sound/oss/dmasound/dmasound_paula.c | 8 +- sound/pci/emu10k1/emu10k1.c | 3 +- sound/pci/emu10k1/emu10k1_main.c | 139 +++++++++------- sound/pci/hda/patch_realtek.c | 25 ++- sound/soc/codecs/es8326.c | 30 ++-- sound/soc/codecs/es8326.h | 2 +- sound/soc/codecs/wsa881x.c | 1 + sound/soc/intel/avs/topology.c | 2 + sound/soc/meson/Kconfig | 1 + sound/soc/meson/axg-card.c | 1 + sound/soc/meson/axg-fifo.c | 56 ++++--- sound/soc/meson/axg-fifo.h | 12 +- sound/soc/meson/axg-frddr.c | 5 +- sound/soc/meson/axg-tdm-interface.c | 34 ++-- sound/soc/meson/axg-toddr.c | 22 ++- sound/soc/sof/intel/hda-dsp.c | 20 ++- sound/soc/sof/intel/pci-lnl.c | 3 + sound/soc/tegra/tegra186_dspk.c | 7 +- sound/soc/ti/davinci-mcasp.c | 12 +- sound/usb/line6/driver.c | 6 +- tools/include/linux/kernel.h | 1 + tools/include/linux/mm.h | 5 + tools/include/linux/panic.h | 19 +++ tools/power/x86/turbostat/turbostat.8 | 2 +- tools/power/x86/turbostat/turbostat.c | 163 +++++++++++++----- .../selftests/bpf/prog_tests/bloom_filter_map.c | 6 + .../ftrace/test.d/filter/event-filter-function.tc | 2 +- tools/testing/selftests/mm/Makefile | 6 +- .../selftests/net/test_bridge_neigh_suppress.sh | 14 +- tools/testing/selftests/timers/valid-adjtimex.c | 73 ++++---- 377 files changed, 3373 insertions(+), 1845 deletions(-)

1 year, 4 months

9
8
0 0

[PATCH 5.10 000/111] 5.10.217-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.217 release. There are 111 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 16 May 2024 10:09:32 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.217-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.217-rc1 Johan Hovold <johan+linaro(a)kernel.org> regulator: core: fix debugfs creation regression Lakshmi Yadlapati <lakshmiy(a)us.ibm.com> hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> net: fix out-of-bounds access in ops_init Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix invalid reads in fence signaled events Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add lunar lake point M DID Jim Cromie <jim.cromie(a)gmail.com> dyndbg: fix old BUG_ON in >control parser Sameer Pujar <spujar(a)nvidia.com> ASoC: tegra: Fix DSPK 16-bit playback Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() Paolo Abeni <pabeni(a)redhat.com> tipc: fix UAF in error path Hans de Goede <hdegoede(a)redhat.com> iio: accel: mxc4005: Interrupt handling fixes Ramona Gradinariu <ramona.bolboaca13(a)gmail.com> iio:imu: adis16475: Fix sync mode setting Aman Dhoot <amandhoot12(a)gmail.com> ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: core: Prevent phy suspend during init Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: xhci-plat: Don't include xhci.h Chris Wulff <Chris.Wulff(a)biamp.com> usb: gadget: f_fs: Fix a race condition when processing setup packets. Peter Korsgaard <peter(a)korsgaard.com> usb: gadget: composite: fix OS descriptors w_value logic Guenter Roeck <linux(a)roeck-us.net> usb: ohci: Prevent missed ohci interrupts Alan Stern <stern(a)rowland.harvard.edu> usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Fix connector check on init Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Check for notifications after init Rob Herring <robh(a)kernel.org> arm64: dts: qcom: Fix 'interrupt-map' parent address cells Thanassis Avgerinos <thanassis.avgerinos(a)gmail.com> firewire: nosy: ensure user_length is taken into account when fetching packet contents Dmitry Antipov <dmantipov(a)yandex.ru> btrfs: fix kvcalloc() arguments order in btrfs_ioctl_send() Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: use appropriate barrier function after setting a bit value Eric Dumazet <edumazet(a)google.com> ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() Felix Fietkau <nbd(a)nbd.name> net: bridge: fix corrupted ethernet header on multicast-to-unicast Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> kcov: Remove kcov include from sched.h and move it to its users. Eric Dumazet <edumazet(a)google.com> phonet: fix rtm_phonet_notify() skb allocation Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use a separate buffer for sending commands Roded Zats <rzats(a)paloaltonetworks.com> rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Eric Dumazet <edumazet(a)google.com> tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets Paul Davey <paul.davey(a)alliedtelesis.co.nz> xfrm: Preserve vlan tags for transport mode software GRO Neil Armstrong <narmstrong(a)baylibre.com> ASoC: meson: axg-tdm-interface: Fix formatters in trigger" Neil Armstrong <narmstrong(a)baylibre.com> ASoC: meson: axg-card: Fix nonatomic links Vanillan Wang <vanillanwang(a)163.com> net:usb:qmi_wwan: support Rolling modules Lyude Paul <lyude(a)redhat.com> drm/nouveau/dp: Don't probe eDP ports twice harder Joakim Sindholt <opensource(a)zhasha.com> fs/9p: drop inodes immediately on non-.L too Stephen Boyd <sboyd(a)kernel.org> clk: Don't hold prepare_lock when calling kref_put() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: crystalcove: Use -ENOTSUPP consistently Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: wcove: Use -ENOTSUPP consistently Jeff Layton <jlayton(a)kernel.org> 9p: explicitly deny setlease attempts Joakim Sindholt <opensource(a)zhasha.com> fs/9p: translate O_TRUNC into OTRUNC Joakim Sindholt <opensource(a)zhasha.com> fs/9p: only translate RWX permissions for plain 9P2000 John Stultz <jstultz(a)google.com> selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: scall: Save thread_info.syscall unconditionally on entry Thierry Reding <treding(a)nvidia.com> gpu: host1x: Do not setup DMA for virtual devices Rik van Riel <riel(a)surriel.com> blk-iocost: avoid out of bounds shift Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix SELinux error when systemd-modules loads the target module Boris Burkov <boris(a)bur.io> btrfs: always clear PERTRANS metadata during commit Boris Burkov <boris(a)bur.io> btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve Peng Liu <liupeng17(a)lenovo.com> tools/power turbostat: Fix Bzy_MHz documentation typo Doug Smythies <dsmythies(a)telus.net> tools/power turbostat: Fix added raw MSR output Adam Goldman <adamg(a)pobox.com> firewire: ohci: mask bus reset interrupts between ISR and bottom half Chen Ni <nichen(a)iscas.ac.cn> ata: sata_gemini: Check clk_enable() result Phil Elwell <phil(a)raspberrypi.com> net: bcmgenet: Reset RBUF on first open Takashi Iwai <tiwai(a)suse.de> ALSA: line6: Zero-initialize message buffers Anand Jain <anand.jain(a)oracle.com> btrfs: return accurate error code on open failure in open_fs_devices() Saurav Kashyap <skashyap(a)marvell.com> scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload linke li <lilinke99(a)qq.com> net: mark racy access on sk->sk_rcvbuf Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> wifi: cfg80211: fix rdev_dump_mpp() arguments order Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc Andrew Price <anprice(a)redhat.com> gfs2: Fix invalid metadata access in punch_hole Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() Marc Zyngier <maz(a)kernel.org> KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id Jernej Skrabec <jernej.skrabec(a)gmail.com> clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change Richard Gobert <richardbgobert(a)gmail.com> net: gro: add flush check in udp_gro_receive_segment Xin Long <lucien.xin(a)gmail.com> tipc: fix a possible memleak in tipc_buf_append Felix Fietkau <nbd(a)nbd.name> net: core: reject skb_copy(_expand) for fraglist GSO skbs Felix Fietkau <nbd(a)nbd.name> net: bridge: fix multicast-to-unicast with fraglist GSO Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> cxgb4: Properly lock TX queue for the selftest. Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: cards: select SND_DYNAMIC_MINORS Geert Uytterhoeven <geert(a)linux-m68k.org> ASoC: Fix 7/8 spaces indentation in Kconfig Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-tdm-interface: manage formatters in trigger Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-card: make links nonatomic Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_actions() Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flow_spec Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flower Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() Jens Remus <jremus(a)linux.ibm.com> s390/vdso: Add CFI for RA register to asm macro vdso_func David Bauer <mail(a)david-bauer.net> net l2tp: drop flow hash on forward Kuniyuki Iwashima <kuniyu(a)amazon.com> nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). Bui Quang Minh <minhquangbui99(a)gmail.com> octeontx2-af: avoid off-by-one read from userspace Bui Quang Minh <minhquangbui99(a)gmail.com> bna: ensure the copied buf is NUL terminated Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix clearing storage keys for huge pages Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix storage key clearing for guest huge pages AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> regulator: mt6360: De-capitalize devicetree regulator subnodes Zeng Heng <zengheng4(a)huawei.com> pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() Arnd Bergmann <arnd(a)arndb.de> power: rt9455: hide unused rt9455_boost_voltage_values Kuniyuki Iwashima <kuniyu(a)amazon.com> nfs: Handle error of rpc_proc_register() in nfs_net_init(). Josef Bacik <josef(a)toxicpanda.com> nfs: make the rpc_stat per net namespace Josef Bacik <josef(a)toxicpanda.com> nfs: expose /proc/net/sunrpc/nfs in net namespaces Josef Bacik <josef(a)toxicpanda.com> sunrpc: add a struct rpc_stats arg to rpc_create_args Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Rework mtk_pinconf_{get,set} switch/case logic Dan Carpenter <dan.carpenter(a)linaro.org> pinctrl: core: delete incorrect free in pinctrl_enable() Jan Dakinevich <jan.dakinevich(a)salutedevices.com> pinctrl/meson: fix typo in PDM's pin name Billy Tsai <billy_tsai(a)aspeedtech.com> pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T Daniel Okazaki <dtokazaki(a)google.com> eeprom: at24: fix memory corruption race condition Heiner Kallweit <hkallweit1(a)gmail.com> eeprom: at24: Probe for DDR3 thermal sensor in the SPD case Alexander Stein <alexander.stein(a)ew.tq-group.com> eeprom: at24: Use dev_err_probe for nvmem register failure Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: don't free NULL coalescing rule Vinod Koul <vkoul(a)kernel.org> dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state" Bumyong Lee <bumyong.lee(a)samsung.com> dmaengine: pl330: issue_pending waits until WFP state ------------- Diffstat: Makefile | 4 +- arch/arm64/boot/dts/qcom/msm8998.dtsi | 8 +- arch/arm64/boot/dts/qcom/sdm845.dtsi | 16 +- arch/arm64/kvm/vgic/vgic-kvm-device.c | 12 +- arch/mips/include/asm/ptrace.h | 2 +- arch/mips/kernel/asm-offsets.c | 1 + arch/mips/kernel/ptrace.c | 15 +- arch/mips/kernel/scall32-o32.S | 23 +-- arch/mips/kernel/scall64-n32.S | 3 +- arch/mips/kernel/scall64-n64.S | 3 +- arch/mips/kernel/scall64-o32.S | 33 ++-- arch/s390/include/asm/dwarf.h | 1 + arch/s390/kernel/vdso64/vdso_user_wrapper.S | 2 + arch/s390/mm/gmap.c | 2 +- arch/s390/mm/hugetlbpage.c | 2 +- block/blk-iocost.c | 7 +- drivers/ata/sata_gemini.c | 5 +- drivers/clk/clk.c | 12 +- drivers/clk/sunxi-ng/ccu-sun50i-h6.c | 19 ++- drivers/firewire/nosy.c | 6 +- drivers/firewire/ohci.c | 6 +- drivers/gpio/gpio-crystalcove.c | 2 +- drivers/gpio/gpio-wcove.c | 2 +- drivers/gpu/drm/nouveau/nouveau_dp.c | 13 +- drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 +- drivers/gpu/host1x/bus.c | 8 - drivers/hwmon/corsair-cpro.c | 43 +++-- drivers/hwmon/pmbus/ucd9000.c | 6 +- drivers/iio/accel/mxc4005.c | 24 ++- drivers/iio/imu/adis16475.c | 4 +- drivers/misc/eeprom/at24.c | 46 +++++- drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/net/dsa/mv88e6xxx/chip.c | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 20 ++- drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 4 +- drivers/net/ethernet/chelsio/cxgb4/sge.c | 6 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 3 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 3 +- .../ethernet/marvell/octeontx2/af/rvu_debugfs.c | 4 +- drivers/net/ethernet/qlogic/qede/qede_filter.c | 14 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/pinctrl/aspeed/pinctrl-aspeed-g6.c | 34 ++-- drivers/pinctrl/core.c | 8 +- drivers/pinctrl/devicetree.c | 10 +- drivers/pinctrl/mediatek/pinctrl-paris.c | 180 +++++++++------------ drivers/pinctrl/meson/pinctrl-meson-a1.c | 6 +- drivers/power/supply/rt9455_charger.c | 2 + drivers/regulator/core.c | 27 ++-- drivers/regulator/mt6360-regulator.c | 32 ++-- drivers/scsi/bnx2fc/bnx2fc_tgt.c | 2 - drivers/scsi/lpfc/lpfc.h | 1 - drivers/scsi/lpfc/lpfc_scsi.c | 13 +- drivers/target/target_core_configfs.c | 12 ++ drivers/usb/core/hub.c | 5 +- drivers/usb/dwc3/core.c | 90 +++++------ drivers/usb/dwc3/core.h | 1 + drivers/usb/dwc3/gadget.c | 2 + drivers/usb/dwc3/host.c | 27 ++++ drivers/usb/gadget/composite.c | 6 +- drivers/usb/gadget/function/f_fs.c | 2 +- drivers/usb/host/ohci-hcd.c | 8 + drivers/usb/host/xhci-plat.h | 4 +- drivers/usb/typec/ucsi/ucsi.c | 12 +- drivers/usb/usbip/usbip_common.h | 1 + fs/9p/vfs_file.c | 2 + fs/9p/vfs_inode.c | 5 +- fs/9p/vfs_super.c | 1 + fs/btrfs/inode.c | 2 +- fs/btrfs/send.c | 4 +- fs/btrfs/transaction.c | 2 +- fs/btrfs/volumes.c | 17 +- fs/gfs2/bmap.c | 5 +- fs/nfs/client.c | 5 +- fs/nfs/inode.c | 13 +- fs/nfs/internal.h | 2 - fs/nfs/netns.h | 2 + include/linux/kcov.h | 1 + include/linux/sched.h | 1 - include/linux/skbuff.h | 15 ++ include/linux/sunrpc/clnt.h | 1 + include/net/xfrm.h | 3 + lib/dynamic_debug.c | 6 +- net/bluetooth/l2cap_core.c | 3 + net/bluetooth/sco.c | 4 + net/bridge/br_forward.c | 9 +- net/core/net_namespace.c | 13 +- net/core/rtnetlink.c | 2 +- net/core/skbuff.c | 28 +++- net/core/sock.c | 4 +- net/ipv4/tcp.c | 4 +- net/ipv4/tcp_input.c | 2 + net/ipv4/tcp_ipv4.c | 8 +- net/ipv4/tcp_output.c | 4 +- net/ipv4/udp_offload.c | 12 +- net/ipv4/xfrm4_input.c | 6 +- net/ipv6/fib6_rules.c | 6 +- net/ipv6/xfrm6_input.c | 6 +- net/l2tp/l2tp_eth.c | 3 + net/mac80211/ieee80211_i.h | 4 +- net/mac80211/iface.c | 1 + net/mac80211/rx.c | 1 + net/nsh/nsh.c | 14 +- net/phonet/pn_netlink.c | 2 +- net/sunrpc/clnt.c | 5 +- net/tipc/msg.c | 8 +- net/wireless/nl80211.c | 2 + net/wireless/trace.h | 2 +- net/xfrm/xfrm_input.c | 8 + sound/pci/hda/patch_realtek.c | 1 + sound/soc/codecs/Kconfig | 18 +-- sound/soc/generic/Kconfig | 2 +- sound/soc/intel/boards/Kconfig | 2 +- sound/soc/meson/Kconfig | 3 +- sound/soc/pxa/Kconfig | 14 +- sound/soc/tegra/tegra186_dspk.c | 7 +- sound/usb/line6/driver.c | 6 +- tools/power/x86/turbostat/turbostat.8 | 2 +- tools/power/x86/turbostat/turbostat.c | 7 +- tools/testing/selftests/timers/valid-adjtimex.c | 73 +++++---- 120 files changed, 754 insertions(+), 509 deletions(-)

1 year, 4 months

6
119
0 0

[PATCH 6.8 000/340] 6.8.10-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.8.10 release. There are 340 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 17 May 2024 08:23:27 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.8.10-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.8.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.8.10-rc2 Silvio Gissi <sifonsec(a)amazon.com> keys: Fix overwrite of key expiration on instantiation Nikhil Rao <nikhil.rao(a)intel.com> dmaengine: idxd: add a write() method for applications to submit work Arjan van de Ven <arjan(a)linux.intel.com> dmaengine: idxd: add a new security check to deal with a hardware erratum Arjan van de Ven <arjan(a)linux.intel.com> VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix firmware check error path Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix info leak when fetching fw build id Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix info leak when fetching board id Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: generalise device address check Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix NVM configuration parsing Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: add missing firmware sanity checks Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix wcn3991 device address check Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix invalid device address check Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Do not treat events directory different than other directories Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Do not differentiate the toplevel events directory Steven Rostedt (Google) <rostedt(a)goodmis.org> tracefs: Still use mount point as default permissions for instances Steven Rostedt (Google) <rostedt(a)goodmis.org> tracefs: Reset permissions on remount if permissions are options Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: do not grant v2 lease if parent lease key and epoch are not set Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: avoid to send duplicate lease break notifications Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: off ipv6only for both ipv4/ipv6 binding Conor Dooley <conor.dooley(a)microchip.com> spi: microchip-core-qspi: fix setting spi bus clock rate Johan Hovold <johan+linaro(a)kernel.org> regulator: core: fix debugfs creation regression Sean Anderson <sean.anderson(a)linux.dev> nvme-pci: Add quirk for broken MSIs Ryan Roberts <ryan.roberts(a)arm.com> fs/proc/task_mmu: fix uffd-wp confusion in pagemap_scan_pmd_entry() Ryan Roberts <ryan.roberts(a)arm.com> fs/proc/task_mmu: fix loss of young/dirty bits during pagemap scan Vasant Hegde <vasant.hegde(a)amd.com> iommu/amd: Enhance def_domain_type to handle untrusted device Peter Xu <peterx(a)redhat.com> mm/userfaultfd: reset ptes when close() for wr-protected ones Kefeng Wang <wangkefeng.wang(a)huawei.com> mm: use memalloc_nofs_save() in page_cache_ra_order() Michael Ellerman <mpe(a)ellerman.id.au> selftests/mm: fix powerpc ARCH check Thomas Gleixner <tglx(a)linutronix.de> x86/apic: Don't access the APIC when disabling x2APIC Thomas Weißschuh <linux(a)weissschuh.net> misc/pvpanic-pci: register attributes via pci_driver Lakshmi Yadlapati <lakshmiy(a)us.ibm.com> hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> net: fix out-of-bounds access in ops_init Jason Gunthorpe <jgg(a)ziepe.ca> iommu/arm-smmu: Use the correct type in nvidia_smmu_context_fault() Volodymyr Babchuk <Volodymyr_Babchuk(a)epam.com> arm64: dts: qcom: sa8155p-adp: fix SDHC2 CD pin configuration Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Fix incorrect DSC instance for MST George Shen <george.shen(a)amd.com> drm/amd/display: Handle Y carry-over in VCP X.Y calculation Karthikeyan Ramasubramanian <kramasub(a)chromium.org> drm/i915/bios: Fix parsing backlight BDB data Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Automate CCS Mode setting during engine resets Chaitanya Kumar Borah <chaitanya.kumar.borah(a)intel.com> drm/i915/audio: Fix audio time stamp programming for DP Lyude Paul <lyude(a)redhat.com> drm/nouveau/gsp: Use the sg allocator for level 2 of radix3 Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Fix idle optimization checks for multi-display and dual eDP Matt Coster <matt.coster(a)imgtec.com> drm/imagination: Ensure PVR_MIPS_PT_PAGE_COUNT is never zero Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix invalid reads in fence signaled events Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Fix Legacy Display Unit Zack Rusin <zack.rusin(a)broadcom.com> drm/ttm: Print the memory decryption status just once Alex Deucher <alexander.deucher(a)amd.com> drm/amdkfd: don't allow mapping the MMIO HDP page with large pages Dave Airlie <airlied(a)redhat.com> Revert "drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()" Lyude Paul <lyude(a)redhat.com> drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor() Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add lunar lake point M DID Frank Oltmanns <frank(a)oltmanns.dev> clk: sunxi-ng: a64: Set minimum and maximum rate for PLL-MIPI Frank Oltmanns <frank(a)oltmanns.dev> clk: sunxi-ng: common: Support minimum and maximum rate Marek Szyprowski <m.szyprowski(a)samsung.com> clk: samsung: Revert "clk: Use device_get_match_data()" Viken Dadhaniya <quic_vdadhani(a)quicinc.com> slimbus: qcom-ngd-ctrl: Add timeout for wait operation Jim Cromie <jim.cromie(a)gmail.com> dyndbg: fix old BUG_ON in >control parser Joao Paulo Goncalves <joao.goncalves(a)toradex.com> ASoC: ti: davinci-mcasp: Fix race condition during probe Sameer Pujar <spujar(a)nvidia.com> ASoC: tegra: Fix DSPK 16-bit playback Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize UMAC_CMD access Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access Max Filippov <jcmvbkbc(a)gmail.com> xtensa: fix MAKE_PC_FROM_RA second argument Paolo Abeni <pabeni(a)redhat.com> tipc: fix UAF in error path Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: change usleep_range to udelay in PHY mdic access Alexander Potapenko <glider(a)google.com> kmsan: compiler_types: declare __no_sanitize_or_inline Hans de Goede <hdegoede(a)redhat.com> iio: accel: mxc4005: Reset chip on probe() and resume() Hans de Goede <hdegoede(a)redhat.com> iio: accel: mxc4005: Interrupt handling fixes Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: pressure: Fixes SPI support for BMP3xx devices Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: pressure: Fixes BME280 SPI driver data Ramona Gradinariu <ramona.bolboaca13(a)gmail.com> iio:imu: adis16475: Fix sync mode setting Javier Carrasco <javier.carrasco.cruz(a)gmail.com> dt-bindings: iio: health: maxim,max30102: fix compatible check Sven Schnelle <svens(a)linux.ibm.com> workqueue: Fix selection of wake_cpu in kick_pool() Gregory Detal <gregory.detal(a)gmail.com> mptcp: only allow set existing scheduler for net.mptcp.scheduler Paolo Abeni <pabeni(a)redhat.com> mptcp: ensure snd_nxt is properly initialized on connect Dan Carpenter <dan.carpenter(a)linaro.org> mm/slab: make __free(kfree) accept error pointers Liam R. Howlett <Liam.Howlett(a)oracle.com> maple_tree: fix mas_empty_area_rev() null pointer dereference Josef Bacik <josef(a)toxicpanda.com> btrfs: make sure that WRITTEN is set on all metadata blocks Qu Wenruo <wqu(a)suse.com> btrfs: qgroup: do not check qgroup inherit if qgroup is disabled Qu Wenruo <wqu(a)suse.com> btrfs: set correct ram_bytes when splitting ordered extent Dominique Martinet <dominique.martinet(a)atmark-techno.com> btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() Nicolas Bouchinet <nicolas.bouchinet(a)ssi.gouv.fr> mm/slub: avoid zeroing outside-object freepointer for single free Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: ohci: fulfill timestamp for some local asynchronous transaction Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Fix conflicting PCI SSID 17aa:386f for Lenovo Legion models Aman Dhoot <amandhoot12(a)gmail.com> ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU Badhri Jagan Sridharan <badhri(a)google.com> usb: typec: tcpm: Check for port partner validity before consuming it Amit Sunil Dhamne <amitsd(a)google.com> usb: typec: tcpm: unregister existing source caps before re-registration RD Babiera <rdbabiera(a)google.com> usb: typec: tcpm: clear pd_event queue in PORT_RESET Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: core: Prevent phy suspend during init Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: xhci-plat: Don't include xhci.h Chris Wulff <Chris.Wulff(a)biamp.com> usb: gadget: f_fs: Fix a race condition when processing setup packets. Wesley Cheng <quic_wcheng(a)quicinc.com> usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete Ivan Avdeev <me(a)provod.works> usb: gadget: uvc: use correct buffer size when parsing configfs lists Peter Korsgaard <peter(a)korsgaard.com> usb: gadget: composite: fix OS descriptors w_value logic Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix access violation during port device removal Guenter Roeck <linux(a)roeck-us.net> usb: ohci: Prevent missed ohci interrupts Alan Stern <stern(a)rowland.harvard.edu> usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Fix connector check on init Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Check for notifications after init Linus Torvalds <torvalds(a)linux-foundation.org> Reapply "drm/qxl: simplify qxl_fence_wait" Thanassis Avgerinos <thanassis.avgerinos(a)gmail.com> firewire: nosy: ensure user_length is taken into account when fetching packet contents Christian König <christian.koenig(a)amd.com> drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 Michel Dänzer <mdaenzer(a)redhat.com> drm/amdgpu: Fix comparison in amdgpu_res_cpu_visible Gabe Teeger <gabe.teeger(a)amd.com> drm/amd/display: Atom Integrated System Info v2_2 for DCN35 Kent Gibson <warthog618(a)gmail.com> gpiolib: cdev: fix uninitialised kfifo Zhongqiu Han <quic_zhonhan(a)quicinc.com> gpiolib: cdev: Fix use after free in lineinfo_changed_notify Mario Limonciello <mario.limonciello(a)amd.com> dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users Douglas Anderson <dianders(a)chromium.org> drm/connector: Add \n to message about demoting connector force-probes Jerome Brunet <jbrunet(a)baylibre.com> drm/meson: dw-hdmi: add bandgap setting for g12 Jerome Brunet <jbrunet(a)baylibre.com> drm/meson: dw-hdmi: power up phy on device init Steffen Bätz <steffen(a)innosonix.de> net: dsa: mv88e6xxx: add phylink_get_caps for the mv88e6320/21 family Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix kernel crash when devlink reload during initialization Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix port vlan filter not disabled issue Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: use appropriate barrier function after setting a bit value Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: release PTP resources if pf initialization failed Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: change type of numa_node_mask as nodemask_t Jian Shen <shenjian15(a)huawei.com> net: hns3: direct return when receive a unknown mailbox message Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: using user configure after hardware reset Wen Gu <guwen(a)linux.alibaba.com> net/smc: fix neighbour and rtable leak in smc_ib_find_route() Eric Dumazet <edumazet(a)google.com> ipv6: prevent NULL dereference in ip6_output() Eric Dumazet <edumazet(a)google.com> ipv6: annotate data-races around cnf.disable_ipv6 Lukasz Majewski <lukma(a)denx.de> hsr: Simplify code for announcing HSR nodes timer setup Eric Dumazet <edumazet(a)google.com> net-sysfs: convert dev->operstate reads to lockless ones Eric Dumazet <edumazet(a)google.com> ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() Daniel Golle <daniel(a)makrotopia.org> dt-bindings: net: mediatek: remove wrongly added clocks and SerDes David Howells <dhowells(a)redhat.com> rxrpc: Only transmit one ACK per jumbo packet received David Howells <dhowells(a)redhat.com> rxrpc: Fix congestion control algorithm David Howells <dhowells(a)redhat.com> rxrpc: Fix the names of the fields in the ACK trailer struct Ido Schimmel <idosch(a)nvidia.com> selftests: test_bridge_neigh_suppress.sh: Fix failures due to duplicate MAC Shigeru Yoshida <syoshida(a)redhat.com> ipv6: Fix potential uninit-value access in __ip6_make_skb() Felix Fietkau <nbd(a)nbd.name> net: bridge: fix corrupted ethernet header on multicast-to-unicast Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> nfc: nci: Fix kcov check in nci_rx_work() Donald Hunter <donald.hunter(a)gmail.com> netlink: specs: Add missing bridge linkinfo attrs Eric Dumazet <edumazet(a)google.com> phonet: fix rtm_phonet_notify() skb allocation Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use a separate buffer for sending commands Roded Zats <rzats(a)paloaltonetworks.com> rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Marek Vasut <marex(a)denx.de> net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout Sungwoo Kim <iam(a)sung-woo.kim> Bluetooth: HCI: Fix potential null-ptr-deref Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183-pico6: Fix bluetooth node Sungwoo Kim <iam(a)sung-woo.kim> Bluetooth: msft: fix slab-use-after-free in msft_do_close() Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Eric Dumazet <edumazet(a)google.com> tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets Boy.Wu <boy.wu(a)mediatek.com> ARM: 9381/1: kasan: clear stale stack poison Paul Davey <paul.davey(a)alliedtelesis.co.nz> xfrm: Preserve vlan tags for transport mode software GRO Al Viro <viro(a)zeniv.linux.org.uk> qibfs: fix dentry leak Olga Kornievskaia <kolga(a)netapp.com> SUNRPC: add a missing rpc_stat for TCP TLS Li Nan <linan122(a)huawei.com> blk-iocost: do not WARN if iocg was already offlined Vanillan Wang <vanillanwang(a)163.com> net:usb:qmi_wwan: support Rolling modules Alex Deucher <alexander.deucher(a)amd.com> drm/radeon: silence UBSAN warning (v3) Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> platform/x86: ISST: Add Granite Rapids-D to HPM CPU list Mario Limonciello <mario.limonciello(a)amd.com> platform/x86/amd: pmf: Decrease error message to debug Lyude Paul <lyude(a)redhat.com> drm/nouveau/dp: Don't probe eDP ports twice harder Krzysztof Kozlowski <krzk(a)kernel.org> gpio: lpc32xx: fix module autoloading Joakim Sindholt <opensource(a)zhasha.com> fs/9p: drop inodes immediately on non-.L too Eric Van Hensbergen <ericvh(a)kernel.org> fs/9p: remove erroneous nlink init from legacy stat2inode Stephen Boyd <sboyd(a)kernel.org> clk: Don't hold prepare_lock when calling kref_put() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: crystalcove: Use -ENOTSUPP consistently Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: wcove: Use -ENOTSUPP consistently Michael Ellerman <mpe(a)ellerman.id.au> powerpc/crypto/chacha-p10: Fix failure on non Power10 Jeff Layton <jlayton(a)kernel.org> 9p: explicitly deny setlease attempts Joakim Sindholt <opensource(a)zhasha.com> fs/9p: fix the cache always being enabled on files with qid flags Joakim Sindholt <opensource(a)zhasha.com> fs/9p: translate O_TRUNC into OTRUNC Joakim Sindholt <opensource(a)zhasha.com> fs/9p: only translate RWX permissions for plain 9P2000 Krzysztof Kozlowski <krzk(a)kernel.org> iommu: mtk: fix module autoloading Steve French <stfrench(a)microsoft.com> smb3: fix broken reconnect when password changing on the server by allowing password rotation Ashutosh Dixit <ashutosh.dixit(a)intel.com> drm/xe: Label RING_CONTEXT_CONTROL as masked Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> drm/xe/xe_migrate: Cast to output precision before multiplying operands Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted Rick Edgecombe <rick.p.edgecombe(a)intel.com> uio_hv_generic: Don't free decrypted memory Rick Edgecombe <rick.p.edgecombe(a)intel.com> hv_netvsc: Don't free decrypted memory Rick Edgecombe <rick.p.edgecombe(a)intel.com> Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl Rick Edgecombe <rick.p.edgecombe(a)intel.com> Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails John Stultz <jstultz(a)google.com> selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior Zhigang Luo <Zhigang.Luo(a)amd.com> amd/amdkfd: sync all devices to wait all processes being evicted Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Fix VCN allocation in CPX partition Kenneth Feng <kenneth.feng(a)amd.com> drm/amd/pm: fix the high voltage issue after unload Alex Hung <alex.hung(a)amd.com> drm/amd/display: Skip on writeback when it's not applicable Tao Zhou <tao.zhou1(a)amd.com> drm/amdgpu: implement IRQ_STATE_ENABLE for SDMA v4.4.2 Yifan Zhang <yifan1.zhang(a)amd.com> drm/amdgpu: add smu 14.0.1 discovery support Li Ma <li.ma(a)amd.com> drm/amd/display: add DCN 351 version for microcode load Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Refine IB schedule error logging Eric Dumazet <edumazet(a)google.com> nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies Eric Dumazet <edumazet(a)google.com> net: add copy_safe_from_sockptr() helper Justin Ernst <justin.ernst(a)hpe.com> tools/power/turbostat: Fix uncore frequency file string Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: scall: Save thread_info.syscall unconditionally on entry Thierry Reding <treding(a)nvidia.com> gpu: host1x: Do not setup DMA for virtual devices Bernhard Rosenkränzer <bero(a)baylibre.com> platform/x86: acer-wmi: Add support for Acer PH18-71 Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Fix missed error message after VPU rename Wachowski, Karol <karol.wachowski(a)intel.com> accel/ivpu: Improve clarity of MMU error messages Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Remove d3hot_after_power_off WA Rik van Riel <riel(a)surriel.com> blk-iocost: avoid out of bounds shift Xiang Chen <chenxiang66(a)hisilicon.com> scsi: hisi_sas: Handle the NCQ error returned by D2H frame Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix SELinux error when systemd-modules loads the target module Kees Cook <keescook(a)chromium.org> nouveau/gsp: Avoid addressing beyond end of rpc->entries Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `BIT' Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `panic' Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `early_pfn_to_nid' Boris Burkov <boris(a)bur.io> btrfs: always clear PERTRANS metadata during commit Boris Burkov <boris(a)bur.io> btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve Len Brown <len.brown(a)intel.com> tools/power turbostat: Fix warning upon failed /dev/cpu_dma_latency read Patryk Wlazlyn <patryk.wlazlyn(a)linux.intel.com> tools/power turbostat: Print ucode revision only if valid Len Brown <len.brown(a)intel.com> tools/power turbostat: Expand probe_intel_uncore_frequency() Chen Yu <yu.c.chen(a)intel.com> tools/power turbostat: Do not print negative LPI residency Peng Liu <liupeng17(a)lenovo.com> tools/power turbostat: Fix Bzy_MHz documentation typo Wyes Karny <wyes.karny(a)amd.com> tools/power turbostat: Increase the limit for fd opened Doug Smythies <dsmythies(a)telus.net> tools/power turbostat: Fix added raw MSR output Adam Goldman <adamg(a)pobox.com> firewire: ohci: mask bus reset interrupts between ISR and bottom half Chen Ni <nichen(a)iscas.ac.cn> ata: sata_gemini: Check clk_enable() result Jeff Layton <jlayton(a)kernel.org> vboxsf: explicitly deny setlease attempts Phil Elwell <phil(a)raspberrypi.com> net: bcmgenet: Reset RBUF on first open Zhang Yi <zhangyi(a)everest-semi.com> ASoC: codecs: ES8326: modify clock table Zhang Yi <zhangyi(a)everest-semi.com> ASoC: codecs: ES8326: Solve error interruption issue Li Nan <linan122(a)huawei.com> block: fix overflow in blk_ioctl_discard() Takashi Iwai <tiwai(a)suse.de> ALSA: line6: Zero-initialize message buffers Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: Fix MCQ mode dev command timeout Yihang Li <liyihang9(a)huawei.com> scsi: libsas: Align SMP request allocation to ARCH_DMA_MINALIGN Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: WLUN suspend dev/link state error recovery Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> OSS: dmasound/paula: Mark driver struct with __refdata to prevent section mismatch André Apitzsch <git(a)apitzsch.eu> regulator: tps65132: Add of_match table Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda-dsp: Skip IMR boot on ACE platforms in case of S3 suspend Borislav Petkov (AMD) <bp(a)alien8.de> kbuild: Disable KCSAN for autogenerated *.mod.c intermediaries Mark Rutland <mark.rutland(a)arm.com> selftests/ftrace: Fix event filter target_func selection Andrei Matei <andreimatei1(a)gmail.com> bpf: Check bloom filter map value size Jonathan Kim <Jonathan.Kim(a)amd.com> drm/amdkfd: range check cp bad op exception interrupts Mukul Joshi <mukul.joshi(a)amd.com> drm/amdkfd: Check cgroup when returning DMABuf info Anand Jain <anand.jain(a)oracle.com> btrfs: return accurate error code on open failure in open_fs_devices() Saurav Kashyap <skashyap(a)marvell.com> scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> scsi: mpi3mr: Avoid memcpy field-spanning write WARNING Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe: Fix END redefinition linke li <lilinke99(a)qq.com> net: mark racy access on sk->sk_rcvbuf Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: mvm: guard against invalid STA ID on removal Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: read txq->read_ptr under lock Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix prep_connection error path Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> wifi: cfg80211: fix rdev_dump_mpp() arguments order Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc Eric Van Hensbergen <ericvh(a)kernel.org> fs/9p: fix uninitialized values during inode evict Andrew Price <anprice(a)redhat.com> gfs2: Fix invalid metadata access in punch_hole Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Use a dedicated lock for ras_fwlog state Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Move NPIV's transport unregistration to after resource clean up Rohit Ner <rohitner(a)google.com> scsi: ufs: core: Fix MCQ MAC configuration Conor Dooley <conor.dooley(a)microchip.com> firmware: microchip: don't unconditionally print validation success Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: fix timing of synchronizing bitmap and inode Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() Will Deacon <will(a)kernel.org> swiotlb: initialise restricted pool list_head when SWIOTLB_DYNAMIC=y Shubhrajyoti Datta <shubhrajyoti.datta(a)amd.com> EDAC/versal: Do not log total error counts Gaurav Batra <gbatra(a)linux.ibm.com> powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE Nayna Jain <nayna(a)linux.ibm.com> powerpc/pseries: make max polling consistent for longer H_CALLs Jernej Skrabec <jernej.skrabec(a)gmail.com> clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change Adam Skladowski <a39.skl(a)gmail.com> clk: qcom: smd-rpm: Restore msm8976 num_clk Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe/display: Fix ADL-N detection Richard Gobert <richardbgobert(a)gmail.com> net: gro: add flush check in udp_gro_receive_segment Richard Gobert <richardbgobert(a)gmail.com> net: gro: fix udp bad offset in socket lookup by adding {inner_}network_offset to napi_gro_cb Shigeru Yoshida <syoshida(a)redhat.com> ipv4: Fix uninit-value access in __ip_make_skb() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Use predefined error codes Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Respect deferred probe Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Correct use of device property APIs Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: Fix kernel panic after setting hsuid Guillaume Nault <gnault(a)redhat.com> vxlan: Pull inner IP header in vxlan_rcv(). Xin Long <lucien.xin(a)gmail.com> tipc: fix a possible memleak in tipc_buf_append Jeffrey Altman <jaltman(a)auristor.com> rxrpc: Clients must accept conn from any address Felix Fietkau <nbd(a)nbd.name> net: core: reject skb_copy(_expand) for fraglist GSO skbs Felix Fietkau <nbd(a)nbd.name> net: bridge: fix multicast-to-unicast with fraglist GSO Mans Rullgard <mans(a)mansr.com> spi: fix null pointer dereference within spi_sync Shashank Sharma <shashank.sharma(a)amd.com> drm/amdgpu: fix doorbell regression Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> cxgb4: Properly lock TX queue for the selftest. Bui Quang Minh <minhquangbui99(a)gmail.com> s390/cio: Ensure the copied buf is NUL terminated Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: cards: select SND_DYNAMIC_MINORS Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-tdm-interface: manage formatters in trigger Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-card: make links nonatomic Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-fifo: use threaded irq to check periods Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-fifo: use FIELD helpers Guillaume Nault <gnault(a)redhat.com> vxlan: Add missing VNI filter counter update in arp_reduce(). Guillaume Nault <gnault(a)redhat.com> vxlan: Fix racy device stats updates. Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_actions() Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flow_spec Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flower Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: fix E-MU dock initialization Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: move the whole GPIO event handling to the workqueue Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: factor out snd_emu1010_load_dock_firmware() Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: fix E-MU card dock presence monitoring David Howells <dhowells(a)redhat.com> Fix a potential infinite loop in extract_user_to_sg() Jens Remus <jremus(a)linux.ibm.com> s390/vdso: Add CFI for RA register to asm macro vdso_func Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal/debugfs: Prevent use-after-free from occurring after cdev removal David Bauer <mail(a)david-bauer.net> net l2tp: drop flow hash on forward Kuniyuki Iwashima <kuniyu(a)amazon.com> nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal/debugfs: Fix two locking issues with thermal zone debug Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal/debugfs: Free all thermal zone debug memory on zone removal Bui Quang Minh <minhquangbui99(a)gmail.com> octeontx2-af: avoid off-by-one read from userspace Bui Quang Minh <minhquangbui99(a)gmail.com> bna: ensure the copied buf is NUL terminated Bui Quang Minh <minhquangbui99(a)gmail.com> ice: ensure the copied buf is NUL terminated Chen Yu <yu.c.chen(a)intel.com> efi/unaccepted: touch soft lockup during memory accept Toke Høiland-Jørgensen <toke(a)redhat.com> xdp: use flags field to disambiguate broadcast redirect Puranjay Mohan <puranjay(a)kernel.org> arm32, bpf: Reimplement sign-extension mov instruction Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix clearing storage keys for huge pages Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix storage key clearing for guest huge pages Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: codecs: wsa881x: set clk_stop_mode1 flag Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: Intel: avs: Set name of control as in topology Xu Kuohai <xukuohai(a)huawei.com> riscv, bpf: Fix incorrect runtime stats Xu Kuohai <xukuohai(a)huawei.com> bpf, arm64: Fix incorrect runtime stats Devyn Liu <liudingyuan(a)huawei.com> spi: hisi-kunpeng: Delete the dump interface of data registers in debugfs David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: fix version format string David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: use common AXI macros Anton Protopopov <aspsk(a)isovalent.com> bpf: Fix a verifier verbose message Yi Zhang <yi.zhang(a)redhat.com> nvme: fix warn output about shared namespaces without CONFIG_NVME_MULTIPATH Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: SOF: Intel: add default firmware library path for LNL Richard Fitzgerald <rf(a)opensource.cirrus.com> regmap: Add regmap_read_bypassed() Jason Xing <kernelxing(a)tencent.com> bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Andrii Nakryiko <andrii(a)kernel.org> bpf, kconfig: Fix DEBUG_INFO_BTF_MODULES Kconfig definition Matti Vaittinen <mazziesaccount(a)gmail.com> regulator: change devm_regulator_get_enable_optional() stub to return Ok Matti Vaittinen <mazziesaccount(a)gmail.com> regulator: change stubbed devm_regulator_get_enable to return Ok AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> regulator: mt6360: De-capitalize devicetree regulator subnodes Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix nfsd4_encode_fattr4() crasher Dai Ngo <dai.ngo(a)oracle.com> NFSD: add support for CB_GETATTR callback Josef Bacik <josef(a)toxicpanda.com> nfsd: make all of the nfsd stats per-network namespace Josef Bacik <josef(a)toxicpanda.com> nfsd: expose /proc/net/sunrpc/nfsd in net namespaces Josef Bacik <josef(a)toxicpanda.com> nfsd: rename NFSD_NET_* to NFSD_STATS_* Zeng Heng <zengheng4(a)huawei.com> pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> power: supply: mt6360_charger: Fix of_match for usb-otg-vbus regulator Arnd Bergmann <arnd(a)arndb.de> power: rt9455: hide unused rt9455_boost_voltage_values Hans de Goede <hdegoede(a)redhat.com> pinctrl: baytrail: Fix selecting gpio pinctrl state Kuniyuki Iwashima <kuniyu(a)amazon.com> nfs: Handle error of rpc_proc_register() in nfs_net_init(). Josef Bacik <josef(a)toxicpanda.com> nfs: make the rpc_stat per net namespace Josef Bacik <josef(a)toxicpanda.com> nfs: expose /proc/net/sunrpc/nfs in net namespaces Josef Bacik <josef(a)toxicpanda.com> sunrpc: add a struct rpc_stats arg to rpc_create_args Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback Dan Carpenter <dan.carpenter(a)linaro.org> pinctrl: core: delete incorrect free in pinctrl_enable() Jan Dakinevich <jan.dakinevich(a)salutedevices.com> pinctrl/meson: fix typo in PDM's pin name Billy Tsai <billy_tsai(a)aspeedtech.com> pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: don't free NULL coalescing rule Benno Lossin <benno.lossin(a)proton.me> rust: macros: fix soundness issue in `module!` macro Thomas Bertschinger <tahbertschinger(a)gmail.com> rust: module: place generated init_module() function in .init.text ------------- Diffstat: .../bindings/iio/health/maxim,max30102.yaml | 2 +- .../devicetree/bindings/net/mediatek,net.yaml | 22 +-- Documentation/netlink/specs/rt_link.yaml | 6 + Makefile | 4 +- arch/arm/kernel/sleep.S | 4 + arch/arm/net/bpf_jit_32.c | 56 +++++-- .../dts/mediatek/mt8183-kukui-jacuzzi-pico6.dts | 3 +- arch/arm64/boot/dts/qcom/sa8155p-adp.dts | 30 ++-- arch/arm64/kvm/vgic/vgic-kvm-device.c | 8 +- arch/arm64/net/bpf_jit_comp.c | 6 +- arch/mips/include/asm/ptrace.h | 2 +- arch/mips/kernel/asm-offsets.c | 1 + arch/mips/kernel/ptrace.c | 15 +- arch/mips/kernel/scall32-o32.S | 23 +-- arch/mips/kernel/scall64-n32.S | 3 +- arch/mips/kernel/scall64-n64.S | 3 +- arch/mips/kernel/scall64-o32.S | 33 ++-- arch/powerpc/crypto/chacha-p10-glue.c | 8 +- arch/powerpc/include/asm/plpks.h | 5 +- arch/powerpc/platforms/pseries/iommu.c | 8 + arch/powerpc/platforms/pseries/plpks.c | 10 +- arch/riscv/net/bpf_jit_comp64.c | 6 +- arch/s390/include/asm/dwarf.h | 1 + arch/s390/kernel/vdso64/vdso_user_wrapper.S | 2 + arch/s390/mm/gmap.c | 2 +- arch/s390/mm/hugetlbpage.c | 2 +- arch/x86/kernel/apic/apic.c | 16 +- arch/xtensa/include/asm/processor.h | 8 +- arch/xtensa/include/asm/ptrace.h | 2 +- arch/xtensa/kernel/process.c | 5 +- arch/xtensa/kernel/stacktrace.c | 3 +- block/blk-iocost.c | 14 +- block/ioctl.c | 5 +- drivers/accel/ivpu/ivpu_drv.c | 20 +-- drivers/accel/ivpu/ivpu_drv.h | 3 +- drivers/accel/ivpu/ivpu_hw_37xx.c | 4 +- drivers/accel/ivpu/ivpu_mmu.c | 8 +- drivers/accel/ivpu/ivpu_pm.c | 9 +- drivers/ata/sata_gemini.c | 5 +- drivers/base/regmap/regmap.c | 37 +++++ drivers/bluetooth/btqca.c | 140 ++++++++++++++-- drivers/bluetooth/btqca.h | 3 +- drivers/bluetooth/hci_qca.c | 2 - drivers/clk/clk.c | 12 +- drivers/clk/qcom/clk-smd-rpm.c | 1 + drivers/clk/samsung/clk-exynos-clkout.c | 13 +- drivers/clk/sunxi-ng/ccu-sun50i-a64.c | 2 + drivers/clk/sunxi-ng/ccu-sun50i-h6.c | 19 ++- drivers/clk/sunxi-ng/ccu_common.c | 19 +++ drivers/clk/sunxi-ng/ccu_common.h | 3 + drivers/dma/idxd/cdev.c | 77 +++++++++ drivers/dma/idxd/idxd.h | 3 + drivers/dma/idxd/init.c | 4 + drivers/dma/idxd/registers.h | 3 - drivers/dma/idxd/sysfs.c | 27 ++- drivers/edac/versal_edac.c | 4 +- drivers/firewire/nosy.c | 6 +- drivers/firewire/ohci.c | 14 +- drivers/firmware/efi/unaccepted_memory.c | 4 + drivers/firmware/microchip/mpfs-auto-update.c | 2 + drivers/gpio/gpio-crystalcove.c | 2 +- drivers/gpio/gpio-lpc32xx.c | 1 + drivers/gpio/gpio-wcove.c | 2 +- drivers/gpio/gpiolib-cdev.c | 16 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 26 +-- drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 14 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 56 ++++--- drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c | 15 +- drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c | 16 +- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 11 +- drivers/gpu/drm/amd/amdkfd/kfd_device.c | 17 +- drivers/gpu/drm/amd/amdkfd/kfd_int_process_v10.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_int_process_v11.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_int_process_v9.c | 3 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 15 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 48 ++++-- drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 1 + .../display/dc/dcn31/dcn31_hpo_dp_link_encoder.c | 6 + .../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 33 +++- drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 27 ++- drivers/gpu/drm/amd/pm/swsmu/inc/amdgpu_smu.h | 1 + .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 8 +- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c | 2 +- drivers/gpu/drm/drm_connector.c | 2 +- drivers/gpu/drm/i915/display/intel_audio.c | 113 +------------ drivers/gpu/drm/i915/display/intel_bios.c | 19 +-- drivers/gpu/drm/i915/display/intel_vbt_defs.h | 5 - drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c | 6 +- drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h | 2 +- drivers/gpu/drm/i915/gt/intel_workarounds.c | 4 +- drivers/gpu/drm/imagination/pvr_fw_mips.h | 5 +- drivers/gpu/drm/meson/meson_dw_hdmi.c | 70 ++++---- drivers/gpu/drm/nouveau/include/nvkm/subdev/gsp.h | 4 +- drivers/gpu/drm/nouveau/nouveau_dp.c | 13 +- drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 81 +++++---- drivers/gpu/drm/panel/Kconfig | 2 +- drivers/gpu/drm/panel/panel-ilitek-ili9341.c | 13 +- drivers/gpu/drm/qxl/qxl_release.c | 50 +----- drivers/gpu/drm/radeon/pptable.h | 10 +- drivers/gpu/drm/ttm/ttm_tt.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 1 + drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 +- drivers/gpu/drm/xe/compat-i915-headers/i915_drv.h | 3 +- drivers/gpu/drm/xe/regs/xe_engine_regs.h | 2 +- drivers/gpu/drm/xe/xe_lrc.c | 25 ++- drivers/gpu/drm/xe/xe_migrate.c | 8 +- drivers/gpu/host1x/bus.c | 8 - drivers/hv/channel.c | 29 +++- drivers/hv/connection.c | 29 +++- drivers/hwmon/corsair-cpro.c | 43 +++-- drivers/hwmon/pmbus/ucd9000.c | 6 +- drivers/iio/accel/mxc4005.c | 92 +++++++++- drivers/iio/imu/adis16475.c | 4 +- drivers/iio/pressure/bmp280-core.c | 1 + drivers/iio/pressure/bmp280-spi.c | 13 +- drivers/iio/pressure/bmp280.h | 1 + drivers/infiniband/hw/qib/qib_fs.c | 1 + drivers/iommu/amd/iommu.c | 4 + drivers/iommu/arm/arm-smmu/arm-smmu-nvidia.c | 4 +- drivers/iommu/mtk_iommu.c | 1 + drivers/iommu/mtk_iommu_v1.c | 1 + drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/misc/pvpanic/pvpanic-pci.c | 4 +- drivers/net/dsa/mv88e6xxx/chip.c | 20 ++- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 32 +++- drivers/net/ethernet/broadcom/genet/bcmgenet.h | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 8 +- drivers/net/ethernet/broadcom/genet/bcmmii.c | 6 +- drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 4 +- drivers/net/ethernet/chelsio/cxgb4/sge.c | 6 +- drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 52 +++--- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.h | 5 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 7 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 20 +-- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 2 +- drivers/net/ethernet/intel/e1000e/phy.c | 8 +- drivers/net/ethernet/intel/ice/ice_debugfs.c | 8 +- .../ethernet/marvell/octeontx2/af/rvu_debugfs.c | 4 +- drivers/net/ethernet/micrel/ks8851_common.c | 16 +- drivers/net/ethernet/qlogic/qede/qede_filter.c | 14 +- drivers/net/hyperv/netvsc.c | 7 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/vxlan/vxlan_core.c | 49 ++++-- drivers/net/wireless/intel/iwlwifi/mvm/mld-sta.c | 7 +- drivers/net/wireless/intel/iwlwifi/queue/tx.c | 2 +- drivers/nvme/host/core.c | 2 +- drivers/nvme/host/nvme.h | 5 + drivers/nvme/host/pci.c | 14 +- drivers/pinctrl/aspeed/pinctrl-aspeed-g6.c | 34 ++-- drivers/pinctrl/core.c | 8 +- drivers/pinctrl/devicetree.c | 10 +- drivers/pinctrl/intel/pinctrl-baytrail.c | 74 +++++---- drivers/pinctrl/intel/pinctrl-intel.h | 4 + drivers/pinctrl/mediatek/pinctrl-paris.c | 40 ++--- drivers/pinctrl/meson/pinctrl-meson-a1.c | 6 +- drivers/platform/x86/acer-wmi.c | 9 + drivers/platform/x86/amd/pmf/acpi.c | 2 +- .../x86/intel/speed_select_if/isst_if_common.c | 1 + drivers/power/supply/mt6360_charger.c | 2 +- drivers/power/supply/rt9455_charger.c | 2 + drivers/regulator/core.c | 27 +-- drivers/regulator/mt6360-regulator.c | 32 ++-- drivers/regulator/tps65132-regulator.c | 7 + drivers/s390/cio/cio_inject.c | 2 +- drivers/s390/net/qeth_core_main.c | 69 ++++---- drivers/scsi/bnx2fc/bnx2fc_tgt.c | 2 - drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 10 +- drivers/scsi/libsas/sas_expander.c | 2 +- drivers/scsi/lpfc/lpfc.h | 2 +- drivers/scsi/lpfc/lpfc_attr.c | 4 +- drivers/scsi/lpfc/lpfc_bsg.c | 20 +-- drivers/scsi/lpfc/lpfc_debugfs.c | 12 +- drivers/scsi/lpfc/lpfc_els.c | 20 +-- drivers/scsi/lpfc/lpfc_hbadisc.c | 5 +- drivers/scsi/lpfc/lpfc_init.c | 5 +- drivers/scsi/lpfc/lpfc_nvme.c | 4 +- drivers/scsi/lpfc/lpfc_scsi.c | 13 +- drivers/scsi/lpfc/lpfc_sli.c | 34 ++-- drivers/scsi/lpfc/lpfc_vport.c | 8 +- drivers/scsi/mpi3mr/mpi3mr_app.c | 2 +- drivers/slimbus/qcom-ngd-ctrl.c | 6 +- drivers/spi/spi-axi-spi-engine.c | 19 +-- drivers/spi/spi-hisi-kunpeng.c | 2 - drivers/spi/spi-microchip-core-qspi.c | 1 + drivers/spi/spi.c | 1 + drivers/target/target_core_configfs.c | 12 ++ drivers/thermal/thermal_debugfs.c | 59 +++++-- drivers/ufs/core/ufs-mcq.c | 2 +- drivers/ufs/core/ufshcd.c | 9 +- drivers/uio/uio_hv_generic.c | 12 +- drivers/usb/core/hub.c | 5 +- drivers/usb/core/port.c | 8 +- drivers/usb/dwc3/core.c | 90 +++++----- drivers/usb/dwc3/core.h | 1 + drivers/usb/dwc3/gadget.c | 2 + drivers/usb/dwc3/host.c | 27 +++ drivers/usb/gadget/composite.c | 6 +- drivers/usb/gadget/function/f_fs.c | 9 +- drivers/usb/gadget/function/uvc_configfs.c | 4 +- drivers/usb/host/ohci-hcd.c | 8 + drivers/usb/host/xhci-plat.h | 4 +- drivers/usb/host/xhci-rzv2m.c | 1 + drivers/usb/typec/tcpm/tcpm.c | 36 +++- drivers/usb/typec/ucsi/ucsi.c | 12 +- drivers/vfio/pci/vfio_pci.c | 2 + fs/9p/fid.h | 3 - fs/9p/vfs_file.c | 2 + fs/9p/vfs_inode.c | 23 ++- fs/9p/vfs_super.c | 1 + fs/btrfs/inode.c | 2 +- fs/btrfs/ordered-data.c | 1 + fs/btrfs/qgroup.c | 2 + fs/btrfs/transaction.c | 2 +- fs/btrfs/tree-checker.c | 30 ++-- fs/btrfs/tree-checker.h | 1 + fs/btrfs/volumes.c | 18 +- fs/exfat/file.c | 9 +- fs/gfs2/bmap.c | 5 +- fs/nfs/client.c | 5 +- fs/nfs/inode.c | 13 +- fs/nfs/internal.h | 2 - fs/nfs/netns.h | 2 + fs/nfsd/cache.h | 2 - fs/nfsd/netns.h | 21 ++- fs/nfsd/nfs4callback.c | 97 ++++++++++- fs/nfsd/nfs4proc.c | 6 +- fs/nfsd/nfs4state.c | 3 +- fs/nfsd/nfs4xdr.c | 2 +- fs/nfsd/nfscache.c | 40 +---- fs/nfsd/nfsctl.c | 14 +- fs/nfsd/nfsfh.c | 3 +- fs/nfsd/state.h | 14 ++ fs/nfsd/stats.c | 43 ++--- fs/nfsd/stats.h | 62 +++---- fs/nfsd/vfs.c | 6 +- fs/nfsd/xdr4cb.h | 18 ++ fs/proc/task_mmu.c | 24 +-- fs/smb/client/cifsglob.h | 1 + fs/smb/client/connect.c | 8 + fs/smb/client/fs_context.c | 21 +++ fs/smb/client/fs_context.h | 2 + fs/smb/client/misc.c | 1 + fs/smb/client/smb2pdu.c | 11 ++ fs/smb/server/oplock.c | 35 ++-- fs/smb/server/transport_tcp.c | 4 + fs/tracefs/event_inode.c | 74 +++++---- fs/tracefs/inode.c | 92 +++++++++- fs/tracefs/internal.h | 14 +- fs/userfaultfd.c | 4 + fs/vboxsf/file.c | 1 + include/linux/compiler_types.h | 11 ++ include/linux/dma-fence.h | 7 - include/linux/gfp_types.h | 2 + include/linux/hyperv.h | 1 + include/linux/pci_ids.h | 2 + include/linux/regmap.h | 8 + include/linux/regulator/consumer.h | 4 +- include/linux/skbuff.h | 15 ++ include/linux/skmsg.h | 2 + include/linux/slab.h | 4 +- include/linux/sockptr.h | 25 +++ include/linux/sunrpc/clnt.h | 1 + include/net/gro.h | 9 + include/net/xfrm.h | 3 + include/sound/emu10k1.h | 3 +- include/trace/events/rxrpc.h | 2 +- include/uapi/linux/kfd_ioctl.h | 17 +- include/uapi/scsi/scsi_bsg_mpi3mr.h | 2 +- kernel/bpf/bloom_filter.c | 13 ++ kernel/bpf/verifier.c | 3 +- kernel/dma/swiotlb.c | 1 + kernel/workqueue.c | 8 +- lib/Kconfig.debug | 5 +- lib/dynamic_debug.c | 6 +- lib/maple_tree.c | 16 +- lib/scatterlist.c | 2 +- mm/readahead.c | 4 + mm/slub.c | 52 +++--- net/8021q/vlan_core.c | 2 + net/bluetooth/hci_core.c | 3 +- net/bluetooth/hci_event.c | 2 + net/bluetooth/l2cap_core.c | 3 + net/bluetooth/msft.c | 2 +- net/bluetooth/msft.h | 4 +- net/bluetooth/sco.c | 4 + net/bridge/br_forward.c | 9 +- net/bridge/br_netlink.c | 3 +- net/core/filter.c | 42 +++-- net/core/gro.c | 1 + net/core/link_watch.c | 4 +- net/core/net-sysfs.c | 4 +- net/core/net_namespace.c | 13 +- net/core/rtnetlink.c | 6 +- net/core/skbuff.c | 27 ++- net/core/skmsg.c | 5 +- net/core/sock.c | 4 +- net/hsr/hsr_device.c | 31 ++-- net/ipv4/af_inet.c | 1 + net/ipv4/ip_output.c | 2 +- net/ipv4/raw.c | 3 + net/ipv4/tcp.c | 4 +- net/ipv4/tcp_input.c | 2 + net/ipv4/tcp_ipv4.c | 8 +- net/ipv4/tcp_output.c | 4 +- net/ipv4/udp.c | 3 +- net/ipv4/udp_offload.c | 15 +- net/ipv4/xfrm4_input.c | 6 +- net/ipv6/addrconf.c | 11 +- net/ipv6/fib6_rules.c | 6 +- net/ipv6/ip6_input.c | 4 +- net/ipv6/ip6_offload.c | 1 + net/ipv6/ip6_output.c | 4 +- net/ipv6/udp.c | 3 +- net/ipv6/udp_offload.c | 3 +- net/ipv6/xfrm6_input.c | 6 +- net/l2tp/l2tp_eth.c | 3 + net/mac80211/ieee80211_i.h | 4 +- net/mac80211/mlme.c | 5 +- net/mptcp/ctrl.c | 39 ++++- net/mptcp/protocol.c | 3 + net/nfc/llcp_sock.c | 12 +- net/nfc/nci/core.c | 1 + net/nsh/nsh.c | 14 +- net/phonet/pn_netlink.c | 2 +- net/rxrpc/ar-internal.h | 2 +- net/rxrpc/call_object.c | 7 +- net/rxrpc/conn_event.c | 16 +- net/rxrpc/conn_object.c | 9 +- net/rxrpc/input.c | 71 +++++--- net/rxrpc/output.c | 14 +- net/rxrpc/protocol.h | 6 +- net/smc/smc_ib.c | 19 ++- net/sunrpc/clnt.c | 5 +- net/sunrpc/xprtsock.c | 1 + net/tipc/msg.c | 8 +- net/wireless/nl80211.c | 2 + net/wireless/trace.h | 2 +- net/xfrm/xfrm_input.c | 8 + rust/macros/module.rs | 185 +++++++++++++-------- scripts/Makefile.modfinal | 2 +- security/keys/key.c | 3 +- sound/hda/intel-sdw-acpi.c | 2 + sound/oss/dmasound/dmasound_paula.c | 8 +- sound/pci/emu10k1/emu10k1.c | 3 +- sound/pci/emu10k1/emu10k1_main.c | 139 +++++++++------- sound/pci/hda/patch_realtek.c | 25 ++- sound/soc/codecs/es8326.c | 30 ++-- sound/soc/codecs/es8326.h | 2 +- sound/soc/codecs/wsa881x.c | 1 + sound/soc/intel/avs/topology.c | 2 + sound/soc/meson/Kconfig | 1 + sound/soc/meson/axg-card.c | 1 + sound/soc/meson/axg-fifo.c | 56 ++++--- sound/soc/meson/axg-fifo.h | 12 +- sound/soc/meson/axg-frddr.c | 5 +- sound/soc/meson/axg-tdm-interface.c | 34 ++-- sound/soc/meson/axg-toddr.c | 22 ++- sound/soc/sof/intel/hda-dsp.c | 20 ++- sound/soc/sof/intel/pci-lnl.c | 3 + sound/soc/tegra/tegra186_dspk.c | 7 +- sound/soc/ti/davinci-mcasp.c | 12 +- sound/usb/line6/driver.c | 6 +- tools/include/linux/kernel.h | 1 + tools/include/linux/mm.h | 5 + tools/include/linux/panic.h | 19 +++ tools/power/x86/turbostat/turbostat.8 | 2 +- tools/power/x86/turbostat/turbostat.c | 163 +++++++++++++----- .../selftests/bpf/prog_tests/bloom_filter_map.c | 6 + .../ftrace/test.d/filter/event-filter-function.tc | 2 +- tools/testing/selftests/mm/Makefile | 6 +- .../selftests/net/test_bridge_neigh_suppress.sh | 14 +- tools/testing/selftests/timers/valid-adjtimex.c | 73 ++++---- 377 files changed, 3384 insertions(+), 1870 deletions(-)

1 year, 4 months

9
11
0 0

FAILED: patch "[PATCH] net: bcmgenet: synchronize UMAC_CMD access" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 0d5e2a82232605b337972fb2c7d0cbc46898aca1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051356-partly-sizzle-f63e@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 0d5e2a822326 ("net: bcmgenet: synchronize UMAC_CMD access") a9f31047baca ("net: bcmgenet: Fix EEE implementation") 53243d412ec5 ("net: use bool values to pass bool param of phy_init_eee()") fc13d8c03773 ("net: bcmgenet: pull mac_config from adjust_link") fcb5dfe7dc40 ("net: bcmgenet: remove old link state values") 50e356686fa9 ("net: bcmgenet: remove netif_carrier_off from adjust_link") b972b54a68b2 ("net: bcmgenet: Patch PHY interface for dedicated PHY driver") b82f8c3f1409 ("net: fec: add eee mode tx lpi support") 40b5d2f15c09 ("net: dsa: mt7530: Add support for EEE features") 28e303da55b3 ("net: broadcom: share header defining UniMAC registers") 12cf8e75727a ("bgmac: add bgmac_umac_*() helpers for accessing UniMAC registers") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0d5e2a82232605b337972fb2c7d0cbc46898aca1 Mon Sep 17 00:00:00 2001 From: Doug Berger <opendmb(a)gmail.com> Date: Thu, 25 Apr 2024 15:27:21 -0700 Subject: [PATCH] net: bcmgenet: synchronize UMAC_CMD access The UMAC_CMD register is written from different execution contexts and has insufficient synchronization protections to prevent possible corruption. Of particular concern are the acceses from the phy_device delayed work context used by the adjust_link call and the BH context that may be used by the ndo_set_rx_mode call. A spinlock is added to the driver to protect contended register accesses (i.e. reg_lock) and it is used to synchronize accesses to UMAC_CMD. Fixes: 1c1008c793fa ("net: bcmgenet: add main driver file") Cc: stable(a)vger.kernel.org Signed-off-by: Doug Berger <opendmb(a)gmail.com> Acked-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c index 5452b7dc6e6a..c7e7dac057a3 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c @@ -2467,14 +2467,18 @@ static void umac_enable_set(struct bcmgenet_priv *priv, u32 mask, bool enable) { u32 reg; + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); - if (reg & CMD_SW_RESET) + if (reg & CMD_SW_RESET) { + spin_unlock_bh(&priv->reg_lock); return; + } if (enable) reg |= mask; else reg &= ~mask; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); /* UniMAC stops on a packet boundary, wait for a full-size packet * to be processed @@ -2490,8 +2494,10 @@ static void reset_umac(struct bcmgenet_priv *priv) udelay(10); /* issue soft reset and disable MAC while updating its registers */ + spin_lock_bh(&priv->reg_lock); bcmgenet_umac_writel(priv, CMD_SW_RESET, UMAC_CMD); udelay(2); + spin_unlock_bh(&priv->reg_lock); } static void bcmgenet_intr_disable(struct bcmgenet_priv *priv) @@ -3597,16 +3603,19 @@ static void bcmgenet_set_rx_mode(struct net_device *dev) * 3. The number of filters needed exceeds the number filters * supported by the hardware. */ + spin_lock(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); if ((dev->flags & (IFF_PROMISC | IFF_ALLMULTI)) || (nfilter > MAX_MDF_FILTER)) { reg |= CMD_PROMISC; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock(&priv->reg_lock); bcmgenet_umac_writel(priv, 0, UMAC_MDF_CTRL); return; } else { reg &= ~CMD_PROMISC; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock(&priv->reg_lock); } /* update MDF filter */ @@ -4005,6 +4014,7 @@ static int bcmgenet_probe(struct platform_device *pdev) goto err; } + spin_lock_init(&priv->reg_lock); spin_lock_init(&priv->lock); /* Set default pause parameters */ diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.h b/drivers/net/ethernet/broadcom/genet/bcmgenet.h index 7523b60b3c1c..43b923c48b14 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.h +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.h @@ -1,6 +1,6 @@ /* SPDX-License-Identifier: GPL-2.0-only */ /* - * Copyright (c) 2014-2020 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #ifndef __BCMGENET_H__ @@ -573,6 +573,8 @@ struct bcmgenet_rxnfc_rule { /* device context */ struct bcmgenet_priv { void __iomem *base; + /* reg_lock: lock to serialize access to shared registers */ + spinlock_t reg_lock; enum bcmgenet_version version; struct net_device *dev; diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c b/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c index 7a41cad5788f..1248792d7fd4 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c @@ -2,7 +2,7 @@ /* * Broadcom GENET (Gigabit Ethernet) Wake-on-LAN support * - * Copyright (c) 2014-2020 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #define pr_fmt(fmt) "bcmgenet_wol: " fmt @@ -151,6 +151,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, } /* Can't suspend with WoL if MAC is still in reset */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); if (reg & CMD_SW_RESET) reg &= ~CMD_SW_RESET; @@ -158,6 +159,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, /* disable RX */ reg &= ~CMD_RX_EN; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); mdelay(10); if (priv->wolopts & (WAKE_MAGIC | WAKE_MAGICSECURE)) { @@ -203,6 +205,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, } /* Enable CRC forward */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); priv->crc_fwd_en = 1; reg |= CMD_CRC_FWD; @@ -210,6 +213,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, /* Receiver must be enabled for WOL MP detection */ reg |= CMD_RX_EN; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); reg = UMAC_IRQ_MPD_R; if (hfb_enable) @@ -256,7 +260,9 @@ void bcmgenet_wol_power_up_cfg(struct bcmgenet_priv *priv, } /* Disable CRC Forward */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); reg &= ~CMD_CRC_FWD; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); } diff --git a/drivers/net/ethernet/broadcom/genet/bcmmii.c b/drivers/net/ethernet/broadcom/genet/bcmmii.c index 86a4aa72b3d4..c4a3698cef66 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmmii.c +++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c @@ -76,6 +76,7 @@ static void bcmgenet_mac_config(struct net_device *dev) reg |= RGMII_LINK; bcmgenet_ext_writel(priv, reg, EXT_RGMII_OOB_CTRL); + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); reg &= ~((CMD_SPEED_MASK << CMD_SPEED_SHIFT) | CMD_HD_EN | @@ -88,6 +89,7 @@ static void bcmgenet_mac_config(struct net_device *dev) reg |= CMD_TX_EN | CMD_RX_EN; } bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); active = phy_init_eee(phydev, 0) >= 0; bcmgenet_eee_enable_set(dev,

1 year, 4 months

2
1
0 0

FAILED: patch "[PATCH] net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x d85cf67a339685beae1d0aee27b7f61da95455be # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051347-buddhism-hunting-5c42@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: d85cf67a3396 ("net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access") 696450c05181 ("net: bcmgenet: Clear RGMII_LINK upon link down") fc13d8c03773 ("net: bcmgenet: pull mac_config from adjust_link") fcb5dfe7dc40 ("net: bcmgenet: remove old link state values") 50e356686fa9 ("net: bcmgenet: remove netif_carrier_off from adjust_link") b972b54a68b2 ("net: bcmgenet: Patch PHY interface for dedicated PHY driver") 28e303da55b3 ("net: broadcom: share header defining UniMAC registers") 12cf8e75727a ("bgmac: add bgmac_umac_*() helpers for accessing UniMAC registers") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d85cf67a339685beae1d0aee27b7f61da95455be Mon Sep 17 00:00:00 2001 From: Doug Berger <opendmb(a)gmail.com> Date: Thu, 25 Apr 2024 15:27:19 -0700 Subject: [PATCH] net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access The EXT_RGMII_OOB_CTRL register can be written from different contexts. It is predominantly written from the adjust_link handler which is synchronized by the phydev->lock, but can also be written from a different context when configuring the mii in bcmgenet_mii_config(). The chances of contention are quite low, but it is conceivable that adjust_link could occur during resume when WoL is enabled so use the phydev->lock synchronizer in bcmgenet_mii_config() to be sure. Fixes: afe3f907d20f ("net: bcmgenet: power on MII block for all MII modes") Cc: stable(a)vger.kernel.org Signed-off-by: Doug Berger <opendmb(a)gmail.com> Acked-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/ethernet/broadcom/genet/bcmmii.c b/drivers/net/ethernet/broadcom/genet/bcmmii.c index 9ada89355747..86a4aa72b3d4 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmmii.c +++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c @@ -2,7 +2,7 @@ /* * Broadcom GENET MDIO routines * - * Copyright (c) 2014-2017 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #include <linux/acpi.h> @@ -275,6 +275,7 @@ int bcmgenet_mii_config(struct net_device *dev, bool init) * block for the interface to work, unconditionally clear the * Out-of-band disable since we do not need it. */ + mutex_lock(&phydev->lock); reg = bcmgenet_ext_readl(priv, EXT_RGMII_OOB_CTRL); reg &= ~OOB_DISABLE; if (priv->ext_phy) { @@ -286,6 +287,7 @@ int bcmgenet_mii_config(struct net_device *dev, bool init) reg |= RGMII_MODE_EN; } bcmgenet_ext_writel(priv, reg, EXT_RGMII_OOB_CTRL); + mutex_unlock(&phydev->lock); if (init) dev_info(kdev, "configuring instance for %s\n", phy_name);

1 year, 4 months

2
1
0 0

FAILED: patch "[PATCH] net: bcmgenet: synchronize UMAC_CMD access" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 0d5e2a82232605b337972fb2c7d0cbc46898aca1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051352-twins-rumor-dcc9@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 0d5e2a822326 ("net: bcmgenet: synchronize UMAC_CMD access") a9f31047baca ("net: bcmgenet: Fix EEE implementation") 53243d412ec5 ("net: use bool values to pass bool param of phy_init_eee()") fc13d8c03773 ("net: bcmgenet: pull mac_config from adjust_link") fcb5dfe7dc40 ("net: bcmgenet: remove old link state values") 50e356686fa9 ("net: bcmgenet: remove netif_carrier_off from adjust_link") b972b54a68b2 ("net: bcmgenet: Patch PHY interface for dedicated PHY driver") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0d5e2a82232605b337972fb2c7d0cbc46898aca1 Mon Sep 17 00:00:00 2001 From: Doug Berger <opendmb(a)gmail.com> Date: Thu, 25 Apr 2024 15:27:21 -0700 Subject: [PATCH] net: bcmgenet: synchronize UMAC_CMD access The UMAC_CMD register is written from different execution contexts and has insufficient synchronization protections to prevent possible corruption. Of particular concern are the acceses from the phy_device delayed work context used by the adjust_link call and the BH context that may be used by the ndo_set_rx_mode call. A spinlock is added to the driver to protect contended register accesses (i.e. reg_lock) and it is used to synchronize accesses to UMAC_CMD. Fixes: 1c1008c793fa ("net: bcmgenet: add main driver file") Cc: stable(a)vger.kernel.org Signed-off-by: Doug Berger <opendmb(a)gmail.com> Acked-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c index 5452b7dc6e6a..c7e7dac057a3 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c @@ -2467,14 +2467,18 @@ static void umac_enable_set(struct bcmgenet_priv *priv, u32 mask, bool enable) { u32 reg; + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); - if (reg & CMD_SW_RESET) + if (reg & CMD_SW_RESET) { + spin_unlock_bh(&priv->reg_lock); return; + } if (enable) reg |= mask; else reg &= ~mask; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); /* UniMAC stops on a packet boundary, wait for a full-size packet * to be processed @@ -2490,8 +2494,10 @@ static void reset_umac(struct bcmgenet_priv *priv) udelay(10); /* issue soft reset and disable MAC while updating its registers */ + spin_lock_bh(&priv->reg_lock); bcmgenet_umac_writel(priv, CMD_SW_RESET, UMAC_CMD); udelay(2); + spin_unlock_bh(&priv->reg_lock); } static void bcmgenet_intr_disable(struct bcmgenet_priv *priv) @@ -3597,16 +3603,19 @@ static void bcmgenet_set_rx_mode(struct net_device *dev) * 3. The number of filters needed exceeds the number filters * supported by the hardware. */ + spin_lock(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); if ((dev->flags & (IFF_PROMISC | IFF_ALLMULTI)) || (nfilter > MAX_MDF_FILTER)) { reg |= CMD_PROMISC; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock(&priv->reg_lock); bcmgenet_umac_writel(priv, 0, UMAC_MDF_CTRL); return; } else { reg &= ~CMD_PROMISC; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock(&priv->reg_lock); } /* update MDF filter */ @@ -4005,6 +4014,7 @@ static int bcmgenet_probe(struct platform_device *pdev) goto err; } + spin_lock_init(&priv->reg_lock); spin_lock_init(&priv->lock); /* Set default pause parameters */ diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.h b/drivers/net/ethernet/broadcom/genet/bcmgenet.h index 7523b60b3c1c..43b923c48b14 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.h +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.h @@ -1,6 +1,6 @@ /* SPDX-License-Identifier: GPL-2.0-only */ /* - * Copyright (c) 2014-2020 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #ifndef __BCMGENET_H__ @@ -573,6 +573,8 @@ struct bcmgenet_rxnfc_rule { /* device context */ struct bcmgenet_priv { void __iomem *base; + /* reg_lock: lock to serialize access to shared registers */ + spinlock_t reg_lock; enum bcmgenet_version version; struct net_device *dev; diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c b/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c index 7a41cad5788f..1248792d7fd4 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c @@ -2,7 +2,7 @@ /* * Broadcom GENET (Gigabit Ethernet) Wake-on-LAN support * - * Copyright (c) 2014-2020 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #define pr_fmt(fmt) "bcmgenet_wol: " fmt @@ -151,6 +151,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, } /* Can't suspend with WoL if MAC is still in reset */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); if (reg & CMD_SW_RESET) reg &= ~CMD_SW_RESET; @@ -158,6 +159,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, /* disable RX */ reg &= ~CMD_RX_EN; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); mdelay(10); if (priv->wolopts & (WAKE_MAGIC | WAKE_MAGICSECURE)) { @@ -203,6 +205,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, } /* Enable CRC forward */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); priv->crc_fwd_en = 1; reg |= CMD_CRC_FWD; @@ -210,6 +213,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, /* Receiver must be enabled for WOL MP detection */ reg |= CMD_RX_EN; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); reg = UMAC_IRQ_MPD_R; if (hfb_enable) @@ -256,7 +260,9 @@ void bcmgenet_wol_power_up_cfg(struct bcmgenet_priv *priv, } /* Disable CRC Forward */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); reg &= ~CMD_CRC_FWD; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); } diff --git a/drivers/net/ethernet/broadcom/genet/bcmmii.c b/drivers/net/ethernet/broadcom/genet/bcmmii.c index 86a4aa72b3d4..c4a3698cef66 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmmii.c +++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c @@ -76,6 +76,7 @@ static void bcmgenet_mac_config(struct net_device *dev) reg |= RGMII_LINK; bcmgenet_ext_writel(priv, reg, EXT_RGMII_OOB_CTRL); + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); reg &= ~((CMD_SPEED_MASK << CMD_SPEED_SHIFT) | CMD_HD_EN | @@ -88,6 +89,7 @@ static void bcmgenet_mac_config(struct net_device *dev) reg |= CMD_TX_EN | CMD_RX_EN; } bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); active = phy_init_eee(phydev, 0) >= 0; bcmgenet_eee_enable_set(dev,

1 year, 4 months

2
1
0 0

FAILED: patch "[PATCH] net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x d85cf67a339685beae1d0aee27b7f61da95455be # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051343-casket-astride-c192@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: d85cf67a3396 ("net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access") 696450c05181 ("net: bcmgenet: Clear RGMII_LINK upon link down") fc13d8c03773 ("net: bcmgenet: pull mac_config from adjust_link") fcb5dfe7dc40 ("net: bcmgenet: remove old link state values") 50e356686fa9 ("net: bcmgenet: remove netif_carrier_off from adjust_link") b972b54a68b2 ("net: bcmgenet: Patch PHY interface for dedicated PHY driver") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d85cf67a339685beae1d0aee27b7f61da95455be Mon Sep 17 00:00:00 2001 From: Doug Berger <opendmb(a)gmail.com> Date: Thu, 25 Apr 2024 15:27:19 -0700 Subject: [PATCH] net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access The EXT_RGMII_OOB_CTRL register can be written from different contexts. It is predominantly written from the adjust_link handler which is synchronized by the phydev->lock, but can also be written from a different context when configuring the mii in bcmgenet_mii_config(). The chances of contention are quite low, but it is conceivable that adjust_link could occur during resume when WoL is enabled so use the phydev->lock synchronizer in bcmgenet_mii_config() to be sure. Fixes: afe3f907d20f ("net: bcmgenet: power on MII block for all MII modes") Cc: stable(a)vger.kernel.org Signed-off-by: Doug Berger <opendmb(a)gmail.com> Acked-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/ethernet/broadcom/genet/bcmmii.c b/drivers/net/ethernet/broadcom/genet/bcmmii.c index 9ada89355747..86a4aa72b3d4 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmmii.c +++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c @@ -2,7 +2,7 @@ /* * Broadcom GENET MDIO routines * - * Copyright (c) 2014-2017 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #include <linux/acpi.h> @@ -275,6 +275,7 @@ int bcmgenet_mii_config(struct net_device *dev, bool init) * block for the interface to work, unconditionally clear the * Out-of-band disable since we do not need it. */ + mutex_lock(&phydev->lock); reg = bcmgenet_ext_readl(priv, EXT_RGMII_OOB_CTRL); reg &= ~OOB_DISABLE; if (priv->ext_phy) { @@ -286,6 +287,7 @@ int bcmgenet_mii_config(struct net_device *dev, bool init) reg |= RGMII_MODE_EN; } bcmgenet_ext_writel(priv, reg, EXT_RGMII_OOB_CTRL); + mutex_unlock(&phydev->lock); if (init) dev_info(kdev, "configuring instance for %s\n", phy_name);

1 year, 4 months

2
1
0 0

[PATCH 5.4 00/84] 5.4.276-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.276 release. There are 84 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 16 May 2024 10:09:32 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.276-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.276-rc1 Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback YueHaibing <yuehaibing(a)huawei.com> pinctrl: mediatek: remove set but not used variable 'e' Dan Carpenter <dan.carpenter(a)oracle.com> pinctrl: mediatek: Fix some off by one bugs Hsin-Yi Wang <hsinyi(a)chromium.org> pinctrl: mediatek: Fix fallback behavior for bias_set_combo Johan Hovold <johan+linaro(a)kernel.org> regulator: core: fix debugfs creation regression Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> net: fix out-of-bounds access in ops_init Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix invalid reads in fence signaled events Jim Cromie <jim.cromie(a)gmail.com> dyndbg: fix old BUG_ON in >control parser Paolo Abeni <pabeni(a)redhat.com> tipc: fix UAF in error path Chris Wulff <Chris.Wulff(a)biamp.com> usb: gadget: f_fs: Fix a race condition when processing setup packets. Peter Korsgaard <peter(a)korsgaard.com> usb: gadget: composite: fix OS descriptors w_value logic Thanassis Avgerinos <thanassis.avgerinos(a)gmail.com> firewire: nosy: ensure user_length is taken into account when fetching packet contents Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flower Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() Eric Dumazet <edumazet(a)google.com> ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() Felix Fietkau <nbd(a)nbd.name> net: bridge: fix corrupted ethernet header on multicast-to-unicast Eric Dumazet <edumazet(a)google.com> phonet: fix rtm_phonet_notify() skb allocation Roded Zats <rzats(a)paloaltonetworks.com> rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Eric Dumazet <edumazet(a)google.com> tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets Paul Davey <paul.davey(a)alliedtelesis.co.nz> xfrm: Preserve vlan tags for transport mode software GRO Neil Armstrong <narmstrong(a)baylibre.com> ASoC: meson: axg-tdm-interface: Fix formatters in trigger" Neil Armstrong <narmstrong(a)baylibre.com> ASoC: meson: axg-card: Fix nonatomic links Hsin-Yi Wang <hsinyi(a)chromium.org> pinctrl: mediatek: Fix fallback call path Vanillan Wang <vanillanwang(a)163.com> net:usb:qmi_wwan: support Rolling modules Joakim Sindholt <opensource(a)zhasha.com> fs/9p: drop inodes immediately on non-.L too Stephen Boyd <sboyd(a)kernel.org> clk: Don't hold prepare_lock when calling kref_put() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: crystalcove: Use -ENOTSUPP consistently Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: wcove: Use -ENOTSUPP consistently Jeff Layton <jlayton(a)kernel.org> 9p: explicitly deny setlease attempts Joakim Sindholt <opensource(a)zhasha.com> fs/9p: translate O_TRUNC into OTRUNC Joakim Sindholt <opensource(a)zhasha.com> fs/9p: only translate RWX permissions for plain 9P2000 John Stultz <jstultz(a)google.com> selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: scall: Save thread_info.syscall unconditionally on entry Thierry Reding <treding(a)nvidia.com> gpu: host1x: Do not setup DMA for virtual devices Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix SELinux error when systemd-modules loads the target module Boris Burkov <boris(a)bur.io> btrfs: always clear PERTRANS metadata during commit Boris Burkov <boris(a)bur.io> btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve Peng Liu <liupeng17(a)lenovo.com> tools/power turbostat: Fix Bzy_MHz documentation typo Doug Smythies <dsmythies(a)telus.net> tools/power turbostat: Fix added raw MSR output Adam Goldman <adamg(a)pobox.com> firewire: ohci: mask bus reset interrupts between ISR and bottom half Chen Ni <nichen(a)iscas.ac.cn> ata: sata_gemini: Check clk_enable() result Phil Elwell <phil(a)raspberrypi.com> net: bcmgenet: Reset RBUF on first open Takashi Iwai <tiwai(a)suse.de> ALSA: line6: Zero-initialize message buffers Saurav Kashyap <skashyap(a)marvell.com> scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload linke li <lilinke99(a)qq.com> net: mark racy access on sk->sk_rcvbuf Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> wifi: cfg80211: fix rdev_dump_mpp() arguments order Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc Andrew Price <anprice(a)redhat.com> gfs2: Fix invalid metadata access in punch_hole Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic Jernej Skrabec <jernej.skrabec(a)gmail.com> clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change Xin Long <lucien.xin(a)gmail.com> tipc: fix a possible memleak in tipc_buf_append Felix Fietkau <nbd(a)nbd.name> net: bridge: fix multicast-to-unicast with fraglist GSO Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 Andrew Lunn <andrew(a)lunn.ch> net: dsa: mv88e6xxx: Add number of MACs in the ATU Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-tdm-interface: manage formatters in trigger Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-card: make links nonatomic Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flow_spec David Bauer <mail(a)david-bauer.net> net l2tp: drop flow hash on forward Kuniyuki Iwashima <kuniyu(a)amazon.com> nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). Bui Quang Minh <minhquangbui99(a)gmail.com> bna: ensure the copied buf is NUL terminated Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix clearing storage keys for huge pages Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix storage key clearing for guest huge pages Zeng Heng <zengheng4(a)huawei.com> pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() Arnd Bergmann <arnd(a)arndb.de> power: rt9455: hide unused rt9455_boost_voltage_values Kuniyuki Iwashima <kuniyu(a)amazon.com> nfs: Handle error of rpc_proc_register() in nfs_net_init(). Josef Bacik <josef(a)toxicpanda.com> nfs: make the rpc_stat per net namespace Josef Bacik <josef(a)toxicpanda.com> nfs: expose /proc/net/sunrpc/nfs in net namespaces Josef Bacik <josef(a)toxicpanda.com> sunrpc: add a struct rpc_stats arg to rpc_create_args Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Rework mtk_pinconf_{get,set} switch/case logic Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Fix PIN_CONFIG_BIAS_* readback Light Hsieh <light.hsieh(a)mediatek.com> pinctrl: mediatek: remove shadow variable declaration Light Hsieh <light.hsieh(a)mediatek.com> pinctrl: mediatek: Backward compatible to previous Mediatek's bias-pull usage Light Hsieh <light.hsieh(a)mediatek.com> pinctrl: mediatek: Refine mtk_pinconf_get() Light Hsieh <light.hsieh(a)mediatek.com> pinctrl: mediatek: Refine mtk_pinconf_get() and mtk_pinconf_set() Light Hsieh <light.hsieh(a)mediatek.com> pinctrl: mediatek: Supporting driving setting without mapping current to register value Light Hsieh <light.hsieh(a)mediatek.com> pinctrl: mediatek: Check gpio pin number and use binary search in mtk_hw_pin_field_lookup() Dan Carpenter <dan.carpenter(a)linaro.org> pinctrl: core: delete incorrect free in pinctrl_enable() Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: don't free NULL coalescing rule Vinod Koul <vkoul(a)kernel.org> dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state" Bumyong Lee <bumyong.lee(a)samsung.com> dmaengine: pl330: issue_pending waits until WFP state ------------- Diffstat: Makefile | 4 +- arch/mips/include/asm/ptrace.h | 2 +- arch/mips/kernel/asm-offsets.c | 1 + arch/mips/kernel/ptrace.c | 15 +- arch/mips/kernel/scall32-o32.S | 23 +- arch/mips/kernel/scall64-n32.S | 3 +- arch/mips/kernel/scall64-n64.S | 3 +- arch/mips/kernel/scall64-o32.S | 33 +-- arch/s390/mm/gmap.c | 2 +- arch/s390/mm/hugetlbpage.c | 2 +- drivers/ata/sata_gemini.c | 5 +- drivers/clk/clk.c | 12 +- drivers/clk/sunxi-ng/ccu-sun50i-h6.c | 19 +- drivers/firewire/nosy.c | 6 +- drivers/firewire/ohci.c | 6 +- drivers/gpio/gpio-crystalcove.c | 2 +- drivers/gpio/gpio-wcove.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 +- drivers/gpu/host1x/bus.c | 8 - drivers/net/dsa/mv88e6xxx/chip.c | 29 ++- drivers/net/dsa/mv88e6xxx/chip.h | 6 + drivers/net/ethernet/broadcom/genet/bcmgenet.c | 16 +- drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 4 +- drivers/net/ethernet/qlogic/qede/qede_filter.c | 15 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/pinctrl/core.c | 8 +- drivers/pinctrl/devicetree.c | 10 +- drivers/pinctrl/mediatek/pinctrl-mt6765.c | 11 +- drivers/pinctrl/mediatek/pinctrl-mt8183.c | 7 +- drivers/pinctrl/mediatek/pinctrl-mtk-common-v2.c | 268 ++++++++++++++++++++- drivers/pinctrl/mediatek/pinctrl-mtk-common-v2.h | 16 ++ drivers/pinctrl/mediatek/pinctrl-paris.c | 281 +++++++++-------------- drivers/power/supply/rt9455_charger.c | 2 + drivers/regulator/core.c | 27 ++- drivers/scsi/bnx2fc/bnx2fc_tgt.c | 2 - drivers/scsi/lpfc/lpfc.h | 1 - drivers/scsi/lpfc/lpfc_scsi.c | 13 +- drivers/target/target_core_configfs.c | 12 + drivers/usb/gadget/composite.c | 6 +- drivers/usb/gadget/function/f_fs.c | 2 +- fs/9p/vfs_file.c | 2 + fs/9p/vfs_inode.c | 5 +- fs/9p/vfs_super.c | 1 + fs/btrfs/inode.c | 2 +- fs/btrfs/transaction.c | 2 +- fs/gfs2/bmap.c | 5 +- fs/nfs/client.c | 5 +- fs/nfs/inode.c | 13 +- fs/nfs/internal.h | 2 - fs/nfs/netns.h | 2 + include/linux/skbuff.h | 15 ++ include/linux/sunrpc/clnt.h | 1 + include/net/xfrm.h | 3 + lib/dynamic_debug.c | 6 +- net/bluetooth/l2cap_core.c | 3 + net/bluetooth/sco.c | 4 + net/bridge/br_forward.c | 9 +- net/core/net_namespace.c | 13 +- net/core/rtnetlink.c | 2 +- net/core/sock.c | 4 +- net/ipv4/tcp.c | 4 +- net/ipv4/tcp_input.c | 2 + net/ipv4/tcp_ipv4.c | 8 +- net/ipv4/tcp_output.c | 4 +- net/ipv4/xfrm4_input.c | 6 +- net/ipv6/fib6_rules.c | 6 +- net/ipv6/xfrm6_input.c | 6 +- net/l2tp/l2tp_eth.c | 3 + net/mac80211/ieee80211_i.h | 4 +- net/nsh/nsh.c | 14 +- net/phonet/pn_netlink.c | 2 +- net/sunrpc/clnt.c | 5 +- net/tipc/msg.c | 8 +- net/wireless/nl80211.c | 2 + net/wireless/trace.h | 2 +- net/xfrm/xfrm_input.c | 8 + sound/usb/line6/driver.c | 6 +- tools/power/x86/turbostat/turbostat.8 | 2 +- tools/power/x86/turbostat/turbostat.c | 7 +- tools/testing/selftests/timers/valid-adjtimex.c | 73 +++--- 80 files changed, 763 insertions(+), 395 deletions(-)

1 year, 4 months

7
90
0 0

[PATCH 5.15 000/168] 5.15.159-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.159 release. There are 168 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 17 May 2024 08:23:27 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.159-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.159-rc2 Li Nan <linan122(a)huawei.com> md: fix kmemleak of rdev->serial Silvio Gissi <sifonsec(a)amazon.com> keys: Fix overwrite of key expiration on instantiation Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix firmware check error path Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix NVM configuration parsing Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: add missing firmware sanity checks Johan Hovold <johan+linaro(a)kernel.org> regulator: core: fix debugfs creation regression Lakshmi Yadlapati <lakshmiy(a)us.ibm.com> hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> net: fix out-of-bounds access in ops_init Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix invalid reads in fence signaled events Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add lunar lake point M DID Viken Dadhaniya <quic_vdadhani(a)quicinc.com> slimbus: qcom-ngd-ctrl: Add timeout for wait operation Jim Cromie <jim.cromie(a)gmail.com> dyndbg: fix old BUG_ON in >control parser Joao Paulo Goncalves <joao.goncalves(a)toradex.com> ASoC: ti: davinci-mcasp: Fix race condition during probe Sameer Pujar <spujar(a)nvidia.com> ASoC: tegra: Fix DSPK 16-bit playback Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() Paolo Abeni <pabeni(a)redhat.com> tipc: fix UAF in error path Hans de Goede <hdegoede(a)redhat.com> iio: accel: mxc4005: Interrupt handling fixes Ramona Gradinariu <ramona.bolboaca13(a)gmail.com> iio:imu: adis16475: Fix sync mode setting Javier Carrasco <javier.carrasco.cruz(a)gmail.com> dt-bindings: iio: health: maxim,max30102: fix compatible check Paolo Abeni <pabeni(a)redhat.com> mptcp: ensure snd_nxt is properly initialized on connect Dominique Martinet <dominique.martinet(a)atmark-techno.com> btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() Aman Dhoot <amandhoot12(a)gmail.com> ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: core: Prevent phy suspend during init Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: xhci-plat: Don't include xhci.h Chris Wulff <Chris.Wulff(a)biamp.com> usb: gadget: f_fs: Fix a race condition when processing setup packets. Peter Korsgaard <peter(a)korsgaard.com> usb: gadget: composite: fix OS descriptors w_value logic Guenter Roeck <linux(a)roeck-us.net> usb: ohci: Prevent missed ohci interrupts Alan Stern <stern(a)rowland.harvard.edu> usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Fix connector check on init Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Check for notifications after init Rob Herring <robh(a)kernel.org> arm64: dts: qcom: Fix 'interrupt-map' parent address cells Linus Torvalds <torvalds(a)linux-foundation.org> Reapply "drm/qxl: simplify qxl_fence_wait" Thanassis Avgerinos <thanassis.avgerinos(a)gmail.com> firewire: nosy: ensure user_length is taken into account when fetching packet contents Dmitry Antipov <dmantipov(a)yandex.ru> btrfs: fix kvcalloc() arguments order in btrfs_ioctl_send() Vanshidhar Konda <vanshikonda(a)os.amperecomputing.com> ACPI: CPPC: Fix access width used for PCC registers Jarred White <jarredwhite(a)linux.microsoft.com> ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro Easwar Hariharan <eahariha(a)linux.microsoft.com> Revert "Revert "ACPI: CPPC: Use access_width over bit_width for system memory accesses"" Gabe Teeger <gabe.teeger(a)amd.com> drm/amd/display: Atom Integrated System Info v2_2 for DCN35 Douglas Anderson <dianders(a)chromium.org> drm/connector: Add \n to message about demoting connector force-probes Jerome Brunet <jbrunet(a)baylibre.com> drm/meson: dw-hdmi: add bandgap setting for g12 Jerome Brunet <jbrunet(a)baylibre.com> drm/meson: dw-hdmi: power up phy on device init Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix port vlan filter not disabled issue Jian Shen <shenjian15(a)huawei.com> net: hns3: split function hclge_init_vlan_config() Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: use appropriate barrier function after setting a bit value Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: change type of numa_node_mask as nodemask_t Jie Wang <wangjie125(a)huawei.com> net: hns3: refactor hclge_cmd_send with new hclge_comm_cmd_send API Jie Wang <wangjie125(a)huawei.com> net: hns3: create new set of unified hclge_comm_cmd_send APIs Jie Wang <wangjie125(a)huawei.com> net: hns3: create new cmdq hardware description structure hclge_comm_hw Jie Wang <wangjie125(a)huawei.com> net: hns3: refactor hns3 makefile to support hns3_common module Jian Shen <shenjian15(a)huawei.com> net: hns3: direct return when receive a unknown mailbox message Hao Lan <lanhao(a)huawei.com> net: hns3: refactor function hclge_mbx_handler() Guangbin Huang <huangguangbin2(a)huawei.com> net: hns3: add query vf ring and vector map relation Yufeng Mo <moyufeng(a)huawei.com> net: hns3: add log for workqueue scheduled late Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: using user configure after hardware reset Guangbin Huang <huangguangbin2(a)huawei.com> net: hns3: PF support get unicast MAC address space assigned by firmware Eric Dumazet <edumazet(a)google.com> ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() Felix Fietkau <nbd(a)nbd.name> net: bridge: fix corrupted ethernet header on multicast-to-unicast Eric Dumazet <edumazet(a)google.com> phonet: fix rtm_phonet_notify() skb allocation Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use a separate buffer for sending commands Roded Zats <rzats(a)paloaltonetworks.com> rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Eric Dumazet <edumazet(a)google.com> tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets Boy.Wu <boy.wu(a)mediatek.com> ARM: 9381/1: kasan: clear stale stack poison Paul Davey <paul.davey(a)alliedtelesis.co.nz> xfrm: Preserve vlan tags for transport mode software GRO Al Viro <viro(a)zeniv.linux.org.uk> qibfs: fix dentry leak John Fastabend <john.fastabend(a)gmail.com> bpf, sockmap: Improved check for empty queue John Fastabend <john.fastabend(a)gmail.com> bpf, sockmap: Reschedule is now done through backlog John Fastabend <john.fastabend(a)gmail.com> bpf, sockmap: Convert schedule_work into delayed_work John Fastabend <john.fastabend(a)gmail.com> bpf, sockmap: Handle fin correctly John Fastabend <john.fastabend(a)gmail.com> bpf, sockmap: TCP data stall on recv before accept Vanillan Wang <vanillanwang(a)163.com> net:usb:qmi_wwan: support Rolling modules Lyude Paul <lyude(a)redhat.com> drm/nouveau/dp: Don't probe eDP ports twice harder Joakim Sindholt <opensource(a)zhasha.com> fs/9p: drop inodes immediately on non-.L too Stephen Boyd <sboyd(a)kernel.org> clk: Don't hold prepare_lock when calling kref_put() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: crystalcove: Use -ENOTSUPP consistently Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: wcove: Use -ENOTSUPP consistently Jeff Layton <jlayton(a)kernel.org> 9p: explicitly deny setlease attempts Joakim Sindholt <opensource(a)zhasha.com> fs/9p: translate O_TRUNC into OTRUNC Joakim Sindholt <opensource(a)zhasha.com> fs/9p: only translate RWX permissions for plain 9P2000 Krzysztof Kozlowski <krzk(a)kernel.org> iommu: mtk: fix module autoloading John Stultz <jstultz(a)google.com> selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: scall: Save thread_info.syscall unconditionally on entry Thierry Reding <treding(a)nvidia.com> gpu: host1x: Do not setup DMA for virtual devices Rik van Riel <riel(a)surriel.com> blk-iocost: avoid out of bounds shift Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix SELinux error when systemd-modules loads the target module Boris Burkov <boris(a)bur.io> btrfs: always clear PERTRANS metadata during commit Boris Burkov <boris(a)bur.io> btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve Peng Liu <liupeng17(a)lenovo.com> tools/power turbostat: Fix Bzy_MHz documentation typo Doug Smythies <dsmythies(a)telus.net> tools/power turbostat: Fix added raw MSR output Adam Goldman <adamg(a)pobox.com> firewire: ohci: mask bus reset interrupts between ISR and bottom half Chen Ni <nichen(a)iscas.ac.cn> ata: sata_gemini: Check clk_enable() result Phil Elwell <phil(a)raspberrypi.com> net: bcmgenet: Reset RBUF on first open Takashi Iwai <tiwai(a)suse.de> ALSA: line6: Zero-initialize message buffers Borislav Petkov (AMD) <bp(a)alien8.de> kbuild: Disable KCSAN for autogenerated *.mod.c intermediaries Anand Jain <anand.jain(a)oracle.com> btrfs: return accurate error code on open failure in open_fs_devices() Saurav Kashyap <skashyap(a)marvell.com> scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload linke li <lilinke99(a)qq.com> net: mark racy access on sk->sk_rcvbuf Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> wifi: cfg80211: fix rdev_dump_mpp() arguments order Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc Andrew Price <anprice(a)redhat.com> gfs2: Fix invalid metadata access in punch_hole Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Move NPIV's transport unregistration to after resource clean up Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() Marc Zyngier <maz(a)kernel.org> KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id Jernej Skrabec <jernej.skrabec(a)gmail.com> clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change Richard Gobert <richardbgobert(a)gmail.com> net: gro: add flush check in udp_gro_receive_segment Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Use predefined error codes Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Respect deferred probe Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: Fix kernel panic after setting hsuid Julian Wiedmann <jwi(a)linux.ibm.com> s390/qeth: don't keep track of Input Queue count Xin Long <lucien.xin(a)gmail.com> tipc: fix a possible memleak in tipc_buf_append Felix Fietkau <nbd(a)nbd.name> net: core: reject skb_copy(_expand) for fraglist GSO skbs Felix Fietkau <nbd(a)nbd.name> net: bridge: fix multicast-to-unicast with fraglist GSO Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> cxgb4: Properly lock TX queue for the selftest. Bui Quang Minh <minhquangbui99(a)gmail.com> s390/cio: Ensure the copied buf is NUL terminated Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: cards: select SND_DYNAMIC_MINORS Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-tdm-interface: manage formatters in trigger Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-card: make links nonatomic Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-fifo: use threaded irq to check periods Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-fifo: use FIELD helpers Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_actions() Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flow_spec Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flower Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() Jens Remus <jremus(a)linux.ibm.com> s390/vdso: Add CFI for RA register to asm macro vdso_func David Bauer <mail(a)david-bauer.net> net l2tp: drop flow hash on forward Kuniyuki Iwashima <kuniyu(a)amazon.com> nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). Bui Quang Minh <minhquangbui99(a)gmail.com> octeontx2-af: avoid off-by-one read from userspace Bui Quang Minh <minhquangbui99(a)gmail.com> bna: ensure the copied buf is NUL terminated Toke Høiland-Jørgensen <toke(a)redhat.com> xdp: use flags field to disambiguate broadcast redirect Toke Høiland-Jørgensen <toke(a)redhat.com> xdp: Add xdp_do_redirect_frame() for pre-computed xdp_frames Toke Høiland-Jørgensen <toke(a)redhat.com> xdp: Move conversion to xdp_frame out of map functions Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix clearing storage keys for huge pages Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix storage key clearing for guest huge pages Devyn Liu <liudingyuan(a)huawei.com> spi: hisi-kunpeng: Delete the dump interface of data registers in debugfs Anton Protopopov <aspsk(a)isovalent.com> bpf: Fix a verifier verbose message Jason Xing <kernelxing(a)tencent.com> bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Andrii Nakryiko <andrii(a)kernel.org> bpf, kconfig: Fix DEBUG_INFO_BTF_MODULES Kconfig definition AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> regulator: mt6360: De-capitalize devicetree regulator subnodes Zeng Heng <zengheng4(a)huawei.com> pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> power: supply: mt6360_charger: Fix of_match for usb-otg-vbus regulator Arnd Bergmann <arnd(a)arndb.de> power: rt9455: hide unused rt9455_boost_voltage_values Kuniyuki Iwashima <kuniyu(a)amazon.com> nfs: Handle error of rpc_proc_register() in nfs_net_init(). Josef Bacik <josef(a)toxicpanda.com> nfs: make the rpc_stat per net namespace Josef Bacik <josef(a)toxicpanda.com> nfs: expose /proc/net/sunrpc/nfs in net namespaces Josef Bacik <josef(a)toxicpanda.com> sunrpc: add a struct rpc_stats arg to rpc_create_args Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Rework mtk_pinconf_{get,set} switch/case logic Dan Carpenter <dan.carpenter(a)linaro.org> pinctrl: core: delete incorrect free in pinctrl_enable() Jan Dakinevich <jan.dakinevich(a)salutedevices.com> pinctrl/meson: fix typo in PDM's pin name Billy Tsai <billy_tsai(a)aspeedtech.com> pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T Daniel Okazaki <dtokazaki(a)google.com> eeprom: at24: fix memory corruption race condition Heiner Kallweit <hkallweit1(a)gmail.com> eeprom: at24: Probe for DDR3 thermal sensor in the SPD case Alexander Stein <alexander.stein(a)ew.tq-group.com> eeprom: at24: Use dev_err_probe for nvmem register failure Marios Makassikis <mmakassikis(a)freebox.fr> ksmbd: clear RENAME_NOREPLACE before calling vfs_rename Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: validate request buffer size in smb2_allocate_rsp_buf() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: don't free NULL coalescing rule Vinod Koul <vkoul(a)kernel.org> dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state" Bumyong Lee <bumyong.lee(a)samsung.com> dmaengine: pl330: issue_pending waits until WFP state ------------- Diffstat: .../bindings/iio/health/maxim,max30102.yaml | 2 +- Makefile | 4 +- arch/arm/kernel/sleep.S | 4 + arch/arm64/boot/dts/qcom/msm8998.dtsi | 8 +- arch/arm64/boot/dts/qcom/sdm845.dtsi | 16 +- arch/arm64/kvm/vgic/vgic-kvm-device.c | 12 +- arch/mips/include/asm/ptrace.h | 2 +- arch/mips/kernel/asm-offsets.c | 1 + arch/mips/kernel/ptrace.c | 15 +- arch/mips/kernel/scall32-o32.S | 23 +- arch/mips/kernel/scall64-n32.S | 3 +- arch/mips/kernel/scall64-n64.S | 3 +- arch/mips/kernel/scall64-o32.S | 33 +- arch/s390/include/asm/dwarf.h | 1 + arch/s390/kernel/vdso64/vdso_user_wrapper.S | 2 + arch/s390/mm/gmap.c | 2 +- arch/s390/mm/hugetlbpage.c | 2 +- block/blk-iocost.c | 7 +- drivers/acpi/cppc_acpi.c | 67 ++- drivers/ata/sata_gemini.c | 5 +- drivers/bluetooth/btqca.c | 62 ++- drivers/clk/clk.c | 12 +- drivers/clk/sunxi-ng/ccu-sun50i-h6.c | 19 +- drivers/firewire/nosy.c | 6 +- drivers/firewire/ohci.c | 6 +- drivers/gpio/gpio-crystalcove.c | 2 +- drivers/gpio/gpio-wcove.c | 2 +- drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 1 + drivers/gpu/drm/drm_connector.c | 2 +- drivers/gpu/drm/meson/meson_dw_hdmi.c | 70 ++- drivers/gpu/drm/nouveau/nouveau_dp.c | 13 +- drivers/gpu/drm/panel/panel-ilitek-ili9341.c | 8 +- drivers/gpu/drm/qxl/qxl_release.c | 50 +-- drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 +- drivers/gpu/host1x/bus.c | 8 - drivers/hwmon/corsair-cpro.c | 43 +- drivers/hwmon/pmbus/ucd9000.c | 6 +- drivers/iio/accel/mxc4005.c | 24 +- drivers/iio/imu/adis16475.c | 4 +- drivers/infiniband/hw/qib/qib_fs.c | 1 + drivers/iommu/mtk_iommu.c | 1 + drivers/iommu/mtk_iommu_v1.c | 1 + drivers/md/md.c | 1 + drivers/misc/eeprom/at24.c | 46 +- drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/net/dsa/mv88e6xxx/chip.c | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 20 +- drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 4 +- drivers/net/ethernet/chelsio/cxgb4/sge.c | 6 +- drivers/net/ethernet/hisilicon/hns3/Makefile | 18 +- drivers/net/ethernet/hisilicon/hns3/hclge_mbx.h | 15 + drivers/net/ethernet/hisilicon/hns3/hnae3.h | 3 +- .../hisilicon/hns3/hns3_common/hclge_comm_cmd.c | 259 +++++++++++ .../hisilicon/hns3/hns3_common/hclge_comm_cmd.h | 121 +++++ drivers/net/ethernet/hisilicon/hns3/hns3_debugfs.c | 2 + .../net/ethernet/hisilicon/hns3/hns3pf/Makefile | 12 - .../net/ethernet/hisilicon/hns3/hns3pf/hclge_cmd.c | 311 ++----------- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_cmd.h | 85 +--- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 221 +++++---- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.h | 17 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 494 +++++++++++++++------ .../ethernet/hisilicon/hns3/hns3pf/hclge_mdio.c | 4 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 2 +- .../net/ethernet/hisilicon/hns3/hns3vf/Makefile | 10 - .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 10 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 2 +- .../ethernet/marvell/octeontx2/af/rvu_debugfs.c | 4 +- drivers/net/ethernet/qlogic/qede/qede_filter.c | 14 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/pinctrl/aspeed/pinctrl-aspeed-g6.c | 34 +- drivers/pinctrl/core.c | 8 +- drivers/pinctrl/devicetree.c | 10 +- drivers/pinctrl/mediatek/pinctrl-paris.c | 180 +++----- drivers/pinctrl/meson/pinctrl-meson-a1.c | 6 +- drivers/power/supply/mt6360_charger.c | 2 +- drivers/power/supply/rt9455_charger.c | 2 + drivers/regulator/core.c | 27 +- drivers/regulator/mt6360-regulator.c | 32 +- drivers/s390/cio/cio_inject.c | 2 +- drivers/s390/net/qeth_core.h | 1 - drivers/s390/net/qeth_core_main.c | 78 ++-- drivers/scsi/bnx2fc/bnx2fc_tgt.c | 2 - drivers/scsi/lpfc/lpfc.h | 1 - drivers/scsi/lpfc/lpfc_nvme.c | 4 +- drivers/scsi/lpfc/lpfc_scsi.c | 13 +- drivers/scsi/lpfc/lpfc_vport.c | 8 +- drivers/slimbus/qcom-ngd-ctrl.c | 6 +- drivers/spi/spi-hisi-kunpeng.c | 2 - drivers/target/target_core_configfs.c | 12 + drivers/usb/core/hub.c | 5 +- drivers/usb/dwc3/core.c | 90 ++-- drivers/usb/dwc3/core.h | 1 + drivers/usb/dwc3/gadget.c | 2 + drivers/usb/dwc3/host.c | 27 ++ drivers/usb/gadget/composite.c | 6 +- drivers/usb/gadget/function/f_fs.c | 2 +- drivers/usb/host/ohci-hcd.c | 8 + drivers/usb/host/xhci-plat.h | 4 +- drivers/usb/typec/ucsi/ucsi.c | 12 +- fs/9p/vfs_file.c | 2 + fs/9p/vfs_inode.c | 5 +- fs/9p/vfs_super.c | 1 + fs/btrfs/inode.c | 2 +- fs/btrfs/send.c | 4 +- fs/btrfs/transaction.c | 2 +- fs/btrfs/volumes.c | 18 +- fs/gfs2/bmap.c | 5 +- fs/ksmbd/server.c | 13 +- fs/ksmbd/smb2pdu.c | 4 + fs/ksmbd/vfs.c | 5 + fs/nfs/client.c | 5 +- fs/nfs/inode.c | 13 +- fs/nfs/internal.h | 2 - fs/nfs/netns.h | 2 + include/linux/bpf.h | 20 +- include/linux/dma-fence.h | 7 - include/linux/filter.h | 4 + include/linux/skbuff.h | 15 + include/linux/skmsg.h | 5 +- include/linux/sunrpc/clnt.h | 1 + include/net/xfrm.h | 3 + kernel/bpf/cpumap.c | 8 +- kernel/bpf/devmap.c | 32 +- kernel/bpf/verifier.c | 3 +- lib/Kconfig.debug | 5 +- lib/dynamic_debug.c | 6 +- net/bluetooth/l2cap_core.c | 3 + net/bluetooth/sco.c | 4 + net/bridge/br_forward.c | 9 +- net/core/filter.c | 117 ++++- net/core/net_namespace.c | 13 +- net/core/rtnetlink.c | 2 +- net/core/skbuff.c | 27 +- net/core/skmsg.c | 53 +-- net/core/sock.c | 4 +- net/core/sock_map.c | 3 +- net/ipv4/tcp.c | 4 +- net/ipv4/tcp_bpf.c | 51 +++ net/ipv4/tcp_input.c | 2 + net/ipv4/tcp_ipv4.c | 8 +- net/ipv4/tcp_output.c | 4 +- net/ipv4/udp_offload.c | 12 +- net/ipv4/xfrm4_input.c | 6 +- net/ipv6/fib6_rules.c | 6 +- net/ipv6/xfrm6_input.c | 6 +- net/l2tp/l2tp_eth.c | 3 + net/mac80211/ieee80211_i.h | 4 +- net/mptcp/protocol.c | 3 + net/nsh/nsh.c | 14 +- net/phonet/pn_netlink.c | 2 +- net/sunrpc/clnt.c | 5 +- net/tipc/msg.c | 8 +- net/wireless/nl80211.c | 2 + net/wireless/trace.h | 2 +- net/xfrm/xfrm_input.c | 8 + scripts/Makefile.modfinal | 2 +- security/keys/key.c | 3 +- sound/hda/intel-sdw-acpi.c | 2 + sound/pci/hda/patch_realtek.c | 1 + sound/soc/meson/Kconfig | 1 + sound/soc/meson/axg-card.c | 1 + sound/soc/meson/axg-fifo.c | 56 ++- sound/soc/meson/axg-fifo.h | 12 +- sound/soc/meson/axg-frddr.c | 5 +- sound/soc/meson/axg-tdm-interface.c | 26 +- sound/soc/meson/axg-toddr.c | 22 +- sound/soc/tegra/tegra186_dspk.c | 7 +- sound/soc/ti/davinci-mcasp.c | 12 +- sound/usb/line6/driver.c | 6 +- tools/power/x86/turbostat/turbostat.8 | 2 +- tools/power/x86/turbostat/turbostat.c | 7 +- tools/testing/selftests/timers/valid-adjtimex.c | 73 ++- 173 files changed, 2224 insertions(+), 1423 deletions(-)

1 year, 4 months

9
8
0 0

[PATCH 17/24] drm/amd/display: Remove redundant idle optimization check

by Roman.Li＠amd.com

From: Roman Li <roman.li(a)amd.com> [Why] Disable idle optimization for each atomic commit is unnecessary, and can lead to a potential race condition. [How] Remove idle optimization check from amdgpu_dm_atomic_commit_tail() Fixes: 196107eb1e15 ("drm/amd/display: Add IPS checks before dcn register access") Cc: stable(a)vger.kernel.org Reviewed-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Acked-by: Roman Li <roman.li(a)amd.com> Signed-off-by: Roman Li <roman.li(a)amd.com> --- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index 53dc4c75fb75..328db84e3d44 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -9395,9 +9395,6 @@ static void amdgpu_dm_atomic_commit_tail(struct drm_atomic_state *state) trace_amdgpu_dm_atomic_commit_tail_begin(state); - if (dm->dc->caps.ips_support && dm->dc->idle_optimizations_allowed) - dc_allow_idle_optimizations(dm->dc, false); - drm_atomic_helper_update_legacy_modeset_state(dev, state); drm_dp_mst_atomic_wait_for_dependencies(state); -- 2.34.1

1 year, 4 months

1
0
0 0

[PATCH] x86/efistub: Omit physical KASLR when memory reservations exist

by Ard Biesheuvel

From: Ard Biesheuvel <ardb(a)kernel.org> The legacy decompressor has elaborate logic to ensure that the randomized physical placement of the decompressed kernel image does not conflict with any memory reservations, including ones specified on the command line using mem=, memmap=, efi_fake_mem= or hugepages=, which are taken into account by the kernel proper at a later stage. When booting in EFI mode, it is the firmware's job to ensure that the chosen range does not conflict with any memory reservations that it knows about, and this is trivially achieved by using the firmware's memory allocation APIs. That leaves reservations specified on the command line, though, which the firmware knows nothing about, as these regions have no other special significance to the platform. Since commit a1b87d54f4e4 ("x86/efistub: Avoid legacy decompressor when doing EFI boot") these reservations are not taken into account when randomizing the physical placement, which may result in conflicts where the memory cannot be reserved by the kernel proper because its own executable image resides there. To avoid having to duplicate or reuse the existing complicated logic, disable physical KASLR entirely when such overrides are specified. These are mostly diagnostic tools or niche features, and physical KASLR (as opposed to virtual KASLR, which is much more important as it affects the memory addresses observed by code executing in the kernel) is something we can live without. Closes: https://lkml.kernel.org/r/FA5F6719-8824-4B04-803E-82990E65E627%40akamai.com Reported-by: Ben Chaney <bchaney(a)akamai.com> Fixes: a1b87d54f4e4 ("x86/efistub: Avoid legacy decompressor when doing EFI boot") Cc: <stable(a)vger.kernel.org> # v6.1+ Signed-off-by: Ard Biesheuvel <ardb(a)kernel.org> --- drivers/firmware/efi/libstub/x86-stub.c | 28 +++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c index d5a8182cf2e1..1983fd3bf392 100644 --- a/drivers/firmware/efi/libstub/x86-stub.c +++ b/drivers/firmware/efi/libstub/x86-stub.c @@ -776,6 +776,26 @@ static void error(char *str) efi_warn("Decompression failed: %s\n", str); } +static const char *cmdline_memmap_override; + +static efi_status_t parse_options(const char *cmdline) +{ + static const char opts[][14] = { + "mem=", "memmap=", "efi_fake_mem=", "hugepages=" + }; + + for (int i = 0; i < ARRAY_SIZE(opts); i++) { + const char *p = strstr(cmdline, opts[i]); + + if (p == cmdline || (p > cmdline && isspace(p[-1]))) { + cmdline_memmap_override = opts[i]; + break; + } + } + + return efi_parse_options(cmdline); +} + static efi_status_t efi_decompress_kernel(unsigned long *kernel_entry) { unsigned long virt_addr = LOAD_PHYSICAL_ADDR; @@ -807,6 +827,10 @@ static efi_status_t efi_decompress_kernel(unsigned long *kernel_entry) !memcmp(efistub_fw_vendor(), ami, sizeof(ami))) { efi_debug("AMI firmware v2.0 or older detected - disabling physical KASLR\n"); seed[0] = 0; + } else if (cmdline_memmap_override) { + efi_info("%s detected on the kernel command line - disabling physical KASLR\n", + cmdline_memmap_override); + seed[0] = 0; } boot_params_ptr->hdr.loadflags |= KASLR_FLAG; @@ -883,7 +907,7 @@ void __noreturn efi_stub_entry(efi_handle_t handle, } #ifdef CONFIG_CMDLINE_BOOL - status = efi_parse_options(CONFIG_CMDLINE); + status = parse_options(CONFIG_CMDLINE); if (status != EFI_SUCCESS) { efi_err("Failed to parse options\n"); goto fail; @@ -892,7 +916,7 @@ void __noreturn efi_stub_entry(efi_handle_t handle, if (!IS_ENABLED(CONFIG_CMDLINE_OVERRIDE)) { unsigned long cmdline_paddr = ((u64)hdr->cmd_line_ptr | ((u64)boot_params->ext_cmd_line_ptr << 32)); - status = efi_parse_options((char *)cmdline_paddr); + status = parse_options((char *)cmdline_paddr); if (status != EFI_SUCCESS) { efi_err("Failed to parse options\n"); goto fail; -- 2.45.0.rc1.225.g2a3ae87e7f-goog

1 year, 4 months

4
5
0 0

[PATCH v1 1/2] landlock: Fix d_parent walk

by Mickaël Salaün

The canary in collect_domain_accesses() can be triggered when trying to link a root mount point. This cannot work in practice because this directory is mounted, but the VFS check is done after the call to security_path_link(). Do not use source directory's d_parent when the source directory is the mount point. Add tests to check error codes when renaming or linking a mount root directory. This previously triggered a kernel warning. The linux/mount.h file is not sorted with other headers to ease backport to Linux 6.1 . Cc: Günther Noack <gnoack(a)google.com> Cc: Paul Moore <paul(a)paul-moore.com> Cc: stable(a)vger.kernel.org Reported-by: syzbot+bf4903dc7e12b18ebc87(a)syzkaller.appspotmail.com Fixes: b91c3e4ea756 ("landlock: Add support for file reparenting with LANDLOCK_ACCESS_FS_REFER") Closes: https://lore.kernel.org/r/000000000000553d3f0618198200@google.com Signed-off-by: Mickaël Salaün <mic(a)digikod.net> Link: https://lore.kernel.org/r/20240516181935.1645983-2-mic@digikod.net --- security/landlock/fs.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/security/landlock/fs.c b/security/landlock/fs.c index 22d8b7c28074..7877a64cc6b8 100644 --- a/security/landlock/fs.c +++ b/security/landlock/fs.c @@ -1110,6 +1110,7 @@ static int current_check_refer_path(struct dentry *const old_dentry, bool allow_parent1, allow_parent2; access_mask_t access_request_parent1, access_request_parent2; struct path mnt_dir; + struct dentry *old_parent; layer_mask_t layer_masks_parent1[LANDLOCK_NUM_ACCESS_FS] = {}, layer_masks_parent2[LANDLOCK_NUM_ACCESS_FS] = {}; @@ -1157,9 +1158,17 @@ static int current_check_refer_path(struct dentry *const old_dentry, mnt_dir.mnt = new_dir->mnt; mnt_dir.dentry = new_dir->mnt->mnt_root; + /* + * old_dentry may be the root of the common mount point and + * !IS_ROOT(old_dentry) at the same time (e.g. with open_tree() and + * OPEN_TREE_CLONE). We do not need to call dget(old_parent) because + * we keep a reference to old_dentry. + */ + old_parent = (old_dentry == mnt_dir.dentry) ? old_dentry : + old_dentry->d_parent; + /* new_dir->dentry is equal to new_dentry->d_parent */ - allow_parent1 = collect_domain_accesses(dom, mnt_dir.dentry, - old_dentry->d_parent, + allow_parent1 = collect_domain_accesses(dom, mnt_dir.dentry, old_parent, &layer_masks_parent1); allow_parent2 = collect_domain_accesses( dom, mnt_dir.dentry, new_dir->dentry, &layer_masks_parent2); -- 2.45.0

1 year, 4 months

1
0
0 0

Regression in 6.1.81: Missing memory in pmem device

by Chaney, Ben

Hello, I encountered an issue when upgrading to 6.1.89 from 6.1.77. This upgrade caused a breakage in emulated persistent memory. Significant amounts of memory are missing from a pmem device: fdisk -l /dev/pmem* Disk /dev/pmem0: 355.9 GiB, 382117871616 bytes, 746323968 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes Disk /dev/pmem1: 25.38 GiB, 27246198784 bytes, 53215232 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes The memmap parameter that created these pmem devices is “memmap=364416M!28672M,367488M!419840M”, which should cause a much larger amount of memory to be allocated to /dev/pmem1. The amount of missing memory and the device it is missing from is randomized on each reboot. There is some amount of memory missing in almost all cases, but not 100% of the time. Notably, the memory that is missing from these devices is not reclaimed by the system for general use. This system in question has 768GB of memory split evenly across two NUMA nodes. When the error occurs, there are also the following error messages showing up in dmesg: [ 5.318317] nd_pmem namespace1.0: [mem 0x5c2042c000-0x5ff7ffffff flags 0x200] misaligned, unable to map [ 5.335073] nd_pmem: probe of namespace1.0 failed with error -95 Bisection implicates 2dfaeac3f38e4e550d215204eedd97a061fdc118 as the patch that first caused the issue. I believe the cause of the issue is that the EFI stub is randomizing the location of the decompressed kernel without accounting for the memory map, and it is clobbering some of the memory that has been reserved for pmem. Thank you, Ben Chaney

1 year, 4 months

3
4
0 0

[PATCH] net: mana: Fix the extra HZ in mana_hwc_send_request

by Souradeep Chakrabarti

Commit 62c1bff593b7 added an extra HZ along with msecs_to_jiffies. This patch fixes that. Cc: stable(a)vger.kernel.org Fixes: 62c1bff593b7 ("net: mana: Configure hwc timeout from hardware") Signed-off-by: Souradeep Chakrabarti <schakrabarti(a)linux.microsoft.com> --- drivers/net/ethernet/microsoft/mana/hw_channel.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/ethernet/microsoft/mana/hw_channel.c b/drivers/net/ethernet/microsoft/mana/hw_channel.c index 2729a2c5acf9..ca814fe8a775 100644 --- a/drivers/net/ethernet/microsoft/mana/hw_channel.c +++ b/drivers/net/ethernet/microsoft/mana/hw_channel.c @@ -848,7 +848,7 @@ int mana_hwc_send_request(struct hw_channel_context *hwc, u32 req_len, } if (!wait_for_completion_timeout(&ctx->comp_event, - (msecs_to_jiffies(hwc->hwc_timeout) * HZ))) { + (msecs_to_jiffies(hwc->hwc_timeout)))) { dev_err(hwc->dev, "HWC: Request timed out!\n"); err = -ETIMEDOUT; goto out; -- 2.34.1

1 year, 4 months

4
3
0 0

[PATCH 4.19 00/63] 4.19.314-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.19.314 release. There are 63 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 16 May 2024 10:09:32 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.314-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.19.314-rc1 Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc(). Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> net: fix out-of-bounds access in ops_init Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix invalid reads in fence signaled events Jim Cromie <jim.cromie(a)gmail.com> dyndbg: fix old BUG_ON in >control parser Paolo Abeni <pabeni(a)redhat.com> tipc: fix UAF in error path Chris Wulff <Chris.Wulff(a)biamp.com> usb: gadget: f_fs: Fix a race condition when processing setup packets. Peter Korsgaard <peter(a)korsgaard.com> usb: gadget: composite: fix OS descriptors w_value logic Thanassis Avgerinos <thanassis.avgerinos(a)gmail.com> firewire: nosy: ensure user_length is taken into account when fetching packet contents Michal Luczaj <mhal(a)rbox.co> af_unix: Fix garbage collector racing against connect() Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Do not use atomic ops for unix_sk(sk)->inflight. Eric Dumazet <edumazet(a)google.com> ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() Felix Fietkau <nbd(a)nbd.name> net: bridge: fix corrupted ethernet header on multicast-to-unicast Eric Dumazet <edumazet(a)google.com> phonet: fix rtm_phonet_notify() skb allocation Roded Zats <rzats(a)paloaltonetworks.com> rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Eric Dumazet <edumazet(a)google.com> tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets Colin Ian King <colin.king(a)canonical.com> tcp: remove redundant check on tskb Neil Armstrong <narmstrong(a)baylibre.com> ASoC: meson: axg-tdm-interface: Fix formatters in trigger" Vanillan Wang <vanillanwang(a)163.com> net:usb:qmi_wwan: support Rolling modules Joakim Sindholt <opensource(a)zhasha.com> fs/9p: drop inodes immediately on non-.L too Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: crystalcove: Use -ENOTSUPP consistently Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: wcove: Use -ENOTSUPP consistently Jeff Layton <jlayton(a)kernel.org> 9p: explicitly deny setlease attempts Joakim Sindholt <opensource(a)zhasha.com> fs/9p: translate O_TRUNC into OTRUNC Joakim Sindholt <opensource(a)zhasha.com> fs/9p: only translate RWX permissions for plain 9P2000 John Stultz <jstultz(a)google.com> selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix SELinux error when systemd-modules loads the target module Boris Burkov <boris(a)bur.io> btrfs: always clear PERTRANS metadata during commit Boris Burkov <boris(a)bur.io> btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve Peng Liu <liupeng17(a)lenovo.com> tools/power turbostat: Fix Bzy_MHz documentation typo Doug Smythies <dsmythies(a)telus.net> tools/power turbostat: Fix added raw MSR output Adam Goldman <adamg(a)pobox.com> firewire: ohci: mask bus reset interrupts between ISR and bottom half Chen Ni <nichen(a)iscas.ac.cn> ata: sata_gemini: Check clk_enable() result Phil Elwell <phil(a)raspberrypi.com> net: bcmgenet: Reset RBUF on first open Takashi Iwai <tiwai(a)suse.de> ALSA: line6: Zero-initialize message buffers Saurav Kashyap <skashyap(a)marvell.com> scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload linke li <lilinke99(a)qq.com> net: mark racy access on sk->sk_rcvbuf Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc Andrew Price <anprice(a)redhat.com> gfs2: Fix invalid metadata access in punch_hole Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic Xin Long <lucien.xin(a)gmail.com> tipc: fix a possible memleak in tipc_buf_append Felix Fietkau <nbd(a)nbd.name> net: bridge: fix multicast-to-unicast with fraglist GSO Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 Andrew Lunn <andrew(a)lunn.ch> net: dsa: mv88e6xxx: Add number of MACs in the ATU Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-tdm-interface: manage formatters in trigger David Bauer <mail(a)david-bauer.net> net l2tp: drop flow hash on forward Kuniyuki Iwashima <kuniyu(a)amazon.com> nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). Bui Quang Minh <minhquangbui99(a)gmail.com> bna: ensure the copied buf is NUL terminated Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix clearing storage keys for huge pages Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix storage key clearing for guest huge pages Zeng Heng <zengheng4(a)huawei.com> pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() Arnd Bergmann <arnd(a)arndb.de> power: rt9455: hide unused rt9455_boost_voltage_values Dan Carpenter <dan.carpenter(a)linaro.org> pinctrl: core: delete incorrect free in pinctrl_enable() Rahul Rameshbabu <rrameshbabu(a)nvidia.com> ethernet: Add helper for assigning packet type when dest address does not match device address Jakub Kicinski <kuba(a)kernel.org> ethernet: add a helper for assigning port addresses Li RongQing <lirongqing(a)baidu.com> net: slightly optimize eth_type_trans Mukul Joshi <mukul.joshi(a)amd.com> drm/amdgpu: Fix leak when GPU memory allocation fails Eric Huang <JinhuiEric.Huang(a)amd.com> drm/amdkfd: change system memory overcommit limit Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: don't free NULL coalescing rule Vinod Koul <vkoul(a)kernel.org> dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state" Bumyong Lee <bumyong.lee(a)samsung.com> dmaengine: pl330: issue_pending waits until WFP state ------------- Diffstat: Makefile | 4 +- arch/s390/mm/gmap.c | 2 +- arch/s390/mm/hugetlbpage.c | 2 +- drivers/ata/sata_gemini.c | 5 +- drivers/firewire/nosy.c | 6 +- drivers/firewire/ohci.c | 6 +- drivers/gpio/gpio-crystalcove.c | 2 +- drivers/gpio/gpio-wcove.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 100 +++++++++++++---------- drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 +- drivers/net/dsa/mv88e6xxx/chip.c | 29 ++++++- drivers/net/dsa/mv88e6xxx/chip.h | 6 ++ drivers/net/ethernet/broadcom/genet/bcmgenet.c | 16 +++- drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 4 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/pinctrl/core.c | 8 +- drivers/pinctrl/devicetree.c | 10 ++- drivers/power/supply/rt9455_charger.c | 2 + drivers/scsi/bnx2fc/bnx2fc_tgt.c | 2 - drivers/scsi/lpfc/lpfc.h | 1 - drivers/scsi/lpfc/lpfc_scsi.c | 13 +-- drivers/target/target_core_configfs.c | 12 +++ drivers/usb/gadget/composite.c | 6 +- drivers/usb/gadget/function/f_fs.c | 2 +- fs/9p/vfs_file.c | 2 + fs/9p/vfs_inode.c | 5 +- fs/9p/vfs_super.c | 1 + fs/btrfs/inode.c | 2 +- fs/btrfs/transaction.c | 2 +- fs/gfs2/bmap.c | 5 +- include/linux/etherdevice.h | 46 +++++++++++ include/net/af_unix.h | 5 +- lib/dynamic_debug.c | 6 +- net/bluetooth/l2cap_core.c | 3 + net/bluetooth/sco.c | 4 + net/bridge/br_forward.c | 9 +- net/core/net_namespace.c | 13 ++- net/core/rtnetlink.c | 2 +- net/core/sock.c | 4 +- net/ethernet/eth.c | 10 +-- net/ipv4/tcp.c | 4 +- net/ipv4/tcp_input.c | 2 + net/ipv4/tcp_ipv4.c | 8 +- net/ipv4/tcp_output.c | 11 ++- net/ipv6/fib6_rules.c | 6 +- net/l2tp/l2tp_eth.c | 3 + net/mac80211/ieee80211_i.h | 4 +- net/nsh/nsh.c | 14 ++-- net/phonet/pn_netlink.c | 2 +- net/tipc/msg.c | 8 +- net/unix/af_unix.c | 4 +- net/unix/garbage.c | 35 +++++--- net/unix/scm.c | 8 +- net/wireless/nl80211.c | 2 + sound/usb/line6/driver.c | 6 +- tools/power/x86/turbostat/turbostat.8 | 2 +- tools/power/x86/turbostat/turbostat.c | 7 +- tools/testing/selftests/timers/valid-adjtimex.c | 73 ++++++++--------- 58 files changed, 370 insertions(+), 191 deletions(-)

1 year, 4 months

6
70
0 0

[PATCH 6.6 000/309] 6.6.31-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.31 release. There are 309 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 17 May 2024 08:23:27 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.31-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.31-rc2 Li Nan <linan122(a)huawei.com> md: fix kmemleak of rdev->serial Pei Xiao <xiaopei01(a)kylinos.cn> Revert "selftests/bpf: Add netkit to tc_redirect selftest" Miaohe Lin <linmiaohe(a)huawei.com> mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() Qu Wenruo <wqu(a)suse.com> btrfs: do not wait for short bulk allocation Silvio Gissi <sifonsec(a)amazon.com> keys: Fix overwrite of key expiration on instantiation Nikhil Rao <nikhil.rao(a)intel.com> dmaengine: idxd: add a write() method for applications to submit work Arjan van de Ven <arjan(a)linux.intel.com> dmaengine: idxd: add a new security check to deal with a hardware erratum Arjan van de Ven <arjan(a)linux.intel.com> VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix firmware check error path Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix info leak when fetching fw build id Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix info leak when fetching board id Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: generalise device address check Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix NVM configuration parsing Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: add missing firmware sanity checks Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix wcn3991 device address check Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix invalid device address check Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Do not treat events directory different than other directories Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Do not differentiate the toplevel events directory Steven Rostedt (Google) <rostedt(a)goodmis.org> tracefs: Still use mount point as default permissions for instances Steven Rostedt (Google) <rostedt(a)goodmis.org> tracefs: Reset permissions on remount if permissions are options Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: do not grant v2 lease if parent lease key and epoch are not set Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: avoid to send duplicate lease break notifications Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: off ipv6only for both ipv4/ipv6 binding Conor Dooley <conor.dooley(a)microchip.com> spi: microchip-core-qspi: fix setting spi bus clock rate Johan Hovold <johan+linaro(a)kernel.org> regulator: core: fix debugfs creation regression Sean Anderson <sean.anderson(a)linux.dev> nvme-pci: Add quirk for broken MSIs Peter Xu <peterx(a)redhat.com> mm/userfaultfd: reset ptes when close() for wr-protected ones Kefeng Wang <wangkefeng.wang(a)huawei.com> mm: use memalloc_nofs_save() in page_cache_ra_order() Michael Ellerman <mpe(a)ellerman.id.au> selftests/mm: fix powerpc ARCH check Thomas Gleixner <tglx(a)linutronix.de> x86/apic: Don't access the APIC when disabling x2APIC Lakshmi Yadlapati <lakshmiy(a)us.ibm.com> hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> net: fix out-of-bounds access in ops_init Volodymyr Babchuk <Volodymyr_Babchuk(a)epam.com> arm64: dts: qcom: sa8155p-adp: fix SDHC2 CD pin configuration Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Fix incorrect DSC instance for MST George Shen <george.shen(a)amd.com> drm/amd/display: Handle Y carry-over in VCP X.Y calculation Karthikeyan Ramasubramanian <kramasub(a)chromium.org> drm/i915/bios: Fix parsing backlight BDB data Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Automate CCS Mode setting during engine resets Chaitanya Kumar Borah <chaitanya.kumar.borah(a)intel.com> drm/i915/audio: Fix audio time stamp programming for DP Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix invalid reads in fence signaled events Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Fix Legacy Display Unit Zack Rusin <zack.rusin(a)broadcom.com> drm/ttm: Print the memory decryption status just once Alex Deucher <alexander.deucher(a)amd.com> drm/amdkfd: don't allow mapping the MMIO HDP page with large pages Dave Airlie <airlied(a)redhat.com> Revert "drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()" Lyude Paul <lyude(a)redhat.com> drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor() Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add lunar lake point M DID Frank Oltmanns <frank(a)oltmanns.dev> clk: sunxi-ng: a64: Set minimum and maximum rate for PLL-MIPI Frank Oltmanns <frank(a)oltmanns.dev> clk: sunxi-ng: common: Support minimum and maximum rate Viken Dadhaniya <quic_vdadhani(a)quicinc.com> slimbus: qcom-ngd-ctrl: Add timeout for wait operation Jim Cromie <jim.cromie(a)gmail.com> dyndbg: fix old BUG_ON in >control parser Joao Paulo Goncalves <joao.goncalves(a)toradex.com> ASoC: ti: davinci-mcasp: Fix race condition during probe Sameer Pujar <spujar(a)nvidia.com> ASoC: tegra: Fix DSPK 16-bit playback Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize UMAC_CMD access Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access Max Filippov <jcmvbkbc(a)gmail.com> xtensa: fix MAKE_PC_FROM_RA second argument Paolo Abeni <pabeni(a)redhat.com> tipc: fix UAF in error path Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: change usleep_range to udelay in PHY mdic access Alexander Potapenko <glider(a)google.com> kmsan: compiler_types: declare __no_sanitize_or_inline Hans de Goede <hdegoede(a)redhat.com> iio: accel: mxc4005: Interrupt handling fixes Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: pressure: Fixes BME280 SPI driver data Ramona Gradinariu <ramona.bolboaca13(a)gmail.com> iio:imu: adis16475: Fix sync mode setting Javier Carrasco <javier.carrasco.cruz(a)gmail.com> dt-bindings: iio: health: maxim,max30102: fix compatible check Sven Schnelle <svens(a)linux.ibm.com> workqueue: Fix selection of wake_cpu in kick_pool() Gregory Detal <gregory.detal(a)gmail.com> mptcp: only allow set existing scheduler for net.mptcp.scheduler Paolo Abeni <pabeni(a)redhat.com> mptcp: ensure snd_nxt is properly initialized on connect Dan Carpenter <dan.carpenter(a)linaro.org> mm/slab: make __free(kfree) accept error pointers Liam R. Howlett <Liam.Howlett(a)oracle.com> maple_tree: fix mas_empty_area_rev() null pointer dereference Qu Wenruo <wqu(a)suse.com> btrfs: set correct ram_bytes when splitting ordered extent Dominique Martinet <dominique.martinet(a)atmark-techno.com> btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: ohci: fulfill timestamp for some local asynchronous transaction Aman Dhoot <amandhoot12(a)gmail.com> ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU Badhri Jagan Sridharan <badhri(a)google.com> usb: typec: tcpm: Check for port partner validity before consuming it Amit Sunil Dhamne <amitsd(a)google.com> usb: typec: tcpm: unregister existing source caps before re-registration RD Babiera <rdbabiera(a)google.com> usb: typec: tcpm: clear pd_event queue in PORT_RESET Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: core: Prevent phy suspend during init Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: xhci-plat: Don't include xhci.h Chris Wulff <Chris.Wulff(a)biamp.com> usb: gadget: f_fs: Fix a race condition when processing setup packets. Wesley Cheng <quic_wcheng(a)quicinc.com> usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete Ivan Avdeev <me(a)provod.works> usb: gadget: uvc: use correct buffer size when parsing configfs lists Peter Korsgaard <peter(a)korsgaard.com> usb: gadget: composite: fix OS descriptors w_value logic Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix access violation during port device removal Guenter Roeck <linux(a)roeck-us.net> usb: ohci: Prevent missed ohci interrupts Alan Stern <stern(a)rowland.harvard.edu> usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Fix connector check on init Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Check for notifications after init Linus Torvalds <torvalds(a)linux-foundation.org> Reapply "drm/qxl: simplify qxl_fence_wait" Thanassis Avgerinos <thanassis.avgerinos(a)gmail.com> firewire: nosy: ensure user_length is taken into account when fetching packet contents Dmitry Antipov <dmantipov(a)yandex.ru> btrfs: fix kvcalloc() arguments order in btrfs_ioctl_send() Christian König <christian.koenig(a)amd.com> drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 Michel Dänzer <mdaenzer(a)redhat.com> drm/amdgpu: Fix comparison in amdgpu_res_cpu_visible Gabe Teeger <gabe.teeger(a)amd.com> drm/amd/display: Atom Integrated System Info v2_2 for DCN35 Kent Gibson <warthog618(a)gmail.com> gpiolib: cdev: fix uninitialised kfifo Kent Gibson <warthog618(a)gmail.com> gpiolib: cdev: relocate debounce_period_us from struct gpio_desc Zhongqiu Han <quic_zhonhan(a)quicinc.com> gpiolib: cdev: Fix use after free in lineinfo_changed_notify Mario Limonciello <mario.limonciello(a)amd.com> dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users Douglas Anderson <dianders(a)chromium.org> drm/connector: Add \n to message about demoting connector force-probes Jerome Brunet <jbrunet(a)baylibre.com> drm/meson: dw-hdmi: add bandgap setting for g12 Jerome Brunet <jbrunet(a)baylibre.com> drm/meson: dw-hdmi: power up phy on device init Steffen Bätz <steffen(a)innosonix.de> net: dsa: mv88e6xxx: add phylink_get_caps for the mv88e6320/21 family Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix kernel crash when devlink reload during initialization Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix port vlan filter not disabled issue Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: use appropriate barrier function after setting a bit value Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: release PTP resources if pf initialization failed Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: change type of numa_node_mask as nodemask_t Jian Shen <shenjian15(a)huawei.com> net: hns3: direct return when receive a unknown mailbox message Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: using user configure after hardware reset Wen Gu <guwen(a)linux.alibaba.com> net/smc: fix neighbour and rtable leak in smc_ib_find_route() Eric Dumazet <edumazet(a)google.com> ipv6: prevent NULL dereference in ip6_output() Eric Dumazet <edumazet(a)google.com> ipv6: annotate data-races around cnf.disable_ipv6 Lukasz Majewski <lukma(a)denx.de> hsr: Simplify code for announcing HSR nodes timer setup Eric Dumazet <edumazet(a)google.com> net-sysfs: convert dev->operstate reads to lockless ones Eric Dumazet <edumazet(a)google.com> ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() Daniel Golle <daniel(a)makrotopia.org> dt-bindings: net: mediatek: remove wrongly added clocks and SerDes David Howells <dhowells(a)redhat.com> rxrpc: Only transmit one ACK per jumbo packet received David Howells <dhowells(a)redhat.com> rxrpc: Fix congestion control algorithm David Howells <dhowells(a)redhat.com> rxrpc: Fix the names of the fields in the ACK trailer struct Ido Schimmel <idosch(a)nvidia.com> selftests: test_bridge_neigh_suppress.sh: Fix failures due to duplicate MAC Hangbin Liu <liuhangbin(a)gmail.com> selftests/net: convert test_bridge_neigh_suppress.sh to run it in unique namespace Shigeru Yoshida <syoshida(a)redhat.com> ipv6: Fix potential uninit-value access in __ip6_make_skb() Felix Fietkau <nbd(a)nbd.name> net: bridge: fix corrupted ethernet header on multicast-to-unicast Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> nfc: nci: Fix kcov check in nci_rx_work() Eric Dumazet <edumazet(a)google.com> phonet: fix rtm_phonet_notify() skb allocation Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use a separate buffer for sending commands Roded Zats <rzats(a)paloaltonetworks.com> rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Marek Vasut <marex(a)denx.de> net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout Sungwoo Kim <iam(a)sung-woo.kim> Bluetooth: HCI: Fix potential null-ptr-deref Sungwoo Kim <iam(a)sung-woo.kim> Bluetooth: msft: fix slab-use-after-free in msft_do_close() Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Eric Dumazet <edumazet(a)google.com> tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets Boy.Wu <boy.wu(a)mediatek.com> ARM: 9381/1: kasan: clear stale stack poison Paul Davey <paul.davey(a)alliedtelesis.co.nz> xfrm: Preserve vlan tags for transport mode software GRO Al Viro <viro(a)zeniv.linux.org.uk> qibfs: fix dentry leak Olga Kornievskaia <kolga(a)netapp.com> SUNRPC: add a missing rpc_stat for TCP TLS Li Nan <linan122(a)huawei.com> blk-iocost: do not WARN if iocg was already offlined Vanillan Wang <vanillanwang(a)163.com> net:usb:qmi_wwan: support Rolling modules Alex Deucher <alexander.deucher(a)amd.com> drm/radeon: silence UBSAN warning (v3) Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> platform/x86: ISST: Add Granite Rapids-D to HPM CPU list Lyude Paul <lyude(a)redhat.com> drm/nouveau/dp: Don't probe eDP ports twice harder Krzysztof Kozlowski <krzk(a)kernel.org> gpio: lpc32xx: fix module autoloading Joakim Sindholt <opensource(a)zhasha.com> fs/9p: drop inodes immediately on non-.L too Stephen Boyd <sboyd(a)kernel.org> clk: Don't hold prepare_lock when calling kref_put() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: crystalcove: Use -ENOTSUPP consistently Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: wcove: Use -ENOTSUPP consistently Michael Ellerman <mpe(a)ellerman.id.au> powerpc/crypto/chacha-p10: Fix failure on non Power10 Jeff Layton <jlayton(a)kernel.org> 9p: explicitly deny setlease attempts Joakim Sindholt <opensource(a)zhasha.com> fs/9p: fix the cache always being enabled on files with qid flags Joakim Sindholt <opensource(a)zhasha.com> fs/9p: translate O_TRUNC into OTRUNC Joakim Sindholt <opensource(a)zhasha.com> fs/9p: only translate RWX permissions for plain 9P2000 Krzysztof Kozlowski <krzk(a)kernel.org> iommu: mtk: fix module autoloading Steve French <stfrench(a)microsoft.com> smb3: fix broken reconnect when password changing on the server by allowing password rotation Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted Rick Edgecombe <rick.p.edgecombe(a)intel.com> uio_hv_generic: Don't free decrypted memory Rick Edgecombe <rick.p.edgecombe(a)intel.com> hv_netvsc: Don't free decrypted memory Rick Edgecombe <rick.p.edgecombe(a)intel.com> Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl Rick Edgecombe <rick.p.edgecombe(a)intel.com> Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails John Stultz <jstultz(a)google.com> selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior Zhigang Luo <Zhigang.Luo(a)amd.com> amd/amdkfd: sync all devices to wait all processes being evicted Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Fix VCN allocation in CPX partition Alex Hung <alex.hung(a)amd.com> drm/amd/display: Skip on writeback when it's not applicable Tao Zhou <tao.zhou1(a)amd.com> drm/amdgpu: implement IRQ_STATE_ENABLE for SDMA v4.4.2 Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Refine IB schedule error logging Justin Ernst <justin.ernst(a)hpe.com> tools/power/turbostat: Fix uncore frequency file string Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: scall: Save thread_info.syscall unconditionally on entry Thierry Reding <treding(a)nvidia.com> gpu: host1x: Do not setup DMA for virtual devices Rik van Riel <riel(a)surriel.com> blk-iocost: avoid out of bounds shift Xiang Chen <chenxiang66(a)hisilicon.com> scsi: hisi_sas: Handle the NCQ error returned by D2H frame Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix SELinux error when systemd-modules loads the target module Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `BIT' Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `panic' Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `early_pfn_to_nid' Boris Burkov <boris(a)bur.io> btrfs: always clear PERTRANS metadata during commit Boris Burkov <boris(a)bur.io> btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve Len Brown <len.brown(a)intel.com> tools/power turbostat: Fix warning upon failed /dev/cpu_dma_latency read Patryk Wlazlyn <patryk.wlazlyn(a)linux.intel.com> tools/power turbostat: Print ucode revision only if valid Peng Liu <liupeng17(a)lenovo.com> tools/power turbostat: Fix Bzy_MHz documentation typo Wyes Karny <wyes.karny(a)amd.com> tools/power turbostat: Increase the limit for fd opened Doug Smythies <dsmythies(a)telus.net> tools/power turbostat: Fix added raw MSR output Adam Goldman <adamg(a)pobox.com> firewire: ohci: mask bus reset interrupts between ISR and bottom half Chen Ni <nichen(a)iscas.ac.cn> ata: sata_gemini: Check clk_enable() result Jeff Layton <jlayton(a)kernel.org> vboxsf: explicitly deny setlease attempts Phil Elwell <phil(a)raspberrypi.com> net: bcmgenet: Reset RBUF on first open Li Nan <linan122(a)huawei.com> block: fix overflow in blk_ioctl_discard() Takashi Iwai <tiwai(a)suse.de> ALSA: line6: Zero-initialize message buffers Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: Fix MCQ mode dev command timeout Yihang Li <liyihang9(a)huawei.com> scsi: libsas: Align SMP request allocation to ARCH_DMA_MINALIGN Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: WLUN suspend dev/link state error recovery André Apitzsch <git(a)apitzsch.eu> regulator: tps65132: Add of_match table Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda-dsp: Skip IMR boot on ACE platforms in case of S3 suspend Borislav Petkov (AMD) <bp(a)alien8.de> kbuild: Disable KCSAN for autogenerated *.mod.c intermediaries Mark Rutland <mark.rutland(a)arm.com> selftests/ftrace: Fix event filter target_func selection Andrei Matei <andreimatei1(a)gmail.com> bpf: Check bloom filter map value size Jonathan Kim <Jonathan.Kim(a)amd.com> drm/amdkfd: range check cp bad op exception interrupts Mukul Joshi <mukul.joshi(a)amd.com> drm/amdkfd: Check cgroup when returning DMABuf info Anand Jain <anand.jain(a)oracle.com> btrfs: return accurate error code on open failure in open_fs_devices() Saurav Kashyap <skashyap(a)marvell.com> scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> scsi: mpi3mr: Avoid memcpy field-spanning write WARNING linke li <lilinke99(a)qq.com> net: mark racy access on sk->sk_rcvbuf Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: mvm: guard against invalid STA ID on removal Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: read txq->read_ptr under lock Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix prep_connection error path Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> wifi: cfg80211: fix rdev_dump_mpp() arguments order Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc Andrew Price <anprice(a)redhat.com> gfs2: Fix invalid metadata access in punch_hole Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Use a dedicated lock for ras_fwlog state Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Move NPIV's transport unregistration to after resource clean up Rohit Ner <rohitner(a)google.com> scsi: ufs: core: Fix MCQ MAC configuration Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() Marc Zyngier <maz(a)kernel.org> KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id Will Deacon <will(a)kernel.org> swiotlb: initialise restricted pool list_head when SWIOTLB_DYNAMIC=y Gaurav Batra <gbatra(a)linux.ibm.com> powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE Nayna Jain <nayna(a)linux.ibm.com> powerpc/pseries: make max polling consistent for longer H_CALLs Jernej Skrabec <jernej.skrabec(a)gmail.com> clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change Adam Skladowski <a39.skl(a)gmail.com> clk: qcom: smd-rpm: Restore msm8976 num_clk Richard Gobert <richardbgobert(a)gmail.com> net: gro: add flush check in udp_gro_receive_segment Richard Gobert <richardbgobert(a)gmail.com> net: gro: fix udp bad offset in socket lookup by adding {inner_}network_offset to napi_gro_cb Richard Gobert <richardbgobert(a)gmail.com> net: gro: parse ipv6 ext headers without frag0 invalidation Shigeru Yoshida <syoshida(a)redhat.com> ipv4: Fix uninit-value access in __ip_make_skb() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Use predefined error codes Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Respect deferred probe Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Correct use of device property APIs Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: Fix kernel panic after setting hsuid Guillaume Nault <gnault(a)redhat.com> vxlan: Pull inner IP header in vxlan_rcv(). Xin Long <lucien.xin(a)gmail.com> tipc: fix a possible memleak in tipc_buf_append Jeffrey Altman <jaltman(a)auristor.com> rxrpc: Clients must accept conn from any address Felix Fietkau <nbd(a)nbd.name> net: core: reject skb_copy(_expand) for fraglist GSO skbs Felix Fietkau <nbd(a)nbd.name> net: bridge: fix multicast-to-unicast with fraglist GSO Mans Rullgard <mans(a)mansr.com> spi: fix null pointer dereference within spi_sync Shashank Sharma <shashank.sharma(a)amd.com> drm/amdgpu: fix doorbell regression Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> cxgb4: Properly lock TX queue for the selftest. Bui Quang Minh <minhquangbui99(a)gmail.com> s390/cio: Ensure the copied buf is NUL terminated Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: cards: select SND_DYNAMIC_MINORS Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-tdm-interface: manage formatters in trigger Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-card: make links nonatomic Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-fifo: use threaded irq to check periods Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-fifo: use FIELD helpers Guillaume Nault <gnault(a)redhat.com> vxlan: Add missing VNI filter counter update in arp_reduce(). Guillaume Nault <gnault(a)redhat.com> vxlan: Fix racy device stats updates. Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_actions() Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flow_spec Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flower Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: fix E-MU dock initialization Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: move the whole GPIO event handling to the workqueue Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: factor out snd_emu1010_load_dock_firmware() Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: fix E-MU card dock presence monitoring David Howells <dhowells(a)redhat.com> Fix a potential infinite loop in extract_user_to_sg() Jens Remus <jremus(a)linux.ibm.com> s390/vdso: Add CFI for RA register to asm macro vdso_func David Bauer <mail(a)david-bauer.net> net l2tp: drop flow hash on forward Kuniyuki Iwashima <kuniyu(a)amazon.com> nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). Bui Quang Minh <minhquangbui99(a)gmail.com> octeontx2-af: avoid off-by-one read from userspace Bui Quang Minh <minhquangbui99(a)gmail.com> bna: ensure the copied buf is NUL terminated Toke Høiland-Jørgensen <toke(a)redhat.com> xdp: use flags field to disambiguate broadcast redirect Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix clearing storage keys for huge pages Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix storage key clearing for guest huge pages Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: codecs: wsa881x: set clk_stop_mode1 flag Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: Intel: avs: Set name of control as in topology Xu Kuohai <xukuohai(a)huawei.com> riscv, bpf: Fix incorrect runtime stats Xu Kuohai <xukuohai(a)huawei.com> bpf, arm64: Fix incorrect runtime stats Devyn Liu <liudingyuan(a)huawei.com> spi: hisi-kunpeng: Delete the dump interface of data registers in debugfs David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: fix version format string David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: use common AXI macros David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: move msg state to new struct David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: use devm_spi_alloc_host() David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: simplify driver data allocation Li Zetao <lizetao1(a)huawei.com> spi: spi-axi-spi-engine: Use helper function devm_clk_get_enabled() Anton Protopopov <aspsk(a)isovalent.com> bpf: Fix a verifier verbose message Yi Zhang <yi.zhang(a)redhat.com> nvme: fix warn output about shared namespaces without CONFIG_NVME_MULTIPATH Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: SOF: Intel: add default firmware library path for LNL Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Introduce generic names for IPC types Richard Fitzgerald <rf(a)opensource.cirrus.com> regmap: Add regmap_read_bypassed() Jason Xing <kernelxing(a)tencent.com> bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Andrii Nakryiko <andrii(a)kernel.org> bpf, kconfig: Fix DEBUG_INFO_BTF_MODULES Kconfig definition Matti Vaittinen <mazziesaccount(a)gmail.com> regulator: change devm_regulator_get_enable_optional() stub to return Ok Matti Vaittinen <mazziesaccount(a)gmail.com> regulator: change stubbed devm_regulator_get_enable to return Ok AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> regulator: mt6360: De-capitalize devicetree regulator subnodes Zeng Heng <zengheng4(a)huawei.com> pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> power: supply: mt6360_charger: Fix of_match for usb-otg-vbus regulator Arnd Bergmann <arnd(a)arndb.de> power: rt9455: hide unused rt9455_boost_voltage_values Hans de Goede <hdegoede(a)redhat.com> pinctrl: baytrail: Fix selecting gpio pinctrl state Kuniyuki Iwashima <kuniyu(a)amazon.com> nfs: Handle error of rpc_proc_register() in nfs_net_init(). Josef Bacik <josef(a)toxicpanda.com> nfs: make the rpc_stat per net namespace Josef Bacik <josef(a)toxicpanda.com> nfs: expose /proc/net/sunrpc/nfs in net namespaces Josef Bacik <josef(a)toxicpanda.com> sunrpc: add a struct rpc_stats arg to rpc_create_args Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback Dan Carpenter <dan.carpenter(a)linaro.org> pinctrl: core: delete incorrect free in pinctrl_enable() Jan Dakinevich <jan.dakinevich(a)salutedevices.com> pinctrl/meson: fix typo in PDM's pin name Billy Tsai <billy_tsai(a)aspeedtech.com> pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T Tim Jiang <quic_tjiang(a)quicinc.com> Bluetooth: qca: add support for QCA2066 Daniel Okazaki <dtokazaki(a)google.com> eeprom: at24: fix memory corruption race condition Heiner Kallweit <hkallweit1(a)gmail.com> eeprom: at24: Probe for DDR3 thermal sensor in the SPD case Wedson Almeida Filho <walmeida(a)microsoft.com> rust: kernel: require `Send` for `Module` implementations Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: don't free NULL coalescing rule Benno Lossin <benno.lossin(a)proton.me> rust: macros: fix soundness issue in `module!` macro Thomas Bertschinger <tahbertschinger(a)gmail.com> rust: module: place generated init_module() function in .init.text Christian Marangi <ansuelsmth(a)gmail.com> mtd: limit OTP NVMEM cell parse to non-NAND devices Rafał Miłecki <rafal(a)milecki.pl> nvmem: add explicit config option to read old syntax fixed OF cells Vinod Koul <vkoul(a)kernel.org> dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state" Bumyong Lee <bumyong.lee(a)samsung.com> dmaengine: pl330: issue_pending waits until WFP state ------------- Diffstat: .../bindings/iio/health/maxim,max30102.yaml | 2 +- .../devicetree/bindings/net/mediatek,net.yaml | 22 +- Makefile | 4 +- arch/arm/kernel/sleep.S | 4 + arch/arm64/boot/dts/qcom/sa8155p-adp.dts | 30 +- arch/arm64/kvm/vgic/vgic-kvm-device.c | 12 +- arch/arm64/net/bpf_jit_comp.c | 6 +- arch/mips/include/asm/ptrace.h | 2 +- arch/mips/kernel/asm-offsets.c | 1 + arch/mips/kernel/ptrace.c | 15 +- arch/mips/kernel/scall32-o32.S | 23 +- arch/mips/kernel/scall64-n32.S | 3 +- arch/mips/kernel/scall64-n64.S | 3 +- arch/mips/kernel/scall64-o32.S | 33 +- arch/powerpc/crypto/chacha-p10-glue.c | 8 +- arch/powerpc/include/asm/plpks.h | 5 +- arch/powerpc/platforms/pseries/iommu.c | 8 + arch/powerpc/platforms/pseries/plpks.c | 10 +- arch/riscv/net/bpf_jit_comp64.c | 6 +- arch/s390/include/asm/dwarf.h | 1 + arch/s390/kernel/vdso64/vdso_user_wrapper.S | 2 + arch/s390/mm/gmap.c | 2 +- arch/s390/mm/hugetlbpage.c | 2 +- arch/x86/kernel/apic/apic.c | 16 +- arch/xtensa/include/asm/processor.h | 8 +- arch/xtensa/include/asm/ptrace.h | 2 +- arch/xtensa/kernel/process.c | 5 +- arch/xtensa/kernel/stacktrace.c | 3 +- block/blk-iocost.c | 14 +- block/ioctl.c | 5 +- drivers/ata/sata_gemini.c | 5 +- drivers/base/regmap/regmap.c | 37 +++ drivers/bluetooth/btqca.c | 208 ++++++++++++- drivers/bluetooth/btqca.h | 8 +- drivers/bluetooth/hci_qca.c | 13 +- drivers/clk/clk.c | 12 +- drivers/clk/qcom/clk-smd-rpm.c | 1 + drivers/clk/sunxi-ng/ccu-sun50i-a64.c | 2 + drivers/clk/sunxi-ng/ccu-sun50i-h6.c | 19 +- drivers/clk/sunxi-ng/ccu_common.c | 19 ++ drivers/clk/sunxi-ng/ccu_common.h | 3 + drivers/dma/idxd/cdev.c | 77 +++++ drivers/dma/idxd/idxd.h | 3 + drivers/dma/idxd/init.c | 4 + drivers/dma/idxd/registers.h | 3 - drivers/dma/idxd/sysfs.c | 27 +- drivers/firewire/nosy.c | 6 +- drivers/firewire/ohci.c | 14 +- drivers/gpio/gpio-crystalcove.c | 2 +- drivers/gpio/gpio-lpc32xx.c | 1 + drivers/gpio/gpio-wcove.c | 2 +- drivers/gpio/gpiolib-cdev.c | 181 +++++++++-- drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 14 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 56 ++-- drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c | 15 +- drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c | 16 +- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 11 +- drivers/gpu/drm/amd/amdkfd/kfd_device.c | 17 +- drivers/gpu/drm/amd/amdkfd/kfd_int_process_v10.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_int_process_v11.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_int_process_v9.c | 3 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 10 + .../drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 48 ++- drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 1 + .../display/dc/dcn31/dcn31_hpo_dp_link_encoder.c | 6 + .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c | 2 +- drivers/gpu/drm/drm_connector.c | 2 +- drivers/gpu/drm/i915/display/intel_audio.c | 113 +------ drivers/gpu/drm/i915/display/intel_bios.c | 19 +- drivers/gpu/drm/i915/display/intel_vbt_defs.h | 5 - drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c | 6 +- drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h | 2 +- drivers/gpu/drm/i915/gt/intel_workarounds.c | 4 +- drivers/gpu/drm/meson/meson_dw_hdmi.c | 70 ++--- drivers/gpu/drm/nouveau/nouveau_dp.c | 13 +- drivers/gpu/drm/panel/Kconfig | 2 +- drivers/gpu/drm/panel/panel-ilitek-ili9341.c | 13 +- drivers/gpu/drm/qxl/qxl_release.c | 50 +--- drivers/gpu/drm/radeon/pptable.h | 10 +- drivers/gpu/drm/ttm/ttm_tt.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 1 + drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 +- drivers/gpu/host1x/bus.c | 8 - drivers/hv/channel.c | 29 +- drivers/hv/connection.c | 29 +- drivers/hwmon/corsair-cpro.c | 43 ++- drivers/hwmon/pmbus/ucd9000.c | 6 +- drivers/iio/accel/mxc4005.c | 24 +- drivers/iio/imu/adis16475.c | 4 +- drivers/iio/pressure/bmp280-spi.c | 4 +- drivers/infiniband/hw/qib/qib_fs.c | 1 + drivers/iommu/mtk_iommu.c | 1 + drivers/iommu/mtk_iommu_v1.c | 1 + drivers/md/md.c | 1 + drivers/misc/eeprom/at24.c | 47 ++- drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/mtd/mtdcore.c | 2 + drivers/net/dsa/mv88e6xxx/chip.c | 20 +- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 32 +- drivers/net/ethernet/broadcom/genet/bcmgenet.h | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 8 +- drivers/net/ethernet/broadcom/genet/bcmmii.c | 6 +- drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 4 +- drivers/net/ethernet/chelsio/cxgb4/sge.c | 6 +- drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 52 ++-- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.h | 5 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 7 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 20 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 2 +- drivers/net/ethernet/intel/e1000e/phy.c | 8 +- .../ethernet/marvell/octeontx2/af/rvu_debugfs.c | 4 +- drivers/net/ethernet/micrel/ks8851_common.c | 16 +- drivers/net/ethernet/qlogic/qede/qede_filter.c | 14 +- drivers/net/hyperv/netvsc.c | 7 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/vxlan/vxlan_core.c | 49 ++- drivers/net/wireless/intel/iwlwifi/mvm/mld-sta.c | 7 +- drivers/net/wireless/intel/iwlwifi/queue/tx.c | 2 +- drivers/nvme/host/core.c | 2 +- drivers/nvme/host/nvme.h | 5 + drivers/nvme/host/pci.c | 14 +- drivers/nvmem/apple-efuses.c | 1 + drivers/nvmem/core.c | 8 +- drivers/nvmem/imx-ocotp-scu.c | 1 + drivers/nvmem/imx-ocotp.c | 1 + drivers/nvmem/meson-efuse.c | 1 + drivers/nvmem/meson-mx-efuse.c | 1 + drivers/nvmem/microchip-otpc.c | 1 + drivers/nvmem/mtk-efuse.c | 1 + drivers/nvmem/qcom-spmi-sdam.c | 1 + drivers/nvmem/qfprom.c | 1 + drivers/nvmem/rave-sp-eeprom.c | 1 + drivers/nvmem/rockchip-efuse.c | 1 + drivers/nvmem/sc27xx-efuse.c | 1 + drivers/nvmem/sec-qfprom.c | 1 + drivers/nvmem/sprd-efuse.c | 1 + drivers/nvmem/stm32-romem.c | 1 + drivers/nvmem/sunplus-ocotp.c | 1 + drivers/nvmem/sunxi_sid.c | 1 + drivers/nvmem/uniphier-efuse.c | 1 + drivers/nvmem/zynqmp_nvmem.c | 1 + drivers/pinctrl/aspeed/pinctrl-aspeed-g6.c | 34 +-- drivers/pinctrl/core.c | 8 +- drivers/pinctrl/devicetree.c | 10 +- drivers/pinctrl/intel/pinctrl-baytrail.c | 74 ++--- drivers/pinctrl/intel/pinctrl-intel.h | 4 + drivers/pinctrl/mediatek/pinctrl-paris.c | 40 +-- drivers/pinctrl/meson/pinctrl-meson-a1.c | 6 +- .../x86/intel/speed_select_if/isst_if_common.c | 1 + drivers/power/supply/mt6360_charger.c | 2 +- drivers/power/supply/rt9455_charger.c | 2 + drivers/regulator/core.c | 27 +- drivers/regulator/mt6360-regulator.c | 32 +- drivers/regulator/tps65132-regulator.c | 7 + drivers/rtc/nvmem.c | 1 + drivers/s390/cio/cio_inject.c | 2 +- drivers/s390/net/qeth_core_main.c | 69 ++--- drivers/scsi/bnx2fc/bnx2fc_tgt.c | 2 - drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 10 +- drivers/scsi/libsas/sas_expander.c | 2 +- drivers/scsi/lpfc/lpfc.h | 2 +- drivers/scsi/lpfc/lpfc_attr.c | 4 +- drivers/scsi/lpfc/lpfc_bsg.c | 20 +- drivers/scsi/lpfc/lpfc_debugfs.c | 12 +- drivers/scsi/lpfc/lpfc_els.c | 20 +- drivers/scsi/lpfc/lpfc_hbadisc.c | 5 +- drivers/scsi/lpfc/lpfc_init.c | 5 +- drivers/scsi/lpfc/lpfc_nvme.c | 4 +- drivers/scsi/lpfc/lpfc_scsi.c | 13 +- drivers/scsi/lpfc/lpfc_sli.c | 34 +-- drivers/scsi/lpfc/lpfc_vport.c | 8 +- drivers/scsi/mpi3mr/mpi3mr_app.c | 2 +- drivers/slimbus/qcom-ngd-ctrl.c | 6 +- drivers/spi/spi-axi-spi-engine.c | 229 +++++++------- drivers/spi/spi-hisi-kunpeng.c | 2 - drivers/spi/spi-microchip-core-qspi.c | 1 + drivers/spi/spi.c | 1 + drivers/target/target_core_configfs.c | 12 + drivers/ufs/core/ufs-mcq.c | 2 +- drivers/ufs/core/ufshcd.c | 9 +- drivers/uio/uio_hv_generic.c | 12 +- drivers/usb/core/hub.c | 5 +- drivers/usb/core/port.c | 8 +- drivers/usb/dwc3/core.c | 90 +++--- drivers/usb/dwc3/core.h | 1 + drivers/usb/dwc3/gadget.c | 2 + drivers/usb/dwc3/host.c | 27 ++ drivers/usb/gadget/composite.c | 6 +- drivers/usb/gadget/function/f_fs.c | 9 +- drivers/usb/gadget/function/uvc_configfs.c | 4 +- drivers/usb/host/ohci-hcd.c | 8 + drivers/usb/host/xhci-plat.h | 4 +- drivers/usb/host/xhci-rzv2m.c | 1 + drivers/usb/typec/tcpm/tcpm.c | 36 ++- drivers/usb/typec/ucsi/ucsi.c | 12 +- drivers/vfio/pci/vfio_pci.c | 2 + drivers/w1/slaves/w1_ds250x.c | 1 + fs/9p/fid.h | 3 - fs/9p/vfs_file.c | 2 + fs/9p/vfs_inode.c | 5 +- fs/9p/vfs_super.c | 1 + fs/btrfs/extent_io.c | 14 +- fs/btrfs/inode.c | 2 +- fs/btrfs/ordered-data.c | 1 + fs/btrfs/send.c | 4 +- fs/btrfs/transaction.c | 2 +- fs/btrfs/volumes.c | 18 +- fs/gfs2/bmap.c | 5 +- fs/nfs/client.c | 5 +- fs/nfs/inode.c | 13 +- fs/nfs/internal.h | 2 - fs/nfs/netns.h | 2 + fs/smb/client/cifsglob.h | 1 + fs/smb/client/connect.c | 8 + fs/smb/client/fs_context.c | 21 ++ fs/smb/client/fs_context.h | 2 + fs/smb/client/misc.c | 1 + fs/smb/client/smb2pdu.c | 11 + fs/smb/server/oplock.c | 35 ++- fs/smb/server/transport_tcp.c | 4 + fs/tracefs/event_inode.c | 74 ++--- fs/tracefs/inode.c | 92 +++++- fs/tracefs/internal.h | 14 +- fs/userfaultfd.c | 4 + fs/vboxsf/file.c | 1 + include/linux/compiler_types.h | 11 + include/linux/dma-fence.h | 7 - include/linux/gfp_types.h | 2 + include/linux/hyperv.h | 1 + include/linux/nvmem-provider.h | 2 + include/linux/pci_ids.h | 2 + include/linux/regmap.h | 8 + include/linux/regulator/consumer.h | 4 +- include/linux/skbuff.h | 15 + include/linux/skmsg.h | 2 + include/linux/slab.h | 2 +- include/linux/sunrpc/clnt.h | 1 + include/net/gro.h | 9 + include/net/xfrm.h | 3 + include/sound/emu10k1.h | 3 +- include/sound/sof.h | 7 +- include/trace/events/rxrpc.h | 2 +- include/uapi/linux/kfd_ioctl.h | 17 +- include/uapi/scsi/scsi_bsg_mpi3mr.h | 2 +- kernel/bpf/bloom_filter.c | 13 + kernel/bpf/verifier.c | 3 +- kernel/dma/swiotlb.c | 1 + kernel/workqueue.c | 8 +- lib/Kconfig.debug | 5 +- lib/dynamic_debug.c | 6 +- lib/maple_tree.c | 16 +- lib/scatterlist.c | 2 +- mm/hugetlb.c | 4 +- mm/readahead.c | 4 + net/8021q/vlan_core.c | 2 + net/bluetooth/hci_core.c | 3 +- net/bluetooth/hci_event.c | 2 + net/bluetooth/l2cap_core.c | 3 + net/bluetooth/msft.c | 2 +- net/bluetooth/msft.h | 4 +- net/bluetooth/sco.c | 4 + net/bridge/br_forward.c | 9 +- net/bridge/br_netlink.c | 3 +- net/core/filter.c | 42 ++- net/core/gro.c | 1 + net/core/link_watch.c | 4 +- net/core/net-sysfs.c | 4 +- net/core/net_namespace.c | 13 +- net/core/rtnetlink.c | 6 +- net/core/skbuff.c | 27 +- net/core/skmsg.c | 5 +- net/core/sock.c | 4 +- net/hsr/hsr_device.c | 31 +- net/ipv4/af_inet.c | 1 + net/ipv4/ip_output.c | 2 +- net/ipv4/raw.c | 3 + net/ipv4/tcp.c | 4 +- net/ipv4/tcp_input.c | 2 + net/ipv4/tcp_ipv4.c | 8 +- net/ipv4/tcp_output.c | 4 +- net/ipv4/udp.c | 3 +- net/ipv4/udp_offload.c | 15 +- net/ipv4/xfrm4_input.c | 6 +- net/ipv6/addrconf.c | 11 +- net/ipv6/fib6_rules.c | 6 +- net/ipv6/ip6_input.c | 4 +- net/ipv6/ip6_offload.c | 52 +++- net/ipv6/ip6_output.c | 4 +- net/ipv6/udp.c | 3 +- net/ipv6/udp_offload.c | 3 +- net/ipv6/xfrm6_input.c | 6 +- net/l2tp/l2tp_eth.c | 3 + net/mac80211/ieee80211_i.h | 4 +- net/mac80211/mlme.c | 5 +- net/mptcp/ctrl.c | 39 ++- net/mptcp/protocol.c | 3 + net/nfc/nci/core.c | 1 + net/nsh/nsh.c | 14 +- net/phonet/pn_netlink.c | 2 +- net/rxrpc/ar-internal.h | 2 +- net/rxrpc/call_object.c | 7 +- net/rxrpc/conn_event.c | 16 +- net/rxrpc/conn_object.c | 9 +- net/rxrpc/input.c | 71 +++-- net/rxrpc/output.c | 14 +- net/rxrpc/protocol.h | 6 +- net/smc/smc_ib.c | 19 +- net/sunrpc/clnt.c | 5 +- net/sunrpc/xprtsock.c | 1 + net/tipc/msg.c | 8 +- net/wireless/nl80211.c | 2 + net/wireless/trace.h | 2 +- net/xfrm/xfrm_input.c | 8 + rust/kernel/lib.rs | 2 +- rust/macros/module.rs | 185 +++++++----- scripts/Makefile.modfinal | 2 +- security/keys/key.c | 3 +- sound/hda/intel-sdw-acpi.c | 2 + sound/pci/emu10k1/emu10k1.c | 3 +- sound/pci/emu10k1/emu10k1_main.c | 139 +++++---- sound/pci/hda/patch_realtek.c | 1 + sound/soc/codecs/wsa881x.c | 1 + sound/soc/intel/avs/topology.c | 2 + sound/soc/meson/Kconfig | 1 + sound/soc/meson/axg-card.c | 1 + sound/soc/meson/axg-fifo.c | 56 ++-- sound/soc/meson/axg-fifo.h | 12 +- sound/soc/meson/axg-frddr.c | 5 +- sound/soc/meson/axg-tdm-interface.c | 34 ++- sound/soc/meson/axg-toddr.c | 22 +- sound/soc/sof/intel/hda-dsp.c | 20 +- sound/soc/sof/intel/pci-lnl.c | 3 + sound/soc/tegra/tegra186_dspk.c | 7 +- sound/soc/ti/davinci-mcasp.c | 12 +- sound/usb/line6/driver.c | 6 +- tools/include/linux/kernel.h | 1 + tools/include/linux/mm.h | 5 + tools/include/linux/panic.h | 19 ++ tools/power/x86/turbostat/turbostat.8 | 2 +- tools/power/x86/turbostat/turbostat.c | 45 ++- .../selftests/bpf/prog_tests/bloom_filter_map.c | 6 + .../testing/selftests/bpf/prog_tests/tc_redirect.c | 52 ---- .../ftrace/test.d/filter/event-filter-function.tc | 2 +- tools/testing/selftests/mm/Makefile | 6 +- .../selftests/net/test_bridge_neigh_suppress.sh | 333 ++++++++++----------- tools/testing/selftests/timers/valid-adjtimex.c | 73 +++-- 350 files changed, 3162 insertions(+), 1871 deletions(-)

1 year, 4 months

8
7
0 0

[PATCH] fs/ntfs3: Break dir enumeration if directory contents error

by Konstantin Komarov

Signed-off-by: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> Cc: stable(a)vger.kernel.org --- fs/ntfs3/dir.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/ntfs3/dir.c b/fs/ntfs3/dir.c index 5cf3d9decf64..45e556fd7c54 100644 --- a/fs/ntfs3/dir.c +++ b/fs/ntfs3/dir.c @@ -475,6 +475,7 @@ static int ntfs_readdir(struct file *file, struct dir_context *ctx) vbo = (u64)bit << index_bits; if (vbo >= i_size) { ntfs_inode_err(dir, "Looks like your dir is corrupt"); + ctx->pos = eod; err = -EINVAL; goto out; } -- 2.34.1

1 year, 4 months

1
1
0 0

FAILED: patch "[PATCH] eventfs: Do not differentiate the toplevel events directory" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x d53891d348ac3eceaf48f4732a1f4f5c0e0a55ce # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051624-efficient-jingle-fc71@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: d53891d348ac ("eventfs: Do not differentiate the toplevel events directory") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d53891d348ac3eceaf48f4732a1f4f5c0e0a55ce Mon Sep 17 00:00:00 2001 From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> Date: Thu, 2 May 2024 16:08:25 -0400 Subject: [PATCH] eventfs: Do not differentiate the toplevel events directory The toplevel events directory is really no different than the events directory of instances. Having the two be different caused inconsistencies and made it harder to fix the permissions bugs. Make all events directories act the same. Link: https://lore.kernel.org/linux-trace-kernel/20240502200905.846448710@goodmis… Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Fixes: 8186fff7ab649 ("tracefs/eventfs: Use root and instance inodes as default ownership") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index 15a2a9c3c62b..9dacf65c0b6e 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -68,7 +68,6 @@ enum { EVENTFS_SAVE_MODE = BIT(16), EVENTFS_SAVE_UID = BIT(17), EVENTFS_SAVE_GID = BIT(18), - EVENTFS_TOPLEVEL = BIT(19), }; #define EVENTFS_MODE_MASK (EVENTFS_SAVE_MODE - 1) @@ -239,14 +238,10 @@ static int eventfs_set_attr(struct mnt_idmap *idmap, struct dentry *dentry, return ret; } -static void update_top_events_attr(struct eventfs_inode *ei, struct super_block *sb) +static void update_events_attr(struct eventfs_inode *ei, struct super_block *sb) { struct inode *root; - /* Only update if the "events" was on the top level */ - if (!ei || !(ei->attr.mode & EVENTFS_TOPLEVEL)) - return; - /* Get the tracefs root inode. */ root = d_inode(sb->s_root); ei->attr.uid = root->i_uid; @@ -259,10 +254,10 @@ static void set_top_events_ownership(struct inode *inode) struct eventfs_inode *ei = ti->private; /* The top events directory doesn't get automatically updated */ - if (!ei || !ei->is_events || !(ei->attr.mode & EVENTFS_TOPLEVEL)) + if (!ei || !ei->is_events) return; - update_top_events_attr(ei, inode->i_sb); + update_events_attr(ei, inode->i_sb); if (!(ei->attr.mode & EVENTFS_SAVE_UID)) inode->i_uid = ei->attr.uid; @@ -291,7 +286,7 @@ static int eventfs_permission(struct mnt_idmap *idmap, return generic_permission(idmap, inode, mask); } -static const struct inode_operations eventfs_root_dir_inode_operations = { +static const struct inode_operations eventfs_dir_inode_operations = { .lookup = eventfs_root_lookup, .setattr = eventfs_set_attr, .getattr = eventfs_get_attr, @@ -359,7 +354,7 @@ static struct eventfs_inode *eventfs_find_events(struct dentry *dentry) // Walk upwards until you find the events inode } while (!ei->is_events); - update_top_events_attr(ei, dentry->d_sb); + update_events_attr(ei, dentry->d_sb); return ei; } @@ -465,7 +460,7 @@ static struct dentry *lookup_dir_entry(struct dentry *dentry, update_inode_attr(dentry, inode, &ei->attr, S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO); - inode->i_op = &eventfs_root_dir_inode_operations; + inode->i_op = &eventfs_dir_inode_operations; inode->i_fop = &eventfs_file_operations; /* All directories will have the same inode number */ @@ -845,14 +840,6 @@ struct eventfs_inode *eventfs_create_events_dir(const char *name, struct dentry uid = d_inode(dentry->d_parent)->i_uid; gid = d_inode(dentry->d_parent)->i_gid; - /* - * If the events directory is of the top instance, then parent - * is NULL. Set the attr.mode to reflect this and its permissions will - * default to the tracefs root dentry. - */ - if (!parent) - ei->attr.mode = EVENTFS_TOPLEVEL; - /* This is used as the default ownership of the files and directories */ ei->attr.uid = uid; ei->attr.gid = gid; @@ -861,13 +848,13 @@ struct eventfs_inode *eventfs_create_events_dir(const char *name, struct dentry INIT_LIST_HEAD(&ei->list); ti = get_tracefs(inode); - ti->flags |= TRACEFS_EVENT_INODE | TRACEFS_EVENT_TOP_INODE; + ti->flags |= TRACEFS_EVENT_INODE; ti->private = ei; inode->i_mode = S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO; inode->i_uid = uid; inode->i_gid = gid; - inode->i_op = &eventfs_root_dir_inode_operations; + inode->i_op = &eventfs_dir_inode_operations; inode->i_fop = &eventfs_file_operations; dentry->d_fsdata = get_ei(ei); diff --git a/fs/tracefs/internal.h b/fs/tracefs/internal.h index 29f0c999975b..f704d8348357 100644 --- a/fs/tracefs/internal.h +++ b/fs/tracefs/internal.h @@ -4,10 +4,9 @@ enum { TRACEFS_EVENT_INODE = BIT(1), - TRACEFS_EVENT_TOP_INODE = BIT(2), - TRACEFS_GID_PERM_SET = BIT(3), - TRACEFS_UID_PERM_SET = BIT(4), - TRACEFS_INSTANCE_INODE = BIT(5), + TRACEFS_GID_PERM_SET = BIT(2), + TRACEFS_UID_PERM_SET = BIT(3), + TRACEFS_INSTANCE_INODE = BIT(4), }; struct tracefs_inode {

1 year, 4 months

2
1
0 0

FAILED: patch "[PATCH] eventfs: Do not differentiate the toplevel events directory" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x d53891d348ac3eceaf48f4732a1f4f5c0e0a55ce # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051627-armoire-sleep-3906@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: d53891d348ac ("eventfs: Do not differentiate the toplevel events directory") 99c001cb617d ("tracefs: Avoid using the ei->dentry pointer unnecessarily") 8186fff7ab64 ("tracefs/eventfs: Use root and instance inodes as default ownership") ad579864637a ("tracefs: Check for dentry->d_inode exists in set_gid()") 7e8358edf503 ("eventfs: Fix file and directory uid and gid ownership") 0dfc852b6fe3 ("eventfs: Have event files and directories default to parent uid and gid") 28e12c09f5aa ("eventfs: Save ownership and mode") db3a397209b0 ("eventfs: Have a free_ei() that just frees the eventfs_inode") f2f496370afc ("eventfs: Remove "is_freed" union with rcu head") 29e06c10702e ("eventfs: Fix typo in eventfs_inode union comment") 5790b1fb3d67 ("eventfs: Remove eventfs_file and just use eventfs_inode") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d53891d348ac3eceaf48f4732a1f4f5c0e0a55ce Mon Sep 17 00:00:00 2001 From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> Date: Thu, 2 May 2024 16:08:25 -0400 Subject: [PATCH] eventfs: Do not differentiate the toplevel events directory The toplevel events directory is really no different than the events directory of instances. Having the two be different caused inconsistencies and made it harder to fix the permissions bugs. Make all events directories act the same. Link: https://lore.kernel.org/linux-trace-kernel/20240502200905.846448710@goodmis… Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Fixes: 8186fff7ab649 ("tracefs/eventfs: Use root and instance inodes as default ownership") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index 15a2a9c3c62b..9dacf65c0b6e 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -68,7 +68,6 @@ enum { EVENTFS_SAVE_MODE = BIT(16), EVENTFS_SAVE_UID = BIT(17), EVENTFS_SAVE_GID = BIT(18), - EVENTFS_TOPLEVEL = BIT(19), }; #define EVENTFS_MODE_MASK (EVENTFS_SAVE_MODE - 1) @@ -239,14 +238,10 @@ static int eventfs_set_attr(struct mnt_idmap *idmap, struct dentry *dentry, return ret; } -static void update_top_events_attr(struct eventfs_inode *ei, struct super_block *sb) +static void update_events_attr(struct eventfs_inode *ei, struct super_block *sb) { struct inode *root; - /* Only update if the "events" was on the top level */ - if (!ei || !(ei->attr.mode & EVENTFS_TOPLEVEL)) - return; - /* Get the tracefs root inode. */ root = d_inode(sb->s_root); ei->attr.uid = root->i_uid; @@ -259,10 +254,10 @@ static void set_top_events_ownership(struct inode *inode) struct eventfs_inode *ei = ti->private; /* The top events directory doesn't get automatically updated */ - if (!ei || !ei->is_events || !(ei->attr.mode & EVENTFS_TOPLEVEL)) + if (!ei || !ei->is_events) return; - update_top_events_attr(ei, inode->i_sb); + update_events_attr(ei, inode->i_sb); if (!(ei->attr.mode & EVENTFS_SAVE_UID)) inode->i_uid = ei->attr.uid; @@ -291,7 +286,7 @@ static int eventfs_permission(struct mnt_idmap *idmap, return generic_permission(idmap, inode, mask); } -static const struct inode_operations eventfs_root_dir_inode_operations = { +static const struct inode_operations eventfs_dir_inode_operations = { .lookup = eventfs_root_lookup, .setattr = eventfs_set_attr, .getattr = eventfs_get_attr, @@ -359,7 +354,7 @@ static struct eventfs_inode *eventfs_find_events(struct dentry *dentry) // Walk upwards until you find the events inode } while (!ei->is_events); - update_top_events_attr(ei, dentry->d_sb); + update_events_attr(ei, dentry->d_sb); return ei; } @@ -465,7 +460,7 @@ static struct dentry *lookup_dir_entry(struct dentry *dentry, update_inode_attr(dentry, inode, &ei->attr, S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO); - inode->i_op = &eventfs_root_dir_inode_operations; + inode->i_op = &eventfs_dir_inode_operations; inode->i_fop = &eventfs_file_operations; /* All directories will have the same inode number */ @@ -845,14 +840,6 @@ struct eventfs_inode *eventfs_create_events_dir(const char *name, struct dentry uid = d_inode(dentry->d_parent)->i_uid; gid = d_inode(dentry->d_parent)->i_gid; - /* - * If the events directory is of the top instance, then parent - * is NULL. Set the attr.mode to reflect this and its permissions will - * default to the tracefs root dentry. - */ - if (!parent) - ei->attr.mode = EVENTFS_TOPLEVEL; - /* This is used as the default ownership of the files and directories */ ei->attr.uid = uid; ei->attr.gid = gid; @@ -861,13 +848,13 @@ struct eventfs_inode *eventfs_create_events_dir(const char *name, struct dentry INIT_LIST_HEAD(&ei->list); ti = get_tracefs(inode); - ti->flags |= TRACEFS_EVENT_INODE | TRACEFS_EVENT_TOP_INODE; + ti->flags |= TRACEFS_EVENT_INODE; ti->private = ei; inode->i_mode = S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO; inode->i_uid = uid; inode->i_gid = gid; - inode->i_op = &eventfs_root_dir_inode_operations; + inode->i_op = &eventfs_dir_inode_operations; inode->i_fop = &eventfs_file_operations; dentry->d_fsdata = get_ei(ei); diff --git a/fs/tracefs/internal.h b/fs/tracefs/internal.h index 29f0c999975b..f704d8348357 100644 --- a/fs/tracefs/internal.h +++ b/fs/tracefs/internal.h @@ -4,10 +4,9 @@ enum { TRACEFS_EVENT_INODE = BIT(1), - TRACEFS_EVENT_TOP_INODE = BIT(2), - TRACEFS_GID_PERM_SET = BIT(3), - TRACEFS_UID_PERM_SET = BIT(4), - TRACEFS_INSTANCE_INODE = BIT(5), + TRACEFS_GID_PERM_SET = BIT(2), + TRACEFS_UID_PERM_SET = BIT(3), + TRACEFS_INSTANCE_INODE = BIT(4), }; struct tracefs_inode {

1 year, 4 months

1
0
0 0

Re: Rtnetlink GETADDR request for 1 specific interface only (by ID)

by Greg KH

On Thu, May 16, 2024 at 04:50:34AM -0700, Alexander Sergeev wrote: > Good afternoon! > > Thank you for your advice! Unfortunately, I couldn't find any way or > form for reporting issues in netlink, so I decided to use a bug > reporting guide for kernel in general. Could you please let me know > where could I forward this information? How could I contact netlink > development team? The NETWORKING section of the MAINTAINERS file lists: netdev(a)vger.kernel.org as the proper place to go. greg k-h

1 year, 4 months

1
0
0 0

[PATCH] fs/ntfs3: Fix case when index is reused during tree transformation

by Konstantin Komarov

Fixes: 82cae269cfa95 ("fs/ntfs3: Add initialization of super block") Signed-off-by: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> Cc: stable(a)vger.kernel.org --- fs/ntfs3/index.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/fs/ntfs3/index.c b/fs/ntfs3/index.c index daabaad63aaf..14284f0ed46a 100644 --- a/fs/ntfs3/index.c +++ b/fs/ntfs3/index.c @@ -1533,6 +1533,11 @@ static int indx_add_allocate(struct ntfs_index *indx, struct ntfs_inode *ni, goto out1; } + if (data_size <= le64_to_cpu(alloc->nres.data_size)) { + /* Reuse index. */ + goto out; + } + /* Increase allocation. */ err = attr_set_size(ni, ATTR_ALLOC, in->name, in->name_len, &indx->alloc_run, data_size, &data_size, true, @@ -1546,6 +1551,7 @@ static int indx_add_allocate(struct ntfs_index *indx, struct ntfs_inode *ni, if (in->name == I30_NAME) i_size_write(&ni->vfs_inode, data_size); +out: *vbn = bit << indx->idx2vbn_bits; return 0; -- 2.34.1

1 year, 4 months

2
2
0 0

Rtnetlink GETADDR request for 1 specific interface only (by ID)

by Alexander Sergeev

Good morning! Recently, I have found an issue with `rtnetlink` library that seems to be not intended and/or documented. I have asked about it several times, including here and it was also reported here. Neither in related RFC document nor in rtnetlink manuals the issue is described or mentioned. In a few words, the issue is: for some reason, rtnetlink GETADDR request works only with NLM_F_ROOT or NLM_F_DUMP flags. Consequently, for instance, filtering by ifa_index field, that would *theoretically* according to docs, allow us to receive address info for 1 specific interface only (by ID) , is not possible. For comparison, similar functionality to GETLINK request (getting information about exactly 1 link by index) is indeed very possible. Instead of the expected output (information about 1 interface only), what is returned is an error message with errno -95, which, as I suppose, can be read as "operation not permitted". To this email, I attach a small C file illustrating my issue. Feel free to change IFACE_ID define for ID of any network interface present in your system. It illustrates the error. Please, let me know what you think about this issue. Am I missing something or does it really needs fixing or at least documenting? Best regards, Aleksandr Sergeev. P.S. I have been told that this issue probably won't be addressed, because it "can easily be fixed in user space", however I believe in Linux kernel maintainers team dedication for clear, well-documented and bug-free code; so if this issue is not hard to fix, I would suggest addressing it at least in docs. If it can be useful, I would be more than grateful to provide my help with it.

1 year, 4 months

2
1
0 0

[PATCH 6.1 000/243] 6.1.91-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.91 release. There are 243 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 17 May 2024 08:23:27 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.91-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.91-rc2 Li Nan <linan122(a)huawei.com> md: fix kmemleak of rdev->serial Oscar Salvador <osalvador(a)suse.de> mm,swapops: update check in is_pfn_swap_entry for hwpoison entries Miaohe Lin <linmiaohe(a)huawei.com> mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() Qu Wenruo <wqu(a)suse.com> btrfs: do not wait for short bulk allocation Silvio Gissi <sifonsec(a)amazon.com> keys: Fix overwrite of key expiration on instantiation Nikhil Rao <nikhil.rao(a)intel.com> dmaengine: idxd: add a write() method for applications to submit work Arjan van de Ven <arjan(a)linux.intel.com> dmaengine: idxd: add a new security check to deal with a hardware erratum Arjan van de Ven <arjan(a)linux.intel.com> VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix firmware check error path Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix info leak when fetching fw build id Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix info leak when fetching board id Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix NVM configuration parsing Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: add missing firmware sanity checks Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: do not grant v2 lease if parent lease key and epoch are not set Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: avoid to send duplicate lease break notifications Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: off ipv6only for both ipv4/ipv6 binding Conor Dooley <conor.dooley(a)microchip.com> spi: microchip-core-qspi: fix setting spi bus clock rate Johan Hovold <johan+linaro(a)kernel.org> regulator: core: fix debugfs creation regression Kefeng Wang <wangkefeng.wang(a)huawei.com> mm: use memalloc_nofs_save() in page_cache_ra_order() Lakshmi Yadlapati <lakshmiy(a)us.ibm.com> hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> net: fix out-of-bounds access in ops_init George Shen <george.shen(a)amd.com> drm/amd/display: Handle Y carry-over in VCP X.Y calculation Karthikeyan Ramasubramanian <kramasub(a)chromium.org> drm/i915/bios: Fix parsing backlight BDB data Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix invalid reads in fence signaled events Alex Deucher <alexander.deucher(a)amd.com> drm/amdkfd: don't allow mapping the MMIO HDP page with large pages Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add lunar lake point M DID Viken Dadhaniya <quic_vdadhani(a)quicinc.com> slimbus: qcom-ngd-ctrl: Add timeout for wait operation Jim Cromie <jim.cromie(a)gmail.com> dyndbg: fix old BUG_ON in >control parser Joao Paulo Goncalves <joao.goncalves(a)toradex.com> ASoC: ti: davinci-mcasp: Fix race condition during probe Sameer Pujar <spujar(a)nvidia.com> ASoC: tegra: Fix DSPK 16-bit playback Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize UMAC_CMD access Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access Paolo Abeni <pabeni(a)redhat.com> tipc: fix UAF in error path Alexander Potapenko <glider(a)google.com> kmsan: compiler_types: declare __no_sanitize_or_inline Hans de Goede <hdegoede(a)redhat.com> iio: accel: mxc4005: Interrupt handling fixes Ramona Gradinariu <ramona.bolboaca13(a)gmail.com> iio:imu: adis16475: Fix sync mode setting Javier Carrasco <javier.carrasco.cruz(a)gmail.com> dt-bindings: iio: health: maxim,max30102: fix compatible check Paolo Abeni <pabeni(a)redhat.com> mptcp: ensure snd_nxt is properly initialized on connect Dan Carpenter <dan.carpenter(a)linaro.org> mm/slab: make __free(kfree) accept error pointers Dominique Martinet <dominique.martinet(a)atmark-techno.com> btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() Aman Dhoot <amandhoot12(a)gmail.com> ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU Badhri Jagan Sridharan <badhri(a)google.com> usb: typec: tcpm: Check for port partner validity before consuming it Amit Sunil Dhamne <amitsd(a)google.com> usb: typec: tcpm: unregister existing source caps before re-registration Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: core: Prevent phy suspend during init Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: xhci-plat: Don't include xhci.h Chris Wulff <Chris.Wulff(a)biamp.com> usb: gadget: f_fs: Fix a race condition when processing setup packets. Peter Korsgaard <peter(a)korsgaard.com> usb: gadget: composite: fix OS descriptors w_value logic Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix access violation during port device removal Guenter Roeck <linux(a)roeck-us.net> usb: ohci: Prevent missed ohci interrupts Alan Stern <stern(a)rowland.harvard.edu> usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Fix connector check on init Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Check for notifications after init Benno Lossin <benno.lossin(a)proton.me> rust: macros: fix soundness issue in `module!` macro Thomas Bertschinger <tahbertschinger(a)gmail.com> rust: module: place generated init_module() function in .init.text Andrea Righi <andrea.righi(a)canonical.com> btf, scripts: rust: drop is_rust_module.sh Andrea Righi <andrea.righi(a)canonical.com> rust: fix regexp in scripts/is_rust_module.sh Asahi Lina <lina(a)asahilina.net> rust: error: Rename to_kernel_errno() -> to_errno() Linus Torvalds <torvalds(a)linux-foundation.org> Reapply "drm/qxl: simplify qxl_fence_wait" Thanassis Avgerinos <thanassis.avgerinos(a)gmail.com> firewire: nosy: ensure user_length is taken into account when fetching packet contents Dmitry Antipov <dmantipov(a)yandex.ru> btrfs: fix kvcalloc() arguments order in btrfs_ioctl_send() Christian König <christian.koenig(a)amd.com> drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 Leah Rumancik <leah.rumancik(a)gmail.com> MAINTAINERS: add leah to 6.1 MAINTAINERS file Gabe Teeger <gabe.teeger(a)amd.com> drm/amd/display: Atom Integrated System Info v2_2 for DCN35 Kent Gibson <warthog618(a)gmail.com> gpiolib: cdev: fix uninitialised kfifo Kent Gibson <warthog618(a)gmail.com> gpiolib: cdev: relocate debounce_period_us from struct gpio_desc Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: cdev: Add missing header(s) Mario Limonciello <mario.limonciello(a)amd.com> dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users Douglas Anderson <dianders(a)chromium.org> drm/connector: Add \n to message about demoting connector force-probes Jerome Brunet <jbrunet(a)baylibre.com> drm/meson: dw-hdmi: add bandgap setting for g12 Jerome Brunet <jbrunet(a)baylibre.com> drm/meson: dw-hdmi: power up phy on device init Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix kernel crash when devlink reload during initialization Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix port vlan filter not disabled issue Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: use appropriate barrier function after setting a bit value Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: release PTP resources if pf initialization failed Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: change type of numa_node_mask as nodemask_t Jian Shen <shenjian15(a)huawei.com> net: hns3: direct return when receive a unknown mailbox message Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: using user configure after hardware reset Wen Gu <guwen(a)linux.alibaba.com> net/smc: fix neighbour and rtable leak in smc_ib_find_route() Eric Dumazet <edumazet(a)google.com> ipv6: prevent NULL dereference in ip6_output() Eric Dumazet <edumazet(a)google.com> ipv6: annotate data-races around cnf.disable_ipv6 Lukasz Majewski <lukma(a)denx.de> hsr: Simplify code for announcing HSR nodes timer setup Eric Dumazet <edumazet(a)google.com> net-sysfs: convert dev->operstate reads to lockless ones Thomas Gleixner <tglx(a)linutronix.de> timers: Rename del_timer() to timer_delete() Thomas Gleixner <tglx(a)linutronix.de> timers: Get rid of del_singleshot_timer_sync() Eric Dumazet <edumazet(a)google.com> ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() Felix Fietkau <nbd(a)nbd.name> net: bridge: fix corrupted ethernet header on multicast-to-unicast Eric Dumazet <edumazet(a)google.com> phonet: fix rtm_phonet_notify() skb allocation Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use a separate buffer for sending commands Roded Zats <rzats(a)paloaltonetworks.com> rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Marek Vasut <marex(a)denx.de> net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout Sungwoo Kim <iam(a)sung-woo.kim> Bluetooth: msft: fix slab-use-after-free in msft_do_close() Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Eric Dumazet <edumazet(a)google.com> tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets Boy.Wu <boy.wu(a)mediatek.com> ARM: 9381/1: kasan: clear stale stack poison Paul Davey <paul.davey(a)alliedtelesis.co.nz> xfrm: Preserve vlan tags for transport mode software GRO Al Viro <viro(a)zeniv.linux.org.uk> qibfs: fix dentry leak Namhyung Kim <namhyung(a)kernel.org> perf unwind-libdw: Handle JIT-generated DSOs properly Namhyung Kim <namhyung(a)kernel.org> perf unwind-libunwind: Fix base address for .eh_frame Geert Uytterhoeven <geert+renesas(a)glider.be> spi: Merge spi_controller.{slave,target}_abort() Miguel Ojeda <ojeda(a)kernel.org> kbuild: rust: avoid creating temporary files Vanillan Wang <vanillanwang(a)163.com> net:usb:qmi_wwan: support Rolling modules Lyude Paul <lyude(a)redhat.com> drm/nouveau/dp: Don't probe eDP ports twice harder Joakim Sindholt <opensource(a)zhasha.com> fs/9p: drop inodes immediately on non-.L too Stephen Boyd <sboyd(a)kernel.org> clk: Don't hold prepare_lock when calling kref_put() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: crystalcove: Use -ENOTSUPP consistently Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: wcove: Use -ENOTSUPP consistently Jeff Layton <jlayton(a)kernel.org> 9p: explicitly deny setlease attempts Joakim Sindholt <opensource(a)zhasha.com> fs/9p: translate O_TRUNC into OTRUNC Joakim Sindholt <opensource(a)zhasha.com> fs/9p: only translate RWX permissions for plain 9P2000 Krzysztof Kozlowski <krzk(a)kernel.org> iommu: mtk: fix module autoloading Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted Rick Edgecombe <rick.p.edgecombe(a)intel.com> uio_hv_generic: Don't free decrypted memory Rick Edgecombe <rick.p.edgecombe(a)intel.com> Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl John Stultz <jstultz(a)google.com> selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Refine IB schedule error logging Justin Ernst <justin.ernst(a)hpe.com> tools/power/turbostat: Fix uncore frequency file string Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: scall: Save thread_info.syscall unconditionally on entry Thierry Reding <treding(a)nvidia.com> gpu: host1x: Do not setup DMA for virtual devices Rik van Riel <riel(a)surriel.com> blk-iocost: avoid out of bounds shift Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix SELinux error when systemd-modules loads the target module Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `BIT' Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `panic' Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `early_pfn_to_nid' Boris Burkov <boris(a)bur.io> btrfs: always clear PERTRANS metadata during commit Boris Burkov <boris(a)bur.io> btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve Peng Liu <liupeng17(a)lenovo.com> tools/power turbostat: Fix Bzy_MHz documentation typo Wyes Karny <wyes.karny(a)amd.com> tools/power turbostat: Increase the limit for fd opened Doug Smythies <dsmythies(a)telus.net> tools/power turbostat: Fix added raw MSR output Adam Goldman <adamg(a)pobox.com> firewire: ohci: mask bus reset interrupts between ISR and bottom half Chen Ni <nichen(a)iscas.ac.cn> ata: sata_gemini: Check clk_enable() result Phil Elwell <phil(a)raspberrypi.com> net: bcmgenet: Reset RBUF on first open Li Nan <linan122(a)huawei.com> block: fix overflow in blk_ioctl_discard() Takashi Iwai <tiwai(a)suse.de> ALSA: line6: Zero-initialize message buffers Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: WLUN suspend dev/link state error recovery Borislav Petkov (AMD) <bp(a)alien8.de> kbuild: Disable KCSAN for autogenerated *.mod.c intermediaries Andrei Matei <andreimatei1(a)gmail.com> bpf: Check bloom filter map value size Anand Jain <anand.jain(a)oracle.com> btrfs: return accurate error code on open failure in open_fs_devices() Saurav Kashyap <skashyap(a)marvell.com> scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> scsi: mpi3mr: Avoid memcpy field-spanning write WARNING linke li <lilinke99(a)qq.com> net: mark racy access on sk->sk_rcvbuf Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> wifi: cfg80211: fix rdev_dump_mpp() arguments order Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc Andrew Price <anprice(a)redhat.com> gfs2: Fix invalid metadata access in punch_hole Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Move NPIV's transport unregistration to after resource clean up Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() Marc Zyngier <maz(a)kernel.org> KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id Gaurav Batra <gbatra(a)linux.ibm.com> powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE Nayna Jain <nayna(a)linux.ibm.com> powerpc/pseries: make max polling consistent for longer H_CALLs Russell Currey <ruscur(a)russell.cc> powerpc/pseries: Move PLPKS constants to header file Nayna Jain <nayna(a)linux.ibm.com> powerpc/pseries: replace kmalloc with kzalloc in PLPKS driver Jernej Skrabec <jernej.skrabec(a)gmail.com> clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change Richard Gobert <richardbgobert(a)gmail.com> net: gro: add flush check in udp_gro_receive_segment Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Use predefined error codes Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Respect deferred probe Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: Fix kernel panic after setting hsuid Guillaume Nault <gnault(a)redhat.com> vxlan: Pull inner IP header in vxlan_rcv(). Xin Long <lucien.xin(a)gmail.com> tipc: fix a possible memleak in tipc_buf_append Felix Fietkau <nbd(a)nbd.name> net: core: reject skb_copy(_expand) for fraglist GSO skbs Felix Fietkau <nbd(a)nbd.name> net: bridge: fix multicast-to-unicast with fraglist GSO Mans Rullgard <mans(a)mansr.com> spi: fix null pointer dereference within spi_sync Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> cxgb4: Properly lock TX queue for the selftest. Bui Quang Minh <minhquangbui99(a)gmail.com> s390/cio: Ensure the copied buf is NUL terminated Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: cards: select SND_DYNAMIC_MINORS Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-tdm-interface: manage formatters in trigger Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-card: make links nonatomic Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-fifo: use threaded irq to check periods Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-fifo: use FIELD helpers Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_actions() Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flow_spec Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flower Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() Jens Remus <jremus(a)linux.ibm.com> s390/vdso: Add CFI for RA register to asm macro vdso_func David Bauer <mail(a)david-bauer.net> net l2tp: drop flow hash on forward Kuniyuki Iwashima <kuniyu(a)amazon.com> nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). Bui Quang Minh <minhquangbui99(a)gmail.com> octeontx2-af: avoid off-by-one read from userspace Bui Quang Minh <minhquangbui99(a)gmail.com> bna: ensure the copied buf is NUL terminated Toke Høiland-Jørgensen <toke(a)redhat.com> xdp: use flags field to disambiguate broadcast redirect Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix clearing storage keys for huge pages Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix storage key clearing for guest huge pages Xu Kuohai <xukuohai(a)huawei.com> bpf, arm64: Fix incorrect runtime stats Devyn Liu <liudingyuan(a)huawei.com> spi: hisi-kunpeng: Delete the dump interface of data registers in debugfs David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: fix version format string David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: use common AXI macros David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: move msg state to new struct David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: use devm_spi_alloc_host() David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: simplify driver data allocation Li Zetao <lizetao1(a)huawei.com> spi: spi-axi-spi-engine: Use helper function devm_clk_get_enabled() Yang Yingliang <yangyingliang(a)huawei.com> spi: spi-axi-spi-engine: switch to use modern name Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> spi: axi-spi-engine: Convert to platform remove callback returning void Yang Yingliang <yangyingliang(a)huawei.com> spi: introduce new helpers with using modern naming Anton Protopopov <aspsk(a)isovalent.com> bpf: Fix a verifier verbose message Yi Zhang <yi.zhang(a)redhat.com> nvme: fix warn output about shared namespaces without CONFIG_NVME_MULTIPATH Jason Xing <kernelxing(a)tencent.com> bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Andrii Nakryiko <andrii(a)kernel.org> bpf, kconfig: Fix DEBUG_INFO_BTF_MODULES Kconfig definition Matti Vaittinen <mazziesaccount(a)gmail.com> regulator: change devm_regulator_get_enable_optional() stub to return Ok Matti Vaittinen <mazziesaccount(a)gmail.com> regulator: change stubbed devm_regulator_get_enable to return Ok AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> regulator: mt6360: De-capitalize devicetree regulator subnodes Zeng Heng <zengheng4(a)huawei.com> pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> power: supply: mt6360_charger: Fix of_match for usb-otg-vbus regulator Arnd Bergmann <arnd(a)arndb.de> power: rt9455: hide unused rt9455_boost_voltage_values Hans de Goede <hdegoede(a)redhat.com> pinctrl: baytrail: Fix selecting gpio pinctrl state Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: intel: Make use of struct pinfunction and PINCTRL_PINFUNCTION() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: Introduce struct pinfunction and PINCTRL_PINFUNCTION() macro Kuniyuki Iwashima <kuniyu(a)amazon.com> nfs: Handle error of rpc_proc_register() in nfs_net_init(). Josef Bacik <josef(a)toxicpanda.com> nfs: make the rpc_stat per net namespace Josef Bacik <josef(a)toxicpanda.com> nfs: expose /proc/net/sunrpc/nfs in net namespaces Josef Bacik <josef(a)toxicpanda.com> sunrpc: add a struct rpc_stats arg to rpc_create_args Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback Dan Carpenter <dan.carpenter(a)linaro.org> pinctrl: core: delete incorrect free in pinctrl_enable() Jan Dakinevich <jan.dakinevich(a)salutedevices.com> pinctrl/meson: fix typo in PDM's pin name Billy Tsai <billy_tsai(a)aspeedtech.com> pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T Steve French <stfrench(a)microsoft.com> smb3: missing lock when picking channel Shyam Prasad N <sprasad(a)microsoft.com> cifs: use the least loaded channel for sending requests Masahiro Yamada <masahiroy(a)kernel.org> kbuild: specify output names separately for each emission type from rustc Masahiro Yamada <masahiroy(a)kernel.org> kbuild: refactor host*_flags Peter Xu <peterx(a)redhat.com> mm/hugetlb: fix missing hugetlb_lock for resv uncharge Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm/hugetlb_cgroup: convert hugetlb_cgroup_uncharge_page() to folios Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm/hugetlb: convert free_huge_page to folios Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm/hugetlb_cgroup: convert hugetlb_cgroup_from_page() to folios Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm/hugetlb_cgroup: convert __set_hugetlb_cgroup() to folios Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm/hugetlb: add folio_hstate() Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm/hugetlb: add hugetlb_folio_subpool() helpers Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm: add private field of first tail to struct page and struct folio Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm/hugetlb: add folio support to hugetlb specific flag macros Tim Jiang <quic_tjiang(a)quicinc.com> Bluetooth: qca: add support for QCA2066 Daniel Okazaki <dtokazaki(a)google.com> eeprom: at24: fix memory corruption race condition Heiner Kallweit <hkallweit1(a)gmail.com> eeprom: at24: Probe for DDR3 thermal sensor in the SPD case Alexander Stein <alexander.stein(a)ew.tq-group.com> eeprom: at24: Use dev_err_probe for nvmem register failure Wedson Almeida Filho <walmeida(a)microsoft.com> rust: kernel: require `Send` for `Module` implementations Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: don't free NULL coalescing rule Vinod Koul <vkoul(a)kernel.org> dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state" Bumyong Lee <bumyong.lee(a)samsung.com> dmaengine: pl330: issue_pending waits until WFP state ------------- Diffstat: .../bindings/iio/health/maxim,max30102.yaml | 2 +- MAINTAINERS | 1 + Makefile | 4 +- arch/arm/kernel/sleep.S | 4 + arch/arm64/kvm/vgic/vgic-kvm-device.c | 12 +- arch/arm64/net/bpf_jit_comp.c | 6 +- arch/mips/include/asm/ptrace.h | 2 +- arch/mips/kernel/asm-offsets.c | 1 + arch/mips/kernel/ptrace.c | 15 +- arch/mips/kernel/scall32-o32.S | 23 +- arch/mips/kernel/scall64-n32.S | 3 +- arch/mips/kernel/scall64-n64.S | 3 +- arch/mips/kernel/scall64-o32.S | 33 +-- arch/powerpc/platforms/pseries/iommu.c | 8 + arch/powerpc/platforms/pseries/plpks.c | 62 ++--- arch/powerpc/platforms/pseries/plpks.h | 35 ++- arch/s390/include/asm/dwarf.h | 1 + arch/s390/kernel/vdso64/vdso_user_wrapper.S | 2 + arch/s390/mm/gmap.c | 2 +- arch/s390/mm/hugetlbpage.c | 2 +- block/blk-iocost.c | 7 +- block/ioctl.c | 5 +- drivers/ata/sata_gemini.c | 5 +- drivers/bluetooth/btqca.c | 162 +++++++++++- drivers/bluetooth/btqca.h | 6 +- drivers/bluetooth/hci_qca.c | 11 + drivers/char/tpm/tpm-dev-common.c | 4 +- drivers/clk/clk.c | 12 +- drivers/clk/sunxi-ng/ccu-sun50i-h6.c | 19 +- drivers/dma/idxd/cdev.c | 77 ++++++ drivers/dma/idxd/idxd.h | 3 + drivers/dma/idxd/init.c | 4 + drivers/dma/idxd/registers.h | 3 - drivers/dma/idxd/sysfs.c | 27 +- drivers/firewire/nosy.c | 6 +- drivers/firewire/ohci.c | 6 +- drivers/gpio/gpio-crystalcove.c | 2 +- drivers/gpio/gpio-wcove.c | 2 +- drivers/gpio/gpiolib-cdev.c | 183 ++++++++++++-- drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 14 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 52 ++-- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 7 +- drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 1 + .../display/dc/dcn31/dcn31_hpo_dp_link_encoder.c | 6 + .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c | 2 +- drivers/gpu/drm/drm_connector.c | 2 +- drivers/gpu/drm/i915/display/intel_bios.c | 19 +- drivers/gpu/drm/i915/display/intel_vbt_defs.h | 5 - drivers/gpu/drm/meson/meson_dw_hdmi.c | 70 +++--- drivers/gpu/drm/nouveau/nouveau_dp.c | 13 +- drivers/gpu/drm/panel/panel-ilitek-ili9341.c | 8 +- drivers/gpu/drm/qxl/qxl_release.c | 50 +--- drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 +- drivers/gpu/host1x/bus.c | 8 - drivers/hv/channel.c | 29 ++- drivers/hwmon/corsair-cpro.c | 43 +++- drivers/hwmon/pmbus/ucd9000.c | 6 +- drivers/iio/accel/mxc4005.c | 24 +- drivers/iio/imu/adis16475.c | 4 +- drivers/infiniband/hw/qib/qib_fs.c | 1 + drivers/iommu/mtk_iommu.c | 1 + drivers/iommu/mtk_iommu_v1.c | 1 + drivers/md/md.c | 1 + drivers/misc/eeprom/at24.c | 46 +++- drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/net/dsa/mv88e6xxx/chip.c | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 32 ++- drivers/net/ethernet/broadcom/genet/bcmgenet.h | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 8 +- drivers/net/ethernet/broadcom/genet/bcmmii.c | 6 +- drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 4 +- drivers/net/ethernet/chelsio/cxgb4/sge.c | 6 +- drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 52 ++-- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.h | 5 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 7 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 20 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 2 +- .../ethernet/marvell/octeontx2/af/rvu_debugfs.c | 4 +- drivers/net/ethernet/micrel/ks8851_common.c | 16 +- drivers/net/ethernet/qlogic/qede/qede_filter.c | 14 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/vxlan/vxlan_core.c | 19 +- drivers/nvme/host/core.c | 2 +- drivers/pinctrl/aspeed/pinctrl-aspeed-g6.c | 34 +-- drivers/pinctrl/core.c | 8 +- drivers/pinctrl/devicetree.c | 10 +- drivers/pinctrl/intel/pinctrl-baytrail.c | 74 +++--- drivers/pinctrl/intel/pinctrl-intel.c | 6 +- drivers/pinctrl/intel/pinctrl-intel.h | 17 +- drivers/pinctrl/mediatek/pinctrl-paris.c | 40 +-- drivers/pinctrl/meson/pinctrl-meson-a1.c | 6 +- drivers/power/supply/mt6360_charger.c | 2 +- drivers/power/supply/rt9455_charger.c | 2 + drivers/regulator/core.c | 27 +- drivers/regulator/mt6360-regulator.c | 32 ++- drivers/s390/cio/cio_inject.c | 2 +- drivers/s390/net/qeth_core_main.c | 69 +++--- drivers/scsi/bnx2fc/bnx2fc_tgt.c | 2 - drivers/scsi/lpfc/lpfc.h | 1 - drivers/scsi/lpfc/lpfc_els.c | 20 +- drivers/scsi/lpfc/lpfc_hbadisc.c | 5 +- drivers/scsi/lpfc/lpfc_nvme.c | 4 +- drivers/scsi/lpfc/lpfc_scsi.c | 13 +- drivers/scsi/lpfc/lpfc_sli.c | 14 +- drivers/scsi/lpfc/lpfc_vport.c | 8 +- drivers/scsi/mpi3mr/mpi3mr_app.c | 2 +- drivers/slimbus/qcom-ngd-ctrl.c | 6 +- drivers/spi/spi-axi-spi-engine.c | 275 +++++++++++---------- drivers/spi/spi-hisi-kunpeng.c | 2 - drivers/spi/spi-microchip-core-qspi.c | 1 + drivers/spi/spi.c | 12 + drivers/staging/wlan-ng/hfa384x_usb.c | 4 +- drivers/staging/wlan-ng/prism2usb.c | 6 +- drivers/target/target_core_configfs.c | 12 + drivers/ufs/core/ufshcd.c | 5 +- drivers/uio/uio_hv_generic.c | 12 +- drivers/usb/core/hub.c | 5 +- drivers/usb/core/port.c | 8 +- drivers/usb/dwc3/core.c | 90 +++---- drivers/usb/dwc3/core.h | 1 + drivers/usb/dwc3/gadget.c | 2 + drivers/usb/dwc3/host.c | 27 ++ drivers/usb/gadget/composite.c | 6 +- drivers/usb/gadget/function/f_fs.c | 2 +- drivers/usb/host/ohci-hcd.c | 8 + drivers/usb/host/xhci-plat.h | 4 +- drivers/usb/typec/tcpm/tcpm.c | 35 ++- drivers/usb/typec/ucsi/ucsi.c | 12 +- drivers/vfio/pci/vfio_pci.c | 2 + fs/9p/vfs_file.c | 2 + fs/9p/vfs_inode.c | 5 +- fs/9p/vfs_super.c | 1 + fs/btrfs/extent_io.c | 19 +- fs/btrfs/inode.c | 2 +- fs/btrfs/send.c | 4 +- fs/btrfs/transaction.c | 2 +- fs/btrfs/volumes.c | 18 +- fs/gfs2/bmap.c | 5 +- fs/hugetlbfs/inode.c | 8 +- fs/nfs/client.c | 5 +- fs/nfs/inode.c | 13 +- fs/nfs/internal.h | 2 - fs/nfs/netns.h | 2 + fs/smb/client/transport.c | 37 ++- fs/smb/server/oplock.c | 35 ++- fs/smb/server/transport_tcp.c | 4 + include/linux/compiler_types.h | 11 + include/linux/dma-fence.h | 7 - include/linux/gfp_types.h | 2 + include/linux/hugetlb.h | 53 +++- include/linux/hugetlb_cgroup.h | 69 +++--- include/linux/hyperv.h | 1 + include/linux/mm_types.h | 14 ++ include/linux/pci_ids.h | 2 + include/linux/pinctrl/pinctrl.h | 20 ++ include/linux/regulator/consumer.h | 4 +- include/linux/skbuff.h | 15 ++ include/linux/skmsg.h | 2 + include/linux/slab.h | 2 +- include/linux/spi/spi.h | 51 +++- include/linux/sunrpc/clnt.h | 1 + include/linux/swapops.h | 105 ++++---- include/linux/timer.h | 15 +- include/net/xfrm.h | 3 + include/uapi/scsi/scsi_bsg_mpi3mr.h | 2 +- kernel/bpf/bloom_filter.c | 13 + kernel/bpf/verifier.c | 3 +- kernel/time/timer.c | 8 +- lib/Kconfig.debug | 5 +- lib/dynamic_debug.c | 6 +- mm/hugetlb.c | 55 +++-- mm/hugetlb_cgroup.c | 34 +-- mm/migrate.c | 2 +- mm/readahead.c | 4 + net/bluetooth/hci_core.c | 3 +- net/bluetooth/l2cap_core.c | 3 + net/bluetooth/msft.c | 2 +- net/bluetooth/msft.h | 4 +- net/bluetooth/sco.c | 4 + net/bridge/br_forward.c | 9 +- net/bridge/br_netlink.c | 3 +- net/core/filter.c | 42 +++- net/core/link_watch.c | 4 +- net/core/net-sysfs.c | 4 +- net/core/net_namespace.c | 13 +- net/core/rtnetlink.c | 6 +- net/core/skbuff.c | 27 +- net/core/skmsg.c | 5 +- net/core/sock.c | 4 +- net/hsr/hsr_device.c | 31 ++- net/ipv4/tcp.c | 4 +- net/ipv4/tcp_input.c | 2 + net/ipv4/tcp_ipv4.c | 8 +- net/ipv4/tcp_output.c | 4 +- net/ipv4/udp_offload.c | 12 +- net/ipv4/xfrm4_input.c | 6 +- net/ipv6/addrconf.c | 11 +- net/ipv6/fib6_rules.c | 6 +- net/ipv6/ip6_input.c | 4 +- net/ipv6/ip6_output.c | 2 +- net/ipv6/xfrm6_input.c | 6 +- net/l2tp/l2tp_eth.c | 3 + net/mac80211/ieee80211_i.h | 4 +- net/mptcp/protocol.c | 3 + net/nsh/nsh.c | 14 +- net/phonet/pn_netlink.c | 2 +- net/smc/smc_ib.c | 19 +- net/sunrpc/clnt.c | 5 +- net/sunrpc/xprt.c | 2 +- net/tipc/msg.c | 8 +- net/wireless/nl80211.c | 2 + net/wireless/trace.h | 2 +- net/xfrm/xfrm_input.c | 8 + rust/Makefile | 11 +- rust/kernel/error.rs | 2 +- rust/kernel/lib.rs | 2 +- rust/macros/module.rs | 185 ++++++++------ scripts/Makefile.build | 17 +- scripts/Makefile.host | 27 +- scripts/Makefile.modfinal | 4 +- scripts/is_rust_module.sh | 16 -- security/keys/key.c | 3 +- sound/hda/intel-sdw-acpi.c | 2 + sound/pci/hda/patch_realtek.c | 1 + sound/soc/meson/Kconfig | 1 + sound/soc/meson/axg-card.c | 1 + sound/soc/meson/axg-fifo.c | 56 +++-- sound/soc/meson/axg-fifo.h | 12 +- sound/soc/meson/axg-frddr.c | 5 +- sound/soc/meson/axg-tdm-interface.c | 34 +-- sound/soc/meson/axg-toddr.c | 22 +- sound/soc/tegra/tegra186_dspk.c | 7 +- sound/soc/ti/davinci-mcasp.c | 12 +- sound/usb/line6/driver.c | 6 +- tools/include/linux/kernel.h | 1 + tools/include/linux/mm.h | 5 + tools/include/linux/panic.h | 19 ++ tools/perf/util/unwind-libdw.c | 21 +- tools/perf/util/unwind-libunwind-local.c | 2 +- tools/power/x86/turbostat/turbostat.8 | 2 +- tools/power/x86/turbostat/turbostat.c | 30 ++- .../selftests/bpf/prog_tests/bloom_filter_map.c | 6 + tools/testing/selftests/timers/valid-adjtimex.c | 73 +++--- 247 files changed, 2501 insertions(+), 1396 deletions(-)

1 year, 4 months

9
17
0 0

[PATCH net v2] net: lan966x: remove debugfs directory in probe() error path

by Herve Codina

A debugfs directory entry is create early during probe(). This entry is not removed on error path leading to some "already present" issues in case of EPROBE_DEFER. Create this entry later in the probe() code to avoid the need to change many 'return' in 'goto' and add the removal in the already present error path. Fixes: 942814840127 ("net: lan966x: Add VCAP debugFS support") Cc: <stable(a)vger.kernel.org> Signed-off-by: Herve Codina <herve.codina(a)bootlin.com> Reviewed-by: Andrew Lunn <andrew(a)lunn.ch> --- drivers/net/ethernet/microchip/lan966x/lan966x_main.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/net/ethernet/microchip/lan966x/lan966x_main.c b/drivers/net/ethernet/microchip/lan966x/lan966x_main.c index 2635ef8958c8..61d88207eed4 100644 --- a/drivers/net/ethernet/microchip/lan966x/lan966x_main.c +++ b/drivers/net/ethernet/microchip/lan966x/lan966x_main.c @@ -1087,8 +1087,6 @@ static int lan966x_probe(struct platform_device *pdev) platform_set_drvdata(pdev, lan966x); lan966x->dev = &pdev->dev; - lan966x->debugfs_root = debugfs_create_dir("lan966x", NULL); - if (!device_get_mac_address(&pdev->dev, mac_addr)) { ether_addr_copy(lan966x->base_mac, mac_addr); } else { @@ -1179,6 +1177,8 @@ static int lan966x_probe(struct platform_device *pdev) return dev_err_probe(&pdev->dev, -ENODEV, "no ethernet-ports child found\n"); + lan966x->debugfs_root = debugfs_create_dir("lan966x", NULL); + /* init switch */ lan966x_init(lan966x); lan966x_stats_init(lan966x); @@ -1257,6 +1257,8 @@ static int lan966x_probe(struct platform_device *pdev) destroy_workqueue(lan966x->stats_queue); mutex_destroy(&lan966x->stats_lock); + debugfs_remove_recursive(lan966x->debugfs_root); + return err; } -- This patch was previously sent as part of a bigger series: https://lore.kernel.org/lkml/20240430083730.134918-9-herve.codina@bootlin.c… As it is a simple fix, this v2 is the patch extracted from the series and sent alone to net. Changes v1 -> v2 Add 'Reviewed-by: Andrew Lunn <andrew(a)lunn.ch>' 2.44.0

1 year, 4 months

3
2
0 0

[PATCH 2/2] mtd: rawnand: Bypass a couple of sanity checks during NAND identification

by Miquel Raynal

Early during NAND identification, mtd_info fields have not yet been initialized (namely, writesize and oobsize) and thus cannot be used for sanity checks yet. Of course if there is a misuse of nand_change_read_column_op() so early we won't be warned, but there is anyway no actual check to perform at this stage as we do not yet know the NAND geometry. So, if the fields are empty, especially mtd->writesize which is *always* set quite rapidly after identification, let's skip the sanity checks. nand_change_read_column_op() is subject to be used early for ONFI/JEDEC identification in the very unlikely case of: - bitflips appearing in the parameter page, - the controller driver not supporting simple DATA_IN cycles. Fixes: c27842e7e11f ("mtd: rawnand: onfi: Adapt the parameter page read to constraint controllers") Fixes: daca31765e8b ("mtd: rawnand: jedec: Adapt the parameter page read to constraint controllers") Cc: stable(a)vger.kernel.org Reported-by: Alexander Dahl <ada(a)thorsis.com> Closes: https://lore.kernel.org/linux-mtd/20240306-shaky-bunion-d28b65ea97d7@thorsi… Reported-by: Steven Seeger <steven.seeger(a)flightsystems.net> Closes: https://lore.kernel.org/linux-mtd/DM6PR05MB4506554457CF95191A670BDEF7062@DM… Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> --- drivers/mtd/nand/raw/nand_base.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/drivers/mtd/nand/raw/nand_base.c b/drivers/mtd/nand/raw/nand_base.c index 248e654ecefd..a66e73cd68cb 100644 --- a/drivers/mtd/nand/raw/nand_base.c +++ b/drivers/mtd/nand/raw/nand_base.c @@ -1440,12 +1440,14 @@ int nand_change_read_column_op(struct nand_chip *chip, if (len && !buf) return -EINVAL; - if (offset_in_page + len > mtd->writesize + mtd->oobsize) - return -EINVAL; + if (mtd->writesize) { + if ((offset_in_page + len > mtd->writesize + mtd->oobsize)) + return -EINVAL; - /* Small page NANDs do not support column change. */ - if (mtd->writesize <= 512) - return -ENOTSUPP; + /* Small page NANDs do not support column change. */ + if (mtd->writesize <= 512) + return -ENOTSUPP; + } if (nand_has_exec_op(chip)) { const struct nand_interface_config *conf = -- 2.40.1

1 year, 4 months

4
5
0 0

[git:media_tree/master] Revert "media: v4l2-ctrls: show all owned controls in log_status"

by Hans Verkuil

This is an automatic generated email to let you know that the following patch were queued: Subject: Revert "media: v4l2-ctrls: show all owned controls in log_status" Author: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> Date: Fri May 10 09:11:46 2024 +0200 This reverts commit 9801b5b28c6929139d6fceeee8d739cc67bb2739. This patch introduced a potential deadlock scenario: [Wed May 8 10:02:06 2024] Possible unsafe locking scenario: [Wed May 8 10:02:06 2024] CPU0 CPU1 [Wed May 8 10:02:06 2024] ---- ---- [Wed May 8 10:02:06 2024] lock(vivid_ctrls:1620:(hdl_vid_cap)->_lock); [Wed May 8 10:02:06 2024] lock(vivid_ctrls:1608:(hdl_user_vid)->_lock); [Wed May 8 10:02:06 2024] lock(vivid_ctrls:1620:(hdl_vid_cap)->_lock); [Wed May 8 10:02:06 2024] lock(vivid_ctrls:1608:(hdl_user_vid)->_lock); For now just revert. Fixes: 9801b5b28c69 ("media: v4l2-ctrls: show all owned controls in log_status") Cc: stable(a)vger.kernel.org Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> Reviewed-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> drivers/media/v4l2-core/v4l2-ctrls-core.c | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) --- diff --git a/drivers/media/v4l2-core/v4l2-ctrls-core.c b/drivers/media/v4l2-core/v4l2-ctrls-core.c index c59dd691f79f..eeab6a5eb7ba 100644 --- a/drivers/media/v4l2-core/v4l2-ctrls-core.c +++ b/drivers/media/v4l2-core/v4l2-ctrls-core.c @@ -2507,8 +2507,7 @@ int v4l2_ctrl_handler_setup(struct v4l2_ctrl_handler *hdl) EXPORT_SYMBOL(v4l2_ctrl_handler_setup); /* Log the control name and value */ -static void log_ctrl(const struct v4l2_ctrl_handler *hdl, - struct v4l2_ctrl *ctrl, +static void log_ctrl(const struct v4l2_ctrl *ctrl, const char *prefix, const char *colon) { if (ctrl->flags & (V4L2_CTRL_FLAG_DISABLED | V4L2_CTRL_FLAG_WRITE_ONLY)) @@ -2518,11 +2517,7 @@ static void log_ctrl(const struct v4l2_ctrl_handler *hdl, pr_info("%s%s%s: ", prefix, colon, ctrl->name); - if (ctrl->handler != hdl) - v4l2_ctrl_lock(ctrl); ctrl->type_ops->log(ctrl); - if (ctrl->handler != hdl) - v4l2_ctrl_unlock(ctrl); if (ctrl->flags & (V4L2_CTRL_FLAG_INACTIVE | V4L2_CTRL_FLAG_GRABBED | @@ -2541,7 +2536,7 @@ static void log_ctrl(const struct v4l2_ctrl_handler *hdl, void v4l2_ctrl_handler_log_status(struct v4l2_ctrl_handler *hdl, const char *prefix) { - struct v4l2_ctrl_ref *ref; + struct v4l2_ctrl *ctrl; const char *colon = ""; int len; @@ -2553,12 +2548,9 @@ void v4l2_ctrl_handler_log_status(struct v4l2_ctrl_handler *hdl, if (len && prefix[len - 1] != ' ') colon = ": "; mutex_lock(hdl->lock); - list_for_each_entry(ref, &hdl->ctrl_refs, node) { - if (ref->from_other_dev || - (ref->ctrl->flags & V4L2_CTRL_FLAG_DISABLED)) - continue; - log_ctrl(hdl, ref->ctrl, prefix, colon); - } + list_for_each_entry(ctrl, &hdl->ctrls, node) + if (!(ctrl->flags & V4L2_CTRL_FLAG_DISABLED)) + log_ctrl(ctrl, prefix, colon); mutex_unlock(hdl->lock); } EXPORT_SYMBOL(v4l2_ctrl_handler_log_status);

1 year, 4 months

1
0
0 0

[git:media_tree/master] media: mxl5xx: Move xpt structures off stack

by Mauro Carvalho Chehab

This is an automatic generated email to let you know that the following patch were queued: Subject: media: mxl5xx: Move xpt structures off stack Author: Nathan Chancellor <nathan(a)kernel.org> Date: Fri Jan 12 00:40:36 2024 +0000 When building for LoongArch with clang 18.0.0, the stack usage of probe() is larger than the allowed 2048 bytes: drivers/media/dvb-frontends/mxl5xx.c:1698:12: warning: stack frame size (2368) exceeds limit (2048) in 'probe' [-Wframe-larger-than] 1698 | static int probe(struct mxl *state, struct mxl5xx_cfg *cfg) | ^ 1 warning generated. This is the result of the linked LLVM commit, which changes how the arrays of structures in config_ts() get handled with CONFIG_INIT_STACK_ZERO and CONFIG_INIT_STACK_PATTERN, which causes the above warning in combination with inlining, as config_ts() gets inlined into probe(). This warning can be easily fixed by moving the array of structures off of the stackvia 'static const', which is a better location for these variables anyways because they are static data that is only ever read from, never modified, so allocating the stack space is wasteful. This drops the stack usage from 2368 bytes to 256 bytes with the same compiler and configuration. Link: https://lore.kernel.org/linux-media/20240111-dvb-mxl5xx-move-structs-off-st… Cc: stable(a)vger.kernel.org Closes: https://github.com/ClangBuiltLinux/linux/issues/1977 Link: https://github.com/llvm/llvm-project/commit/afe8b93ffdfef5d8879e1894b9d7dda… Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> Reviewed-by: Miguel Ojeda <ojeda(a)kernel.org> Tested-by: Miguel Ojeda <ojeda(a)kernel.org> Signed-off-by: Mauro Carvalho Chehab <mchehab(a)kernel.org> drivers/media/dvb-frontends/mxl5xx.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) --- diff --git a/drivers/media/dvb-frontends/mxl5xx.c b/drivers/media/dvb-frontends/mxl5xx.c index 4ebbcf05cc09..91e9c378397c 100644 --- a/drivers/media/dvb-frontends/mxl5xx.c +++ b/drivers/media/dvb-frontends/mxl5xx.c @@ -1381,57 +1381,57 @@ static int config_ts(struct mxl *state, enum MXL_HYDRA_DEMOD_ID_E demod_id, u32 nco_count_min = 0; u32 clk_type = 0; - struct MXL_REG_FIELD_T xpt_sync_polarity[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_sync_polarity[MXL_HYDRA_DEMOD_MAX] = { {0x90700010, 8, 1}, {0x90700010, 9, 1}, {0x90700010, 10, 1}, {0x90700010, 11, 1}, {0x90700010, 12, 1}, {0x90700010, 13, 1}, {0x90700010, 14, 1}, {0x90700010, 15, 1} }; - struct MXL_REG_FIELD_T xpt_clock_polarity[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_clock_polarity[MXL_HYDRA_DEMOD_MAX] = { {0x90700010, 16, 1}, {0x90700010, 17, 1}, {0x90700010, 18, 1}, {0x90700010, 19, 1}, {0x90700010, 20, 1}, {0x90700010, 21, 1}, {0x90700010, 22, 1}, {0x90700010, 23, 1} }; - struct MXL_REG_FIELD_T xpt_valid_polarity[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_valid_polarity[MXL_HYDRA_DEMOD_MAX] = { {0x90700014, 0, 1}, {0x90700014, 1, 1}, {0x90700014, 2, 1}, {0x90700014, 3, 1}, {0x90700014, 4, 1}, {0x90700014, 5, 1}, {0x90700014, 6, 1}, {0x90700014, 7, 1} }; - struct MXL_REG_FIELD_T xpt_ts_clock_phase[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_ts_clock_phase[MXL_HYDRA_DEMOD_MAX] = { {0x90700018, 0, 3}, {0x90700018, 4, 3}, {0x90700018, 8, 3}, {0x90700018, 12, 3}, {0x90700018, 16, 3}, {0x90700018, 20, 3}, {0x90700018, 24, 3}, {0x90700018, 28, 3} }; - struct MXL_REG_FIELD_T xpt_lsb_first[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_lsb_first[MXL_HYDRA_DEMOD_MAX] = { {0x9070000C, 16, 1}, {0x9070000C, 17, 1}, {0x9070000C, 18, 1}, {0x9070000C, 19, 1}, {0x9070000C, 20, 1}, {0x9070000C, 21, 1}, {0x9070000C, 22, 1}, {0x9070000C, 23, 1} }; - struct MXL_REG_FIELD_T xpt_sync_byte[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_sync_byte[MXL_HYDRA_DEMOD_MAX] = { {0x90700010, 0, 1}, {0x90700010, 1, 1}, {0x90700010, 2, 1}, {0x90700010, 3, 1}, {0x90700010, 4, 1}, {0x90700010, 5, 1}, {0x90700010, 6, 1}, {0x90700010, 7, 1} }; - struct MXL_REG_FIELD_T xpt_enable_output[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_enable_output[MXL_HYDRA_DEMOD_MAX] = { {0x9070000C, 0, 1}, {0x9070000C, 1, 1}, {0x9070000C, 2, 1}, {0x9070000C, 3, 1}, {0x9070000C, 4, 1}, {0x9070000C, 5, 1}, {0x9070000C, 6, 1}, {0x9070000C, 7, 1} }; - struct MXL_REG_FIELD_T xpt_err_replace_sync[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_err_replace_sync[MXL_HYDRA_DEMOD_MAX] = { {0x9070000C, 24, 1}, {0x9070000C, 25, 1}, {0x9070000C, 26, 1}, {0x9070000C, 27, 1}, {0x9070000C, 28, 1}, {0x9070000C, 29, 1}, {0x9070000C, 30, 1}, {0x9070000C, 31, 1} }; - struct MXL_REG_FIELD_T xpt_err_replace_valid[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_err_replace_valid[MXL_HYDRA_DEMOD_MAX] = { {0x90700014, 8, 1}, {0x90700014, 9, 1}, {0x90700014, 10, 1}, {0x90700014, 11, 1}, {0x90700014, 12, 1}, {0x90700014, 13, 1}, {0x90700014, 14, 1}, {0x90700014, 15, 1} }; - struct MXL_REG_FIELD_T xpt_continuous_clock[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_continuous_clock[MXL_HYDRA_DEMOD_MAX] = { {0x907001D4, 0, 1}, {0x907001D4, 1, 1}, {0x907001D4, 2, 1}, {0x907001D4, 3, 1}, {0x907001D4, 4, 1}, {0x907001D4, 5, 1}, {0x907001D4, 6, 1}, {0x907001D4, 7, 1} }; - struct MXL_REG_FIELD_T xpt_nco_clock_rate[MXL_HYDRA_DEMOD_MAX] = { + static const struct MXL_REG_FIELD_T xpt_nco_clock_rate[MXL_HYDRA_DEMOD_MAX] = { {0x90700044, 16, 80}, {0x90700044, 16, 81}, {0x90700044, 16, 82}, {0x90700044, 16, 83}, {0x90700044, 16, 84}, {0x90700044, 16, 85},

1 year, 4 months

1
0
0 0

[PATCH v2 1/2] x86/sgx: Resolve EAUG race where losing thread returns SIGBUS

by Dmitrii Kuvaiskii

Two enclave threads may try to access the same non-present enclave page simultaneously (e.g., if the SGX runtime supports lazy allocation). The threads will end up in sgx_encl_eaug_page(), racing to acquire the enclave lock. The winning thread will perform EAUG, set up the page table entry, and insert the page into encl->page_array. The losing thread will then get -EBUSY on xa_insert(&encl->page_array) and proceed to error handling path. This race condition can be illustrated as follows: /* /* * Fault on CPU1 * Fault on CPU2 * on enclave page X * on enclave page X */ */ sgx_vma_fault() { sgx_vma_fault() { xa_load(&encl->page_array) xa_load(&encl->page_array) == NULL --> == NULL --> sgx_encl_eaug_page() { sgx_encl_eaug_page() { ... ... /* /* * alloc encl_page * alloc encl_page */ */ mutex_lock(&encl->lock); /* * alloc EPC page */ epc_page = sgx_alloc_epc_page(...); /* * add page to enclave's xarray */ xa_insert(&encl->page_array, ...); /* * add page to enclave via EAUG * (page is in pending state) */ /* * add PTE entry */ vmf_insert_pfn(...); mutex_unlock(&encl->lock); return VM_FAULT_NOPAGE; } } /* * All good up to here: enclave page * successfully added to enclave, * ready for EACCEPT from user space */ mutex_lock(&encl->lock); /* * alloc EPC page */ epc_page = sgx_alloc_epc_page(...); /* * add page to enclave's xarray, * this fails with -EBUSY as this * page was already added by CPU2 */ xa_insert(&encl->page_array, ...); err_out_shrink: sgx_encl_free_epc_page(epc_page) { /* * remove page via EREMOVE * * *BUG*: page added by CPU2 is * yanked from enclave while it * remains accessible from OS * perspective (PTE installed) */ /* * free EPC page */ sgx_free_epc_page(epc_page); } mutex_unlock(&encl->lock); /* * *BUG*: SIGBUS is returned * for a valid enclave page */ return VM_FAULT_SIGBUS; } } The err_out_shrink error handling path contains two bugs: (1) function sgx_encl_free_epc_page() is called that performs EREMOVE even though the enclave page was never intended to be removed, and (2) SIGBUS is sent to userspace even though the enclave page is correctly installed by another thread. The first bug renders the enclave page perpetually inaccessible (until another SGX_IOC_ENCLAVE_REMOVE_PAGES ioctl). This is because the page is marked accessible in the PTE entry but is not EAUGed, and any subsequent access to this page raises a fault: with the kernel believing there to be a valid VMA, the unlikely error code X86_PF_SGX encountered by code path do_user_addr_fault() -> access_error() causes the SGX driver's sgx_vma_fault() to be skipped and user space receives a SIGSEGV instead. The userspace SIGSEGV handler cannot perform EACCEPT because the page was not EAUGed. Thus, the user space is stuck with the inaccessible page. The second bug is less severe: a spurious SIGBUS signal is unnecessarily sent to user space. Fix these two bugs (1) by returning VM_FAULT_NOPAGE to the generic Linux fault handler so that no signal is sent to userspace, and (2) by replacing sgx_encl_free_epc_page() with sgx_free_epc_page() so that no EREMOVE is performed. Note that sgx_encl_free_epc_page() performs an additional WARN_ON_ONCE check in comparison to sgx_free_epc_page(): whether the EPC page is being reclaimer tracked. However, the EPC page is allocated in sgx_encl_eaug_page() and has zeroed-out flags in all error handling paths. In other words, the page is marked as reclaimable only in the happy path of sgx_encl_eaug_page(). Therefore, in the particular code path affected in this commit, the "page reclaimer tracked" condition is always false and the warning is never printed. Thus, it is safe to replace sgx_encl_free_epc_page() with sgx_free_epc_page(). Fixes: 5a90d2c3f5ef ("x86/sgx: Support adding of pages to an initialized enclave") Cc: stable(a)vger.kernel.org Reported-by: Marcelina Kościelnicka <mwk(a)invisiblethingslab.com> Suggested-by: Reinette Chatre <reinette.chatre(a)intel.com> Signed-off-by: Dmitrii Kuvaiskii <dmitrii.kuvaiskii(a)intel.com> --- arch/x86/kernel/cpu/sgx/encl.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c index 279148e72459..41f14b1a3025 100644 --- a/arch/x86/kernel/cpu/sgx/encl.c +++ b/arch/x86/kernel/cpu/sgx/encl.c @@ -382,8 +382,11 @@ static vm_fault_t sgx_encl_eaug_page(struct vm_area_struct *vma, * If ret == -EBUSY then page was created in another flow while * running without encl->lock */ - if (ret) + if (ret) { + if (ret == -EBUSY) + vmret = VM_FAULT_NOPAGE; goto err_out_shrink; + } pginfo.secs = (unsigned long)sgx_get_epc_virt_addr(encl->secs.epc_page); pginfo.addr = encl_page->desc & PAGE_MASK; @@ -419,7 +422,7 @@ static vm_fault_t sgx_encl_eaug_page(struct vm_area_struct *vma, err_out_shrink: sgx_encl_shrink(encl, va_page); err_out_epc: - sgx_encl_free_epc_page(epc_page); + sgx_free_epc_page(epc_page); err_out_unlock: mutex_unlock(&encl->lock); kfree(encl_page); -- 2.34.1

1 year, 4 months

5
7
0 0

[PATCH v2 2/2] x86/sgx: Resolve EREMOVE page vs EAUG page data race

by Dmitrii Kuvaiskii

Two enclave threads may try to add and remove the same enclave page simultaneously (e.g., if the SGX runtime supports both lazy allocation and MADV_DONTNEED semantics). Consider some enclave page added to the enclave. User space decides to temporarily remove this page (e.g., emulating the MADV_DONTNEED semantics) on CPU1. At the same time, user space performs a memory access on the same page on CPU2, which results in a #PF and ultimately in sgx_vma_fault(). Scenario proceeds as follows: /* * CPU1: User space performs * ioctl(SGX_IOC_ENCLAVE_REMOVE_PAGES) * on enclave page X */ sgx_encl_remove_pages() { mutex_lock(&encl->lock); entry = sgx_encl_load_page(encl); /* * verify that page is * trimmed and accepted */ mutex_unlock(&encl->lock); /* * remove PTE entry; cannot * be performed under lock */ sgx_zap_enclave_ptes(encl); /* * Fault on CPU2 on same page X */ sgx_vma_fault() { /* * PTE entry was removed, but the * page is still in enclave's xarray */ xa_load(&encl->page_array) != NULL -> /* * SGX driver thinks that this page * was swapped out and loads it */ mutex_lock(&encl->lock); /* * this is effectively a no-op */ entry = sgx_encl_load_page_in_vma(); /* * add PTE entry * * *BUG*: a PTE is installed for a * page in process of being removed */ vmf_insert_pfn(...); mutex_unlock(&encl->lock); return VM_FAULT_NOPAGE; } /* * continue with page removal */ mutex_lock(&encl->lock); sgx_encl_free_epc_page(epc_page) { /* * remove page via EREMOVE */ /* * free EPC page */ sgx_free_epc_page(epc_page); } xa_erase(&encl->page_array); mutex_unlock(&encl->lock); } Here, CPU1 removed the page. However CPU2 installed the PTE entry on the same page. This enclave page becomes perpetually inaccessible (until another SGX_IOC_ENCLAVE_REMOVE_PAGES ioctl). This is because the page is marked accessible in the PTE entry but is not EAUGed, and any subsequent access to this page raises a fault: with the kernel believing there to be a valid VMA, the unlikely error code X86_PF_SGX encountered by code path do_user_addr_fault() -> access_error() causes the SGX driver's sgx_vma_fault() to be skipped and user space receives a SIGSEGV instead. The userspace SIGSEGV handler cannot perform EACCEPT because the page was not EAUGed. Thus, the user space is stuck with the inaccessible page. Fix this race by forcing the fault handler on CPU2 to back off if the page is currently being removed (on CPU1). This is achieved by introducing a new flag SGX_ENCL_PAGE_BEING_REMOVED, which is unset by default and set only right-before the first mutex_unlock() in sgx_encl_remove_pages(). Upon loading the page, CPU2 checks whether this page is being removed, and if yes then CPU2 backs off and waits until the page is completely removed. After that, any memory access to this page results in a normal "allocate and EAUG a page on #PF" flow. Fixes: 9849bb27152c ("x86/sgx: Support complete page removal") Cc: stable(a)vger.kernel.org Signed-off-by: Dmitrii Kuvaiskii <dmitrii.kuvaiskii(a)intel.com> --- arch/x86/kernel/cpu/sgx/encl.c | 3 ++- arch/x86/kernel/cpu/sgx/encl.h | 3 +++ arch/x86/kernel/cpu/sgx/ioctl.c | 1 + 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c index 41f14b1a3025..7ccd8b2fce5f 100644 --- a/arch/x86/kernel/cpu/sgx/encl.c +++ b/arch/x86/kernel/cpu/sgx/encl.c @@ -257,7 +257,8 @@ static struct sgx_encl_page *__sgx_encl_load_page(struct sgx_encl *encl, /* Entry successfully located. */ if (entry->epc_page) { - if (entry->desc & SGX_ENCL_PAGE_BEING_RECLAIMED) + if (entry->desc & (SGX_ENCL_PAGE_BEING_RECLAIMED | + SGX_ENCL_PAGE_BEING_REMOVED)) return ERR_PTR(-EBUSY); return entry; diff --git a/arch/x86/kernel/cpu/sgx/encl.h b/arch/x86/kernel/cpu/sgx/encl.h index f94ff14c9486..fff5f2293ae7 100644 --- a/arch/x86/kernel/cpu/sgx/encl.h +++ b/arch/x86/kernel/cpu/sgx/encl.h @@ -25,6 +25,9 @@ /* 'desc' bit marking that the page is being reclaimed. */ #define SGX_ENCL_PAGE_BEING_RECLAIMED BIT(3) +/* 'desc' bit marking that the page is being removed. */ +#define SGX_ENCL_PAGE_BEING_REMOVED BIT(2) + struct sgx_encl_page { unsigned long desc; unsigned long vm_max_prot_bits:8; diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c index b65ab214bdf5..c542d4dd3e64 100644 --- a/arch/x86/kernel/cpu/sgx/ioctl.c +++ b/arch/x86/kernel/cpu/sgx/ioctl.c @@ -1142,6 +1142,7 @@ static long sgx_encl_remove_pages(struct sgx_encl *encl, * Do not keep encl->lock because of dependency on * mmap_lock acquired in sgx_zap_enclave_ptes(). */ + entry->desc |= SGX_ENCL_PAGE_BEING_REMOVED; mutex_unlock(&encl->lock); sgx_zap_enclave_ptes(encl, addr); -- 2.34.1

1 year, 4 months

4
3
0 0

[PATCH v2 0/3] Bluetooth: hci_bcm4377 fixes

by Sven Peter via B4 Relay

Hi, There are just two minor fixes from Hector that we've been carrying downstream for a while now. One increases the timeout while waiting for the firmware to boot which is optional for the controller already supported upstream but required for a newer 4388 board for which we'll also submit support soon. It also fixes the units for the timeouts which is why I've already included it here. The other one fixes a call to bitmap_release_region where we only wanted to release a single bit but are actually releasing much more. Best, Sven To: Hector Martin <marcan(a)marcan.st> To: Alyssa Rosenzweig <alyssa(a)rosenzweig.io> To: Marcel Holtmann <marcel(a)holtmann.org> To: Luiz Augusto von Dentz <luiz.dentz(a)gmail.com> Cc: asahi(a)lists.linux.dev Cc: linux-arm-kernel(a)lists.infradead.org Cc: linux-bluetooth(a)vger.kernel.org Cc: linux-kernel(a)vger.kernel.org Signed-off-by: Sven Peter <sven(a)svenpeter.dev> Changes in v2: - split the timeout commit into two - collect Neal's tag - Link to v1: https://lore.kernel.org/r/20240512-btfix-msgid-v1-0-ab1bd938a7f4@svenpeter.… --- Hector Martin (2): Bluetooth: hci_bcm4377: Increase boot timeout Bluetooth: hci_bcm4377: Fix msgid release Sven Peter (1): Bluetooth: hci_bcm4377: Use correct unit for timeouts drivers/bluetooth/hci_bcm4377.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) --- base-commit: cf87f46fd34d6c19283d9625a7822f20d90b64a4 change-id: 20240512-btfix-msgid-d76029a7d917 Best regards, -- Sven Peter <sven(a)svenpeter.dev>

1 year, 4 months

2
2
0 0

[PATCH] Bluetooth: Add quirk to ignore reserved PHY bits in LE Extended Adv Report

by Sven Peter via B4 Relay

From: Sven Peter <sven(a)svenpeter.dev> Some Broadcom controllers found on Apple Silicon machines abuse the reserved bits inside the PHY fields of LE Extended Advertising Report events for additional flags. Add a quirk to drop these and correctly extract the Primary/Secondary_PHY field. The following excerpt from a btmon trace shows a report received with "Reserved" for "Primary PHY" on a 4388 controller: > HCI Event: LE Meta Event (0x3e) plen 26 LE Extended Advertising Report (0x0d) Num reports: 1 Entry 0 Event type: 0x2515 Props: 0x0015 Connectable Directed Use legacy advertising PDUs Data status: Complete Reserved (0x2500) Legacy PDU Type: Reserved (0x2515) Address type: Random (0x01) Address: 00:00:00:00:00:00 (Static) Primary PHY: Reserved Secondary PHY: No packets SID: no ADI field (0xff) TX power: 127 dBm RSSI: -60 dBm (0xc4) Periodic advertising interval: 0.00 msec (0x0000) Direct address type: Public (0x00) Direct address: 00:00:00:00:00:00 (Apple, Inc.) Data length: 0x00 Cc: stable(a)vger.kernel.org Fixes: 2e7ed5f5e69b ("Bluetooth: hci_sync: Use advertised PHYs on hci_le_ext_create_conn_sync") Reported-by: Janne Grunau <j(a)jannau.net> Closes: https://lore.kernel.org/all/Zjz0atzRhFykROM9@robin Tested-by: Janne Grunau <j(a)jannau.net> Signed-off-by: Sven Peter <sven(a)svenpeter.dev> --- drivers/bluetooth/hci_bcm4377.c | 8 ++++++++ include/net/bluetooth/hci.h | 11 +++++++++++ net/bluetooth/hci_event.c | 7 +++++++ 3 files changed, 26 insertions(+) diff --git a/drivers/bluetooth/hci_bcm4377.c b/drivers/bluetooth/hci_bcm4377.c index 9a7243d5db71..55109ad45115 100644 --- a/drivers/bluetooth/hci_bcm4377.c +++ b/drivers/bluetooth/hci_bcm4377.c @@ -495,6 +495,10 @@ struct bcm4377_data; * extended scanning * broken_mws_transport_config: Set to true if the chip erroneously claims to * support MWS Transport Configuration + * broken_le_ext_adv_report_phy: Set to true if this chip stuffs flags inside + * reserved bits of Primary/Secondary_PHY inside + * LE Extended Advertising Report events which + * have to be ignored * send_calibration: Optional callback to send calibration data * send_ptb: Callback to send "PTB" regulatory/calibration data */ @@ -513,6 +517,7 @@ struct bcm4377_hw { unsigned long broken_ext_scan : 1; unsigned long broken_mws_transport_config : 1; unsigned long broken_le_coded : 1; + unsigned long broken_le_ext_adv_report_phy : 1; int (*send_calibration)(struct bcm4377_data *bcm4377); int (*send_ptb)(struct bcm4377_data *bcm4377, @@ -2374,6 +2379,8 @@ static int bcm4377_probe(struct pci_dev *pdev, const struct pci_device_id *id) set_bit(HCI_QUIRK_BROKEN_EXT_SCAN, &hdev->quirks); if (bcm4377->hw->broken_le_coded) set_bit(HCI_QUIRK_BROKEN_LE_CODED, &hdev->quirks); + if (bcm4377->hw->broken_le_ext_adv_report_phy) + set_bit(HCI_QUIRK_FIXUP_LE_EXT_ADV_REPORT_PHY, &hdev->quirks); pci_set_drvdata(pdev, bcm4377); hci_set_drvdata(hdev, bcm4377); @@ -2478,6 +2485,7 @@ static const struct bcm4377_hw bcm4377_hw_variants[] = { .clear_pciecfg_subsystem_ctrl_bit19 = true, .broken_mws_transport_config = true, .broken_le_coded = true, + .broken_le_ext_adv_report_phy = true, .send_calibration = bcm4387_send_calibration, .send_ptb = bcm4378_send_ptb, }, diff --git a/include/net/bluetooth/hci.h b/include/net/bluetooth/hci.h index 5c12761cbc0e..342aab86dad6 100644 --- a/include/net/bluetooth/hci.h +++ b/include/net/bluetooth/hci.h @@ -347,6 +347,17 @@ enum { * claim to support it. */ HCI_QUIRK_BROKEN_READ_ENC_KEY_SIZE, + + /* + * When this quirk is set, the reserved bits of Primary/Secondary_PHY + * inside the LE Extended Advertising Report events are discarded. + * This is required for some Apple/Broadcom controllers which + * abuse these reserved bits for unrelated flags. + * + * This quirk can be set before hci_register_dev is called or + * during the hdev->setup vendor callback. + */ + HCI_QUIRK_FIXUP_LE_EXT_ADV_REPORT_PHY, }; /* HCI device flags */ diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index d72d238c1656..01d3a8d343f1 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -6446,6 +6446,13 @@ static void hci_le_ext_adv_report_evt(struct hci_dev *hdev, void *data, evt_type = __le16_to_cpu(info->type) & LE_EXT_ADV_EVT_TYPE_MASK; legacy_evt_type = ext_evt_type_to_legacy(hdev, evt_type); + + if (test_bit(HCI_QUIRK_FIXUP_LE_EXT_ADV_REPORT_PHY, + &hdev->quirks)) { + info->primary_phy &= 0x1f; + info->secondary_phy &= 0x1f; + } + if (legacy_evt_type != LE_ADV_INVALID) { process_adv_report(hdev, legacy_evt_type, &info->bdaddr, info->bdaddr_type, NULL, 0, --- base-commit: a38297e3fb012ddfa7ce0321a7e5a8daeb1872b6 change-id: 20240512-btfix-95c10c456f17 Best regards, -- Sven Peter <sven(a)svenpeter.dev>

1 year, 4 months

2
1
0 0

Re: [syzbot] [ntfs3?] kernel BUG at fs/ntfs/aops.c:LINE!

by syzbot

syzbot suspects this issue was fixed by commit: commit 6f861765464f43a71462d52026fbddfc858239a5 Author: Jan Kara <jack(a)suse.cz> Date: Wed Nov 1 17:43:10 2023 +0000 fs: Block writes to mounted block devices bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=134d0268980000 start commit: ceb6a6f023fd Linux 6.7-rc6 git tree: upstream kernel config: https://syzkaller.appspot.com/x/.config?x=e5751b3a2226135d dashboard link: https://syzkaller.appspot.com/bug?extid=6a5a7672f663cce8b156 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=172458d6e80000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=120d8026e80000 If the result looks correct, please mark the issue as fixed by replying with: #syz fix: fs: Block writes to mounted block devices For information about bisection process see: https://goo.gl/tpsmEJ#bisection

1 year, 4 months

1
0
0 0

[PATCH v3] x86/tools: fix line number reported for malformed lines

by Valentin Obst

Commit 35039eb6b199 ("x86: Show symbol name if insn decoder test failed") included symbol lines in the post-processed objdump output consumed by the insn decoder test. This broke the `instuction lines == total lines` property that `insn_decoder_test.c` relied upon to print the offending line's number in error messages. This has the consequence that the line number reported on a test failure is unreated to, and much smaller than, the line that actually caused the problem. Add a new variable that counts the combined (insn+symbol) line count and report this in the error message. Fixes: 35039eb6b199 ("x86: Show symbol name if insn decoder test failed") Cc: stable(a)vger.kernel.org Reviewed-by: Miguel Ojeda <ojeda(a)kernel.org> Tested-by: Miguel Ojeda <ojeda(a)kernel.org> Reported-by: John Baublitz <john.m.baublitz(a)gmail.com> Debugged-by: John Baublitz <john.m.baublitz(a)gmail.com> Signed-off-by: Valentin Obst <kernel(a)valentinobst.de> --- See v2's commit message and [1] for context why this bug made debugging a test failure harder than necessary. [1]: https://rust-for-linux.zulipchat.com/#narrow/stream/291565-Help/topic/insn_… Changes in v3: - Add Cc stable tag in sign-off area. - Make commit message less verbose. - Link to v2: https://lore.kernel.org/r/20240223-x86-insn-decoder-line-fix-v2-1-cde49c69f… Changes in v2: - Added tags 'Reviewed-by', 'Tested-by', 'Reported-by', 'Debugged-by', 'Link', and 'Fixes'. - Explain why this patch fixes the commit mentioned in the 'Fixes' tag. - CCed the stable list and sent to all x86 maintainers. - Link to v1: https://lore.kernel.org/r/20240221-x86-insn-decoder-line-fix-v1-1-47cd5a171… --- arch/x86/tools/insn_decoder_test.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/arch/x86/tools/insn_decoder_test.c b/arch/x86/tools/insn_decoder_test.c index 472540aeabc2..727017a3c3c7 100644 --- a/arch/x86/tools/insn_decoder_test.c +++ b/arch/x86/tools/insn_decoder_test.c @@ -114,6 +114,7 @@ int main(int argc, char **argv) unsigned char insn_buff[16]; struct insn insn; int insns = 0; + int lines = 0; int warnings = 0; parse_args(argc, argv); @@ -123,6 +124,8 @@ int main(int argc, char **argv) int nb = 0, ret; unsigned int b; + lines++; + if (line[0] == '<') { /* Symbol line */ strcpy(sym, line); @@ -134,12 +137,12 @@ int main(int argc, char **argv) strcpy(copy, line); tab1 = strchr(copy, '\t'); if (!tab1) - malformed_line(line, insns); + malformed_line(line, lines); s = tab1 + 1; s += strspn(s, " "); tab2 = strchr(s, '\t'); if (!tab2) - malformed_line(line, insns); + malformed_line(line, lines); *tab2 = '\0'; /* Characters beyond tab2 aren't examined */ while (s < tab2) { if (sscanf(s, "%x", &b) == 1) { --- base-commit: 4cece764965020c22cff7665b18a012006359095 change-id: 20240221-x86-insn-decoder-line-fix-7b1f2e1732ff Best regards, -- Valentin Obst <kernel(a)valentinobst.de>

1 year, 4 months

2
2
0 0

[PATCH v5] can: mcp251xfd: fix infinite loop when xmit fails

by Vitor Soares

From: Vitor Soares <vitor.soares(a)toradex.com> When the mcp251xfd_start_xmit() function fails, the driver stops processing messages, and the interrupt routine does not return, running indefinitely even after killing the running application. Error messages: [ 441.298819] mcp251xfd spi2.0 can0: ERROR in mcp251xfd_start_xmit: -16 [ 441.306498] mcp251xfd spi2.0 can0: Transmit Event FIFO buffer not empty. (seq=0x000017c7, tef_tail=0x000017cf, tef_head=0x000017d0, tx_head=0x000017d3). ... and repeat forever. The issue can be triggered when multiple devices share the same SPI interface. And there is concurrent access to the bus. The problem occurs because tx_ring->head increments even if mcp251xfd_start_xmit() fails. Consequently, the driver skips one TX package while still expecting a response in mcp251xfd_handle_tefif_one(). This patch resolves the issue by starting a workqueue to write the tx obj synchronously if err = -EBUSY. In case of another error, it decrements tx_ring->head, removes skb from the echo stack, and drops the message. Fixes: 55e5b97f003e ("can: mcp25xxfd: add driver for Microchip MCP25xxFD SPI CAN") Cc: stable(a)vger.kernel.org Signed-off-by: Vitor Soares <vitor.soares(a)toradex.com> --- V4->V5: - Start a workqueue to write tx obj with spi_sync() when spi_async() == -EBUSY. V3->V4: - Leave can_put_echo_skb() and stop the queue if needed, before mcp251xfd_tx_obj_write(). - Re-sync head and remove echo skb if mcp251xfd_tx_obj_write() fails. - Revert -> return NETDEV_TX_BUSY if mcp251xfd_tx_obj_write() == -EBUSY. V2->V3: - Add tx_dropped stats. - netdev_sent_queue() only if can_put_echo_skb() succeed. V1->V2: - Return NETDEV_TX_BUSY if mcp251xfd_tx_obj_write() == -EBUSY. - Rework the commit message to address the change above. - Change can_put_echo_skb() to be called after mcp251xfd_tx_obj_write() succeed. Otherwise, we get Kernel NULL pointer dereference error. .../net/can/spi/mcp251xfd/mcp251xfd-core.c | 13 ++++- drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c | 51 ++++++++++++++++--- drivers/net/can/spi/mcp251xfd/mcp251xfd.h | 5 ++ 3 files changed, 60 insertions(+), 9 deletions(-) diff --git a/drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c b/drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c index 1d9057dc44f2..6cca853f2b1e 100644 --- a/drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c +++ b/drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c @@ -2141,15 +2141,25 @@ static int mcp251xfd_probe(struct spi_device *spi) if (err) goto out_free_candev; + priv->tx_work_obj = NULL; + priv->wq = alloc_workqueue("mcp251xfd_wq", WQ_FREEZABLE, 0); + if (!priv->wq) { + err = -ENOMEM; + goto out_can_rx_offload_del; + } + INIT_WORK(&priv->tx_work, mcp251xfd_tx_obj_write_sync); + err = mcp251xfd_register(priv); if (err) { dev_err_probe(&spi->dev, err, "Failed to detect %s.\n", mcp251xfd_get_model_str(priv)); - goto out_can_rx_offload_del; + goto out_can_free_wq; } return 0; + out_can_free_wq: + destroy_workqueue(priv->wq); out_can_rx_offload_del: can_rx_offload_del(&priv->offload); out_free_candev: @@ -2165,6 +2175,7 @@ static void mcp251xfd_remove(struct spi_device *spi) struct mcp251xfd_priv *priv = spi_get_drvdata(spi); struct net_device *ndev = priv->ndev; + destroy_workqueue(priv->wq); can_rx_offload_del(&priv->offload); mcp251xfd_unregister(priv); spi->max_speed_hz = priv->spi_max_speed_hz_orig; diff --git a/drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c b/drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c index 160528d3cc26..1e7ddf316643 100644 --- a/drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c +++ b/drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c @@ -131,6 +131,41 @@ mcp251xfd_tx_obj_from_skb(const struct mcp251xfd_priv *priv, tx_obj->xfer[0].len = len; } +static void mcp251xfd_tx_failure_drop(const struct mcp251xfd_priv *priv, + struct mcp251xfd_tx_ring *tx_ring, + int err) +{ + struct net_device *ndev = priv->ndev; + struct net_device_stats *stats = &ndev->stats; + unsigned int frame_len = 0; + u8 tx_head; + + tx_ring->head--; + stats->tx_dropped++; + tx_head = mcp251xfd_get_tx_head(tx_ring); + can_free_echo_skb(ndev, tx_head, &frame_len); + netdev_completed_queue(ndev, 1, frame_len); + netif_wake_queue(ndev); + + if (net_ratelimit()) + netdev_err(priv->ndev, "ERROR in %s: %d\n", __func__, err); +} + +void mcp251xfd_tx_obj_write_sync(struct work_struct *ws) +{ + struct mcp251xfd_priv *priv = container_of(ws, struct mcp251xfd_priv, + tx_work); + struct mcp251xfd_tx_obj *tx_obj = priv->tx_work_obj; + struct mcp251xfd_tx_ring *tx_ring = priv->tx; + int err; + + err = spi_sync(priv->spi, &tx_obj->msg); + if (err) + mcp251xfd_tx_failure_drop(priv, tx_ring, err); + + priv->tx_work_obj = NULL; +} + static int mcp251xfd_tx_obj_write(const struct mcp251xfd_priv *priv, struct mcp251xfd_tx_obj *tx_obj) { @@ -175,7 +210,7 @@ netdev_tx_t mcp251xfd_start_xmit(struct sk_buff *skb, if (can_dev_dropped_skb(ndev, skb)) return NETDEV_TX_OK; - if (mcp251xfd_tx_busy(priv, tx_ring)) + if (mcp251xfd_tx_busy(priv, tx_ring) || priv->tx_work_obj) return NETDEV_TX_BUSY; tx_obj = mcp251xfd_get_tx_obj_next(tx_ring); @@ -193,13 +228,13 @@ netdev_tx_t mcp251xfd_start_xmit(struct sk_buff *skb, netdev_sent_queue(priv->ndev, frame_len); err = mcp251xfd_tx_obj_write(priv, tx_obj); - if (err) - goto out_err; - - return NETDEV_TX_OK; - - out_err: - netdev_err(priv->ndev, "ERROR in %s: %d\n", __func__, err); + if (err == -EBUSY) { + priv->tx_work_obj = tx_obj; + netif_stop_queue(ndev); + queue_work(priv->wq, &priv->tx_work); + } else if (err) { + mcp251xfd_tx_failure_drop(priv, tx_ring, err); + } return NETDEV_TX_OK; } diff --git a/drivers/net/can/spi/mcp251xfd/mcp251xfd.h b/drivers/net/can/spi/mcp251xfd/mcp251xfd.h index 24510b3b8020..4e27a33f4030 100644 --- a/drivers/net/can/spi/mcp251xfd/mcp251xfd.h +++ b/drivers/net/can/spi/mcp251xfd/mcp251xfd.h @@ -633,6 +633,10 @@ struct mcp251xfd_priv { struct mcp251xfd_rx_ring *rx[MCP251XFD_FIFO_RX_NUM]; struct mcp251xfd_tx_ring tx[MCP251XFD_FIFO_TX_NUM]; + struct workqueue_struct *wq; + struct work_struct tx_work; + struct mcp251xfd_tx_obj *tx_work_obj; + DECLARE_BITMAP(flags, __MCP251XFD_FLAGS_SIZE__); u8 rx_ring_num; @@ -952,6 +956,7 @@ void mcp251xfd_skb_set_timestamp(const struct mcp251xfd_priv *priv, void mcp251xfd_timestamp_init(struct mcp251xfd_priv *priv); void mcp251xfd_timestamp_stop(struct mcp251xfd_priv *priv); +void mcp251xfd_tx_obj_write_sync(struct work_struct *ws); netdev_tx_t mcp251xfd_start_xmit(struct sk_buff *skb, struct net_device *ndev); -- 2.34.1

1 year, 4 months

2
4
0 0

[PATCH 5.15 000/168] 5.15.159-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.159 release. There are 168 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 16 May 2024 10:09:32 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.159-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.159-rc1 Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix firmware check error path Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix NVM configuration parsing Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: add missing firmware sanity checks Johan Hovold <johan+linaro(a)kernel.org> regulator: core: fix debugfs creation regression Lakshmi Yadlapati <lakshmiy(a)us.ibm.com> hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> net: fix out-of-bounds access in ops_init Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix invalid reads in fence signaled events Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add lunar lake point M DID Viken Dadhaniya <quic_vdadhani(a)quicinc.com> slimbus: qcom-ngd-ctrl: Add timeout for wait operation Jim Cromie <jim.cromie(a)gmail.com> dyndbg: fix old BUG_ON in >control parser Joao Paulo Goncalves <joao.goncalves(a)toradex.com> ASoC: ti: davinci-mcasp: Fix race condition during probe Sameer Pujar <spujar(a)nvidia.com> ASoC: tegra: Fix DSPK 16-bit playback Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() Paolo Abeni <pabeni(a)redhat.com> tipc: fix UAF in error path Hans de Goede <hdegoede(a)redhat.com> iio: accel: mxc4005: Interrupt handling fixes Ramona Gradinariu <ramona.bolboaca13(a)gmail.com> iio:imu: adis16475: Fix sync mode setting Javier Carrasco <javier.carrasco.cruz(a)gmail.com> dt-bindings: iio: health: maxim,max30102: fix compatible check Paolo Abeni <pabeni(a)redhat.com> mptcp: ensure snd_nxt is properly initialized on connect Dominique Martinet <dominique.martinet(a)atmark-techno.com> btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() Aman Dhoot <amandhoot12(a)gmail.com> ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: core: Prevent phy suspend during init Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: xhci-plat: Don't include xhci.h Chris Wulff <Chris.Wulff(a)biamp.com> usb: gadget: f_fs: Fix a race condition when processing setup packets. Peter Korsgaard <peter(a)korsgaard.com> usb: gadget: composite: fix OS descriptors w_value logic Guenter Roeck <linux(a)roeck-us.net> usb: ohci: Prevent missed ohci interrupts Alan Stern <stern(a)rowland.harvard.edu> usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Fix connector check on init Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Check for notifications after init Rob Herring <robh(a)kernel.org> arm64: dts: qcom: Fix 'interrupt-map' parent address cells Linus Torvalds <torvalds(a)linux-foundation.org> Reapply "drm/qxl: simplify qxl_fence_wait" Thanassis Avgerinos <thanassis.avgerinos(a)gmail.com> firewire: nosy: ensure user_length is taken into account when fetching packet contents Dmitry Antipov <dmantipov(a)yandex.ru> btrfs: fix kvcalloc() arguments order in btrfs_ioctl_send() Vanshidhar Konda <vanshikonda(a)os.amperecomputing.com> ACPI: CPPC: Fix access width used for PCC registers Jarred White <jarredwhite(a)linux.microsoft.com> ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro Easwar Hariharan <eahariha(a)linux.microsoft.com> Revert "Revert "ACPI: CPPC: Use access_width over bit_width for system memory accesses"" Gabe Teeger <gabe.teeger(a)amd.com> drm/amd/display: Atom Integrated System Info v2_2 for DCN35 Douglas Anderson <dianders(a)chromium.org> drm/connector: Add \n to message about demoting connector force-probes Jerome Brunet <jbrunet(a)baylibre.com> drm/meson: dw-hdmi: add bandgap setting for g12 Jerome Brunet <jbrunet(a)baylibre.com> drm/meson: dw-hdmi: power up phy on device init Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix port vlan filter not disabled issue Jian Shen <shenjian15(a)huawei.com> net: hns3: split function hclge_init_vlan_config() Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: use appropriate barrier function after setting a bit value Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: change type of numa_node_mask as nodemask_t Jie Wang <wangjie125(a)huawei.com> net: hns3: refactor hclge_cmd_send with new hclge_comm_cmd_send API Jie Wang <wangjie125(a)huawei.com> net: hns3: create new set of unified hclge_comm_cmd_send APIs Jie Wang <wangjie125(a)huawei.com> net: hns3: create new cmdq hardware description structure hclge_comm_hw Jie Wang <wangjie125(a)huawei.com> net: hns3: refactor hns3 makefile to support hns3_common module Jian Shen <shenjian15(a)huawei.com> net: hns3: direct return when receive a unknown mailbox message Hao Lan <lanhao(a)huawei.com> net: hns3: refactor function hclge_mbx_handler() Guangbin Huang <huangguangbin2(a)huawei.com> net: hns3: add query vf ring and vector map relation Yufeng Mo <moyufeng(a)huawei.com> net: hns3: add log for workqueue scheduled late Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: using user configure after hardware reset Guangbin Huang <huangguangbin2(a)huawei.com> net: hns3: PF support get unicast MAC address space assigned by firmware Eric Dumazet <edumazet(a)google.com> ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() Felix Fietkau <nbd(a)nbd.name> net: bridge: fix corrupted ethernet header on multicast-to-unicast Eric Dumazet <edumazet(a)google.com> phonet: fix rtm_phonet_notify() skb allocation Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use a separate buffer for sending commands Roded Zats <rzats(a)paloaltonetworks.com> rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Eric Dumazet <edumazet(a)google.com> tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets Boy.Wu <boy.wu(a)mediatek.com> ARM: 9381/1: kasan: clear stale stack poison Paul Davey <paul.davey(a)alliedtelesis.co.nz> xfrm: Preserve vlan tags for transport mode software GRO Al Viro <viro(a)zeniv.linux.org.uk> qibfs: fix dentry leak Neil Armstrong <narmstrong(a)baylibre.com> ASoC: meson: axg-tdm-interface: Fix formatters in trigger" Neil Armstrong <narmstrong(a)baylibre.com> ASoC: meson: axg-card: Fix nonatomic links John Fastabend <john.fastabend(a)gmail.com> bpf, sockmap: Improved check for empty queue John Fastabend <john.fastabend(a)gmail.com> bpf, sockmap: Reschedule is now done through backlog John Fastabend <john.fastabend(a)gmail.com> bpf, sockmap: Convert schedule_work into delayed_work John Fastabend <john.fastabend(a)gmail.com> bpf, sockmap: Handle fin correctly John Fastabend <john.fastabend(a)gmail.com> bpf, sockmap: TCP data stall on recv before accept Vanillan Wang <vanillanwang(a)163.com> net:usb:qmi_wwan: support Rolling modules Lyude Paul <lyude(a)redhat.com> drm/nouveau/dp: Don't probe eDP ports twice harder Joakim Sindholt <opensource(a)zhasha.com> fs/9p: drop inodes immediately on non-.L too Stephen Boyd <sboyd(a)kernel.org> clk: Don't hold prepare_lock when calling kref_put() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: crystalcove: Use -ENOTSUPP consistently Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: wcove: Use -ENOTSUPP consistently Jeff Layton <jlayton(a)kernel.org> 9p: explicitly deny setlease attempts Joakim Sindholt <opensource(a)zhasha.com> fs/9p: translate O_TRUNC into OTRUNC Joakim Sindholt <opensource(a)zhasha.com> fs/9p: only translate RWX permissions for plain 9P2000 Krzysztof Kozlowski <krzk(a)kernel.org> iommu: mtk: fix module autoloading John Stultz <jstultz(a)google.com> selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: scall: Save thread_info.syscall unconditionally on entry Thierry Reding <treding(a)nvidia.com> gpu: host1x: Do not setup DMA for virtual devices Rik van Riel <riel(a)surriel.com> blk-iocost: avoid out of bounds shift Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix SELinux error when systemd-modules loads the target module Boris Burkov <boris(a)bur.io> btrfs: always clear PERTRANS metadata during commit Boris Burkov <boris(a)bur.io> btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve Peng Liu <liupeng17(a)lenovo.com> tools/power turbostat: Fix Bzy_MHz documentation typo Doug Smythies <dsmythies(a)telus.net> tools/power turbostat: Fix added raw MSR output Adam Goldman <adamg(a)pobox.com> firewire: ohci: mask bus reset interrupts between ISR and bottom half Chen Ni <nichen(a)iscas.ac.cn> ata: sata_gemini: Check clk_enable() result Phil Elwell <phil(a)raspberrypi.com> net: bcmgenet: Reset RBUF on first open Takashi Iwai <tiwai(a)suse.de> ALSA: line6: Zero-initialize message buffers Borislav Petkov (AMD) <bp(a)alien8.de> kbuild: Disable KCSAN for autogenerated *.mod.c intermediaries Anand Jain <anand.jain(a)oracle.com> btrfs: return accurate error code on open failure in open_fs_devices() Saurav Kashyap <skashyap(a)marvell.com> scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload linke li <lilinke99(a)qq.com> net: mark racy access on sk->sk_rcvbuf Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> wifi: cfg80211: fix rdev_dump_mpp() arguments order Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc Andrew Price <anprice(a)redhat.com> gfs2: Fix invalid metadata access in punch_hole Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Move NPIV's transport unregistration to after resource clean up Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() Marc Zyngier <maz(a)kernel.org> KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id Jernej Skrabec <jernej.skrabec(a)gmail.com> clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change Richard Gobert <richardbgobert(a)gmail.com> net: gro: add flush check in udp_gro_receive_segment Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Use predefined error codes Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Respect deferred probe Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: Fix kernel panic after setting hsuid Julian Wiedmann <jwi(a)linux.ibm.com> s390/qeth: don't keep track of Input Queue count Xin Long <lucien.xin(a)gmail.com> tipc: fix a possible memleak in tipc_buf_append Felix Fietkau <nbd(a)nbd.name> net: core: reject skb_copy(_expand) for fraglist GSO skbs Felix Fietkau <nbd(a)nbd.name> net: bridge: fix multicast-to-unicast with fraglist GSO Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> cxgb4: Properly lock TX queue for the selftest. Bui Quang Minh <minhquangbui99(a)gmail.com> s390/cio: Ensure the copied buf is NUL terminated Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: cards: select SND_DYNAMIC_MINORS Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-tdm-interface: manage formatters in trigger Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-card: make links nonatomic Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-fifo: use threaded irq to check periods Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-fifo: use FIELD helpers Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_actions() Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flow_spec Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flower Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() Jens Remus <jremus(a)linux.ibm.com> s390/vdso: Add CFI for RA register to asm macro vdso_func David Bauer <mail(a)david-bauer.net> net l2tp: drop flow hash on forward Kuniyuki Iwashima <kuniyu(a)amazon.com> nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). Bui Quang Minh <minhquangbui99(a)gmail.com> octeontx2-af: avoid off-by-one read from userspace Bui Quang Minh <minhquangbui99(a)gmail.com> bna: ensure the copied buf is NUL terminated Toke Høiland-Jørgensen <toke(a)redhat.com> xdp: use flags field to disambiguate broadcast redirect Toke Høiland-Jørgensen <toke(a)redhat.com> xdp: Add xdp_do_redirect_frame() for pre-computed xdp_frames Toke Høiland-Jørgensen <toke(a)redhat.com> xdp: Move conversion to xdp_frame out of map functions Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix clearing storage keys for huge pages Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix storage key clearing for guest huge pages Devyn Liu <liudingyuan(a)huawei.com> spi: hisi-kunpeng: Delete the dump interface of data registers in debugfs Anton Protopopov <aspsk(a)isovalent.com> bpf: Fix a verifier verbose message Jason Xing <kernelxing(a)tencent.com> bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Andrii Nakryiko <andrii(a)kernel.org> bpf, kconfig: Fix DEBUG_INFO_BTF_MODULES Kconfig definition AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> regulator: mt6360: De-capitalize devicetree regulator subnodes Zeng Heng <zengheng4(a)huawei.com> pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> power: supply: mt6360_charger: Fix of_match for usb-otg-vbus regulator Arnd Bergmann <arnd(a)arndb.de> power: rt9455: hide unused rt9455_boost_voltage_values Kuniyuki Iwashima <kuniyu(a)amazon.com> nfs: Handle error of rpc_proc_register() in nfs_net_init(). Josef Bacik <josef(a)toxicpanda.com> nfs: make the rpc_stat per net namespace Josef Bacik <josef(a)toxicpanda.com> nfs: expose /proc/net/sunrpc/nfs in net namespaces Josef Bacik <josef(a)toxicpanda.com> sunrpc: add a struct rpc_stats arg to rpc_create_args Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Rework mtk_pinconf_{get,set} switch/case logic Dan Carpenter <dan.carpenter(a)linaro.org> pinctrl: core: delete incorrect free in pinctrl_enable() Jan Dakinevich <jan.dakinevich(a)salutedevices.com> pinctrl/meson: fix typo in PDM's pin name Billy Tsai <billy_tsai(a)aspeedtech.com> pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T Daniel Okazaki <dtokazaki(a)google.com> eeprom: at24: fix memory corruption race condition Heiner Kallweit <hkallweit1(a)gmail.com> eeprom: at24: Probe for DDR3 thermal sensor in the SPD case Alexander Stein <alexander.stein(a)ew.tq-group.com> eeprom: at24: Use dev_err_probe for nvmem register failure Marios Makassikis <mmakassikis(a)freebox.fr> ksmbd: clear RENAME_NOREPLACE before calling vfs_rename Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: validate request buffer size in smb2_allocate_rsp_buf() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: don't free NULL coalescing rule Vinod Koul <vkoul(a)kernel.org> dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state" Bumyong Lee <bumyong.lee(a)samsung.com> dmaengine: pl330: issue_pending waits until WFP state ------------- Diffstat: .../bindings/iio/health/maxim,max30102.yaml | 2 +- Makefile | 4 +- arch/arm/kernel/sleep.S | 4 + arch/arm64/boot/dts/qcom/msm8998.dtsi | 8 +- arch/arm64/boot/dts/qcom/sdm845.dtsi | 16 +- arch/arm64/kvm/vgic/vgic-kvm-device.c | 12 +- arch/mips/include/asm/ptrace.h | 2 +- arch/mips/kernel/asm-offsets.c | 1 + arch/mips/kernel/ptrace.c | 15 +- arch/mips/kernel/scall32-o32.S | 23 +- arch/mips/kernel/scall64-n32.S | 3 +- arch/mips/kernel/scall64-n64.S | 3 +- arch/mips/kernel/scall64-o32.S | 33 +- arch/s390/include/asm/dwarf.h | 1 + arch/s390/kernel/vdso64/vdso_user_wrapper.S | 2 + arch/s390/mm/gmap.c | 2 +- arch/s390/mm/hugetlbpage.c | 2 +- block/blk-iocost.c | 7 +- drivers/acpi/cppc_acpi.c | 67 ++- drivers/ata/sata_gemini.c | 5 +- drivers/bluetooth/btqca.c | 62 ++- drivers/clk/clk.c | 12 +- drivers/clk/sunxi-ng/ccu-sun50i-h6.c | 19 +- drivers/firewire/nosy.c | 6 +- drivers/firewire/ohci.c | 6 +- drivers/gpio/gpio-crystalcove.c | 2 +- drivers/gpio/gpio-wcove.c | 2 +- drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 1 + drivers/gpu/drm/drm_connector.c | 2 +- drivers/gpu/drm/meson/meson_dw_hdmi.c | 70 ++- drivers/gpu/drm/nouveau/nouveau_dp.c | 13 +- drivers/gpu/drm/panel/panel-ilitek-ili9341.c | 8 +- drivers/gpu/drm/qxl/qxl_release.c | 50 +-- drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 +- drivers/gpu/host1x/bus.c | 8 - drivers/hwmon/corsair-cpro.c | 43 +- drivers/hwmon/pmbus/ucd9000.c | 6 +- drivers/iio/accel/mxc4005.c | 24 +- drivers/iio/imu/adis16475.c | 4 +- drivers/infiniband/hw/qib/qib_fs.c | 1 + drivers/iommu/mtk_iommu.c | 1 + drivers/iommu/mtk_iommu_v1.c | 1 + drivers/misc/eeprom/at24.c | 46 +- drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/net/dsa/mv88e6xxx/chip.c | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 20 +- drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 4 +- drivers/net/ethernet/chelsio/cxgb4/sge.c | 6 +- drivers/net/ethernet/hisilicon/hns3/Makefile | 18 +- drivers/net/ethernet/hisilicon/hns3/hclge_mbx.h | 15 + drivers/net/ethernet/hisilicon/hns3/hnae3.h | 3 +- .../hisilicon/hns3/hns3_common/hclge_comm_cmd.c | 259 +++++++++++ .../hisilicon/hns3/hns3_common/hclge_comm_cmd.h | 121 +++++ drivers/net/ethernet/hisilicon/hns3/hns3_debugfs.c | 2 + .../net/ethernet/hisilicon/hns3/hns3pf/Makefile | 12 - .../net/ethernet/hisilicon/hns3/hns3pf/hclge_cmd.c | 311 ++----------- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_cmd.h | 85 +--- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 221 +++++---- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.h | 17 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 494 +++++++++++++++------ .../ethernet/hisilicon/hns3/hns3pf/hclge_mdio.c | 4 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 2 +- .../net/ethernet/hisilicon/hns3/hns3vf/Makefile | 10 - .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 10 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 2 +- .../ethernet/marvell/octeontx2/af/rvu_debugfs.c | 4 +- drivers/net/ethernet/qlogic/qede/qede_filter.c | 14 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/pinctrl/aspeed/pinctrl-aspeed-g6.c | 34 +- drivers/pinctrl/core.c | 8 +- drivers/pinctrl/devicetree.c | 10 +- drivers/pinctrl/mediatek/pinctrl-paris.c | 180 +++----- drivers/pinctrl/meson/pinctrl-meson-a1.c | 6 +- drivers/power/supply/mt6360_charger.c | 2 +- drivers/power/supply/rt9455_charger.c | 2 + drivers/regulator/core.c | 27 +- drivers/regulator/mt6360-regulator.c | 32 +- drivers/s390/cio/cio_inject.c | 2 +- drivers/s390/net/qeth_core.h | 1 - drivers/s390/net/qeth_core_main.c | 78 ++-- drivers/scsi/bnx2fc/bnx2fc_tgt.c | 2 - drivers/scsi/lpfc/lpfc.h | 1 - drivers/scsi/lpfc/lpfc_nvme.c | 4 +- drivers/scsi/lpfc/lpfc_scsi.c | 13 +- drivers/scsi/lpfc/lpfc_vport.c | 8 +- drivers/slimbus/qcom-ngd-ctrl.c | 6 +- drivers/spi/spi-hisi-kunpeng.c | 2 - drivers/target/target_core_configfs.c | 12 + drivers/usb/core/hub.c | 5 +- drivers/usb/dwc3/core.c | 90 ++-- drivers/usb/dwc3/core.h | 1 + drivers/usb/dwc3/gadget.c | 2 + drivers/usb/dwc3/host.c | 27 ++ drivers/usb/gadget/composite.c | 6 +- drivers/usb/gadget/function/f_fs.c | 2 +- drivers/usb/host/ohci-hcd.c | 8 + drivers/usb/host/xhci-plat.h | 4 +- drivers/usb/typec/ucsi/ucsi.c | 12 +- fs/9p/vfs_file.c | 2 + fs/9p/vfs_inode.c | 5 +- fs/9p/vfs_super.c | 1 + fs/btrfs/inode.c | 2 +- fs/btrfs/send.c | 4 +- fs/btrfs/transaction.c | 2 +- fs/btrfs/volumes.c | 18 +- fs/gfs2/bmap.c | 5 +- fs/ksmbd/server.c | 13 +- fs/ksmbd/smb2pdu.c | 4 + fs/ksmbd/vfs.c | 5 + fs/nfs/client.c | 5 +- fs/nfs/inode.c | 13 +- fs/nfs/internal.h | 2 - fs/nfs/netns.h | 2 + include/linux/bpf.h | 20 +- include/linux/dma-fence.h | 7 - include/linux/filter.h | 4 + include/linux/skbuff.h | 15 + include/linux/skmsg.h | 5 +- include/linux/sunrpc/clnt.h | 1 + include/net/xfrm.h | 3 + kernel/bpf/cpumap.c | 8 +- kernel/bpf/devmap.c | 32 +- kernel/bpf/verifier.c | 3 +- lib/Kconfig.debug | 5 +- lib/dynamic_debug.c | 6 +- net/bluetooth/l2cap_core.c | 3 + net/bluetooth/sco.c | 4 + net/bridge/br_forward.c | 9 +- net/core/filter.c | 117 ++++- net/core/net_namespace.c | 13 +- net/core/rtnetlink.c | 2 +- net/core/skbuff.c | 27 +- net/core/skmsg.c | 53 +-- net/core/sock.c | 4 +- net/core/sock_map.c | 3 +- net/ipv4/tcp.c | 4 +- net/ipv4/tcp_bpf.c | 51 +++ net/ipv4/tcp_input.c | 2 + net/ipv4/tcp_ipv4.c | 8 +- net/ipv4/tcp_output.c | 4 +- net/ipv4/udp_offload.c | 12 +- net/ipv4/xfrm4_input.c | 6 +- net/ipv6/fib6_rules.c | 6 +- net/ipv6/xfrm6_input.c | 6 +- net/l2tp/l2tp_eth.c | 3 + net/mac80211/ieee80211_i.h | 4 +- net/mptcp/protocol.c | 3 + net/nsh/nsh.c | 14 +- net/phonet/pn_netlink.c | 2 +- net/sunrpc/clnt.c | 5 +- net/tipc/msg.c | 8 +- net/wireless/nl80211.c | 2 + net/wireless/trace.h | 2 +- net/xfrm/xfrm_input.c | 8 + scripts/Makefile.modfinal | 2 +- sound/hda/intel-sdw-acpi.c | 2 + sound/pci/hda/patch_realtek.c | 1 + sound/soc/meson/Kconfig | 1 + sound/soc/meson/axg-fifo.c | 56 ++- sound/soc/meson/axg-fifo.h | 12 +- sound/soc/meson/axg-frddr.c | 5 +- sound/soc/meson/axg-toddr.c | 22 +- sound/soc/tegra/tegra186_dspk.c | 7 +- sound/soc/ti/davinci-mcasp.c | 12 +- sound/usb/line6/driver.c | 6 +- tools/power/x86/turbostat/turbostat.8 | 2 +- tools/power/x86/turbostat/turbostat.c | 7 +- tools/testing/selftests/timers/valid-adjtimex.c | 73 ++- 169 files changed, 2199 insertions(+), 1417 deletions(-)

1 year, 4 months

6
176
0 0

[PATCH 6.1 000/236] 6.1.91-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.91 release. There are 236 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 16 May 2024 10:09:32 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.91-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.91-rc1 Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix firmware check error path Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix info leak when fetching fw build id Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix info leak when fetching board id Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix NVM configuration parsing Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: add missing firmware sanity checks Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: do not grant v2 lease if parent lease key and epoch are not set Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: avoid to send duplicate lease break notifications Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: off ipv6only for both ipv4/ipv6 binding Conor Dooley <conor.dooley(a)microchip.com> spi: microchip-core-qspi: fix setting spi bus clock rate Johan Hovold <johan+linaro(a)kernel.org> regulator: core: fix debugfs creation regression Kefeng Wang <wangkefeng.wang(a)huawei.com> mm: use memalloc_nofs_save() in page_cache_ra_order() Lakshmi Yadlapati <lakshmiy(a)us.ibm.com> hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> net: fix out-of-bounds access in ops_init George Shen <george.shen(a)amd.com> drm/amd/display: Handle Y carry-over in VCP X.Y calculation Karthikeyan Ramasubramanian <kramasub(a)chromium.org> drm/i915/bios: Fix parsing backlight BDB data Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix invalid reads in fence signaled events Alex Deucher <alexander.deucher(a)amd.com> drm/amdkfd: don't allow mapping the MMIO HDP page with large pages Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add lunar lake point M DID Viken Dadhaniya <quic_vdadhani(a)quicinc.com> slimbus: qcom-ngd-ctrl: Add timeout for wait operation Jim Cromie <jim.cromie(a)gmail.com> dyndbg: fix old BUG_ON in >control parser Joao Paulo Goncalves <joao.goncalves(a)toradex.com> ASoC: ti: davinci-mcasp: Fix race condition during probe Sameer Pujar <spujar(a)nvidia.com> ASoC: tegra: Fix DSPK 16-bit playback Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize UMAC_CMD access Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access Paolo Abeni <pabeni(a)redhat.com> tipc: fix UAF in error path Alexander Potapenko <glider(a)google.com> kmsan: compiler_types: declare __no_sanitize_or_inline Hans de Goede <hdegoede(a)redhat.com> iio: accel: mxc4005: Interrupt handling fixes Ramona Gradinariu <ramona.bolboaca13(a)gmail.com> iio:imu: adis16475: Fix sync mode setting Javier Carrasco <javier.carrasco.cruz(a)gmail.com> dt-bindings: iio: health: maxim,max30102: fix compatible check Paolo Abeni <pabeni(a)redhat.com> mptcp: ensure snd_nxt is properly initialized on connect Dan Carpenter <dan.carpenter(a)linaro.org> mm/slab: make __free(kfree) accept error pointers Dominique Martinet <dominique.martinet(a)atmark-techno.com> btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() Aman Dhoot <amandhoot12(a)gmail.com> ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU Badhri Jagan Sridharan <badhri(a)google.com> usb: typec: tcpm: Check for port partner validity before consuming it Amit Sunil Dhamne <amitsd(a)google.com> usb: typec: tcpm: unregister existing source caps before re-registration Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: core: Prevent phy suspend during init Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: xhci-plat: Don't include xhci.h Chris Wulff <Chris.Wulff(a)biamp.com> usb: gadget: f_fs: Fix a race condition when processing setup packets. Peter Korsgaard <peter(a)korsgaard.com> usb: gadget: composite: fix OS descriptors w_value logic Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix access violation during port device removal Guenter Roeck <linux(a)roeck-us.net> usb: ohci: Prevent missed ohci interrupts Alan Stern <stern(a)rowland.harvard.edu> usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Fix connector check on init Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Check for notifications after init Benno Lossin <benno.lossin(a)proton.me> rust: macros: fix soundness issue in `module!` macro Thomas Bertschinger <tahbertschinger(a)gmail.com> rust: module: place generated init_module() function in .init.text Andrea Righi <andrea.righi(a)canonical.com> btf, scripts: rust: drop is_rust_module.sh Andrea Righi <andrea.righi(a)canonical.com> rust: fix regexp in scripts/is_rust_module.sh Asahi Lina <lina(a)asahilina.net> rust: error: Rename to_kernel_errno() -> to_errno() Linus Torvalds <torvalds(a)linux-foundation.org> Reapply "drm/qxl: simplify qxl_fence_wait" Thanassis Avgerinos <thanassis.avgerinos(a)gmail.com> firewire: nosy: ensure user_length is taken into account when fetching packet contents Dmitry Antipov <dmantipov(a)yandex.ru> btrfs: fix kvcalloc() arguments order in btrfs_ioctl_send() Christian König <christian.koenig(a)amd.com> drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 Leah Rumancik <leah.rumancik(a)gmail.com> MAINTAINERS: add leah to 6.1 MAINTAINERS file Gabe Teeger <gabe.teeger(a)amd.com> drm/amd/display: Atom Integrated System Info v2_2 for DCN35 Kent Gibson <warthog618(a)gmail.com> gpiolib: cdev: fix uninitialised kfifo Kent Gibson <warthog618(a)gmail.com> gpiolib: cdev: relocate debounce_period_us from struct gpio_desc Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: cdev: Add missing header(s) Mario Limonciello <mario.limonciello(a)amd.com> dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users Douglas Anderson <dianders(a)chromium.org> drm/connector: Add \n to message about demoting connector force-probes Jerome Brunet <jbrunet(a)baylibre.com> drm/meson: dw-hdmi: add bandgap setting for g12 Jerome Brunet <jbrunet(a)baylibre.com> drm/meson: dw-hdmi: power up phy on device init Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix kernel crash when devlink reload during initialization Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix port vlan filter not disabled issue Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: use appropriate barrier function after setting a bit value Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: release PTP resources if pf initialization failed Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: change type of numa_node_mask as nodemask_t Jian Shen <shenjian15(a)huawei.com> net: hns3: direct return when receive a unknown mailbox message Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: using user configure after hardware reset Wen Gu <guwen(a)linux.alibaba.com> net/smc: fix neighbour and rtable leak in smc_ib_find_route() Eric Dumazet <edumazet(a)google.com> ipv6: prevent NULL dereference in ip6_output() Eric Dumazet <edumazet(a)google.com> ipv6: annotate data-races around cnf.disable_ipv6 Lukasz Majewski <lukma(a)denx.de> hsr: Simplify code for announcing HSR nodes timer setup Eric Dumazet <edumazet(a)google.com> net-sysfs: convert dev->operstate reads to lockless ones Thomas Gleixner <tglx(a)linutronix.de> timers: Rename del_timer() to timer_delete() Thomas Gleixner <tglx(a)linutronix.de> timers: Get rid of del_singleshot_timer_sync() Eric Dumazet <edumazet(a)google.com> ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() Felix Fietkau <nbd(a)nbd.name> net: bridge: fix corrupted ethernet header on multicast-to-unicast Eric Dumazet <edumazet(a)google.com> phonet: fix rtm_phonet_notify() skb allocation Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use a separate buffer for sending commands Roded Zats <rzats(a)paloaltonetworks.com> rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Marek Vasut <marex(a)denx.de> net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout Sungwoo Kim <iam(a)sung-woo.kim> Bluetooth: msft: fix slab-use-after-free in msft_do_close() Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Eric Dumazet <edumazet(a)google.com> tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets Boy.Wu <boy.wu(a)mediatek.com> ARM: 9381/1: kasan: clear stale stack poison Paul Davey <paul.davey(a)alliedtelesis.co.nz> xfrm: Preserve vlan tags for transport mode software GRO Al Viro <viro(a)zeniv.linux.org.uk> qibfs: fix dentry leak Namhyung Kim <namhyung(a)kernel.org> perf unwind-libdw: Handle JIT-generated DSOs properly Namhyung Kim <namhyung(a)kernel.org> perf unwind-libunwind: Fix base address for .eh_frame Geert Uytterhoeven <geert+renesas(a)glider.be> spi: Merge spi_controller.{slave,target}_abort() Miguel Ojeda <ojeda(a)kernel.org> kbuild: rust: avoid creating temporary files Vanillan Wang <vanillanwang(a)163.com> net:usb:qmi_wwan: support Rolling modules Lyude Paul <lyude(a)redhat.com> drm/nouveau/dp: Don't probe eDP ports twice harder Joakim Sindholt <opensource(a)zhasha.com> fs/9p: drop inodes immediately on non-.L too Stephen Boyd <sboyd(a)kernel.org> clk: Don't hold prepare_lock when calling kref_put() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: crystalcove: Use -ENOTSUPP consistently Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: wcove: Use -ENOTSUPP consistently Jeff Layton <jlayton(a)kernel.org> 9p: explicitly deny setlease attempts Joakim Sindholt <opensource(a)zhasha.com> fs/9p: translate O_TRUNC into OTRUNC Joakim Sindholt <opensource(a)zhasha.com> fs/9p: only translate RWX permissions for plain 9P2000 Krzysztof Kozlowski <krzk(a)kernel.org> iommu: mtk: fix module autoloading Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted Rick Edgecombe <rick.p.edgecombe(a)intel.com> uio_hv_generic: Don't free decrypted memory Rick Edgecombe <rick.p.edgecombe(a)intel.com> Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl John Stultz <jstultz(a)google.com> selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Refine IB schedule error logging Justin Ernst <justin.ernst(a)hpe.com> tools/power/turbostat: Fix uncore frequency file string Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: scall: Save thread_info.syscall unconditionally on entry Thierry Reding <treding(a)nvidia.com> gpu: host1x: Do not setup DMA for virtual devices Rik van Riel <riel(a)surriel.com> blk-iocost: avoid out of bounds shift Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix SELinux error when systemd-modules loads the target module Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `BIT' Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `panic' Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `early_pfn_to_nid' Boris Burkov <boris(a)bur.io> btrfs: always clear PERTRANS metadata during commit Boris Burkov <boris(a)bur.io> btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve Peng Liu <liupeng17(a)lenovo.com> tools/power turbostat: Fix Bzy_MHz documentation typo Wyes Karny <wyes.karny(a)amd.com> tools/power turbostat: Increase the limit for fd opened Doug Smythies <dsmythies(a)telus.net> tools/power turbostat: Fix added raw MSR output Adam Goldman <adamg(a)pobox.com> firewire: ohci: mask bus reset interrupts between ISR and bottom half Chen Ni <nichen(a)iscas.ac.cn> ata: sata_gemini: Check clk_enable() result Phil Elwell <phil(a)raspberrypi.com> net: bcmgenet: Reset RBUF on first open Li Nan <linan122(a)huawei.com> block: fix overflow in blk_ioctl_discard() Takashi Iwai <tiwai(a)suse.de> ALSA: line6: Zero-initialize message buffers Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: WLUN suspend dev/link state error recovery Borislav Petkov (AMD) <bp(a)alien8.de> kbuild: Disable KCSAN for autogenerated *.mod.c intermediaries Andrei Matei <andreimatei1(a)gmail.com> bpf: Check bloom filter map value size Anand Jain <anand.jain(a)oracle.com> btrfs: return accurate error code on open failure in open_fs_devices() Saurav Kashyap <skashyap(a)marvell.com> scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> scsi: mpi3mr: Avoid memcpy field-spanning write WARNING linke li <lilinke99(a)qq.com> net: mark racy access on sk->sk_rcvbuf Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> wifi: cfg80211: fix rdev_dump_mpp() arguments order Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc Andrew Price <anprice(a)redhat.com> gfs2: Fix invalid metadata access in punch_hole Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Move NPIV's transport unregistration to after resource clean up Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() Marc Zyngier <maz(a)kernel.org> KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id Gaurav Batra <gbatra(a)linux.ibm.com> powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE Nayna Jain <nayna(a)linux.ibm.com> powerpc/pseries: make max polling consistent for longer H_CALLs Nayna Jain <nayna(a)linux.ibm.com> powerpc/pseries: Implement signed update for PLPKS objects Russell Currey <ruscur(a)russell.cc> powerpc/pseries: Move PLPKS constants to header file Nayna Jain <nayna(a)linux.ibm.com> powerpc/pseries: replace kmalloc with kzalloc in PLPKS driver Jernej Skrabec <jernej.skrabec(a)gmail.com> clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change Richard Gobert <richardbgobert(a)gmail.com> net: gro: add flush check in udp_gro_receive_segment Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Use predefined error codes Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Respect deferred probe Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: Fix kernel panic after setting hsuid Guillaume Nault <gnault(a)redhat.com> vxlan: Pull inner IP header in vxlan_rcv(). Xin Long <lucien.xin(a)gmail.com> tipc: fix a possible memleak in tipc_buf_append Felix Fietkau <nbd(a)nbd.name> net: core: reject skb_copy(_expand) for fraglist GSO skbs Felix Fietkau <nbd(a)nbd.name> net: bridge: fix multicast-to-unicast with fraglist GSO Mans Rullgard <mans(a)mansr.com> spi: fix null pointer dereference within spi_sync Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> cxgb4: Properly lock TX queue for the selftest. Bui Quang Minh <minhquangbui99(a)gmail.com> s390/cio: Ensure the copied buf is NUL terminated Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: cards: select SND_DYNAMIC_MINORS Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-tdm-interface: manage formatters in trigger Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-card: make links nonatomic Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-fifo: use threaded irq to check periods Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-fifo: use FIELD helpers Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_actions() Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flow_spec Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flower Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() Jens Remus <jremus(a)linux.ibm.com> s390/vdso: Add CFI for RA register to asm macro vdso_func David Bauer <mail(a)david-bauer.net> net l2tp: drop flow hash on forward Kuniyuki Iwashima <kuniyu(a)amazon.com> nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). Bui Quang Minh <minhquangbui99(a)gmail.com> octeontx2-af: avoid off-by-one read from userspace Bui Quang Minh <minhquangbui99(a)gmail.com> bna: ensure the copied buf is NUL terminated Toke Høiland-Jørgensen <toke(a)redhat.com> xdp: use flags field to disambiguate broadcast redirect Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix clearing storage keys for huge pages Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix storage key clearing for guest huge pages Xu Kuohai <xukuohai(a)huawei.com> bpf, arm64: Fix incorrect runtime stats Devyn Liu <liudingyuan(a)huawei.com> spi: hisi-kunpeng: Delete the dump interface of data registers in debugfs David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: fix version format string David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: use common AXI macros David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: move msg state to new struct David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: use devm_spi_alloc_host() David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: simplify driver data allocation Li Zetao <lizetao1(a)huawei.com> spi: spi-axi-spi-engine: Use helper function devm_clk_get_enabled() Yang Yingliang <yangyingliang(a)huawei.com> spi: spi-axi-spi-engine: switch to use modern name Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> spi: axi-spi-engine: Convert to platform remove callback returning void Yang Yingliang <yangyingliang(a)huawei.com> spi: introduce new helpers with using modern naming Anton Protopopov <aspsk(a)isovalent.com> bpf: Fix a verifier verbose message Yi Zhang <yi.zhang(a)redhat.com> nvme: fix warn output about shared namespaces without CONFIG_NVME_MULTIPATH Jason Xing <kernelxing(a)tencent.com> bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Andrii Nakryiko <andrii(a)kernel.org> bpf, kconfig: Fix DEBUG_INFO_BTF_MODULES Kconfig definition Matti Vaittinen <mazziesaccount(a)gmail.com> regulator: change devm_regulator_get_enable_optional() stub to return Ok Matti Vaittinen <mazziesaccount(a)gmail.com> regulator: change stubbed devm_regulator_get_enable to return Ok AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> regulator: mt6360: De-capitalize devicetree regulator subnodes Zeng Heng <zengheng4(a)huawei.com> pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> power: supply: mt6360_charger: Fix of_match for usb-otg-vbus regulator Arnd Bergmann <arnd(a)arndb.de> power: rt9455: hide unused rt9455_boost_voltage_values Hans de Goede <hdegoede(a)redhat.com> pinctrl: baytrail: Fix selecting gpio pinctrl state Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: intel: Make use of struct pinfunction and PINCTRL_PINFUNCTION() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: Introduce struct pinfunction and PINCTRL_PINFUNCTION() macro Kuniyuki Iwashima <kuniyu(a)amazon.com> nfs: Handle error of rpc_proc_register() in nfs_net_init(). Josef Bacik <josef(a)toxicpanda.com> nfs: make the rpc_stat per net namespace Josef Bacik <josef(a)toxicpanda.com> nfs: expose /proc/net/sunrpc/nfs in net namespaces Josef Bacik <josef(a)toxicpanda.com> sunrpc: add a struct rpc_stats arg to rpc_create_args Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback Dan Carpenter <dan.carpenter(a)linaro.org> pinctrl: core: delete incorrect free in pinctrl_enable() Jan Dakinevich <jan.dakinevich(a)salutedevices.com> pinctrl/meson: fix typo in PDM's pin name Billy Tsai <billy_tsai(a)aspeedtech.com> pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T Steve French <stfrench(a)microsoft.com> smb3: missing lock when picking channel Shyam Prasad N <sprasad(a)microsoft.com> cifs: use the least loaded channel for sending requests Masahiro Yamada <masahiroy(a)kernel.org> kbuild: specify output names separately for each emission type from rustc Masahiro Yamada <masahiroy(a)kernel.org> kbuild: refactor host*_flags Peter Xu <peterx(a)redhat.com> mm/hugetlb: fix missing hugetlb_lock for resv uncharge Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm/hugetlb_cgroup: convert hugetlb_cgroup_uncharge_page() to folios Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm/hugetlb: convert free_huge_page to folios Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm/hugetlb_cgroup: convert hugetlb_cgroup_from_page() to folios Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm/hugetlb_cgroup: convert __set_hugetlb_cgroup() to folios Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm/hugetlb: add folio_hstate() Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm/hugetlb: add hugetlb_folio_subpool() helpers Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm: add private field of first tail to struct page and struct folio Sidhartha Kumar <sidhartha.kumar(a)oracle.com> mm/hugetlb: add folio support to hugetlb specific flag macros Tim Jiang <quic_tjiang(a)quicinc.com> Bluetooth: qca: add support for QCA2066 Daniel Okazaki <dtokazaki(a)google.com> eeprom: at24: fix memory corruption race condition Heiner Kallweit <hkallweit1(a)gmail.com> eeprom: at24: Probe for DDR3 thermal sensor in the SPD case Alexander Stein <alexander.stein(a)ew.tq-group.com> eeprom: at24: Use dev_err_probe for nvmem register failure Wedson Almeida Filho <walmeida(a)microsoft.com> rust: kernel: require `Send` for `Module` implementations Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: don't free NULL coalescing rule Vinod Koul <vkoul(a)kernel.org> dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state" Bumyong Lee <bumyong.lee(a)samsung.com> dmaengine: pl330: issue_pending waits until WFP state ------------- Diffstat: .../bindings/iio/health/maxim,max30102.yaml | 2 +- MAINTAINERS | 1 + Makefile | 4 +- arch/arm/kernel/sleep.S | 4 + arch/arm64/kvm/vgic/vgic-kvm-device.c | 12 +- arch/arm64/net/bpf_jit_comp.c | 6 +- arch/mips/include/asm/ptrace.h | 2 +- arch/mips/kernel/asm-offsets.c | 1 + arch/mips/kernel/ptrace.c | 15 +- arch/mips/kernel/scall32-o32.S | 23 +- arch/mips/kernel/scall64-n32.S | 3 +- arch/mips/kernel/scall64-n64.S | 3 +- arch/mips/kernel/scall64-o32.S | 33 +-- arch/powerpc/include/asm/hvcall.h | 1 + arch/powerpc/platforms/pseries/iommu.c | 8 + arch/powerpc/platforms/pseries/plpks.c | 135 ++++++---- arch/powerpc/platforms/pseries/plpks.h | 40 ++- arch/s390/include/asm/dwarf.h | 1 + arch/s390/kernel/vdso64/vdso_user_wrapper.S | 2 + arch/s390/mm/gmap.c | 2 +- arch/s390/mm/hugetlbpage.c | 2 +- block/blk-iocost.c | 7 +- block/ioctl.c | 5 +- drivers/ata/sata_gemini.c | 5 +- drivers/bluetooth/btqca.c | 162 +++++++++++- drivers/bluetooth/btqca.h | 6 +- drivers/bluetooth/hci_qca.c | 11 + drivers/char/tpm/tpm-dev-common.c | 4 +- drivers/clk/clk.c | 12 +- drivers/clk/sunxi-ng/ccu-sun50i-h6.c | 19 +- drivers/firewire/nosy.c | 6 +- drivers/firewire/ohci.c | 6 +- drivers/gpio/gpio-crystalcove.c | 2 +- drivers/gpio/gpio-wcove.c | 2 +- drivers/gpio/gpiolib-cdev.c | 183 ++++++++++++-- drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 14 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 52 ++-- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 7 +- drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 1 + .../display/dc/dcn31/dcn31_hpo_dp_link_encoder.c | 6 + .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c | 2 +- drivers/gpu/drm/drm_connector.c | 2 +- drivers/gpu/drm/i915/display/intel_bios.c | 19 +- drivers/gpu/drm/i915/display/intel_vbt_defs.h | 5 - drivers/gpu/drm/meson/meson_dw_hdmi.c | 70 +++--- drivers/gpu/drm/nouveau/nouveau_dp.c | 13 +- drivers/gpu/drm/panel/panel-ilitek-ili9341.c | 8 +- drivers/gpu/drm/qxl/qxl_release.c | 50 +--- drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 +- drivers/gpu/host1x/bus.c | 8 - drivers/hv/channel.c | 29 ++- drivers/hwmon/corsair-cpro.c | 43 +++- drivers/hwmon/pmbus/ucd9000.c | 6 +- drivers/iio/accel/mxc4005.c | 24 +- drivers/iio/imu/adis16475.c | 4 +- drivers/infiniband/hw/qib/qib_fs.c | 1 + drivers/iommu/mtk_iommu.c | 1 + drivers/iommu/mtk_iommu_v1.c | 1 + drivers/misc/eeprom/at24.c | 46 +++- drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/net/dsa/mv88e6xxx/chip.c | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 32 ++- drivers/net/ethernet/broadcom/genet/bcmgenet.h | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 8 +- drivers/net/ethernet/broadcom/genet/bcmmii.c | 6 +- drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 4 +- drivers/net/ethernet/chelsio/cxgb4/sge.c | 6 +- drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 52 ++-- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.h | 5 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 7 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 20 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 2 +- .../ethernet/marvell/octeontx2/af/rvu_debugfs.c | 4 +- drivers/net/ethernet/micrel/ks8851_common.c | 16 +- drivers/net/ethernet/qlogic/qede/qede_filter.c | 14 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/vxlan/vxlan_core.c | 19 +- drivers/nvme/host/core.c | 2 +- drivers/pinctrl/aspeed/pinctrl-aspeed-g6.c | 34 +-- drivers/pinctrl/core.c | 8 +- drivers/pinctrl/devicetree.c | 10 +- drivers/pinctrl/intel/pinctrl-baytrail.c | 74 +++--- drivers/pinctrl/intel/pinctrl-intel.c | 6 +- drivers/pinctrl/intel/pinctrl-intel.h | 17 +- drivers/pinctrl/mediatek/pinctrl-paris.c | 40 +-- drivers/pinctrl/meson/pinctrl-meson-a1.c | 6 +- drivers/power/supply/mt6360_charger.c | 2 +- drivers/power/supply/rt9455_charger.c | 2 + drivers/regulator/core.c | 27 +- drivers/regulator/mt6360-regulator.c | 32 ++- drivers/s390/cio/cio_inject.c | 2 +- drivers/s390/net/qeth_core_main.c | 69 +++--- drivers/scsi/bnx2fc/bnx2fc_tgt.c | 2 - drivers/scsi/lpfc/lpfc.h | 1 - drivers/scsi/lpfc/lpfc_els.c | 20 +- drivers/scsi/lpfc/lpfc_hbadisc.c | 5 +- drivers/scsi/lpfc/lpfc_nvme.c | 4 +- drivers/scsi/lpfc/lpfc_scsi.c | 13 +- drivers/scsi/lpfc/lpfc_sli.c | 14 +- drivers/scsi/lpfc/lpfc_vport.c | 8 +- drivers/scsi/mpi3mr/mpi3mr_app.c | 2 +- drivers/slimbus/qcom-ngd-ctrl.c | 6 +- drivers/spi/spi-axi-spi-engine.c | 275 +++++++++++---------- drivers/spi/spi-hisi-kunpeng.c | 2 - drivers/spi/spi-microchip-core-qspi.c | 1 + drivers/spi/spi.c | 12 + drivers/staging/wlan-ng/hfa384x_usb.c | 4 +- drivers/staging/wlan-ng/prism2usb.c | 6 +- drivers/target/target_core_configfs.c | 12 + drivers/ufs/core/ufshcd.c | 5 +- drivers/uio/uio_hv_generic.c | 12 +- drivers/usb/core/hub.c | 5 +- drivers/usb/core/port.c | 8 +- drivers/usb/dwc3/core.c | 90 +++---- drivers/usb/dwc3/core.h | 1 + drivers/usb/dwc3/gadget.c | 2 + drivers/usb/dwc3/host.c | 27 ++ drivers/usb/gadget/composite.c | 6 +- drivers/usb/gadget/function/f_fs.c | 2 +- drivers/usb/host/ohci-hcd.c | 8 + drivers/usb/host/xhci-plat.h | 4 +- drivers/usb/typec/tcpm/tcpm.c | 35 ++- drivers/usb/typec/ucsi/ucsi.c | 12 +- fs/9p/vfs_file.c | 2 + fs/9p/vfs_inode.c | 5 +- fs/9p/vfs_super.c | 1 + fs/btrfs/inode.c | 2 +- fs/btrfs/send.c | 4 +- fs/btrfs/transaction.c | 2 +- fs/btrfs/volumes.c | 18 +- fs/gfs2/bmap.c | 5 +- fs/hugetlbfs/inode.c | 8 +- fs/nfs/client.c | 5 +- fs/nfs/inode.c | 13 +- fs/nfs/internal.h | 2 - fs/nfs/netns.h | 2 + fs/smb/client/transport.c | 37 ++- fs/smb/server/oplock.c | 35 ++- fs/smb/server/transport_tcp.c | 4 + include/linux/compiler_types.h | 11 + include/linux/dma-fence.h | 7 - include/linux/gfp_types.h | 2 + include/linux/hugetlb.h | 53 +++- include/linux/hugetlb_cgroup.h | 69 +++--- include/linux/hyperv.h | 1 + include/linux/mm_types.h | 14 ++ include/linux/pinctrl/pinctrl.h | 20 ++ include/linux/regulator/consumer.h | 4 +- include/linux/skbuff.h | 15 ++ include/linux/skmsg.h | 2 + include/linux/slab.h | 2 +- include/linux/spi/spi.h | 51 +++- include/linux/sunrpc/clnt.h | 1 + include/linux/timer.h | 15 +- include/net/xfrm.h | 3 + include/uapi/scsi/scsi_bsg_mpi3mr.h | 2 +- kernel/bpf/bloom_filter.c | 13 + kernel/bpf/verifier.c | 3 +- kernel/time/timer.c | 8 +- lib/Kconfig.debug | 5 +- lib/dynamic_debug.c | 6 +- mm/hugetlb.c | 52 ++-- mm/hugetlb_cgroup.c | 34 +-- mm/migrate.c | 2 +- mm/readahead.c | 4 + net/bluetooth/hci_core.c | 3 +- net/bluetooth/l2cap_core.c | 3 + net/bluetooth/msft.c | 2 +- net/bluetooth/msft.h | 4 +- net/bluetooth/sco.c | 4 + net/bridge/br_forward.c | 9 +- net/bridge/br_netlink.c | 3 +- net/core/filter.c | 42 +++- net/core/link_watch.c | 4 +- net/core/net-sysfs.c | 4 +- net/core/net_namespace.c | 13 +- net/core/rtnetlink.c | 6 +- net/core/skbuff.c | 27 +- net/core/skmsg.c | 5 +- net/core/sock.c | 4 +- net/hsr/hsr_device.c | 31 ++- net/ipv4/tcp.c | 4 +- net/ipv4/tcp_input.c | 2 + net/ipv4/tcp_ipv4.c | 8 +- net/ipv4/tcp_output.c | 4 +- net/ipv4/udp_offload.c | 12 +- net/ipv4/xfrm4_input.c | 6 +- net/ipv6/addrconf.c | 11 +- net/ipv6/fib6_rules.c | 6 +- net/ipv6/ip6_input.c | 4 +- net/ipv6/ip6_output.c | 2 +- net/ipv6/xfrm6_input.c | 6 +- net/l2tp/l2tp_eth.c | 3 + net/mac80211/ieee80211_i.h | 4 +- net/mptcp/protocol.c | 3 + net/nsh/nsh.c | 14 +- net/phonet/pn_netlink.c | 2 +- net/smc/smc_ib.c | 19 +- net/sunrpc/clnt.c | 5 +- net/sunrpc/xprt.c | 2 +- net/tipc/msg.c | 8 +- net/wireless/nl80211.c | 2 + net/wireless/trace.h | 2 +- net/xfrm/xfrm_input.c | 8 + rust/Makefile | 11 +- rust/kernel/error.rs | 2 +- rust/kernel/lib.rs | 2 +- rust/macros/module.rs | 185 ++++++++------ scripts/Makefile.build | 17 +- scripts/Makefile.host | 27 +- scripts/Makefile.modfinal | 4 +- scripts/is_rust_module.sh | 16 -- sound/hda/intel-sdw-acpi.c | 2 + sound/pci/hda/patch_realtek.c | 1 + sound/soc/meson/Kconfig | 1 + sound/soc/meson/axg-card.c | 1 + sound/soc/meson/axg-fifo.c | 56 +++-- sound/soc/meson/axg-fifo.h | 12 +- sound/soc/meson/axg-frddr.c | 5 +- sound/soc/meson/axg-tdm-interface.c | 34 +-- sound/soc/meson/axg-toddr.c | 22 +- sound/soc/tegra/tegra186_dspk.c | 7 +- sound/soc/ti/davinci-mcasp.c | 12 +- sound/usb/line6/driver.c | 6 +- tools/include/linux/kernel.h | 1 + tools/include/linux/mm.h | 5 + tools/include/linux/panic.h | 19 ++ tools/perf/util/unwind-libdw.c | 21 +- tools/perf/util/unwind-libunwind-local.c | 2 +- tools/power/x86/turbostat/turbostat.8 | 2 +- tools/power/x86/turbostat/turbostat.c | 30 ++- .../selftests/bpf/prog_tests/bloom_filter_map.c | 6 + tools/testing/selftests/timers/valid-adjtimex.c | 73 +++--- 237 files changed, 2399 insertions(+), 1328 deletions(-)

1 year, 4 months

7
243
0 0

[PATCH 6.8 000/336] 6.8.10-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.8.10 release. There are 336 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 16 May 2024 10:09:32 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.8.10-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.8.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.8.10-rc1 Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix firmware check error path Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix info leak when fetching fw build id Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix info leak when fetching board id Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: generalise device address check Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix NVM configuration parsing Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: add missing firmware sanity checks Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix wcn3991 device address check Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix invalid device address check Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Do not treat events directory different than other directories Steven Rostedt (Google) <rostedt(a)goodmis.org> eventfs: Do not differentiate the toplevel events directory Steven Rostedt (Google) <rostedt(a)goodmis.org> tracefs: Still use mount point as default permissions for instances Steven Rostedt (Google) <rostedt(a)goodmis.org> tracefs: Reset permissions on remount if permissions are options Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: do not grant v2 lease if parent lease key and epoch are not set Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: avoid to send duplicate lease break notifications Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: off ipv6only for both ipv4/ipv6 binding Conor Dooley <conor.dooley(a)microchip.com> spi: microchip-core-qspi: fix setting spi bus clock rate Johan Hovold <johan+linaro(a)kernel.org> regulator: core: fix debugfs creation regression Sean Anderson <sean.anderson(a)linux.dev> nvme-pci: Add quirk for broken MSIs Ryan Roberts <ryan.roberts(a)arm.com> fs/proc/task_mmu: fix uffd-wp confusion in pagemap_scan_pmd_entry() Ryan Roberts <ryan.roberts(a)arm.com> fs/proc/task_mmu: fix loss of young/dirty bits during pagemap scan Vasant Hegde <vasant.hegde(a)amd.com> iommu/amd: Enhance def_domain_type to handle untrusted device Peter Xu <peterx(a)redhat.com> mm/userfaultfd: reset ptes when close() for wr-protected ones Kefeng Wang <wangkefeng.wang(a)huawei.com> mm: use memalloc_nofs_save() in page_cache_ra_order() Michael Ellerman <mpe(a)ellerman.id.au> selftests/mm: fix powerpc ARCH check Thomas Gleixner <tglx(a)linutronix.de> x86/apic: Don't access the APIC when disabling x2APIC Thomas Weißschuh <linux(a)weissschuh.net> misc/pvpanic-pci: register attributes via pci_driver Lakshmi Yadlapati <lakshmiy(a)us.ibm.com> hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> net: fix out-of-bounds access in ops_init Jason Gunthorpe <jgg(a)ziepe.ca> iommu/arm-smmu: Use the correct type in nvidia_smmu_context_fault() Volodymyr Babchuk <Volodymyr_Babchuk(a)epam.com> arm64: dts: qcom: sa8155p-adp: fix SDHC2 CD pin configuration Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Fix incorrect DSC instance for MST George Shen <george.shen(a)amd.com> drm/amd/display: Handle Y carry-over in VCP X.Y calculation Karthikeyan Ramasubramanian <kramasub(a)chromium.org> drm/i915/bios: Fix parsing backlight BDB data Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gt: Automate CCS Mode setting during engine resets Chaitanya Kumar Borah <chaitanya.kumar.borah(a)intel.com> drm/i915/audio: Fix audio time stamp programming for DP Lyude Paul <lyude(a)redhat.com> drm/nouveau/gsp: Use the sg allocator for level 2 of radix3 Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Fix idle optimization checks for multi-display and dual eDP Matt Coster <matt.coster(a)imgtec.com> drm/imagination: Ensure PVR_MIPS_PT_PAGE_COUNT is never zero Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix invalid reads in fence signaled events Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Fix Legacy Display Unit Zack Rusin <zack.rusin(a)broadcom.com> drm/ttm: Print the memory decryption status just once Alex Deucher <alexander.deucher(a)amd.com> drm/amdkfd: don't allow mapping the MMIO HDP page with large pages Dave Airlie <airlied(a)redhat.com> Revert "drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()" Lyude Paul <lyude(a)redhat.com> drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor() Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add lunar lake point M DID Frank Oltmanns <frank(a)oltmanns.dev> clk: sunxi-ng: a64: Set minimum and maximum rate for PLL-MIPI Frank Oltmanns <frank(a)oltmanns.dev> clk: sunxi-ng: common: Support minimum and maximum rate Marek Szyprowski <m.szyprowski(a)samsung.com> clk: samsung: Revert "clk: Use device_get_match_data()" Viken Dadhaniya <quic_vdadhani(a)quicinc.com> slimbus: qcom-ngd-ctrl: Add timeout for wait operation Jim Cromie <jim.cromie(a)gmail.com> dyndbg: fix old BUG_ON in >control parser Joao Paulo Goncalves <joao.goncalves(a)toradex.com> ASoC: ti: davinci-mcasp: Fix race condition during probe Sameer Pujar <spujar(a)nvidia.com> ASoC: tegra: Fix DSPK 16-bit playback Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize UMAC_CMD access Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() Doug Berger <opendmb(a)gmail.com> net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access Max Filippov <jcmvbkbc(a)gmail.com> xtensa: fix MAKE_PC_FROM_RA second argument Paolo Abeni <pabeni(a)redhat.com> tipc: fix UAF in error path Vitaly Lifshits <vitaly.lifshits(a)intel.com> e1000e: change usleep_range to udelay in PHY mdic access Alexander Potapenko <glider(a)google.com> kmsan: compiler_types: declare __no_sanitize_or_inline Hans de Goede <hdegoede(a)redhat.com> iio: accel: mxc4005: Reset chip on probe() and resume() Hans de Goede <hdegoede(a)redhat.com> iio: accel: mxc4005: Interrupt handling fixes Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: pressure: Fixes SPI support for BMP3xx devices Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: pressure: Fixes BME280 SPI driver data Ramona Gradinariu <ramona.bolboaca13(a)gmail.com> iio:imu: adis16475: Fix sync mode setting Javier Carrasco <javier.carrasco.cruz(a)gmail.com> dt-bindings: iio: health: maxim,max30102: fix compatible check Sven Schnelle <svens(a)linux.ibm.com> workqueue: Fix selection of wake_cpu in kick_pool() Gregory Detal <gregory.detal(a)gmail.com> mptcp: only allow set existing scheduler for net.mptcp.scheduler Paolo Abeni <pabeni(a)redhat.com> mptcp: ensure snd_nxt is properly initialized on connect Dan Carpenter <dan.carpenter(a)linaro.org> mm/slab: make __free(kfree) accept error pointers Liam R. Howlett <Liam.Howlett(a)oracle.com> maple_tree: fix mas_empty_area_rev() null pointer dereference Josef Bacik <josef(a)toxicpanda.com> btrfs: make sure that WRITTEN is set on all metadata blocks Qu Wenruo <wqu(a)suse.com> btrfs: qgroup: do not check qgroup inherit if qgroup is disabled Qu Wenruo <wqu(a)suse.com> btrfs: set correct ram_bytes when splitting ordered extent Dominique Martinet <dominique.martinet(a)atmark-techno.com> btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() Nicolas Bouchinet <nicolas.bouchinet(a)ssi.gouv.fr> mm/slub: avoid zeroing outside-object freepointer for single free Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: ohci: fulfill timestamp for some local asynchronous transaction Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Fix conflicting PCI SSID 17aa:386f for Lenovo Legion models Aman Dhoot <amandhoot12(a)gmail.com> ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU Badhri Jagan Sridharan <badhri(a)google.com> usb: typec: tcpm: Check for port partner validity before consuming it Amit Sunil Dhamne <amitsd(a)google.com> usb: typec: tcpm: unregister existing source caps before re-registration RD Babiera <rdbabiera(a)google.com> usb: typec: tcpm: clear pd_event queue in PORT_RESET Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: core: Prevent phy suspend during init Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: xhci-plat: Don't include xhci.h Chris Wulff <Chris.Wulff(a)biamp.com> usb: gadget: f_fs: Fix a race condition when processing setup packets. Wesley Cheng <quic_wcheng(a)quicinc.com> usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete Ivan Avdeev <me(a)provod.works> usb: gadget: uvc: use correct buffer size when parsing configfs lists Peter Korsgaard <peter(a)korsgaard.com> usb: gadget: composite: fix OS descriptors w_value logic Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix access violation during port device removal Guenter Roeck <linux(a)roeck-us.net> usb: ohci: Prevent missed ohci interrupts Alan Stern <stern(a)rowland.harvard.edu> usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Fix connector check on init Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Check for notifications after init Linus Torvalds <torvalds(a)linux-foundation.org> Reapply "drm/qxl: simplify qxl_fence_wait" Thanassis Avgerinos <thanassis.avgerinos(a)gmail.com> firewire: nosy: ensure user_length is taken into account when fetching packet contents Christian König <christian.koenig(a)amd.com> drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 Michel Dänzer <mdaenzer(a)redhat.com> drm/amdgpu: Fix comparison in amdgpu_res_cpu_visible Gabe Teeger <gabe.teeger(a)amd.com> drm/amd/display: Atom Integrated System Info v2_2 for DCN35 Kent Gibson <warthog618(a)gmail.com> gpiolib: cdev: fix uninitialised kfifo Zhongqiu Han <quic_zhonhan(a)quicinc.com> gpiolib: cdev: Fix use after free in lineinfo_changed_notify Mario Limonciello <mario.limonciello(a)amd.com> dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users Douglas Anderson <dianders(a)chromium.org> drm/connector: Add \n to message about demoting connector force-probes Jerome Brunet <jbrunet(a)baylibre.com> drm/meson: dw-hdmi: add bandgap setting for g12 Jerome Brunet <jbrunet(a)baylibre.com> drm/meson: dw-hdmi: power up phy on device init Steffen Bätz <steffen(a)innosonix.de> net: dsa: mv88e6xxx: add phylink_get_caps for the mv88e6320/21 family Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix kernel crash when devlink reload during initialization Yonglong Liu <liuyonglong(a)huawei.com> net: hns3: fix port vlan filter not disabled issue Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: use appropriate barrier function after setting a bit value Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: release PTP resources if pf initialization failed Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: change type of numa_node_mask as nodemask_t Jian Shen <shenjian15(a)huawei.com> net: hns3: direct return when receive a unknown mailbox message Peiyang Wang <wangpeiyang1(a)huawei.com> net: hns3: using user configure after hardware reset Wen Gu <guwen(a)linux.alibaba.com> net/smc: fix neighbour and rtable leak in smc_ib_find_route() Eric Dumazet <edumazet(a)google.com> ipv6: prevent NULL dereference in ip6_output() Eric Dumazet <edumazet(a)google.com> ipv6: annotate data-races around cnf.disable_ipv6 Lukasz Majewski <lukma(a)denx.de> hsr: Simplify code for announcing HSR nodes timer setup Eric Dumazet <edumazet(a)google.com> net-sysfs: convert dev->operstate reads to lockless ones Eric Dumazet <edumazet(a)google.com> ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() Daniel Golle <daniel(a)makrotopia.org> dt-bindings: net: mediatek: remove wrongly added clocks and SerDes David Howells <dhowells(a)redhat.com> rxrpc: Only transmit one ACK per jumbo packet received David Howells <dhowells(a)redhat.com> rxrpc: Fix congestion control algorithm David Howells <dhowells(a)redhat.com> rxrpc: Fix the names of the fields in the ACK trailer struct Ido Schimmel <idosch(a)nvidia.com> selftests: test_bridge_neigh_suppress.sh: Fix failures due to duplicate MAC Shigeru Yoshida <syoshida(a)redhat.com> ipv6: Fix potential uninit-value access in __ip6_make_skb() Felix Fietkau <nbd(a)nbd.name> net: bridge: fix corrupted ethernet header on multicast-to-unicast Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> nfc: nci: Fix kcov check in nci_rx_work() Donald Hunter <donald.hunter(a)gmail.com> netlink: specs: Add missing bridge linkinfo attrs Eric Dumazet <edumazet(a)google.com> phonet: fix rtm_phonet_notify() skb allocation Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (corsair-cpro) Use a separate buffer for sending commands Roded Zats <rzats(a)paloaltonetworks.com> rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Marek Vasut <marex(a)denx.de> net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout Sungwoo Kim <iam(a)sung-woo.kim> Bluetooth: HCI: Fix potential null-ptr-deref Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183-pico6: Fix bluetooth node Sungwoo Kim <iam(a)sung-woo.kim> Bluetooth: msft: fix slab-use-after-free in msft_do_close() Duoming Zhou <duoming(a)zju.edu.cn> Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Eric Dumazet <edumazet(a)google.com> tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets Boy.Wu <boy.wu(a)mediatek.com> ARM: 9381/1: kasan: clear stale stack poison Paul Davey <paul.davey(a)alliedtelesis.co.nz> xfrm: Preserve vlan tags for transport mode software GRO Al Viro <viro(a)zeniv.linux.org.uk> qibfs: fix dentry leak Olga Kornievskaia <kolga(a)netapp.com> SUNRPC: add a missing rpc_stat for TCP TLS Li Nan <linan122(a)huawei.com> blk-iocost: do not WARN if iocg was already offlined Vanillan Wang <vanillanwang(a)163.com> net:usb:qmi_wwan: support Rolling modules Alex Deucher <alexander.deucher(a)amd.com> drm/radeon: silence UBSAN warning (v3) Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> platform/x86: ISST: Add Granite Rapids-D to HPM CPU list Mario Limonciello <mario.limonciello(a)amd.com> platform/x86/amd: pmf: Decrease error message to debug Lyude Paul <lyude(a)redhat.com> drm/nouveau/dp: Don't probe eDP ports twice harder Krzysztof Kozlowski <krzk(a)kernel.org> gpio: lpc32xx: fix module autoloading Joakim Sindholt <opensource(a)zhasha.com> fs/9p: drop inodes immediately on non-.L too Eric Van Hensbergen <ericvh(a)kernel.org> fs/9p: remove erroneous nlink init from legacy stat2inode Stephen Boyd <sboyd(a)kernel.org> clk: Don't hold prepare_lock when calling kref_put() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: crystalcove: Use -ENOTSUPP consistently Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: wcove: Use -ENOTSUPP consistently Michael Ellerman <mpe(a)ellerman.id.au> powerpc/crypto/chacha-p10: Fix failure on non Power10 Jeff Layton <jlayton(a)kernel.org> 9p: explicitly deny setlease attempts Joakim Sindholt <opensource(a)zhasha.com> fs/9p: fix the cache always being enabled on files with qid flags Joakim Sindholt <opensource(a)zhasha.com> fs/9p: translate O_TRUNC into OTRUNC Joakim Sindholt <opensource(a)zhasha.com> fs/9p: only translate RWX permissions for plain 9P2000 Krzysztof Kozlowski <krzk(a)kernel.org> iommu: mtk: fix module autoloading Steve French <stfrench(a)microsoft.com> smb3: fix broken reconnect when password changing on the server by allowing password rotation Ashutosh Dixit <ashutosh.dixit(a)intel.com> drm/xe: Label RING_CONTEXT_CONTROL as masked Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> drm/xe/xe_migrate: Cast to output precision before multiplying operands Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted Rick Edgecombe <rick.p.edgecombe(a)intel.com> uio_hv_generic: Don't free decrypted memory Rick Edgecombe <rick.p.edgecombe(a)intel.com> hv_netvsc: Don't free decrypted memory Rick Edgecombe <rick.p.edgecombe(a)intel.com> Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl Rick Edgecombe <rick.p.edgecombe(a)intel.com> Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails John Stultz <jstultz(a)google.com> selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior Zhigang Luo <Zhigang.Luo(a)amd.com> amd/amdkfd: sync all devices to wait all processes being evicted Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Fix VCN allocation in CPX partition Kenneth Feng <kenneth.feng(a)amd.com> drm/amd/pm: fix the high voltage issue after unload Alex Hung <alex.hung(a)amd.com> drm/amd/display: Skip on writeback when it's not applicable Tao Zhou <tao.zhou1(a)amd.com> drm/amdgpu: implement IRQ_STATE_ENABLE for SDMA v4.4.2 Yifan Zhang <yifan1.zhang(a)amd.com> drm/amdgpu: add smu 14.0.1 discovery support Li Ma <li.ma(a)amd.com> drm/amd/display: add DCN 351 version for microcode load Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Refine IB schedule error logging Eric Dumazet <edumazet(a)google.com> nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies Eric Dumazet <edumazet(a)google.com> net: add copy_safe_from_sockptr() helper Justin Ernst <justin.ernst(a)hpe.com> tools/power/turbostat: Fix uncore frequency file string Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: scall: Save thread_info.syscall unconditionally on entry Thierry Reding <treding(a)nvidia.com> gpu: host1x: Do not setup DMA for virtual devices Bernhard Rosenkränzer <bero(a)baylibre.com> platform/x86: acer-wmi: Add support for Acer PH18-71 Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Fix missed error message after VPU rename Wachowski, Karol <karol.wachowski(a)intel.com> accel/ivpu: Improve clarity of MMU error messages Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Remove d3hot_after_power_off WA Rik van Riel <riel(a)surriel.com> blk-iocost: avoid out of bounds shift Xiang Chen <chenxiang66(a)hisilicon.com> scsi: hisi_sas: Handle the NCQ error returned by D2H frame Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: Fix SELinux error when systemd-modules loads the target module Kees Cook <keescook(a)chromium.org> nouveau/gsp: Avoid addressing beyond end of rpc->entries Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `BIT' Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `panic' Wei Yang <richard.weiyang(a)gmail.com> memblock tests: fix undefined reference to `early_pfn_to_nid' Boris Burkov <boris(a)bur.io> btrfs: always clear PERTRANS metadata during commit Boris Burkov <boris(a)bur.io> btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve Len Brown <len.brown(a)intel.com> tools/power turbostat: Fix warning upon failed /dev/cpu_dma_latency read Patryk Wlazlyn <patryk.wlazlyn(a)linux.intel.com> tools/power turbostat: Print ucode revision only if valid Len Brown <len.brown(a)intel.com> tools/power turbostat: Expand probe_intel_uncore_frequency() Chen Yu <yu.c.chen(a)intel.com> tools/power turbostat: Do not print negative LPI residency Peng Liu <liupeng17(a)lenovo.com> tools/power turbostat: Fix Bzy_MHz documentation typo Wyes Karny <wyes.karny(a)amd.com> tools/power turbostat: Increase the limit for fd opened Doug Smythies <dsmythies(a)telus.net> tools/power turbostat: Fix added raw MSR output Adam Goldman <adamg(a)pobox.com> firewire: ohci: mask bus reset interrupts between ISR and bottom half Chen Ni <nichen(a)iscas.ac.cn> ata: sata_gemini: Check clk_enable() result Jeff Layton <jlayton(a)kernel.org> vboxsf: explicitly deny setlease attempts Phil Elwell <phil(a)raspberrypi.com> net: bcmgenet: Reset RBUF on first open Zhang Yi <zhangyi(a)everest-semi.com> ASoC: codecs: ES8326: modify clock table Zhang Yi <zhangyi(a)everest-semi.com> ASoC: codecs: ES8326: Solve error interruption issue Li Nan <linan122(a)huawei.com> block: fix overflow in blk_ioctl_discard() Takashi Iwai <tiwai(a)suse.de> ALSA: line6: Zero-initialize message buffers Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: Fix MCQ mode dev command timeout Yihang Li <liyihang9(a)huawei.com> scsi: libsas: Align SMP request allocation to ARCH_DMA_MINALIGN Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: WLUN suspend dev/link state error recovery Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> OSS: dmasound/paula: Mark driver struct with __refdata to prevent section mismatch André Apitzsch <git(a)apitzsch.eu> regulator: tps65132: Add of_match table Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda-dsp: Skip IMR boot on ACE platforms in case of S3 suspend Borislav Petkov (AMD) <bp(a)alien8.de> kbuild: Disable KCSAN for autogenerated *.mod.c intermediaries Mark Rutland <mark.rutland(a)arm.com> selftests/ftrace: Fix event filter target_func selection Andrei Matei <andreimatei1(a)gmail.com> bpf: Check bloom filter map value size Jonathan Kim <Jonathan.Kim(a)amd.com> drm/amdkfd: range check cp bad op exception interrupts Mukul Joshi <mukul.joshi(a)amd.com> drm/amdkfd: Check cgroup when returning DMABuf info Anand Jain <anand.jain(a)oracle.com> btrfs: return accurate error code on open failure in open_fs_devices() Saurav Kashyap <skashyap(a)marvell.com> scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> scsi: mpi3mr: Avoid memcpy field-spanning write WARNING Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe: Fix END redefinition linke li <lilinke99(a)qq.com> net: mark racy access on sk->sk_rcvbuf Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: mvm: guard against invalid STA ID on removal Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: read txq->read_ptr under lock Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix prep_connection error path Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> wifi: cfg80211: fix rdev_dump_mpp() arguments order Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc Eric Van Hensbergen <ericvh(a)kernel.org> fs/9p: fix uninitialized values during inode evict Andrew Price <anprice(a)redhat.com> gfs2: Fix invalid metadata access in punch_hole Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Use a dedicated lock for ras_fwlog state Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Move NPIV's transport unregistration to after resource clean up Rohit Ner <rohitner(a)google.com> scsi: ufs: core: Fix MCQ MAC configuration Conor Dooley <conor.dooley(a)microchip.com> firmware: microchip: don't unconditionally print validation success Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: fix timing of synchronizing bitmap and inode Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() Will Deacon <will(a)kernel.org> swiotlb: initialise restricted pool list_head when SWIOTLB_DYNAMIC=y Shubhrajyoti Datta <shubhrajyoti.datta(a)amd.com> EDAC/versal: Do not log total error counts Gaurav Batra <gbatra(a)linux.ibm.com> powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE Nayna Jain <nayna(a)linux.ibm.com> powerpc/pseries: make max polling consistent for longer H_CALLs Jernej Skrabec <jernej.skrabec(a)gmail.com> clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change Adam Skladowski <a39.skl(a)gmail.com> clk: qcom: smd-rpm: Restore msm8976 num_clk Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe/display: Fix ADL-N detection Richard Gobert <richardbgobert(a)gmail.com> net: gro: add flush check in udp_gro_receive_segment Richard Gobert <richardbgobert(a)gmail.com> net: gro: fix udp bad offset in socket lookup by adding {inner_}network_offset to napi_gro_cb Shigeru Yoshida <syoshida(a)redhat.com> ipv4: Fix uninit-value access in __ip_make_skb() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Use predefined error codes Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Respect deferred probe Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/panel: ili9341: Correct use of device property APIs Alexandra Winter <wintera(a)linux.ibm.com> s390/qeth: Fix kernel panic after setting hsuid Guillaume Nault <gnault(a)redhat.com> vxlan: Pull inner IP header in vxlan_rcv(). Xin Long <lucien.xin(a)gmail.com> tipc: fix a possible memleak in tipc_buf_append Jeffrey Altman <jaltman(a)auristor.com> rxrpc: Clients must accept conn from any address Felix Fietkau <nbd(a)nbd.name> net: core: reject skb_copy(_expand) for fraglist GSO skbs Felix Fietkau <nbd(a)nbd.name> net: bridge: fix multicast-to-unicast with fraglist GSO Mans Rullgard <mans(a)mansr.com> spi: fix null pointer dereference within spi_sync Shashank Sharma <shashank.sharma(a)amd.com> drm/amdgpu: fix doorbell regression Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341 Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> cxgb4: Properly lock TX queue for the selftest. Bui Quang Minh <minhquangbui99(a)gmail.com> s390/cio: Ensure the copied buf is NUL terminated Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: cards: select SND_DYNAMIC_MINORS Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-tdm-interface: manage formatters in trigger Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-card: make links nonatomic Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-fifo: use threaded irq to check periods Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-fifo: use FIELD helpers Guillaume Nault <gnault(a)redhat.com> vxlan: Add missing VNI filter counter update in arp_reduce(). Guillaume Nault <gnault(a)redhat.com> vxlan: Fix racy device stats updates. Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_actions() Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flow_spec Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: use return from qede_parse_flow_attr() for flower Asbjørn Sloth Tønnesen <ast(a)fiberby.net> net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: fix E-MU dock initialization Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: move the whole GPIO event handling to the workqueue Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: factor out snd_emu1010_load_dock_firmware() Oswald Buddenhagen <oswald.buddenhagen(a)gmx.de> ALSA: emu10k1: fix E-MU card dock presence monitoring David Howells <dhowells(a)redhat.com> Fix a potential infinite loop in extract_user_to_sg() Jens Remus <jremus(a)linux.ibm.com> s390/vdso: Add CFI for RA register to asm macro vdso_func Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal/debugfs: Prevent use-after-free from occurring after cdev removal David Bauer <mail(a)david-bauer.net> net l2tp: drop flow hash on forward Kuniyuki Iwashima <kuniyu(a)amazon.com> nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal/debugfs: Fix two locking issues with thermal zone debug Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal/debugfs: Free all thermal zone debug memory on zone removal Bui Quang Minh <minhquangbui99(a)gmail.com> octeontx2-af: avoid off-by-one read from userspace Bui Quang Minh <minhquangbui99(a)gmail.com> bna: ensure the copied buf is NUL terminated Bui Quang Minh <minhquangbui99(a)gmail.com> ice: ensure the copied buf is NUL terminated Chen Yu <yu.c.chen(a)intel.com> efi/unaccepted: touch soft lockup during memory accept Toke Høiland-Jørgensen <toke(a)redhat.com> xdp: use flags field to disambiguate broadcast redirect Puranjay Mohan <puranjay(a)kernel.org> arm32, bpf: Reimplement sign-extension mov instruction Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix clearing storage keys for huge pages Claudio Imbrenda <imbrenda(a)linux.ibm.com> s390/mm: Fix storage key clearing for guest huge pages Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: codecs: wsa881x: set clk_stop_mode1 flag Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: Intel: avs: Set name of control as in topology Xu Kuohai <xukuohai(a)huawei.com> riscv, bpf: Fix incorrect runtime stats Xu Kuohai <xukuohai(a)huawei.com> bpf, arm64: Fix incorrect runtime stats Devyn Liu <liudingyuan(a)huawei.com> spi: hisi-kunpeng: Delete the dump interface of data registers in debugfs David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: fix version format string David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: use common AXI macros Anton Protopopov <aspsk(a)isovalent.com> bpf: Fix a verifier verbose message Yi Zhang <yi.zhang(a)redhat.com> nvme: fix warn output about shared namespaces without CONFIG_NVME_MULTIPATH Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: SOF: Intel: add default firmware library path for LNL Richard Fitzgerald <rf(a)opensource.cirrus.com> regmap: Add regmap_read_bypassed() Jason Xing <kernelxing(a)tencent.com> bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Andrii Nakryiko <andrii(a)kernel.org> bpf, kconfig: Fix DEBUG_INFO_BTF_MODULES Kconfig definition Matti Vaittinen <mazziesaccount(a)gmail.com> regulator: change devm_regulator_get_enable_optional() stub to return Ok Matti Vaittinen <mazziesaccount(a)gmail.com> regulator: change stubbed devm_regulator_get_enable to return Ok AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> regulator: mt6360: De-capitalize devicetree regulator subnodes Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix nfsd4_encode_fattr4() crasher Dai Ngo <dai.ngo(a)oracle.com> NFSD: add support for CB_GETATTR callback Josef Bacik <josef(a)toxicpanda.com> nfsd: make all of the nfsd stats per-network namespace Josef Bacik <josef(a)toxicpanda.com> nfsd: expose /proc/net/sunrpc/nfsd in net namespaces Josef Bacik <josef(a)toxicpanda.com> nfsd: rename NFSD_NET_* to NFSD_STATS_* Zeng Heng <zengheng4(a)huawei.com> pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> power: supply: mt6360_charger: Fix of_match for usb-otg-vbus regulator Arnd Bergmann <arnd(a)arndb.de> power: rt9455: hide unused rt9455_boost_voltage_values Hans de Goede <hdegoede(a)redhat.com> pinctrl: baytrail: Fix selecting gpio pinctrl state Kuniyuki Iwashima <kuniyu(a)amazon.com> nfs: Handle error of rpc_proc_register() in nfs_net_init(). Josef Bacik <josef(a)toxicpanda.com> nfs: make the rpc_stat per net namespace Josef Bacik <josef(a)toxicpanda.com> nfs: expose /proc/net/sunrpc/nfs in net namespaces Josef Bacik <josef(a)toxicpanda.com> sunrpc: add a struct rpc_stats arg to rpc_create_args Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE Chen-Yu Tsai <wenst(a)chromium.org> pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback Dan Carpenter <dan.carpenter(a)linaro.org> pinctrl: core: delete incorrect free in pinctrl_enable() Jan Dakinevich <jan.dakinevich(a)salutedevices.com> pinctrl/meson: fix typo in PDM's pin name Billy Tsai <billy_tsai(a)aspeedtech.com> pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: don't free NULL coalescing rule Benno Lossin <benno.lossin(a)proton.me> rust: macros: fix soundness issue in `module!` macro Thomas Bertschinger <tahbertschinger(a)gmail.com> rust: module: place generated init_module() function in .init.text ------------- Diffstat: .../bindings/iio/health/maxim,max30102.yaml | 2 +- .../devicetree/bindings/net/mediatek,net.yaml | 22 +-- Documentation/netlink/specs/rt_link.yaml | 6 + Makefile | 4 +- arch/arm/kernel/sleep.S | 4 + arch/arm/net/bpf_jit_32.c | 56 +++++-- .../dts/mediatek/mt8183-kukui-jacuzzi-pico6.dts | 3 +- arch/arm64/boot/dts/qcom/sa8155p-adp.dts | 30 ++-- arch/arm64/kvm/vgic/vgic-kvm-device.c | 8 +- arch/arm64/net/bpf_jit_comp.c | 6 +- arch/mips/include/asm/ptrace.h | 2 +- arch/mips/kernel/asm-offsets.c | 1 + arch/mips/kernel/ptrace.c | 15 +- arch/mips/kernel/scall32-o32.S | 23 +-- arch/mips/kernel/scall64-n32.S | 3 +- arch/mips/kernel/scall64-n64.S | 3 +- arch/mips/kernel/scall64-o32.S | 33 ++-- arch/powerpc/crypto/chacha-p10-glue.c | 8 +- arch/powerpc/include/asm/plpks.h | 5 +- arch/powerpc/platforms/pseries/iommu.c | 8 + arch/powerpc/platforms/pseries/plpks.c | 10 +- arch/riscv/net/bpf_jit_comp64.c | 6 +- arch/s390/include/asm/dwarf.h | 1 + arch/s390/kernel/vdso64/vdso_user_wrapper.S | 2 + arch/s390/mm/gmap.c | 2 +- arch/s390/mm/hugetlbpage.c | 2 +- arch/x86/kernel/apic/apic.c | 16 +- arch/xtensa/include/asm/processor.h | 8 +- arch/xtensa/include/asm/ptrace.h | 2 +- arch/xtensa/kernel/process.c | 5 +- arch/xtensa/kernel/stacktrace.c | 3 +- block/blk-iocost.c | 14 +- block/ioctl.c | 5 +- drivers/accel/ivpu/ivpu_drv.c | 20 +-- drivers/accel/ivpu/ivpu_drv.h | 3 +- drivers/accel/ivpu/ivpu_hw_37xx.c | 4 +- drivers/accel/ivpu/ivpu_mmu.c | 8 +- drivers/accel/ivpu/ivpu_pm.c | 9 +- drivers/ata/sata_gemini.c | 5 +- drivers/base/regmap/regmap.c | 37 +++++ drivers/bluetooth/btqca.c | 140 ++++++++++++++-- drivers/bluetooth/btqca.h | 3 +- drivers/bluetooth/hci_qca.c | 2 - drivers/clk/clk.c | 12 +- drivers/clk/qcom/clk-smd-rpm.c | 1 + drivers/clk/samsung/clk-exynos-clkout.c | 13 +- drivers/clk/sunxi-ng/ccu-sun50i-a64.c | 2 + drivers/clk/sunxi-ng/ccu-sun50i-h6.c | 19 ++- drivers/clk/sunxi-ng/ccu_common.c | 19 +++ drivers/clk/sunxi-ng/ccu_common.h | 3 + drivers/edac/versal_edac.c | 4 +- drivers/firewire/nosy.c | 6 +- drivers/firewire/ohci.c | 14 +- drivers/firmware/efi/unaccepted_memory.c | 4 + drivers/firmware/microchip/mpfs-auto-update.c | 2 + drivers/gpio/gpio-crystalcove.c | 2 +- drivers/gpio/gpio-lpc32xx.c | 1 + drivers/gpio/gpio-wcove.c | 2 +- drivers/gpio/gpiolib-cdev.c | 16 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 26 +-- drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 14 +- drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 56 ++++--- drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c | 15 +- drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c | 16 +- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 11 +- drivers/gpu/drm/amd/amdkfd/kfd_device.c | 17 +- drivers/gpu/drm/amd/amdkfd/kfd_int_process_v10.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_int_process_v11.c | 3 +- drivers/gpu/drm/amd/amdkfd/kfd_int_process_v9.c | 3 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 15 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 48 ++++-- drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c | 1 + .../display/dc/dcn31/dcn31_hpo_dp_link_encoder.c | 6 + .../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 33 +++- drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 27 ++- drivers/gpu/drm/amd/pm/swsmu/inc/amdgpu_smu.h | 1 + .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 8 +- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c | 2 +- drivers/gpu/drm/drm_connector.c | 2 +- drivers/gpu/drm/i915/display/intel_audio.c | 113 +------------ drivers/gpu/drm/i915/display/intel_bios.c | 19 +-- drivers/gpu/drm/i915/display/intel_vbt_defs.h | 5 - drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c | 6 +- drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h | 2 +- drivers/gpu/drm/i915/gt/intel_workarounds.c | 4 +- drivers/gpu/drm/imagination/pvr_fw_mips.h | 5 +- drivers/gpu/drm/meson/meson_dw_hdmi.c | 70 ++++---- drivers/gpu/drm/nouveau/include/nvkm/subdev/gsp.h | 4 +- drivers/gpu/drm/nouveau/nouveau_dp.c | 13 +- drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c | 81 +++++---- drivers/gpu/drm/panel/Kconfig | 2 +- drivers/gpu/drm/panel/panel-ilitek-ili9341.c | 13 +- drivers/gpu/drm/qxl/qxl_release.c | 50 +----- drivers/gpu/drm/radeon/pptable.h | 10 +- drivers/gpu/drm/ttm/ttm_tt.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 1 + drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 +- drivers/gpu/drm/xe/compat-i915-headers/i915_drv.h | 3 +- drivers/gpu/drm/xe/regs/xe_engine_regs.h | 2 +- drivers/gpu/drm/xe/xe_lrc.c | 25 ++- drivers/gpu/drm/xe/xe_migrate.c | 8 +- drivers/gpu/host1x/bus.c | 8 - drivers/hv/channel.c | 29 +++- drivers/hv/connection.c | 29 +++- drivers/hwmon/corsair-cpro.c | 43 +++-- drivers/hwmon/pmbus/ucd9000.c | 6 +- drivers/iio/accel/mxc4005.c | 92 +++++++++- drivers/iio/imu/adis16475.c | 4 +- drivers/iio/pressure/bmp280-core.c | 1 + drivers/iio/pressure/bmp280-spi.c | 13 +- drivers/iio/pressure/bmp280.h | 1 + drivers/infiniband/hw/qib/qib_fs.c | 1 + drivers/iommu/amd/iommu.c | 4 + drivers/iommu/arm/arm-smmu/arm-smmu-nvidia.c | 4 +- drivers/iommu/mtk_iommu.c | 1 + drivers/iommu/mtk_iommu_v1.c | 1 + drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/misc/pvpanic/pvpanic-pci.c | 4 +- drivers/net/dsa/mv88e6xxx/chip.c | 20 ++- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 32 +++- drivers/net/ethernet/broadcom/genet/bcmgenet.h | 4 +- drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 8 +- drivers/net/ethernet/broadcom/genet/bcmmii.c | 6 +- drivers/net/ethernet/brocade/bna/bnad_debugfs.c | 4 +- drivers/net/ethernet/chelsio/cxgb4/sge.c | 6 +- drivers/net/ethernet/hisilicon/hns3/hnae3.h | 2 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 52 +++--- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.h | 5 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 7 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 20 +-- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.h | 2 +- drivers/net/ethernet/intel/e1000e/phy.c | 8 +- drivers/net/ethernet/intel/ice/ice_debugfs.c | 8 +- .../ethernet/marvell/octeontx2/af/rvu_debugfs.c | 4 +- drivers/net/ethernet/micrel/ks8851_common.c | 16 +- drivers/net/ethernet/qlogic/qede/qede_filter.c | 14 +- drivers/net/hyperv/netvsc.c | 7 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/vxlan/vxlan_core.c | 49 ++++-- drivers/net/wireless/intel/iwlwifi/mvm/mld-sta.c | 7 +- drivers/net/wireless/intel/iwlwifi/queue/tx.c | 2 +- drivers/nvme/host/core.c | 2 +- drivers/nvme/host/nvme.h | 5 + drivers/nvme/host/pci.c | 14 +- drivers/pinctrl/aspeed/pinctrl-aspeed-g6.c | 34 ++-- drivers/pinctrl/core.c | 8 +- drivers/pinctrl/devicetree.c | 10 +- drivers/pinctrl/intel/pinctrl-baytrail.c | 74 +++++---- drivers/pinctrl/intel/pinctrl-intel.h | 4 + drivers/pinctrl/mediatek/pinctrl-paris.c | 40 ++--- drivers/pinctrl/meson/pinctrl-meson-a1.c | 6 +- drivers/platform/x86/acer-wmi.c | 9 + drivers/platform/x86/amd/pmf/acpi.c | 2 +- .../x86/intel/speed_select_if/isst_if_common.c | 1 + drivers/power/supply/mt6360_charger.c | 2 +- drivers/power/supply/rt9455_charger.c | 2 + drivers/regulator/core.c | 27 +-- drivers/regulator/mt6360-regulator.c | 32 ++-- drivers/regulator/tps65132-regulator.c | 7 + drivers/s390/cio/cio_inject.c | 2 +- drivers/s390/net/qeth_core_main.c | 69 ++++---- drivers/scsi/bnx2fc/bnx2fc_tgt.c | 2 - drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 10 +- drivers/scsi/libsas/sas_expander.c | 2 +- drivers/scsi/lpfc/lpfc.h | 2 +- drivers/scsi/lpfc/lpfc_attr.c | 4 +- drivers/scsi/lpfc/lpfc_bsg.c | 20 +-- drivers/scsi/lpfc/lpfc_debugfs.c | 12 +- drivers/scsi/lpfc/lpfc_els.c | 20 +-- drivers/scsi/lpfc/lpfc_hbadisc.c | 5 +- drivers/scsi/lpfc/lpfc_init.c | 5 +- drivers/scsi/lpfc/lpfc_nvme.c | 4 +- drivers/scsi/lpfc/lpfc_scsi.c | 13 +- drivers/scsi/lpfc/lpfc_sli.c | 34 ++-- drivers/scsi/lpfc/lpfc_vport.c | 8 +- drivers/scsi/mpi3mr/mpi3mr_app.c | 2 +- drivers/slimbus/qcom-ngd-ctrl.c | 6 +- drivers/spi/spi-axi-spi-engine.c | 19 +-- drivers/spi/spi-hisi-kunpeng.c | 2 - drivers/spi/spi-microchip-core-qspi.c | 1 + drivers/spi/spi.c | 1 + drivers/target/target_core_configfs.c | 12 ++ drivers/thermal/thermal_debugfs.c | 59 +++++-- drivers/ufs/core/ufs-mcq.c | 2 +- drivers/ufs/core/ufshcd.c | 9 +- drivers/uio/uio_hv_generic.c | 12 +- drivers/usb/core/hub.c | 5 +- drivers/usb/core/port.c | 8 +- drivers/usb/dwc3/core.c | 90 +++++----- drivers/usb/dwc3/core.h | 1 + drivers/usb/dwc3/gadget.c | 2 + drivers/usb/dwc3/host.c | 27 +++ drivers/usb/gadget/composite.c | 6 +- drivers/usb/gadget/function/f_fs.c | 9 +- drivers/usb/gadget/function/uvc_configfs.c | 4 +- drivers/usb/host/ohci-hcd.c | 8 + drivers/usb/host/xhci-plat.h | 4 +- drivers/usb/host/xhci-rzv2m.c | 1 + drivers/usb/typec/tcpm/tcpm.c | 36 +++- drivers/usb/typec/ucsi/ucsi.c | 12 +- fs/9p/fid.h | 3 - fs/9p/vfs_file.c | 2 + fs/9p/vfs_inode.c | 23 ++- fs/9p/vfs_super.c | 1 + fs/btrfs/inode.c | 2 +- fs/btrfs/ordered-data.c | 1 + fs/btrfs/qgroup.c | 2 + fs/btrfs/transaction.c | 2 +- fs/btrfs/tree-checker.c | 30 ++-- fs/btrfs/tree-checker.h | 1 + fs/btrfs/volumes.c | 18 +- fs/exfat/file.c | 9 +- fs/gfs2/bmap.c | 5 +- fs/nfs/client.c | 5 +- fs/nfs/inode.c | 13 +- fs/nfs/internal.h | 2 - fs/nfs/netns.h | 2 + fs/nfsd/cache.h | 2 - fs/nfsd/netns.h | 21 ++- fs/nfsd/nfs4callback.c | 97 ++++++++++- fs/nfsd/nfs4proc.c | 6 +- fs/nfsd/nfs4state.c | 3 +- fs/nfsd/nfs4xdr.c | 2 +- fs/nfsd/nfscache.c | 40 +---- fs/nfsd/nfsctl.c | 14 +- fs/nfsd/nfsfh.c | 3 +- fs/nfsd/state.h | 14 ++ fs/nfsd/stats.c | 43 ++--- fs/nfsd/stats.h | 62 +++---- fs/nfsd/vfs.c | 6 +- fs/nfsd/xdr4cb.h | 18 ++ fs/proc/task_mmu.c | 24 +-- fs/smb/client/cifsglob.h | 1 + fs/smb/client/connect.c | 8 + fs/smb/client/fs_context.c | 21 +++ fs/smb/client/fs_context.h | 2 + fs/smb/client/misc.c | 1 + fs/smb/client/smb2pdu.c | 11 ++ fs/smb/server/oplock.c | 35 ++-- fs/smb/server/transport_tcp.c | 4 + fs/tracefs/event_inode.c | 74 +++++---- fs/tracefs/inode.c | 92 +++++++++- fs/tracefs/internal.h | 14 +- fs/userfaultfd.c | 4 + fs/vboxsf/file.c | 1 + include/linux/compiler_types.h | 11 ++ include/linux/dma-fence.h | 7 - include/linux/gfp_types.h | 2 + include/linux/hyperv.h | 1 + include/linux/regmap.h | 8 + include/linux/regulator/consumer.h | 4 +- include/linux/skbuff.h | 15 ++ include/linux/skmsg.h | 2 + include/linux/slab.h | 4 +- include/linux/sockptr.h | 25 +++ include/linux/sunrpc/clnt.h | 1 + include/net/gro.h | 9 + include/net/xfrm.h | 3 + include/sound/emu10k1.h | 3 +- include/trace/events/rxrpc.h | 2 +- include/uapi/linux/kfd_ioctl.h | 17 +- include/uapi/scsi/scsi_bsg_mpi3mr.h | 2 +- kernel/bpf/bloom_filter.c | 13 ++ kernel/bpf/verifier.c | 3 +- kernel/dma/swiotlb.c | 1 + kernel/workqueue.c | 8 +- lib/Kconfig.debug | 5 +- lib/dynamic_debug.c | 6 +- lib/maple_tree.c | 16 +- lib/scatterlist.c | 2 +- mm/readahead.c | 4 + mm/slub.c | 52 +++--- net/8021q/vlan_core.c | 2 + net/bluetooth/hci_core.c | 3 +- net/bluetooth/hci_event.c | 2 + net/bluetooth/l2cap_core.c | 3 + net/bluetooth/msft.c | 2 +- net/bluetooth/msft.h | 4 +- net/bluetooth/sco.c | 4 + net/bridge/br_forward.c | 9 +- net/bridge/br_netlink.c | 3 +- net/core/filter.c | 42 +++-- net/core/gro.c | 1 + net/core/link_watch.c | 4 +- net/core/net-sysfs.c | 4 +- net/core/net_namespace.c | 13 +- net/core/rtnetlink.c | 6 +- net/core/skbuff.c | 27 ++- net/core/skmsg.c | 5 +- net/core/sock.c | 4 +- net/hsr/hsr_device.c | 31 ++-- net/ipv4/af_inet.c | 1 + net/ipv4/ip_output.c | 2 +- net/ipv4/raw.c | 3 + net/ipv4/tcp.c | 4 +- net/ipv4/tcp_input.c | 2 + net/ipv4/tcp_ipv4.c | 8 +- net/ipv4/tcp_output.c | 4 +- net/ipv4/udp.c | 3 +- net/ipv4/udp_offload.c | 15 +- net/ipv4/xfrm4_input.c | 6 +- net/ipv6/addrconf.c | 11 +- net/ipv6/fib6_rules.c | 6 +- net/ipv6/ip6_input.c | 4 +- net/ipv6/ip6_offload.c | 1 + net/ipv6/ip6_output.c | 4 +- net/ipv6/udp.c | 3 +- net/ipv6/udp_offload.c | 3 +- net/ipv6/xfrm6_input.c | 6 +- net/l2tp/l2tp_eth.c | 3 + net/mac80211/ieee80211_i.h | 4 +- net/mac80211/mlme.c | 5 +- net/mptcp/ctrl.c | 39 ++++- net/mptcp/protocol.c | 3 + net/nfc/llcp_sock.c | 12 +- net/nfc/nci/core.c | 1 + net/nsh/nsh.c | 14 +- net/phonet/pn_netlink.c | 2 +- net/rxrpc/ar-internal.h | 2 +- net/rxrpc/call_object.c | 7 +- net/rxrpc/conn_event.c | 16 +- net/rxrpc/conn_object.c | 9 +- net/rxrpc/input.c | 71 +++++--- net/rxrpc/output.c | 14 +- net/rxrpc/protocol.h | 6 +- net/smc/smc_ib.c | 19 ++- net/sunrpc/clnt.c | 5 +- net/sunrpc/xprtsock.c | 1 + net/tipc/msg.c | 8 +- net/wireless/nl80211.c | 2 + net/wireless/trace.h | 2 +- net/xfrm/xfrm_input.c | 8 + rust/macros/module.rs | 185 +++++++++++++-------- scripts/Makefile.modfinal | 2 +- sound/hda/intel-sdw-acpi.c | 2 + sound/oss/dmasound/dmasound_paula.c | 8 +- sound/pci/emu10k1/emu10k1.c | 3 +- sound/pci/emu10k1/emu10k1_main.c | 139 +++++++++------- sound/pci/hda/patch_realtek.c | 25 ++- sound/soc/codecs/es8326.c | 30 ++-- sound/soc/codecs/es8326.h | 2 +- sound/soc/codecs/wsa881x.c | 1 + sound/soc/intel/avs/topology.c | 2 + sound/soc/meson/Kconfig | 1 + sound/soc/meson/axg-card.c | 1 + sound/soc/meson/axg-fifo.c | 56 ++++--- sound/soc/meson/axg-fifo.h | 12 +- sound/soc/meson/axg-frddr.c | 5 +- sound/soc/meson/axg-tdm-interface.c | 34 ++-- sound/soc/meson/axg-toddr.c | 22 ++- sound/soc/sof/intel/hda-dsp.c | 20 ++- sound/soc/sof/intel/pci-lnl.c | 3 + sound/soc/tegra/tegra186_dspk.c | 7 +- sound/soc/ti/davinci-mcasp.c | 12 +- sound/usb/line6/driver.c | 6 +- tools/include/linux/kernel.h | 1 + tools/include/linux/mm.h | 5 + tools/include/linux/panic.h | 19 +++ tools/power/x86/turbostat/turbostat.8 | 2 +- tools/power/x86/turbostat/turbostat.c | 163 +++++++++++++----- .../selftests/bpf/prog_tests/bloom_filter_map.c | 6 + .../ftrace/test.d/filter/event-filter-function.tc | 2 +- tools/testing/selftests/mm/Makefile | 6 +- .../selftests/net/test_bridge_neigh_suppress.sh | 14 +- tools/testing/selftests/timers/valid-adjtimex.c | 73 ++++---- 369 files changed, 3269 insertions(+), 1864 deletions(-)

1 year, 4 months

6
341
0 0

[PATCHv4 3/4] x86/tdx: Dynamically disable SEPT violations from causing #VEs

by Kirill A. Shutemov

Memory access #VE's are hard for Linux to handle in contexts like the entry code or NMIs. But other OSes need them for functionality. There's a static (pre-guest-boot) way for a VMM to choose one or the other. But VMMs don't always know which OS they are booting, so they choose to deliver those #VE's so the "other" OSes will work. That, unfortunately has left us in the lurch and exposed to these hard-to-handle #VEs. The TDX module has introduced a new feature. Even if the static configuration is "send nasty #VE's", the kernel can dynamically request that they be disabled. Check if the feature is available and disable SEPT #VE if possible. If the TD allowed to disable/enable SEPT #VEs, the ATTR_SEPT_VE_DISABLE attribute is no longer reliable. It reflects the initial state of the control for the TD, but it will not be updated if someone (e.g. bootloader) changes it before the kernel starts. Kernel must check TDCS_TD_CTLS bit to determine if SEPT #VEs are enabled or disabled. Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Fixes: 373e715e31bf ("x86/tdx: Panic on bad configs that #VE on "private" memory access") Cc: stable(a)vger.kernel.org --- arch/x86/coco/tdx/tdx.c | 88 +++++++++++++++++++++++++------ arch/x86/include/asm/shared/tdx.h | 11 +++- 2 files changed, 83 insertions(+), 16 deletions(-) diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index 1ff571cb9177..ba37f4306f4e 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -77,6 +77,20 @@ static inline void tdcall(u64 fn, struct tdx_module_args *args) panic("TDCALL %lld failed (Buggy TDX module!)\n", fn); } +/* Read TD-scoped metadata */ +static inline u64 tdg_vm_rd(u64 field, u64 *value) +{ + struct tdx_module_args args = { + .rdx = field, + }; + u64 ret; + + ret = __tdcall_ret(TDG_VM_RD, &args); + *value = args.r8; + + return ret; +} + /* Write TD-scoped metadata */ static inline u64 tdg_vm_wr(u64 field, u64 value, u64 mask) { @@ -179,6 +193,62 @@ static void __noreturn tdx_panic(const char *msg) __tdx_hypercall(&args); } +/* + * The kernel cannot handle #VEs when accessing normal kernel memory. Ensure + * that no #VE will be delivered for accesses to TD-private memory. + * + * TDX 1.0 does not allow the guest to disable SEPT #VE on its own. The VMM + * controls if the guest will receive such #VE with TD attribute + * ATTR_SEPT_VE_DISABLE. + * + * Newer TDX module allows the guest to control if it wants to receive SEPT + * violation #VEs. + * + * Check if the feature is available and disable SEPT #VE if possible. + * + * If the TD allowed to disable/enable SEPT #VEs, the ATTR_SEPT_VE_DISABLE + * attribute is no longer reliable. It reflects the initial state of the + * control for the TD, but it will not be updated if someone (e.g. bootloader) + * changes it before the kernel starts. Kernel must check TDCS_TD_CTLS bit to + * determine if SEPT #VEs are enabled or disabled. + */ +static void disable_sept_ve(u64 td_attr) +{ + const char *msg = "TD misconfiguration: SEPT #VE has to be disabled"; + bool debug = td_attr & ATTR_DEBUG; + u64 config, controls; + + /* Is this TD allowed to disable SEPT #VE */ + tdg_vm_rd(TDCS_CONFIG_FLAGS, &config); + if (!(config & TDCS_CONFIG_FLEXIBLE_PENDING_VE)) { + /* No SEPT #VE controls for the guest: check the attribute */ + if (td_attr & ATTR_SEPT_VE_DISABLE) + return; + + /* Relax SEPT_VE_DISABLE check for debug TD for backtraces */ + if (debug) + pr_warn("%s\n", msg); + else + tdx_panic(msg); + return; + } + + /* Check if SEPT #VE has been disabled before us */ + tdg_vm_rd(TDCS_TD_CTLS, &controls); + if (controls & TD_CTLS_PENDING_VE_DISABLE) + return; + + /* Keep #VEs enabled for splats in debugging environments */ + if (debug) + return; + + /* Disable SEPT #VEs */ + tdg_vm_wr(TDCS_TD_CTLS, TD_CTLS_PENDING_VE_DISABLE, + TD_CTLS_PENDING_VE_DISABLE); + + return; +} + static void tdx_setup(u64 *cc_mask) { struct tdx_module_args args = {}; @@ -204,24 +274,12 @@ static void tdx_setup(u64 *cc_mask) gpa_width = args.rcx & GENMASK(5, 0); *cc_mask = BIT_ULL(gpa_width - 1); + td_attr = args.rdx; + /* Kernel does not use NOTIFY_ENABLES and does not need random #VEs */ tdg_vm_wr(TDCS_NOTIFY_ENABLES, 0, -1ULL); - /* - * The kernel can not handle #VE's when accessing normal kernel - * memory. Ensure that no #VE will be delivered for accesses to - * TD-private memory. Only VMM-shared memory (MMIO) will #VE. - */ - td_attr = args.rdx; - if (!(td_attr & ATTR_SEPT_VE_DISABLE)) { - const char *msg = "TD misconfiguration: SEPT_VE_DISABLE attribute must be set."; - - /* Relax SEPT_VE_DISABLE check for debug TD. */ - if (td_attr & ATTR_DEBUG) - pr_warn("%s\n", msg); - else - tdx_panic(msg); - } + disable_sept_ve(td_attr); } /* diff --git a/arch/x86/include/asm/shared/tdx.h b/arch/x86/include/asm/shared/tdx.h index fdfd41511b02..fecb2a6e864b 100644 --- a/arch/x86/include/asm/shared/tdx.h +++ b/arch/x86/include/asm/shared/tdx.h @@ -16,11 +16,20 @@ #define TDG_VP_VEINFO_GET 3 #define TDG_MR_REPORT 4 #define TDG_MEM_PAGE_ACCEPT 6 +#define TDG_VM_RD 7 #define TDG_VM_WR 8 -/* TDCS fields. To be used by TDG.VM.WR and TDG.VM.RD module calls */ +/* TDX TD-Scope Metadata. To be used by TDG.VM.WR and TDG.VM.RD */ +#define TDCS_CONFIG_FLAGS 0x1110000300000016 +#define TDCS_TD_CTLS 0x1110000300000017 #define TDCS_NOTIFY_ENABLES 0x9100000000000010 +/* TDCS_CONFIG_FLAGS bits */ +#define TDCS_CONFIG_FLEXIBLE_PENDING_VE BIT_ULL(1) + +/* TDCS_TD_CTLS bits */ +#define TD_CTLS_PENDING_VE_DISABLE BIT_ULL(0) + /* TDX hypercall Leaf IDs */ #define TDVMCALL_MAP_GPA 0x10001 #define TDVMCALL_GET_QUOTE 0x10002 -- 2.43.0

1 year, 4 months

3
5
0 0

[PATCH] x86/percpu: Use __force to cast from __percpu address space

by Uros Bizjak

commit a55c1fdad5f61b4bfe42319694b23671a758cb28 upstream. Fix Sparse warning when casting from __percpu address space by using __force in the cast. x86 named address spaces are not considered to be subspaces of the generic (flat) address space, so explicit casts are required to convert pointers between these address spaces and the generic address space (the application should cast to uintptr_t and apply the segment base offset). The cast to uintptr_t removes __percpu address space tag and Sparse reports: warning: cast removes address space '__percpu' of expression Use __force to inform Sparse that the cast is intentional. The patch deviates from upstream commit due to the unification of arch_raw_cpu_ptr() defines in the commit: 4e5b0e8003df ("x86/percpu: Unify arch_raw_cpu_ptr() defines"). Fixes: 9a462b9eafa6 ("x86/percpu: Use compiler segment prefix qualifier") Reported-by: Charlemagne Lasse <charlemagnelasse(a)gmail.com> Closes: https://lore.kernel.org/lkml/CAFGhKbzev7W4aHwhFPWwMZQEHenVgZUj7=aunFieVqZg3… Cc: stable(a)vger.kernel.org # v6.8 Link: https://lore.kernel.org/r/20240402175058.52649-1-ubizjak@gmail.com Signed-off-by: Uros Bizjak <ubizjak(a)gmail.com> --- arch/x86/include/asm/percpu.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/x86/include/asm/percpu.h b/arch/x86/include/asm/percpu.h index 44958ebaf626..66ed36b8cdb4 100644 --- a/arch/x86/include/asm/percpu.h +++ b/arch/x86/include/asm/percpu.h @@ -70,7 +70,7 @@ unsigned long tcp_ptr__; \ tcp_ptr__ = __raw_cpu_read(, this_cpu_off); \ \ - tcp_ptr__ += (unsigned long)(ptr); \ + tcp_ptr__ += (__force unsigned long)(ptr); \ (typeof(*(ptr)) __kernel __force *)tcp_ptr__; \ }) #else /* CONFIG_USE_X86_SEG_SUPPORT */ @@ -85,7 +85,7 @@ : "=r" (tcp_ptr__) \ : "m" (__my_cpu_var(this_cpu_off))); \ \ - tcp_ptr__ += (unsigned long)(ptr); \ + tcp_ptr__ += (__force unsigned long)(ptr); \ (typeof(*(ptr)) __kernel __force *)tcp_ptr__; \ }) #endif /* CONFIG_USE_X86_SEG_SUPPORT */ @@ -102,8 +102,8 @@ #endif /* CONFIG_SMP */ #define __my_cpu_type(var) typeof(var) __percpu_seg_override -#define __my_cpu_ptr(ptr) (__my_cpu_type(*ptr) *)(uintptr_t)(ptr) -#define __my_cpu_var(var) (*__my_cpu_ptr(&var)) +#define __my_cpu_ptr(ptr) (__my_cpu_type(*(ptr))*)(__force uintptr_t)(ptr) +#define __my_cpu_var(var) (*__my_cpu_ptr(&(var))) #define __percpu_arg(x) __percpu_prefix "%" #x #define __force_percpu_arg(x) __force_percpu_prefix "%" #x -- 2.45.0

1 year, 4 months

2
3
0 0

Regression fix e100e: change usleep_range to udelay in PHY mdic

by James Dutton

Hi, Please can you add this regression fix to kernel 6.9.1. Feel free to add a: Tested-by: James Courtier-Dutton <james.dutton(a)gmail.com> It has been tested by many others also, as listed in the commit, so don't feel the need to add my name if it delays adding it to kernel 6.9.1. Without this fix, the network card in my HP laptop does not work. Here is the summary with links: - [net] e1000e: change usleep_range to udelay in PHY mdic access https://git.kernel.org/netdev/net/c/387f295cb215 Kind Regards James

1 year, 4 months

3
3
0 0

[PATCH stable, 6.1 0/2] Fix for sockmap causing data stalls

by John Fastabend

The attached two patches fix an issue with running BPF sockmap on TCP sockets where applications error out due to sender doing a send for each scatter gather element in the msg. The other 6.x stable and longterm kernels have this fix so we don't see it there and the issue was introduced in 6.1 by converting to the read_skb() interface. The 5.15 stable kernels use the read_sock() interface which doesn't have this issue. We missed adding the fixes tag to the original series because the work was a code improvement and wasn't originally identified as a bugfix. The first patch applies cleanly, the second patch does not because it touches smc, espintcp, and siw which do not apply because that code does not use sendmsg() yet on 6.1. I remove those chunks of the patch because they don't apply here. I added a Fixes tag to the patches to point at the patch introducing the issue. Originally I sent something similar to this as a single patch where I incorrectly merged the two patches. Greg asked me to do this as two patches. Thanks. David Howells (2): tcp_bpf: Inline do_tcp_sendpages as it's now a wrapper around tcp_sendmsg tcp_bpf, smc, tls, espintcp, siw: Reduce MSG_SENDPAGE_NOTLAST usage net/ipv4/tcp_bpf.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) -- 2.33.0

1 year, 4 months

2
3
0 0

FAILED: patch "[PATCH] mm,swapops: update check in is_pfn_swap_entry for hwpoison" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 07a57a338adb6ec9e766d6a6790f76527f45ceb5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042309-rural-overlying-190b@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 07a57a338adb ("mm,swapops: update check in is_pfn_swap_entry for hwpoison entries") d027122d8363 ("mm/hwpoison: move definitions of num_poisoned_pages_* to memory-failure.c") e591ef7d96d6 ("mm,hwpoison,hugetlb,memory_hotplug: hotremove memory section with hwpoisoned hugepage") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 07a57a338adb6ec9e766d6a6790f76527f45ceb5 Mon Sep 17 00:00:00 2001 From: Oscar Salvador <osalvador(a)suse.de> Date: Sun, 7 Apr 2024 15:05:37 +0200 Subject: [PATCH] mm,swapops: update check in is_pfn_swap_entry for hwpoison entries Tony reported that the Machine check recovery was broken in v6.9-rc1, as he was hitting a VM_BUG_ON when injecting uncorrectable memory errors to DRAM. After some more digging and debugging on his side, he realized that this went back to v6.1, with the introduction of 'commit 0d206b5d2e0d ("mm/swap: add swp_offset_pfn() to fetch PFN from swap entry")'. That commit, among other things, introduced swp_offset_pfn(), replacing hwpoison_entry_to_pfn() in its favour. The patch also introduced a VM_BUG_ON() check for is_pfn_swap_entry(), but is_pfn_swap_entry() never got updated to cover hwpoison entries, which means that we would hit the VM_BUG_ON whenever we would call swp_offset_pfn() for such entries on environments with CONFIG_DEBUG_VM set. Fix this by updating the check to cover hwpoison entries as well, and update the comment while we are it. Link: https://lkml.kernel.org/r/20240407130537.16977-1-osalvador@suse.de Fixes: 0d206b5d2e0d ("mm/swap: add swp_offset_pfn() to fetch PFN from swap entry") Signed-off-by: Oscar Salvador <osalvador(a)suse.de> Reported-by: Tony Luck <tony.luck(a)intel.com> Closes: https://lore.kernel.org/all/Zg8kLSl2yAlA3o5D@agluck-desk3/ Tested-by: Tony Luck <tony.luck(a)intel.com> Reviewed-by: Peter Xu <peterx(a)redhat.com> Reviewed-by: David Hildenbrand <david(a)redhat.com> Acked-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: <stable(a)vger.kernel.org> [6.1.x] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/include/linux/swapops.h b/include/linux/swapops.h index 48b700ba1d18..a5c560a2f8c2 100644 --- a/include/linux/swapops.h +++ b/include/linux/swapops.h @@ -390,6 +390,35 @@ static inline bool is_migration_entry_dirty(swp_entry_t entry) } #endif /* CONFIG_MIGRATION */ +#ifdef CONFIG_MEMORY_FAILURE + +/* + * Support for hardware poisoned pages + */ +static inline swp_entry_t make_hwpoison_entry(struct page *page) +{ + BUG_ON(!PageLocked(page)); + return swp_entry(SWP_HWPOISON, page_to_pfn(page)); +} + +static inline int is_hwpoison_entry(swp_entry_t entry) +{ + return swp_type(entry) == SWP_HWPOISON; +} + +#else + +static inline swp_entry_t make_hwpoison_entry(struct page *page) +{ + return swp_entry(0, 0); +} + +static inline int is_hwpoison_entry(swp_entry_t swp) +{ + return 0; +} +#endif + typedef unsigned long pte_marker; #define PTE_MARKER_UFFD_WP BIT(0) @@ -483,8 +512,9 @@ static inline struct folio *pfn_swap_entry_folio(swp_entry_t entry) /* * A pfn swap entry is a special type of swap entry that always has a pfn stored - * in the swap offset. They are used to represent unaddressable device memory - * and to restrict access to a page undergoing migration. + * in the swap offset. They can either be used to represent unaddressable device + * memory, to restrict access to a page undergoing migration or to represent a + * pfn which has been hwpoisoned and unmapped. */ static inline bool is_pfn_swap_entry(swp_entry_t entry) { @@ -492,7 +522,7 @@ static inline bool is_pfn_swap_entry(swp_entry_t entry) BUILD_BUG_ON(SWP_TYPE_SHIFT < SWP_PFN_BITS); return is_migration_entry(entry) || is_device_private_entry(entry) || - is_device_exclusive_entry(entry); + is_device_exclusive_entry(entry) || is_hwpoison_entry(entry); } struct page_vma_mapped_walk; @@ -561,35 +591,6 @@ static inline int is_pmd_migration_entry(pmd_t pmd) } #endif /* CONFIG_ARCH_ENABLE_THP_MIGRATION */ -#ifdef CONFIG_MEMORY_FAILURE - -/* - * Support for hardware poisoned pages - */ -static inline swp_entry_t make_hwpoison_entry(struct page *page) -{ - BUG_ON(!PageLocked(page)); - return swp_entry(SWP_HWPOISON, page_to_pfn(page)); -} - -static inline int is_hwpoison_entry(swp_entry_t entry) -{ - return swp_type(entry) == SWP_HWPOISON; -} - -#else - -static inline swp_entry_t make_hwpoison_entry(struct page *page) -{ - return swp_entry(0, 0); -} - -static inline int is_hwpoison_entry(swp_entry_t swp) -{ - return 0; -} -#endif - static inline int non_swap_entry(swp_entry_t entry) { return swp_type(entry) >= MAX_SWAPFILES;

1 year, 4 months

3
2
0 0

[PATCH 6.6.y] kselftest: Add a ksft_perror() helper

by Edward Liaw

From: Mark Brown <broonie(a)kernel.org> [ Upstream commit 907f33028871fa7c9a3db1efd467b78ef82cce20 ] The standard library perror() function provides a convenient way to print an error message based on the current errno but this doesn't play nicely with KTAP output. Provide a helper which does an equivalent thing in a KTAP compatible format. nolibc doesn't have a strerror() and adding the table of strings required doesn't seem like a good fit for what it's trying to do so when we're using that only print the errno. Signed-off-by: Mark Brown <broonie(a)kernel.org> Reviewed-by: Kees Cook <keescook(a)chromium.org> Signed-off-by: Shuah Khan <skhan(a)linuxfoundation.org> Stable-dep-of: 071af0c9e582 ("selftests: timers: Convert posix_timers test to generate KTAP output") Signed-off-by: Edward Liaw <edliaw(a)google.com> --- tools/testing/selftests/kselftest.h | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tools/testing/selftests/kselftest.h b/tools/testing/selftests/kselftest.h index e8eecbc83a60..ad7b97e16f37 100644 --- a/tools/testing/selftests/kselftest.h +++ b/tools/testing/selftests/kselftest.h @@ -48,6 +48,7 @@ #include <stdlib.h> #include <unistd.h> #include <stdarg.h> +#include <string.h> #include <stdio.h> #include <sys/utsname.h> #endif @@ -156,6 +157,19 @@ static inline void ksft_print_msg(const char *msg, ...) va_end(args); } +static inline void ksft_perror(const char *msg) +{ +#ifndef NOLIBC + ksft_print_msg("%s: %s (%d)\n", msg, strerror(errno), errno); +#else + /* + * nolibc doesn't provide strerror() and it seems + * inappropriate to add one, just print the errno. + */ + ksft_print_msg("%s: %d)\n", msg, errno); +#endif +} + static inline void ksft_test_result_pass(const char *msg, ...) { int saved_errno = errno; -- 2.44.0.769.g3c40516874-goog

1 year, 4 months

3
4
0 0

FAILED: patch "[PATCH] mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 52ccdde16b6540abe43b6f8d8e1e1ec90b0983af # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042912-visibly-carpool-70bd@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 52ccdde16b65 ("mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio()") 32c877191e02 ("hugetlb: do not clear hugetlb dtor until allocating vmemmap") d6ef19e25df2 ("mm/hugetlb: convert update_and_free_page() to folios") cfd5082b5147 ("mm/hugetlb: convert remove_hugetlb_page() to folios") 1a7cdab59b22 ("mm/hugetlb: convert dissolve_free_huge_page() to folios") 911565b82853 ("mm/hugetlb: convert destroy_compound_gigantic_page() to folios") cb67f4282bf9 ("mm,thp,rmap: simplify compound page mapcount handling") dad6a5eb5556 ("mm,hugetlb: use folio fields in second tail page") 0356c4b96f68 ("mm/hugetlb: convert free_huge_page to folios") de656ed376c4 ("mm/hugetlb_cgroup: convert set_hugetlb_cgroup*() to folios") f074732d599e ("mm/hugetlb_cgroup: convert hugetlb_cgroup_from_page() to folios") a098c977722c ("mm/hugetlb_cgroup: convert __set_hugetlb_cgroup() to folios") 4781593d5dba ("mm/hugetlb: unify clearing of RestoreReserve for private pages") 149562f75094 ("mm/hugetlb: add hugetlb_folio_subpool() helpers") d340625f4849 ("mm: add private field of first tail to struct page and struct folio") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 52ccdde16b6540abe43b6f8d8e1e1ec90b0983af Mon Sep 17 00:00:00 2001 From: Miaohe Lin <linmiaohe(a)huawei.com> Date: Fri, 19 Apr 2024 16:58:19 +0800 Subject: [PATCH] mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() When I did memory failure tests recently, below warning occurs: DEBUG_LOCKS_WARN_ON(1) WARNING: CPU: 8 PID: 1011 at kernel/locking/lockdep.c:232 __lock_acquire+0xccb/0x1ca0 Modules linked in: mce_inject hwpoison_inject CPU: 8 PID: 1011 Comm: bash Kdump: loaded Not tainted 6.9.0-rc3-next-20240410-00012-gdb69f219f4be #3 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 RIP: 0010:__lock_acquire+0xccb/0x1ca0 RSP: 0018:ffffa7a1c7fe3bd0 EFLAGS: 00000082 RAX: 0000000000000000 RBX: eb851eb853975fcf RCX: ffffa1ce5fc1c9c8 RDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffffa1ce5fc1c9c0 RBP: ffffa1c6865d3280 R08: ffffffffb0f570a8 R09: 0000000000009ffb R10: 0000000000000286 R11: ffffffffb0f2ad50 R12: ffffa1c6865d3d10 R13: ffffa1c6865d3c70 R14: 0000000000000000 R15: 0000000000000004 FS: 00007ff9f32aa740(0000) GS:ffffa1ce5fc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ff9f3134ba0 CR3: 00000008484e4000 CR4: 00000000000006f0 Call Trace: <TASK> lock_acquire+0xbe/0x2d0 _raw_spin_lock_irqsave+0x3a/0x60 hugepage_subpool_put_pages.part.0+0xe/0xc0 free_huge_folio+0x253/0x3f0 dissolve_free_huge_page+0x147/0x210 __page_handle_poison+0x9/0x70 memory_failure+0x4e6/0x8c0 hard_offline_page_store+0x55/0xa0 kernfs_fop_write_iter+0x12c/0x1d0 vfs_write+0x380/0x540 ksys_write+0x64/0xe0 do_syscall_64+0xbc/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ff9f3114887 RSP: 002b:00007ffecbacb458 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007ff9f3114887 RDX: 000000000000000c RSI: 0000564494164e10 RDI: 0000000000000001 RBP: 0000564494164e10 R08: 00007ff9f31d1460 R09: 000000007fffffff R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c R13: 00007ff9f321b780 R14: 00007ff9f3217600 R15: 00007ff9f3216a00 </TASK> Kernel panic - not syncing: kernel: panic_on_warn set ... CPU: 8 PID: 1011 Comm: bash Kdump: loaded Not tainted 6.9.0-rc3-next-20240410-00012-gdb69f219f4be #3 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 Call Trace: <TASK> panic+0x326/0x350 check_panic_on_warn+0x4f/0x50 __warn+0x98/0x190 report_bug+0x18e/0x1a0 handle_bug+0x3d/0x70 exc_invalid_op+0x18/0x70 asm_exc_invalid_op+0x1a/0x20 RIP: 0010:__lock_acquire+0xccb/0x1ca0 RSP: 0018:ffffa7a1c7fe3bd0 EFLAGS: 00000082 RAX: 0000000000000000 RBX: eb851eb853975fcf RCX: ffffa1ce5fc1c9c8 RDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffffa1ce5fc1c9c0 RBP: ffffa1c6865d3280 R08: ffffffffb0f570a8 R09: 0000000000009ffb R10: 0000000000000286 R11: ffffffffb0f2ad50 R12: ffffa1c6865d3d10 R13: ffffa1c6865d3c70 R14: 0000000000000000 R15: 0000000000000004 lock_acquire+0xbe/0x2d0 _raw_spin_lock_irqsave+0x3a/0x60 hugepage_subpool_put_pages.part.0+0xe/0xc0 free_huge_folio+0x253/0x3f0 dissolve_free_huge_page+0x147/0x210 __page_handle_poison+0x9/0x70 memory_failure+0x4e6/0x8c0 hard_offline_page_store+0x55/0xa0 kernfs_fop_write_iter+0x12c/0x1d0 vfs_write+0x380/0x540 ksys_write+0x64/0xe0 do_syscall_64+0xbc/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ff9f3114887 RSP: 002b:00007ffecbacb458 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007ff9f3114887 RDX: 000000000000000c RSI: 0000564494164e10 RDI: 0000000000000001 RBP: 0000564494164e10 R08: 00007ff9f31d1460 R09: 000000007fffffff R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c R13: 00007ff9f321b780 R14: 00007ff9f3217600 R15: 00007ff9f3216a00 </TASK> After git bisecting and digging into the code, I believe the root cause is that _deferred_list field of folio is unioned with _hugetlb_subpool field. In __update_and_free_hugetlb_folio(), folio->_deferred_list is initialized leading to corrupted folio->_hugetlb_subpool when folio is hugetlb. Later free_huge_folio() will use _hugetlb_subpool and above warning happens. But it is assumed hugetlb flag must have been cleared when calling folio_put() in update_and_free_hugetlb_folio(). This assumption is broken due to below race: CPU1 CPU2 dissolve_free_huge_page update_and_free_pages_bulk update_and_free_hugetlb_folio hugetlb_vmemmap_restore_folios folio_clear_hugetlb_vmemmap_optimized clear_flag = folio_test_hugetlb_vmemmap_optimized if (clear_flag) <-- False, it's already cleared. __folio_clear_hugetlb(folio) <-- Hugetlb is not cleared. folio_put free_huge_folio <-- free_the_page is expected. list_for_each_entry() __folio_clear_hugetlb <-- Too late. Fix this issue by checking whether folio is hugetlb directly instead of checking clear_flag to close the race window. Link: https://lkml.kernel.org/r/20240419085819.1901645-1-linmiaohe@huawei.com Fixes: 32c877191e02 ("hugetlb: do not clear hugetlb dtor until allocating vmemmap") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Reviewed-by: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 05371bf54f96..ce7be5c24442 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -1781,7 +1781,7 @@ static void __update_and_free_hugetlb_folio(struct hstate *h, * If vmemmap pages were allocated above, then we need to clear the * hugetlb destructor under the hugetlb lock. */ - if (clear_dtor) { + if (folio_test_hugetlb(folio)) { spin_lock_irq(&hugetlb_lock); __clear_hugetlb_destructor(h, folio); spin_unlock_irq(&hugetlb_lock);

1 year, 4 months

4
5
0 0

[PATCH 6.6.x] btrfs: do not wait for short bulk allocation

by David Sterba

From: Qu Wenruo <wqu(a)suse.com> commit 1db7959aacd905e6487d0478ac01d89f86eb1e51 upstream. [BUG] There is a recent report that when memory pressure is high (including cached pages), btrfs can spend most of its time on memory allocation in btrfs_alloc_page_array() for compressed read/write. [CAUSE] For btrfs_alloc_page_array() we always go alloc_pages_bulk_array(), and even if the bulk allocation failed (fell back to single page allocation) we still retry but with extra memalloc_retry_wait(). If the bulk alloc only returned one page a time, we would spend a lot of time on the retry wait. The behavior was introduced in commit 395cb57e8560 ("btrfs: wait between incomplete batch memory allocations"). [FIX] Although the commit mentioned that other filesystems do the wait, it's not the case at least nowadays. All the mainlined filesystems only call memalloc_retry_wait() if they failed to allocate any page (not only for bulk allocation). If there is any progress, they won't call memalloc_retry_wait() at all. For example, xfs_buf_alloc_pages() would only call memalloc_retry_wait() if there is no allocation progress at all, and the call is not for metadata readahead. So I don't believe we should call memalloc_retry_wait() unconditionally for short allocation. Call memalloc_retry_wait() if it fails to allocate any page for tree block allocation (which goes with __GFP_NOFAIL and may not need the special handling anyway), and reduce the latency for btrfs_alloc_page_array(). Reported-by: Julian Taylor <julian.taylor(a)1und1.de> Tested-by: Julian Taylor <julian.taylor(a)1und1.de> Link: https://lore.kernel.org/all/8966c095-cbe7-4d22-9784-a647d1bf27c3@1und1.de/ Fixes: 395cb57e8560 ("btrfs: wait between incomplete batch memory allocations") CC: stable(a)vger.kernel.org # 6.1+ Reviewed-by: Sweet Tea Dorminy <sweettea-kernel(a)dorminy.me> Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: Qu Wenruo <wqu(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> --- fs/btrfs/extent_io.c | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c index 5acb2cb79d4b..9fbffd84b16c 100644 --- a/fs/btrfs/extent_io.c +++ b/fs/btrfs/extent_io.c @@ -686,24 +686,14 @@ int btrfs_alloc_page_array(unsigned int nr_pages, struct page **page_array) unsigned int last = allocated; allocated = alloc_pages_bulk_array(GFP_NOFS, nr_pages, page_array); - - if (allocated == nr_pages) - return 0; - - /* - * During this iteration, no page could be allocated, even - * though alloc_pages_bulk_array() falls back to alloc_page() - * if it could not bulk-allocate. So we must be out of memory. - */ - if (allocated == last) { + if (unlikely(allocated == last)) { + /* No progress, fail and do cleanup. */ for (int i = 0; i < allocated; i++) { __free_page(page_array[i]); page_array[i] = NULL; } return -ENOMEM; } - - memalloc_retry_wait(GFP_NOFS); } return 0; } -- 2.45.0

1 year, 4 months

2
1
0 0

[alternative-merged] mm-huge_memory-mark-huge_zero_page-reserved.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/huge_memory: mark huge_zero_page reserved has been removed from the -mm tree. Its filename was mm-huge_memory-mark-huge_zero_page-reserved.patch This patch was dropped because an alternative patch was or shall be merged ------------------------------------------------------ From: Miaohe Lin <linmiaohe(a)huawei.com> Subject: mm/huge_memory: mark huge_zero_page reserved Date: Sat, 11 May 2024 11:54:35 +0800 When I did memory failure tests recently, below panic occurs: kernel BUG at include/linux/mm.h:1135! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 9 PID: 137 Comm: kswapd1 Not tainted 6.9.0-rc4-00491-gd5ce28f156fe-dirty #14 RIP: 0010:shrink_huge_zero_page_scan+0x168/0x1a0 RSP: 0018:ffff9933c6c57bd0 EFLAGS: 00000246 RAX: 000000000000003e RBX: 0000000000000000 RCX: ffff88f61fc5c9c8 RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff88f61fc5c9c0 RBP: ffffcd7c446b0000 R08: ffffffff9a9405f0 R09: 0000000000005492 R10: 00000000000030ea R11: ffffffff9a9405f0 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88e703c4ac00 FS: 0000000000000000(0000) GS:ffff88f61fc40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055f4da6e9878 CR3: 0000000c71048000 CR4: 00000000000006f0 Call Trace: <TASK> do_shrink_slab+0x14f/0x6a0 shrink_slab+0xca/0x8c0 shrink_node+0x2d0/0x7d0 balance_pgdat+0x33a/0x720 kswapd+0x1f3/0x410 kthread+0xd5/0x100 ret_from_fork+0x2f/0x50 ret_from_fork_asm+0x1a/0x30 </TASK> Modules linked in: mce_inject hwpoison_inject ---[ end trace 0000000000000000 ]--- RIP: 0010:shrink_huge_zero_page_scan+0x168/0x1a0 RSP: 0018:ffff9933c6c57bd0 EFLAGS: 00000246 RAX: 000000000000003e RBX: 0000000000000000 RCX: ffff88f61fc5c9c8 RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff88f61fc5c9c0 RBP: ffffcd7c446b0000 R08: ffffffff9a9405f0 R09: 0000000000005492 R10: 00000000000030ea R11: ffffffff9a9405f0 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88e703c4ac00 FS: 0000000000000000(0000) GS:ffff88f61fc40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055f4da6e9878 CR3: 0000000c71048000 CR4: 00000000000006f0 The root cause is that HWPoison flag will be set for huge_zero_page without increasing the page refcnt. But then unpoison_memory() will decrease the page refcnt unexpectly as it appears like a successfully hwpoisoned page leading to VM_BUG_ON_PAGE(page_ref_count(page) == 0) when releasing huge_zero_page. Fix this issue by marking huge_zero_page reserved. So unpoison_memory() will skip this page. This will make it consistent with ZERO_PAGE case too. Link: https://lkml.kernel.org/r/20240511035435.1477004-1-linmiaohe@huawei.com Fixes: 478d134e9506 ("mm/huge_memory: do not overkill when splitting huge_zero_page") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Xu Yu <xuyu(a)linux.alibaba.com> Cc: Yang Shi <shy828301(a)gmail.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/huge_memory.c | 2 ++ 1 file changed, 2 insertions(+) --- a/mm/huge_memory.c~mm-huge_memory-mark-huge_zero_page-reserved +++ a/mm/huge_memory.c @@ -212,6 +212,7 @@ retry: folio_put(zero_folio); goto retry; } + __SetPageReserved(zero_page); WRITE_ONCE(huge_zero_pfn, folio_pfn(zero_folio)); /* We take additional reference here. It will be put back by shrinker */ @@ -264,6 +265,7 @@ static unsigned long shrink_huge_zero_pa struct folio *zero_folio = xchg(&huge_zero_folio, NULL); BUG_ON(zero_folio == NULL); WRITE_ONCE(huge_zero_pfn, ~0UL); + __ClearPageReserved(zero_page); folio_put(zero_folio); return HPAGE_PMD_NR; } _ Patches currently in -mm which might be from linmiaohe(a)huawei.com are

1 year, 4 months

1
0
0 0

+ mm-huge_memory-mark-huge_zero_page-reserved.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/huge_memory: mark huge_zero_page reserved has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-huge_memory-mark-huge_zero_page-reserved.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Miaohe Lin <linmiaohe(a)huawei.com> Subject: mm/huge_memory: mark huge_zero_page reserved Date: Sat, 11 May 2024 11:54:35 +0800 When I did memory failure tests recently, below panic occurs: kernel BUG at include/linux/mm.h:1135! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 9 PID: 137 Comm: kswapd1 Not tainted 6.9.0-rc4-00491-gd5ce28f156fe-dirty #14 RIP: 0010:shrink_huge_zero_page_scan+0x168/0x1a0 RSP: 0018:ffff9933c6c57bd0 EFLAGS: 00000246 RAX: 000000000000003e RBX: 0000000000000000 RCX: ffff88f61fc5c9c8 RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff88f61fc5c9c0 RBP: ffffcd7c446b0000 R08: ffffffff9a9405f0 R09: 0000000000005492 R10: 00000000000030ea R11: ffffffff9a9405f0 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88e703c4ac00 FS: 0000000000000000(0000) GS:ffff88f61fc40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055f4da6e9878 CR3: 0000000c71048000 CR4: 00000000000006f0 Call Trace: <TASK> do_shrink_slab+0x14f/0x6a0 shrink_slab+0xca/0x8c0 shrink_node+0x2d0/0x7d0 balance_pgdat+0x33a/0x720 kswapd+0x1f3/0x410 kthread+0xd5/0x100 ret_from_fork+0x2f/0x50 ret_from_fork_asm+0x1a/0x30 </TASK> Modules linked in: mce_inject hwpoison_inject ---[ end trace 0000000000000000 ]--- RIP: 0010:shrink_huge_zero_page_scan+0x168/0x1a0 RSP: 0018:ffff9933c6c57bd0 EFLAGS: 00000246 RAX: 000000000000003e RBX: 0000000000000000 RCX: ffff88f61fc5c9c8 RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff88f61fc5c9c0 RBP: ffffcd7c446b0000 R08: ffffffff9a9405f0 R09: 0000000000005492 R10: 00000000000030ea R11: ffffffff9a9405f0 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88e703c4ac00 FS: 0000000000000000(0000) GS:ffff88f61fc40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055f4da6e9878 CR3: 0000000c71048000 CR4: 00000000000006f0 The root cause is that HWPoison flag will be set for huge_zero_page without increasing the page refcnt. But then unpoison_memory() will decrease the page refcnt unexpectly as it appears like a successfully hwpoisoned page leading to VM_BUG_ON_PAGE(page_ref_count(page) == 0) when releasing huge_zero_page. Fix this issue by marking huge_zero_page reserved. So unpoison_memory() will skip this page. This will make it consistent with ZERO_PAGE case too. Link: https://lkml.kernel.org/r/20240511035435.1477004-1-linmiaohe@huawei.com Fixes: 478d134e9506 ("mm/huge_memory: do not overkill when splitting huge_zero_page") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Xu Yu <xuyu(a)linux.alibaba.com> Cc: Yang Shi <shy828301(a)gmail.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/huge_memory.c | 2 ++ 1 file changed, 2 insertions(+) --- a/mm/huge_memory.c~mm-huge_memory-mark-huge_zero_page-reserved +++ a/mm/huge_memory.c @@ -208,6 +208,7 @@ retry: __free_pages(zero_page, compound_order(zero_page)); goto retry; } + __SetPageReserved(zero_page); WRITE_ONCE(huge_zero_pfn, page_to_pfn(zero_page)); /* We take additional reference here. It will be put back by shrinker */ @@ -260,6 +261,7 @@ static unsigned long shrink_huge_zero_pa struct page *zero_page = xchg(&huge_zero_page, NULL); BUG_ON(zero_page == NULL); WRITE_ONCE(huge_zero_pfn, ~0UL); + __ClearPageReserved(zero_page); __free_pages(zero_page, compound_order(zero_page)); return HPAGE_PMD_NR; } _ Patches currently in -mm which might be from linmiaohe(a)huawei.com are mm-huge_memory-mark-huge_zero_page-reserved.patch

1 year, 4 months

1
0
0 0

+ mm-huge_memory-mark-huge_zero_page-reserved.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/huge_memory: mark huge_zero_page reserved has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-huge_memory-mark-huge_zero_page-reserved.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Miaohe Lin <linmiaohe(a)huawei.com> Subject: mm/huge_memory: mark huge_zero_page reserved Date: Sat, 11 May 2024 11:54:35 +0800 When I did memory failure tests recently, below panic occurs: kernel BUG at include/linux/mm.h:1135! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 9 PID: 137 Comm: kswapd1 Not tainted 6.9.0-rc4-00491-gd5ce28f156fe-dirty #14 RIP: 0010:shrink_huge_zero_page_scan+0x168/0x1a0 RSP: 0018:ffff9933c6c57bd0 EFLAGS: 00000246 RAX: 000000000000003e RBX: 0000000000000000 RCX: ffff88f61fc5c9c8 RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff88f61fc5c9c0 RBP: ffffcd7c446b0000 R08: ffffffff9a9405f0 R09: 0000000000005492 R10: 00000000000030ea R11: ffffffff9a9405f0 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88e703c4ac00 FS: 0000000000000000(0000) GS:ffff88f61fc40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055f4da6e9878 CR3: 0000000c71048000 CR4: 00000000000006f0 Call Trace: <TASK> do_shrink_slab+0x14f/0x6a0 shrink_slab+0xca/0x8c0 shrink_node+0x2d0/0x7d0 balance_pgdat+0x33a/0x720 kswapd+0x1f3/0x410 kthread+0xd5/0x100 ret_from_fork+0x2f/0x50 ret_from_fork_asm+0x1a/0x30 </TASK> Modules linked in: mce_inject hwpoison_inject ---[ end trace 0000000000000000 ]--- RIP: 0010:shrink_huge_zero_page_scan+0x168/0x1a0 RSP: 0018:ffff9933c6c57bd0 EFLAGS: 00000246 RAX: 000000000000003e RBX: 0000000000000000 RCX: ffff88f61fc5c9c8 RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff88f61fc5c9c0 RBP: ffffcd7c446b0000 R08: ffffffff9a9405f0 R09: 0000000000005492 R10: 00000000000030ea R11: ffffffff9a9405f0 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88e703c4ac00 FS: 0000000000000000(0000) GS:ffff88f61fc40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055f4da6e9878 CR3: 0000000c71048000 CR4: 00000000000006f0 The root cause is that HWPoison flag will be set for huge_zero_page without increasing the page refcnt. But then unpoison_memory() will decrease the page refcnt unexpectly as it appears like a successfully hwpoisoned page leading to VM_BUG_ON_PAGE(page_ref_count(page) == 0) when releasing huge_zero_page. Fix this issue by marking huge_zero_page reserved. So unpoison_memory() will skip this page. This will make it consistent with ZERO_PAGE case too. Link: https://lkml.kernel.org/r/20240511035435.1477004-1-linmiaohe@huawei.com Fixes: 478d134e9506 ("mm/huge_memory: do not overkill when splitting huge_zero_page") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Xu Yu <xuyu(a)linux.alibaba.com> Cc: Yang Shi <shy828301(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/huge_memory.c | 2 ++ 1 file changed, 2 insertions(+) --- a/mm/huge_memory.c~mm-huge_memory-mark-huge_zero_page-reserved +++ a/mm/huge_memory.c @@ -208,6 +208,7 @@ retry: __free_pages(zero_page, compound_order(zero_page)); goto retry; } + __SetPageReserved(zero_page); WRITE_ONCE(huge_zero_pfn, page_to_pfn(zero_page)); /* We take additional reference here. It will be put back by shrinker */ @@ -260,6 +261,7 @@ static unsigned long shrink_huge_zero_pa struct page *zero_page = xchg(&huge_zero_page, NULL); BUG_ON(zero_page == NULL); WRITE_ONCE(huge_zero_pfn, ~0UL); + __ClearPageReserved(zero_page); __free_pages(zero_page, compound_order(zero_page)); return HPAGE_PMD_NR; } _ Patches currently in -mm which might be from linmiaohe(a)huawei.com are mm-huge_memory-mark-huge_zero_page-reserved.patch

1 year, 4 months

1
0
0 0

[PATCH 6.1.x] btrfs: do not wait for short bulk allocation

by David Sterba

From: Qu Wenruo <wqu(a)suse.com> commit 1db7959aacd905e6487d0478ac01d89f86eb1e51 upstream. [BUG] There is a recent report that when memory pressure is high (including cached pages), btrfs can spend most of its time on memory allocation in btrfs_alloc_page_array() for compressed read/write. [CAUSE] For btrfs_alloc_page_array() we always go alloc_pages_bulk_array(), and even if the bulk allocation failed (fell back to single page allocation) we still retry but with extra memalloc_retry_wait(). If the bulk alloc only returned one page a time, we would spend a lot of time on the retry wait. The behavior was introduced in commit 395cb57e8560 ("btrfs: wait between incomplete batch memory allocations"). [FIX] Although the commit mentioned that other filesystems do the wait, it's not the case at least nowadays. All the mainlined filesystems only call memalloc_retry_wait() if they failed to allocate any page (not only for bulk allocation). If there is any progress, they won't call memalloc_retry_wait() at all. For example, xfs_buf_alloc_pages() would only call memalloc_retry_wait() if there is no allocation progress at all, and the call is not for metadata readahead. So I don't believe we should call memalloc_retry_wait() unconditionally for short allocation. Call memalloc_retry_wait() if it fails to allocate any page for tree block allocation (which goes with __GFP_NOFAIL and may not need the special handling anyway), and reduce the latency for btrfs_alloc_page_array(). Reported-by: Julian Taylor <julian.taylor(a)1und1.de> Tested-by: Julian Taylor <julian.taylor(a)1und1.de> Link: https://lore.kernel.org/all/8966c095-cbe7-4d22-9784-a647d1bf27c3@1und1.de/ Fixes: 395cb57e8560 ("btrfs: wait between incomplete batch memory allocations") CC: stable(a)vger.kernel.org # 6.1+ Reviewed-by: Sweet Tea Dorminy <sweettea-kernel(a)dorminy.me> Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: Qu Wenruo <wqu(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> --- fs/btrfs/extent_io.c | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c index 539bc9bdcb93..5f923c9b773e 100644 --- a/fs/btrfs/extent_io.c +++ b/fs/btrfs/extent_io.c @@ -1324,19 +1324,14 @@ int btrfs_alloc_page_array(unsigned int nr_pages, struct page **page_array) unsigned int last = allocated; allocated = alloc_pages_bulk_array(GFP_NOFS, nr_pages, page_array); - - if (allocated == nr_pages) - return 0; - - /* - * During this iteration, no page could be allocated, even - * though alloc_pages_bulk_array() falls back to alloc_page() - * if it could not bulk-allocate. So we must be out of memory. - */ - if (allocated == last) + if (unlikely(allocated == last)) { + /* No progress, fail and do cleanup. */ + for (int i = 0; i < allocated; i++) { + __free_page(page_array[i]); + page_array[i] = NULL; + } return -ENOMEM; - - memalloc_retry_wait(GFP_NOFS); + } } return 0; } -- 2.45.0

1 year, 4 months

1
0
0 0

[for-next][PATCH 7/7] eventfs: Fix a possible null pointer dereference in eventfs_find_events()

by Steven Rostedt

From: Hao Ge <gehao(a)kylinos.cn> In function eventfs_find_events,there is a potential null pointer that may be caused by calling update_events_attr which will perform some operations on the members of the ei struct when ei is NULL. Hence,When ei->is_freed is set,return NULL directly. Link: https://lore.kernel.org/linux-trace-kernel/20240513053338.63017-1-hao.ge@li… Cc: stable(a)vger.kernel.org Fixes: 8186fff7ab64 ("tracefs/eventfs: Use root and instance inodes as default ownership") Signed-off-by: Hao Ge <gehao(a)kylinos.cn> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- fs/tracefs/event_inode.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index a878cea70f4c..0256afdd4acf 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -345,10 +345,9 @@ static struct eventfs_inode *eventfs_find_events(struct dentry *dentry) * If the ei is being freed, the ownership of the children * doesn't matter. */ - if (ei->is_freed) { - ei = NULL; - break; - } + if (ei->is_freed) + return NULL; + // Walk upwards until you find the events inode } while (!ei->is_events); -- 2.43.0

1 year, 4 months

1
0
0 0

[for-next][PATCH 6/7] ftrace: Fix possible use-after-free issue in ftrace_location()

by Steven Rostedt

From: Zheng Yejian <zhengyejian1(a)huawei.com> KASAN reports a bug: BUG: KASAN: use-after-free in ftrace_location+0x90/0x120 Read of size 8 at addr ffff888141d40010 by task insmod/424 CPU: 8 PID: 424 Comm: insmod Tainted: G W 6.9.0-rc2+ [...] Call Trace: <TASK> dump_stack_lvl+0x68/0xa0 print_report+0xcf/0x610 kasan_report+0xb5/0xe0 ftrace_location+0x90/0x120 register_kprobe+0x14b/0xa40 kprobe_init+0x2d/0xff0 [kprobe_example] do_one_initcall+0x8f/0x2d0 do_init_module+0x13a/0x3c0 load_module+0x3082/0x33d0 init_module_from_file+0xd2/0x130 __x64_sys_finit_module+0x306/0x440 do_syscall_64+0x68/0x140 entry_SYSCALL_64_after_hwframe+0x71/0x79 The root cause is that, in lookup_rec(), ftrace record of some address is being searched in ftrace pages of some module, but those ftrace pages at the same time is being freed in ftrace_release_mod() as the corresponding module is being deleted: CPU1 | CPU2 register_kprobes() { | delete_module() { check_kprobe_address_safe() { | arch_check_ftrace_location() { | ftrace_location() { | lookup_rec() // USE! | ftrace_release_mod() // Free! To fix this issue: 1. Hold rcu lock as accessing ftrace pages in ftrace_location_range(); 2. Use ftrace_location_range() instead of lookup_rec() in ftrace_location(); 3. Call synchronize_rcu() before freeing any ftrace pages both in ftrace_process_locs()/ftrace_release_mod()/ftrace_free_mem(). Link: https://lore.kernel.org/linux-trace-kernel/20240509192859.1273558-1-zhengye… Cc: stable(a)vger.kernel.org Cc: <mhiramat(a)kernel.org> Cc: <mark.rutland(a)arm.com> Cc: <mathieu.desnoyers(a)efficios.com> Fixes: ae6aa16fdc16 ("kprobes: introduce ftrace based optimization") Suggested-by: Steven Rostedt <rostedt(a)goodmis.org> Signed-off-by: Zheng Yejian <zhengyejian1(a)huawei.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/ftrace.c | 39 +++++++++++++++++++++++---------------- 1 file changed, 23 insertions(+), 16 deletions(-) diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c index 5a01d72f66db..2308c0a2fd29 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c @@ -1595,12 +1595,15 @@ static struct dyn_ftrace *lookup_rec(unsigned long start, unsigned long end) unsigned long ftrace_location_range(unsigned long start, unsigned long end) { struct dyn_ftrace *rec; + unsigned long ip = 0; + rcu_read_lock(); rec = lookup_rec(start, end); if (rec) - return rec->ip; + ip = rec->ip; + rcu_read_unlock(); - return 0; + return ip; } /** @@ -1614,25 +1617,22 @@ unsigned long ftrace_location_range(unsigned long start, unsigned long end) */ unsigned long ftrace_location(unsigned long ip) { - struct dyn_ftrace *rec; + unsigned long loc; unsigned long offset; unsigned long size; - rec = lookup_rec(ip, ip); - if (!rec) { + loc = ftrace_location_range(ip, ip); + if (!loc) { if (!kallsyms_lookup_size_offset(ip, &size, &offset)) goto out; /* map sym+0 to __fentry__ */ if (!offset) - rec = lookup_rec(ip, ip + size - 1); + loc = ftrace_location_range(ip, ip + size - 1); } - if (rec) - return rec->ip; - out: - return 0; + return loc; } /** @@ -6591,6 +6591,8 @@ static int ftrace_process_locs(struct module *mod, /* We should have used all pages unless we skipped some */ if (pg_unuse) { WARN_ON(!skipped); + /* Need to synchronize with ftrace_location_range() */ + synchronize_rcu(); ftrace_free_pages(pg_unuse); } return ret; @@ -6804,6 +6806,9 @@ void ftrace_release_mod(struct module *mod) out_unlock: mutex_unlock(&ftrace_lock); + /* Need to synchronize with ftrace_location_range() */ + if (tmp_page) + synchronize_rcu(); for (pg = tmp_page; pg; pg = tmp_page) { /* Needs to be called outside of ftrace_lock */ @@ -7137,6 +7142,7 @@ void ftrace_free_mem(struct module *mod, void *start_ptr, void *end_ptr) unsigned long start = (unsigned long)(start_ptr); unsigned long end = (unsigned long)(end_ptr); struct ftrace_page **last_pg = &ftrace_pages_start; + struct ftrace_page *tmp_page = NULL; struct ftrace_page *pg; struct dyn_ftrace *rec; struct dyn_ftrace key; @@ -7178,12 +7184,8 @@ void ftrace_free_mem(struct module *mod, void *start_ptr, void *end_ptr) ftrace_update_tot_cnt--; if (!pg->index) { *last_pg = pg->next; - if (pg->records) { - free_pages((unsigned long)pg->records, pg->order); - ftrace_number_of_pages -= 1 << pg->order; - } - ftrace_number_of_groups--; - kfree(pg); + pg->next = tmp_page; + tmp_page = pg; pg = container_of(last_pg, struct ftrace_page, next); if (!(*last_pg)) ftrace_pages = pg; @@ -7200,6 +7202,11 @@ void ftrace_free_mem(struct module *mod, void *start_ptr, void *end_ptr) clear_func_from_hashes(func); kfree(func); } + /* Need to synchronize with ftrace_location_range() */ + if (tmp_page) { + synchronize_rcu(); + ftrace_free_pages(tmp_page); + } } void __init ftrace_free_init_mem(void) -- 2.43.0

1 year, 4 months

1
0
0 0

[PATCH 1/1] tty: n_tty: Fix buffer offsets when lookahead is used

by Ilpo Järvinen

When lookahead has "consumed" some characters (la_count > 0), n_tty_receive_buf_standard() and n_tty_receive_buf_closing() for characters beyond the la_count are given wrong cp/fp offsets which leads to duplicating and losing some characters. If la_count > 0, correct buffer pointers and make count consistent too (the latter is not strictly necessary to fix the issue but seems more logical to adjust all variables immediately to keep state consistent). Reported-by: Vadym Krevs <vkrevs(a)yahoo.com> Fixes: 6bb6fa6908eb ("tty: Implement lookahead to process XON/XOFF timely") Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218834 Tested-by: Vadym Krevs <vkrevs(a)yahoo.com> Cc: stable(a)vger.kernel.org Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> --- drivers/tty/n_tty.c | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c index f252d0b5a434..5e9ca4376d68 100644 --- a/drivers/tty/n_tty.c +++ b/drivers/tty/n_tty.c @@ -1619,15 +1619,25 @@ static void __receive_buf(struct tty_struct *tty, const u8 *cp, const u8 *fp, else if (ldata->raw || (L_EXTPROC(tty) && !preops)) n_tty_receive_buf_raw(tty, cp, fp, count); else if (tty->closing && !L_EXTPROC(tty)) { - if (la_count > 0) + if (la_count > 0) { n_tty_receive_buf_closing(tty, cp, fp, la_count, true); - if (count > la_count) - n_tty_receive_buf_closing(tty, cp, fp, count - la_count, false); + cp += la_count; + if (fp) + fp += la_count; + count -= la_count; + } + if (count > 0) + n_tty_receive_buf_closing(tty, cp, fp, count, false); } else { - if (la_count > 0) + if (la_count > 0) { n_tty_receive_buf_standard(tty, cp, fp, la_count, true); - if (count > la_count) - n_tty_receive_buf_standard(tty, cp, fp, count - la_count, false); + cp += la_count; + if (fp) + fp += la_count; + count -= la_count; + } + if (count > 0) + n_tty_receive_buf_standard(tty, cp, fp, count, false); flush_echoes(tty); if (tty->ops->flush_chars) -- 2.39.2

1 year, 4 months

1
0
0 0

commits for stable 2024-05-11

by Ronnie Sahlberg

Please find attached a report generated by keyword matching commits from upstream that may be suitable for stable and probably as CVEs as well. I exclude commits that are already tagged with CC stable in upstream and also commits already in stable/linux-rolling-stable. I can send these type of reports weekly if you want. I plan to add more keywords to check for. But let's start small. A question about commits that have a Fixes: tag. There are ~2000 of them since v6.8. As these are definitely bugfixes, do you want me to add commits that include a Fixes: tag in future reports/scans? Also let me know if/how I can change the format of the scan so that it is easier for you to parse in your tooling. regards ronnie sahlberg -- Ronnie Sahlberg [Principal Software Engineer, Linux] P 775 384 8203 | E [email] | W ciq.com

1 year, 4 months

2
4
0 0

[PATCH v2 0/3] QCM2290 LMH

by Konrad Dybcio

Wire up LMH on QCM2290 and fix a bad bug while at it. P1-2 for thermal, P3 for qcom Signed-off-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> --- Changes in v2: - Pick up tags - Fix a couple typos in commit messages - Drop stray msm8998 binding addition - Link to v1: https://lore.kernel.org/r/20240308-topic-rb1_lmh-v1-0-50c60ffe1130@linaro.o… --- Konrad Dybcio (2): dt-bindings: thermal: lmh: Add QCM2290 compatible thermal: qcom: lmh: Check for SCM availability at probe Loic Poulain (1): arm64: dts: qcom: qcm2290: Add LMH node Documentation/devicetree/bindings/thermal/qcom-lmh.yaml | 12 ++++++++---- arch/arm64/boot/dts/qcom/qcm2290.dtsi | 14 +++++++++++++- drivers/thermal/qcom/lmh.c | 3 +++ 3 files changed, 24 insertions(+), 5 deletions(-) --- base-commit: 8ffc8b1bbd505e27e2c8439d326b6059c906c9dd change-id: 20240308-topic-rb1_lmh-1e0f440c392a Best regards, -- Konrad Dybcio <konrad.dybcio(a)linaro.org>

1 year, 4 months

6
12
0 0

Bags

by Carrie Pan

1 year, 4 months

1
0
0 0

[PATCH] drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found

by Marek Szyprowski

When reading EDID fails and driver reports no modes available, the DRM core adds an artificial 1024x786 mode to the connector. Unfortunately some variants of the Exynos HDMI (like the one in Exynos4 SoCs) are not able to drive such mode, so report a safe 640x480 mode instead of nothing in case of the EDID reading failure. This fixes the following issue observed on Trats2 board since commit 13d5b040363c ("drm/exynos: do not return negative values from .get_modes()"): [drm] Exynos DRM: using 11c00000.fimd device for DMA mapping operations exynos-drm exynos-drm: bound 11c00000.fimd (ops fimd_component_ops) exynos-drm exynos-drm: bound 12c10000.mixer (ops mixer_component_ops) exynos-dsi 11c80000.dsi: [drm:samsung_dsim_host_attach] Attached s6e8aa0 device (lanes:4 bpp:24 mode-flags:0x10b) exynos-drm exynos-drm: bound 11c80000.dsi (ops exynos_dsi_component_ops) exynos-drm exynos-drm: bound 12d00000.hdmi (ops hdmi_component_ops) [drm] Initialized exynos 1.1.0 20180330 for exynos-drm on minor 1 exynos-hdmi 12d00000.hdmi: [drm:hdmiphy_enable.part.0] *ERROR* PLL could not reach steady state panel-samsung-s6e8aa0 11c80000.dsi.0: ID: 0xa2, 0x20, 0x8c exynos-mixer 12c10000.mixer: timeout waiting for VSYNC ------------[ cut here ]------------ WARNING: CPU: 1 PID: 11 at drivers/gpu/drm/drm_atomic_helper.c:1682 drm_atomic_helper_wait_for_vblanks.part.0+0x2b0/0x2b8 [CRTC:70:crtc-1] vblank wait timed out Modules linked in: CPU: 1 PID: 11 Comm: kworker/u16:0 Not tainted 6.9.0-rc5-next-20240424 #14913 Hardware name: Samsung Exynos (Flattened Device Tree) Workqueue: events_unbound deferred_probe_work_func Call trace: unwind_backtrace from show_stack+0x10/0x14 show_stack from dump_stack_lvl+0x68/0x88 dump_stack_lvl from __warn+0x7c/0x1c4 __warn from warn_slowpath_fmt+0x11c/0x1a8 warn_slowpath_fmt from drm_atomic_helper_wait_for_vblanks.part.0+0x2b0/0x2b8 drm_atomic_helper_wait_for_vblanks.part.0 from drm_atomic_helper_commit_tail_rpm+0x7c/0x8c drm_atomic_helper_commit_tail_rpm from commit_tail+0x9c/0x184 commit_tail from drm_atomic_helper_commit+0x168/0x190 drm_atomic_helper_commit from drm_atomic_commit+0xb4/0xe0 drm_atomic_commit from drm_client_modeset_commit_atomic+0x23c/0x27c drm_client_modeset_commit_atomic from drm_client_modeset_commit_locked+0x60/0x1cc drm_client_modeset_commit_locked from drm_client_modeset_commit+0x24/0x40 drm_client_modeset_commit from __drm_fb_helper_restore_fbdev_mode_unlocked+0x9c/0xc4 __drm_fb_helper_restore_fbdev_mode_unlocked from drm_fb_helper_set_par+0x2c/0x3c drm_fb_helper_set_par from fbcon_init+0x3d8/0x550 fbcon_init from visual_init+0xc0/0x108 visual_init from do_bind_con_driver+0x1b8/0x3a4 do_bind_con_driver from do_take_over_console+0x140/0x1ec do_take_over_console from do_fbcon_takeover+0x70/0xd0 do_fbcon_takeover from fbcon_fb_registered+0x19c/0x1ac fbcon_fb_registered from register_framebuffer+0x190/0x21c register_framebuffer from __drm_fb_helper_initial_config_and_unlock+0x350/0x574 __drm_fb_helper_initial_config_and_unlock from exynos_drm_fbdev_client_hotplug+0x6c/0xb0 exynos_drm_fbdev_client_hotplug from drm_client_register+0x58/0x94 drm_client_register from exynos_drm_bind+0x160/0x190 exynos_drm_bind from try_to_bring_up_aggregate_device+0x200/0x2d8 try_to_bring_up_aggregate_device from __component_add+0xb0/0x170 __component_add from mixer_probe+0x74/0xcc mixer_probe from platform_probe+0x5c/0xb8 platform_probe from really_probe+0xe0/0x3d8 really_probe from __driver_probe_device+0x9c/0x1e4 __driver_probe_device from driver_probe_device+0x30/0xc0 driver_probe_device from __device_attach_driver+0xa8/0x120 __device_attach_driver from bus_for_each_drv+0x80/0xcc bus_for_each_drv from __device_attach+0xac/0x1fc __device_attach from bus_probe_device+0x8c/0x90 bus_probe_device from deferred_probe_work_func+0x98/0xe0 deferred_probe_work_func from process_one_work+0x240/0x6d0 process_one_work from worker_thread+0x1a0/0x3f4 worker_thread from kthread+0x104/0x138 kthread from ret_from_fork+0x14/0x28 Exception stack(0xf0895fb0 to 0xf0895ff8) ... irq event stamp: 82357 hardirqs last enabled at (82363): [<c01a96e8>] vprintk_emit+0x308/0x33c hardirqs last disabled at (82368): [<c01a969c>] vprintk_emit+0x2bc/0x33c softirqs last enabled at (81614): [<c0101644>] __do_softirq+0x320/0x500 softirqs last disabled at (81609): [<c012dfe0>] __irq_exit_rcu+0x130/0x184 ---[ end trace 0000000000000000 ]--- exynos-drm exynos-drm: [drm] *ERROR* flip_done timed out exynos-drm exynos-drm: [drm] *ERROR* [CRTC:70:crtc-1] commit wait timed out exynos-drm exynos-drm: [drm] *ERROR* flip_done timed out exynos-drm exynos-drm: [drm] *ERROR* [CONNECTOR:74:HDMI-A-1] commit wait timed out exynos-drm exynos-drm: [drm] *ERROR* flip_done timed out exynos-drm exynos-drm: [drm] *ERROR* [PLANE:56:plane-5] commit wait timed out exynos-mixer 12c10000.mixer: timeout waiting for VSYNC Cc: stable(a)vger.kernel.org Fixes: 13d5b040363c ("drm/exynos: do not return negative values from .get_modes()") Signed-off-by: Marek Szyprowski <m.szyprowski(a)samsung.com> --- drivers/gpu/drm/exynos/exynos_hdmi.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/exynos/exynos_hdmi.c b/drivers/gpu/drm/exynos/exynos_hdmi.c index 5fdeec8a3875..9d246db6ef2b 100644 --- a/drivers/gpu/drm/exynos/exynos_hdmi.c +++ b/drivers/gpu/drm/exynos/exynos_hdmi.c @@ -887,11 +887,11 @@ static int hdmi_get_modes(struct drm_connector *connector) int ret; if (!hdata->ddc_adpt) - return 0; + goto no_edid; edid = drm_get_edid(connector, hdata->ddc_adpt); if (!edid) - return 0; + goto no_edid; hdata->dvi_mode = !connector->display_info.is_hdmi; DRM_DEV_DEBUG_KMS(hdata->dev, "%s : width[%d] x height[%d]\n", @@ -906,6 +906,9 @@ static int hdmi_get_modes(struct drm_connector *connector) kfree(edid); return ret; + +no_edid: + return drm_add_modes_noedid(connector, 640, 480); } static int hdmi_find_phy_conf(struct hdmi_context *hdata, u32 pixel_clock) -- 2.34.1

1 year, 4 months

2
1
0 0

[PATCH 0/2] Bluetooth: hci_bcm4377 fixes

by Sven Peter via B4 Relay

Hi, There are just two minor fixes from Hector that we've been carrying downstream for a while now. One increases the timeout while waiting for the firmware to boot which is optional for the controller already supported upstream but required for a newer 4388 board for which we'll also submit support soon. It also fixes the units for the timeouts which is why I've already included it here. The other one fixes a call to bitmap_release_region where we only wanted to release a single bit but are actually releasing much more. Best, Sven Signed-off-by: Sven Peter <sven(a)svenpeter.dev> --- Hector Martin (2): Bluetooth: hci_bcm4377: Increase boot timeout Bluetooth: hci_bcm4377: Fix msgid release drivers/bluetooth/hci_bcm4377.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) --- base-commit: cf87f46fd34d6c19283d9625a7822f20d90b64a4 change-id: 20240512-btfix-msgid-d76029a7d917 Best regards, -- Sven Peter <sven(a)svenpeter.dev>

1 year, 4 months

2
2
0 0

[PATCH v2] KEYS: trusted: Do not use WARN when encode fails

by Jarkko Sakkinen

When asn1_encode_sequence() fails, WARN is not the correct solution. 1. asn1_encode_sequence() is not an internal function (located in lib/asn1_encode.c). 2. Location is known, which makes the stack trace useless. 3. Results a crash if panic_on_warn is set. It is also noteworthy that the use of WARN is undocumented, and it should be avoided unless there is a carefully considered rationale to use it. Replace WARN with pr_err, and print the return value instead, which is only useful piece of information. Cc: stable(a)vger.kernel.org # v5.13+ Fixes: f2219745250f ("security: keys: trusted: use ASN.1 TPM2 key format for the blobs") Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- v2: Fix typos in the commit message --- security/keys/trusted-keys/trusted_tpm2.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c index dfeec06301ce..dbdd6a318b8b 100644 --- a/security/keys/trusted-keys/trusted_tpm2.c +++ b/security/keys/trusted-keys/trusted_tpm2.c @@ -38,6 +38,7 @@ static int tpm2_key_encode(struct trusted_key_payload *payload, u8 *end_work = scratch + SCRATCH_SIZE; u8 *priv, *pub; u16 priv_len, pub_len; + int ret; priv_len = get_unaligned_be16(src) + 2; priv = src; @@ -79,8 +80,11 @@ static int tpm2_key_encode(struct trusted_key_payload *payload, work1 = payload->blob; work1 = asn1_encode_sequence(work1, work1 + sizeof(payload->blob), scratch, work - scratch); - if (WARN(IS_ERR(work1), "BUG: ASN.1 encoder failed")) - return PTR_ERR(work1); + if (IS_ERR(work1)) { + ret = PTR_ERR(work1); + pr_err("ASN.1 encode error %d\n", ret); + return ret; + } return work1 - payload->blob; } -- 2.45.0

1 year, 4 months

1
0
0 0

[PATCH] md: fix kmemleak of rdev->serial

by Jeremy Bongio

From: Li Nan <linan122(a)huawei.com> commit 6cf350658736681b9d6b0b6e58c5c76b235bb4c4 upstream. If kobject_add() is fail in bind_rdev_to_array(), 'rdev->serial' will be alloc not be freed, and kmemleak occurs. unreferenced object 0xffff88815a350000 (size 49152): comm "mdadm", pid 789, jiffies 4294716910 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc f773277a): [<0000000058b0a453>] kmemleak_alloc+0x61/0xe0 [<00000000366adf14>] __kmalloc_large_node+0x15e/0x270 [<000000002e82961b>] __kmalloc_node.cold+0x11/0x7f [<00000000f206d60a>] kvmalloc_node+0x74/0x150 [<0000000034bf3363>] rdev_init_serial+0x67/0x170 [<0000000010e08fe9>] mddev_create_serial_pool+0x62/0x220 [<00000000c3837bf0>] bind_rdev_to_array+0x2af/0x630 [<0000000073c28560>] md_add_new_disk+0x400/0x9f0 [<00000000770e30ff>] md_ioctl+0x15bf/0x1c10 [<000000006cfab718>] blkdev_ioctl+0x191/0x3f0 [<0000000085086a11>] vfs_ioctl+0x22/0x60 [<0000000018b656fe>] __x64_sys_ioctl+0xba/0xe0 [<00000000e54e675e>] do_syscall_64+0x71/0x150 [<000000008b0ad622>] entry_SYSCALL_64_after_hwframe+0x6c/0x74 backport change: mddev_destroy_serial_pool third parameter was removed in mainline, where there is no need to suspend within this function anymore. Fixes: 963c555e75b0 ("md: introduce mddev_create/destroy_wb_pool for the change of member device") Signed-off-by: Li Nan <linan122(a)huawei.com> Signed-off-by: Song Liu <song(a)kernel.org> Link: https://lore.kernel.org/r/20240208085556.2412922-1-linan666@huaweicloud.com Change-Id: Icc4960dcaffedc663797e2d8b18a24c23e201932 Signed-off-by: Jeremy Bongio <jbongio(a)google.com> --- drivers/md/md.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/md/md.c b/drivers/md/md.c index 09c7f52156f3f..67ceab4573be4 100644 --- a/drivers/md/md.c +++ b/drivers/md/md.c @@ -2532,6 +2532,7 @@ static int bind_rdev_to_array(struct md_rdev *rdev, struct mddev *mddev) fail: pr_warn("md: failed to register dev-%s for %s\n", b, mdname(mddev)); + mddev_destroy_serial_pool(mddev, rdev, false); return err; } -- 2.45.0.118.g7fe29c98d7-goog

1 year, 4 months

2
2
0 0

[PATCH] md: fix kmemleak of rdev->serial

by Jeremy Bongio

From: Li Nan <linan122(a)huawei.com> If kobject_add() is fail in bind_rdev_to_array(), 'rdev->serial' will be alloc not be freed, and kmemleak occurs. unreferenced object 0xffff88815a350000 (size 49152): comm "mdadm", pid 789, jiffies 4294716910 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc f773277a): [<0000000058b0a453>] kmemleak_alloc+0x61/0xe0 [<00000000366adf14>] __kmalloc_large_node+0x15e/0x270 [<000000002e82961b>] __kmalloc_node.cold+0x11/0x7f [<00000000f206d60a>] kvmalloc_node+0x74/0x150 [<0000000034bf3363>] rdev_init_serial+0x67/0x170 [<0000000010e08fe9>] mddev_create_serial_pool+0x62/0x220 [<00000000c3837bf0>] bind_rdev_to_array+0x2af/0x630 [<0000000073c28560>] md_add_new_disk+0x400/0x9f0 [<00000000770e30ff>] md_ioctl+0x15bf/0x1c10 [<000000006cfab718>] blkdev_ioctl+0x191/0x3f0 [<0000000085086a11>] vfs_ioctl+0x22/0x60 [<0000000018b656fe>] __x64_sys_ioctl+0xba/0xe0 [<00000000e54e675e>] do_syscall_64+0x71/0x150 [<000000008b0ad622>] entry_SYSCALL_64_after_hwframe+0x6c/0x74 Fixes: 963c555e75b0 ("md: introduce mddev_create/destroy_wb_pool for the change of member device") Signed-off-by: Li Nan <linan122(a)huawei.com> Signed-off-by: Song Liu <song(a)kernel.org> Link: https://lore.kernel.org/r/20240208085556.2412922-1-linan666@huaweicloud.com Change-Id: Icc4960dcaffedc663797e2d8b18a24c23e201932 --- drivers/md/md.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/md/md.c b/drivers/md/md.c index 09c7f52156f3f..67ceab4573be4 100644 --- a/drivers/md/md.c +++ b/drivers/md/md.c @@ -2532,6 +2532,7 @@ static int bind_rdev_to_array(struct md_rdev *rdev, struct mddev *mddev) fail: pr_warn("md: failed to register dev-%s for %s\n", b, mdname(mddev)); + mddev_destroy_serial_pool(mddev, rdev, false); return err; } -- 2.45.0.118.g7fe29c98d7-goog

1 year, 4 months

3
3
0 0

Re: [PATCH 5.4.y] ext4: fix bug_on in __es_tree_search

by Guilherme G. Piccoli

CCing the right stable ML address... Apologies! On 11/05/2024 18:10, Guilherme G. Piccoli wrote: > From: Baokun Li <libaokun1(a)huawei.com> > > commit d36f6ed761b53933b0b4126486c10d3da7751e7f upstream. > > Hulk Robot reported a BUG_ON: > ================================================================== > kernel BUG at fs/ext4/extents_status.c:199! > [...] > RIP: 0010:ext4_es_end fs/ext4/extents_status.c:199 [inline] > RIP: 0010:__es_tree_search+0x1e0/0x260 fs/ext4/extents_status.c:217 > [...] > Call Trace: > ext4_es_cache_extent+0x109/0x340 fs/ext4/extents_status.c:766 > ext4_cache_extents+0x239/0x2e0 fs/ext4/extents.c:561 > ext4_find_extent+0x6b7/0xa20 fs/ext4/extents.c:964 > ext4_ext_map_blocks+0x16b/0x4b70 fs/ext4/extents.c:4384 > ext4_map_blocks+0xe26/0x19f0 fs/ext4/inode.c:567 > ext4_getblk+0x320/0x4c0 fs/ext4/inode.c:980 > ext4_bread+0x2d/0x170 fs/ext4/inode.c:1031 > ext4_quota_read+0x248/0x320 fs/ext4/super.c:6257 > v2_read_header+0x78/0x110 fs/quota/quota_v2.c:63 > v2_check_quota_file+0x76/0x230 fs/quota/quota_v2.c:82 > vfs_load_quota_inode+0x5d1/0x1530 fs/quota/dquot.c:2368 > dquot_enable+0x28a/0x330 fs/quota/dquot.c:2490 > ext4_quota_enable fs/ext4/super.c:6137 [inline] > ext4_enable_quotas+0x5d7/0x960 fs/ext4/super.c:6163 > ext4_fill_super+0xa7c9/0xdc00 fs/ext4/super.c:4754 > mount_bdev+0x2e9/0x3b0 fs/super.c:1158 > mount_fs+0x4b/0x1e4 fs/super.c:1261 > [...] > ================================================================== > > Above issue may happen as follows: > ------------------------------------- > ext4_fill_super > ext4_enable_quotas > ext4_quota_enable > ext4_iget > __ext4_iget > ext4_ext_check_inode > ext4_ext_check > __ext4_ext_check > ext4_valid_extent_entries > Check for overlapping extents does't take effect > dquot_enable > vfs_load_quota_inode > v2_check_quota_file > v2_read_header > ext4_quota_read > ext4_bread > ext4_getblk > ext4_map_blocks > ext4_ext_map_blocks > ext4_find_extent > ext4_cache_extents > ext4_es_cache_extent > ext4_es_cache_extent > __es_tree_search > ext4_es_end > BUG_ON(es->es_lblk + es->es_len < es->es_lblk) > > The error ext4 extents is as follows: > 0af3 0300 0400 0000 00000000 extent_header > 00000000 0100 0000 12000000 extent1 > 00000000 0100 0000 18000000 extent2 > 02000000 0400 0000 14000000 extent3 > > In the ext4_valid_extent_entries function, > if prev is 0, no error is returned even if lblock<=prev. > This was intended to skip the check on the first extent, but > in the error image above, prev=0+1-1=0 when checking the second extent, > so even though lblock<=prev, the function does not return an error. > As a result, bug_ON occurs in __es_tree_search and the system panics. > > To solve this problem, we only need to check that: > 1. The lblock of the first extent is not less than 0. > 2. The lblock of the next extent is not less than > the next block of the previous extent. > The same applies to extent_idx. > > Cc: stable(a)kernel.org > Fixes: 5946d089379a ("ext4: check for overlapping extents in ext4_valid_extent_entries()") > Reported-by: Hulk Robot <hulkci(a)huawei.com> > Signed-off-by: Baokun Li <libaokun1(a)huawei.com> > Reviewed-by: Jan Kara <jack(a)suse.cz> > Link: https://lore.kernel.org/r/20220518120816.1541863-1-libaokun1@huawei.com > Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> > Reported-by: syzbot+2a58d88f0fb315c85363(a)syzkaller.appspotmail.com > [gpiccoli: Manual backport due to unrelated missing patches.] > Signed-off-by: Guilherme G. Piccoli <gpiccoli(a)igalia.com> > --- > > > Hey folks, this one should have been backported but due to merge > issues [0], it ended-up not being on 5.4.y . So here is a working version! > Cheers, > > Guilherme > > [0] https://lore.kernel.org/stable/165451751147179@kroah.com/ > > > fs/ext4/extents.c | 10 +++++----- > 1 file changed, 5 insertions(+), 5 deletions(-) > > diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c > index 98e1b1ddb4ec..90b12c7c0f20 100644 > --- a/fs/ext4/extents.c > +++ b/fs/ext4/extents.c > @@ -409,7 +409,7 @@ static int ext4_valid_extent_entries(struct inode *inode, > { > unsigned short entries; > ext4_lblk_t lblock = 0; > - ext4_lblk_t prev = 0; > + ext4_lblk_t cur = 0; > > if (eh->eh_entries == 0) > return 1; > @@ -435,12 +435,12 @@ static int ext4_valid_extent_entries(struct inode *inode, > > /* Check for overlapping extents */ > lblock = le32_to_cpu(ext->ee_block); > - if ((lblock <= prev) && prev) { > + if (lblock < cur) { > pblock = ext4_ext_pblock(ext); > es->s_last_error_block = cpu_to_le64(pblock); > return 0; > } > - prev = lblock + ext4_ext_get_actual_len(ext) - 1; > + cur = lblock + ext4_ext_get_actual_len(ext); > ext++; > entries--; > } > @@ -460,13 +460,13 @@ static int ext4_valid_extent_entries(struct inode *inode, > > /* Check for overlapping index extents */ > lblock = le32_to_cpu(ext_idx->ei_block); > - if ((lblock <= prev) && prev) { > + if (lblock < cur) { > *pblk = ext4_idx_pblock(ext_idx); > return 0; > } > ext_idx++; > entries--; > - prev = lblock; > + cur = lblock + 1; > } > } > return 1;

1 year, 4 months

2
2
0 0

[PATCH] md: fix kmemleak of rdev->serial

by Jeremy Bongio

From: Li Nan <linan122(a)huawei.com> If kobject_add() is fail in bind_rdev_to_array(), 'rdev->serial' will be alloc not be freed, and kmemleak occurs. unreferenced object 0xffff88815a350000 (size 49152): comm "mdadm", pid 789, jiffies 4294716910 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc f773277a): [<0000000058b0a453>] kmemleak_alloc+0x61/0xe0 [<00000000366adf14>] __kmalloc_large_node+0x15e/0x270 [<000000002e82961b>] __kmalloc_node.cold+0x11/0x7f [<00000000f206d60a>] kvmalloc_node+0x74/0x150 [<0000000034bf3363>] rdev_init_serial+0x67/0x170 [<0000000010e08fe9>] mddev_create_serial_pool+0x62/0x220 [<00000000c3837bf0>] bind_rdev_to_array+0x2af/0x630 [<0000000073c28560>] md_add_new_disk+0x400/0x9f0 [<00000000770e30ff>] md_ioctl+0x15bf/0x1c10 [<000000006cfab718>] blkdev_ioctl+0x191/0x3f0 [<0000000085086a11>] vfs_ioctl+0x22/0x60 [<0000000018b656fe>] __x64_sys_ioctl+0xba/0xe0 [<00000000e54e675e>] do_syscall_64+0x71/0x150 [<000000008b0ad622>] entry_SYSCALL_64_after_hwframe+0x6c/0x74 Fixes: 963c555e75b0 ("md: introduce mddev_create/destroy_wb_pool for the change of member device") Signed-off-by: Li Nan <linan122(a)huawei.com> Signed-off-by: Song Liu <song(a)kernel.org> Link: https://lore.kernel.org/r/20240208085556.2412922-1-linan666@huaweicloud.com Change-Id: Icc4960dcaffedc663797e2d8b18a24c23e201932 --- drivers/md/md.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/md/md.c b/drivers/md/md.c index 09c7f52156f3f..67ceab4573be4 100644 --- a/drivers/md/md.c +++ b/drivers/md/md.c @@ -2532,6 +2532,7 @@ static int bind_rdev_to_array(struct md_rdev *rdev, struct mddev *mddev) fail: pr_warn("md: failed to register dev-%s for %s\n", b, mdname(mddev)); + mddev_destroy_serial_pool(mddev, rdev, false); return err; } -- 2.45.0.118.g7fe29c98d7-goog

1 year, 4 months

2
1
0 0

FAILED: patch "[PATCH] ext4: fix bug_on in __es_tree_search" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d36f6ed761b53933b0b4126486c10d3da7751e7f Mon Sep 17 00:00:00 2001 From: Baokun Li <libaokun1(a)huawei.com> Date: Wed, 18 May 2022 20:08:16 +0800 Subject: [PATCH] ext4: fix bug_on in __es_tree_search Hulk Robot reported a BUG_ON: ================================================================== kernel BUG at fs/ext4/extents_status.c:199! [...] RIP: 0010:ext4_es_end fs/ext4/extents_status.c:199 [inline] RIP: 0010:__es_tree_search+0x1e0/0x260 fs/ext4/extents_status.c:217 [...] Call Trace: ext4_es_cache_extent+0x109/0x340 fs/ext4/extents_status.c:766 ext4_cache_extents+0x239/0x2e0 fs/ext4/extents.c:561 ext4_find_extent+0x6b7/0xa20 fs/ext4/extents.c:964 ext4_ext_map_blocks+0x16b/0x4b70 fs/ext4/extents.c:4384 ext4_map_blocks+0xe26/0x19f0 fs/ext4/inode.c:567 ext4_getblk+0x320/0x4c0 fs/ext4/inode.c:980 ext4_bread+0x2d/0x170 fs/ext4/inode.c:1031 ext4_quota_read+0x248/0x320 fs/ext4/super.c:6257 v2_read_header+0x78/0x110 fs/quota/quota_v2.c:63 v2_check_quota_file+0x76/0x230 fs/quota/quota_v2.c:82 vfs_load_quota_inode+0x5d1/0x1530 fs/quota/dquot.c:2368 dquot_enable+0x28a/0x330 fs/quota/dquot.c:2490 ext4_quota_enable fs/ext4/super.c:6137 [inline] ext4_enable_quotas+0x5d7/0x960 fs/ext4/super.c:6163 ext4_fill_super+0xa7c9/0xdc00 fs/ext4/super.c:4754 mount_bdev+0x2e9/0x3b0 fs/super.c:1158 mount_fs+0x4b/0x1e4 fs/super.c:1261 [...] ================================================================== Above issue may happen as follows: ------------------------------------- ext4_fill_super ext4_enable_quotas ext4_quota_enable ext4_iget __ext4_iget ext4_ext_check_inode ext4_ext_check __ext4_ext_check ext4_valid_extent_entries Check for overlapping extents does't take effect dquot_enable vfs_load_quota_inode v2_check_quota_file v2_read_header ext4_quota_read ext4_bread ext4_getblk ext4_map_blocks ext4_ext_map_blocks ext4_find_extent ext4_cache_extents ext4_es_cache_extent ext4_es_cache_extent __es_tree_search ext4_es_end BUG_ON(es->es_lblk + es->es_len < es->es_lblk) The error ext4 extents is as follows: 0af3 0300 0400 0000 00000000 extent_header 00000000 0100 0000 12000000 extent1 00000000 0100 0000 18000000 extent2 02000000 0400 0000 14000000 extent3 In the ext4_valid_extent_entries function, if prev is 0, no error is returned even if lblock<=prev. This was intended to skip the check on the first extent, but in the error image above, prev=0+1-1=0 when checking the second extent, so even though lblock<=prev, the function does not return an error. As a result, bug_ON occurs in __es_tree_search and the system panics. To solve this problem, we only need to check that: 1. The lblock of the first extent is not less than 0. 2. The lblock of the next extent is not less than the next block of the previous extent. The same applies to extent_idx. Cc: stable(a)kernel.org Fixes: 5946d089379a ("ext4: check for overlapping extents in ext4_valid_extent_entries()") Reported-by: Hulk Robot <hulkci(a)huawei.com> Signed-off-by: Baokun Li <libaokun1(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Link: https://lore.kernel.org/r/20220518120816.1541863-1-libaokun1@huawei.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c index 474479ce76e0..c148bb97b527 100644 --- a/fs/ext4/extents.c +++ b/fs/ext4/extents.c @@ -372,7 +372,7 @@ static int ext4_valid_extent_entries(struct inode *inode, { unsigned short entries; ext4_lblk_t lblock = 0; - ext4_lblk_t prev = 0; + ext4_lblk_t cur = 0; if (eh->eh_entries == 0) return 1; @@ -396,11 +396,11 @@ static int ext4_valid_extent_entries(struct inode *inode, /* Check for overlapping extents */ lblock = le32_to_cpu(ext->ee_block); - if ((lblock <= prev) && prev) { + if (lblock < cur) { *pblk = ext4_ext_pblock(ext); return 0; } - prev = lblock + ext4_ext_get_actual_len(ext) - 1; + cur = lblock + ext4_ext_get_actual_len(ext); ext++; entries--; } @@ -420,13 +420,13 @@ static int ext4_valid_extent_entries(struct inode *inode, /* Check for overlapping index extents */ lblock = le32_to_cpu(ext_idx->ei_block); - if ((lblock <= prev) && prev) { + if (lblock < cur) { *pblk = ext4_idx_pblock(ext_idx); return 0; } ext_idx++; entries--; - prev = lblock; + cur = lblock + 1; } } return 1;

1 year, 4 months

2
1
0 0

[PATCH] KEYS: trusted: Do not use WARN when encode fails

by Jarkko Sakkinen

Error on asn1_encode_sequence() is handled with a WARN incorrectly because: 1. asn1_encode_sequence() is not an internal function (located in lib/asn1_encode.c). 2. Location on known, which makes the stack trace useless. 3. Results a crash if panic_on_warn is set. It is also noteworthy that the use of WARN is undocumented, and it should be avoided unless there is carefully considered rationale to use it, which is now non-existent. Replace WARN with pr_err, and print the return value instead, which is only useful piece of information (and was not printed). Cc: stable(a)vger.kernel.org # v5.13+ Fixes: f2219745250f ("security: keys: trusted: use ASN.1 TPM2 key format for the blobs") Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- security/keys/trusted-keys/trusted_tpm2.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c index c8d8fdefbd8d..e31fe53822a1 100644 --- a/security/keys/trusted-keys/trusted_tpm2.c +++ b/security/keys/trusted-keys/trusted_tpm2.c @@ -39,6 +39,7 @@ static int tpm2_key_encode(struct trusted_key_payload *payload, u8 *end_work = scratch + SCRATCH_SIZE; u8 *priv, *pub; u16 priv_len, pub_len; + int ret; priv_len = get_unaligned_be16(src) + 2; priv = src; @@ -80,8 +81,11 @@ static int tpm2_key_encode(struct trusted_key_payload *payload, work1 = payload->blob; work1 = asn1_encode_sequence(work1, work1 + sizeof(payload->blob), scratch, work - scratch); - if (WARN(IS_ERR(work1), "BUG: ASN.1 encoder failed")) - return PTR_ERR(work1); + if (IS_ERR(work1)) { + ret = PTR_ERR(work1); + pr_err("ASN.1 encode error %d\n", ret); + return ret; + } return work1 - payload->blob; } -- 2.45.0

1 year, 4 months

1
0
0 0

Security fix from mainline: CVE-2024-26900: md: fix kmemleak of rdev->serial

by Jeremy Bongio

Please backport this security fix. Subject: CVE-2024-26900: md: fix kmemleak of rdev->serial sha1: 6cf350658736681b9d6b0b6e58c5c76b235bb4c4 Why: This vulnerability exists in LTS kernels. kernel versions to apply: 5.10, 5.15, 6.1, 6.6

1 year, 4 months

2
1
0 0

FAILED: patch "[PATCH] Bluetooth: qca: fix firmware check error path" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 40d442f969fb1e871da6fca73d3f8aef1f888558 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051321-refutable-qualified-fe5c@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 40d442f969fb ("Bluetooth: qca: fix firmware check error path") 2e4edfa1e2bd ("Bluetooth: qca: add missing firmware sanity checks") ecf6b2d95666 ("Bluetooth: btqca: Add support for firmware image with mbn type for WCN6750") d8f97da1b92d ("Bluetooth: hci_qca: Add support for QTI Bluetooth chip wcn6750") b43ca511178e ("Bluetooth: btqca: Don't modify firmware contents in-place") c1a74160eaf1 ("Bluetooth: hci_qca: Add device_may_wakeup support") eaf19b0c47d1 ("Bluetooth: btqca: Enable MSFT extension for Qualcomm WCN399x") c0187b0bd3e9 ("Bluetooth: btqca: Add support to read FW build version for WCN3991 BTSoC") 99719449a4a6 ("Bluetooth: hci_qca: resolve various warnings") 054ec5e94a46 ("Bluetooth: hci_qca: Remove duplicate power off in proto close") 590deccf4c06 ("Bluetooth: hci_qca: Disable SoC debug logging for WCN3991") 37aee136f8c4 ("Bluetooth: hci_qca: allow max-speed to be set for QCA9377 devices") e5d6468fe9d8 ("Bluetooth: hci_qca: Add support for Qualcomm Bluetooth SoC QCA6390") 77131dfec6af ("Bluetooth: hci_qca: Replace devm_gpiod_get() with devm_gpiod_get_optional()") 8a208b24d770 ("Bluetooth: hci_qca: Make bt_en and susclk not mandatory for QCA Rome") b63882549b2b ("Bluetooth: btqca: Fix the NVM baudrate tag offcet for wcn3991") 4f9ed5bd63dc ("Bluetooth: hci_qca: Not send vendor pre-shutdown command for QCA Rome") 66cb70513564 ("Bluetooth: hci_qca: Enable clocks required for BT SOC") ae563183b647 ("Bluetooth: hci_qca: Enable power off/on support during hci down/up for QCA Rome") 5559904ccc08 ("Bluetooth: hci_qca: Add QCA Rome power off support to the qca_power_shutdown()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 40d442f969fb1e871da6fca73d3f8aef1f888558 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Wed, 1 May 2024 08:37:40 +0200 Subject: [PATCH] Bluetooth: qca: fix firmware check error path A recent commit fixed the code that parses the firmware files before downloading them to the controller but introduced a memory leak in case the sanity checks ever fail. Make sure to free the firmware buffer before returning on errors. Fixes: f905ae0be4b7 ("Bluetooth: qca: add missing firmware sanity checks") Cc: stable(a)vger.kernel.org # 4.19 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c index 8d8a664620a3..638074992c82 100644 --- a/drivers/bluetooth/btqca.c +++ b/drivers/bluetooth/btqca.c @@ -605,7 +605,7 @@ static int qca_download_firmware(struct hci_dev *hdev, ret = qca_tlv_check_data(hdev, config, data, size, soc_type); if (ret) - return ret; + goto out; segment = data; remain = size;

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: qca: fix firmware check error path" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 40d442f969fb1e871da6fca73d3f8aef1f888558 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051321-festival-sprint-9288@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 40d442f969fb ("Bluetooth: qca: fix firmware check error path") 2e4edfa1e2bd ("Bluetooth: qca: add missing firmware sanity checks") ecf6b2d95666 ("Bluetooth: btqca: Add support for firmware image with mbn type for WCN6750") d8f97da1b92d ("Bluetooth: hci_qca: Add support for QTI Bluetooth chip wcn6750") b43ca511178e ("Bluetooth: btqca: Don't modify firmware contents in-place") c1a74160eaf1 ("Bluetooth: hci_qca: Add device_may_wakeup support") eaf19b0c47d1 ("Bluetooth: btqca: Enable MSFT extension for Qualcomm WCN399x") c0187b0bd3e9 ("Bluetooth: btqca: Add support to read FW build version for WCN3991 BTSoC") 99719449a4a6 ("Bluetooth: hci_qca: resolve various warnings") 054ec5e94a46 ("Bluetooth: hci_qca: Remove duplicate power off in proto close") 590deccf4c06 ("Bluetooth: hci_qca: Disable SoC debug logging for WCN3991") 37aee136f8c4 ("Bluetooth: hci_qca: allow max-speed to be set for QCA9377 devices") e5d6468fe9d8 ("Bluetooth: hci_qca: Add support for Qualcomm Bluetooth SoC QCA6390") 77131dfec6af ("Bluetooth: hci_qca: Replace devm_gpiod_get() with devm_gpiod_get_optional()") 8a208b24d770 ("Bluetooth: hci_qca: Make bt_en and susclk not mandatory for QCA Rome") b63882549b2b ("Bluetooth: btqca: Fix the NVM baudrate tag offcet for wcn3991") 4f9ed5bd63dc ("Bluetooth: hci_qca: Not send vendor pre-shutdown command for QCA Rome") 66cb70513564 ("Bluetooth: hci_qca: Enable clocks required for BT SOC") ae563183b647 ("Bluetooth: hci_qca: Enable power off/on support during hci down/up for QCA Rome") 5559904ccc08 ("Bluetooth: hci_qca: Add QCA Rome power off support to the qca_power_shutdown()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 40d442f969fb1e871da6fca73d3f8aef1f888558 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Wed, 1 May 2024 08:37:40 +0200 Subject: [PATCH] Bluetooth: qca: fix firmware check error path A recent commit fixed the code that parses the firmware files before downloading them to the controller but introduced a memory leak in case the sanity checks ever fail. Make sure to free the firmware buffer before returning on errors. Fixes: f905ae0be4b7 ("Bluetooth: qca: add missing firmware sanity checks") Cc: stable(a)vger.kernel.org # 4.19 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c index 8d8a664620a3..638074992c82 100644 --- a/drivers/bluetooth/btqca.c +++ b/drivers/bluetooth/btqca.c @@ -605,7 +605,7 @@ static int qca_download_firmware(struct hci_dev *hdev, ret = qca_tlv_check_data(hdev, config, data, size, soc_type); if (ret) - return ret; + goto out; segment = data; remain = size;

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: qca: fix firmware check error path" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 40d442f969fb1e871da6fca73d3f8aef1f888558 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051320-majority-visiting-2bf1@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 40d442f969fb ("Bluetooth: qca: fix firmware check error path") 2e4edfa1e2bd ("Bluetooth: qca: add missing firmware sanity checks") ecf6b2d95666 ("Bluetooth: btqca: Add support for firmware image with mbn type for WCN6750") d8f97da1b92d ("Bluetooth: hci_qca: Add support for QTI Bluetooth chip wcn6750") b43ca511178e ("Bluetooth: btqca: Don't modify firmware contents in-place") c1a74160eaf1 ("Bluetooth: hci_qca: Add device_may_wakeup support") eaf19b0c47d1 ("Bluetooth: btqca: Enable MSFT extension for Qualcomm WCN399x") c0187b0bd3e9 ("Bluetooth: btqca: Add support to read FW build version for WCN3991 BTSoC") 99719449a4a6 ("Bluetooth: hci_qca: resolve various warnings") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 40d442f969fb1e871da6fca73d3f8aef1f888558 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Wed, 1 May 2024 08:37:40 +0200 Subject: [PATCH] Bluetooth: qca: fix firmware check error path A recent commit fixed the code that parses the firmware files before downloading them to the controller but introduced a memory leak in case the sanity checks ever fail. Make sure to free the firmware buffer before returning on errors. Fixes: f905ae0be4b7 ("Bluetooth: qca: add missing firmware sanity checks") Cc: stable(a)vger.kernel.org # 4.19 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c index 8d8a664620a3..638074992c82 100644 --- a/drivers/bluetooth/btqca.c +++ b/drivers/bluetooth/btqca.c @@ -605,7 +605,7 @@ static int qca_download_firmware(struct hci_dev *hdev, ret = qca_tlv_check_data(hdev, config, data, size, soc_type); if (ret) - return ret; + goto out; segment = data; remain = size;

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: qca: fix info leak when fetching fw build id" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x cda0d6a198e2a7ec6f176c36173a57bdd8af7af2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051300-commute-overall-7fed@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: cda0d6a198e2 ("Bluetooth: qca: fix info leak when fetching fw build id") a7f8dedb4be2 ("Bluetooth: qca: add support for QCA2066") 691d54d0f7cb ("Bluetooth: qca: use switch case for soc type behavior") f904feefe60c ("Bluetooth: btqca: Add WCN3988 support") 8153b738bc54 ("Bluetooth: btqca: use le32_to_cpu for ver.soc_id") 095327fede00 ("Bluetooth: hci_qca: Add support for QTI Bluetooth chip wcn6855") 44fac8a2fd2f ("Bluetooth: hci_qca: mark OF related data as maybe unused") 6845667146a2 ("Bluetooth: hci_qca: Fix NULL vs IS_ERR_OR_NULL check in qca_serdev_probe") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cda0d6a198e2a7ec6f176c36173a57bdd8af7af2 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Wed, 1 May 2024 14:34:52 +0200 Subject: [PATCH] Bluetooth: qca: fix info leak when fetching fw build id Add the missing sanity checks and move the 255-byte build-id buffer off the stack to avoid leaking stack data through debugfs in case the build-info reply is malformed. Fixes: c0187b0bd3e9 ("Bluetooth: btqca: Add support to read FW build version for WCN3991 BTSoC") Cc: stable(a)vger.kernel.org # 5.12 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c index c6b2dd4d1716..664db524b1dd 100644 --- a/drivers/bluetooth/btqca.c +++ b/drivers/bluetooth/btqca.c @@ -99,7 +99,8 @@ static int qca_read_fw_build_info(struct hci_dev *hdev) { struct sk_buff *skb; struct edl_event_hdr *edl; - char cmd, build_label[QCA_FW_BUILD_VER_LEN]; + char *build_label; + char cmd; int build_lbl_len, err = 0; bt_dev_dbg(hdev, "QCA read fw build info"); @@ -114,6 +115,11 @@ static int qca_read_fw_build_info(struct hci_dev *hdev) return err; } + if (skb->len < sizeof(*edl)) { + err = -EILSEQ; + goto out; + } + edl = (struct edl_event_hdr *)(skb->data); if (!edl) { bt_dev_err(hdev, "QCA read fw build info with no header"); @@ -129,14 +135,25 @@ static int qca_read_fw_build_info(struct hci_dev *hdev) goto out; } - build_lbl_len = edl->data[0]; - if (build_lbl_len <= QCA_FW_BUILD_VER_LEN - 1) { - memcpy(build_label, edl->data + 1, build_lbl_len); - *(build_label + build_lbl_len) = '\0'; + if (skb->len < sizeof(*edl) + 1) { + err = -EILSEQ; + goto out; } + build_lbl_len = edl->data[0]; + + if (skb->len < sizeof(*edl) + 1 + build_lbl_len) { + err = -EILSEQ; + goto out; + } + + build_label = kstrndup(&edl->data[1], build_lbl_len, GFP_KERNEL); + if (!build_label) + goto out; + hci_set_fw_info(hdev, "%s", build_label); + kfree(build_label); out: kfree_skb(skb); return err; diff --git a/drivers/bluetooth/btqca.h b/drivers/bluetooth/btqca.h index 49ad668d0d0b..215433fd76a1 100644 --- a/drivers/bluetooth/btqca.h +++ b/drivers/bluetooth/btqca.h @@ -48,7 +48,6 @@ #define get_soc_ver(soc_id, rom_ver) \ ((le32_to_cpu(soc_id) << 16) | (le16_to_cpu(rom_ver))) -#define QCA_FW_BUILD_VER_LEN 255 #define QCA_HSP_GF_SOC_ID 0x1200 #define QCA_HSP_GF_SOC_MASK 0x0000ff00

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: qca: fix NVM configuration parsing" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x a112d3c72a227f2edbb6d8094472cc6e503e52af # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051301-untwist-vertical-ba65@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: a112d3c72a22 ("Bluetooth: qca: fix NVM configuration parsing") 2e4edfa1e2bd ("Bluetooth: qca: add missing firmware sanity checks") ecf6b2d95666 ("Bluetooth: btqca: Add support for firmware image with mbn type for WCN6750") d8f97da1b92d ("Bluetooth: hci_qca: Add support for QTI Bluetooth chip wcn6750") b43ca511178e ("Bluetooth: btqca: Don't modify firmware contents in-place") c1a74160eaf1 ("Bluetooth: hci_qca: Add device_may_wakeup support") eaf19b0c47d1 ("Bluetooth: btqca: Enable MSFT extension for Qualcomm WCN399x") c0187b0bd3e9 ("Bluetooth: btqca: Add support to read FW build version for WCN3991 BTSoC") 99719449a4a6 ("Bluetooth: hci_qca: resolve various warnings") 054ec5e94a46 ("Bluetooth: hci_qca: Remove duplicate power off in proto close") 590deccf4c06 ("Bluetooth: hci_qca: Disable SoC debug logging for WCN3991") 37aee136f8c4 ("Bluetooth: hci_qca: allow max-speed to be set for QCA9377 devices") e5d6468fe9d8 ("Bluetooth: hci_qca: Add support for Qualcomm Bluetooth SoC QCA6390") 77131dfec6af ("Bluetooth: hci_qca: Replace devm_gpiod_get() with devm_gpiod_get_optional()") 8a208b24d770 ("Bluetooth: hci_qca: Make bt_en and susclk not mandatory for QCA Rome") b63882549b2b ("Bluetooth: btqca: Fix the NVM baudrate tag offcet for wcn3991") 4f9ed5bd63dc ("Bluetooth: hci_qca: Not send vendor pre-shutdown command for QCA Rome") 66cb70513564 ("Bluetooth: hci_qca: Enable clocks required for BT SOC") ae563183b647 ("Bluetooth: hci_qca: Enable power off/on support during hci down/up for QCA Rome") 5559904ccc08 ("Bluetooth: hci_qca: Add QCA Rome power off support to the qca_power_shutdown()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a112d3c72a227f2edbb6d8094472cc6e503e52af Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Tue, 30 Apr 2024 19:07:40 +0200 Subject: [PATCH] Bluetooth: qca: fix NVM configuration parsing The NVM configuration files used by WCN3988 and WCN3990/1/8 have two sets of configuration tags that are enclosed by a type-length header of type four which the current parser fails to account for. Instead the driver happily parses random data as if it were valid tags, something which can lead to the configuration data being corrupted if it ever encounters the words 0x0011 or 0x001b. As is clear from commit b63882549b2b ("Bluetooth: btqca: Fix the NVM baudrate tag offcet for wcn3991") the intention has always been to process the configuration data also for WCN3991 and WCN3998 which encodes the baud rate at a different offset. Fix the parser so that it can handle the WCN3xxx configuration files, which has an enclosing type-length header of type four and two sets of TLV tags enclosed by a type-length header of type two and three, respectively. Note that only the first set, which contains the tags the driver is currently looking for, will be parsed for now. With the parser fixed, the software in-band sleep bit will now be set for WCN3991 and WCN3998 (as it is for later controllers) and the default baud rate 3200000 may be updated by the driver also for WCN3xxx controllers. Notably the deep-sleep feature bit is already set by default in all configuration files in linux-firmware. Fixes: 4219d4686875 ("Bluetooth: btqca: Add wcn3990 firmware download support.") Cc: stable(a)vger.kernel.org # 4.19 Cc: Matthias Kaehlcke <mka(a)chromium.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c index 6743b0a79d7a..f6c9f89a6311 100644 --- a/drivers/bluetooth/btqca.c +++ b/drivers/bluetooth/btqca.c @@ -281,6 +281,7 @@ static int qca_tlv_check_data(struct hci_dev *hdev, struct tlv_type_patch *tlv_patch; struct tlv_type_nvm *tlv_nvm; uint8_t nvm_baud_rate = config->user_baud_rate; + u8 type; config->dnld_mode = QCA_SKIP_EVT_NONE; config->dnld_type = QCA_SKIP_EVT_NONE; @@ -346,11 +347,30 @@ static int qca_tlv_check_data(struct hci_dev *hdev, tlv = (struct tlv_type_hdr *)fw_data; type_len = le32_to_cpu(tlv->type_len); - length = (type_len >> 8) & 0x00ffffff; + length = type_len >> 8; + type = type_len & 0xff; - BT_DBG("TLV Type\t\t : 0x%x", type_len & 0x000000ff); + /* Some NVM files have more than one set of tags, only parse + * the first set when it has type 2 for now. When there is + * more than one set there is an enclosing header of type 4. + */ + if (type == 4) { + if (fw_size < 2 * sizeof(struct tlv_type_hdr)) + return -EINVAL; + + tlv++; + + type_len = le32_to_cpu(tlv->type_len); + length = type_len >> 8; + type = type_len & 0xff; + } + + BT_DBG("TLV Type\t\t : 0x%x", type); BT_DBG("Length\t\t : %d bytes", length); + if (type != 2) + break; + if (fw_size < length + (tlv->data - fw_data)) return -EINVAL;

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: qca: fix NVM configuration parsing" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x a112d3c72a227f2edbb6d8094472cc6e503e52af # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051359-refueling-alienable-65c1@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: a112d3c72a22 ("Bluetooth: qca: fix NVM configuration parsing") 2e4edfa1e2bd ("Bluetooth: qca: add missing firmware sanity checks") ecf6b2d95666 ("Bluetooth: btqca: Add support for firmware image with mbn type for WCN6750") d8f97da1b92d ("Bluetooth: hci_qca: Add support for QTI Bluetooth chip wcn6750") b43ca511178e ("Bluetooth: btqca: Don't modify firmware contents in-place") c1a74160eaf1 ("Bluetooth: hci_qca: Add device_may_wakeup support") eaf19b0c47d1 ("Bluetooth: btqca: Enable MSFT extension for Qualcomm WCN399x") c0187b0bd3e9 ("Bluetooth: btqca: Add support to read FW build version for WCN3991 BTSoC") 99719449a4a6 ("Bluetooth: hci_qca: resolve various warnings") 054ec5e94a46 ("Bluetooth: hci_qca: Remove duplicate power off in proto close") 590deccf4c06 ("Bluetooth: hci_qca: Disable SoC debug logging for WCN3991") 37aee136f8c4 ("Bluetooth: hci_qca: allow max-speed to be set for QCA9377 devices") e5d6468fe9d8 ("Bluetooth: hci_qca: Add support for Qualcomm Bluetooth SoC QCA6390") 77131dfec6af ("Bluetooth: hci_qca: Replace devm_gpiod_get() with devm_gpiod_get_optional()") 8a208b24d770 ("Bluetooth: hci_qca: Make bt_en and susclk not mandatory for QCA Rome") b63882549b2b ("Bluetooth: btqca: Fix the NVM baudrate tag offcet for wcn3991") 4f9ed5bd63dc ("Bluetooth: hci_qca: Not send vendor pre-shutdown command for QCA Rome") 66cb70513564 ("Bluetooth: hci_qca: Enable clocks required for BT SOC") ae563183b647 ("Bluetooth: hci_qca: Enable power off/on support during hci down/up for QCA Rome") 5559904ccc08 ("Bluetooth: hci_qca: Add QCA Rome power off support to the qca_power_shutdown()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a112d3c72a227f2edbb6d8094472cc6e503e52af Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Tue, 30 Apr 2024 19:07:40 +0200 Subject: [PATCH] Bluetooth: qca: fix NVM configuration parsing The NVM configuration files used by WCN3988 and WCN3990/1/8 have two sets of configuration tags that are enclosed by a type-length header of type four which the current parser fails to account for. Instead the driver happily parses random data as if it were valid tags, something which can lead to the configuration data being corrupted if it ever encounters the words 0x0011 or 0x001b. As is clear from commit b63882549b2b ("Bluetooth: btqca: Fix the NVM baudrate tag offcet for wcn3991") the intention has always been to process the configuration data also for WCN3991 and WCN3998 which encodes the baud rate at a different offset. Fix the parser so that it can handle the WCN3xxx configuration files, which has an enclosing type-length header of type four and two sets of TLV tags enclosed by a type-length header of type two and three, respectively. Note that only the first set, which contains the tags the driver is currently looking for, will be parsed for now. With the parser fixed, the software in-band sleep bit will now be set for WCN3991 and WCN3998 (as it is for later controllers) and the default baud rate 3200000 may be updated by the driver also for WCN3xxx controllers. Notably the deep-sleep feature bit is already set by default in all configuration files in linux-firmware. Fixes: 4219d4686875 ("Bluetooth: btqca: Add wcn3990 firmware download support.") Cc: stable(a)vger.kernel.org # 4.19 Cc: Matthias Kaehlcke <mka(a)chromium.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c index 6743b0a79d7a..f6c9f89a6311 100644 --- a/drivers/bluetooth/btqca.c +++ b/drivers/bluetooth/btqca.c @@ -281,6 +281,7 @@ static int qca_tlv_check_data(struct hci_dev *hdev, struct tlv_type_patch *tlv_patch; struct tlv_type_nvm *tlv_nvm; uint8_t nvm_baud_rate = config->user_baud_rate; + u8 type; config->dnld_mode = QCA_SKIP_EVT_NONE; config->dnld_type = QCA_SKIP_EVT_NONE; @@ -346,11 +347,30 @@ static int qca_tlv_check_data(struct hci_dev *hdev, tlv = (struct tlv_type_hdr *)fw_data; type_len = le32_to_cpu(tlv->type_len); - length = (type_len >> 8) & 0x00ffffff; + length = type_len >> 8; + type = type_len & 0xff; - BT_DBG("TLV Type\t\t : 0x%x", type_len & 0x000000ff); + /* Some NVM files have more than one set of tags, only parse + * the first set when it has type 2 for now. When there is + * more than one set there is an enclosing header of type 4. + */ + if (type == 4) { + if (fw_size < 2 * sizeof(struct tlv_type_hdr)) + return -EINVAL; + + tlv++; + + type_len = le32_to_cpu(tlv->type_len); + length = type_len >> 8; + type = type_len & 0xff; + } + + BT_DBG("TLV Type\t\t : 0x%x", type); BT_DBG("Length\t\t : %d bytes", length); + if (type != 2) + break; + if (fw_size < length + (tlv->data - fw_data)) return -EINVAL;

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: qca: fix NVM configuration parsing" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x a112d3c72a227f2edbb6d8094472cc6e503e52af # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051358-overplant-spent-f520@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: a112d3c72a22 ("Bluetooth: qca: fix NVM configuration parsing") 2e4edfa1e2bd ("Bluetooth: qca: add missing firmware sanity checks") ecf6b2d95666 ("Bluetooth: btqca: Add support for firmware image with mbn type for WCN6750") d8f97da1b92d ("Bluetooth: hci_qca: Add support for QTI Bluetooth chip wcn6750") b43ca511178e ("Bluetooth: btqca: Don't modify firmware contents in-place") c1a74160eaf1 ("Bluetooth: hci_qca: Add device_may_wakeup support") eaf19b0c47d1 ("Bluetooth: btqca: Enable MSFT extension for Qualcomm WCN399x") c0187b0bd3e9 ("Bluetooth: btqca: Add support to read FW build version for WCN3991 BTSoC") 99719449a4a6 ("Bluetooth: hci_qca: resolve various warnings") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a112d3c72a227f2edbb6d8094472cc6e503e52af Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Tue, 30 Apr 2024 19:07:40 +0200 Subject: [PATCH] Bluetooth: qca: fix NVM configuration parsing The NVM configuration files used by WCN3988 and WCN3990/1/8 have two sets of configuration tags that are enclosed by a type-length header of type four which the current parser fails to account for. Instead the driver happily parses random data as if it were valid tags, something which can lead to the configuration data being corrupted if it ever encounters the words 0x0011 or 0x001b. As is clear from commit b63882549b2b ("Bluetooth: btqca: Fix the NVM baudrate tag offcet for wcn3991") the intention has always been to process the configuration data also for WCN3991 and WCN3998 which encodes the baud rate at a different offset. Fix the parser so that it can handle the WCN3xxx configuration files, which has an enclosing type-length header of type four and two sets of TLV tags enclosed by a type-length header of type two and three, respectively. Note that only the first set, which contains the tags the driver is currently looking for, will be parsed for now. With the parser fixed, the software in-band sleep bit will now be set for WCN3991 and WCN3998 (as it is for later controllers) and the default baud rate 3200000 may be updated by the driver also for WCN3xxx controllers. Notably the deep-sleep feature bit is already set by default in all configuration files in linux-firmware. Fixes: 4219d4686875 ("Bluetooth: btqca: Add wcn3990 firmware download support.") Cc: stable(a)vger.kernel.org # 4.19 Cc: Matthias Kaehlcke <mka(a)chromium.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c index 6743b0a79d7a..f6c9f89a6311 100644 --- a/drivers/bluetooth/btqca.c +++ b/drivers/bluetooth/btqca.c @@ -281,6 +281,7 @@ static int qca_tlv_check_data(struct hci_dev *hdev, struct tlv_type_patch *tlv_patch; struct tlv_type_nvm *tlv_nvm; uint8_t nvm_baud_rate = config->user_baud_rate; + u8 type; config->dnld_mode = QCA_SKIP_EVT_NONE; config->dnld_type = QCA_SKIP_EVT_NONE; @@ -346,11 +347,30 @@ static int qca_tlv_check_data(struct hci_dev *hdev, tlv = (struct tlv_type_hdr *)fw_data; type_len = le32_to_cpu(tlv->type_len); - length = (type_len >> 8) & 0x00ffffff; + length = type_len >> 8; + type = type_len & 0xff; - BT_DBG("TLV Type\t\t : 0x%x", type_len & 0x000000ff); + /* Some NVM files have more than one set of tags, only parse + * the first set when it has type 2 for now. When there is + * more than one set there is an enclosing header of type 4. + */ + if (type == 4) { + if (fw_size < 2 * sizeof(struct tlv_type_hdr)) + return -EINVAL; + + tlv++; + + type_len = le32_to_cpu(tlv->type_len); + length = type_len >> 8; + type = type_len & 0xff; + } + + BT_DBG("TLV Type\t\t : 0x%x", type); BT_DBG("Length\t\t : %d bytes", length); + if (type != 2) + break; + if (fw_size < length + (tlv->data - fw_data)) return -EINVAL;

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: qca: add missing firmware sanity checks" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 2e4edfa1e2bd821a317e7d006517dcf2f3fac68d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051339-establish-mollusk-f612@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 2e4edfa1e2bd ("Bluetooth: qca: add missing firmware sanity checks") ecf6b2d95666 ("Bluetooth: btqca: Add support for firmware image with mbn type for WCN6750") d8f97da1b92d ("Bluetooth: hci_qca: Add support for QTI Bluetooth chip wcn6750") b43ca511178e ("Bluetooth: btqca: Don't modify firmware contents in-place") c1a74160eaf1 ("Bluetooth: hci_qca: Add device_may_wakeup support") eaf19b0c47d1 ("Bluetooth: btqca: Enable MSFT extension for Qualcomm WCN399x") c0187b0bd3e9 ("Bluetooth: btqca: Add support to read FW build version for WCN3991 BTSoC") 99719449a4a6 ("Bluetooth: hci_qca: resolve various warnings") 054ec5e94a46 ("Bluetooth: hci_qca: Remove duplicate power off in proto close") 590deccf4c06 ("Bluetooth: hci_qca: Disable SoC debug logging for WCN3991") 37aee136f8c4 ("Bluetooth: hci_qca: allow max-speed to be set for QCA9377 devices") e5d6468fe9d8 ("Bluetooth: hci_qca: Add support for Qualcomm Bluetooth SoC QCA6390") 77131dfec6af ("Bluetooth: hci_qca: Replace devm_gpiod_get() with devm_gpiod_get_optional()") 8a208b24d770 ("Bluetooth: hci_qca: Make bt_en and susclk not mandatory for QCA Rome") b63882549b2b ("Bluetooth: btqca: Fix the NVM baudrate tag offcet for wcn3991") 4f9ed5bd63dc ("Bluetooth: hci_qca: Not send vendor pre-shutdown command for QCA Rome") 66cb70513564 ("Bluetooth: hci_qca: Enable clocks required for BT SOC") ae563183b647 ("Bluetooth: hci_qca: Enable power off/on support during hci down/up for QCA Rome") 5559904ccc08 ("Bluetooth: hci_qca: Add QCA Rome power off support to the qca_power_shutdown()") 5e6d8401ade9 ("Bluetooth: hci_qca: Add qca_power_on() API to support both wcn399x and Rome power up") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2e4edfa1e2bd821a317e7d006517dcf2f3fac68d Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Tue, 30 Apr 2024 19:07:39 +0200 Subject: [PATCH] Bluetooth: qca: add missing firmware sanity checks Add the missing sanity checks when parsing the firmware files before downloading them to avoid accessing and corrupting memory beyond the vmalloced buffer. Fixes: 83e81961ff7e ("Bluetooth: btqca: Introduce generic QCA ROME support") Cc: stable(a)vger.kernel.org # 4.10 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c index cfa71708397b..6743b0a79d7a 100644 --- a/drivers/bluetooth/btqca.c +++ b/drivers/bluetooth/btqca.c @@ -268,9 +268,10 @@ int qca_send_pre_shutdown_cmd(struct hci_dev *hdev) } EXPORT_SYMBOL_GPL(qca_send_pre_shutdown_cmd); -static void qca_tlv_check_data(struct hci_dev *hdev, +static int qca_tlv_check_data(struct hci_dev *hdev, struct qca_fw_config *config, - u8 *fw_data, enum qca_btsoc_type soc_type) + u8 *fw_data, size_t fw_size, + enum qca_btsoc_type soc_type) { const u8 *data; u32 type_len; @@ -286,6 +287,9 @@ static void qca_tlv_check_data(struct hci_dev *hdev, switch (config->type) { case ELF_TYPE_PATCH: + if (fw_size < 7) + return -EINVAL; + config->dnld_mode = QCA_SKIP_EVT_VSE_CC; config->dnld_type = QCA_SKIP_EVT_VSE_CC; @@ -294,6 +298,9 @@ static void qca_tlv_check_data(struct hci_dev *hdev, bt_dev_dbg(hdev, "File version : 0x%x", fw_data[6]); break; case TLV_TYPE_PATCH: + if (fw_size < sizeof(struct tlv_type_hdr) + sizeof(struct tlv_type_patch)) + return -EINVAL; + tlv = (struct tlv_type_hdr *)fw_data; type_len = le32_to_cpu(tlv->type_len); tlv_patch = (struct tlv_type_patch *)tlv->data; @@ -333,6 +340,9 @@ static void qca_tlv_check_data(struct hci_dev *hdev, break; case TLV_TYPE_NVM: + if (fw_size < sizeof(struct tlv_type_hdr)) + return -EINVAL; + tlv = (struct tlv_type_hdr *)fw_data; type_len = le32_to_cpu(tlv->type_len); @@ -341,17 +351,26 @@ static void qca_tlv_check_data(struct hci_dev *hdev, BT_DBG("TLV Type\t\t : 0x%x", type_len & 0x000000ff); BT_DBG("Length\t\t : %d bytes", length); + if (fw_size < length + (tlv->data - fw_data)) + return -EINVAL; + idx = 0; data = tlv->data; - while (idx < length) { + while (idx < length - sizeof(struct tlv_type_nvm)) { tlv_nvm = (struct tlv_type_nvm *)(data + idx); tag_id = le16_to_cpu(tlv_nvm->tag_id); tag_len = le16_to_cpu(tlv_nvm->tag_len); + if (length < idx + sizeof(struct tlv_type_nvm) + tag_len) + return -EINVAL; + /* Update NVM tags as needed */ switch (tag_id) { case EDL_TAG_ID_HCI: + if (tag_len < 3) + return -EINVAL; + /* HCI transport layer parameters * enabling software inband sleep * onto controller side. @@ -367,6 +386,9 @@ static void qca_tlv_check_data(struct hci_dev *hdev, break; case EDL_TAG_ID_DEEP_SLEEP: + if (tag_len < 1) + return -EINVAL; + /* Sleep enable mask * enabling deep sleep feature on controller. */ @@ -375,14 +397,16 @@ static void qca_tlv_check_data(struct hci_dev *hdev, break; } - idx += (sizeof(u16) + sizeof(u16) + 8 + tag_len); + idx += sizeof(struct tlv_type_nvm) + tag_len; } break; default: BT_ERR("Unknown TLV type %d", config->type); - break; + return -EINVAL; } + + return 0; } static int qca_tlv_send_segment(struct hci_dev *hdev, int seg_size, @@ -532,7 +556,9 @@ static int qca_download_firmware(struct hci_dev *hdev, memcpy(data, fw->data, size); release_firmware(fw); - qca_tlv_check_data(hdev, config, data, soc_type); + ret = qca_tlv_check_data(hdev, config, data, size, soc_type); + if (ret) + return ret; segment = data; remain = size;

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: qca: add missing firmware sanity checks" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 2e4edfa1e2bd821a317e7d006517dcf2f3fac68d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051337-dislocate-sizably-eb10@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 2e4edfa1e2bd ("Bluetooth: qca: add missing firmware sanity checks") ecf6b2d95666 ("Bluetooth: btqca: Add support for firmware image with mbn type for WCN6750") d8f97da1b92d ("Bluetooth: hci_qca: Add support for QTI Bluetooth chip wcn6750") b43ca511178e ("Bluetooth: btqca: Don't modify firmware contents in-place") c1a74160eaf1 ("Bluetooth: hci_qca: Add device_may_wakeup support") eaf19b0c47d1 ("Bluetooth: btqca: Enable MSFT extension for Qualcomm WCN399x") c0187b0bd3e9 ("Bluetooth: btqca: Add support to read FW build version for WCN3991 BTSoC") 99719449a4a6 ("Bluetooth: hci_qca: resolve various warnings") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2e4edfa1e2bd821a317e7d006517dcf2f3fac68d Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Tue, 30 Apr 2024 19:07:39 +0200 Subject: [PATCH] Bluetooth: qca: add missing firmware sanity checks Add the missing sanity checks when parsing the firmware files before downloading them to avoid accessing and corrupting memory beyond the vmalloced buffer. Fixes: 83e81961ff7e ("Bluetooth: btqca: Introduce generic QCA ROME support") Cc: stable(a)vger.kernel.org # 4.10 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c index cfa71708397b..6743b0a79d7a 100644 --- a/drivers/bluetooth/btqca.c +++ b/drivers/bluetooth/btqca.c @@ -268,9 +268,10 @@ int qca_send_pre_shutdown_cmd(struct hci_dev *hdev) } EXPORT_SYMBOL_GPL(qca_send_pre_shutdown_cmd); -static void qca_tlv_check_data(struct hci_dev *hdev, +static int qca_tlv_check_data(struct hci_dev *hdev, struct qca_fw_config *config, - u8 *fw_data, enum qca_btsoc_type soc_type) + u8 *fw_data, size_t fw_size, + enum qca_btsoc_type soc_type) { const u8 *data; u32 type_len; @@ -286,6 +287,9 @@ static void qca_tlv_check_data(struct hci_dev *hdev, switch (config->type) { case ELF_TYPE_PATCH: + if (fw_size < 7) + return -EINVAL; + config->dnld_mode = QCA_SKIP_EVT_VSE_CC; config->dnld_type = QCA_SKIP_EVT_VSE_CC; @@ -294,6 +298,9 @@ static void qca_tlv_check_data(struct hci_dev *hdev, bt_dev_dbg(hdev, "File version : 0x%x", fw_data[6]); break; case TLV_TYPE_PATCH: + if (fw_size < sizeof(struct tlv_type_hdr) + sizeof(struct tlv_type_patch)) + return -EINVAL; + tlv = (struct tlv_type_hdr *)fw_data; type_len = le32_to_cpu(tlv->type_len); tlv_patch = (struct tlv_type_patch *)tlv->data; @@ -333,6 +340,9 @@ static void qca_tlv_check_data(struct hci_dev *hdev, break; case TLV_TYPE_NVM: + if (fw_size < sizeof(struct tlv_type_hdr)) + return -EINVAL; + tlv = (struct tlv_type_hdr *)fw_data; type_len = le32_to_cpu(tlv->type_len); @@ -341,17 +351,26 @@ static void qca_tlv_check_data(struct hci_dev *hdev, BT_DBG("TLV Type\t\t : 0x%x", type_len & 0x000000ff); BT_DBG("Length\t\t : %d bytes", length); + if (fw_size < length + (tlv->data - fw_data)) + return -EINVAL; + idx = 0; data = tlv->data; - while (idx < length) { + while (idx < length - sizeof(struct tlv_type_nvm)) { tlv_nvm = (struct tlv_type_nvm *)(data + idx); tag_id = le16_to_cpu(tlv_nvm->tag_id); tag_len = le16_to_cpu(tlv_nvm->tag_len); + if (length < idx + sizeof(struct tlv_type_nvm) + tag_len) + return -EINVAL; + /* Update NVM tags as needed */ switch (tag_id) { case EDL_TAG_ID_HCI: + if (tag_len < 3) + return -EINVAL; + /* HCI transport layer parameters * enabling software inband sleep * onto controller side. @@ -367,6 +386,9 @@ static void qca_tlv_check_data(struct hci_dev *hdev, break; case EDL_TAG_ID_DEEP_SLEEP: + if (tag_len < 1) + return -EINVAL; + /* Sleep enable mask * enabling deep sleep feature on controller. */ @@ -375,14 +397,16 @@ static void qca_tlv_check_data(struct hci_dev *hdev, break; } - idx += (sizeof(u16) + sizeof(u16) + 8 + tag_len); + idx += sizeof(struct tlv_type_nvm) + tag_len; } break; default: BT_ERR("Unknown TLV type %d", config->type); - break; + return -EINVAL; } + + return 0; } static int qca_tlv_send_segment(struct hci_dev *hdev, int seg_size, @@ -532,7 +556,9 @@ static int qca_download_firmware(struct hci_dev *hdev, memcpy(data, fw->data, size); release_firmware(fw); - qca_tlv_check_data(hdev, config, data, soc_type); + ret = qca_tlv_check_data(hdev, config, data, size, soc_type); + if (ret) + return ret; segment = data; remain = size;

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: qca: add missing firmware sanity checks" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 2e4edfa1e2bd821a317e7d006517dcf2f3fac68d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051338-imitate-encrust-796c@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 2e4edfa1e2bd ("Bluetooth: qca: add missing firmware sanity checks") ecf6b2d95666 ("Bluetooth: btqca: Add support for firmware image with mbn type for WCN6750") d8f97da1b92d ("Bluetooth: hci_qca: Add support for QTI Bluetooth chip wcn6750") b43ca511178e ("Bluetooth: btqca: Don't modify firmware contents in-place") c1a74160eaf1 ("Bluetooth: hci_qca: Add device_may_wakeup support") eaf19b0c47d1 ("Bluetooth: btqca: Enable MSFT extension for Qualcomm WCN399x") c0187b0bd3e9 ("Bluetooth: btqca: Add support to read FW build version for WCN3991 BTSoC") 99719449a4a6 ("Bluetooth: hci_qca: resolve various warnings") 054ec5e94a46 ("Bluetooth: hci_qca: Remove duplicate power off in proto close") 590deccf4c06 ("Bluetooth: hci_qca: Disable SoC debug logging for WCN3991") 37aee136f8c4 ("Bluetooth: hci_qca: allow max-speed to be set for QCA9377 devices") e5d6468fe9d8 ("Bluetooth: hci_qca: Add support for Qualcomm Bluetooth SoC QCA6390") 77131dfec6af ("Bluetooth: hci_qca: Replace devm_gpiod_get() with devm_gpiod_get_optional()") 8a208b24d770 ("Bluetooth: hci_qca: Make bt_en and susclk not mandatory for QCA Rome") b63882549b2b ("Bluetooth: btqca: Fix the NVM baudrate tag offcet for wcn3991") 4f9ed5bd63dc ("Bluetooth: hci_qca: Not send vendor pre-shutdown command for QCA Rome") 66cb70513564 ("Bluetooth: hci_qca: Enable clocks required for BT SOC") ae563183b647 ("Bluetooth: hci_qca: Enable power off/on support during hci down/up for QCA Rome") 5559904ccc08 ("Bluetooth: hci_qca: Add QCA Rome power off support to the qca_power_shutdown()") 5e6d8401ade9 ("Bluetooth: hci_qca: Add qca_power_on() API to support both wcn399x and Rome power up") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2e4edfa1e2bd821a317e7d006517dcf2f3fac68d Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Tue, 30 Apr 2024 19:07:39 +0200 Subject: [PATCH] Bluetooth: qca: add missing firmware sanity checks Add the missing sanity checks when parsing the firmware files before downloading them to avoid accessing and corrupting memory beyond the vmalloced buffer. Fixes: 83e81961ff7e ("Bluetooth: btqca: Introduce generic QCA ROME support") Cc: stable(a)vger.kernel.org # 4.10 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/drivers/bluetooth/btqca.c b/drivers/bluetooth/btqca.c index cfa71708397b..6743b0a79d7a 100644 --- a/drivers/bluetooth/btqca.c +++ b/drivers/bluetooth/btqca.c @@ -268,9 +268,10 @@ int qca_send_pre_shutdown_cmd(struct hci_dev *hdev) } EXPORT_SYMBOL_GPL(qca_send_pre_shutdown_cmd); -static void qca_tlv_check_data(struct hci_dev *hdev, +static int qca_tlv_check_data(struct hci_dev *hdev, struct qca_fw_config *config, - u8 *fw_data, enum qca_btsoc_type soc_type) + u8 *fw_data, size_t fw_size, + enum qca_btsoc_type soc_type) { const u8 *data; u32 type_len; @@ -286,6 +287,9 @@ static void qca_tlv_check_data(struct hci_dev *hdev, switch (config->type) { case ELF_TYPE_PATCH: + if (fw_size < 7) + return -EINVAL; + config->dnld_mode = QCA_SKIP_EVT_VSE_CC; config->dnld_type = QCA_SKIP_EVT_VSE_CC; @@ -294,6 +298,9 @@ static void qca_tlv_check_data(struct hci_dev *hdev, bt_dev_dbg(hdev, "File version : 0x%x", fw_data[6]); break; case TLV_TYPE_PATCH: + if (fw_size < sizeof(struct tlv_type_hdr) + sizeof(struct tlv_type_patch)) + return -EINVAL; + tlv = (struct tlv_type_hdr *)fw_data; type_len = le32_to_cpu(tlv->type_len); tlv_patch = (struct tlv_type_patch *)tlv->data; @@ -333,6 +340,9 @@ static void qca_tlv_check_data(struct hci_dev *hdev, break; case TLV_TYPE_NVM: + if (fw_size < sizeof(struct tlv_type_hdr)) + return -EINVAL; + tlv = (struct tlv_type_hdr *)fw_data; type_len = le32_to_cpu(tlv->type_len); @@ -341,17 +351,26 @@ static void qca_tlv_check_data(struct hci_dev *hdev, BT_DBG("TLV Type\t\t : 0x%x", type_len & 0x000000ff); BT_DBG("Length\t\t : %d bytes", length); + if (fw_size < length + (tlv->data - fw_data)) + return -EINVAL; + idx = 0; data = tlv->data; - while (idx < length) { + while (idx < length - sizeof(struct tlv_type_nvm)) { tlv_nvm = (struct tlv_type_nvm *)(data + idx); tag_id = le16_to_cpu(tlv_nvm->tag_id); tag_len = le16_to_cpu(tlv_nvm->tag_len); + if (length < idx + sizeof(struct tlv_type_nvm) + tag_len) + return -EINVAL; + /* Update NVM tags as needed */ switch (tag_id) { case EDL_TAG_ID_HCI: + if (tag_len < 3) + return -EINVAL; + /* HCI transport layer parameters * enabling software inband sleep * onto controller side. @@ -367,6 +386,9 @@ static void qca_tlv_check_data(struct hci_dev *hdev, break; case EDL_TAG_ID_DEEP_SLEEP: + if (tag_len < 1) + return -EINVAL; + /* Sleep enable mask * enabling deep sleep feature on controller. */ @@ -375,14 +397,16 @@ static void qca_tlv_check_data(struct hci_dev *hdev, break; } - idx += (sizeof(u16) + sizeof(u16) + 8 + tag_len); + idx += sizeof(struct tlv_type_nvm) + tag_len; } break; default: BT_ERR("Unknown TLV type %d", config->type); - break; + return -EINVAL; } + + return 0; } static int qca_tlv_send_segment(struct hci_dev *hdev, int seg_size, @@ -532,7 +556,9 @@ static int qca_download_firmware(struct hci_dev *hdev, memcpy(data, fw->data, size); release_firmware(fw); - qca_tlv_check_data(hdev, config, data, soc_type); + ret = qca_tlv_check_data(hdev, config, data, size, soc_type); + if (ret) + return ret; segment = data; remain = size;

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] mm/userfaultfd: reset ptes when close() for wr-protected ones" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x c88033efe9a391e72ba6b5df4b01d6e628f4e734 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051304-turkey-underfed-40fe@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: c88033efe9a3 ("mm/userfaultfd: reset ptes when close() for wr-protected ones") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c88033efe9a391e72ba6b5df4b01d6e628f4e734 Mon Sep 17 00:00:00 2001 From: Peter Xu <peterx(a)redhat.com> Date: Mon, 22 Apr 2024 09:33:11 -0400 Subject: [PATCH] mm/userfaultfd: reset ptes when close() for wr-protected ones Userfaultfd unregister includes a step to remove wr-protect bits from all the relevant pgtable entries, but that only covered an explicit UFFDIO_UNREGISTER ioctl, not a close() on the userfaultfd itself. Cover that too. This fixes a WARN trace. The only user visible side effect is the user can observe leftover wr-protect bits even if the user close()ed on an userfaultfd when releasing the last reference of it. However hopefully that should be harmless, and nothing bad should happen even if so. This change is now more important after the recent page-table-check patch we merged in mm-unstable (446dd9ad37d0 ("mm/page_table_check: support userfault wr-protect entries")), as we'll do sanity check on uffd-wp bits without vma context. So it's better if we can 100% guarantee no uffd-wp bit leftovers, to make sure each report will be valid. Link: https://lore.kernel.org/all/000000000000ca4df20616a0fe16@google.com/ Fixes: f369b07c8614 ("mm/uffd: reset write protection when unregister with wp-mode") Analyzed-by: David Hildenbrand <david(a)redhat.com> Link: https://lkml.kernel.org/r/20240422133311.2987675-1-peterx@redhat.com Reported-by: syzbot+d8426b591c36b21c750e(a)syzkaller.appspotmail.com Signed-off-by: Peter Xu <peterx(a)redhat.com> Reviewed-by: David Hildenbrand <david(a)redhat.com> Cc: Nadav Amit <nadav.amit(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index 60dcfafdc11a..292f5fd50104 100644 --- a/fs/userfaultfd.c +++ b/fs/userfaultfd.c @@ -895,6 +895,10 @@ static int userfaultfd_release(struct inode *inode, struct file *file) prev = vma; continue; } + /* Reset ptes for the whole vma range if wr-protected */ + if (userfaultfd_wp(vma)) + uffd_wp_range(vma, vma->vm_start, + vma->vm_end - vma->vm_start, false); new_flags = vma->vm_flags & ~__VM_UFFD_FLAGS; vma = vma_modify_flags_uffd(&vmi, prev, vma, vma->vm_start, vma->vm_end, new_flags,

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] eventfs: Have "events" directory get permissions from its" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x d57cf30c4c07837799edec949102b0adf58bae79 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051331-sediment-viewable-33bc@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: d57cf30c4c07 ("eventfs: Have "events" directory get permissions from its parent") d53891d348ac ("eventfs: Do not differentiate the toplevel events directory") c3137ab6318d ("eventfs: Create eventfs_root_inode to store dentry") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d57cf30c4c07837799edec949102b0adf58bae79 Mon Sep 17 00:00:00 2001 From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> Date: Thu, 2 May 2024 16:08:27 -0400 Subject: [PATCH] eventfs: Have "events" directory get permissions from its parent The events directory gets its permissions from the root inode. But this can cause an inconsistency if the instances directory changes its permissions, as the permissions of the created directories under it should inherit the permissions of the instances directory when directories under it are created. Currently the behavior is: # cd /sys/kernel/tracing # chgrp 1002 instances # mkdir instances/foo # ls -l instances/foo [..] -r--r----- 1 root lkp 0 May 1 18:55 buffer_total_size_kb -rw-r----- 1 root lkp 0 May 1 18:55 current_tracer -rw-r----- 1 root lkp 0 May 1 18:55 error_log drwxr-xr-x 1 root root 0 May 1 18:55 events --w------- 1 root lkp 0 May 1 18:55 free_buffer drwxr-x--- 2 root lkp 0 May 1 18:55 options drwxr-x--- 10 root lkp 0 May 1 18:55 per_cpu -rw-r----- 1 root lkp 0 May 1 18:55 set_event All the files and directories under "foo" has the "lkp" group except the "events" directory. That's because its getting its default value from the mount point instead of its parent. Have the "events" directory make its default value based on its parent's permissions. That now gives: # ls -l instances/foo [..] -rw-r----- 1 root lkp 0 May 1 21:16 buffer_subbuf_size_kb -r--r----- 1 root lkp 0 May 1 21:16 buffer_total_size_kb -rw-r----- 1 root lkp 0 May 1 21:16 current_tracer -rw-r----- 1 root lkp 0 May 1 21:16 error_log drwxr-xr-x 1 root lkp 0 May 1 21:16 events --w------- 1 root lkp 0 May 1 21:16 free_buffer drwxr-x--- 2 root lkp 0 May 1 21:16 options drwxr-x--- 10 root lkp 0 May 1 21:16 per_cpu -rw-r----- 1 root lkp 0 May 1 21:16 set_event Link: https://lore.kernel.org/linux-trace-kernel/20240502200906.161887248@goodmis… Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Fixes: 8186fff7ab649 ("tracefs/eventfs: Use root and instance inodes as default ownership") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index 6e08405892ae..a878cea70f4c 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -37,6 +37,7 @@ static DEFINE_MUTEX(eventfs_mutex); struct eventfs_root_inode { struct eventfs_inode ei; + struct inode *parent_inode; struct dentry *events_dir; }; @@ -226,12 +227,23 @@ static int eventfs_set_attr(struct mnt_idmap *idmap, struct dentry *dentry, static void update_events_attr(struct eventfs_inode *ei, struct super_block *sb) { - struct inode *root; + struct eventfs_root_inode *rei; + struct inode *parent; - /* Get the tracefs root inode. */ - root = d_inode(sb->s_root); - ei->attr.uid = root->i_uid; - ei->attr.gid = root->i_gid; + rei = get_root_inode(ei); + + /* Use the parent inode permissions unless root set its permissions */ + parent = rei->parent_inode; + + if (rei->ei.attr.mode & EVENTFS_SAVE_UID) + ei->attr.uid = rei->ei.attr.uid; + else + ei->attr.uid = parent->i_uid; + + if (rei->ei.attr.mode & EVENTFS_SAVE_GID) + ei->attr.gid = rei->ei.attr.gid; + else + ei->attr.gid = parent->i_gid; } static void set_top_events_ownership(struct inode *inode) @@ -817,6 +829,7 @@ struct eventfs_inode *eventfs_create_events_dir(const char *name, struct dentry // Note: we have a ref to the dentry from tracefs_start_creating() rei = get_root_inode(ei); rei->events_dir = dentry; + rei->parent_inode = d_inode(dentry->d_sb->s_root); ei->entries = entries; ei->nr_entries = size; @@ -826,10 +839,15 @@ struct eventfs_inode *eventfs_create_events_dir(const char *name, struct dentry uid = d_inode(dentry->d_parent)->i_uid; gid = d_inode(dentry->d_parent)->i_gid; - /* This is used as the default ownership of the files and directories */ ei->attr.uid = uid; ei->attr.gid = gid; + /* + * When the "events" directory is created, it takes on the + * permissions of its parent. But can be reset on remount. + */ + ei->attr.mode |= EVENTFS_SAVE_UID | EVENTFS_SAVE_GID; + INIT_LIST_HEAD(&ei->children); INIT_LIST_HEAD(&ei->list);

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] eventfs: Have "events" directory get permissions from its" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x d57cf30c4c07837799edec949102b0adf58bae79 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051329-cringing-recast-3368@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: d57cf30c4c07 ("eventfs: Have "events" directory get permissions from its parent") d53891d348ac ("eventfs: Do not differentiate the toplevel events directory") c3137ab6318d ("eventfs: Create eventfs_root_inode to store dentry") 264424dfdd5c ("eventfs: Restructure eventfs_inode structure to be more condensed") 5a49f996046b ("eventfs: Warn if an eventfs_inode is freed without is_freed being set") 43aa6f97c2d0 ("eventfs: Get rid of dentry pointers without refcounts") 408600be78cd ("eventfs: Remove unused d_parent pointer field") 49304c2b93e4 ("tracefs: dentry lookup crapectomy") 99c001cb617d ("tracefs: Avoid using the ei->dentry pointer unnecessarily") 4fa4b010b83f ("eventfs: Initialize the tracefs inode properly") 29142dc92c37 ("tracefs: remove stale 'update_gid' code") 834bf76add3e ("eventfs: Save directory inodes in the eventfs_inode structure") 1057066009c4 ("eventfs: Use kcalloc() instead of kzalloc()") 852e46e239ee ("eventfs: Do not create dentries nor inodes in iterate_shared") 53c41052ba31 ("eventfs: Have the inodes all for files and directories all be the same") 1de94b52d5e8 ("eventfs: Shortcut eventfs_iterate() by skipping entries already read") 704f960dbee2 ("eventfs: Read ei->entries before ei->children in eventfs_iterate()") 1e4624eb5a0e ("eventfs: Do ctx->pos update for all iterations in eventfs_iterate()") e109deadb733 ("eventfs: Have eventfs_iterate() stop immediately if ei->is_freed is set") 8186fff7ab64 ("tracefs/eventfs: Use root and instance inodes as default ownership") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d57cf30c4c07837799edec949102b0adf58bae79 Mon Sep 17 00:00:00 2001 From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> Date: Thu, 2 May 2024 16:08:27 -0400 Subject: [PATCH] eventfs: Have "events" directory get permissions from its parent The events directory gets its permissions from the root inode. But this can cause an inconsistency if the instances directory changes its permissions, as the permissions of the created directories under it should inherit the permissions of the instances directory when directories under it are created. Currently the behavior is: # cd /sys/kernel/tracing # chgrp 1002 instances # mkdir instances/foo # ls -l instances/foo [..] -r--r----- 1 root lkp 0 May 1 18:55 buffer_total_size_kb -rw-r----- 1 root lkp 0 May 1 18:55 current_tracer -rw-r----- 1 root lkp 0 May 1 18:55 error_log drwxr-xr-x 1 root root 0 May 1 18:55 events --w------- 1 root lkp 0 May 1 18:55 free_buffer drwxr-x--- 2 root lkp 0 May 1 18:55 options drwxr-x--- 10 root lkp 0 May 1 18:55 per_cpu -rw-r----- 1 root lkp 0 May 1 18:55 set_event All the files and directories under "foo" has the "lkp" group except the "events" directory. That's because its getting its default value from the mount point instead of its parent. Have the "events" directory make its default value based on its parent's permissions. That now gives: # ls -l instances/foo [..] -rw-r----- 1 root lkp 0 May 1 21:16 buffer_subbuf_size_kb -r--r----- 1 root lkp 0 May 1 21:16 buffer_total_size_kb -rw-r----- 1 root lkp 0 May 1 21:16 current_tracer -rw-r----- 1 root lkp 0 May 1 21:16 error_log drwxr-xr-x 1 root lkp 0 May 1 21:16 events --w------- 1 root lkp 0 May 1 21:16 free_buffer drwxr-x--- 2 root lkp 0 May 1 21:16 options drwxr-x--- 10 root lkp 0 May 1 21:16 per_cpu -rw-r----- 1 root lkp 0 May 1 21:16 set_event Link: https://lore.kernel.org/linux-trace-kernel/20240502200906.161887248@goodmis… Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Fixes: 8186fff7ab649 ("tracefs/eventfs: Use root and instance inodes as default ownership") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index 6e08405892ae..a878cea70f4c 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -37,6 +37,7 @@ static DEFINE_MUTEX(eventfs_mutex); struct eventfs_root_inode { struct eventfs_inode ei; + struct inode *parent_inode; struct dentry *events_dir; }; @@ -226,12 +227,23 @@ static int eventfs_set_attr(struct mnt_idmap *idmap, struct dentry *dentry, static void update_events_attr(struct eventfs_inode *ei, struct super_block *sb) { - struct inode *root; + struct eventfs_root_inode *rei; + struct inode *parent; - /* Get the tracefs root inode. */ - root = d_inode(sb->s_root); - ei->attr.uid = root->i_uid; - ei->attr.gid = root->i_gid; + rei = get_root_inode(ei); + + /* Use the parent inode permissions unless root set its permissions */ + parent = rei->parent_inode; + + if (rei->ei.attr.mode & EVENTFS_SAVE_UID) + ei->attr.uid = rei->ei.attr.uid; + else + ei->attr.uid = parent->i_uid; + + if (rei->ei.attr.mode & EVENTFS_SAVE_GID) + ei->attr.gid = rei->ei.attr.gid; + else + ei->attr.gid = parent->i_gid; } static void set_top_events_ownership(struct inode *inode) @@ -817,6 +829,7 @@ struct eventfs_inode *eventfs_create_events_dir(const char *name, struct dentry // Note: we have a ref to the dentry from tracefs_start_creating() rei = get_root_inode(ei); rei->events_dir = dentry; + rei->parent_inode = d_inode(dentry->d_sb->s_root); ei->entries = entries; ei->nr_entries = size; @@ -826,10 +839,15 @@ struct eventfs_inode *eventfs_create_events_dir(const char *name, struct dentry uid = d_inode(dentry->d_parent)->i_uid; gid = d_inode(dentry->d_parent)->i_gid; - /* This is used as the default ownership of the files and directories */ ei->attr.uid = uid; ei->attr.gid = gid; + /* + * When the "events" directory is created, it takes on the + * permissions of its parent. But can be reset on remount. + */ + ei->attr.mode |= EVENTFS_SAVE_UID | EVENTFS_SAVE_GID; + INIT_LIST_HEAD(&ei->children); INIT_LIST_HEAD(&ei->list);

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] eventfs/tracing: Add callback for release of an eventfs_inode" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x b63db58e2fa5d6963db9c45df88e60060f0ff35f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051325-ranting-skydiver-968e@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: b63db58e2fa5 ("eventfs/tracing: Add callback for release of an eventfs_inode") c3137ab6318d ("eventfs: Create eventfs_root_inode to store dentry") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b63db58e2fa5d6963db9c45df88e60060f0ff35f Mon Sep 17 00:00:00 2001 From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> Date: Thu, 2 May 2024 09:03:15 -0400 Subject: [PATCH] eventfs/tracing: Add callback for release of an eventfs_inode MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Synthetic events create and destroy tracefs files when they are created and removed. The tracing subsystem has its own file descriptor representing the state of the events attached to the tracefs files. There's a race between the eventfs files and this file descriptor of the tracing system where the following can cause an issue: With two scripts 'A' and 'B' doing: Script 'A': echo "hello int aaa" > /sys/kernel/tracing/synthetic_events while : do echo 0 > /sys/kernel/tracing/events/synthetic/hello/enable done Script 'B': echo > /sys/kernel/tracing/synthetic_events Script 'A' creates a synthetic event "hello" and then just writes zero into its enable file. Script 'B' removes all synthetic events (including the newly created "hello" event). What happens is that the opening of the "enable" file has: { struct trace_event_file *file = inode->i_private; int ret; ret = tracing_check_open_get_tr(file->tr); [..] But deleting the events frees the "file" descriptor, and a "use after free" happens with the dereference at "file->tr". The file descriptor does have a reference counter, but there needs to be a way to decrement it from the eventfs when the eventfs_inode is removed that represents this file descriptor. Add an optional "release" callback to the eventfs_entry array structure, that gets called when the eventfs file is about to be removed. This allows for the creating on the eventfs file to increment the tracing file descriptor ref counter. When the eventfs file is deleted, it can call the release function that will call the put function for the tracing file descriptor. This will protect the tracing file from being freed while a eventfs file that references it is being opened. Link: https://lore.kernel.org/linux-trace-kernel/20240426073410.17154-1-Tze-nan.W… Link: https://lore.kernel.org/linux-trace-kernel/20240502090315.448cba46@gandalf.… Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Fixes: 5790b1fb3d672 ("eventfs: Remove eventfs_file and just use eventfs_inode") Reported-by: Tze-nan wu <Tze-nan.Wu(a)mediatek.com> Tested-by: Tze-nan Wu (吳澤南) <Tze-nan.Wu(a)mediatek.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index 894c6ca1e500..f5510e26f0f6 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -84,10 +84,17 @@ enum { static void release_ei(struct kref *ref) { struct eventfs_inode *ei = container_of(ref, struct eventfs_inode, kref); + const struct eventfs_entry *entry; struct eventfs_root_inode *rei; WARN_ON_ONCE(!ei->is_freed); + for (int i = 0; i < ei->nr_entries; i++) { + entry = &ei->entries[i]; + if (entry->release) + entry->release(entry->name, ei->data); + } + kfree(ei->entry_attrs); kfree_const(ei->name); if (ei->is_events) { @@ -112,6 +119,18 @@ static inline void free_ei(struct eventfs_inode *ei) } } +/* + * Called when creation of an ei fails, do not call release() functions. + */ +static inline void cleanup_ei(struct eventfs_inode *ei) +{ + if (ei) { + /* Set nr_entries to 0 to prevent release() function being called */ + ei->nr_entries = 0; + free_ei(ei); + } +} + static inline struct eventfs_inode *get_ei(struct eventfs_inode *ei) { if (ei) @@ -734,7 +753,7 @@ struct eventfs_inode *eventfs_create_dir(const char *name, struct eventfs_inode /* Was the parent freed? */ if (list_empty(&ei->list)) { - free_ei(ei); + cleanup_ei(ei); ei = NULL; } return ei; @@ -835,7 +854,7 @@ struct eventfs_inode *eventfs_create_events_dir(const char *name, struct dentry return ei; fail: - free_ei(ei); + cleanup_ei(ei); tracefs_failed_creating(dentry); return ERR_PTR(-ENOMEM); } diff --git a/include/linux/tracefs.h b/include/linux/tracefs.h index 7a5fe17b6bf9..d03f74658716 100644 --- a/include/linux/tracefs.h +++ b/include/linux/tracefs.h @@ -62,6 +62,8 @@ struct eventfs_file; typedef int (*eventfs_callback)(const char *name, umode_t *mode, void **data, const struct file_operations **fops); +typedef void (*eventfs_release)(const char *name, void *data); + /** * struct eventfs_entry - dynamically created eventfs file call back handler * @name: Then name of the dynamic file in an eventfs directory @@ -72,6 +74,7 @@ typedef int (*eventfs_callback)(const char *name, umode_t *mode, void **data, struct eventfs_entry { const char *name; eventfs_callback callback; + eventfs_release release; }; struct eventfs_inode; diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c index 52f75c36bbca..6ef29eba90ce 100644 --- a/kernel/trace/trace_events.c +++ b/kernel/trace/trace_events.c @@ -2552,6 +2552,14 @@ static int event_callback(const char *name, umode_t *mode, void **data, return 0; } +/* The file is incremented on creation and freeing the enable file decrements it */ +static void event_release(const char *name, void *data) +{ + struct trace_event_file *file = data; + + event_file_put(file); +} + static int event_create_dir(struct eventfs_inode *parent, struct trace_event_file *file) { @@ -2566,6 +2574,7 @@ event_create_dir(struct eventfs_inode *parent, struct trace_event_file *file) { .name = "enable", .callback = event_callback, + .release = event_release, }, { .name = "filter", @@ -2634,6 +2643,9 @@ event_create_dir(struct eventfs_inode *parent, struct trace_event_file *file) return ret; } + /* Gets decremented on freeing of the "enable" file */ + event_file_get(file); + return 0; }

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] eventfs/tracing: Add callback for release of an eventfs_inode" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x b63db58e2fa5d6963db9c45df88e60060f0ff35f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051323-relight-stoop-214c@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: b63db58e2fa5 ("eventfs/tracing: Add callback for release of an eventfs_inode") c3137ab6318d ("eventfs: Create eventfs_root_inode to store dentry") 264424dfdd5c ("eventfs: Restructure eventfs_inode structure to be more condensed") 5a49f996046b ("eventfs: Warn if an eventfs_inode is freed without is_freed being set") 43aa6f97c2d0 ("eventfs: Get rid of dentry pointers without refcounts") 408600be78cd ("eventfs: Remove unused d_parent pointer field") 49304c2b93e4 ("tracefs: dentry lookup crapectomy") 4fa4b010b83f ("eventfs: Initialize the tracefs inode properly") 29142dc92c37 ("tracefs: remove stale 'update_gid' code") 834bf76add3e ("eventfs: Save directory inodes in the eventfs_inode structure") 1057066009c4 ("eventfs: Use kcalloc() instead of kzalloc()") 852e46e239ee ("eventfs: Do not create dentries nor inodes in iterate_shared") 53c41052ba31 ("eventfs: Have the inodes all for files and directories all be the same") 1de94b52d5e8 ("eventfs: Shortcut eventfs_iterate() by skipping entries already read") 704f960dbee2 ("eventfs: Read ei->entries before ei->children in eventfs_iterate()") 1e4624eb5a0e ("eventfs: Do ctx->pos update for all iterations in eventfs_iterate()") e109deadb733 ("eventfs: Have eventfs_iterate() stop immediately if ei->is_freed is set") 8186fff7ab64 ("tracefs/eventfs: Use root and instance inodes as default ownership") 493ec81a8fb8 ("eventfs: Stop using dcache_readdir() for getdents()") b0f7e2d739b4 ("eventfs: Remove "lookup" parameter from create_dir/file_dentry()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b63db58e2fa5d6963db9c45df88e60060f0ff35f Mon Sep 17 00:00:00 2001 From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> Date: Thu, 2 May 2024 09:03:15 -0400 Subject: [PATCH] eventfs/tracing: Add callback for release of an eventfs_inode MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Synthetic events create and destroy tracefs files when they are created and removed. The tracing subsystem has its own file descriptor representing the state of the events attached to the tracefs files. There's a race between the eventfs files and this file descriptor of the tracing system where the following can cause an issue: With two scripts 'A' and 'B' doing: Script 'A': echo "hello int aaa" > /sys/kernel/tracing/synthetic_events while : do echo 0 > /sys/kernel/tracing/events/synthetic/hello/enable done Script 'B': echo > /sys/kernel/tracing/synthetic_events Script 'A' creates a synthetic event "hello" and then just writes zero into its enable file. Script 'B' removes all synthetic events (including the newly created "hello" event). What happens is that the opening of the "enable" file has: { struct trace_event_file *file = inode->i_private; int ret; ret = tracing_check_open_get_tr(file->tr); [..] But deleting the events frees the "file" descriptor, and a "use after free" happens with the dereference at "file->tr". The file descriptor does have a reference counter, but there needs to be a way to decrement it from the eventfs when the eventfs_inode is removed that represents this file descriptor. Add an optional "release" callback to the eventfs_entry array structure, that gets called when the eventfs file is about to be removed. This allows for the creating on the eventfs file to increment the tracing file descriptor ref counter. When the eventfs file is deleted, it can call the release function that will call the put function for the tracing file descriptor. This will protect the tracing file from being freed while a eventfs file that references it is being opened. Link: https://lore.kernel.org/linux-trace-kernel/20240426073410.17154-1-Tze-nan.W… Link: https://lore.kernel.org/linux-trace-kernel/20240502090315.448cba46@gandalf.… Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Fixes: 5790b1fb3d672 ("eventfs: Remove eventfs_file and just use eventfs_inode") Reported-by: Tze-nan wu <Tze-nan.Wu(a)mediatek.com> Tested-by: Tze-nan Wu (吳澤南) <Tze-nan.Wu(a)mediatek.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index 894c6ca1e500..f5510e26f0f6 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -84,10 +84,17 @@ enum { static void release_ei(struct kref *ref) { struct eventfs_inode *ei = container_of(ref, struct eventfs_inode, kref); + const struct eventfs_entry *entry; struct eventfs_root_inode *rei; WARN_ON_ONCE(!ei->is_freed); + for (int i = 0; i < ei->nr_entries; i++) { + entry = &ei->entries[i]; + if (entry->release) + entry->release(entry->name, ei->data); + } + kfree(ei->entry_attrs); kfree_const(ei->name); if (ei->is_events) { @@ -112,6 +119,18 @@ static inline void free_ei(struct eventfs_inode *ei) } } +/* + * Called when creation of an ei fails, do not call release() functions. + */ +static inline void cleanup_ei(struct eventfs_inode *ei) +{ + if (ei) { + /* Set nr_entries to 0 to prevent release() function being called */ + ei->nr_entries = 0; + free_ei(ei); + } +} + static inline struct eventfs_inode *get_ei(struct eventfs_inode *ei) { if (ei) @@ -734,7 +753,7 @@ struct eventfs_inode *eventfs_create_dir(const char *name, struct eventfs_inode /* Was the parent freed? */ if (list_empty(&ei->list)) { - free_ei(ei); + cleanup_ei(ei); ei = NULL; } return ei; @@ -835,7 +854,7 @@ struct eventfs_inode *eventfs_create_events_dir(const char *name, struct dentry return ei; fail: - free_ei(ei); + cleanup_ei(ei); tracefs_failed_creating(dentry); return ERR_PTR(-ENOMEM); } diff --git a/include/linux/tracefs.h b/include/linux/tracefs.h index 7a5fe17b6bf9..d03f74658716 100644 --- a/include/linux/tracefs.h +++ b/include/linux/tracefs.h @@ -62,6 +62,8 @@ struct eventfs_file; typedef int (*eventfs_callback)(const char *name, umode_t *mode, void **data, const struct file_operations **fops); +typedef void (*eventfs_release)(const char *name, void *data); + /** * struct eventfs_entry - dynamically created eventfs file call back handler * @name: Then name of the dynamic file in an eventfs directory @@ -72,6 +74,7 @@ typedef int (*eventfs_callback)(const char *name, umode_t *mode, void **data, struct eventfs_entry { const char *name; eventfs_callback callback; + eventfs_release release; }; struct eventfs_inode; diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c index 52f75c36bbca..6ef29eba90ce 100644 --- a/kernel/trace/trace_events.c +++ b/kernel/trace/trace_events.c @@ -2552,6 +2552,14 @@ static int event_callback(const char *name, umode_t *mode, void **data, return 0; } +/* The file is incremented on creation and freeing the enable file decrements it */ +static void event_release(const char *name, void *data) +{ + struct trace_event_file *file = data; + + event_file_put(file); +} + static int event_create_dir(struct eventfs_inode *parent, struct trace_event_file *file) { @@ -2566,6 +2574,7 @@ event_create_dir(struct eventfs_inode *parent, struct trace_event_file *file) { .name = "enable", .callback = event_callback, + .release = event_release, }, { .name = "filter", @@ -2634,6 +2643,9 @@ event_create_dir(struct eventfs_inode *parent, struct trace_event_file *file) return ret; } + /* Gets decremented on freeing of the "enable" file */ + event_file_get(file); + return 0; }

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] eventfs: Free all of the eventfs_inode after RCU" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x ee4e0379475e4fe723986ae96293e465014fa8d9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051314-unwilling-outmatch-c624@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: ee4e0379475e ("eventfs: Free all of the eventfs_inode after RCU") b63db58e2fa5 ("eventfs/tracing: Add callback for release of an eventfs_inode") c3137ab6318d ("eventfs: Create eventfs_root_inode to store dentry") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ee4e0379475e4fe723986ae96293e465014fa8d9 Mon Sep 17 00:00:00 2001 From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> Date: Thu, 2 May 2024 16:08:22 -0400 Subject: [PATCH] eventfs: Free all of the eventfs_inode after RCU The freeing of eventfs_inode via a kfree_rcu() callback. But the content of the eventfs_inode was being freed after the last kref. This is dangerous, as changes are being made that can access the content of an eventfs_inode from an RCU loop. Instead of using kfree_rcu() use call_rcu() that calls a function to do all the freeing of the eventfs_inode after a RCU grace period has expired. Link: https://lore.kernel.org/linux-trace-kernel/20240502200905.370261163@goodmis… Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Fixes: 43aa6f97c2d03 ("eventfs: Get rid of dentry pointers without refcounts") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index f5510e26f0f6..cc8b838bbe62 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -73,6 +73,21 @@ enum { #define EVENTFS_MODE_MASK (EVENTFS_SAVE_MODE - 1) +static void free_ei_rcu(struct rcu_head *rcu) +{ + struct eventfs_inode *ei = container_of(rcu, struct eventfs_inode, rcu); + struct eventfs_root_inode *rei; + + kfree(ei->entry_attrs); + kfree_const(ei->name); + if (ei->is_events) { + rei = get_root_inode(ei); + kfree(rei); + } else { + kfree(ei); + } +} + /* * eventfs_inode reference count management. * @@ -85,7 +100,6 @@ static void release_ei(struct kref *ref) { struct eventfs_inode *ei = container_of(ref, struct eventfs_inode, kref); const struct eventfs_entry *entry; - struct eventfs_root_inode *rei; WARN_ON_ONCE(!ei->is_freed); @@ -95,14 +109,7 @@ static void release_ei(struct kref *ref) entry->release(entry->name, ei->data); } - kfree(ei->entry_attrs); - kfree_const(ei->name); - if (ei->is_events) { - rei = get_root_inode(ei); - kfree_rcu(rei, ei.rcu); - } else { - kfree_rcu(ei, rcu); - } + call_rcu(&ei->rcu, free_ei_rcu); } static inline void put_ei(struct eventfs_inode *ei)

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] eventfs: Free all of the eventfs_inode after RCU" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x ee4e0379475e4fe723986ae96293e465014fa8d9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051313-twilight-disposal-0184@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: ee4e0379475e ("eventfs: Free all of the eventfs_inode after RCU") b63db58e2fa5 ("eventfs/tracing: Add callback for release of an eventfs_inode") c3137ab6318d ("eventfs: Create eventfs_root_inode to store dentry") 264424dfdd5c ("eventfs: Restructure eventfs_inode structure to be more condensed") 5a49f996046b ("eventfs: Warn if an eventfs_inode is freed without is_freed being set") 43aa6f97c2d0 ("eventfs: Get rid of dentry pointers without refcounts") 408600be78cd ("eventfs: Remove unused d_parent pointer field") 49304c2b93e4 ("tracefs: dentry lookup crapectomy") 4fa4b010b83f ("eventfs: Initialize the tracefs inode properly") 29142dc92c37 ("tracefs: remove stale 'update_gid' code") 834bf76add3e ("eventfs: Save directory inodes in the eventfs_inode structure") 1057066009c4 ("eventfs: Use kcalloc() instead of kzalloc()") 852e46e239ee ("eventfs: Do not create dentries nor inodes in iterate_shared") 53c41052ba31 ("eventfs: Have the inodes all for files and directories all be the same") 1de94b52d5e8 ("eventfs: Shortcut eventfs_iterate() by skipping entries already read") 704f960dbee2 ("eventfs: Read ei->entries before ei->children in eventfs_iterate()") 1e4624eb5a0e ("eventfs: Do ctx->pos update for all iterations in eventfs_iterate()") e109deadb733 ("eventfs: Have eventfs_iterate() stop immediately if ei->is_freed is set") 8186fff7ab64 ("tracefs/eventfs: Use root and instance inodes as default ownership") 493ec81a8fb8 ("eventfs: Stop using dcache_readdir() for getdents()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ee4e0379475e4fe723986ae96293e465014fa8d9 Mon Sep 17 00:00:00 2001 From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> Date: Thu, 2 May 2024 16:08:22 -0400 Subject: [PATCH] eventfs: Free all of the eventfs_inode after RCU The freeing of eventfs_inode via a kfree_rcu() callback. But the content of the eventfs_inode was being freed after the last kref. This is dangerous, as changes are being made that can access the content of an eventfs_inode from an RCU loop. Instead of using kfree_rcu() use call_rcu() that calls a function to do all the freeing of the eventfs_inode after a RCU grace period has expired. Link: https://lore.kernel.org/linux-trace-kernel/20240502200905.370261163@goodmis… Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Fixes: 43aa6f97c2d03 ("eventfs: Get rid of dentry pointers without refcounts") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index f5510e26f0f6..cc8b838bbe62 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -73,6 +73,21 @@ enum { #define EVENTFS_MODE_MASK (EVENTFS_SAVE_MODE - 1) +static void free_ei_rcu(struct rcu_head *rcu) +{ + struct eventfs_inode *ei = container_of(rcu, struct eventfs_inode, rcu); + struct eventfs_root_inode *rei; + + kfree(ei->entry_attrs); + kfree_const(ei->name); + if (ei->is_events) { + rei = get_root_inode(ei); + kfree(rei); + } else { + kfree(ei); + } +} + /* * eventfs_inode reference count management. * @@ -85,7 +100,6 @@ static void release_ei(struct kref *ref) { struct eventfs_inode *ei = container_of(ref, struct eventfs_inode, kref); const struct eventfs_entry *entry; - struct eventfs_root_inode *rei; WARN_ON_ONCE(!ei->is_freed); @@ -95,14 +109,7 @@ static void release_ei(struct kref *ref) entry->release(entry->name, ei->data); } - kfree(ei->entry_attrs); - kfree_const(ei->name); - if (ei->is_events) { - rei = get_root_inode(ei); - kfree_rcu(rei, ei.rcu); - } else { - kfree_rcu(ei, rcu); - } + call_rcu(&ei->rcu, free_ei_rcu); } static inline void put_ei(struct eventfs_inode *ei)

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] ksmbd: use rwsem instead of rwlock for lease break" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x d1c189c6cb8b0fb7b5ee549237d27889c40c2f8b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051355-hypnotize-anchor-2de7@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: d1c189c6cb8b ("ksmbd: use rwsem instead of rwlock for lease break") c8efcc786146 ("ksmbd: add support for durable handles v1/v2") fa9415d4024f ("ksmbd: mark SMB2_SESSION_EXPIRED to session when destroying previous session") c2a721eead71 ("ksmbd: lazy v2 lease break on smb2_write()") d47d9886aeef ("ksmbd: send v2 lease break notification for directory") eb547407f357 ("ksmbd: downgrade RWH lease caching state to RH for directory") 2e450920d58b ("ksmbd: move oplock handling after unlock parent dir") 4274a9dc6aeb ("ksmbd: separately allocate ci per dentry") 864fb5d37163 ("ksmbd: fix possible deadlock in smb2_open") 5a7ee91d1154 ("ksmbd: fix race condition with fp") e2b76ab8b5c9 ("ksmbd: add support for read compound") e202a1e8634b ("ksmbd: no response from compound read") 2b57a4322b1b ("ksmbd: check if a mount point is crossed during path lookup") 7b7d709ef7cf ("ksmbd: add missing compound request handing in some commands") 81a94b27847f ("ksmbd: use kvzalloc instead of kvmalloc") 40b268d384a2 ("ksmbd: add mnt_want_write to ksmbd vfs functions") fc6c6a3c324c ("ksmbd: fix out-of-bound read in parse_lease_state()") 6fe55c2799bc ("ksmbd: call putname after using the last component") 36322523dddb ("ksmbd: fix UAF issue from opinfo->conn") df14afeed2e6 ("ksmbd: fix uninitialized pointer read in smb2_create_link()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d1c189c6cb8b0fb7b5ee549237d27889c40c2f8b Mon Sep 17 00:00:00 2001 From: Namjae Jeon <linkinjeon(a)kernel.org> Date: Thu, 2 May 2024 10:07:50 +0900 Subject: [PATCH] ksmbd: use rwsem instead of rwlock for lease break lease break wait for lease break acknowledgment. rwsem is more suitable than unlock while traversing the list for parent lease break in ->m_op_list. Cc: stable(a)vger.kernel.org Signed-off-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/server/oplock.c b/fs/smb/server/oplock.c index 6fd8cb7064dc..c2abf109010d 100644 --- a/fs/smb/server/oplock.c +++ b/fs/smb/server/oplock.c @@ -207,9 +207,9 @@ static void opinfo_add(struct oplock_info *opinfo) { struct ksmbd_inode *ci = opinfo->o_fp->f_ci; - write_lock(&ci->m_lock); + down_write(&ci->m_lock); list_add_rcu(&opinfo->op_entry, &ci->m_op_list); - write_unlock(&ci->m_lock); + up_write(&ci->m_lock); } static void opinfo_del(struct oplock_info *opinfo) @@ -221,9 +221,9 @@ static void opinfo_del(struct oplock_info *opinfo) lease_del_list(opinfo); write_unlock(&lease_list_lock); } - write_lock(&ci->m_lock); + down_write(&ci->m_lock); list_del_rcu(&opinfo->op_entry); - write_unlock(&ci->m_lock); + up_write(&ci->m_lock); } static unsigned long opinfo_count(struct ksmbd_file *fp) @@ -526,21 +526,18 @@ static struct oplock_info *same_client_has_lease(struct ksmbd_inode *ci, * Compare lease key and client_guid to know request from same owner * of same client */ - read_lock(&ci->m_lock); + down_read(&ci->m_lock); list_for_each_entry(opinfo, &ci->m_op_list, op_entry) { if (!opinfo->is_lease || !opinfo->conn) continue; - read_unlock(&ci->m_lock); lease = opinfo->o_lease; ret = compare_guid_key(opinfo, client_guid, lctx->lease_key); if (ret) { m_opinfo = opinfo; /* skip upgrading lease about breaking lease */ - if (atomic_read(&opinfo->breaking_cnt)) { - read_lock(&ci->m_lock); + if (atomic_read(&opinfo->breaking_cnt)) continue; - } /* upgrading lease */ if ((atomic_read(&ci->op_count) + @@ -570,9 +567,8 @@ static struct oplock_info *same_client_has_lease(struct ksmbd_inode *ci, lease_none_upgrade(opinfo, lctx->req_state); } } - read_lock(&ci->m_lock); } - read_unlock(&ci->m_lock); + up_read(&ci->m_lock); return m_opinfo; } @@ -1114,7 +1110,7 @@ void smb_send_parent_lease_break_noti(struct ksmbd_file *fp, if (!p_ci) return; - read_lock(&p_ci->m_lock); + down_read(&p_ci->m_lock); list_for_each_entry(opinfo, &p_ci->m_op_list, op_entry) { if (opinfo->conn == NULL || !opinfo->is_lease) continue; @@ -1132,13 +1128,11 @@ void smb_send_parent_lease_break_noti(struct ksmbd_file *fp, continue; } - read_unlock(&p_ci->m_lock); oplock_break(opinfo, SMB2_OPLOCK_LEVEL_NONE); opinfo_conn_put(opinfo); - read_lock(&p_ci->m_lock); } } - read_unlock(&p_ci->m_lock); + up_read(&p_ci->m_lock); ksmbd_inode_put(p_ci); } @@ -1159,7 +1153,7 @@ void smb_lazy_parent_lease_break_close(struct ksmbd_file *fp) if (!p_ci) return; - read_lock(&p_ci->m_lock); + down_read(&p_ci->m_lock); list_for_each_entry(opinfo, &p_ci->m_op_list, op_entry) { if (opinfo->conn == NULL || !opinfo->is_lease) continue; @@ -1173,13 +1167,11 @@ void smb_lazy_parent_lease_break_close(struct ksmbd_file *fp) atomic_dec(&opinfo->conn->r_count); continue; } - read_unlock(&p_ci->m_lock); oplock_break(opinfo, SMB2_OPLOCK_LEVEL_NONE); opinfo_conn_put(opinfo); - read_lock(&p_ci->m_lock); } } - read_unlock(&p_ci->m_lock); + up_read(&p_ci->m_lock); ksmbd_inode_put(p_ci); } diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c index 30229161b346..b6c5a8ea3887 100644 --- a/fs/smb/server/smb2pdu.c +++ b/fs/smb/server/smb2pdu.c @@ -3376,9 +3376,9 @@ int smb2_open(struct ksmbd_work *work) * after daccess, saccess, attrib_only, and stream are * initialized. */ - write_lock(&fp->f_ci->m_lock); + down_write(&fp->f_ci->m_lock); list_add(&fp->node, &fp->f_ci->m_fp_list); - write_unlock(&fp->f_ci->m_lock); + up_write(&fp->f_ci->m_lock); /* Check delete pending among previous fp before oplock break */ if (ksmbd_inode_pending_delete(fp)) { diff --git a/fs/smb/server/smb_common.c b/fs/smb/server/smb_common.c index fcaf373cc008..474dadf6b7b8 100644 --- a/fs/smb/server/smb_common.c +++ b/fs/smb/server/smb_common.c @@ -646,7 +646,7 @@ int ksmbd_smb_check_shared_mode(struct file *filp, struct ksmbd_file *curr_fp) * Lookup fp in master fp list, and check desired access and * shared mode between previous open and current open. */ - read_lock(&curr_fp->f_ci->m_lock); + down_read(&curr_fp->f_ci->m_lock); list_for_each_entry(prev_fp, &curr_fp->f_ci->m_fp_list, node) { if (file_inode(filp) != file_inode(prev_fp->filp)) continue; @@ -722,7 +722,7 @@ int ksmbd_smb_check_shared_mode(struct file *filp, struct ksmbd_file *curr_fp) break; } } - read_unlock(&curr_fp->f_ci->m_lock); + up_read(&curr_fp->f_ci->m_lock); return rc; } diff --git a/fs/smb/server/vfs_cache.c b/fs/smb/server/vfs_cache.c index 030f70700036..6cb599cd287e 100644 --- a/fs/smb/server/vfs_cache.c +++ b/fs/smb/server/vfs_cache.c @@ -165,7 +165,7 @@ static int ksmbd_inode_init(struct ksmbd_inode *ci, struct ksmbd_file *fp) ci->m_fattr = 0; INIT_LIST_HEAD(&ci->m_fp_list); INIT_LIST_HEAD(&ci->m_op_list); - rwlock_init(&ci->m_lock); + init_rwsem(&ci->m_lock); ci->m_de = fp->filp->f_path.dentry; return 0; } @@ -261,14 +261,14 @@ static void __ksmbd_inode_close(struct ksmbd_file *fp) } if (atomic_dec_and_test(&ci->m_count)) { - write_lock(&ci->m_lock); + down_write(&ci->m_lock); if (ci->m_flags & (S_DEL_ON_CLS | S_DEL_PENDING)) { ci->m_flags &= ~(S_DEL_ON_CLS | S_DEL_PENDING); - write_unlock(&ci->m_lock); + up_write(&ci->m_lock); ksmbd_vfs_unlink(filp); - write_lock(&ci->m_lock); + down_write(&ci->m_lock); } - write_unlock(&ci->m_lock); + up_write(&ci->m_lock); ksmbd_inode_free(ci); } @@ -289,9 +289,9 @@ static void __ksmbd_remove_fd(struct ksmbd_file_table *ft, struct ksmbd_file *fp if (!has_file_id(fp->volatile_id)) return; - write_lock(&fp->f_ci->m_lock); + down_write(&fp->f_ci->m_lock); list_del_init(&fp->node); - write_unlock(&fp->f_ci->m_lock); + up_write(&fp->f_ci->m_lock); write_lock(&ft->lock); idr_remove(ft->idr, fp->volatile_id); @@ -523,17 +523,17 @@ struct ksmbd_file *ksmbd_lookup_fd_inode(struct dentry *dentry) if (!ci) return NULL; - read_lock(&ci->m_lock); + down_read(&ci->m_lock); list_for_each_entry(lfp, &ci->m_fp_list, node) { if (inode == file_inode(lfp->filp)) { atomic_dec(&ci->m_count); lfp = ksmbd_fp_get(lfp); - read_unlock(&ci->m_lock); + up_read(&ci->m_lock); return lfp; } } atomic_dec(&ci->m_count); - read_unlock(&ci->m_lock); + up_read(&ci->m_lock); return NULL; } @@ -705,13 +705,13 @@ static bool session_fd_check(struct ksmbd_tree_connect *tcon, conn = fp->conn; ci = fp->f_ci; - write_lock(&ci->m_lock); + down_write(&ci->m_lock); list_for_each_entry_rcu(op, &ci->m_op_list, op_entry) { if (op->conn != conn) continue; op->conn = NULL; } - write_unlock(&ci->m_lock); + up_write(&ci->m_lock); fp->conn = NULL; fp->tcon = NULL; @@ -801,13 +801,13 @@ int ksmbd_reopen_durable_fd(struct ksmbd_work *work, struct ksmbd_file *fp) fp->tcon = work->tcon; ci = fp->f_ci; - write_lock(&ci->m_lock); + down_write(&ci->m_lock); list_for_each_entry_rcu(op, &ci->m_op_list, op_entry) { if (op->conn) continue; op->conn = fp->conn; } - write_unlock(&ci->m_lock); + up_write(&ci->m_lock); __open_id(&work->sess->file_table, fp, OPEN_ID_TYPE_VOLATILE_ID); if (!has_file_id(fp->volatile_id)) { diff --git a/fs/smb/server/vfs_cache.h b/fs/smb/server/vfs_cache.h index ed44fb4e18e7..5a225e7055f1 100644 --- a/fs/smb/server/vfs_cache.h +++ b/fs/smb/server/vfs_cache.h @@ -47,7 +47,7 @@ struct stream { }; struct ksmbd_inode { - rwlock_t m_lock; + struct rw_semaphore m_lock; atomic_t m_count; atomic_t op_count; /* opinfo count for streams */

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] ksmbd: use rwsem instead of rwlock for lease break" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x d1c189c6cb8b0fb7b5ee549237d27889c40c2f8b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051354-playmaker-preplan-0d22@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: d1c189c6cb8b ("ksmbd: use rwsem instead of rwlock for lease break") c8efcc786146 ("ksmbd: add support for durable handles v1/v2") fa9415d4024f ("ksmbd: mark SMB2_SESSION_EXPIRED to session when destroying previous session") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d1c189c6cb8b0fb7b5ee549237d27889c40c2f8b Mon Sep 17 00:00:00 2001 From: Namjae Jeon <linkinjeon(a)kernel.org> Date: Thu, 2 May 2024 10:07:50 +0900 Subject: [PATCH] ksmbd: use rwsem instead of rwlock for lease break lease break wait for lease break acknowledgment. rwsem is more suitable than unlock while traversing the list for parent lease break in ->m_op_list. Cc: stable(a)vger.kernel.org Signed-off-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/server/oplock.c b/fs/smb/server/oplock.c index 6fd8cb7064dc..c2abf109010d 100644 --- a/fs/smb/server/oplock.c +++ b/fs/smb/server/oplock.c @@ -207,9 +207,9 @@ static void opinfo_add(struct oplock_info *opinfo) { struct ksmbd_inode *ci = opinfo->o_fp->f_ci; - write_lock(&ci->m_lock); + down_write(&ci->m_lock); list_add_rcu(&opinfo->op_entry, &ci->m_op_list); - write_unlock(&ci->m_lock); + up_write(&ci->m_lock); } static void opinfo_del(struct oplock_info *opinfo) @@ -221,9 +221,9 @@ static void opinfo_del(struct oplock_info *opinfo) lease_del_list(opinfo); write_unlock(&lease_list_lock); } - write_lock(&ci->m_lock); + down_write(&ci->m_lock); list_del_rcu(&opinfo->op_entry); - write_unlock(&ci->m_lock); + up_write(&ci->m_lock); } static unsigned long opinfo_count(struct ksmbd_file *fp) @@ -526,21 +526,18 @@ static struct oplock_info *same_client_has_lease(struct ksmbd_inode *ci, * Compare lease key and client_guid to know request from same owner * of same client */ - read_lock(&ci->m_lock); + down_read(&ci->m_lock); list_for_each_entry(opinfo, &ci->m_op_list, op_entry) { if (!opinfo->is_lease || !opinfo->conn) continue; - read_unlock(&ci->m_lock); lease = opinfo->o_lease; ret = compare_guid_key(opinfo, client_guid, lctx->lease_key); if (ret) { m_opinfo = opinfo; /* skip upgrading lease about breaking lease */ - if (atomic_read(&opinfo->breaking_cnt)) { - read_lock(&ci->m_lock); + if (atomic_read(&opinfo->breaking_cnt)) continue; - } /* upgrading lease */ if ((atomic_read(&ci->op_count) + @@ -570,9 +567,8 @@ static struct oplock_info *same_client_has_lease(struct ksmbd_inode *ci, lease_none_upgrade(opinfo, lctx->req_state); } } - read_lock(&ci->m_lock); } - read_unlock(&ci->m_lock); + up_read(&ci->m_lock); return m_opinfo; } @@ -1114,7 +1110,7 @@ void smb_send_parent_lease_break_noti(struct ksmbd_file *fp, if (!p_ci) return; - read_lock(&p_ci->m_lock); + down_read(&p_ci->m_lock); list_for_each_entry(opinfo, &p_ci->m_op_list, op_entry) { if (opinfo->conn == NULL || !opinfo->is_lease) continue; @@ -1132,13 +1128,11 @@ void smb_send_parent_lease_break_noti(struct ksmbd_file *fp, continue; } - read_unlock(&p_ci->m_lock); oplock_break(opinfo, SMB2_OPLOCK_LEVEL_NONE); opinfo_conn_put(opinfo); - read_lock(&p_ci->m_lock); } } - read_unlock(&p_ci->m_lock); + up_read(&p_ci->m_lock); ksmbd_inode_put(p_ci); } @@ -1159,7 +1153,7 @@ void smb_lazy_parent_lease_break_close(struct ksmbd_file *fp) if (!p_ci) return; - read_lock(&p_ci->m_lock); + down_read(&p_ci->m_lock); list_for_each_entry(opinfo, &p_ci->m_op_list, op_entry) { if (opinfo->conn == NULL || !opinfo->is_lease) continue; @@ -1173,13 +1167,11 @@ void smb_lazy_parent_lease_break_close(struct ksmbd_file *fp) atomic_dec(&opinfo->conn->r_count); continue; } - read_unlock(&p_ci->m_lock); oplock_break(opinfo, SMB2_OPLOCK_LEVEL_NONE); opinfo_conn_put(opinfo); - read_lock(&p_ci->m_lock); } } - read_unlock(&p_ci->m_lock); + up_read(&p_ci->m_lock); ksmbd_inode_put(p_ci); } diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c index 30229161b346..b6c5a8ea3887 100644 --- a/fs/smb/server/smb2pdu.c +++ b/fs/smb/server/smb2pdu.c @@ -3376,9 +3376,9 @@ int smb2_open(struct ksmbd_work *work) * after daccess, saccess, attrib_only, and stream are * initialized. */ - write_lock(&fp->f_ci->m_lock); + down_write(&fp->f_ci->m_lock); list_add(&fp->node, &fp->f_ci->m_fp_list); - write_unlock(&fp->f_ci->m_lock); + up_write(&fp->f_ci->m_lock); /* Check delete pending among previous fp before oplock break */ if (ksmbd_inode_pending_delete(fp)) { diff --git a/fs/smb/server/smb_common.c b/fs/smb/server/smb_common.c index fcaf373cc008..474dadf6b7b8 100644 --- a/fs/smb/server/smb_common.c +++ b/fs/smb/server/smb_common.c @@ -646,7 +646,7 @@ int ksmbd_smb_check_shared_mode(struct file *filp, struct ksmbd_file *curr_fp) * Lookup fp in master fp list, and check desired access and * shared mode between previous open and current open. */ - read_lock(&curr_fp->f_ci->m_lock); + down_read(&curr_fp->f_ci->m_lock); list_for_each_entry(prev_fp, &curr_fp->f_ci->m_fp_list, node) { if (file_inode(filp) != file_inode(prev_fp->filp)) continue; @@ -722,7 +722,7 @@ int ksmbd_smb_check_shared_mode(struct file *filp, struct ksmbd_file *curr_fp) break; } } - read_unlock(&curr_fp->f_ci->m_lock); + up_read(&curr_fp->f_ci->m_lock); return rc; } diff --git a/fs/smb/server/vfs_cache.c b/fs/smb/server/vfs_cache.c index 030f70700036..6cb599cd287e 100644 --- a/fs/smb/server/vfs_cache.c +++ b/fs/smb/server/vfs_cache.c @@ -165,7 +165,7 @@ static int ksmbd_inode_init(struct ksmbd_inode *ci, struct ksmbd_file *fp) ci->m_fattr = 0; INIT_LIST_HEAD(&ci->m_fp_list); INIT_LIST_HEAD(&ci->m_op_list); - rwlock_init(&ci->m_lock); + init_rwsem(&ci->m_lock); ci->m_de = fp->filp->f_path.dentry; return 0; } @@ -261,14 +261,14 @@ static void __ksmbd_inode_close(struct ksmbd_file *fp) } if (atomic_dec_and_test(&ci->m_count)) { - write_lock(&ci->m_lock); + down_write(&ci->m_lock); if (ci->m_flags & (S_DEL_ON_CLS | S_DEL_PENDING)) { ci->m_flags &= ~(S_DEL_ON_CLS | S_DEL_PENDING); - write_unlock(&ci->m_lock); + up_write(&ci->m_lock); ksmbd_vfs_unlink(filp); - write_lock(&ci->m_lock); + down_write(&ci->m_lock); } - write_unlock(&ci->m_lock); + up_write(&ci->m_lock); ksmbd_inode_free(ci); } @@ -289,9 +289,9 @@ static void __ksmbd_remove_fd(struct ksmbd_file_table *ft, struct ksmbd_file *fp if (!has_file_id(fp->volatile_id)) return; - write_lock(&fp->f_ci->m_lock); + down_write(&fp->f_ci->m_lock); list_del_init(&fp->node); - write_unlock(&fp->f_ci->m_lock); + up_write(&fp->f_ci->m_lock); write_lock(&ft->lock); idr_remove(ft->idr, fp->volatile_id); @@ -523,17 +523,17 @@ struct ksmbd_file *ksmbd_lookup_fd_inode(struct dentry *dentry) if (!ci) return NULL; - read_lock(&ci->m_lock); + down_read(&ci->m_lock); list_for_each_entry(lfp, &ci->m_fp_list, node) { if (inode == file_inode(lfp->filp)) { atomic_dec(&ci->m_count); lfp = ksmbd_fp_get(lfp); - read_unlock(&ci->m_lock); + up_read(&ci->m_lock); return lfp; } } atomic_dec(&ci->m_count); - read_unlock(&ci->m_lock); + up_read(&ci->m_lock); return NULL; } @@ -705,13 +705,13 @@ static bool session_fd_check(struct ksmbd_tree_connect *tcon, conn = fp->conn; ci = fp->f_ci; - write_lock(&ci->m_lock); + down_write(&ci->m_lock); list_for_each_entry_rcu(op, &ci->m_op_list, op_entry) { if (op->conn != conn) continue; op->conn = NULL; } - write_unlock(&ci->m_lock); + up_write(&ci->m_lock); fp->conn = NULL; fp->tcon = NULL; @@ -801,13 +801,13 @@ int ksmbd_reopen_durable_fd(struct ksmbd_work *work, struct ksmbd_file *fp) fp->tcon = work->tcon; ci = fp->f_ci; - write_lock(&ci->m_lock); + down_write(&ci->m_lock); list_for_each_entry_rcu(op, &ci->m_op_list, op_entry) { if (op->conn) continue; op->conn = fp->conn; } - write_unlock(&ci->m_lock); + up_write(&ci->m_lock); __open_id(&work->sess->file_table, fp, OPEN_ID_TYPE_VOLATILE_ID); if (!has_file_id(fp->volatile_id)) { diff --git a/fs/smb/server/vfs_cache.h b/fs/smb/server/vfs_cache.h index ed44fb4e18e7..5a225e7055f1 100644 --- a/fs/smb/server/vfs_cache.h +++ b/fs/smb/server/vfs_cache.h @@ -47,7 +47,7 @@ struct stream { }; struct ksmbd_inode { - rwlock_t m_lock; + struct rw_semaphore m_lock; atomic_t m_count; atomic_t op_count; /* opinfo count for streams */

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] ksmbd: use rwsem instead of rwlock for lease break" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x d1c189c6cb8b0fb7b5ee549237d27889c40c2f8b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051354-eastward-undivided-3e1b@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: d1c189c6cb8b ("ksmbd: use rwsem instead of rwlock for lease break") c8efcc786146 ("ksmbd: add support for durable handles v1/v2") fa9415d4024f ("ksmbd: mark SMB2_SESSION_EXPIRED to session when destroying previous session") c2a721eead71 ("ksmbd: lazy v2 lease break on smb2_write()") d47d9886aeef ("ksmbd: send v2 lease break notification for directory") eb547407f357 ("ksmbd: downgrade RWH lease caching state to RH for directory") 2e450920d58b ("ksmbd: move oplock handling after unlock parent dir") 4274a9dc6aeb ("ksmbd: separately allocate ci per dentry") 864fb5d37163 ("ksmbd: fix possible deadlock in smb2_open") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d1c189c6cb8b0fb7b5ee549237d27889c40c2f8b Mon Sep 17 00:00:00 2001 From: Namjae Jeon <linkinjeon(a)kernel.org> Date: Thu, 2 May 2024 10:07:50 +0900 Subject: [PATCH] ksmbd: use rwsem instead of rwlock for lease break lease break wait for lease break acknowledgment. rwsem is more suitable than unlock while traversing the list for parent lease break in ->m_op_list. Cc: stable(a)vger.kernel.org Signed-off-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/server/oplock.c b/fs/smb/server/oplock.c index 6fd8cb7064dc..c2abf109010d 100644 --- a/fs/smb/server/oplock.c +++ b/fs/smb/server/oplock.c @@ -207,9 +207,9 @@ static void opinfo_add(struct oplock_info *opinfo) { struct ksmbd_inode *ci = opinfo->o_fp->f_ci; - write_lock(&ci->m_lock); + down_write(&ci->m_lock); list_add_rcu(&opinfo->op_entry, &ci->m_op_list); - write_unlock(&ci->m_lock); + up_write(&ci->m_lock); } static void opinfo_del(struct oplock_info *opinfo) @@ -221,9 +221,9 @@ static void opinfo_del(struct oplock_info *opinfo) lease_del_list(opinfo); write_unlock(&lease_list_lock); } - write_lock(&ci->m_lock); + down_write(&ci->m_lock); list_del_rcu(&opinfo->op_entry); - write_unlock(&ci->m_lock); + up_write(&ci->m_lock); } static unsigned long opinfo_count(struct ksmbd_file *fp) @@ -526,21 +526,18 @@ static struct oplock_info *same_client_has_lease(struct ksmbd_inode *ci, * Compare lease key and client_guid to know request from same owner * of same client */ - read_lock(&ci->m_lock); + down_read(&ci->m_lock); list_for_each_entry(opinfo, &ci->m_op_list, op_entry) { if (!opinfo->is_lease || !opinfo->conn) continue; - read_unlock(&ci->m_lock); lease = opinfo->o_lease; ret = compare_guid_key(opinfo, client_guid, lctx->lease_key); if (ret) { m_opinfo = opinfo; /* skip upgrading lease about breaking lease */ - if (atomic_read(&opinfo->breaking_cnt)) { - read_lock(&ci->m_lock); + if (atomic_read(&opinfo->breaking_cnt)) continue; - } /* upgrading lease */ if ((atomic_read(&ci->op_count) + @@ -570,9 +567,8 @@ static struct oplock_info *same_client_has_lease(struct ksmbd_inode *ci, lease_none_upgrade(opinfo, lctx->req_state); } } - read_lock(&ci->m_lock); } - read_unlock(&ci->m_lock); + up_read(&ci->m_lock); return m_opinfo; } @@ -1114,7 +1110,7 @@ void smb_send_parent_lease_break_noti(struct ksmbd_file *fp, if (!p_ci) return; - read_lock(&p_ci->m_lock); + down_read(&p_ci->m_lock); list_for_each_entry(opinfo, &p_ci->m_op_list, op_entry) { if (opinfo->conn == NULL || !opinfo->is_lease) continue; @@ -1132,13 +1128,11 @@ void smb_send_parent_lease_break_noti(struct ksmbd_file *fp, continue; } - read_unlock(&p_ci->m_lock); oplock_break(opinfo, SMB2_OPLOCK_LEVEL_NONE); opinfo_conn_put(opinfo); - read_lock(&p_ci->m_lock); } } - read_unlock(&p_ci->m_lock); + up_read(&p_ci->m_lock); ksmbd_inode_put(p_ci); } @@ -1159,7 +1153,7 @@ void smb_lazy_parent_lease_break_close(struct ksmbd_file *fp) if (!p_ci) return; - read_lock(&p_ci->m_lock); + down_read(&p_ci->m_lock); list_for_each_entry(opinfo, &p_ci->m_op_list, op_entry) { if (opinfo->conn == NULL || !opinfo->is_lease) continue; @@ -1173,13 +1167,11 @@ void smb_lazy_parent_lease_break_close(struct ksmbd_file *fp) atomic_dec(&opinfo->conn->r_count); continue; } - read_unlock(&p_ci->m_lock); oplock_break(opinfo, SMB2_OPLOCK_LEVEL_NONE); opinfo_conn_put(opinfo); - read_lock(&p_ci->m_lock); } } - read_unlock(&p_ci->m_lock); + up_read(&p_ci->m_lock); ksmbd_inode_put(p_ci); } diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c index 30229161b346..b6c5a8ea3887 100644 --- a/fs/smb/server/smb2pdu.c +++ b/fs/smb/server/smb2pdu.c @@ -3376,9 +3376,9 @@ int smb2_open(struct ksmbd_work *work) * after daccess, saccess, attrib_only, and stream are * initialized. */ - write_lock(&fp->f_ci->m_lock); + down_write(&fp->f_ci->m_lock); list_add(&fp->node, &fp->f_ci->m_fp_list); - write_unlock(&fp->f_ci->m_lock); + up_write(&fp->f_ci->m_lock); /* Check delete pending among previous fp before oplock break */ if (ksmbd_inode_pending_delete(fp)) { diff --git a/fs/smb/server/smb_common.c b/fs/smb/server/smb_common.c index fcaf373cc008..474dadf6b7b8 100644 --- a/fs/smb/server/smb_common.c +++ b/fs/smb/server/smb_common.c @@ -646,7 +646,7 @@ int ksmbd_smb_check_shared_mode(struct file *filp, struct ksmbd_file *curr_fp) * Lookup fp in master fp list, and check desired access and * shared mode between previous open and current open. */ - read_lock(&curr_fp->f_ci->m_lock); + down_read(&curr_fp->f_ci->m_lock); list_for_each_entry(prev_fp, &curr_fp->f_ci->m_fp_list, node) { if (file_inode(filp) != file_inode(prev_fp->filp)) continue; @@ -722,7 +722,7 @@ int ksmbd_smb_check_shared_mode(struct file *filp, struct ksmbd_file *curr_fp) break; } } - read_unlock(&curr_fp->f_ci->m_lock); + up_read(&curr_fp->f_ci->m_lock); return rc; } diff --git a/fs/smb/server/vfs_cache.c b/fs/smb/server/vfs_cache.c index 030f70700036..6cb599cd287e 100644 --- a/fs/smb/server/vfs_cache.c +++ b/fs/smb/server/vfs_cache.c @@ -165,7 +165,7 @@ static int ksmbd_inode_init(struct ksmbd_inode *ci, struct ksmbd_file *fp) ci->m_fattr = 0; INIT_LIST_HEAD(&ci->m_fp_list); INIT_LIST_HEAD(&ci->m_op_list); - rwlock_init(&ci->m_lock); + init_rwsem(&ci->m_lock); ci->m_de = fp->filp->f_path.dentry; return 0; } @@ -261,14 +261,14 @@ static void __ksmbd_inode_close(struct ksmbd_file *fp) } if (atomic_dec_and_test(&ci->m_count)) { - write_lock(&ci->m_lock); + down_write(&ci->m_lock); if (ci->m_flags & (S_DEL_ON_CLS | S_DEL_PENDING)) { ci->m_flags &= ~(S_DEL_ON_CLS | S_DEL_PENDING); - write_unlock(&ci->m_lock); + up_write(&ci->m_lock); ksmbd_vfs_unlink(filp); - write_lock(&ci->m_lock); + down_write(&ci->m_lock); } - write_unlock(&ci->m_lock); + up_write(&ci->m_lock); ksmbd_inode_free(ci); } @@ -289,9 +289,9 @@ static void __ksmbd_remove_fd(struct ksmbd_file_table *ft, struct ksmbd_file *fp if (!has_file_id(fp->volatile_id)) return; - write_lock(&fp->f_ci->m_lock); + down_write(&fp->f_ci->m_lock); list_del_init(&fp->node); - write_unlock(&fp->f_ci->m_lock); + up_write(&fp->f_ci->m_lock); write_lock(&ft->lock); idr_remove(ft->idr, fp->volatile_id); @@ -523,17 +523,17 @@ struct ksmbd_file *ksmbd_lookup_fd_inode(struct dentry *dentry) if (!ci) return NULL; - read_lock(&ci->m_lock); + down_read(&ci->m_lock); list_for_each_entry(lfp, &ci->m_fp_list, node) { if (inode == file_inode(lfp->filp)) { atomic_dec(&ci->m_count); lfp = ksmbd_fp_get(lfp); - read_unlock(&ci->m_lock); + up_read(&ci->m_lock); return lfp; } } atomic_dec(&ci->m_count); - read_unlock(&ci->m_lock); + up_read(&ci->m_lock); return NULL; } @@ -705,13 +705,13 @@ static bool session_fd_check(struct ksmbd_tree_connect *tcon, conn = fp->conn; ci = fp->f_ci; - write_lock(&ci->m_lock); + down_write(&ci->m_lock); list_for_each_entry_rcu(op, &ci->m_op_list, op_entry) { if (op->conn != conn) continue; op->conn = NULL; } - write_unlock(&ci->m_lock); + up_write(&ci->m_lock); fp->conn = NULL; fp->tcon = NULL; @@ -801,13 +801,13 @@ int ksmbd_reopen_durable_fd(struct ksmbd_work *work, struct ksmbd_file *fp) fp->tcon = work->tcon; ci = fp->f_ci; - write_lock(&ci->m_lock); + down_write(&ci->m_lock); list_for_each_entry_rcu(op, &ci->m_op_list, op_entry) { if (op->conn) continue; op->conn = fp->conn; } - write_unlock(&ci->m_lock); + up_write(&ci->m_lock); __open_id(&work->sess->file_table, fp, OPEN_ID_TYPE_VOLATILE_ID); if (!has_file_id(fp->volatile_id)) { diff --git a/fs/smb/server/vfs_cache.h b/fs/smb/server/vfs_cache.h index ed44fb4e18e7..5a225e7055f1 100644 --- a/fs/smb/server/vfs_cache.h +++ b/fs/smb/server/vfs_cache.h @@ -47,7 +47,7 @@ struct stream { }; struct ksmbd_inode { - rwlock_t m_lock; + struct rw_semaphore m_lock; atomic_t m_count; atomic_t op_count; /* opinfo count for streams */

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] misc/pvpanic-pci: register attributes via pci_driver" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x ee59be35d7a8be7fcaa2d61fb89734ab5c25e4ee # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051340-destitute-overlaid-3681@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: ee59be35d7a8 ("misc/pvpanic-pci: register attributes via pci_driver") c1426d392aeb ("misc/pvpanic: deduplicate common code") 84b0f12a953c ("pvpanic: Indentation fixes here and there") cc5b392d0f94 ("pvpanic: Fix typos in the comments") 33a430419456 ("pvpanic: Keep single style across modules") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ee59be35d7a8be7fcaa2d61fb89734ab5c25e4ee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <linux(a)weissschuh.net> Date: Thu, 11 Apr 2024 23:33:51 +0200 Subject: [PATCH] misc/pvpanic-pci: register attributes via pci_driver MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In __pci_register_driver(), the pci core overwrites the dev_groups field of the embedded struct device_driver with the dev_groups from the outer struct pci_driver unconditionally. Set dev_groups in the pci_driver to make sure it is used. This was broken since the introduction of pvpanic-pci. Fixes: db3a4f0abefd ("misc/pvpanic: add PCI driver") Cc: stable(a)vger.kernel.org Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> Fixes: ded13b9cfd59 ("PCI: Add support for dev_groups to struct pci_driver") Link: https://lore.kernel.org/r/20240411-pvpanic-pci-dev-groups-v1-1-db8cb69f1b09… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/misc/pvpanic/pvpanic-pci.c b/drivers/misc/pvpanic/pvpanic-pci.c index 9ad20e82785b..b21598a18f6d 100644 --- a/drivers/misc/pvpanic/pvpanic-pci.c +++ b/drivers/misc/pvpanic/pvpanic-pci.c @@ -44,8 +44,6 @@ static struct pci_driver pvpanic_pci_driver = { .name = "pvpanic-pci", .id_table = pvpanic_pci_id_tbl, .probe = pvpanic_pci_probe, - .driver = { - .dev_groups = pvpanic_dev_groups, - }, + .dev_groups = pvpanic_dev_groups, }; module_pci_driver(pvpanic_pci_driver);

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] misc/pvpanic-pci: register attributes via pci_driver" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x ee59be35d7a8be7fcaa2d61fb89734ab5c25e4ee # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051340-puma-unshaven-405c@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: ee59be35d7a8 ("misc/pvpanic-pci: register attributes via pci_driver") c1426d392aeb ("misc/pvpanic: deduplicate common code") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ee59be35d7a8be7fcaa2d61fb89734ab5c25e4ee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <linux(a)weissschuh.net> Date: Thu, 11 Apr 2024 23:33:51 +0200 Subject: [PATCH] misc/pvpanic-pci: register attributes via pci_driver MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In __pci_register_driver(), the pci core overwrites the dev_groups field of the embedded struct device_driver with the dev_groups from the outer struct pci_driver unconditionally. Set dev_groups in the pci_driver to make sure it is used. This was broken since the introduction of pvpanic-pci. Fixes: db3a4f0abefd ("misc/pvpanic: add PCI driver") Cc: stable(a)vger.kernel.org Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> Fixes: ded13b9cfd59 ("PCI: Add support for dev_groups to struct pci_driver") Link: https://lore.kernel.org/r/20240411-pvpanic-pci-dev-groups-v1-1-db8cb69f1b09… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/misc/pvpanic/pvpanic-pci.c b/drivers/misc/pvpanic/pvpanic-pci.c index 9ad20e82785b..b21598a18f6d 100644 --- a/drivers/misc/pvpanic/pvpanic-pci.c +++ b/drivers/misc/pvpanic/pvpanic-pci.c @@ -44,8 +44,6 @@ static struct pci_driver pvpanic_pci_driver = { .name = "pvpanic-pci", .id_table = pvpanic_pci_id_tbl, .probe = pvpanic_pci_probe, - .driver = { - .dev_groups = pvpanic_dev_groups, - }, + .dev_groups = pvpanic_dev_groups, }; module_pci_driver(pvpanic_pci_driver);

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] misc/pvpanic-pci: register attributes via pci_driver" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x ee59be35d7a8be7fcaa2d61fb89734ab5c25e4ee # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051339-strut-alienable-25c7@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: ee59be35d7a8 ("misc/pvpanic-pci: register attributes via pci_driver") c1426d392aeb ("misc/pvpanic: deduplicate common code") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ee59be35d7a8be7fcaa2d61fb89734ab5c25e4ee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <linux(a)weissschuh.net> Date: Thu, 11 Apr 2024 23:33:51 +0200 Subject: [PATCH] misc/pvpanic-pci: register attributes via pci_driver MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In __pci_register_driver(), the pci core overwrites the dev_groups field of the embedded struct device_driver with the dev_groups from the outer struct pci_driver unconditionally. Set dev_groups in the pci_driver to make sure it is used. This was broken since the introduction of pvpanic-pci. Fixes: db3a4f0abefd ("misc/pvpanic: add PCI driver") Cc: stable(a)vger.kernel.org Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> Fixes: ded13b9cfd59 ("PCI: Add support for dev_groups to struct pci_driver") Link: https://lore.kernel.org/r/20240411-pvpanic-pci-dev-groups-v1-1-db8cb69f1b09… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/misc/pvpanic/pvpanic-pci.c b/drivers/misc/pvpanic/pvpanic-pci.c index 9ad20e82785b..b21598a18f6d 100644 --- a/drivers/misc/pvpanic/pvpanic-pci.c +++ b/drivers/misc/pvpanic/pvpanic-pci.c @@ -44,8 +44,6 @@ static struct pci_driver pvpanic_pci_driver = { .name = "pvpanic-pci", .id_table = pvpanic_pci_id_tbl, .probe = pvpanic_pci_probe, - .driver = { - .dev_groups = pvpanic_dev_groups, - }, + .dev_groups = pvpanic_dev_groups, }; module_pci_driver(pvpanic_pci_driver);

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: sa8155p-adp: fix SDHC2 CD pin configuration" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 819fe8c96a5172dfd960e5945e8f00f8fed32953 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051326-filter-stoplight-c8cc@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 819fe8c96a51 ("arm64: dts: qcom: sa8155p-adp: fix SDHC2 CD pin configuration") 028fe09cda0a ("arm64: dts: qcom: sm8150: align TLMM pin configuration with DT schema") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 819fe8c96a5172dfd960e5945e8f00f8fed32953 Mon Sep 17 00:00:00 2001 From: Volodymyr Babchuk <Volodymyr_Babchuk(a)epam.com> Date: Fri, 12 Apr 2024 19:03:25 +0000 Subject: [PATCH] arm64: dts: qcom: sa8155p-adp: fix SDHC2 CD pin configuration There are two issues with SDHC2 configuration for SA8155P-ADP, which prevent use of SDHC2 and causes issues with ethernet: - Card Detect pin for SHDC2 on SA8155P-ADP is connected to gpio4 of PMM8155AU_1, not to SoC itself. SoC's gpio4 is used for DWMAC TX. If sdhc driver probes after dwmac driver, it reconfigures gpio4 and this breaks Ethernet MAC. - pinctrl configuration mentions gpio96 as CD pin. It seems it was copied from some SM8150 example, because as mentioned above, correct CD pin is gpio4 on PMM8155AU_1. This patch fixes both mentioned issues by providing correct pin handle and pinctrl configuration. Fixes: 0deb2624e2d0 ("arm64: dts: qcom: sa8155p-adp: Add support for uSD card") Cc: stable(a)vger.kernel.org Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk(a)epam.com> Reviewed-by: Stephan Gerhold <stephan(a)gerhold.net> Link: https://lore.kernel.org/r/20240412190310.1647893-1-volodymyr_babchuk@epam.c… Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/sa8155p-adp.dts b/arch/arm64/boot/dts/qcom/sa8155p-adp.dts index 5e4287f8c8cd..b2cf2c988336 100644 --- a/arch/arm64/boot/dts/qcom/sa8155p-adp.dts +++ b/arch/arm64/boot/dts/qcom/sa8155p-adp.dts @@ -367,6 +367,16 @@ queue0 { }; }; +&pmm8155au_1_gpios { + pmm8155au_1_sdc2_cd: sdc2-cd-default-state { + pins = "gpio4"; + function = "normal"; + input-enable; + bias-pull-up; + power-source = <0>; + }; +}; + &qupv3_id_1 { status = "okay"; }; @@ -384,10 +394,10 @@ &remoteproc_cdsp { &sdhc_2 { status = "okay"; - cd-gpios = <&tlmm 4 GPIO_ACTIVE_LOW>; + cd-gpios = <&pmm8155au_1_gpios 4 GPIO_ACTIVE_LOW>; pinctrl-names = "default", "sleep"; - pinctrl-0 = <&sdc2_on>; - pinctrl-1 = <&sdc2_off>; + pinctrl-0 = <&sdc2_on &pmm8155au_1_sdc2_cd>; + pinctrl-1 = <&sdc2_off &pmm8155au_1_sdc2_cd>; vqmmc-supply = <&vreg_l13c_2p96>; /* IO line power */ vmmc-supply = <&vreg_l17a_2p96>; /* Card power line */ bus-width = <4>; @@ -505,13 +515,6 @@ data-pins { bias-pull-up; /* pull up */ drive-strength = <16>; /* 16 MA */ }; - - sd-cd-pins { - pins = "gpio96"; - function = "gpio"; - bias-pull-up; /* pull up */ - drive-strength = <2>; /* 2 MA */ - }; }; sdc2_off: sdc2-off-state { @@ -532,13 +535,6 @@ data-pins { bias-pull-up; /* pull up */ drive-strength = <2>; /* 2 MA */ }; - - sd-cd-pins { - pins = "gpio96"; - function = "gpio"; - bias-pull-up; /* pull up */ - drive-strength = <2>; /* 2 MA */ - }; }; usb2phy_ac_en1_default: usb2phy-ac-en1-default-state {

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Fix incorrect DSC instance for MST" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 892b41b16f6163e6556545835abba668fcab4eea # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051305-sudden-directed-5647@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 892b41b16f61 ("drm/amd/display: Fix incorrect DSC instance for MST") f8e12e770e80 ("drm/amd/display: drop unnecessary NULL checks in debugfs") e3b0079be8f0 ("drm/amd/display: Clean up some inconsistent indenting") 5d5c6dba2b43 ("drm/amd/display: Fix memory leak") 712343cd21ea ("drm/amd/display: Add function and debugfs to dump DCC_EN bit") 46a83eba276c ("drm/amd/display: Add debugfs to control DMUB trace buffer events") 0dd795323405 ("drm/amdgpu/display: Implement functions to let DC allocate GPU memory") 0b7421f0a6a4 ("drm/amd/display: Old sequence for HUBP blank") e7a30ade740f ("Revert "drm/amd/display: Unblank hubp based on plane visibility"") afd3a359c452 ("drm/amd/display: do not use drm middle layer for debugfs") dbb7898ac1bc ("drm/amd/display: Drop SOC bounding box hookup in DM/DC") d209124ddae3 ("drm/amd/display: enable HUBP blank behaviour") 985faf2c4ecb ("drm/amd/display: New sequence for HUBP blank") fd1c85d3ac2c ("drm/amd/display: Unblank hubp based on plane visibility") 5a83bf80723d ("drm/amd/display: Use provided offset for DPG generation") 9a3e698c0758 ("drm/amd/display: init soc bounding box for dcn3.01.") 20f2ffe50472 ("drm/amdgpu: fold CONFIG_DRM_AMD_DC_DCN3* into CONFIG_DRM_AMD_DC_DCN (v3)") 4dbcdc9cada2 ("drm/amd/display: fix the NULL pointer that missed set_disp_pattern_generator callback") b15bfd0d8613 ("drm/amd/display: Revert HUBP blank behaviour for now") dbf5256bbf19 ("drm/amd/display: Blank HUBP during pixel data blank for DCN30 v2") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 892b41b16f6163e6556545835abba668fcab4eea Mon Sep 17 00:00:00 2001 From: Hersen Wu <hersenxs.wu(a)amd.com> Date: Tue, 13 Feb 2024 14:26:06 -0500 Subject: [PATCH] drm/amd/display: Fix incorrect DSC instance for MST [Why] DSC debugfs, such as dp_dsc_clock_en_read, use aconnector->dc_link to find pipe_ctx for display. Displays connected to MST hub share the same dc_link. DSC instance is from pipe_ctx. This causes incorrect DSC instance for display connected to MST hub. [How] Add aconnector->sink check to find pipe_ctx. CC: stable(a)vger.kernel.org Reviewed-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Signed-off-by: Hersen Wu <hersenxs.wu(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c index eee4945653e2..c7715a17f388 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c @@ -1495,7 +1495,9 @@ static ssize_t dp_dsc_clock_en_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1596,7 +1598,9 @@ static ssize_t dp_dsc_clock_en_write(struct file *f, const char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1681,7 +1685,9 @@ static ssize_t dp_dsc_slice_width_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1780,7 +1786,9 @@ static ssize_t dp_dsc_slice_width_write(struct file *f, const char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1865,7 +1873,9 @@ static ssize_t dp_dsc_slice_height_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1964,7 +1974,9 @@ static ssize_t dp_dsc_slice_height_write(struct file *f, const char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2045,7 +2057,9 @@ static ssize_t dp_dsc_bits_per_pixel_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2141,7 +2155,9 @@ static ssize_t dp_dsc_bits_per_pixel_write(struct file *f, const char __user *bu for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2220,7 +2236,9 @@ static ssize_t dp_dsc_pic_width_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2276,7 +2294,9 @@ static ssize_t dp_dsc_pic_height_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2347,7 +2367,9 @@ static ssize_t dp_dsc_chunk_size_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2418,7 +2440,9 @@ static ssize_t dp_dsc_slice_bpg_offset_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; }

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Fix incorrect DSC instance for MST" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 892b41b16f6163e6556545835abba668fcab4eea # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051306-spender-monotone-7bf7@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 892b41b16f61 ("drm/amd/display: Fix incorrect DSC instance for MST") f8e12e770e80 ("drm/amd/display: drop unnecessary NULL checks in debugfs") e3b0079be8f0 ("drm/amd/display: Clean up some inconsistent indenting") 5d5c6dba2b43 ("drm/amd/display: Fix memory leak") 712343cd21ea ("drm/amd/display: Add function and debugfs to dump DCC_EN bit") 46a83eba276c ("drm/amd/display: Add debugfs to control DMUB trace buffer events") 0dd795323405 ("drm/amdgpu/display: Implement functions to let DC allocate GPU memory") 0b7421f0a6a4 ("drm/amd/display: Old sequence for HUBP blank") e7a30ade740f ("Revert "drm/amd/display: Unblank hubp based on plane visibility"") afd3a359c452 ("drm/amd/display: do not use drm middle layer for debugfs") dbb7898ac1bc ("drm/amd/display: Drop SOC bounding box hookup in DM/DC") d209124ddae3 ("drm/amd/display: enable HUBP blank behaviour") 985faf2c4ecb ("drm/amd/display: New sequence for HUBP blank") fd1c85d3ac2c ("drm/amd/display: Unblank hubp based on plane visibility") 5a83bf80723d ("drm/amd/display: Use provided offset for DPG generation") 9a3e698c0758 ("drm/amd/display: init soc bounding box for dcn3.01.") 20f2ffe50472 ("drm/amdgpu: fold CONFIG_DRM_AMD_DC_DCN3* into CONFIG_DRM_AMD_DC_DCN (v3)") 4dbcdc9cada2 ("drm/amd/display: fix the NULL pointer that missed set_disp_pattern_generator callback") b15bfd0d8613 ("drm/amd/display: Revert HUBP blank behaviour for now") dbf5256bbf19 ("drm/amd/display: Blank HUBP during pixel data blank for DCN30 v2") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 892b41b16f6163e6556545835abba668fcab4eea Mon Sep 17 00:00:00 2001 From: Hersen Wu <hersenxs.wu(a)amd.com> Date: Tue, 13 Feb 2024 14:26:06 -0500 Subject: [PATCH] drm/amd/display: Fix incorrect DSC instance for MST [Why] DSC debugfs, such as dp_dsc_clock_en_read, use aconnector->dc_link to find pipe_ctx for display. Displays connected to MST hub share the same dc_link. DSC instance is from pipe_ctx. This causes incorrect DSC instance for display connected to MST hub. [How] Add aconnector->sink check to find pipe_ctx. CC: stable(a)vger.kernel.org Reviewed-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Signed-off-by: Hersen Wu <hersenxs.wu(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c index eee4945653e2..c7715a17f388 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c @@ -1495,7 +1495,9 @@ static ssize_t dp_dsc_clock_en_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1596,7 +1598,9 @@ static ssize_t dp_dsc_clock_en_write(struct file *f, const char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1681,7 +1685,9 @@ static ssize_t dp_dsc_slice_width_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1780,7 +1786,9 @@ static ssize_t dp_dsc_slice_width_write(struct file *f, const char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1865,7 +1873,9 @@ static ssize_t dp_dsc_slice_height_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1964,7 +1974,9 @@ static ssize_t dp_dsc_slice_height_write(struct file *f, const char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2045,7 +2057,9 @@ static ssize_t dp_dsc_bits_per_pixel_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2141,7 +2155,9 @@ static ssize_t dp_dsc_bits_per_pixel_write(struct file *f, const char __user *bu for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2220,7 +2236,9 @@ static ssize_t dp_dsc_pic_width_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2276,7 +2294,9 @@ static ssize_t dp_dsc_pic_height_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2347,7 +2367,9 @@ static ssize_t dp_dsc_chunk_size_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2418,7 +2440,9 @@ static ssize_t dp_dsc_slice_bpg_offset_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; }

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Fix incorrect DSC instance for MST" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 892b41b16f6163e6556545835abba668fcab4eea # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051305-onslaught-twins-2da3@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 892b41b16f61 ("drm/amd/display: Fix incorrect DSC instance for MST") f8e12e770e80 ("drm/amd/display: drop unnecessary NULL checks in debugfs") e3b0079be8f0 ("drm/amd/display: Clean up some inconsistent indenting") 5d5c6dba2b43 ("drm/amd/display: Fix memory leak") 712343cd21ea ("drm/amd/display: Add function and debugfs to dump DCC_EN bit") 46a83eba276c ("drm/amd/display: Add debugfs to control DMUB trace buffer events") 0dd795323405 ("drm/amdgpu/display: Implement functions to let DC allocate GPU memory") 0b7421f0a6a4 ("drm/amd/display: Old sequence for HUBP blank") e7a30ade740f ("Revert "drm/amd/display: Unblank hubp based on plane visibility"") afd3a359c452 ("drm/amd/display: do not use drm middle layer for debugfs") dbb7898ac1bc ("drm/amd/display: Drop SOC bounding box hookup in DM/DC") d209124ddae3 ("drm/amd/display: enable HUBP blank behaviour") 985faf2c4ecb ("drm/amd/display: New sequence for HUBP blank") fd1c85d3ac2c ("drm/amd/display: Unblank hubp based on plane visibility") 5a83bf80723d ("drm/amd/display: Use provided offset for DPG generation") 9a3e698c0758 ("drm/amd/display: init soc bounding box for dcn3.01.") 20f2ffe50472 ("drm/amdgpu: fold CONFIG_DRM_AMD_DC_DCN3* into CONFIG_DRM_AMD_DC_DCN (v3)") 4dbcdc9cada2 ("drm/amd/display: fix the NULL pointer that missed set_disp_pattern_generator callback") b15bfd0d8613 ("drm/amd/display: Revert HUBP blank behaviour for now") dbf5256bbf19 ("drm/amd/display: Blank HUBP during pixel data blank for DCN30 v2") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 892b41b16f6163e6556545835abba668fcab4eea Mon Sep 17 00:00:00 2001 From: Hersen Wu <hersenxs.wu(a)amd.com> Date: Tue, 13 Feb 2024 14:26:06 -0500 Subject: [PATCH] drm/amd/display: Fix incorrect DSC instance for MST [Why] DSC debugfs, such as dp_dsc_clock_en_read, use aconnector->dc_link to find pipe_ctx for display. Displays connected to MST hub share the same dc_link. DSC instance is from pipe_ctx. This causes incorrect DSC instance for display connected to MST hub. [How] Add aconnector->sink check to find pipe_ctx. CC: stable(a)vger.kernel.org Reviewed-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Signed-off-by: Hersen Wu <hersenxs.wu(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c index eee4945653e2..c7715a17f388 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c @@ -1495,7 +1495,9 @@ static ssize_t dp_dsc_clock_en_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1596,7 +1598,9 @@ static ssize_t dp_dsc_clock_en_write(struct file *f, const char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1681,7 +1685,9 @@ static ssize_t dp_dsc_slice_width_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1780,7 +1786,9 @@ static ssize_t dp_dsc_slice_width_write(struct file *f, const char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1865,7 +1873,9 @@ static ssize_t dp_dsc_slice_height_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1964,7 +1974,9 @@ static ssize_t dp_dsc_slice_height_write(struct file *f, const char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2045,7 +2057,9 @@ static ssize_t dp_dsc_bits_per_pixel_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2141,7 +2155,9 @@ static ssize_t dp_dsc_bits_per_pixel_write(struct file *f, const char __user *bu for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2220,7 +2236,9 @@ static ssize_t dp_dsc_pic_width_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2276,7 +2294,9 @@ static ssize_t dp_dsc_pic_height_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2347,7 +2367,9 @@ static ssize_t dp_dsc_chunk_size_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2418,7 +2440,9 @@ static ssize_t dp_dsc_slice_bpg_offset_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; }

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Fix incorrect DSC instance for MST" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 892b41b16f6163e6556545835abba668fcab4eea # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051304-resonant-pruning-3657@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 892b41b16f61 ("drm/amd/display: Fix incorrect DSC instance for MST") f8e12e770e80 ("drm/amd/display: drop unnecessary NULL checks in debugfs") e3b0079be8f0 ("drm/amd/display: Clean up some inconsistent indenting") 5d5c6dba2b43 ("drm/amd/display: Fix memory leak") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 892b41b16f6163e6556545835abba668fcab4eea Mon Sep 17 00:00:00 2001 From: Hersen Wu <hersenxs.wu(a)amd.com> Date: Tue, 13 Feb 2024 14:26:06 -0500 Subject: [PATCH] drm/amd/display: Fix incorrect DSC instance for MST [Why] DSC debugfs, such as dp_dsc_clock_en_read, use aconnector->dc_link to find pipe_ctx for display. Displays connected to MST hub share the same dc_link. DSC instance is from pipe_ctx. This causes incorrect DSC instance for display connected to MST hub. [How] Add aconnector->sink check to find pipe_ctx. CC: stable(a)vger.kernel.org Reviewed-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Signed-off-by: Hersen Wu <hersenxs.wu(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c index eee4945653e2..c7715a17f388 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c @@ -1495,7 +1495,9 @@ static ssize_t dp_dsc_clock_en_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1596,7 +1598,9 @@ static ssize_t dp_dsc_clock_en_write(struct file *f, const char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1681,7 +1685,9 @@ static ssize_t dp_dsc_slice_width_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1780,7 +1786,9 @@ static ssize_t dp_dsc_slice_width_write(struct file *f, const char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1865,7 +1873,9 @@ static ssize_t dp_dsc_slice_height_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1964,7 +1974,9 @@ static ssize_t dp_dsc_slice_height_write(struct file *f, const char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2045,7 +2057,9 @@ static ssize_t dp_dsc_bits_per_pixel_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2141,7 +2155,9 @@ static ssize_t dp_dsc_bits_per_pixel_write(struct file *f, const char __user *bu for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2220,7 +2236,9 @@ static ssize_t dp_dsc_pic_width_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2276,7 +2294,9 @@ static ssize_t dp_dsc_pic_height_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2347,7 +2367,9 @@ static ssize_t dp_dsc_chunk_size_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2418,7 +2440,9 @@ static ssize_t dp_dsc_slice_bpg_offset_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; }

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Fix incorrect DSC instance for MST" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 892b41b16f6163e6556545835abba668fcab4eea # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051303-ribcage-visor-6e15@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 892b41b16f61 ("drm/amd/display: Fix incorrect DSC instance for MST") f8e12e770e80 ("drm/amd/display: drop unnecessary NULL checks in debugfs") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 892b41b16f6163e6556545835abba668fcab4eea Mon Sep 17 00:00:00 2001 From: Hersen Wu <hersenxs.wu(a)amd.com> Date: Tue, 13 Feb 2024 14:26:06 -0500 Subject: [PATCH] drm/amd/display: Fix incorrect DSC instance for MST [Why] DSC debugfs, such as dp_dsc_clock_en_read, use aconnector->dc_link to find pipe_ctx for display. Displays connected to MST hub share the same dc_link. DSC instance is from pipe_ctx. This causes incorrect DSC instance for display connected to MST hub. [How] Add aconnector->sink check to find pipe_ctx. CC: stable(a)vger.kernel.org Reviewed-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Signed-off-by: Hersen Wu <hersenxs.wu(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c index eee4945653e2..c7715a17f388 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c @@ -1495,7 +1495,9 @@ static ssize_t dp_dsc_clock_en_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1596,7 +1598,9 @@ static ssize_t dp_dsc_clock_en_write(struct file *f, const char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1681,7 +1685,9 @@ static ssize_t dp_dsc_slice_width_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1780,7 +1786,9 @@ static ssize_t dp_dsc_slice_width_write(struct file *f, const char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1865,7 +1873,9 @@ static ssize_t dp_dsc_slice_height_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1964,7 +1974,9 @@ static ssize_t dp_dsc_slice_height_write(struct file *f, const char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2045,7 +2057,9 @@ static ssize_t dp_dsc_bits_per_pixel_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2141,7 +2155,9 @@ static ssize_t dp_dsc_bits_per_pixel_write(struct file *f, const char __user *bu for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2220,7 +2236,9 @@ static ssize_t dp_dsc_pic_width_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2276,7 +2294,9 @@ static ssize_t dp_dsc_pic_height_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2347,7 +2367,9 @@ static ssize_t dp_dsc_chunk_size_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2418,7 +2440,9 @@ static ssize_t dp_dsc_slice_bpg_offset_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; }

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Handle Y carry-over in VCP X.Y calculation" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 719564737a9ac3d0b49c314450b56cf6f7d71358 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051350-decent-trout-e701@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 719564737a9a ("drm/amd/display: Handle Y carry-over in VCP X.Y calculation") 3bc8d9214679 ("drm/amd/display: Add DP 2.0 HPO Link Encoder") 83228ebb82e4 ("drm/amd/display: Add DP 2.0 HPO Stream Encoder") 61452908a79e ("drm/amd/display: Add DP 2.0 Audio Package Generator") 926d6972efb6 ("drm/amd/display: Add DCN3.1 blocks to the DC Makefile") 2083640f0d5b ("drm/amd/display: Add DCN3.1 Resource") cbaf919f3313 ("drm/amd/display: Add DCN3.1 DIO") cd6d421e3d1a ("drm/amd/display: Initial DC support for Beige Goby") 2ff3cf823882 ("drm/amd/display: Fix hangs with psr enabled on dcn3.xx") 8cf9575d7079 ("drm/amd/display: Fix DSC enable sequence") 66611a721b59 ("drm/amd/display: Add debug flag to enable eDP ILR by default") 42b599732ee1 ("drm/amdgpu/display: fix memory leak for dimgrey cavefish") e1f4328f22c0 ("drm/amd/display: Update link encoder object creation") 4f8e37dbaf58 ("drm/amd/display: Support for DMUB AUX") 1e3489136968 ("drm/amd/display: 3.2.124") 77a2b7265f20 ("drm/amd/display: Synchronize displays with different timings") 97628eb5ac20 ("drm/amd/display: 3.2.123") ef4dd6b2757e ("drm/amd/display: 3.2.122") 6fce5bcee582 ("drm/amd/display: move edp sink present detection to hw init") f1e17351984c ("drm/amd/display: 3.2.121") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 719564737a9ac3d0b49c314450b56cf6f7d71358 Mon Sep 17 00:00:00 2001 From: George Shen <george.shen(a)amd.com> Date: Thu, 16 Sep 2021 19:55:39 -0400 Subject: [PATCH] drm/amd/display: Handle Y carry-over in VCP X.Y calculation Theoretically rare corner case where ceil(Y) results in rounding up to an integer. If this happens, the 1 should be carried over to the X value. CC: stable(a)vger.kernel.org Reviewed-by: Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> Signed-off-by: George Shen <george.shen(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hpo_dp_link_encoder.c b/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hpo_dp_link_encoder.c index 5b7ad38f85e0..65e45a0b4ff3 100644 --- a/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hpo_dp_link_encoder.c +++ b/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hpo_dp_link_encoder.c @@ -395,6 +395,12 @@ void dcn31_hpo_dp_link_enc_set_throttled_vcp_size( x), 25)); + // If y rounds up to integer, carry it over to x. + if (y >> 25) { + x += 1; + y = 0; + } + switch (stream_encoder_inst) { case 0: REG_SET_2(DP_DPHY_SYM32_VC_RATE_CNTL0, 0,

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Handle Y carry-over in VCP X.Y calculation" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 719564737a9ac3d0b49c314450b56cf6f7d71358 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051348-unclad-penpal-8f46@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 719564737a9a ("drm/amd/display: Handle Y carry-over in VCP X.Y calculation") 3bc8d9214679 ("drm/amd/display: Add DP 2.0 HPO Link Encoder") 83228ebb82e4 ("drm/amd/display: Add DP 2.0 HPO Stream Encoder") 61452908a79e ("drm/amd/display: Add DP 2.0 Audio Package Generator") 926d6972efb6 ("drm/amd/display: Add DCN3.1 blocks to the DC Makefile") 2083640f0d5b ("drm/amd/display: Add DCN3.1 Resource") cbaf919f3313 ("drm/amd/display: Add DCN3.1 DIO") cd6d421e3d1a ("drm/amd/display: Initial DC support for Beige Goby") 2ff3cf823882 ("drm/amd/display: Fix hangs with psr enabled on dcn3.xx") 8cf9575d7079 ("drm/amd/display: Fix DSC enable sequence") 66611a721b59 ("drm/amd/display: Add debug flag to enable eDP ILR by default") 42b599732ee1 ("drm/amdgpu/display: fix memory leak for dimgrey cavefish") e1f4328f22c0 ("drm/amd/display: Update link encoder object creation") 4f8e37dbaf58 ("drm/amd/display: Support for DMUB AUX") 1e3489136968 ("drm/amd/display: 3.2.124") 77a2b7265f20 ("drm/amd/display: Synchronize displays with different timings") 97628eb5ac20 ("drm/amd/display: 3.2.123") ef4dd6b2757e ("drm/amd/display: 3.2.122") 6fce5bcee582 ("drm/amd/display: move edp sink present detection to hw init") f1e17351984c ("drm/amd/display: 3.2.121") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 719564737a9ac3d0b49c314450b56cf6f7d71358 Mon Sep 17 00:00:00 2001 From: George Shen <george.shen(a)amd.com> Date: Thu, 16 Sep 2021 19:55:39 -0400 Subject: [PATCH] drm/amd/display: Handle Y carry-over in VCP X.Y calculation Theoretically rare corner case where ceil(Y) results in rounding up to an integer. If this happens, the 1 should be carried over to the X value. CC: stable(a)vger.kernel.org Reviewed-by: Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> Signed-off-by: George Shen <george.shen(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hpo_dp_link_encoder.c b/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hpo_dp_link_encoder.c index 5b7ad38f85e0..65e45a0b4ff3 100644 --- a/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hpo_dp_link_encoder.c +++ b/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hpo_dp_link_encoder.c @@ -395,6 +395,12 @@ void dcn31_hpo_dp_link_enc_set_throttled_vcp_size( x), 25)); + // If y rounds up to integer, carry it over to x. + if (y >> 25) { + x += 1; + y = 0; + } + switch (stream_encoder_inst) { case 0: REG_SET_2(DP_DPHY_SYM32_VC_RATE_CNTL0, 0,

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Handle Y carry-over in VCP X.Y calculation" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 719564737a9ac3d0b49c314450b56cf6f7d71358 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051349-suitcase-strive-29c2@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 719564737a9a ("drm/amd/display: Handle Y carry-over in VCP X.Y calculation") 3bc8d9214679 ("drm/amd/display: Add DP 2.0 HPO Link Encoder") 83228ebb82e4 ("drm/amd/display: Add DP 2.0 HPO Stream Encoder") 61452908a79e ("drm/amd/display: Add DP 2.0 Audio Package Generator") 926d6972efb6 ("drm/amd/display: Add DCN3.1 blocks to the DC Makefile") 2083640f0d5b ("drm/amd/display: Add DCN3.1 Resource") cbaf919f3313 ("drm/amd/display: Add DCN3.1 DIO") cd6d421e3d1a ("drm/amd/display: Initial DC support for Beige Goby") 2ff3cf823882 ("drm/amd/display: Fix hangs with psr enabled on dcn3.xx") 8cf9575d7079 ("drm/amd/display: Fix DSC enable sequence") 66611a721b59 ("drm/amd/display: Add debug flag to enable eDP ILR by default") 42b599732ee1 ("drm/amdgpu/display: fix memory leak for dimgrey cavefish") e1f4328f22c0 ("drm/amd/display: Update link encoder object creation") 4f8e37dbaf58 ("drm/amd/display: Support for DMUB AUX") 1e3489136968 ("drm/amd/display: 3.2.124") 77a2b7265f20 ("drm/amd/display: Synchronize displays with different timings") 97628eb5ac20 ("drm/amd/display: 3.2.123") ef4dd6b2757e ("drm/amd/display: 3.2.122") 6fce5bcee582 ("drm/amd/display: move edp sink present detection to hw init") f1e17351984c ("drm/amd/display: 3.2.121") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 719564737a9ac3d0b49c314450b56cf6f7d71358 Mon Sep 17 00:00:00 2001 From: George Shen <george.shen(a)amd.com> Date: Thu, 16 Sep 2021 19:55:39 -0400 Subject: [PATCH] drm/amd/display: Handle Y carry-over in VCP X.Y calculation Theoretically rare corner case where ceil(Y) results in rounding up to an integer. If this happens, the 1 should be carried over to the X value. CC: stable(a)vger.kernel.org Reviewed-by: Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> Signed-off-by: George Shen <george.shen(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hpo_dp_link_encoder.c b/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hpo_dp_link_encoder.c index 5b7ad38f85e0..65e45a0b4ff3 100644 --- a/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hpo_dp_link_encoder.c +++ b/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hpo_dp_link_encoder.c @@ -395,6 +395,12 @@ void dcn31_hpo_dp_link_enc_set_throttled_vcp_size( x), 25)); + // If y rounds up to integer, carry it over to x. + if (y >> 25) { + x += 1; + y = 0; + } + switch (stream_encoder_inst) { case 0: REG_SET_2(DP_DPHY_SYM32_VC_RATE_CNTL0, 0,

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Handle Y carry-over in VCP X.Y calculation" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 719564737a9ac3d0b49c314450b56cf6f7d71358 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051348-consensus-polygon-1044@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 719564737a9a ("drm/amd/display: Handle Y carry-over in VCP X.Y calculation") 3bc8d9214679 ("drm/amd/display: Add DP 2.0 HPO Link Encoder") 83228ebb82e4 ("drm/amd/display: Add DP 2.0 HPO Stream Encoder") 61452908a79e ("drm/amd/display: Add DP 2.0 Audio Package Generator") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 719564737a9ac3d0b49c314450b56cf6f7d71358 Mon Sep 17 00:00:00 2001 From: George Shen <george.shen(a)amd.com> Date: Thu, 16 Sep 2021 19:55:39 -0400 Subject: [PATCH] drm/amd/display: Handle Y carry-over in VCP X.Y calculation Theoretically rare corner case where ceil(Y) results in rounding up to an integer. If this happens, the 1 should be carried over to the X value. CC: stable(a)vger.kernel.org Reviewed-by: Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> Signed-off-by: George Shen <george.shen(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hpo_dp_link_encoder.c b/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hpo_dp_link_encoder.c index 5b7ad38f85e0..65e45a0b4ff3 100644 --- a/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hpo_dp_link_encoder.c +++ b/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hpo_dp_link_encoder.c @@ -395,6 +395,12 @@ void dcn31_hpo_dp_link_enc_set_throttled_vcp_size( x), 25)); + // If y rounds up to integer, carry it over to x. + if (y >> 25) { + x += 1; + y = 0; + } + switch (stream_encoder_inst) { case 0: REG_SET_2(DP_DPHY_SYM32_VC_RATE_CNTL0, 0,

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] drm/amdkfd: don't allow mapping the MMIO HDP page with large" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x be4a2a81b6b90d1a47eaeaace4cc8e2cb57b96c7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051310-outcast-feisty-83a7@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: be4a2a81b6b9 ("drm/amdkfd: don't allow mapping the MMIO HDP page with large pages") b38c074b2b07 ("drm/amdkfd: CRIU Refactor restore BO function") 67a359d85ec2 ("drm/amdkfd: CRIU remove sync and TLB flush on restore") 22804e03f7a5 ("drm/amdkfd: Fix criu_restore_bo error handling") d8a25e485857 ("drm/amdkfd: fix loop error handling") e5af61ffaaef ("drm/amdkfd: CRIU fix a NULL vs IS_ERR() check") be072b06c739 ("drm/amdkfd: CRIU export BOs as prime dmabuf objects") bef153b70c6e ("drm/amdkfd: CRIU implement gpu_id remapping") 40e8a766a761 ("drm/amdkfd: CRIU checkpoint and restore events") 42c6c48214b7 ("drm/amdkfd: CRIU checkpoint and restore queue mqds") 2485c12c980a ("drm/amdkfd: CRIU restore sdma id for queues") 8668dfc30d3e ("drm/amdkfd: CRIU restore queue ids") 626f7b3190b4 ("drm/amdkfd: CRIU add queues support") cd9f79103003 ("drm/amdkfd: CRIU Implement KFD unpause operation") 011bbb03024f ("drm/amdkfd: CRIU Implement KFD resume ioctl") 73fa13b6a511 ("drm/amdkfd: CRIU Implement KFD restore ioctl") 5ccbb057c0a1 ("drm/amdkfd: CRIU Implement KFD checkpoint ioctl") f185381b6481 ("drm/amdkfd: CRIU Implement KFD process_info ioctl") 3698807094ec ("drm/amdkfd: CRIU Introduce Checkpoint-Restore APIs") f61c40c0757a ("drm/amdkfd: enable heavy-weight TLB flush on Arcturus") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From be4a2a81b6b90d1a47eaeaace4cc8e2cb57b96c7 Mon Sep 17 00:00:00 2001 From: Alex Deucher <alexander.deucher(a)amd.com> Date: Sun, 14 Apr 2024 13:06:39 -0400 Subject: [PATCH] drm/amdkfd: don't allow mapping the MMIO HDP page with large pages We don't get the right offset in that case. The GPU has an unused 4K area of the register BAR space into which you can remap registers. We remap the HDP flush registers into this space to allow userspace (CPU or GPU) to flush the HDP when it updates VRAM. However, on systems with >4K pages, we end up exposing PAGE_SIZE of MMIO space. Fixes: d8e408a82704 ("drm/amdkfd: Expose HDP registers to user space") Reviewed-by: Felix Kuehling <felix.kuehling(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c index 55aa74cbc532..1e6cc0bfc432 100644 --- a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c +++ b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c @@ -1139,7 +1139,7 @@ static int kfd_ioctl_alloc_memory_of_gpu(struct file *filep, goto err_unlock; } offset = dev->adev->rmmio_remap.bus_addr; - if (!offset) { + if (!offset || (PAGE_SIZE > 4096)) { err = -ENOMEM; goto err_unlock; } @@ -2307,7 +2307,7 @@ static int criu_restore_memory_of_gpu(struct kfd_process_device *pdd, return -EINVAL; } offset = pdd->dev->adev->rmmio_remap.bus_addr; - if (!offset) { + if (!offset || (PAGE_SIZE > 4096)) { pr_err("amdgpu_amdkfd_get_mmio_remap_phys_addr failed\n"); return -ENOMEM; } @@ -3349,6 +3349,9 @@ static int kfd_mmio_mmap(struct kfd_node *dev, struct kfd_process *process, if (vma->vm_end - vma->vm_start != PAGE_SIZE) return -EINVAL; + if (PAGE_SIZE > 4096) + return -EINVAL; + address = dev->adev->rmmio_remap.bus_addr; vm_flags_set(vma, VM_IO | VM_DONTCOPY | VM_DONTEXPAND | VM_NORESERVE |

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] drm/amdkfd: don't allow mapping the MMIO HDP page with large" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x be4a2a81b6b90d1a47eaeaace4cc8e2cb57b96c7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051310-stoppable-backyard-6cff@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: be4a2a81b6b9 ("drm/amdkfd: don't allow mapping the MMIO HDP page with large pages") b38c074b2b07 ("drm/amdkfd: CRIU Refactor restore BO function") 67a359d85ec2 ("drm/amdkfd: CRIU remove sync and TLB flush on restore") 22804e03f7a5 ("drm/amdkfd: Fix criu_restore_bo error handling") d8a25e485857 ("drm/amdkfd: fix loop error handling") e5af61ffaaef ("drm/amdkfd: CRIU fix a NULL vs IS_ERR() check") be072b06c739 ("drm/amdkfd: CRIU export BOs as prime dmabuf objects") bef153b70c6e ("drm/amdkfd: CRIU implement gpu_id remapping") 40e8a766a761 ("drm/amdkfd: CRIU checkpoint and restore events") 42c6c48214b7 ("drm/amdkfd: CRIU checkpoint and restore queue mqds") 2485c12c980a ("drm/amdkfd: CRIU restore sdma id for queues") 8668dfc30d3e ("drm/amdkfd: CRIU restore queue ids") 626f7b3190b4 ("drm/amdkfd: CRIU add queues support") cd9f79103003 ("drm/amdkfd: CRIU Implement KFD unpause operation") 011bbb03024f ("drm/amdkfd: CRIU Implement KFD resume ioctl") 73fa13b6a511 ("drm/amdkfd: CRIU Implement KFD restore ioctl") 5ccbb057c0a1 ("drm/amdkfd: CRIU Implement KFD checkpoint ioctl") f185381b6481 ("drm/amdkfd: CRIU Implement KFD process_info ioctl") 3698807094ec ("drm/amdkfd: CRIU Introduce Checkpoint-Restore APIs") f61c40c0757a ("drm/amdkfd: enable heavy-weight TLB flush on Arcturus") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From be4a2a81b6b90d1a47eaeaace4cc8e2cb57b96c7 Mon Sep 17 00:00:00 2001 From: Alex Deucher <alexander.deucher(a)amd.com> Date: Sun, 14 Apr 2024 13:06:39 -0400 Subject: [PATCH] drm/amdkfd: don't allow mapping the MMIO HDP page with large pages We don't get the right offset in that case. The GPU has an unused 4K area of the register BAR space into which you can remap registers. We remap the HDP flush registers into this space to allow userspace (CPU or GPU) to flush the HDP when it updates VRAM. However, on systems with >4K pages, we end up exposing PAGE_SIZE of MMIO space. Fixes: d8e408a82704 ("drm/amdkfd: Expose HDP registers to user space") Reviewed-by: Felix Kuehling <felix.kuehling(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c index 55aa74cbc532..1e6cc0bfc432 100644 --- a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c +++ b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c @@ -1139,7 +1139,7 @@ static int kfd_ioctl_alloc_memory_of_gpu(struct file *filep, goto err_unlock; } offset = dev->adev->rmmio_remap.bus_addr; - if (!offset) { + if (!offset || (PAGE_SIZE > 4096)) { err = -ENOMEM; goto err_unlock; } @@ -2307,7 +2307,7 @@ static int criu_restore_memory_of_gpu(struct kfd_process_device *pdd, return -EINVAL; } offset = pdd->dev->adev->rmmio_remap.bus_addr; - if (!offset) { + if (!offset || (PAGE_SIZE > 4096)) { pr_err("amdgpu_amdkfd_get_mmio_remap_phys_addr failed\n"); return -ENOMEM; } @@ -3349,6 +3349,9 @@ static int kfd_mmio_mmap(struct kfd_node *dev, struct kfd_process *process, if (vma->vm_end - vma->vm_start != PAGE_SIZE) return -EINVAL; + if (PAGE_SIZE > 4096) + return -EINVAL; + address = dev->adev->rmmio_remap.bus_addr; vm_flags_set(vma, VM_IO | VM_DONTCOPY | VM_DONTEXPAND | VM_NORESERVE |

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] drm/amdkfd: don't allow mapping the MMIO HDP page with large" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x be4a2a81b6b90d1a47eaeaace4cc8e2cb57b96c7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051309-blanching-list-a7ab@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: be4a2a81b6b9 ("drm/amdkfd: don't allow mapping the MMIO HDP page with large pages") b38c074b2b07 ("drm/amdkfd: CRIU Refactor restore BO function") 67a359d85ec2 ("drm/amdkfd: CRIU remove sync and TLB flush on restore") 22804e03f7a5 ("drm/amdkfd: Fix criu_restore_bo error handling") d8a25e485857 ("drm/amdkfd: fix loop error handling") e5af61ffaaef ("drm/amdkfd: CRIU fix a NULL vs IS_ERR() check") be072b06c739 ("drm/amdkfd: CRIU export BOs as prime dmabuf objects") bef153b70c6e ("drm/amdkfd: CRIU implement gpu_id remapping") 40e8a766a761 ("drm/amdkfd: CRIU checkpoint and restore events") 42c6c48214b7 ("drm/amdkfd: CRIU checkpoint and restore queue mqds") 2485c12c980a ("drm/amdkfd: CRIU restore sdma id for queues") 8668dfc30d3e ("drm/amdkfd: CRIU restore queue ids") 626f7b3190b4 ("drm/amdkfd: CRIU add queues support") cd9f79103003 ("drm/amdkfd: CRIU Implement KFD unpause operation") 011bbb03024f ("drm/amdkfd: CRIU Implement KFD resume ioctl") 73fa13b6a511 ("drm/amdkfd: CRIU Implement KFD restore ioctl") 5ccbb057c0a1 ("drm/amdkfd: CRIU Implement KFD checkpoint ioctl") f185381b6481 ("drm/amdkfd: CRIU Implement KFD process_info ioctl") 3698807094ec ("drm/amdkfd: CRIU Introduce Checkpoint-Restore APIs") f61c40c0757a ("drm/amdkfd: enable heavy-weight TLB flush on Arcturus") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From be4a2a81b6b90d1a47eaeaace4cc8e2cb57b96c7 Mon Sep 17 00:00:00 2001 From: Alex Deucher <alexander.deucher(a)amd.com> Date: Sun, 14 Apr 2024 13:06:39 -0400 Subject: [PATCH] drm/amdkfd: don't allow mapping the MMIO HDP page with large pages We don't get the right offset in that case. The GPU has an unused 4K area of the register BAR space into which you can remap registers. We remap the HDP flush registers into this space to allow userspace (CPU or GPU) to flush the HDP when it updates VRAM. However, on systems with >4K pages, we end up exposing PAGE_SIZE of MMIO space. Fixes: d8e408a82704 ("drm/amdkfd: Expose HDP registers to user space") Reviewed-by: Felix Kuehling <felix.kuehling(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c index 55aa74cbc532..1e6cc0bfc432 100644 --- a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c +++ b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c @@ -1139,7 +1139,7 @@ static int kfd_ioctl_alloc_memory_of_gpu(struct file *filep, goto err_unlock; } offset = dev->adev->rmmio_remap.bus_addr; - if (!offset) { + if (!offset || (PAGE_SIZE > 4096)) { err = -ENOMEM; goto err_unlock; } @@ -2307,7 +2307,7 @@ static int criu_restore_memory_of_gpu(struct kfd_process_device *pdd, return -EINVAL; } offset = pdd->dev->adev->rmmio_remap.bus_addr; - if (!offset) { + if (!offset || (PAGE_SIZE > 4096)) { pr_err("amdgpu_amdkfd_get_mmio_remap_phys_addr failed\n"); return -ENOMEM; } @@ -3349,6 +3349,9 @@ static int kfd_mmio_mmap(struct kfd_node *dev, struct kfd_process *process, if (vma->vm_end - vma->vm_start != PAGE_SIZE) return -EINVAL; + if (PAGE_SIZE > 4096) + return -EINVAL; + address = dev->adev->rmmio_remap.bus_addr; vm_flags_set(vma, VM_IO | VM_DONTCOPY | VM_DONTEXPAND | VM_NORESERVE |

1 year, 4 months

1
0
0 0

[PATCH 1/2] SELinux: Fix lsm_get_self_attr()

by Mickaël Salaün

selinux_lsm_getattr() may not initialize the value's pointer in some case. As for proc_pid_attr_read(), initialize this pointer to NULL in selinux_getselfattr() to avoid an UAF in the kfree() call. Cc: Casey Schaufler <casey(a)schaufler-ca.com> Cc: Paul Moore <paul(a)paul-moore.com> Cc: stable(a)vger.kernel.org Fixes: 762c934317e6 ("SELinux: Add selfattr hooks") Signed-off-by: Mickaël Salaün <mic(a)digikod.net> --- security/selinux/hooks.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index a6bf90ace84c..338b023a8c3e 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -6559,7 +6559,7 @@ static int selinux_getselfattr(unsigned int attr, struct lsm_ctx __user *ctx, size_t *size, u32 flags) { int rc; - char *val; + char *val = NULL; int val_len; val_len = selinux_lsm_getattr(attr, current, &val); -- 2.43.0

1 year, 4 months

3
16
0 0

[PATCH v3 2/2] PCI: pciehp: Abort hot-plug if pci_hp_add_bridge() fails

by Nam Cao

If a bridge is hot-added without any bus number available for its downstream bus, pci_hp_add_bridge() will fail. However, the driver proceeds regardless, and the kernel crashes. This crash can be reproduced with the QEMU command: qemu-system-x86_64 -machine pc-q35-2.10 \ -kernel bzImage \ -drive "file=img,format=raw" \ -m 2048 -smp 2 -enable-kvm \ -append "console=ttyS0 root=/dev/sda" \ -nographic \ -device pcie-root-port,bus=pcie.0,id=rp1,slot=1,bus-reserve=0 then hot-plug a bridge at runtime with the QEMU command: device_add pcie-pci-bridge,id=br1,bus=rp1 and the kernel crashes: pcieport 0000:00:03.0: pciehp: Slot(1): Button press: will power on in 5 sec pcieport 0000:00:03.0: pciehp: Slot(1): Card present pcieport 0000:00:03.0: pciehp: Slot(1): Link Up pci 0000:01:00.0: [1b36:000e] type 01 class 0x060400 PCIe to PCI/PCI-X bridge pci 0000:01:00.0: BAR 0 [mem 0x00000000-0x000000ff 64bit] pci 0000:01:00.0: PCI bridge to [bus 00] pci 0000:01:00.0: bridge window [io 0x0000-0x0fff] pci 0000:01:00.0: bridge window [mem 0x00000000-0x000fffff] pci 0000:01:00.0: bridge window [mem 0x00000000-0x000fffff 64bit pref] pci 0000:01:00.0: No bus number available for hot-added bridge (note: kernel should abort hot-plugging right here) pci 0000:01:00.0: BAR 0 [mem 0xfe800000-0xfe8000ff 64bit]: assigned pcieport 0000:00:03.0: PCI bridge to [bus 01] pcieport 0000:00:03.0: bridge window [io 0x1000-0x1fff] pcieport 0000:00:03.0: bridge window [mem 0xfe800000-0xfe9fffff] pcieport 0000:00:03.0: bridge window [mem 0xfe000000-0xfe1fffff 64bit pref] shpchp 0000:01:00.0: HPC vendor_id 1b36 device_id e ss_vid 0 ss_did 0 shpchp 0000:01:00.0: enabling device (0000 -> 0002) BUG: kernel NULL pointer dereference, address: 00000000000000da PGD 0 P4D 0 Oops: 0002 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 46 Comm: irq/24-pciehp Not tainted 6.9.0-rc1-00001-g2e0239d47d75 #33 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 RIP: 0010:shpc_init+0x3fb/0x9d0 [stack dump and register dump cut out] Fix this by aborting the hot-plug if pci_hp_add_bridge() fails. Fixes: 0eb3bcfd088e ("[PATCH] pciehp: allow bridged card hotplug") Signed-off-by: Nam Cao <namcao(a)linutronix.de> Cc: <stable(a)vger.kernel.org> --- v3: revert back to the solution in v1 (calling pci_stop_and_remove_bus_device() and returning negative error code) v2: - remove "Cc: Rajesh Shah <rajesh.shah(a)intel.com>" (this address bounce) - add more information to commit message - return 0 instead of -EINVAL drivers/pci/hotplug/pciehp_pci.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/pci/hotplug/pciehp_pci.c b/drivers/pci/hotplug/pciehp_pci.c index ad12515a4a12..de783d7c8a16 100644 --- a/drivers/pci/hotplug/pciehp_pci.c +++ b/drivers/pci/hotplug/pciehp_pci.c @@ -59,7 +59,11 @@ int pciehp_configure_device(struct controller *ctrl) } for_each_pci_bridge(dev, parent) - pci_hp_add_bridge(dev); + if (pci_hp_add_bridge(dev)) { + pci_stop_and_remove_bus_device(dev); + ret = -EINVAL; + goto out; + } pci_assign_unassigned_bridge_resources(bridge); pcie_bus_configure_settings(parent); -- 2.39.2

1 year, 4 months

1
0
0 0

[PATCH v3 1/2] PCI: shpchp: Abort hot-plug if pci_hp_add_bridge() fails

by Nam Cao

If a bridge is hot-added without any bus number available for its downstream bus, pci_hp_add_bridge() will fail. However, the driver proceeds regardless, and the kernel crashes. This crash can be reproduced with the QEMU command: qemu-system-x86_64 -machine pc-q35-2.10 \ -kernel bzImage \ -drive "file=img,format=raw" \ -m 2048 -smp 2 -enable-kvm \ -append "console=ttyS0 root=/dev/sda" \ -nographic \ -device pcie-root-port,bus=pcie.0,id=rp1,slot=1,bus-reserve=0 \ -device pcie-pci-bridge,id=br1,bus=rp1 then hot-plug a bridge at runtime with the QEMU command: device_add pci-bridge,id=br2,bus=br1,chassis_nr=1,addr=1 and the kernel crashes: shpchp 0000:01:00.0: Latch close on Slot(1-1) shpchp 0000:01:00.0: Button pressed on Slot(1-1) shpchp 0000:01:00.0: Card present on Slot(1-1) shpchp 0000:01:00.0: PCI slot #1-1 - powering on due to button press pci 0000:02:01.0: [1b36:0001] type 01 class 0x060400 conventional PCI bridge pci 0000:02:01.0: BAR 0 [mem 0x00000000-0x000000ff 64bit] pci 0000:02:01.0: PCI bridge to [bus 00] pci 0000:02:01.0: bridge window [io 0x0000-0x0fff] pci 0000:02:01.0: bridge window [mem 0x00000000-0x000fffff] pci 0000:02:01.0: bridge window [mem 0x00000000-0x000fffff 64bit pref] pci 0000:02:01.0: No bus number available for hot-added bridge (note: kernel should abort hot-plugging right here) pci 0000:02:01.0: BAR 0 [mem 0xfe600000-0xfe6000ff 64bit]: assigned shpchp 0000:01:00.0: PCI bridge to [bus 02] shpchp 0000:01:00.0: bridge window [io 0xc000-0xcfff] shpchp 0000:01:00.0: bridge window [mem 0xfe600000-0xfe7fffff] shpchp 0000:01:00.0: bridge window [mem 0xfe000000-0xfe1fffff 64bit pref] shpchp 0000:02:01.0: HPC vendor_id 1b36 device_id 1 ss_vid 0 ss_did 0 shpchp 0000:02:01.0: enabling device (0000 -> 0002) ACPI: \_SB_.GSIE: Enabled at IRQ 20 BUG: kernel NULL pointer dereference, address: 00000000000000da PGD 0 P4D 0 Oops: 0002 [#1] PREEMPT SMP NOPTI CPU: 1 PID: 66 Comm: kworker/1:2 Not tainted 6.9.0-rc1-00001-g2e0239d47d75 #33 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 Workqueue: shpchp-1 shpchp_pushbutton_thread RIP: 0010:shpc_init+0x3fb/0x9d0 [stack dump and register dump cut out] Fix this by aborting the hot-plug if pci_hp_add_bridge() fails. Fixes: 7d01f70ac6f4 ("PCI: shpchp: use generic pci_hp_add_bridge()") Signed-off-by: Nam Cao <namcao(a)linutronix.de> Cc: Yinghai Lu <yinghai(a)kernel.org> Cc: <stable(a)vger.kernel.org> --- v3: revert back to the solution in v1 (calling pci_stop_and_remove_bus_device() and returning negative error code) v2: - add more information to commit description - return 0 instead of -EINVAL drivers/pci/hotplug/shpchp_pci.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/drivers/pci/hotplug/shpchp_pci.c b/drivers/pci/hotplug/shpchp_pci.c index 36db0c3c4ea6..2ac98bdc83d9 100644 --- a/drivers/pci/hotplug/shpchp_pci.c +++ b/drivers/pci/hotplug/shpchp_pci.c @@ -48,8 +48,13 @@ int shpchp_configure_device(struct slot *p_slot) } for_each_pci_bridge(dev, parent) { - if (PCI_SLOT(dev->devfn) == p_slot->device) - pci_hp_add_bridge(dev); + if (PCI_SLOT(dev->devfn) == p_slot->device) { + if (pci_hp_add_bridge(dev)) { + pci_stop_and_remove_bus_device(dev); + ret = -EINVAL; + goto out; + } + } } pci_assign_unassigned_bridge_resources(bridge); -- 2.39.2

1 year, 4 months

1
0
0 0

Re: Patch "spi: axi-spi-engine: fix version format string" has been added to the 6.1-stable tree

by David Lechner

On 5/6/24 2:30 PM, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > spi: axi-spi-engine: fix version format string > > to the 6.1-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > spi-axi-spi-engine-fix-version-format-string.patch > and it can be found in the queue-6.1 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > Does not meet the criteria for stable. (only fixes theoretical problem, not actual documented problem)

1 year, 4 months

2
2
0 0

Re: Patch "spi: axi-spi-engine: Convert to platform remove callback returning void" has been added to the 6.1-stable tree

by David Lechner

On 5/6/24 2:30 PM, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > spi: axi-spi-engine: Convert to platform remove callback returning void > > to the 6.1-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > spi-axi-spi-engine-convert-to-platform-remove-callba.patch > and it can be found in the queue-6.1 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > Does not meet the criteria for stable.

1 year, 4 months

4
7
0 0

[PATCH v2] drm/i915: Fix memory leak by correcting cache object name in error handler

by Jiasheng Jiang

Replace "slab_priorities" with "slab_dependencies" in the error handler to avoid memory leak. Fixes: 32eb6bcfdda9 ("drm/i915: Make request allocation caches global") Cc: <stable(a)vger.kernel.org> # v5.2+ Reviewed-by: Nirmoy Das <nirmoy.das(a)intel.com> Signed-off-by: Jiasheng Jiang <jiashengjiangcool(a)outlook.com> --- Changelog: v1 -> v2: 1. Alter the subject. --- drivers/gpu/drm/i915/i915_scheduler.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/i915/i915_scheduler.c b/drivers/gpu/drm/i915/i915_scheduler.c index 762127dd56c5..70a854557e6e 100644 --- a/drivers/gpu/drm/i915/i915_scheduler.c +++ b/drivers/gpu/drm/i915/i915_scheduler.c @@ -506,6 +506,6 @@ int __init i915_scheduler_module_init(void) return 0; err_priorities: - kmem_cache_destroy(slab_priorities); + kmem_cache_destroy(slab_dependencies); return -ENOMEM; } -- 2.25.1

1 year, 4 months

1
0
0 0

[PATCH v2] drm/i915: Fix memory leak by correcting cache object name in error handler

by Jiasheng Jiang

Replace "slab_priorities" with "slab_dependencies" in the error handler to avoid memory leak. Fixes: 32eb6bcfdda9 ("drm/i915: Make request allocation caches global") Signed-off-by: Jiasheng Jiang <jiashengjiangcool(a)outlook.com> --- Changelog: v1 -> v2: 1. Alter the subject. --- drivers/gpu/drm/i915/i915_scheduler.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/i915/i915_scheduler.c b/drivers/gpu/drm/i915/i915_scheduler.c index 762127dd56c5..70a854557e6e 100644 --- a/drivers/gpu/drm/i915/i915_scheduler.c +++ b/drivers/gpu/drm/i915/i915_scheduler.c @@ -506,6 +506,6 @@ int __init i915_scheduler_module_init(void) return 0; err_priorities: - kmem_cache_destroy(slab_priorities); + kmem_cache_destroy(slab_dependencies); return -ENOMEM; } -- 2.25.1

1 year, 4 months

2
1
0 0

Old commit back-port

by Alex Elder

This commit landed in Linux v5.16, and should have been back-ported to stable branches: 0ac10b291bee8 arm64: dts: qcom: Fix 'interrupt-map' parent address cells It has three hunks, and the commit can be cherry-picked directly into the 5.15.y and 5.10.y stable branches. The first hunk fixes a problem first introduced in Linux v5.2, so that hunk (only) should be back-ported to v5.4.y. Signed-off-by: Alex Elder <elder(a)linaro.org> Is there anything further I need to do? If you'd prefer I send patches, I can do that also (just ask). Thanks. -Alex Rob's original fix in Linus' tree: 0ac10b291bee8 arm64: dts: qcom: Fix 'interrupt-map' parent address cells This first landed in v5.16. The commit that introduced the problem in the first hunk: b84dfd175c098 arm64: dts: qcom: msm8998: Add PCIe PHY and RC nodes This first landed in v5.2, so back-port to v5.4.y, v5.10.y, v5.15.y. The commit that introduced the problem in the second hunk: 5c538e09cb19b arm64: dts: qcom: sdm845: Add first PCIe controller and PHY This first landed in v5.7, so back-port to v5.10.y, v5.15.y The commit that introduced the problem in the third hunk: 42ad231338c14 arm64: dts: qcom: sdm845: Add second PCIe PHY and controller This first landed in v5.7 also

1 year, 4 months

3
2
0 0

FAILED: patch "[PATCH] ASoC: ti: davinci-mcasp: Fix race condition during probe" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x d18ca8635db2f88c17acbdf6412f26d4f6aff414 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051308-sullen-plug-a6fb@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: d18ca8635db2 ("ASoC: ti: davinci-mcasp: Fix race condition during probe") 1b4fb70e5b28 ("ASoC: ti: davinci-mcasp: Handle missing required DT properties") 1125d925990b ("ASoC: ti: davinci-mcasp: Simplify the configuration parameter handling") db8793a39b29 ("ASoC: ti: davinci-mcasp: Remove legacy dma_request parsing") 372c4bd11de1 ("ASoC: ti: davinci-mcasp: Use platform_get_irq_byname_optional") 19f6e424d615 ("ASoC: ti: davinci-mcasp: remove always zero of davinci_mcasp_get_dt_params") f4d95de415b2 ("ASoC: ti: davinci-mcasp: remove redundant assignment to variable ret") 764958f2b523 ("ASoC: ti: davinci-mcasp: Support for auxclk-fs-ratio") 540f1ba7b3a5 ("ASoC: ti: davinci-mcasp: Add support for GPIO mode of the pins") 617547175507 ("ASoC: ti: davinci-mcasp: Move context save/restore to runtime_pm callbacks") f2055e145f29 ("ASoC: ti: Merge davinci and omap directories") bc1845498531 ("ASoC: davinci-mcasp: Implement configurable dismod handling") ca3d9433349e ("ASoC: davinci-mcasp: Update PDIR (pin direction) register handling") 9c34d023dc35 ("ASoC: omap-mcbsp: Re-arrange files for core McBSP and Sidetone function split") be51c576e849 ("ASoC: omap-mcbsp: Move out the FIFO check from set_threshold and get_delay") 59d177f65f50 ("ASoC: omap-mcbsp: Simplify the mcbsp_start/_stop function parameters") d63a7625a6df ("ASoC: omap-mcbsp: Clean up the interrupt handlers") c9ece9c29e26 ("ASoC: omap-mcbsp: Skip dma_data.maxburst initialization") dd443a7c0b00 ("ASoC: omap-mcbsp: Clean up dma_data addr initialization code") 2c2596f3ab25 ("ASoC: omap: Remove unused machine driver for AM3517-evm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d18ca8635db2f88c17acbdf6412f26d4f6aff414 Mon Sep 17 00:00:00 2001 From: Joao Paulo Goncalves <joao.goncalves(a)toradex.com> Date: Wed, 17 Apr 2024 15:41:38 -0300 Subject: [PATCH] ASoC: ti: davinci-mcasp: Fix race condition during probe When using davinci-mcasp as CPU DAI with simple-card, there are some conditions that cause simple-card to finish registering a sound card before davinci-mcasp finishes registering all sound components. This creates a non-working sound card from userspace with no problem indication apart from not being able to play/record audio on a PCM stream. The issue arises during simultaneous probe execution of both drivers. Specifically, the simple-card driver, awaiting a CPU DAI, proceeds as soon as davinci-mcasp registers its DAI. However, this process can lead to the client mutex lock (client_mutex in soc-core.c) being held or davinci-mcasp being preempted before PCM DMA registration on davinci-mcasp finishes. This situation occurs when the probes of both drivers run concurrently. Below is the code path for this condition. To solve the issue, defer davinci-mcasp CPU DAI registration to the last step in the audio part of it. This way, simple-card CPU DAI parsing will be deferred until all audio components are registered. Fail Code Path: simple-card.c: probe starts simple-card.c: simple_dai_link_of: simple_parse_node(..,cpu,..) returns EPROBE_DEFER, no CPU DAI yet davinci-mcasp.c: probe starts davinci-mcasp.c: devm_snd_soc_register_component() register CPU DAI simple-card.c: probes again, finish CPU DAI parsing and call devm_snd_soc_register_card() simple-card.c: finish probe davinci-mcasp.c: *dma_pcm_platform_register() register PCM DMA davinci-mcasp.c: probe finish Cc: stable(a)vger.kernel.org Fixes: 9fbd58cf4ab0 ("ASoC: davinci-mcasp: Choose PCM driver based on configured DMA controller") Signed-off-by: Joao Paulo Goncalves <joao.goncalves(a)toradex.com> Acked-by: Peter Ujfalusi <peter.ujfalusi(a)gmail.com> Reviewed-by: Jai Luthra <j-luthra(a)ti.com> Link: https://lore.kernel.org/r/20240417184138.1104774-1-jpaulo.silvagoncalves@gm… Signed-off-by: Mark Brown <broonie(a)kernel.org> diff --git a/sound/soc/ti/davinci-mcasp.c b/sound/soc/ti/davinci-mcasp.c index b892d66f7847..1e760c315521 100644 --- a/sound/soc/ti/davinci-mcasp.c +++ b/sound/soc/ti/davinci-mcasp.c @@ -2417,12 +2417,6 @@ static int davinci_mcasp_probe(struct platform_device *pdev) mcasp_reparent_fck(pdev); - ret = devm_snd_soc_register_component(&pdev->dev, &davinci_mcasp_component, - &davinci_mcasp_dai[mcasp->op_mode], 1); - - if (ret != 0) - goto err; - ret = davinci_mcasp_get_dma_type(mcasp); switch (ret) { case PCM_EDMA: @@ -2449,6 +2443,12 @@ static int davinci_mcasp_probe(struct platform_device *pdev) goto err; } + ret = devm_snd_soc_register_component(&pdev->dev, &davinci_mcasp_component, + &davinci_mcasp_dai[mcasp->op_mode], 1); + + if (ret != 0) + goto err; + no_audio: ret = davinci_mcasp_init_gpiochip(mcasp); if (ret) {

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] ASoC: ti: davinci-mcasp: Fix race condition during probe" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x d18ca8635db2f88c17acbdf6412f26d4f6aff414 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051302-deluge-renovate-d904@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: d18ca8635db2 ("ASoC: ti: davinci-mcasp: Fix race condition during probe") 1b4fb70e5b28 ("ASoC: ti: davinci-mcasp: Handle missing required DT properties") 1125d925990b ("ASoC: ti: davinci-mcasp: Simplify the configuration parameter handling") db8793a39b29 ("ASoC: ti: davinci-mcasp: Remove legacy dma_request parsing") 372c4bd11de1 ("ASoC: ti: davinci-mcasp: Use platform_get_irq_byname_optional") 19f6e424d615 ("ASoC: ti: davinci-mcasp: remove always zero of davinci_mcasp_get_dt_params") f4d95de415b2 ("ASoC: ti: davinci-mcasp: remove redundant assignment to variable ret") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d18ca8635db2f88c17acbdf6412f26d4f6aff414 Mon Sep 17 00:00:00 2001 From: Joao Paulo Goncalves <joao.goncalves(a)toradex.com> Date: Wed, 17 Apr 2024 15:41:38 -0300 Subject: [PATCH] ASoC: ti: davinci-mcasp: Fix race condition during probe When using davinci-mcasp as CPU DAI with simple-card, there are some conditions that cause simple-card to finish registering a sound card before davinci-mcasp finishes registering all sound components. This creates a non-working sound card from userspace with no problem indication apart from not being able to play/record audio on a PCM stream. The issue arises during simultaneous probe execution of both drivers. Specifically, the simple-card driver, awaiting a CPU DAI, proceeds as soon as davinci-mcasp registers its DAI. However, this process can lead to the client mutex lock (client_mutex in soc-core.c) being held or davinci-mcasp being preempted before PCM DMA registration on davinci-mcasp finishes. This situation occurs when the probes of both drivers run concurrently. Below is the code path for this condition. To solve the issue, defer davinci-mcasp CPU DAI registration to the last step in the audio part of it. This way, simple-card CPU DAI parsing will be deferred until all audio components are registered. Fail Code Path: simple-card.c: probe starts simple-card.c: simple_dai_link_of: simple_parse_node(..,cpu,..) returns EPROBE_DEFER, no CPU DAI yet davinci-mcasp.c: probe starts davinci-mcasp.c: devm_snd_soc_register_component() register CPU DAI simple-card.c: probes again, finish CPU DAI parsing and call devm_snd_soc_register_card() simple-card.c: finish probe davinci-mcasp.c: *dma_pcm_platform_register() register PCM DMA davinci-mcasp.c: probe finish Cc: stable(a)vger.kernel.org Fixes: 9fbd58cf4ab0 ("ASoC: davinci-mcasp: Choose PCM driver based on configured DMA controller") Signed-off-by: Joao Paulo Goncalves <joao.goncalves(a)toradex.com> Acked-by: Peter Ujfalusi <peter.ujfalusi(a)gmail.com> Reviewed-by: Jai Luthra <j-luthra(a)ti.com> Link: https://lore.kernel.org/r/20240417184138.1104774-1-jpaulo.silvagoncalves@gm… Signed-off-by: Mark Brown <broonie(a)kernel.org> diff --git a/sound/soc/ti/davinci-mcasp.c b/sound/soc/ti/davinci-mcasp.c index b892d66f7847..1e760c315521 100644 --- a/sound/soc/ti/davinci-mcasp.c +++ b/sound/soc/ti/davinci-mcasp.c @@ -2417,12 +2417,6 @@ static int davinci_mcasp_probe(struct platform_device *pdev) mcasp_reparent_fck(pdev); - ret = devm_snd_soc_register_component(&pdev->dev, &davinci_mcasp_component, - &davinci_mcasp_dai[mcasp->op_mode], 1); - - if (ret != 0) - goto err; - ret = davinci_mcasp_get_dma_type(mcasp); switch (ret) { case PCM_EDMA: @@ -2449,6 +2443,12 @@ static int davinci_mcasp_probe(struct platform_device *pdev) goto err; } + ret = devm_snd_soc_register_component(&pdev->dev, &davinci_mcasp_component, + &davinci_mcasp_dai[mcasp->op_mode], 1); + + if (ret != 0) + goto err; + no_audio: ret = davinci_mcasp_init_gpiochip(mcasp); if (ret) {

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] ASoC: ti: davinci-mcasp: Fix race condition during probe" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x d18ca8635db2f88c17acbdf6412f26d4f6aff414 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051357-errand-chariot-abc6@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: d18ca8635db2 ("ASoC: ti: davinci-mcasp: Fix race condition during probe") 1b4fb70e5b28 ("ASoC: ti: davinci-mcasp: Handle missing required DT properties") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d18ca8635db2f88c17acbdf6412f26d4f6aff414 Mon Sep 17 00:00:00 2001 From: Joao Paulo Goncalves <joao.goncalves(a)toradex.com> Date: Wed, 17 Apr 2024 15:41:38 -0300 Subject: [PATCH] ASoC: ti: davinci-mcasp: Fix race condition during probe When using davinci-mcasp as CPU DAI with simple-card, there are some conditions that cause simple-card to finish registering a sound card before davinci-mcasp finishes registering all sound components. This creates a non-working sound card from userspace with no problem indication apart from not being able to play/record audio on a PCM stream. The issue arises during simultaneous probe execution of both drivers. Specifically, the simple-card driver, awaiting a CPU DAI, proceeds as soon as davinci-mcasp registers its DAI. However, this process can lead to the client mutex lock (client_mutex in soc-core.c) being held or davinci-mcasp being preempted before PCM DMA registration on davinci-mcasp finishes. This situation occurs when the probes of both drivers run concurrently. Below is the code path for this condition. To solve the issue, defer davinci-mcasp CPU DAI registration to the last step in the audio part of it. This way, simple-card CPU DAI parsing will be deferred until all audio components are registered. Fail Code Path: simple-card.c: probe starts simple-card.c: simple_dai_link_of: simple_parse_node(..,cpu,..) returns EPROBE_DEFER, no CPU DAI yet davinci-mcasp.c: probe starts davinci-mcasp.c: devm_snd_soc_register_component() register CPU DAI simple-card.c: probes again, finish CPU DAI parsing and call devm_snd_soc_register_card() simple-card.c: finish probe davinci-mcasp.c: *dma_pcm_platform_register() register PCM DMA davinci-mcasp.c: probe finish Cc: stable(a)vger.kernel.org Fixes: 9fbd58cf4ab0 ("ASoC: davinci-mcasp: Choose PCM driver based on configured DMA controller") Signed-off-by: Joao Paulo Goncalves <joao.goncalves(a)toradex.com> Acked-by: Peter Ujfalusi <peter.ujfalusi(a)gmail.com> Reviewed-by: Jai Luthra <j-luthra(a)ti.com> Link: https://lore.kernel.org/r/20240417184138.1104774-1-jpaulo.silvagoncalves@gm… Signed-off-by: Mark Brown <broonie(a)kernel.org> diff --git a/sound/soc/ti/davinci-mcasp.c b/sound/soc/ti/davinci-mcasp.c index b892d66f7847..1e760c315521 100644 --- a/sound/soc/ti/davinci-mcasp.c +++ b/sound/soc/ti/davinci-mcasp.c @@ -2417,12 +2417,6 @@ static int davinci_mcasp_probe(struct platform_device *pdev) mcasp_reparent_fck(pdev); - ret = devm_snd_soc_register_component(&pdev->dev, &davinci_mcasp_component, - &davinci_mcasp_dai[mcasp->op_mode], 1); - - if (ret != 0) - goto err; - ret = davinci_mcasp_get_dma_type(mcasp); switch (ret) { case PCM_EDMA: @@ -2449,6 +2443,12 @@ static int davinci_mcasp_probe(struct platform_device *pdev) goto err; } + ret = devm_snd_soc_register_component(&pdev->dev, &davinci_mcasp_component, + &davinci_mcasp_dai[mcasp->op_mode], 1); + + if (ret != 0) + goto err; + no_audio: ret = davinci_mcasp_init_gpiochip(mcasp); if (ret) {

1 year, 4 months

1
0
0 0

Excessive memory usage when infiniband config is enabled

by Brian Baboch

Hello, We discovered that the CONFIG_INFINIBAND_IRDMA configuration option in the linux kernel is causing excessive memory usage on idle mode on specific servers like the DELL VEP4600 (https://www.dell.com/en-us/shop/ipovw/virtual-edge-platform-4600. By default we were using Debian's linux-image-6.1.0-13-amd64 which is the stable 6.1.55-1 amd64, we then compiled the kernel again with the same config file from the stable 6.1.55 tag and had the same problem. We were able to resolve the memory problem by removing the `CONFIG_INFINIBAND_IRDMA` option from the kernel config. The tag used to reproduce the problem is v6.1.55. adding the following config `CONFIG_INFINIBAND_IRDMA=m` causes the excessive memory usage to go from 1.4Gb to 7Gb. Here are the 2 config files used and the outputs showing the Memory usage in both cases. Do you have any ideas regarding this bug, we only had this bug on this specific hardware model mentioned above. Debian version of the linux 6.1.55: #uname -a Linux wibox 6.1.0-13-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.55-1 (2023-09-29) x86_64 GNU/Linux #free -m total used free shared buff/cache available Mem: 15724 6757 8840 3 410 8967 Swap: 0 0 0 Compiled version without INFINIBAND: #uname -a Linux wibox 6.1.55-without-infiniband #75 SMP PREEMPT_DYNAMIC Mon Apr 29 19:06:23 CEST 2024 x86_64 GNU/Linux #free -m total used free shared buff/cache available Mem: 15724 1480 13339 3 1205 14244 Swap: 0 0 0 Thank you,

1 year, 4 months

6
7
0 0

FAILED: patch "[PATCH] net: bcmgenet: synchronize UMAC_CMD access" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 0d5e2a82232605b337972fb2c7d0cbc46898aca1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051303-gab-promoter-a9b1@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 0d5e2a822326 ("net: bcmgenet: synchronize UMAC_CMD access") a9f31047baca ("net: bcmgenet: Fix EEE implementation") 53243d412ec5 ("net: use bool values to pass bool param of phy_init_eee()") fc13d8c03773 ("net: bcmgenet: pull mac_config from adjust_link") fcb5dfe7dc40 ("net: bcmgenet: remove old link state values") 50e356686fa9 ("net: bcmgenet: remove netif_carrier_off from adjust_link") b972b54a68b2 ("net: bcmgenet: Patch PHY interface for dedicated PHY driver") b82f8c3f1409 ("net: fec: add eee mode tx lpi support") 40b5d2f15c09 ("net: dsa: mt7530: Add support for EEE features") 28e303da55b3 ("net: broadcom: share header defining UniMAC registers") 12cf8e75727a ("bgmac: add bgmac_umac_*() helpers for accessing UniMAC registers") c288575f7810 ("net: dsa: mt7530: Add the support of MT7531 switch") 88bdef8be9f6 ("net: dsa: mt7530: Extend device data ready for adding a new hardware") dc8ef938c94e ("net: dsa: mt7530: Refine message in Kconfig") f272285f6abb ("net: dsa: mt7530: fix advertising unsupported 1000baseT_Half") ccaab4d3df98 ("MAINTAINERS: GENET: Add UniMAC MDIO controller files") f69ccc563df0 ("MAINTAINERS: GENET: Add DT binding file") d0cac91817c8 ("MAINTAINERS: GENET: Add missing platform data file") 2f11f0df8474 ("net: bcmgenet: test MPD_EN when resuming") a7f7f6248d97 ("treewide: replace '---help---' in Kconfig files with 'help'") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0d5e2a82232605b337972fb2c7d0cbc46898aca1 Mon Sep 17 00:00:00 2001 From: Doug Berger <opendmb(a)gmail.com> Date: Thu, 25 Apr 2024 15:27:21 -0700 Subject: [PATCH] net: bcmgenet: synchronize UMAC_CMD access The UMAC_CMD register is written from different execution contexts and has insufficient synchronization protections to prevent possible corruption. Of particular concern are the acceses from the phy_device delayed work context used by the adjust_link call and the BH context that may be used by the ndo_set_rx_mode call. A spinlock is added to the driver to protect contended register accesses (i.e. reg_lock) and it is used to synchronize accesses to UMAC_CMD. Fixes: 1c1008c793fa ("net: bcmgenet: add main driver file") Cc: stable(a)vger.kernel.org Signed-off-by: Doug Berger <opendmb(a)gmail.com> Acked-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c index 5452b7dc6e6a..c7e7dac057a3 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c @@ -2467,14 +2467,18 @@ static void umac_enable_set(struct bcmgenet_priv *priv, u32 mask, bool enable) { u32 reg; + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); - if (reg & CMD_SW_RESET) + if (reg & CMD_SW_RESET) { + spin_unlock_bh(&priv->reg_lock); return; + } if (enable) reg |= mask; else reg &= ~mask; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); /* UniMAC stops on a packet boundary, wait for a full-size packet * to be processed @@ -2490,8 +2494,10 @@ static void reset_umac(struct bcmgenet_priv *priv) udelay(10); /* issue soft reset and disable MAC while updating its registers */ + spin_lock_bh(&priv->reg_lock); bcmgenet_umac_writel(priv, CMD_SW_RESET, UMAC_CMD); udelay(2); + spin_unlock_bh(&priv->reg_lock); } static void bcmgenet_intr_disable(struct bcmgenet_priv *priv) @@ -3597,16 +3603,19 @@ static void bcmgenet_set_rx_mode(struct net_device *dev) * 3. The number of filters needed exceeds the number filters * supported by the hardware. */ + spin_lock(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); if ((dev->flags & (IFF_PROMISC | IFF_ALLMULTI)) || (nfilter > MAX_MDF_FILTER)) { reg |= CMD_PROMISC; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock(&priv->reg_lock); bcmgenet_umac_writel(priv, 0, UMAC_MDF_CTRL); return; } else { reg &= ~CMD_PROMISC; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock(&priv->reg_lock); } /* update MDF filter */ @@ -4005,6 +4014,7 @@ static int bcmgenet_probe(struct platform_device *pdev) goto err; } + spin_lock_init(&priv->reg_lock); spin_lock_init(&priv->lock); /* Set default pause parameters */ diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.h b/drivers/net/ethernet/broadcom/genet/bcmgenet.h index 7523b60b3c1c..43b923c48b14 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.h +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.h @@ -1,6 +1,6 @@ /* SPDX-License-Identifier: GPL-2.0-only */ /* - * Copyright (c) 2014-2020 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #ifndef __BCMGENET_H__ @@ -573,6 +573,8 @@ struct bcmgenet_rxnfc_rule { /* device context */ struct bcmgenet_priv { void __iomem *base; + /* reg_lock: lock to serialize access to shared registers */ + spinlock_t reg_lock; enum bcmgenet_version version; struct net_device *dev; diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c b/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c index 7a41cad5788f..1248792d7fd4 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c @@ -2,7 +2,7 @@ /* * Broadcom GENET (Gigabit Ethernet) Wake-on-LAN support * - * Copyright (c) 2014-2020 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #define pr_fmt(fmt) "bcmgenet_wol: " fmt @@ -151,6 +151,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, } /* Can't suspend with WoL if MAC is still in reset */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); if (reg & CMD_SW_RESET) reg &= ~CMD_SW_RESET; @@ -158,6 +159,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, /* disable RX */ reg &= ~CMD_RX_EN; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); mdelay(10); if (priv->wolopts & (WAKE_MAGIC | WAKE_MAGICSECURE)) { @@ -203,6 +205,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, } /* Enable CRC forward */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); priv->crc_fwd_en = 1; reg |= CMD_CRC_FWD; @@ -210,6 +213,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, /* Receiver must be enabled for WOL MP detection */ reg |= CMD_RX_EN; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); reg = UMAC_IRQ_MPD_R; if (hfb_enable) @@ -256,7 +260,9 @@ void bcmgenet_wol_power_up_cfg(struct bcmgenet_priv *priv, } /* Disable CRC Forward */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); reg &= ~CMD_CRC_FWD; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); } diff --git a/drivers/net/ethernet/broadcom/genet/bcmmii.c b/drivers/net/ethernet/broadcom/genet/bcmmii.c index 86a4aa72b3d4..c4a3698cef66 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmmii.c +++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c @@ -76,6 +76,7 @@ static void bcmgenet_mac_config(struct net_device *dev) reg |= RGMII_LINK; bcmgenet_ext_writel(priv, reg, EXT_RGMII_OOB_CTRL); + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); reg &= ~((CMD_SPEED_MASK << CMD_SPEED_SHIFT) | CMD_HD_EN | @@ -88,6 +89,7 @@ static void bcmgenet_mac_config(struct net_device *dev) reg |= CMD_TX_EN | CMD_RX_EN; } bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); active = phy_init_eee(phydev, 0) >= 0; bcmgenet_eee_enable_set(dev,

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] net: bcmgenet: synchronize UMAC_CMD access" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 0d5e2a82232605b337972fb2c7d0cbc46898aca1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051300-stipend-sectional-89da@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 0d5e2a822326 ("net: bcmgenet: synchronize UMAC_CMD access") a9f31047baca ("net: bcmgenet: Fix EEE implementation") 53243d412ec5 ("net: use bool values to pass bool param of phy_init_eee()") fc13d8c03773 ("net: bcmgenet: pull mac_config from adjust_link") fcb5dfe7dc40 ("net: bcmgenet: remove old link state values") 50e356686fa9 ("net: bcmgenet: remove netif_carrier_off from adjust_link") b972b54a68b2 ("net: bcmgenet: Patch PHY interface for dedicated PHY driver") b82f8c3f1409 ("net: fec: add eee mode tx lpi support") 40b5d2f15c09 ("net: dsa: mt7530: Add support for EEE features") 28e303da55b3 ("net: broadcom: share header defining UniMAC registers") 12cf8e75727a ("bgmac: add bgmac_umac_*() helpers for accessing UniMAC registers") c288575f7810 ("net: dsa: mt7530: Add the support of MT7531 switch") 88bdef8be9f6 ("net: dsa: mt7530: Extend device data ready for adding a new hardware") dc8ef938c94e ("net: dsa: mt7530: Refine message in Kconfig") f272285f6abb ("net: dsa: mt7530: fix advertising unsupported 1000baseT_Half") ccaab4d3df98 ("MAINTAINERS: GENET: Add UniMAC MDIO controller files") f69ccc563df0 ("MAINTAINERS: GENET: Add DT binding file") d0cac91817c8 ("MAINTAINERS: GENET: Add missing platform data file") 2f11f0df8474 ("net: bcmgenet: test MPD_EN when resuming") a7f7f6248d97 ("treewide: replace '---help---' in Kconfig files with 'help'") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0d5e2a82232605b337972fb2c7d0cbc46898aca1 Mon Sep 17 00:00:00 2001 From: Doug Berger <opendmb(a)gmail.com> Date: Thu, 25 Apr 2024 15:27:21 -0700 Subject: [PATCH] net: bcmgenet: synchronize UMAC_CMD access The UMAC_CMD register is written from different execution contexts and has insufficient synchronization protections to prevent possible corruption. Of particular concern are the acceses from the phy_device delayed work context used by the adjust_link call and the BH context that may be used by the ndo_set_rx_mode call. A spinlock is added to the driver to protect contended register accesses (i.e. reg_lock) and it is used to synchronize accesses to UMAC_CMD. Fixes: 1c1008c793fa ("net: bcmgenet: add main driver file") Cc: stable(a)vger.kernel.org Signed-off-by: Doug Berger <opendmb(a)gmail.com> Acked-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c index 5452b7dc6e6a..c7e7dac057a3 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c @@ -2467,14 +2467,18 @@ static void umac_enable_set(struct bcmgenet_priv *priv, u32 mask, bool enable) { u32 reg; + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); - if (reg & CMD_SW_RESET) + if (reg & CMD_SW_RESET) { + spin_unlock_bh(&priv->reg_lock); return; + } if (enable) reg |= mask; else reg &= ~mask; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); /* UniMAC stops on a packet boundary, wait for a full-size packet * to be processed @@ -2490,8 +2494,10 @@ static void reset_umac(struct bcmgenet_priv *priv) udelay(10); /* issue soft reset and disable MAC while updating its registers */ + spin_lock_bh(&priv->reg_lock); bcmgenet_umac_writel(priv, CMD_SW_RESET, UMAC_CMD); udelay(2); + spin_unlock_bh(&priv->reg_lock); } static void bcmgenet_intr_disable(struct bcmgenet_priv *priv) @@ -3597,16 +3603,19 @@ static void bcmgenet_set_rx_mode(struct net_device *dev) * 3. The number of filters needed exceeds the number filters * supported by the hardware. */ + spin_lock(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); if ((dev->flags & (IFF_PROMISC | IFF_ALLMULTI)) || (nfilter > MAX_MDF_FILTER)) { reg |= CMD_PROMISC; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock(&priv->reg_lock); bcmgenet_umac_writel(priv, 0, UMAC_MDF_CTRL); return; } else { reg &= ~CMD_PROMISC; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock(&priv->reg_lock); } /* update MDF filter */ @@ -4005,6 +4014,7 @@ static int bcmgenet_probe(struct platform_device *pdev) goto err; } + spin_lock_init(&priv->reg_lock); spin_lock_init(&priv->lock); /* Set default pause parameters */ diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.h b/drivers/net/ethernet/broadcom/genet/bcmgenet.h index 7523b60b3c1c..43b923c48b14 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.h +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.h @@ -1,6 +1,6 @@ /* SPDX-License-Identifier: GPL-2.0-only */ /* - * Copyright (c) 2014-2020 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #ifndef __BCMGENET_H__ @@ -573,6 +573,8 @@ struct bcmgenet_rxnfc_rule { /* device context */ struct bcmgenet_priv { void __iomem *base; + /* reg_lock: lock to serialize access to shared registers */ + spinlock_t reg_lock; enum bcmgenet_version version; struct net_device *dev; diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c b/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c index 7a41cad5788f..1248792d7fd4 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c @@ -2,7 +2,7 @@ /* * Broadcom GENET (Gigabit Ethernet) Wake-on-LAN support * - * Copyright (c) 2014-2020 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #define pr_fmt(fmt) "bcmgenet_wol: " fmt @@ -151,6 +151,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, } /* Can't suspend with WoL if MAC is still in reset */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); if (reg & CMD_SW_RESET) reg &= ~CMD_SW_RESET; @@ -158,6 +159,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, /* disable RX */ reg &= ~CMD_RX_EN; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); mdelay(10); if (priv->wolopts & (WAKE_MAGIC | WAKE_MAGICSECURE)) { @@ -203,6 +205,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, } /* Enable CRC forward */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); priv->crc_fwd_en = 1; reg |= CMD_CRC_FWD; @@ -210,6 +213,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, /* Receiver must be enabled for WOL MP detection */ reg |= CMD_RX_EN; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); reg = UMAC_IRQ_MPD_R; if (hfb_enable) @@ -256,7 +260,9 @@ void bcmgenet_wol_power_up_cfg(struct bcmgenet_priv *priv, } /* Disable CRC Forward */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); reg &= ~CMD_CRC_FWD; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); } diff --git a/drivers/net/ethernet/broadcom/genet/bcmmii.c b/drivers/net/ethernet/broadcom/genet/bcmmii.c index 86a4aa72b3d4..c4a3698cef66 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmmii.c +++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c @@ -76,6 +76,7 @@ static void bcmgenet_mac_config(struct net_device *dev) reg |= RGMII_LINK; bcmgenet_ext_writel(priv, reg, EXT_RGMII_OOB_CTRL); + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); reg &= ~((CMD_SPEED_MASK << CMD_SPEED_SHIFT) | CMD_HD_EN | @@ -88,6 +89,7 @@ static void bcmgenet_mac_config(struct net_device *dev) reg |= CMD_TX_EN | CMD_RX_EN; } bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); active = phy_init_eee(phydev, 0) >= 0; bcmgenet_eee_enable_set(dev,

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] net: bcmgenet: synchronize use of bcmgenet_set_rx_mode()" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 2dbe5f19368caae63b1f59f5bc2af78c7d522b3a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051323-tinfoil-decoy-9476@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 2dbe5f19368c ("net: bcmgenet: synchronize use of bcmgenet_set_rx_mode()") 1a1d5106c1e3 ("net: bcmgenet: move clk_wol management to bcmgenet_wol") 6f7689057a0f ("net: bcmgenet: Fix WoL with password after deep sleep") 72f96347628e ("net: bcmgenet: set Rx mode before starting netif") 99d55638d4b0 ("net: bcmgenet: enable NETIF_F_HIGHDMA flag") d7ee287827ef ("Merge tag 'blk-dim-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2dbe5f19368caae63b1f59f5bc2af78c7d522b3a Mon Sep 17 00:00:00 2001 From: Doug Berger <opendmb(a)gmail.com> Date: Thu, 25 Apr 2024 15:27:20 -0700 Subject: [PATCH] net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() The ndo_set_rx_mode function is synchronized with the netif_addr_lock spinlock and BHs disabled. Since this function is also invoked directly from the driver the same synchronization should be applied. Fixes: 72f96347628e ("net: bcmgenet: set Rx mode before starting netif") Cc: stable(a)vger.kernel.org Signed-off-by: Doug Berger <opendmb(a)gmail.com> Acked-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c index b1f84b37032a..5452b7dc6e6a 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c @@ -2,7 +2,7 @@ /* * Broadcom GENET (Gigabit Ethernet) controller driver * - * Copyright (c) 2014-2020 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #define pr_fmt(fmt) "bcmgenet: " fmt @@ -3334,7 +3334,9 @@ static void bcmgenet_netif_start(struct net_device *dev) struct bcmgenet_priv *priv = netdev_priv(dev); /* Start the network engine */ + netif_addr_lock_bh(dev); bcmgenet_set_rx_mode(dev); + netif_addr_unlock_bh(dev); bcmgenet_enable_rx_napi(priv); umac_enable_set(priv, CMD_TX_EN | CMD_RX_EN, true);

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] net: bcmgenet: synchronize use of bcmgenet_set_rx_mode()" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 2dbe5f19368caae63b1f59f5bc2af78c7d522b3a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051321-oval-cruelness-c028@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 2dbe5f19368c ("net: bcmgenet: synchronize use of bcmgenet_set_rx_mode()") 1a1d5106c1e3 ("net: bcmgenet: move clk_wol management to bcmgenet_wol") 6f7689057a0f ("net: bcmgenet: Fix WoL with password after deep sleep") 72f96347628e ("net: bcmgenet: set Rx mode before starting netif") 99d55638d4b0 ("net: bcmgenet: enable NETIF_F_HIGHDMA flag") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2dbe5f19368caae63b1f59f5bc2af78c7d522b3a Mon Sep 17 00:00:00 2001 From: Doug Berger <opendmb(a)gmail.com> Date: Thu, 25 Apr 2024 15:27:20 -0700 Subject: [PATCH] net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() The ndo_set_rx_mode function is synchronized with the netif_addr_lock spinlock and BHs disabled. Since this function is also invoked directly from the driver the same synchronization should be applied. Fixes: 72f96347628e ("net: bcmgenet: set Rx mode before starting netif") Cc: stable(a)vger.kernel.org Signed-off-by: Doug Berger <opendmb(a)gmail.com> Acked-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c index b1f84b37032a..5452b7dc6e6a 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c @@ -2,7 +2,7 @@ /* * Broadcom GENET (Gigabit Ethernet) controller driver * - * Copyright (c) 2014-2020 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #define pr_fmt(fmt) "bcmgenet: " fmt @@ -3334,7 +3334,9 @@ static void bcmgenet_netif_start(struct net_device *dev) struct bcmgenet_priv *priv = netdev_priv(dev); /* Start the network engine */ + netif_addr_lock_bh(dev); bcmgenet_set_rx_mode(dev); + netif_addr_unlock_bh(dev); bcmgenet_enable_rx_napi(priv); umac_enable_set(priv, CMD_TX_EN | CMD_RX_EN, true);

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x d85cf67a339685beae1d0aee27b7f61da95455be # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051358-starter-disposal-9d42@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: d85cf67a3396 ("net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access") 696450c05181 ("net: bcmgenet: Clear RGMII_LINK upon link down") fc13d8c03773 ("net: bcmgenet: pull mac_config from adjust_link") fcb5dfe7dc40 ("net: bcmgenet: remove old link state values") 50e356686fa9 ("net: bcmgenet: remove netif_carrier_off from adjust_link") b972b54a68b2 ("net: bcmgenet: Patch PHY interface for dedicated PHY driver") 28e303da55b3 ("net: broadcom: share header defining UniMAC registers") 12cf8e75727a ("bgmac: add bgmac_umac_*() helpers for accessing UniMAC registers") ccaab4d3df98 ("MAINTAINERS: GENET: Add UniMAC MDIO controller files") f69ccc563df0 ("MAINTAINERS: GENET: Add DT binding file") d0cac91817c8 ("MAINTAINERS: GENET: Add missing platform data file") 8c7da63978f1 ("bgmac: configure MTU and add support for frames beyond 8192 byte size") 9fb16955fb66 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d85cf67a339685beae1d0aee27b7f61da95455be Mon Sep 17 00:00:00 2001 From: Doug Berger <opendmb(a)gmail.com> Date: Thu, 25 Apr 2024 15:27:19 -0700 Subject: [PATCH] net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access The EXT_RGMII_OOB_CTRL register can be written from different contexts. It is predominantly written from the adjust_link handler which is synchronized by the phydev->lock, but can also be written from a different context when configuring the mii in bcmgenet_mii_config(). The chances of contention are quite low, but it is conceivable that adjust_link could occur during resume when WoL is enabled so use the phydev->lock synchronizer in bcmgenet_mii_config() to be sure. Fixes: afe3f907d20f ("net: bcmgenet: power on MII block for all MII modes") Cc: stable(a)vger.kernel.org Signed-off-by: Doug Berger <opendmb(a)gmail.com> Acked-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/ethernet/broadcom/genet/bcmmii.c b/drivers/net/ethernet/broadcom/genet/bcmmii.c index 9ada89355747..86a4aa72b3d4 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmmii.c +++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c @@ -2,7 +2,7 @@ /* * Broadcom GENET MDIO routines * - * Copyright (c) 2014-2017 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #include <linux/acpi.h> @@ -275,6 +275,7 @@ int bcmgenet_mii_config(struct net_device *dev, bool init) * block for the interface to work, unconditionally clear the * Out-of-band disable since we do not need it. */ + mutex_lock(&phydev->lock); reg = bcmgenet_ext_readl(priv, EXT_RGMII_OOB_CTRL); reg &= ~OOB_DISABLE; if (priv->ext_phy) { @@ -286,6 +287,7 @@ int bcmgenet_mii_config(struct net_device *dev, bool init) reg |= RGMII_MODE_EN; } bcmgenet_ext_writel(priv, reg, EXT_RGMII_OOB_CTRL); + mutex_unlock(&phydev->lock); if (init) dev_info(kdev, "configuring instance for %s\n", phy_name);

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x d85cf67a339685beae1d0aee27b7f61da95455be # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051350-cornflake-slurp-104b@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: d85cf67a3396 ("net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access") 696450c05181 ("net: bcmgenet: Clear RGMII_LINK upon link down") fc13d8c03773 ("net: bcmgenet: pull mac_config from adjust_link") fcb5dfe7dc40 ("net: bcmgenet: remove old link state values") 50e356686fa9 ("net: bcmgenet: remove netif_carrier_off from adjust_link") b972b54a68b2 ("net: bcmgenet: Patch PHY interface for dedicated PHY driver") 28e303da55b3 ("net: broadcom: share header defining UniMAC registers") 12cf8e75727a ("bgmac: add bgmac_umac_*() helpers for accessing UniMAC registers") ccaab4d3df98 ("MAINTAINERS: GENET: Add UniMAC MDIO controller files") f69ccc563df0 ("MAINTAINERS: GENET: Add DT binding file") d0cac91817c8 ("MAINTAINERS: GENET: Add missing platform data file") 8c7da63978f1 ("bgmac: configure MTU and add support for frames beyond 8192 byte size") 9fb16955fb66 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d85cf67a339685beae1d0aee27b7f61da95455be Mon Sep 17 00:00:00 2001 From: Doug Berger <opendmb(a)gmail.com> Date: Thu, 25 Apr 2024 15:27:19 -0700 Subject: [PATCH] net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access The EXT_RGMII_OOB_CTRL register can be written from different contexts. It is predominantly written from the adjust_link handler which is synchronized by the phydev->lock, but can also be written from a different context when configuring the mii in bcmgenet_mii_config(). The chances of contention are quite low, but it is conceivable that adjust_link could occur during resume when WoL is enabled so use the phydev->lock synchronizer in bcmgenet_mii_config() to be sure. Fixes: afe3f907d20f ("net: bcmgenet: power on MII block for all MII modes") Cc: stable(a)vger.kernel.org Signed-off-by: Doug Berger <opendmb(a)gmail.com> Acked-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/ethernet/broadcom/genet/bcmmii.c b/drivers/net/ethernet/broadcom/genet/bcmmii.c index 9ada89355747..86a4aa72b3d4 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmmii.c +++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c @@ -2,7 +2,7 @@ /* * Broadcom GENET MDIO routines * - * Copyright (c) 2014-2017 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #include <linux/acpi.h> @@ -275,6 +275,7 @@ int bcmgenet_mii_config(struct net_device *dev, bool init) * block for the interface to work, unconditionally clear the * Out-of-band disable since we do not need it. */ + mutex_lock(&phydev->lock); reg = bcmgenet_ext_readl(priv, EXT_RGMII_OOB_CTRL); reg &= ~OOB_DISABLE; if (priv->ext_phy) { @@ -286,6 +287,7 @@ int bcmgenet_mii_config(struct net_device *dev, bool init) reg |= RGMII_MODE_EN; } bcmgenet_ext_writel(priv, reg, EXT_RGMII_OOB_CTRL); + mutex_unlock(&phydev->lock); if (init) dev_info(kdev, "configuring instance for %s\n", phy_name);

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] xtensa: fix MAKE_PC_FROM_RA second argument" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 0e60f0b75884677fb9f4f2ad40d52b43451564d5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051320-justifier-trusting-bb69@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 0e60f0b75884 ("xtensa: fix MAKE_PC_FROM_RA second argument") 1b6ceeb99ee0 ("xtensa: stacktrace: include <asm/ftrace.h> for prototype") 11e969bc964a ("xtensa: support coprocessors on SMP") e45d4bfbeb26 ("xtensa: merge SAVE_CP_REGS_TAB and LOAD_CP_REGS_TAB") 0b549f813387 ("xtensa: handle coprocessor exceptions in kernel mode") 6179ef4d460a ("xtensa: use callx0 opcode in fast_coprocessor") 3e554d47dfe3 ("xtensa: clean up declarations in coprocessor.h") fc55402b8438 ("xtensa: clean up exception handler prototypes") db0d07fa192a ("xtensa: clean up function declarations in traps.c") 839769c35477 ("xtensa: fix a7 clobbering in coprocessor context load/store") 967747bbc084 ("uaccess: remove CONFIG_SET_FS") 12700c17fc28 ("uaccess: generalize access_ok()") 52fe8d125c9a ("arm64: simplify access_ok()") 26509034bef1 ("m68k: fix access_ok for coldfire") 15f3d81a8c8a ("MIPS: use simpler access_ok()") 34737e269803 ("uaccess: add generic __{get,put}_kernel_nofault") 1830a1d6a5b7 ("x86: use more conventional access_ok() definition") 36903abedfe8 ("x86: remove __range_not_ok()") 8afafbc955ba ("sparc64: add __{get,put}_kernel_nofault()") 222ca305c9fd ("uaccess: fix integer overflow on access_ok()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0e60f0b75884677fb9f4f2ad40d52b43451564d5 Mon Sep 17 00:00:00 2001 From: Max Filippov <jcmvbkbc(a)gmail.com> Date: Sat, 17 Feb 2024 05:15:42 -0800 Subject: [PATCH] xtensa: fix MAKE_PC_FROM_RA second argument Xtensa has two-argument MAKE_PC_FROM_RA macro to convert a0 to an actual return address because when windowed ABI is used call{,x}{4,8,12} opcodes stuff encoded window size into the top 2 bits of the register that becomes a return address in the called function. Second argument of that macro is supposed to be an address having these 2 topmost bits set correctly, but the comment suggested that that could be the stack address. However the stack doesn't have to be in the same 1GByte region as the code, especially in noMMU XIP configurations. Fix the comment and use either _text or regs->pc as the second argument for the MAKE_PC_FROM_RA macro. Cc: stable(a)vger.kernel.org Signed-off-by: Max Filippov <jcmvbkbc(a)gmail.com> diff --git a/arch/xtensa/include/asm/processor.h b/arch/xtensa/include/asm/processor.h index d008a153a2b9..7ed1a2085bd7 100644 --- a/arch/xtensa/include/asm/processor.h +++ b/arch/xtensa/include/asm/processor.h @@ -115,9 +115,9 @@ #define MAKE_RA_FOR_CALL(ra,ws) (((ra) & 0x3fffffff) | (ws) << 30) /* Convert return address to a valid pc - * Note: We assume that the stack pointer is in the same 1GB ranges as the ra + * Note: 'text' is the address within the same 1GB range as the ra */ -#define MAKE_PC_FROM_RA(ra,sp) (((ra) & 0x3fffffff) | ((sp) & 0xc0000000)) +#define MAKE_PC_FROM_RA(ra, text) (((ra) & 0x3fffffff) | ((unsigned long)(text) & 0xc0000000)) #elif defined(__XTENSA_CALL0_ABI__) @@ -127,9 +127,9 @@ #define MAKE_RA_FOR_CALL(ra, ws) (ra) /* Convert return address to a valid pc - * Note: We assume that the stack pointer is in the same 1GB ranges as the ra + * Note: 'text' is not used as 'ra' is always the full address */ -#define MAKE_PC_FROM_RA(ra, sp) (ra) +#define MAKE_PC_FROM_RA(ra, text) (ra) #else #error Unsupported Xtensa ABI diff --git a/arch/xtensa/include/asm/ptrace.h b/arch/xtensa/include/asm/ptrace.h index a270467556dc..86c70117371b 100644 --- a/arch/xtensa/include/asm/ptrace.h +++ b/arch/xtensa/include/asm/ptrace.h @@ -87,7 +87,7 @@ struct pt_regs { # define user_mode(regs) (((regs)->ps & 0x00000020)!=0) # define instruction_pointer(regs) ((regs)->pc) # define return_pointer(regs) (MAKE_PC_FROM_RA((regs)->areg[0], \ - (regs)->areg[1])) + (regs)->pc)) # ifndef CONFIG_SMP # define profile_pc(regs) instruction_pointer(regs) diff --git a/arch/xtensa/kernel/process.c b/arch/xtensa/kernel/process.c index a815577d25fd..7bd66677f7b6 100644 --- a/arch/xtensa/kernel/process.c +++ b/arch/xtensa/kernel/process.c @@ -47,6 +47,7 @@ #include <asm/asm-offsets.h> #include <asm/regs.h> #include <asm/hw_breakpoint.h> +#include <asm/sections.h> #include <asm/traps.h> extern void ret_from_fork(void); @@ -380,7 +381,7 @@ unsigned long __get_wchan(struct task_struct *p) int count = 0; sp = p->thread.sp; - pc = MAKE_PC_FROM_RA(p->thread.ra, p->thread.sp); + pc = MAKE_PC_FROM_RA(p->thread.ra, _text); do { if (sp < stack_page + sizeof(struct task_struct) || @@ -392,7 +393,7 @@ unsigned long __get_wchan(struct task_struct *p) /* Stack layout: sp-4: ra, sp-3: sp' */ - pc = MAKE_PC_FROM_RA(SPILL_SLOT(sp, 0), sp); + pc = MAKE_PC_FROM_RA(SPILL_SLOT(sp, 0), _text); sp = SPILL_SLOT(sp, 1); } while (count++ < 16); return 0; diff --git a/arch/xtensa/kernel/stacktrace.c b/arch/xtensa/kernel/stacktrace.c index 831ffb648bda..ed324fdf2a2f 100644 --- a/arch/xtensa/kernel/stacktrace.c +++ b/arch/xtensa/kernel/stacktrace.c @@ -13,6 +13,7 @@ #include <linux/stacktrace.h> #include <asm/ftrace.h> +#include <asm/sections.h> #include <asm/stacktrace.h> #include <asm/traps.h> #include <linux/uaccess.h> @@ -189,7 +190,7 @@ void walk_stackframe(unsigned long *sp, if (a1 <= (unsigned long)sp) break; - frame.pc = MAKE_PC_FROM_RA(a0, a1); + frame.pc = MAKE_PC_FROM_RA(a0, _text); frame.sp = a1; if (fn(&frame, data))

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] xtensa: fix MAKE_PC_FROM_RA second argument" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 0e60f0b75884677fb9f4f2ad40d52b43451564d5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051316-outcome-surface-8a1a@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 0e60f0b75884 ("xtensa: fix MAKE_PC_FROM_RA second argument") 1b6ceeb99ee0 ("xtensa: stacktrace: include <asm/ftrace.h> for prototype") 11e969bc964a ("xtensa: support coprocessors on SMP") e45d4bfbeb26 ("xtensa: merge SAVE_CP_REGS_TAB and LOAD_CP_REGS_TAB") 0b549f813387 ("xtensa: handle coprocessor exceptions in kernel mode") 6179ef4d460a ("xtensa: use callx0 opcode in fast_coprocessor") 3e554d47dfe3 ("xtensa: clean up declarations in coprocessor.h") fc55402b8438 ("xtensa: clean up exception handler prototypes") db0d07fa192a ("xtensa: clean up function declarations in traps.c") 839769c35477 ("xtensa: fix a7 clobbering in coprocessor context load/store") 967747bbc084 ("uaccess: remove CONFIG_SET_FS") 12700c17fc28 ("uaccess: generalize access_ok()") 52fe8d125c9a ("arm64: simplify access_ok()") 26509034bef1 ("m68k: fix access_ok for coldfire") 15f3d81a8c8a ("MIPS: use simpler access_ok()") 34737e269803 ("uaccess: add generic __{get,put}_kernel_nofault") 1830a1d6a5b7 ("x86: use more conventional access_ok() definition") 36903abedfe8 ("x86: remove __range_not_ok()") 8afafbc955ba ("sparc64: add __{get,put}_kernel_nofault()") 222ca305c9fd ("uaccess: fix integer overflow on access_ok()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0e60f0b75884677fb9f4f2ad40d52b43451564d5 Mon Sep 17 00:00:00 2001 From: Max Filippov <jcmvbkbc(a)gmail.com> Date: Sat, 17 Feb 2024 05:15:42 -0800 Subject: [PATCH] xtensa: fix MAKE_PC_FROM_RA second argument Xtensa has two-argument MAKE_PC_FROM_RA macro to convert a0 to an actual return address because when windowed ABI is used call{,x}{4,8,12} opcodes stuff encoded window size into the top 2 bits of the register that becomes a return address in the called function. Second argument of that macro is supposed to be an address having these 2 topmost bits set correctly, but the comment suggested that that could be the stack address. However the stack doesn't have to be in the same 1GByte region as the code, especially in noMMU XIP configurations. Fix the comment and use either _text or regs->pc as the second argument for the MAKE_PC_FROM_RA macro. Cc: stable(a)vger.kernel.org Signed-off-by: Max Filippov <jcmvbkbc(a)gmail.com> diff --git a/arch/xtensa/include/asm/processor.h b/arch/xtensa/include/asm/processor.h index d008a153a2b9..7ed1a2085bd7 100644 --- a/arch/xtensa/include/asm/processor.h +++ b/arch/xtensa/include/asm/processor.h @@ -115,9 +115,9 @@ #define MAKE_RA_FOR_CALL(ra,ws) (((ra) & 0x3fffffff) | (ws) << 30) /* Convert return address to a valid pc - * Note: We assume that the stack pointer is in the same 1GB ranges as the ra + * Note: 'text' is the address within the same 1GB range as the ra */ -#define MAKE_PC_FROM_RA(ra,sp) (((ra) & 0x3fffffff) | ((sp) & 0xc0000000)) +#define MAKE_PC_FROM_RA(ra, text) (((ra) & 0x3fffffff) | ((unsigned long)(text) & 0xc0000000)) #elif defined(__XTENSA_CALL0_ABI__) @@ -127,9 +127,9 @@ #define MAKE_RA_FOR_CALL(ra, ws) (ra) /* Convert return address to a valid pc - * Note: We assume that the stack pointer is in the same 1GB ranges as the ra + * Note: 'text' is not used as 'ra' is always the full address */ -#define MAKE_PC_FROM_RA(ra, sp) (ra) +#define MAKE_PC_FROM_RA(ra, text) (ra) #else #error Unsupported Xtensa ABI diff --git a/arch/xtensa/include/asm/ptrace.h b/arch/xtensa/include/asm/ptrace.h index a270467556dc..86c70117371b 100644 --- a/arch/xtensa/include/asm/ptrace.h +++ b/arch/xtensa/include/asm/ptrace.h @@ -87,7 +87,7 @@ struct pt_regs { # define user_mode(regs) (((regs)->ps & 0x00000020)!=0) # define instruction_pointer(regs) ((regs)->pc) # define return_pointer(regs) (MAKE_PC_FROM_RA((regs)->areg[0], \ - (regs)->areg[1])) + (regs)->pc)) # ifndef CONFIG_SMP # define profile_pc(regs) instruction_pointer(regs) diff --git a/arch/xtensa/kernel/process.c b/arch/xtensa/kernel/process.c index a815577d25fd..7bd66677f7b6 100644 --- a/arch/xtensa/kernel/process.c +++ b/arch/xtensa/kernel/process.c @@ -47,6 +47,7 @@ #include <asm/asm-offsets.h> #include <asm/regs.h> #include <asm/hw_breakpoint.h> +#include <asm/sections.h> #include <asm/traps.h> extern void ret_from_fork(void); @@ -380,7 +381,7 @@ unsigned long __get_wchan(struct task_struct *p) int count = 0; sp = p->thread.sp; - pc = MAKE_PC_FROM_RA(p->thread.ra, p->thread.sp); + pc = MAKE_PC_FROM_RA(p->thread.ra, _text); do { if (sp < stack_page + sizeof(struct task_struct) || @@ -392,7 +393,7 @@ unsigned long __get_wchan(struct task_struct *p) /* Stack layout: sp-4: ra, sp-3: sp' */ - pc = MAKE_PC_FROM_RA(SPILL_SLOT(sp, 0), sp); + pc = MAKE_PC_FROM_RA(SPILL_SLOT(sp, 0), _text); sp = SPILL_SLOT(sp, 1); } while (count++ < 16); return 0; diff --git a/arch/xtensa/kernel/stacktrace.c b/arch/xtensa/kernel/stacktrace.c index 831ffb648bda..ed324fdf2a2f 100644 --- a/arch/xtensa/kernel/stacktrace.c +++ b/arch/xtensa/kernel/stacktrace.c @@ -13,6 +13,7 @@ #include <linux/stacktrace.h> #include <asm/ftrace.h> +#include <asm/sections.h> #include <asm/stacktrace.h> #include <asm/traps.h> #include <linux/uaccess.h> @@ -189,7 +190,7 @@ void walk_stackframe(unsigned long *sp, if (a1 <= (unsigned long)sp) break; - frame.pc = MAKE_PC_FROM_RA(a0, a1); + frame.pc = MAKE_PC_FROM_RA(a0, _text); frame.sp = a1; if (fn(&frame, data))

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] xtensa: fix MAKE_PC_FROM_RA second argument" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 0e60f0b75884677fb9f4f2ad40d52b43451564d5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051312-survival-stoic-e4d5@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 0e60f0b75884 ("xtensa: fix MAKE_PC_FROM_RA second argument") 1b6ceeb99ee0 ("xtensa: stacktrace: include <asm/ftrace.h> for prototype") 11e969bc964a ("xtensa: support coprocessors on SMP") e45d4bfbeb26 ("xtensa: merge SAVE_CP_REGS_TAB and LOAD_CP_REGS_TAB") 0b549f813387 ("xtensa: handle coprocessor exceptions in kernel mode") 6179ef4d460a ("xtensa: use callx0 opcode in fast_coprocessor") 3e554d47dfe3 ("xtensa: clean up declarations in coprocessor.h") fc55402b8438 ("xtensa: clean up exception handler prototypes") db0d07fa192a ("xtensa: clean up function declarations in traps.c") 839769c35477 ("xtensa: fix a7 clobbering in coprocessor context load/store") 967747bbc084 ("uaccess: remove CONFIG_SET_FS") 12700c17fc28 ("uaccess: generalize access_ok()") 52fe8d125c9a ("arm64: simplify access_ok()") 26509034bef1 ("m68k: fix access_ok for coldfire") 15f3d81a8c8a ("MIPS: use simpler access_ok()") 34737e269803 ("uaccess: add generic __{get,put}_kernel_nofault") 1830a1d6a5b7 ("x86: use more conventional access_ok() definition") 36903abedfe8 ("x86: remove __range_not_ok()") 8afafbc955ba ("sparc64: add __{get,put}_kernel_nofault()") 222ca305c9fd ("uaccess: fix integer overflow on access_ok()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0e60f0b75884677fb9f4f2ad40d52b43451564d5 Mon Sep 17 00:00:00 2001 From: Max Filippov <jcmvbkbc(a)gmail.com> Date: Sat, 17 Feb 2024 05:15:42 -0800 Subject: [PATCH] xtensa: fix MAKE_PC_FROM_RA second argument Xtensa has two-argument MAKE_PC_FROM_RA macro to convert a0 to an actual return address because when windowed ABI is used call{,x}{4,8,12} opcodes stuff encoded window size into the top 2 bits of the register that becomes a return address in the called function. Second argument of that macro is supposed to be an address having these 2 topmost bits set correctly, but the comment suggested that that could be the stack address. However the stack doesn't have to be in the same 1GByte region as the code, especially in noMMU XIP configurations. Fix the comment and use either _text or regs->pc as the second argument for the MAKE_PC_FROM_RA macro. Cc: stable(a)vger.kernel.org Signed-off-by: Max Filippov <jcmvbkbc(a)gmail.com> diff --git a/arch/xtensa/include/asm/processor.h b/arch/xtensa/include/asm/processor.h index d008a153a2b9..7ed1a2085bd7 100644 --- a/arch/xtensa/include/asm/processor.h +++ b/arch/xtensa/include/asm/processor.h @@ -115,9 +115,9 @@ #define MAKE_RA_FOR_CALL(ra,ws) (((ra) & 0x3fffffff) | (ws) << 30) /* Convert return address to a valid pc - * Note: We assume that the stack pointer is in the same 1GB ranges as the ra + * Note: 'text' is the address within the same 1GB range as the ra */ -#define MAKE_PC_FROM_RA(ra,sp) (((ra) & 0x3fffffff) | ((sp) & 0xc0000000)) +#define MAKE_PC_FROM_RA(ra, text) (((ra) & 0x3fffffff) | ((unsigned long)(text) & 0xc0000000)) #elif defined(__XTENSA_CALL0_ABI__) @@ -127,9 +127,9 @@ #define MAKE_RA_FOR_CALL(ra, ws) (ra) /* Convert return address to a valid pc - * Note: We assume that the stack pointer is in the same 1GB ranges as the ra + * Note: 'text' is not used as 'ra' is always the full address */ -#define MAKE_PC_FROM_RA(ra, sp) (ra) +#define MAKE_PC_FROM_RA(ra, text) (ra) #else #error Unsupported Xtensa ABI diff --git a/arch/xtensa/include/asm/ptrace.h b/arch/xtensa/include/asm/ptrace.h index a270467556dc..86c70117371b 100644 --- a/arch/xtensa/include/asm/ptrace.h +++ b/arch/xtensa/include/asm/ptrace.h @@ -87,7 +87,7 @@ struct pt_regs { # define user_mode(regs) (((regs)->ps & 0x00000020)!=0) # define instruction_pointer(regs) ((regs)->pc) # define return_pointer(regs) (MAKE_PC_FROM_RA((regs)->areg[0], \ - (regs)->areg[1])) + (regs)->pc)) # ifndef CONFIG_SMP # define profile_pc(regs) instruction_pointer(regs) diff --git a/arch/xtensa/kernel/process.c b/arch/xtensa/kernel/process.c index a815577d25fd..7bd66677f7b6 100644 --- a/arch/xtensa/kernel/process.c +++ b/arch/xtensa/kernel/process.c @@ -47,6 +47,7 @@ #include <asm/asm-offsets.h> #include <asm/regs.h> #include <asm/hw_breakpoint.h> +#include <asm/sections.h> #include <asm/traps.h> extern void ret_from_fork(void); @@ -380,7 +381,7 @@ unsigned long __get_wchan(struct task_struct *p) int count = 0; sp = p->thread.sp; - pc = MAKE_PC_FROM_RA(p->thread.ra, p->thread.sp); + pc = MAKE_PC_FROM_RA(p->thread.ra, _text); do { if (sp < stack_page + sizeof(struct task_struct) || @@ -392,7 +393,7 @@ unsigned long __get_wchan(struct task_struct *p) /* Stack layout: sp-4: ra, sp-3: sp' */ - pc = MAKE_PC_FROM_RA(SPILL_SLOT(sp, 0), sp); + pc = MAKE_PC_FROM_RA(SPILL_SLOT(sp, 0), _text); sp = SPILL_SLOT(sp, 1); } while (count++ < 16); return 0; diff --git a/arch/xtensa/kernel/stacktrace.c b/arch/xtensa/kernel/stacktrace.c index 831ffb648bda..ed324fdf2a2f 100644 --- a/arch/xtensa/kernel/stacktrace.c +++ b/arch/xtensa/kernel/stacktrace.c @@ -13,6 +13,7 @@ #include <linux/stacktrace.h> #include <asm/ftrace.h> +#include <asm/sections.h> #include <asm/stacktrace.h> #include <asm/traps.h> #include <linux/uaccess.h> @@ -189,7 +190,7 @@ void walk_stackframe(unsigned long *sp, if (a1 <= (unsigned long)sp) break; - frame.pc = MAKE_PC_FROM_RA(a0, a1); + frame.pc = MAKE_PC_FROM_RA(a0, _text); frame.sp = a1; if (fn(&frame, data))

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] xtensa: fix MAKE_PC_FROM_RA second argument" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 0e60f0b75884677fb9f4f2ad40d52b43451564d5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051308-hasty-underwent-c742@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 0e60f0b75884 ("xtensa: fix MAKE_PC_FROM_RA second argument") 1b6ceeb99ee0 ("xtensa: stacktrace: include <asm/ftrace.h> for prototype") 11e969bc964a ("xtensa: support coprocessors on SMP") e45d4bfbeb26 ("xtensa: merge SAVE_CP_REGS_TAB and LOAD_CP_REGS_TAB") 0b549f813387 ("xtensa: handle coprocessor exceptions in kernel mode") 6179ef4d460a ("xtensa: use callx0 opcode in fast_coprocessor") 3e554d47dfe3 ("xtensa: clean up declarations in coprocessor.h") fc55402b8438 ("xtensa: clean up exception handler prototypes") db0d07fa192a ("xtensa: clean up function declarations in traps.c") 839769c35477 ("xtensa: fix a7 clobbering in coprocessor context load/store") 967747bbc084 ("uaccess: remove CONFIG_SET_FS") 12700c17fc28 ("uaccess: generalize access_ok()") 52fe8d125c9a ("arm64: simplify access_ok()") 26509034bef1 ("m68k: fix access_ok for coldfire") 15f3d81a8c8a ("MIPS: use simpler access_ok()") 34737e269803 ("uaccess: add generic __{get,put}_kernel_nofault") 1830a1d6a5b7 ("x86: use more conventional access_ok() definition") 36903abedfe8 ("x86: remove __range_not_ok()") 8afafbc955ba ("sparc64: add __{get,put}_kernel_nofault()") 222ca305c9fd ("uaccess: fix integer overflow on access_ok()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0e60f0b75884677fb9f4f2ad40d52b43451564d5 Mon Sep 17 00:00:00 2001 From: Max Filippov <jcmvbkbc(a)gmail.com> Date: Sat, 17 Feb 2024 05:15:42 -0800 Subject: [PATCH] xtensa: fix MAKE_PC_FROM_RA second argument Xtensa has two-argument MAKE_PC_FROM_RA macro to convert a0 to an actual return address because when windowed ABI is used call{,x}{4,8,12} opcodes stuff encoded window size into the top 2 bits of the register that becomes a return address in the called function. Second argument of that macro is supposed to be an address having these 2 topmost bits set correctly, but the comment suggested that that could be the stack address. However the stack doesn't have to be in the same 1GByte region as the code, especially in noMMU XIP configurations. Fix the comment and use either _text or regs->pc as the second argument for the MAKE_PC_FROM_RA macro. Cc: stable(a)vger.kernel.org Signed-off-by: Max Filippov <jcmvbkbc(a)gmail.com> diff --git a/arch/xtensa/include/asm/processor.h b/arch/xtensa/include/asm/processor.h index d008a153a2b9..7ed1a2085bd7 100644 --- a/arch/xtensa/include/asm/processor.h +++ b/arch/xtensa/include/asm/processor.h @@ -115,9 +115,9 @@ #define MAKE_RA_FOR_CALL(ra,ws) (((ra) & 0x3fffffff) | (ws) << 30) /* Convert return address to a valid pc - * Note: We assume that the stack pointer is in the same 1GB ranges as the ra + * Note: 'text' is the address within the same 1GB range as the ra */ -#define MAKE_PC_FROM_RA(ra,sp) (((ra) & 0x3fffffff) | ((sp) & 0xc0000000)) +#define MAKE_PC_FROM_RA(ra, text) (((ra) & 0x3fffffff) | ((unsigned long)(text) & 0xc0000000)) #elif defined(__XTENSA_CALL0_ABI__) @@ -127,9 +127,9 @@ #define MAKE_RA_FOR_CALL(ra, ws) (ra) /* Convert return address to a valid pc - * Note: We assume that the stack pointer is in the same 1GB ranges as the ra + * Note: 'text' is not used as 'ra' is always the full address */ -#define MAKE_PC_FROM_RA(ra, sp) (ra) +#define MAKE_PC_FROM_RA(ra, text) (ra) #else #error Unsupported Xtensa ABI diff --git a/arch/xtensa/include/asm/ptrace.h b/arch/xtensa/include/asm/ptrace.h index a270467556dc..86c70117371b 100644 --- a/arch/xtensa/include/asm/ptrace.h +++ b/arch/xtensa/include/asm/ptrace.h @@ -87,7 +87,7 @@ struct pt_regs { # define user_mode(regs) (((regs)->ps & 0x00000020)!=0) # define instruction_pointer(regs) ((regs)->pc) # define return_pointer(regs) (MAKE_PC_FROM_RA((regs)->areg[0], \ - (regs)->areg[1])) + (regs)->pc)) # ifndef CONFIG_SMP # define profile_pc(regs) instruction_pointer(regs) diff --git a/arch/xtensa/kernel/process.c b/arch/xtensa/kernel/process.c index a815577d25fd..7bd66677f7b6 100644 --- a/arch/xtensa/kernel/process.c +++ b/arch/xtensa/kernel/process.c @@ -47,6 +47,7 @@ #include <asm/asm-offsets.h> #include <asm/regs.h> #include <asm/hw_breakpoint.h> +#include <asm/sections.h> #include <asm/traps.h> extern void ret_from_fork(void); @@ -380,7 +381,7 @@ unsigned long __get_wchan(struct task_struct *p) int count = 0; sp = p->thread.sp; - pc = MAKE_PC_FROM_RA(p->thread.ra, p->thread.sp); + pc = MAKE_PC_FROM_RA(p->thread.ra, _text); do { if (sp < stack_page + sizeof(struct task_struct) || @@ -392,7 +393,7 @@ unsigned long __get_wchan(struct task_struct *p) /* Stack layout: sp-4: ra, sp-3: sp' */ - pc = MAKE_PC_FROM_RA(SPILL_SLOT(sp, 0), sp); + pc = MAKE_PC_FROM_RA(SPILL_SLOT(sp, 0), _text); sp = SPILL_SLOT(sp, 1); } while (count++ < 16); return 0; diff --git a/arch/xtensa/kernel/stacktrace.c b/arch/xtensa/kernel/stacktrace.c index 831ffb648bda..ed324fdf2a2f 100644 --- a/arch/xtensa/kernel/stacktrace.c +++ b/arch/xtensa/kernel/stacktrace.c @@ -13,6 +13,7 @@ #include <linux/stacktrace.h> #include <asm/ftrace.h> +#include <asm/sections.h> #include <asm/stacktrace.h> #include <asm/traps.h> #include <linux/uaccess.h> @@ -189,7 +190,7 @@ void walk_stackframe(unsigned long *sp, if (a1 <= (unsigned long)sp) break; - frame.pc = MAKE_PC_FROM_RA(a0, a1); + frame.pc = MAKE_PC_FROM_RA(a0, _text); frame.sp = a1; if (fn(&frame, data))

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] xtensa: fix MAKE_PC_FROM_RA second argument" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 0e60f0b75884677fb9f4f2ad40d52b43451564d5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051305-harsh-aids-02ab@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 0e60f0b75884 ("xtensa: fix MAKE_PC_FROM_RA second argument") 1b6ceeb99ee0 ("xtensa: stacktrace: include <asm/ftrace.h> for prototype") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0e60f0b75884677fb9f4f2ad40d52b43451564d5 Mon Sep 17 00:00:00 2001 From: Max Filippov <jcmvbkbc(a)gmail.com> Date: Sat, 17 Feb 2024 05:15:42 -0800 Subject: [PATCH] xtensa: fix MAKE_PC_FROM_RA second argument Xtensa has two-argument MAKE_PC_FROM_RA macro to convert a0 to an actual return address because when windowed ABI is used call{,x}{4,8,12} opcodes stuff encoded window size into the top 2 bits of the register that becomes a return address in the called function. Second argument of that macro is supposed to be an address having these 2 topmost bits set correctly, but the comment suggested that that could be the stack address. However the stack doesn't have to be in the same 1GByte region as the code, especially in noMMU XIP configurations. Fix the comment and use either _text or regs->pc as the second argument for the MAKE_PC_FROM_RA macro. Cc: stable(a)vger.kernel.org Signed-off-by: Max Filippov <jcmvbkbc(a)gmail.com> diff --git a/arch/xtensa/include/asm/processor.h b/arch/xtensa/include/asm/processor.h index d008a153a2b9..7ed1a2085bd7 100644 --- a/arch/xtensa/include/asm/processor.h +++ b/arch/xtensa/include/asm/processor.h @@ -115,9 +115,9 @@ #define MAKE_RA_FOR_CALL(ra,ws) (((ra) & 0x3fffffff) | (ws) << 30) /* Convert return address to a valid pc - * Note: We assume that the stack pointer is in the same 1GB ranges as the ra + * Note: 'text' is the address within the same 1GB range as the ra */ -#define MAKE_PC_FROM_RA(ra,sp) (((ra) & 0x3fffffff) | ((sp) & 0xc0000000)) +#define MAKE_PC_FROM_RA(ra, text) (((ra) & 0x3fffffff) | ((unsigned long)(text) & 0xc0000000)) #elif defined(__XTENSA_CALL0_ABI__) @@ -127,9 +127,9 @@ #define MAKE_RA_FOR_CALL(ra, ws) (ra) /* Convert return address to a valid pc - * Note: We assume that the stack pointer is in the same 1GB ranges as the ra + * Note: 'text' is not used as 'ra' is always the full address */ -#define MAKE_PC_FROM_RA(ra, sp) (ra) +#define MAKE_PC_FROM_RA(ra, text) (ra) #else #error Unsupported Xtensa ABI diff --git a/arch/xtensa/include/asm/ptrace.h b/arch/xtensa/include/asm/ptrace.h index a270467556dc..86c70117371b 100644 --- a/arch/xtensa/include/asm/ptrace.h +++ b/arch/xtensa/include/asm/ptrace.h @@ -87,7 +87,7 @@ struct pt_regs { # define user_mode(regs) (((regs)->ps & 0x00000020)!=0) # define instruction_pointer(regs) ((regs)->pc) # define return_pointer(regs) (MAKE_PC_FROM_RA((regs)->areg[0], \ - (regs)->areg[1])) + (regs)->pc)) # ifndef CONFIG_SMP # define profile_pc(regs) instruction_pointer(regs) diff --git a/arch/xtensa/kernel/process.c b/arch/xtensa/kernel/process.c index a815577d25fd..7bd66677f7b6 100644 --- a/arch/xtensa/kernel/process.c +++ b/arch/xtensa/kernel/process.c @@ -47,6 +47,7 @@ #include <asm/asm-offsets.h> #include <asm/regs.h> #include <asm/hw_breakpoint.h> +#include <asm/sections.h> #include <asm/traps.h> extern void ret_from_fork(void); @@ -380,7 +381,7 @@ unsigned long __get_wchan(struct task_struct *p) int count = 0; sp = p->thread.sp; - pc = MAKE_PC_FROM_RA(p->thread.ra, p->thread.sp); + pc = MAKE_PC_FROM_RA(p->thread.ra, _text); do { if (sp < stack_page + sizeof(struct task_struct) || @@ -392,7 +393,7 @@ unsigned long __get_wchan(struct task_struct *p) /* Stack layout: sp-4: ra, sp-3: sp' */ - pc = MAKE_PC_FROM_RA(SPILL_SLOT(sp, 0), sp); + pc = MAKE_PC_FROM_RA(SPILL_SLOT(sp, 0), _text); sp = SPILL_SLOT(sp, 1); } while (count++ < 16); return 0; diff --git a/arch/xtensa/kernel/stacktrace.c b/arch/xtensa/kernel/stacktrace.c index 831ffb648bda..ed324fdf2a2f 100644 --- a/arch/xtensa/kernel/stacktrace.c +++ b/arch/xtensa/kernel/stacktrace.c @@ -13,6 +13,7 @@ #include <linux/stacktrace.h> #include <asm/ftrace.h> +#include <asm/sections.h> #include <asm/stacktrace.h> #include <asm/traps.h> #include <linux/uaccess.h> @@ -189,7 +190,7 @@ void walk_stackframe(unsigned long *sp, if (a1 <= (unsigned long)sp) break; - frame.pc = MAKE_PC_FROM_RA(a0, a1); + frame.pc = MAKE_PC_FROM_RA(a0, _text); frame.sp = a1; if (fn(&frame, data))

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] KVM: arm64: vgic-v2: Check for non-NULL vCPU in" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 6ddb4f372fc63210034b903d96ebbeb3c7195adb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051335-grief-hull-2989@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 6ddb4f372fc6 ("KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()") 4e7728c81a54 ("KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6ddb4f372fc63210034b903d96ebbeb3c7195adb Mon Sep 17 00:00:00 2001 From: Oliver Upton <oliver.upton(a)linux.dev> Date: Wed, 24 Apr 2024 17:39:58 +0000 Subject: [PATCH] KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() vgic_v2_parse_attr() is responsible for finding the vCPU that matches the user-provided CPUID, which (of course) may not be valid. If the ID is invalid, kvm_get_vcpu_by_id() returns NULL, which isn't handled gracefully. Similar to the GICv3 uaccess flow, check that kvm_get_vcpu_by_id() actually returns something and fail the ioctl if not. Cc: stable(a)vger.kernel.org Fixes: 7d450e282171 ("KVM: arm/arm64: vgic-new: Add userland access to VGIC dist registers") Reported-by: Alexander Potapenko <glider(a)google.com> Tested-by: Alexander Potapenko <glider(a)google.com> Reviewed-by: Alexander Potapenko <glider(a)google.com> Reviewed-by: Marc Zyngier <maz(a)kernel.org> Link: https://lore.kernel.org/r/20240424173959.3776798-2-oliver.upton@linux.dev Signed-off-by: Oliver Upton <oliver.upton(a)linux.dev> diff --git a/arch/arm64/kvm/vgic/vgic-kvm-device.c b/arch/arm64/kvm/vgic/vgic-kvm-device.c index f48b8dab8b3d..1d26bb5b02f4 100644 --- a/arch/arm64/kvm/vgic/vgic-kvm-device.c +++ b/arch/arm64/kvm/vgic/vgic-kvm-device.c @@ -338,12 +338,12 @@ int kvm_register_vgic_device(unsigned long type) int vgic_v2_parse_attr(struct kvm_device *dev, struct kvm_device_attr *attr, struct vgic_reg_attr *reg_attr) { - int cpuid; + int cpuid = FIELD_GET(KVM_DEV_ARM_VGIC_CPUID_MASK, attr->attr); - cpuid = FIELD_GET(KVM_DEV_ARM_VGIC_CPUID_MASK, attr->attr); - - reg_attr->vcpu = kvm_get_vcpu_by_id(dev->kvm, cpuid); reg_attr->addr = attr->attr & KVM_DEV_ARM_VGIC_OFFSET_MASK; + reg_attr->vcpu = kvm_get_vcpu_by_id(dev->kvm, cpuid); + if (!reg_attr->vcpu) + return -EINVAL; return 0; }

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] KVM: arm64: vgic-v2: Check for non-NULL vCPU in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 6ddb4f372fc63210034b903d96ebbeb3c7195adb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051331-relieving-showcase-24cd@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 6ddb4f372fc6 ("KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()") 4e7728c81a54 ("KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6ddb4f372fc63210034b903d96ebbeb3c7195adb Mon Sep 17 00:00:00 2001 From: Oliver Upton <oliver.upton(a)linux.dev> Date: Wed, 24 Apr 2024 17:39:58 +0000 Subject: [PATCH] KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() vgic_v2_parse_attr() is responsible for finding the vCPU that matches the user-provided CPUID, which (of course) may not be valid. If the ID is invalid, kvm_get_vcpu_by_id() returns NULL, which isn't handled gracefully. Similar to the GICv3 uaccess flow, check that kvm_get_vcpu_by_id() actually returns something and fail the ioctl if not. Cc: stable(a)vger.kernel.org Fixes: 7d450e282171 ("KVM: arm/arm64: vgic-new: Add userland access to VGIC dist registers") Reported-by: Alexander Potapenko <glider(a)google.com> Tested-by: Alexander Potapenko <glider(a)google.com> Reviewed-by: Alexander Potapenko <glider(a)google.com> Reviewed-by: Marc Zyngier <maz(a)kernel.org> Link: https://lore.kernel.org/r/20240424173959.3776798-2-oliver.upton@linux.dev Signed-off-by: Oliver Upton <oliver.upton(a)linux.dev> diff --git a/arch/arm64/kvm/vgic/vgic-kvm-device.c b/arch/arm64/kvm/vgic/vgic-kvm-device.c index f48b8dab8b3d..1d26bb5b02f4 100644 --- a/arch/arm64/kvm/vgic/vgic-kvm-device.c +++ b/arch/arm64/kvm/vgic/vgic-kvm-device.c @@ -338,12 +338,12 @@ int kvm_register_vgic_device(unsigned long type) int vgic_v2_parse_attr(struct kvm_device *dev, struct kvm_device_attr *attr, struct vgic_reg_attr *reg_attr) { - int cpuid; + int cpuid = FIELD_GET(KVM_DEV_ARM_VGIC_CPUID_MASK, attr->attr); - cpuid = FIELD_GET(KVM_DEV_ARM_VGIC_CPUID_MASK, attr->attr); - - reg_attr->vcpu = kvm_get_vcpu_by_id(dev->kvm, cpuid); reg_attr->addr = attr->attr & KVM_DEV_ARM_VGIC_OFFSET_MASK; + reg_attr->vcpu = kvm_get_vcpu_by_id(dev->kvm, cpuid); + if (!reg_attr->vcpu) + return -EINVAL; return 0; }

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] iio: accel: mxc4005: Reset chip on probe() and resume()" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 6b8cffdc4a31e4a72f75ecd1bc13fbf0dafee390 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051323-pueblo-release-140e@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 6b8cffdc4a31 ("iio: accel: mxc4005: Reset chip on probe() and resume()") 57a1592784d6 ("iio: accel: mxc4005: Interrupt handling fixes") 4d7c16d08d24 ("iio: accel: mxc4005: allow module autoloading via OF compatible") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6b8cffdc4a31e4a72f75ecd1bc13fbf0dafee390 Mon Sep 17 00:00:00 2001 From: Hans de Goede <hdegoede(a)redhat.com> Date: Tue, 26 Mar 2024 12:37:00 +0100 Subject: [PATCH] iio: accel: mxc4005: Reset chip on probe() and resume() On some designs the chip is not properly reset when powered up at boot or after a suspend/resume cycle. Use the sw-reset feature to ensure that the chip is in a clean state after probe() / resume() and in the case of resume() restore the settings (scale, trigger-enabled). Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218578 Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Link: https://lore.kernel.org/r/20240326113700.56725-3-hdegoede@redhat.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/accel/mxc4005.c b/drivers/iio/accel/mxc4005.c index 111f4bcf24ad..63c3566a533b 100644 --- a/drivers/iio/accel/mxc4005.c +++ b/drivers/iio/accel/mxc4005.c @@ -5,6 +5,7 @@ * Copyright (c) 2014, Intel Corporation. */ +#include <linux/delay.h> #include <linux/module.h> #include <linux/i2c.h> #include <linux/iio/iio.h> @@ -36,6 +37,7 @@ #define MXC4005_REG_INT_CLR1 0x01 #define MXC4005_REG_INT_CLR1_BIT_DRDYC 0x01 +#define MXC4005_REG_INT_CLR1_SW_RST 0x10 #define MXC4005_REG_CONTROL 0x0D #define MXC4005_REG_CONTROL_MASK_FSR GENMASK(6, 5) @@ -43,6 +45,9 @@ #define MXC4005_REG_DEVICE_ID 0x0E +/* Datasheet does not specify a reset time, this is a conservative guess */ +#define MXC4005_RESET_TIME_US 2000 + enum mxc4005_axis { AXIS_X, AXIS_Y, @@ -66,6 +71,8 @@ struct mxc4005_data { s64 timestamp __aligned(8); } scan; bool trigger_enabled; + unsigned int control; + unsigned int int_mask1; }; /* @@ -349,6 +356,7 @@ static int mxc4005_set_trigger_state(struct iio_trigger *trig, return ret; } + data->int_mask1 = val; data->trigger_enabled = state; mutex_unlock(&data->mutex); @@ -384,6 +392,13 @@ static int mxc4005_chip_init(struct mxc4005_data *data) dev_dbg(data->dev, "MXC4005 chip id %02x\n", reg); + ret = regmap_write(data->regmap, MXC4005_REG_INT_CLR1, + MXC4005_REG_INT_CLR1_SW_RST); + if (ret < 0) + return dev_err_probe(data->dev, ret, "resetting chip\n"); + + fsleep(MXC4005_RESET_TIME_US); + ret = regmap_write(data->regmap, MXC4005_REG_INT_MASK0, 0); if (ret < 0) return dev_err_probe(data->dev, ret, "writing INT_MASK0\n"); @@ -479,6 +494,58 @@ static int mxc4005_probe(struct i2c_client *client) return devm_iio_device_register(&client->dev, indio_dev); } +static int mxc4005_suspend(struct device *dev) +{ + struct iio_dev *indio_dev = dev_get_drvdata(dev); + struct mxc4005_data *data = iio_priv(indio_dev); + int ret; + + /* Save control to restore it on resume */ + ret = regmap_read(data->regmap, MXC4005_REG_CONTROL, &data->control); + if (ret < 0) + dev_err(data->dev, "failed to read reg_control\n"); + + return ret; +} + +static int mxc4005_resume(struct device *dev) +{ + struct iio_dev *indio_dev = dev_get_drvdata(dev); + struct mxc4005_data *data = iio_priv(indio_dev); + int ret; + + ret = regmap_write(data->regmap, MXC4005_REG_INT_CLR1, + MXC4005_REG_INT_CLR1_SW_RST); + if (ret) { + dev_err(data->dev, "failed to reset chip: %d\n", ret); + return ret; + } + + fsleep(MXC4005_RESET_TIME_US); + + ret = regmap_write(data->regmap, MXC4005_REG_CONTROL, data->control); + if (ret) { + dev_err(data->dev, "failed to restore control register\n"); + return ret; + } + + ret = regmap_write(data->regmap, MXC4005_REG_INT_MASK0, 0); + if (ret) { + dev_err(data->dev, "failed to restore interrupt 0 mask\n"); + return ret; + } + + ret = regmap_write(data->regmap, MXC4005_REG_INT_MASK1, data->int_mask1); + if (ret) { + dev_err(data->dev, "failed to restore interrupt 1 mask\n"); + return ret; + } + + return 0; +} + +static DEFINE_SIMPLE_DEV_PM_OPS(mxc4005_pm_ops, mxc4005_suspend, mxc4005_resume); + static const struct acpi_device_id mxc4005_acpi_match[] = { {"MXC4005", 0}, {"MXC6655", 0}, @@ -506,6 +573,7 @@ static struct i2c_driver mxc4005_driver = { .name = MXC4005_DRV_NAME, .acpi_match_table = mxc4005_acpi_match, .of_match_table = mxc4005_of_match, + .pm = pm_sleep_ptr(&mxc4005_pm_ops), }, .probe = mxc4005_probe, .id_table = mxc4005_id,

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] iio: accel: mxc4005: Reset chip on probe() and resume()" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 6b8cffdc4a31e4a72f75ecd1bc13fbf0dafee390 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051321-finishing-applause-7489@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 6b8cffdc4a31 ("iio: accel: mxc4005: Reset chip on probe() and resume()") 57a1592784d6 ("iio: accel: mxc4005: Interrupt handling fixes") 4d7c16d08d24 ("iio: accel: mxc4005: allow module autoloading via OF compatible") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6b8cffdc4a31e4a72f75ecd1bc13fbf0dafee390 Mon Sep 17 00:00:00 2001 From: Hans de Goede <hdegoede(a)redhat.com> Date: Tue, 26 Mar 2024 12:37:00 +0100 Subject: [PATCH] iio: accel: mxc4005: Reset chip on probe() and resume() On some designs the chip is not properly reset when powered up at boot or after a suspend/resume cycle. Use the sw-reset feature to ensure that the chip is in a clean state after probe() / resume() and in the case of resume() restore the settings (scale, trigger-enabled). Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218578 Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Link: https://lore.kernel.org/r/20240326113700.56725-3-hdegoede@redhat.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/accel/mxc4005.c b/drivers/iio/accel/mxc4005.c index 111f4bcf24ad..63c3566a533b 100644 --- a/drivers/iio/accel/mxc4005.c +++ b/drivers/iio/accel/mxc4005.c @@ -5,6 +5,7 @@ * Copyright (c) 2014, Intel Corporation. */ +#include <linux/delay.h> #include <linux/module.h> #include <linux/i2c.h> #include <linux/iio/iio.h> @@ -36,6 +37,7 @@ #define MXC4005_REG_INT_CLR1 0x01 #define MXC4005_REG_INT_CLR1_BIT_DRDYC 0x01 +#define MXC4005_REG_INT_CLR1_SW_RST 0x10 #define MXC4005_REG_CONTROL 0x0D #define MXC4005_REG_CONTROL_MASK_FSR GENMASK(6, 5) @@ -43,6 +45,9 @@ #define MXC4005_REG_DEVICE_ID 0x0E +/* Datasheet does not specify a reset time, this is a conservative guess */ +#define MXC4005_RESET_TIME_US 2000 + enum mxc4005_axis { AXIS_X, AXIS_Y, @@ -66,6 +71,8 @@ struct mxc4005_data { s64 timestamp __aligned(8); } scan; bool trigger_enabled; + unsigned int control; + unsigned int int_mask1; }; /* @@ -349,6 +356,7 @@ static int mxc4005_set_trigger_state(struct iio_trigger *trig, return ret; } + data->int_mask1 = val; data->trigger_enabled = state; mutex_unlock(&data->mutex); @@ -384,6 +392,13 @@ static int mxc4005_chip_init(struct mxc4005_data *data) dev_dbg(data->dev, "MXC4005 chip id %02x\n", reg); + ret = regmap_write(data->regmap, MXC4005_REG_INT_CLR1, + MXC4005_REG_INT_CLR1_SW_RST); + if (ret < 0) + return dev_err_probe(data->dev, ret, "resetting chip\n"); + + fsleep(MXC4005_RESET_TIME_US); + ret = regmap_write(data->regmap, MXC4005_REG_INT_MASK0, 0); if (ret < 0) return dev_err_probe(data->dev, ret, "writing INT_MASK0\n"); @@ -479,6 +494,58 @@ static int mxc4005_probe(struct i2c_client *client) return devm_iio_device_register(&client->dev, indio_dev); } +static int mxc4005_suspend(struct device *dev) +{ + struct iio_dev *indio_dev = dev_get_drvdata(dev); + struct mxc4005_data *data = iio_priv(indio_dev); + int ret; + + /* Save control to restore it on resume */ + ret = regmap_read(data->regmap, MXC4005_REG_CONTROL, &data->control); + if (ret < 0) + dev_err(data->dev, "failed to read reg_control\n"); + + return ret; +} + +static int mxc4005_resume(struct device *dev) +{ + struct iio_dev *indio_dev = dev_get_drvdata(dev); + struct mxc4005_data *data = iio_priv(indio_dev); + int ret; + + ret = regmap_write(data->regmap, MXC4005_REG_INT_CLR1, + MXC4005_REG_INT_CLR1_SW_RST); + if (ret) { + dev_err(data->dev, "failed to reset chip: %d\n", ret); + return ret; + } + + fsleep(MXC4005_RESET_TIME_US); + + ret = regmap_write(data->regmap, MXC4005_REG_CONTROL, data->control); + if (ret) { + dev_err(data->dev, "failed to restore control register\n"); + return ret; + } + + ret = regmap_write(data->regmap, MXC4005_REG_INT_MASK0, 0); + if (ret) { + dev_err(data->dev, "failed to restore interrupt 0 mask\n"); + return ret; + } + + ret = regmap_write(data->regmap, MXC4005_REG_INT_MASK1, data->int_mask1); + if (ret) { + dev_err(data->dev, "failed to restore interrupt 1 mask\n"); + return ret; + } + + return 0; +} + +static DEFINE_SIMPLE_DEV_PM_OPS(mxc4005_pm_ops, mxc4005_suspend, mxc4005_resume); + static const struct acpi_device_id mxc4005_acpi_match[] = { {"MXC4005", 0}, {"MXC6655", 0}, @@ -506,6 +573,7 @@ static struct i2c_driver mxc4005_driver = { .name = MXC4005_DRV_NAME, .acpi_match_table = mxc4005_acpi_match, .of_match_table = mxc4005_of_match, + .pm = pm_sleep_ptr(&mxc4005_pm_ops), }, .probe = mxc4005_probe, .id_table = mxc4005_id,

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] iio: accel: mxc4005: Reset chip on probe() and resume()" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 6b8cffdc4a31e4a72f75ecd1bc13fbf0dafee390 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051322-alabaster-reliably-95ba@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 6b8cffdc4a31 ("iio: accel: mxc4005: Reset chip on probe() and resume()") 57a1592784d6 ("iio: accel: mxc4005: Interrupt handling fixes") 4d7c16d08d24 ("iio: accel: mxc4005: allow module autoloading via OF compatible") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6b8cffdc4a31e4a72f75ecd1bc13fbf0dafee390 Mon Sep 17 00:00:00 2001 From: Hans de Goede <hdegoede(a)redhat.com> Date: Tue, 26 Mar 2024 12:37:00 +0100 Subject: [PATCH] iio: accel: mxc4005: Reset chip on probe() and resume() On some designs the chip is not properly reset when powered up at boot or after a suspend/resume cycle. Use the sw-reset feature to ensure that the chip is in a clean state after probe() / resume() and in the case of resume() restore the settings (scale, trigger-enabled). Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218578 Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Link: https://lore.kernel.org/r/20240326113700.56725-3-hdegoede@redhat.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/accel/mxc4005.c b/drivers/iio/accel/mxc4005.c index 111f4bcf24ad..63c3566a533b 100644 --- a/drivers/iio/accel/mxc4005.c +++ b/drivers/iio/accel/mxc4005.c @@ -5,6 +5,7 @@ * Copyright (c) 2014, Intel Corporation. */ +#include <linux/delay.h> #include <linux/module.h> #include <linux/i2c.h> #include <linux/iio/iio.h> @@ -36,6 +37,7 @@ #define MXC4005_REG_INT_CLR1 0x01 #define MXC4005_REG_INT_CLR1_BIT_DRDYC 0x01 +#define MXC4005_REG_INT_CLR1_SW_RST 0x10 #define MXC4005_REG_CONTROL 0x0D #define MXC4005_REG_CONTROL_MASK_FSR GENMASK(6, 5) @@ -43,6 +45,9 @@ #define MXC4005_REG_DEVICE_ID 0x0E +/* Datasheet does not specify a reset time, this is a conservative guess */ +#define MXC4005_RESET_TIME_US 2000 + enum mxc4005_axis { AXIS_X, AXIS_Y, @@ -66,6 +71,8 @@ struct mxc4005_data { s64 timestamp __aligned(8); } scan; bool trigger_enabled; + unsigned int control; + unsigned int int_mask1; }; /* @@ -349,6 +356,7 @@ static int mxc4005_set_trigger_state(struct iio_trigger *trig, return ret; } + data->int_mask1 = val; data->trigger_enabled = state; mutex_unlock(&data->mutex); @@ -384,6 +392,13 @@ static int mxc4005_chip_init(struct mxc4005_data *data) dev_dbg(data->dev, "MXC4005 chip id %02x\n", reg); + ret = regmap_write(data->regmap, MXC4005_REG_INT_CLR1, + MXC4005_REG_INT_CLR1_SW_RST); + if (ret < 0) + return dev_err_probe(data->dev, ret, "resetting chip\n"); + + fsleep(MXC4005_RESET_TIME_US); + ret = regmap_write(data->regmap, MXC4005_REG_INT_MASK0, 0); if (ret < 0) return dev_err_probe(data->dev, ret, "writing INT_MASK0\n"); @@ -479,6 +494,58 @@ static int mxc4005_probe(struct i2c_client *client) return devm_iio_device_register(&client->dev, indio_dev); } +static int mxc4005_suspend(struct device *dev) +{ + struct iio_dev *indio_dev = dev_get_drvdata(dev); + struct mxc4005_data *data = iio_priv(indio_dev); + int ret; + + /* Save control to restore it on resume */ + ret = regmap_read(data->regmap, MXC4005_REG_CONTROL, &data->control); + if (ret < 0) + dev_err(data->dev, "failed to read reg_control\n"); + + return ret; +} + +static int mxc4005_resume(struct device *dev) +{ + struct iio_dev *indio_dev = dev_get_drvdata(dev); + struct mxc4005_data *data = iio_priv(indio_dev); + int ret; + + ret = regmap_write(data->regmap, MXC4005_REG_INT_CLR1, + MXC4005_REG_INT_CLR1_SW_RST); + if (ret) { + dev_err(data->dev, "failed to reset chip: %d\n", ret); + return ret; + } + + fsleep(MXC4005_RESET_TIME_US); + + ret = regmap_write(data->regmap, MXC4005_REG_CONTROL, data->control); + if (ret) { + dev_err(data->dev, "failed to restore control register\n"); + return ret; + } + + ret = regmap_write(data->regmap, MXC4005_REG_INT_MASK0, 0); + if (ret) { + dev_err(data->dev, "failed to restore interrupt 0 mask\n"); + return ret; + } + + ret = regmap_write(data->regmap, MXC4005_REG_INT_MASK1, data->int_mask1); + if (ret) { + dev_err(data->dev, "failed to restore interrupt 1 mask\n"); + return ret; + } + + return 0; +} + +static DEFINE_SIMPLE_DEV_PM_OPS(mxc4005_pm_ops, mxc4005_suspend, mxc4005_resume); + static const struct acpi_device_id mxc4005_acpi_match[] = { {"MXC4005", 0}, {"MXC6655", 0}, @@ -506,6 +573,7 @@ static struct i2c_driver mxc4005_driver = { .name = MXC4005_DRV_NAME, .acpi_match_table = mxc4005_acpi_match, .of_match_table = mxc4005_of_match, + .pm = pm_sleep_ptr(&mxc4005_pm_ops), }, .probe = mxc4005_probe, .id_table = mxc4005_id,

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] iio: accel: mxc4005: Reset chip on probe() and resume()" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 6b8cffdc4a31e4a72f75ecd1bc13fbf0dafee390 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051321-hurdle-ferret-9066@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 6b8cffdc4a31 ("iio: accel: mxc4005: Reset chip on probe() and resume()") 57a1592784d6 ("iio: accel: mxc4005: Interrupt handling fixes") 4d7c16d08d24 ("iio: accel: mxc4005: allow module autoloading via OF compatible") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6b8cffdc4a31e4a72f75ecd1bc13fbf0dafee390 Mon Sep 17 00:00:00 2001 From: Hans de Goede <hdegoede(a)redhat.com> Date: Tue, 26 Mar 2024 12:37:00 +0100 Subject: [PATCH] iio: accel: mxc4005: Reset chip on probe() and resume() On some designs the chip is not properly reset when powered up at boot or after a suspend/resume cycle. Use the sw-reset feature to ensure that the chip is in a clean state after probe() / resume() and in the case of resume() restore the settings (scale, trigger-enabled). Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218578 Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Link: https://lore.kernel.org/r/20240326113700.56725-3-hdegoede@redhat.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/accel/mxc4005.c b/drivers/iio/accel/mxc4005.c index 111f4bcf24ad..63c3566a533b 100644 --- a/drivers/iio/accel/mxc4005.c +++ b/drivers/iio/accel/mxc4005.c @@ -5,6 +5,7 @@ * Copyright (c) 2014, Intel Corporation. */ +#include <linux/delay.h> #include <linux/module.h> #include <linux/i2c.h> #include <linux/iio/iio.h> @@ -36,6 +37,7 @@ #define MXC4005_REG_INT_CLR1 0x01 #define MXC4005_REG_INT_CLR1_BIT_DRDYC 0x01 +#define MXC4005_REG_INT_CLR1_SW_RST 0x10 #define MXC4005_REG_CONTROL 0x0D #define MXC4005_REG_CONTROL_MASK_FSR GENMASK(6, 5) @@ -43,6 +45,9 @@ #define MXC4005_REG_DEVICE_ID 0x0E +/* Datasheet does not specify a reset time, this is a conservative guess */ +#define MXC4005_RESET_TIME_US 2000 + enum mxc4005_axis { AXIS_X, AXIS_Y, @@ -66,6 +71,8 @@ struct mxc4005_data { s64 timestamp __aligned(8); } scan; bool trigger_enabled; + unsigned int control; + unsigned int int_mask1; }; /* @@ -349,6 +356,7 @@ static int mxc4005_set_trigger_state(struct iio_trigger *trig, return ret; } + data->int_mask1 = val; data->trigger_enabled = state; mutex_unlock(&data->mutex); @@ -384,6 +392,13 @@ static int mxc4005_chip_init(struct mxc4005_data *data) dev_dbg(data->dev, "MXC4005 chip id %02x\n", reg); + ret = regmap_write(data->regmap, MXC4005_REG_INT_CLR1, + MXC4005_REG_INT_CLR1_SW_RST); + if (ret < 0) + return dev_err_probe(data->dev, ret, "resetting chip\n"); + + fsleep(MXC4005_RESET_TIME_US); + ret = regmap_write(data->regmap, MXC4005_REG_INT_MASK0, 0); if (ret < 0) return dev_err_probe(data->dev, ret, "writing INT_MASK0\n"); @@ -479,6 +494,58 @@ static int mxc4005_probe(struct i2c_client *client) return devm_iio_device_register(&client->dev, indio_dev); } +static int mxc4005_suspend(struct device *dev) +{ + struct iio_dev *indio_dev = dev_get_drvdata(dev); + struct mxc4005_data *data = iio_priv(indio_dev); + int ret; + + /* Save control to restore it on resume */ + ret = regmap_read(data->regmap, MXC4005_REG_CONTROL, &data->control); + if (ret < 0) + dev_err(data->dev, "failed to read reg_control\n"); + + return ret; +} + +static int mxc4005_resume(struct device *dev) +{ + struct iio_dev *indio_dev = dev_get_drvdata(dev); + struct mxc4005_data *data = iio_priv(indio_dev); + int ret; + + ret = regmap_write(data->regmap, MXC4005_REG_INT_CLR1, + MXC4005_REG_INT_CLR1_SW_RST); + if (ret) { + dev_err(data->dev, "failed to reset chip: %d\n", ret); + return ret; + } + + fsleep(MXC4005_RESET_TIME_US); + + ret = regmap_write(data->regmap, MXC4005_REG_CONTROL, data->control); + if (ret) { + dev_err(data->dev, "failed to restore control register\n"); + return ret; + } + + ret = regmap_write(data->regmap, MXC4005_REG_INT_MASK0, 0); + if (ret) { + dev_err(data->dev, "failed to restore interrupt 0 mask\n"); + return ret; + } + + ret = regmap_write(data->regmap, MXC4005_REG_INT_MASK1, data->int_mask1); + if (ret) { + dev_err(data->dev, "failed to restore interrupt 1 mask\n"); + return ret; + } + + return 0; +} + +static DEFINE_SIMPLE_DEV_PM_OPS(mxc4005_pm_ops, mxc4005_suspend, mxc4005_resume); + static const struct acpi_device_id mxc4005_acpi_match[] = { {"MXC4005", 0}, {"MXC6655", 0}, @@ -506,6 +573,7 @@ static struct i2c_driver mxc4005_driver = { .name = MXC4005_DRV_NAME, .acpi_match_table = mxc4005_acpi_match, .of_match_table = mxc4005_of_match, + .pm = pm_sleep_ptr(&mxc4005_pm_ops), }, .probe = mxc4005_probe, .id_table = mxc4005_id,

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] drm/xe/vm: prevent UAF in rebind_work_func()" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x 98957360563e7ffdc0c2b3a314655eff8bc1cb5a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051321-bonehead-slang-4a7c@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: 98957360563e ("drm/xe/vm: prevent UAF in rebind_work_func()") 0eb2a18a8fad ("drm/xe: Implement VM snapshot support for BO's and userptr") be7d51c5b468 ("drm/xe: Add batch buffer addresses to devcoredump") 4376cee62092 ("drm/xe: Print more device information in devcoredump") 98fefec8c381 ("drm/xe: Change devcoredump functions parameters to xe_sched_job") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 98957360563e7ffdc0c2b3a314655eff8bc1cb5a Mon Sep 17 00:00:00 2001 From: Matthew Auld <matthew.auld(a)intel.com> Date: Tue, 23 Apr 2024 08:47:23 +0100 Subject: [PATCH] drm/xe/vm: prevent UAF in rebind_work_func() We flush the rebind worker during the vm close phase, however in places like preempt_fence_work_func() we seem to queue the rebind worker without first checking if the vm has already been closed. The concern here is the vm being closed with the worker flushed, but then being rearmed later, which looks like potential uaf, since there is no actual refcounting to track the queued worker. We can't take the vm->lock here in preempt_rebind_work_func() to first check if the vm is closed since that will deadlock, so instead flush the worker again when the vm refcount reaches zero. v2: - Grabbing vm->lock in the preempt worker creates a deadlock, so checking the closed state is tricky. Instead flush the worker when the refcount reaches zero. It should be impossible to queue the preempt worker without already holding vm ref. Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs") Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/1676 Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/1591 Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/1364 Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/1304 Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/1249 Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.8+ Reviewed-by: Matthew Brost <matthew.brost(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240423074721.119633-4-matth… (cherry picked from commit 3d44d67c441a9fe6f81a1d705f7de009a32a5b35) Signed-off-by: Lucas De Marchi <lucas.demarchi(a)intel.com> diff --git a/drivers/gpu/drm/xe/xe_vm.c b/drivers/gpu/drm/xe/xe_vm.c index 3d4c8f342e21..32cd0c978aa2 100644 --- a/drivers/gpu/drm/xe/xe_vm.c +++ b/drivers/gpu/drm/xe/xe_vm.c @@ -1606,6 +1606,9 @@ static void vm_destroy_work_func(struct work_struct *w) /* xe_vm_close_and_put was not called? */ xe_assert(xe, !vm->size); + if (xe_vm_in_preempt_fence_mode(vm)) + flush_work(&vm->preempt.rebind_work); + mutex_destroy(&vm->snap_mutex); if (!(vm->flags & XE_VM_FLAG_MIGRATION))

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] drm/xe: Use ordered WQ for G2H handler" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x c002bfe644a29ba600c571f2abba13a155a12dcd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051310-legacy-papaya-0d01@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: c002bfe644a2 ("drm/xe: Use ordered WQ for G2H handler") 7bd9c9f962eb ("drm/xe/guc: Check error code when initializing the CT mutex") 5030e16140b6 ("drm/xe/guc: Only take actions in CT irq handler if CTs are enabled") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c002bfe644a29ba600c571f2abba13a155a12dcd Mon Sep 17 00:00:00 2001 From: Matthew Brost <matthew.brost(a)intel.com> Date: Sun, 5 May 2024 20:47:58 -0700 Subject: [PATCH] drm/xe: Use ordered WQ for G2H handler System work queues are shared, use a dedicated work queue for G2H processing to avoid G2H processing getting block behind system tasks. Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs") Cc: <stable(a)vger.kernel.org> Signed-off-by: Matthew Brost <matthew.brost(a)intel.com> Reviewed-by: Francois Dugast <francois.dugast(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240506034758.3697397-1-matt… (cherry picked from commit 50aec9665e0babd62b9eee4e613d9a1ef8d2b7de) Signed-off-by: Lucas De Marchi <lucas.demarchi(a)intel.com> diff --git a/drivers/gpu/drm/xe/xe_guc_ct.c b/drivers/gpu/drm/xe/xe_guc_ct.c index c62dbd6420db..8bbfa45798e2 100644 --- a/drivers/gpu/drm/xe/xe_guc_ct.c +++ b/drivers/gpu/drm/xe/xe_guc_ct.c @@ -120,6 +120,7 @@ static void guc_ct_fini(struct drm_device *drm, void *arg) { struct xe_guc_ct *ct = arg; + destroy_workqueue(ct->g2h_wq); xa_destroy(&ct->fence_lookup); } @@ -145,6 +146,10 @@ int xe_guc_ct_init(struct xe_guc_ct *ct) xe_assert(xe, !(guc_ct_size() % PAGE_SIZE)); + ct->g2h_wq = alloc_ordered_workqueue("xe-g2h-wq", 0); + if (!ct->g2h_wq) + return -ENOMEM; + spin_lock_init(&ct->fast_lock); xa_init(&ct->fence_lookup); INIT_WORK(&ct->g2h_worker, g2h_worker_func); diff --git a/drivers/gpu/drm/xe/xe_guc_ct.h b/drivers/gpu/drm/xe/xe_guc_ct.h index 5083e099064f..105bb8e99a8d 100644 --- a/drivers/gpu/drm/xe/xe_guc_ct.h +++ b/drivers/gpu/drm/xe/xe_guc_ct.h @@ -34,7 +34,7 @@ static inline void xe_guc_ct_irq_handler(struct xe_guc_ct *ct) return; wake_up_all(&ct->wq); - queue_work(system_unbound_wq, &ct->g2h_worker); + queue_work(ct->g2h_wq, &ct->g2h_worker); xe_guc_ct_fast_path(ct); } diff --git a/drivers/gpu/drm/xe/xe_guc_ct_types.h b/drivers/gpu/drm/xe/xe_guc_ct_types.h index d29144c9f20b..fede4c6e93cb 100644 --- a/drivers/gpu/drm/xe/xe_guc_ct_types.h +++ b/drivers/gpu/drm/xe/xe_guc_ct_types.h @@ -120,6 +120,8 @@ struct xe_guc_ct { wait_queue_head_t wq; /** @g2h_fence_wq: wait queue used for G2H fencing */ wait_queue_head_t g2h_fence_wq; + /** @g2h_wq: used to process G2H */ + struct workqueue_struct *g2h_wq; /** @msg: Message buffer */ u32 msg[GUC_CTB_MSG_MAX_LEN]; /** @fast_msg: Message buffer */

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] workqueue: Fix divide error in wq_update_node_max_active()" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 91f098704c25106d88706fc9f8bcfce01fdb97df # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051331-lasso-junkie-d098@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 91f098704c25 ("workqueue: Fix divide error in wq_update_node_max_active()") 5797b1c18919 ("workqueue: Implement system-wide nr_active enforcement for unbound workqueues") 91ccc6e7233b ("workqueue: Introduce struct wq_node_nr_active") 9f66cff212bb ("workqueue: RCU protect wq->dfl_pwq and implement accessors for it") c5404d4e6df6 ("workqueue: Make wq_adjust_max_active() round-robin pwqs while activating") 1c270b79ce0b ("workqueue: Move nr_active handling into helpers") 4c6380305d21 ("workqueue: Replace pwq_activate_inactive_work() with [__]pwq_activate_work()") afa87ce85379 ("workqueue: Factor out pwq_is_empty()") a045a272d887 ("workqueue: Move pwq->max_active to wq->max_active") 31c89007285d ("workqueue.c: Increase workqueue name length") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 91f098704c25106d88706fc9f8bcfce01fdb97df Mon Sep 17 00:00:00 2001 From: Lai Jiangshan <jiangshan.ljs(a)antgroup.com> Date: Wed, 24 Apr 2024 21:51:54 +0800 Subject: [PATCH] workqueue: Fix divide error in wq_update_node_max_active() Yue Sun and xingwei lee reported a divide error bug in wq_update_node_max_active(): divide error: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 1 PID: 21 Comm: cpuhp/1 Not tainted 6.9.0-rc5 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 RIP: 0010:wq_update_node_max_active+0x369/0x6b0 kernel/workqueue.c:1605 Code: 24 bf 00 00 00 80 44 89 fe e8 83 27 33 00 41 83 fc ff 75 0d 41 81 ff 00 00 00 80 0f 84 68 01 00 00 e8 fb 22 33 00 44 89 f8 99 <41> f7 fc 89 c5 89 c7 44 89 ee e8 a8 24 33 00 89 ef 8b 5c 24 04 89 RSP: 0018:ffffc9000018fbb0 EFLAGS: 00010293 RAX: 00000000000000ff RBX: 0000000000000001 RCX: ffff888100ada500 RDX: 0000000000000000 RSI: 00000000000000ff RDI: 0000000080000000 RBP: 0000000000000001 R08: ffffffff815b1fcd R09: 1ffff1100364ad72 R10: dffffc0000000000 R11: ffffed100364ad73 R12: 0000000000000000 R13: 0000000000000100 R14: 0000000000000000 R15: 00000000000000ff FS: 0000000000000000(0000) GS:ffff888135c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fb8c06ca6f8 CR3: 000000010d6c6000 CR4: 0000000000750ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> workqueue_offline_cpu+0x56f/0x600 kernel/workqueue.c:6525 cpuhp_invoke_callback+0x4e1/0x870 kernel/cpu.c:194 cpuhp_thread_fun+0x411/0x7d0 kernel/cpu.c:1092 smpboot_thread_fn+0x544/0xa10 kernel/smpboot.c:164 kthread+0x2ed/0x390 kernel/kthread.c:388 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:244 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- After analysis, it happens when all of the CPUs in a workqueue's affinity get offine. The problem can be easily reproduced by: # echo 8 > /sys/devices/virtual/workqueue/<any-wq-name>/cpumask # echo 0 > /sys/devices/system/cpu/cpu3/online Use the default max_actives for nodes when all of the CPUs in the workqueue's affinity get offline to fix the problem. Reported-by: Yue Sun <samsun1006219(a)gmail.com> Reported-by: xingwei lee <xrivendell7(a)gmail.com> Link: https://lore.kernel.org/lkml/CAEkJfYPGS1_4JqvpSo0=FM0S1ytB8CEbyreLTtWpR900d… Fixes: 5797b1c18919 ("workqueue: Implement system-wide nr_active enforcement for unbound workqueues") Cc: stable(a)vger.kernel.org Signed-off-by: Lai Jiangshan <jiangshan.ljs(a)antgroup.com> Signed-off-by: Tejun Heo <tj(a)kernel.org> diff --git a/kernel/workqueue.c b/kernel/workqueue.c index 5f536c63a48d..d2dbe099286b 100644 --- a/kernel/workqueue.c +++ b/kernel/workqueue.c @@ -1598,6 +1598,15 @@ static void wq_update_node_max_active(struct workqueue_struct *wq, int off_cpu) if (off_cpu >= 0) total_cpus--; + /* If all CPUs of the wq get offline, use the default values */ + if (unlikely(!total_cpus)) { + for_each_node(node) + wq_node_nr_active(wq, node)->max = min_active; + + wq_node_nr_active(wq, NUMA_NO_NODE)->max = max_active; + return; + } + for_each_node(node) { int node_cpus;

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] workqueue: Fix divide error in wq_update_node_max_active()" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x 91f098704c25106d88706fc9f8bcfce01fdb97df # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051329-golf-handwoven-298c@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: 91f098704c25 ("workqueue: Fix divide error in wq_update_node_max_active()") 5797b1c18919 ("workqueue: Implement system-wide nr_active enforcement for unbound workqueues") 91ccc6e7233b ("workqueue: Introduce struct wq_node_nr_active") 9f66cff212bb ("workqueue: RCU protect wq->dfl_pwq and implement accessors for it") c5404d4e6df6 ("workqueue: Make wq_adjust_max_active() round-robin pwqs while activating") 1c270b79ce0b ("workqueue: Move nr_active handling into helpers") 4c6380305d21 ("workqueue: Replace pwq_activate_inactive_work() with [__]pwq_activate_work()") afa87ce85379 ("workqueue: Factor out pwq_is_empty()") a045a272d887 ("workqueue: Move pwq->max_active to wq->max_active") 31c89007285d ("workqueue.c: Increase workqueue name length") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 91f098704c25106d88706fc9f8bcfce01fdb97df Mon Sep 17 00:00:00 2001 From: Lai Jiangshan <jiangshan.ljs(a)antgroup.com> Date: Wed, 24 Apr 2024 21:51:54 +0800 Subject: [PATCH] workqueue: Fix divide error in wq_update_node_max_active() Yue Sun and xingwei lee reported a divide error bug in wq_update_node_max_active(): divide error: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 1 PID: 21 Comm: cpuhp/1 Not tainted 6.9.0-rc5 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 RIP: 0010:wq_update_node_max_active+0x369/0x6b0 kernel/workqueue.c:1605 Code: 24 bf 00 00 00 80 44 89 fe e8 83 27 33 00 41 83 fc ff 75 0d 41 81 ff 00 00 00 80 0f 84 68 01 00 00 e8 fb 22 33 00 44 89 f8 99 <41> f7 fc 89 c5 89 c7 44 89 ee e8 a8 24 33 00 89 ef 8b 5c 24 04 89 RSP: 0018:ffffc9000018fbb0 EFLAGS: 00010293 RAX: 00000000000000ff RBX: 0000000000000001 RCX: ffff888100ada500 RDX: 0000000000000000 RSI: 00000000000000ff RDI: 0000000080000000 RBP: 0000000000000001 R08: ffffffff815b1fcd R09: 1ffff1100364ad72 R10: dffffc0000000000 R11: ffffed100364ad73 R12: 0000000000000000 R13: 0000000000000100 R14: 0000000000000000 R15: 00000000000000ff FS: 0000000000000000(0000) GS:ffff888135c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fb8c06ca6f8 CR3: 000000010d6c6000 CR4: 0000000000750ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> workqueue_offline_cpu+0x56f/0x600 kernel/workqueue.c:6525 cpuhp_invoke_callback+0x4e1/0x870 kernel/cpu.c:194 cpuhp_thread_fun+0x411/0x7d0 kernel/cpu.c:1092 smpboot_thread_fn+0x544/0xa10 kernel/smpboot.c:164 kthread+0x2ed/0x390 kernel/kthread.c:388 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:244 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- After analysis, it happens when all of the CPUs in a workqueue's affinity get offine. The problem can be easily reproduced by: # echo 8 > /sys/devices/virtual/workqueue/<any-wq-name>/cpumask # echo 0 > /sys/devices/system/cpu/cpu3/online Use the default max_actives for nodes when all of the CPUs in the workqueue's affinity get offline to fix the problem. Reported-by: Yue Sun <samsun1006219(a)gmail.com> Reported-by: xingwei lee <xrivendell7(a)gmail.com> Link: https://lore.kernel.org/lkml/CAEkJfYPGS1_4JqvpSo0=FM0S1ytB8CEbyreLTtWpR900d… Fixes: 5797b1c18919 ("workqueue: Implement system-wide nr_active enforcement for unbound workqueues") Cc: stable(a)vger.kernel.org Signed-off-by: Lai Jiangshan <jiangshan.ljs(a)antgroup.com> Signed-off-by: Tejun Heo <tj(a)kernel.org> diff --git a/kernel/workqueue.c b/kernel/workqueue.c index 5f536c63a48d..d2dbe099286b 100644 --- a/kernel/workqueue.c +++ b/kernel/workqueue.c @@ -1598,6 +1598,15 @@ static void wq_update_node_max_active(struct workqueue_struct *wq, int off_cpu) if (off_cpu >= 0) total_cpus--; + /* If all CPUs of the wq get offline, use the default values */ + if (unlikely(!total_cpus)) { + for_each_node(node) + wq_node_nr_active(wq, node)->max = min_active; + + wq_node_nr_active(wq, NUMA_NO_NODE)->max = max_active; + return; + } + for_each_node(node) { int node_cpus;

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] mm/slab: make __free(kfree) accept error pointers" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x cd7eb8f83fcf258f71e293f7fc52a70be8ed0128 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051335-aversion-endearing-7ab9@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: cd7eb8f83fcf ("mm/slab: make __free(kfree) accept error pointers") a67d74a4b163 ("mm/slab: Add __free() support for kvfree") 54da6a092431 ("locking: Introduce __cleanup() based infrastructure") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cd7eb8f83fcf258f71e293f7fc52a70be8ed0128 Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter(a)linaro.org> Date: Sun, 28 Apr 2024 17:26:44 +0300 Subject: [PATCH] mm/slab: make __free(kfree) accept error pointers Currently, if an automatically freed allocation is an error pointer that will lead to a crash. An example of this is in wm831x_gpio_dbg_show(). 171 char *label __free(kfree) = gpiochip_dup_line_label(chip, i); 172 if (IS_ERR(label)) { 173 dev_err(wm831x->dev, "Failed to duplicate label\n"); 174 continue; 175 } The auto clean up function should check for error pointers as well, otherwise we're going to keep hitting issues like this. Fixes: 54da6a092431 ("locking: Introduce __cleanup() based infrastructure") Cc: <stable(a)vger.kernel.org> Signed-off-by: Dan Carpenter <dan.carpenter(a)linaro.org> Acked-by: David Rientjes <rientjes(a)google.com> Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> diff --git a/include/linux/slab.h b/include/linux/slab.h index e53cbfa18325..739b21262507 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h @@ -266,7 +266,7 @@ void kfree(const void *objp); void kfree_sensitive(const void *objp); size_t __ksize(const void *objp); -DEFINE_FREE(kfree, void *, if (_T) kfree(_T)) +DEFINE_FREE(kfree, void *, if (!IS_ERR_OR_NULL(_T)) kfree(_T)) /** * ksize - Report actual allocation size of associated object @@ -792,7 +792,7 @@ static inline __alloc_size(1, 2) void *kvcalloc(size_t n, size_t size, gfp_t fla extern void *kvrealloc(const void *p, size_t oldsize, size_t newsize, gfp_t flags) __realloc_size(3); extern void kvfree(const void *addr); -DEFINE_FREE(kvfree, void *, if (_T) kvfree(_T)) +DEFINE_FREE(kvfree, void *, if (!IS_ERR_OR_NULL(_T)) kvfree(_T)) extern void kvfree_sensitive(const void *addr, size_t len);

1 year, 4 months

2
1
0 0

FAILED: patch "[PATCH] btrfs: add missing mutex_unlock in" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 9af503d91298c3f2945e73703f0e00995be08c30 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051347-kerchief-drainpipe-d49b@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 9af503d91298 ("btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks()") 7411055db5ce ("btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9af503d91298c3f2945e73703f0e00995be08c30 Mon Sep 17 00:00:00 2001 From: Dominique Martinet <dominique.martinet(a)atmark-techno.com> Date: Fri, 19 Apr 2024 11:22:48 +0900 Subject: [PATCH] btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() The previous patch that replaced BUG_ON by error handling forgot to unlock the mutex in the error path. Link: https://lore.kernel.org/all/Zh%2fHpAGFqa7YAFuM@duo.ucw.cz Reported-by: Pavel Machek <pavel(a)denx.de> Fixes: 7411055db5ce ("btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()") CC: stable(a)vger.kernel.org Reviewed-by: Pavel Machek <pavel(a)denx.de> Signed-off-by: Dominique Martinet <dominique.martinet(a)atmark-techno.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c index dedec3d9b111..c72c351fe7eb 100644 --- a/fs/btrfs/volumes.c +++ b/fs/btrfs/volumes.c @@ -3419,6 +3419,7 @@ static int btrfs_relocate_sys_chunks(struct btrfs_fs_info *fs_info) * alignment and size). */ ret = -EUCLEAN; + mutex_unlock(&fs_info->reclaim_bgs_lock); goto error; }

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: add missing mutex_unlock in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 9af503d91298c3f2945e73703f0e00995be08c30 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051346-vintage-pull-0a38@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 9af503d91298 ("btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks()") 7411055db5ce ("btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9af503d91298c3f2945e73703f0e00995be08c30 Mon Sep 17 00:00:00 2001 From: Dominique Martinet <dominique.martinet(a)atmark-techno.com> Date: Fri, 19 Apr 2024 11:22:48 +0900 Subject: [PATCH] btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() The previous patch that replaced BUG_ON by error handling forgot to unlock the mutex in the error path. Link: https://lore.kernel.org/all/Zh%2fHpAGFqa7YAFuM@duo.ucw.cz Reported-by: Pavel Machek <pavel(a)denx.de> Fixes: 7411055db5ce ("btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()") CC: stable(a)vger.kernel.org Reviewed-by: Pavel Machek <pavel(a)denx.de> Signed-off-by: Dominique Martinet <dominique.martinet(a)atmark-techno.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c index dedec3d9b111..c72c351fe7eb 100644 --- a/fs/btrfs/volumes.c +++ b/fs/btrfs/volumes.c @@ -3419,6 +3419,7 @@ static int btrfs_relocate_sys_chunks(struct btrfs_fs_info *fs_info) * alignment and size). */ ret = -EUCLEAN; + mutex_unlock(&fs_info->reclaim_bgs_lock); goto error; }

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] mm/slab: make __free(kfree) accept error pointers" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x cd7eb8f83fcf258f71e293f7fc52a70be8ed0128 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051335-botch-pregame-1b8b@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: cd7eb8f83fcf ("mm/slab: make __free(kfree) accept error pointers") a67d74a4b163 ("mm/slab: Add __free() support for kvfree") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cd7eb8f83fcf258f71e293f7fc52a70be8ed0128 Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter(a)linaro.org> Date: Sun, 28 Apr 2024 17:26:44 +0300 Subject: [PATCH] mm/slab: make __free(kfree) accept error pointers Currently, if an automatically freed allocation is an error pointer that will lead to a crash. An example of this is in wm831x_gpio_dbg_show(). 171 char *label __free(kfree) = gpiochip_dup_line_label(chip, i); 172 if (IS_ERR(label)) { 173 dev_err(wm831x->dev, "Failed to duplicate label\n"); 174 continue; 175 } The auto clean up function should check for error pointers as well, otherwise we're going to keep hitting issues like this. Fixes: 54da6a092431 ("locking: Introduce __cleanup() based infrastructure") Cc: <stable(a)vger.kernel.org> Signed-off-by: Dan Carpenter <dan.carpenter(a)linaro.org> Acked-by: David Rientjes <rientjes(a)google.com> Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> diff --git a/include/linux/slab.h b/include/linux/slab.h index e53cbfa18325..739b21262507 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h @@ -266,7 +266,7 @@ void kfree(const void *objp); void kfree_sensitive(const void *objp); size_t __ksize(const void *objp); -DEFINE_FREE(kfree, void *, if (_T) kfree(_T)) +DEFINE_FREE(kfree, void *, if (!IS_ERR_OR_NULL(_T)) kfree(_T)) /** * ksize - Report actual allocation size of associated object @@ -792,7 +792,7 @@ static inline __alloc_size(1, 2) void *kvcalloc(size_t n, size_t size, gfp_t fla extern void *kvrealloc(const void *p, size_t oldsize, size_t newsize, gfp_t flags) __realloc_size(3); extern void kvfree(const void *addr); -DEFINE_FREE(kvfree, void *, if (_T) kvfree(_T)) +DEFINE_FREE(kvfree, void *, if (!IS_ERR_OR_NULL(_T)) kvfree(_T)) extern void kvfree_sensitive(const void *addr, size_t len);

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] maple_tree: fix mas_empty_area_rev() null pointer dereference" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 955a923d2809803980ff574270f81510112be9cf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051344-squeamish-runaround-c445@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 955a923d2809803980ff574270f81510112be9cf Mon Sep 17 00:00:00 2001 From: "Liam R. Howlett" <Liam.Howlett(a)oracle.com> Date: Mon, 22 Apr 2024 16:33:49 -0400 Subject: [PATCH] maple_tree: fix mas_empty_area_rev() null pointer dereference Currently the code calls mas_start() followed by mas_data_end() if the maple state is MA_START, but mas_start() may return with the maple state node == NULL. This will lead to a null pointer dereference when checking information in the NULL node, which is done in mas_data_end(). Avoid setting the offset if there is no node by waiting until after the maple state is checked for an empty or single entry state. A user could trigger the events to cause a kernel oops by unmapping all vmas to produce an empty maple tree, then mapping a vma that would cause the scenario described above. Link: https://lkml.kernel.org/r/20240422203349.2418465-1-Liam.Howlett@oracle.com Fixes: 54a611b60590 ("Maple Tree: add new data structure") Signed-off-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Reported-by: Marius Fleischer <fleischermarius(a)gmail.com> Closes: https://lore.kernel.org/lkml/CAJg=8jyuSxDL6XvqEXY_66M20psRK2J53oBTP+fjV5xpW… Link: https://lore.kernel.org/lkml/CAJg=8jyuSxDL6XvqEXY_66M20psRK2J53oBTP+fjV5xpW… Tested-by: Marius Fleischer <fleischermarius(a)gmail.com> Tested-by: Sidhartha Kumar <sidhartha.kumar(a)oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/lib/maple_tree.c b/lib/maple_tree.c index 55e1b35bf877..2d7d27e6ae3c 100644 --- a/lib/maple_tree.c +++ b/lib/maple_tree.c @@ -5109,18 +5109,18 @@ int mas_empty_area_rev(struct ma_state *mas, unsigned long min, if (size == 0 || max - min < size - 1) return -EINVAL; - if (mas_is_start(mas)) { + if (mas_is_start(mas)) mas_start(mas); - mas->offset = mas_data_end(mas); - } else if (mas->offset >= 2) { - mas->offset -= 2; - } else if (!mas_rewind_node(mas)) { + else if ((mas->offset < 2) && (!mas_rewind_node(mas))) return -EBUSY; - } - /* Empty set. */ - if (mas_is_none(mas) || mas_is_ptr(mas)) + if (unlikely(mas_is_none(mas) || mas_is_ptr(mas))) return mas_sparse_area(mas, min, max, size, false); + else if (mas->offset >= 2) + mas->offset -= 2; + else + mas->offset = mas_data_end(mas); + /* The start of the window can only be within these values. */ mas->index = min;

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: set correct ram_bytes when splitting ordered extent" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 63a6ce5a1a6261e4c70bad2b55c4e0de8da4762e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051356-giggling-footnote-3212@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 63a6ce5a1a62 ("btrfs: set correct ram_bytes when splitting ordered extent") 52b1fdca23ac ("btrfs: handle completed ordered extents in btrfs_split_ordered_extent") 816f589b8d43 ("btrfs: atomically insert the new extent in btrfs_split_ordered_extent") b0307e28642e ("btrfs: return the new ordered_extent from btrfs_split_ordered_extent") ebdb44a00e25 ("btrfs: reorder conditions in btrfs_extract_ordered_extent") f0f5329a00ba ("btrfs: don't split NOCOW extent_maps in btrfs_extract_ordered_extent") 7edd339c8a41 ("btrfs: pass an ordered_extent to btrfs_extract_ordered_extent") 2e38a84bc6ab ("btrfs: simplify extent map splitting and rename split_zoned_em") f0792b792dbe ("btrfs: fold btrfs_clone_ordered_extent into btrfs_split_ordered_extent") 8f4af4b8e122 ("btrfs: sink parameter len to btrfs_split_ordered_extent") 11d33ab6c1f3 ("btrfs: simplify splitting logic in btrfs_extract_ordered_extent") e44ca71cfe07 ("btrfs: move ordered_extent internal sanity checks into btrfs_split_ordered_extent") 2cef0c79bb81 ("btrfs: make btrfs_split_bio work on struct btrfs_bio") ae42a154ca89 ("btrfs: pass a btrfs_bio to btrfs_submit_bio") 34f888ce3a35 ("btrfs: cleanup main loop in btrfs_encoded_read_regular_fill_pages") 10e924bc320a ("btrfs: factor out a btrfs_add_compressed_bio_pages helper") e7aff33e3161 ("btrfs: use the bbio file offset in btrfs_submit_compressed_read") 798c9fc74d03 ("btrfs: remove redundant free_extent_map in btrfs_submit_compressed_read") 544fe4a903ce ("btrfs: embed a btrfs_bio into struct compressed_bio") d5e4377d5051 ("btrfs: split zone append bios in btrfs_submit_bio") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 63a6ce5a1a6261e4c70bad2b55c4e0de8da4762e Mon Sep 17 00:00:00 2001 From: Qu Wenruo <wqu(a)suse.com> Date: Tue, 16 Apr 2024 08:07:00 +0930 Subject: [PATCH] btrfs: set correct ram_bytes when splitting ordered extent [BUG] When running generic/287, the following file extent items can be generated: item 16 key (258 EXTENT_DATA 2682880) itemoff 15305 itemsize 53 generation 9 type 1 (regular) extent data disk byte 1378414592 nr 462848 extent data offset 0 nr 462848 ram 2097152 extent compression 0 (none) Note that file extent item is not a compressed one, but its ram_bytes is way larger than its disk_num_bytes. According to btrfs on-disk scheme, ram_bytes should match disk_num_bytes if it's not a compressed one. [CAUSE] Since commit b73a6fd1b1ef ("btrfs: split partial dio bios before submit"), for partial dio writes, we would split the ordered extent. However the function btrfs_split_ordered_extent() doesn't update the ram_bytes even it has already shrunk the disk_num_bytes. Originally the function btrfs_split_ordered_extent() is only introduced for zoned devices in commit d22002fd37bd ("btrfs: zoned: split ordered extent when bio is sent"), but later commit b73a6fd1b1ef ("btrfs: split partial dio bios before submit") makes non-zoned btrfs affected. Thankfully for un-compressed file extent, we do not really utilize the ram_bytes member, thus it won't cause any real problem. [FIX] Also update btrfs_ordered_extent::ram_bytes inside btrfs_split_ordered_extent(). Fixes: d22002fd37bd ("btrfs: zoned: split ordered extent when bio is sent") CC: stable(a)vger.kernel.org # 5.15+ Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: Qu Wenruo <wqu(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/ordered-data.c b/fs/btrfs/ordered-data.c index b749ba45da2b..c2a42bcde98e 100644 --- a/fs/btrfs/ordered-data.c +++ b/fs/btrfs/ordered-data.c @@ -1188,6 +1188,7 @@ struct btrfs_ordered_extent *btrfs_split_ordered_extent( ordered->disk_bytenr += len; ordered->num_bytes -= len; ordered->disk_num_bytes -= len; + ordered->ram_bytes -= len; if (test_bit(BTRFS_ORDERED_IO_DONE, &ordered->flags)) { ASSERT(ordered->bytes_left == 0);

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: set correct ram_bytes when splitting ordered extent" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 63a6ce5a1a6261e4c70bad2b55c4e0de8da4762e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051355-remorse-paragraph-dbaa@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 63a6ce5a1a62 ("btrfs: set correct ram_bytes when splitting ordered extent") 52b1fdca23ac ("btrfs: handle completed ordered extents in btrfs_split_ordered_extent") 816f589b8d43 ("btrfs: atomically insert the new extent in btrfs_split_ordered_extent") b0307e28642e ("btrfs: return the new ordered_extent from btrfs_split_ordered_extent") ebdb44a00e25 ("btrfs: reorder conditions in btrfs_extract_ordered_extent") f0f5329a00ba ("btrfs: don't split NOCOW extent_maps in btrfs_extract_ordered_extent") 7edd339c8a41 ("btrfs: pass an ordered_extent to btrfs_extract_ordered_extent") 2e38a84bc6ab ("btrfs: simplify extent map splitting and rename split_zoned_em") f0792b792dbe ("btrfs: fold btrfs_clone_ordered_extent into btrfs_split_ordered_extent") 8f4af4b8e122 ("btrfs: sink parameter len to btrfs_split_ordered_extent") 11d33ab6c1f3 ("btrfs: simplify splitting logic in btrfs_extract_ordered_extent") e44ca71cfe07 ("btrfs: move ordered_extent internal sanity checks into btrfs_split_ordered_extent") 2cef0c79bb81 ("btrfs: make btrfs_split_bio work on struct btrfs_bio") ae42a154ca89 ("btrfs: pass a btrfs_bio to btrfs_submit_bio") 34f888ce3a35 ("btrfs: cleanup main loop in btrfs_encoded_read_regular_fill_pages") 10e924bc320a ("btrfs: factor out a btrfs_add_compressed_bio_pages helper") e7aff33e3161 ("btrfs: use the bbio file offset in btrfs_submit_compressed_read") 798c9fc74d03 ("btrfs: remove redundant free_extent_map in btrfs_submit_compressed_read") 544fe4a903ce ("btrfs: embed a btrfs_bio into struct compressed_bio") d5e4377d5051 ("btrfs: split zone append bios in btrfs_submit_bio") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 63a6ce5a1a6261e4c70bad2b55c4e0de8da4762e Mon Sep 17 00:00:00 2001 From: Qu Wenruo <wqu(a)suse.com> Date: Tue, 16 Apr 2024 08:07:00 +0930 Subject: [PATCH] btrfs: set correct ram_bytes when splitting ordered extent [BUG] When running generic/287, the following file extent items can be generated: item 16 key (258 EXTENT_DATA 2682880) itemoff 15305 itemsize 53 generation 9 type 1 (regular) extent data disk byte 1378414592 nr 462848 extent data offset 0 nr 462848 ram 2097152 extent compression 0 (none) Note that file extent item is not a compressed one, but its ram_bytes is way larger than its disk_num_bytes. According to btrfs on-disk scheme, ram_bytes should match disk_num_bytes if it's not a compressed one. [CAUSE] Since commit b73a6fd1b1ef ("btrfs: split partial dio bios before submit"), for partial dio writes, we would split the ordered extent. However the function btrfs_split_ordered_extent() doesn't update the ram_bytes even it has already shrunk the disk_num_bytes. Originally the function btrfs_split_ordered_extent() is only introduced for zoned devices in commit d22002fd37bd ("btrfs: zoned: split ordered extent when bio is sent"), but later commit b73a6fd1b1ef ("btrfs: split partial dio bios before submit") makes non-zoned btrfs affected. Thankfully for un-compressed file extent, we do not really utilize the ram_bytes member, thus it won't cause any real problem. [FIX] Also update btrfs_ordered_extent::ram_bytes inside btrfs_split_ordered_extent(). Fixes: d22002fd37bd ("btrfs: zoned: split ordered extent when bio is sent") CC: stable(a)vger.kernel.org # 5.15+ Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: Qu Wenruo <wqu(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/ordered-data.c b/fs/btrfs/ordered-data.c index b749ba45da2b..c2a42bcde98e 100644 --- a/fs/btrfs/ordered-data.c +++ b/fs/btrfs/ordered-data.c @@ -1188,6 +1188,7 @@ struct btrfs_ordered_extent *btrfs_split_ordered_extent( ordered->disk_bytenr += len; ordered->num_bytes -= len; ordered->disk_num_bytes -= len; + ordered->ram_bytes -= len; if (test_bit(BTRFS_ORDERED_IO_DONE, &ordered->flags)) { ASSERT(ordered->bytes_left == 0);

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] usb: typec: tcpm: enforce ready state when queueing alt mode" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x cdc9946ea6377e8e214b135ccc308c5e514ba25f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051326-travesty-kindle-cdeb@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: cdc9946ea637 ("usb: typec: tcpm: enforce ready state when queueing alt mode vdm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cdc9946ea6377e8e214b135ccc308c5e514ba25f Mon Sep 17 00:00:00 2001 From: RD Babiera <rdbabiera(a)google.com> Date: Tue, 23 Apr 2024 20:23:57 +0000 Subject: [PATCH] usb: typec: tcpm: enforce ready state when queueing alt mode vdm Before sending Enter Mode for an Alt Mode, there is a gap between Discover Modes and the Alt Mode driver queueing the Enter Mode VDM for the port partner to send a message to the port. If this message results in unregistering Alt Modes such as in a DR_SWAP, then the following deadlock can occur with respect to the DisplayPort Alt Mode driver: 1. The DR_SWAP state holds port->lock. Unregistering the Alt Mode driver results in a cancel_work_sync() that waits for the current dp_altmode_work to finish. 2. dp_altmode_work makes a call to tcpm_altmode_enter. The deadlock occurs because tcpm_queue_vdm_unlock attempts to hold port->lock. Before attempting to grab the lock, ensure that the port is in a state vdm_run_state_machine can run in. Alt Mode unregistration will not occur in these states. Fixes: 03eafcfb60c0 ("usb: typec: tcpm: Add tcpm_queue_vdm_unlocked() helper") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20240423202356.3372314-2-rdbabiera@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 77e632ea6872..53c1f308ebd7 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -1564,6 +1564,10 @@ static void tcpm_queue_vdm(struct tcpm_port *port, const u32 header, static void tcpm_queue_vdm_unlocked(struct tcpm_port *port, const u32 header, const u32 *data, int cnt, enum tcpm_transmit_type tx_sop_type) { + if (port->state != SRC_READY && port->state != SNK_READY && + port->state != SRC_VDM_IDENTITY_REQUEST) + return; + mutex_lock(&port->lock); tcpm_queue_vdm(port, header, data, cnt, tx_sop_type); mutex_unlock(&port->lock);

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] usb: typec: tcpm: enforce ready state when queueing alt mode" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x cdc9946ea6377e8e214b135ccc308c5e514ba25f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051325-botch-always-c36d@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: cdc9946ea637 ("usb: typec: tcpm: enforce ready state when queueing alt mode vdm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cdc9946ea6377e8e214b135ccc308c5e514ba25f Mon Sep 17 00:00:00 2001 From: RD Babiera <rdbabiera(a)google.com> Date: Tue, 23 Apr 2024 20:23:57 +0000 Subject: [PATCH] usb: typec: tcpm: enforce ready state when queueing alt mode vdm Before sending Enter Mode for an Alt Mode, there is a gap between Discover Modes and the Alt Mode driver queueing the Enter Mode VDM for the port partner to send a message to the port. If this message results in unregistering Alt Modes such as in a DR_SWAP, then the following deadlock can occur with respect to the DisplayPort Alt Mode driver: 1. The DR_SWAP state holds port->lock. Unregistering the Alt Mode driver results in a cancel_work_sync() that waits for the current dp_altmode_work to finish. 2. dp_altmode_work makes a call to tcpm_altmode_enter. The deadlock occurs because tcpm_queue_vdm_unlock attempts to hold port->lock. Before attempting to grab the lock, ensure that the port is in a state vdm_run_state_machine can run in. Alt Mode unregistration will not occur in these states. Fixes: 03eafcfb60c0 ("usb: typec: tcpm: Add tcpm_queue_vdm_unlocked() helper") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20240423202356.3372314-2-rdbabiera@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 77e632ea6872..53c1f308ebd7 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -1564,6 +1564,10 @@ static void tcpm_queue_vdm(struct tcpm_port *port, const u32 header, static void tcpm_queue_vdm_unlocked(struct tcpm_port *port, const u32 header, const u32 *data, int cnt, enum tcpm_transmit_type tx_sop_type) { + if (port->state != SRC_READY && port->state != SNK_READY && + port->state != SRC_VDM_IDENTITY_REQUEST) + return; + mutex_lock(&port->lock); tcpm_queue_vdm(port, header, data, cnt, tx_sop_type); mutex_unlock(&port->lock);

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] usb: typec: tcpm: enforce ready state when queueing alt mode" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x cdc9946ea6377e8e214b135ccc308c5e514ba25f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051325-uphill-unworldly-8335@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: cdc9946ea637 ("usb: typec: tcpm: enforce ready state when queueing alt mode vdm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cdc9946ea6377e8e214b135ccc308c5e514ba25f Mon Sep 17 00:00:00 2001 From: RD Babiera <rdbabiera(a)google.com> Date: Tue, 23 Apr 2024 20:23:57 +0000 Subject: [PATCH] usb: typec: tcpm: enforce ready state when queueing alt mode vdm Before sending Enter Mode for an Alt Mode, there is a gap between Discover Modes and the Alt Mode driver queueing the Enter Mode VDM for the port partner to send a message to the port. If this message results in unregistering Alt Modes such as in a DR_SWAP, then the following deadlock can occur with respect to the DisplayPort Alt Mode driver: 1. The DR_SWAP state holds port->lock. Unregistering the Alt Mode driver results in a cancel_work_sync() that waits for the current dp_altmode_work to finish. 2. dp_altmode_work makes a call to tcpm_altmode_enter. The deadlock occurs because tcpm_queue_vdm_unlock attempts to hold port->lock. Before attempting to grab the lock, ensure that the port is in a state vdm_run_state_machine can run in. Alt Mode unregistration will not occur in these states. Fixes: 03eafcfb60c0 ("usb: typec: tcpm: Add tcpm_queue_vdm_unlocked() helper") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20240423202356.3372314-2-rdbabiera@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 77e632ea6872..53c1f308ebd7 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -1564,6 +1564,10 @@ static void tcpm_queue_vdm(struct tcpm_port *port, const u32 header, static void tcpm_queue_vdm_unlocked(struct tcpm_port *port, const u32 header, const u32 *data, int cnt, enum tcpm_transmit_type tx_sop_type) { + if (port->state != SRC_READY && port->state != SNK_READY && + port->state != SRC_VDM_IDENTITY_REQUEST) + return; + mutex_lock(&port->lock); tcpm_queue_vdm(port, header, data, cnt, tx_sop_type); mutex_unlock(&port->lock);

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] usb: typec: tcpm: enforce ready state when queueing alt mode" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x cdc9946ea6377e8e214b135ccc308c5e514ba25f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051324-lather-duvet-ca29@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: cdc9946ea637 ("usb: typec: tcpm: enforce ready state when queueing alt mode vdm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cdc9946ea6377e8e214b135ccc308c5e514ba25f Mon Sep 17 00:00:00 2001 From: RD Babiera <rdbabiera(a)google.com> Date: Tue, 23 Apr 2024 20:23:57 +0000 Subject: [PATCH] usb: typec: tcpm: enforce ready state when queueing alt mode vdm Before sending Enter Mode for an Alt Mode, there is a gap between Discover Modes and the Alt Mode driver queueing the Enter Mode VDM for the port partner to send a message to the port. If this message results in unregistering Alt Modes such as in a DR_SWAP, then the following deadlock can occur with respect to the DisplayPort Alt Mode driver: 1. The DR_SWAP state holds port->lock. Unregistering the Alt Mode driver results in a cancel_work_sync() that waits for the current dp_altmode_work to finish. 2. dp_altmode_work makes a call to tcpm_altmode_enter. The deadlock occurs because tcpm_queue_vdm_unlock attempts to hold port->lock. Before attempting to grab the lock, ensure that the port is in a state vdm_run_state_machine can run in. Alt Mode unregistration will not occur in these states. Fixes: 03eafcfb60c0 ("usb: typec: tcpm: Add tcpm_queue_vdm_unlocked() helper") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20240423202356.3372314-2-rdbabiera@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 77e632ea6872..53c1f308ebd7 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -1564,6 +1564,10 @@ static void tcpm_queue_vdm(struct tcpm_port *port, const u32 header, static void tcpm_queue_vdm_unlocked(struct tcpm_port *port, const u32 header, const u32 *data, int cnt, enum tcpm_transmit_type tx_sop_type) { + if (port->state != SRC_READY && port->state != SNK_READY && + port->state != SRC_VDM_IDENTITY_REQUEST) + return; + mutex_lock(&port->lock); tcpm_queue_vdm(port, header, data, cnt, tx_sop_type); mutex_unlock(&port->lock);

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] usb: typec: tcpm: enforce ready state when queueing alt mode" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x cdc9946ea6377e8e214b135ccc308c5e514ba25f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051323-entering-curtly-c09a@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: cdc9946ea637 ("usb: typec: tcpm: enforce ready state when queueing alt mode vdm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cdc9946ea6377e8e214b135ccc308c5e514ba25f Mon Sep 17 00:00:00 2001 From: RD Babiera <rdbabiera(a)google.com> Date: Tue, 23 Apr 2024 20:23:57 +0000 Subject: [PATCH] usb: typec: tcpm: enforce ready state when queueing alt mode vdm Before sending Enter Mode for an Alt Mode, there is a gap between Discover Modes and the Alt Mode driver queueing the Enter Mode VDM for the port partner to send a message to the port. If this message results in unregistering Alt Modes such as in a DR_SWAP, then the following deadlock can occur with respect to the DisplayPort Alt Mode driver: 1. The DR_SWAP state holds port->lock. Unregistering the Alt Mode driver results in a cancel_work_sync() that waits for the current dp_altmode_work to finish. 2. dp_altmode_work makes a call to tcpm_altmode_enter. The deadlock occurs because tcpm_queue_vdm_unlock attempts to hold port->lock. Before attempting to grab the lock, ensure that the port is in a state vdm_run_state_machine can run in. Alt Mode unregistration will not occur in these states. Fixes: 03eafcfb60c0 ("usb: typec: tcpm: Add tcpm_queue_vdm_unlocked() helper") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20240423202356.3372314-2-rdbabiera@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 77e632ea6872..53c1f308ebd7 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -1564,6 +1564,10 @@ static void tcpm_queue_vdm(struct tcpm_port *port, const u32 header, static void tcpm_queue_vdm_unlocked(struct tcpm_port *port, const u32 header, const u32 *data, int cnt, enum tcpm_transmit_type tx_sop_type) { + if (port->state != SRC_READY && port->state != SNK_READY && + port->state != SRC_VDM_IDENTITY_REQUEST) + return; + mutex_lock(&port->lock); tcpm_queue_vdm(port, header, data, cnt, tx_sop_type); mutex_unlock(&port->lock);

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] usb: typec: tcpm: Check for port partner validity before" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x ae11f04b452b5205536e1c02d31f8045eba249dd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051312-grumble-contour-16d3@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: ae11f04b452b ("usb: typec: tcpm: Check for port partner validity before consuming it") c97cd0b4b54e ("usb: typec: tcpm: set initial svdm version based on pd revision") 8203d26905ee ("usb: typec: tcpm: Register USB Power Delivery Capabilities") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ae11f04b452b5205536e1c02d31f8045eba249dd Mon Sep 17 00:00:00 2001 From: Badhri Jagan Sridharan <badhri(a)google.com> Date: Sat, 27 Apr 2024 20:28:12 +0000 Subject: [PATCH] usb: typec: tcpm: Check for port partner validity before consuming it typec_register_partner() does not guarantee partner registration to always succeed. In the event of failure, port->partner is set to the error value or NULL. Given that port->partner validity is not checked, this results in the following crash: Unable to handle kernel NULL pointer dereference at virtual address xx pc : run_state_machine+0x1bc8/0x1c08 lr : run_state_machine+0x1b90/0x1c08 .. Call trace: run_state_machine+0x1bc8/0x1c08 tcpm_state_machine_work+0x94/0xe4 kthread_worker_fn+0x118/0x328 kthread+0x1d0/0x23c ret_from_fork+0x10/0x20 To prevent the crash, check for port->partner validity before derefencing it in all the call sites. Cc: stable(a)vger.kernel.org Fixes: c97cd0b4b54e ("usb: typec: tcpm: set initial svdm version based on pd revision") Signed-off-by: Badhri Jagan Sridharan <badhri(a)google.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Link: https://lore.kernel.org/r/20240427202812.3435268-1-badhri@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 53c1f308ebd7..8a1af08f71b6 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -1584,7 +1584,8 @@ static void svdm_consume_identity(struct tcpm_port *port, const u32 *p, int cnt) port->partner_ident.cert_stat = p[VDO_INDEX_CSTAT]; port->partner_ident.product = product; - typec_partner_set_identity(port->partner); + if (port->partner) + typec_partner_set_identity(port->partner); tcpm_log(port, "Identity: %04x:%04x.%04x", PD_IDH_VID(vdo), @@ -1746,6 +1747,9 @@ static void tcpm_register_partner_altmodes(struct tcpm_port *port) struct typec_altmode *altmode; int i; + if (!port->partner) + return; + for (i = 0; i < modep->altmodes; i++) { altmode = typec_partner_register_altmode(port->partner, &modep->altmode_desc[i]); @@ -4238,7 +4242,10 @@ static int tcpm_init_vconn(struct tcpm_port *port) static void tcpm_typec_connect(struct tcpm_port *port) { + struct typec_partner *partner; + if (!port->connected) { + port->connected = true; /* Make sure we don't report stale identity information */ memset(&port->partner_ident, 0, sizeof(port->partner_ident)); port->partner_desc.usb_pd = port->pd_capable; @@ -4248,9 +4255,13 @@ static void tcpm_typec_connect(struct tcpm_port *port) port->partner_desc.accessory = TYPEC_ACCESSORY_AUDIO; else port->partner_desc.accessory = TYPEC_ACCESSORY_NONE; - port->partner = typec_register_partner(port->typec_port, - &port->partner_desc); - port->connected = true; + partner = typec_register_partner(port->typec_port, &port->partner_desc); + if (IS_ERR(partner)) { + dev_err(port->dev, "Failed to register partner (%ld)\n", PTR_ERR(partner)); + return; + } + + port->partner = partner; typec_partner_set_usb_power_delivery(port->partner, port->partner_pd); } } @@ -4330,9 +4341,11 @@ static void tcpm_typec_disconnect(struct tcpm_port *port) port->plug_prime = NULL; port->cable = NULL; if (port->connected) { - typec_partner_set_usb_power_delivery(port->partner, NULL); - typec_unregister_partner(port->partner); - port->partner = NULL; + if (port->partner) { + typec_partner_set_usb_power_delivery(port->partner, NULL); + typec_unregister_partner(port->partner); + port->partner = NULL; + } port->connected = false; } } @@ -4556,6 +4569,9 @@ static enum typec_cc_status tcpm_pwr_opmode_to_rp(enum typec_pwr_opmode opmode) static void tcpm_set_initial_svdm_version(struct tcpm_port *port) { + if (!port->partner) + return; + switch (port->negotiated_rev) { case PD_REV30: break;

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] usb: typec: tcpm: clear pd_event queue in PORT_RESET" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x bf20c69cf3cf9c6445c4925dd9a8a6ca1b78bfdf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051338-manager-debatable-2c57@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: bf20c69cf3cf ("usb: typec: tcpm: clear pd_event queue in PORT_RESET") 197331b27ac8 ("usb: typec: tpcm: Fix PORT_RESET behavior for self powered devices") 1e35f074399d ("usb: typec: tcpm: fix cc role at port reset") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bf20c69cf3cf9c6445c4925dd9a8a6ca1b78bfdf Mon Sep 17 00:00:00 2001 From: RD Babiera <rdbabiera(a)google.com> Date: Tue, 23 Apr 2024 20:27:16 +0000 Subject: [PATCH] usb: typec: tcpm: clear pd_event queue in PORT_RESET When a Fast Role Swap control message attempt results in a transition to ERROR_RECOVERY, the TCPC can still queue a TCPM_SOURCING_VBUS event. If the event is queued but processed after the tcpm_reset_port() call in the PORT_RESET state, then the following occurs: 1. tcpm_reset_port() calls tcpm_init_vbus() to reset the vbus sourcing and sinking state 2. tcpm_pd_event_handler() turns VBUS on before the port is in the default state. 3. The port resolves as a sink. In the SNK_DISCOVERY state, tcpm_set_charge() cannot set vbus to charge. Clear pd events within PORT_RESET to get rid of non-applicable events. Fixes: b17dd57118fe ("staging: typec: tcpm: Improve role swap with non PD capable partners") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20240423202715.3375827-2-rdbabiera@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 99a039374f9c..a0e0ffd5a64b 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -5605,6 +5605,7 @@ static void run_state_machine(struct tcpm_port *port) break; case PORT_RESET: tcpm_reset_port(port); + port->pd_events = 0; if (port->self_powered) tcpm_set_cc(port, TYPEC_CC_OPEN); else

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] usb: typec: tcpm: clear pd_event queue in PORT_RESET" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x bf20c69cf3cf9c6445c4925dd9a8a6ca1b78bfdf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051337-january-scrooge-500c@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: bf20c69cf3cf ("usb: typec: tcpm: clear pd_event queue in PORT_RESET") 197331b27ac8 ("usb: typec: tpcm: Fix PORT_RESET behavior for self powered devices") 1e35f074399d ("usb: typec: tcpm: fix cc role at port reset") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bf20c69cf3cf9c6445c4925dd9a8a6ca1b78bfdf Mon Sep 17 00:00:00 2001 From: RD Babiera <rdbabiera(a)google.com> Date: Tue, 23 Apr 2024 20:27:16 +0000 Subject: [PATCH] usb: typec: tcpm: clear pd_event queue in PORT_RESET When a Fast Role Swap control message attempt results in a transition to ERROR_RECOVERY, the TCPC can still queue a TCPM_SOURCING_VBUS event. If the event is queued but processed after the tcpm_reset_port() call in the PORT_RESET state, then the following occurs: 1. tcpm_reset_port() calls tcpm_init_vbus() to reset the vbus sourcing and sinking state 2. tcpm_pd_event_handler() turns VBUS on before the port is in the default state. 3. The port resolves as a sink. In the SNK_DISCOVERY state, tcpm_set_charge() cannot set vbus to charge. Clear pd events within PORT_RESET to get rid of non-applicable events. Fixes: b17dd57118fe ("staging: typec: tcpm: Improve role swap with non PD capable partners") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20240423202715.3375827-2-rdbabiera@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 99a039374f9c..a0e0ffd5a64b 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -5605,6 +5605,7 @@ static void run_state_machine(struct tcpm_port *port) break; case PORT_RESET: tcpm_reset_port(port); + port->pd_events = 0; if (port->self_powered) tcpm_set_cc(port, TYPEC_CC_OPEN); else

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] usb: typec: tcpm: clear pd_event queue in PORT_RESET" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x bf20c69cf3cf9c6445c4925dd9a8a6ca1b78bfdf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051336-attentive-economy-1fd2@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: bf20c69cf3cf ("usb: typec: tcpm: clear pd_event queue in PORT_RESET") 197331b27ac8 ("usb: typec: tpcm: Fix PORT_RESET behavior for self powered devices") 1e35f074399d ("usb: typec: tcpm: fix cc role at port reset") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bf20c69cf3cf9c6445c4925dd9a8a6ca1b78bfdf Mon Sep 17 00:00:00 2001 From: RD Babiera <rdbabiera(a)google.com> Date: Tue, 23 Apr 2024 20:27:16 +0000 Subject: [PATCH] usb: typec: tcpm: clear pd_event queue in PORT_RESET When a Fast Role Swap control message attempt results in a transition to ERROR_RECOVERY, the TCPC can still queue a TCPM_SOURCING_VBUS event. If the event is queued but processed after the tcpm_reset_port() call in the PORT_RESET state, then the following occurs: 1. tcpm_reset_port() calls tcpm_init_vbus() to reset the vbus sourcing and sinking state 2. tcpm_pd_event_handler() turns VBUS on before the port is in the default state. 3. The port resolves as a sink. In the SNK_DISCOVERY state, tcpm_set_charge() cannot set vbus to charge. Clear pd events within PORT_RESET to get rid of non-applicable events. Fixes: b17dd57118fe ("staging: typec: tcpm: Improve role swap with non PD capable partners") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20240423202715.3375827-2-rdbabiera@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 99a039374f9c..a0e0ffd5a64b 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -5605,6 +5605,7 @@ static void run_state_machine(struct tcpm_port *port) break; case PORT_RESET: tcpm_reset_port(port); + port->pd_events = 0; if (port->self_powered) tcpm_set_cc(port, TYPEC_CC_OPEN); else

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] usb: typec: tcpm: clear pd_event queue in PORT_RESET" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x bf20c69cf3cf9c6445c4925dd9a8a6ca1b78bfdf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051335-augmented-overblown-4920@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: bf20c69cf3cf ("usb: typec: tcpm: clear pd_event queue in PORT_RESET") 197331b27ac8 ("usb: typec: tpcm: Fix PORT_RESET behavior for self powered devices") 1e35f074399d ("usb: typec: tcpm: fix cc role at port reset") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bf20c69cf3cf9c6445c4925dd9a8a6ca1b78bfdf Mon Sep 17 00:00:00 2001 From: RD Babiera <rdbabiera(a)google.com> Date: Tue, 23 Apr 2024 20:27:16 +0000 Subject: [PATCH] usb: typec: tcpm: clear pd_event queue in PORT_RESET When a Fast Role Swap control message attempt results in a transition to ERROR_RECOVERY, the TCPC can still queue a TCPM_SOURCING_VBUS event. If the event is queued but processed after the tcpm_reset_port() call in the PORT_RESET state, then the following occurs: 1. tcpm_reset_port() calls tcpm_init_vbus() to reset the vbus sourcing and sinking state 2. tcpm_pd_event_handler() turns VBUS on before the port is in the default state. 3. The port resolves as a sink. In the SNK_DISCOVERY state, tcpm_set_charge() cannot set vbus to charge. Clear pd events within PORT_RESET to get rid of non-applicable events. Fixes: b17dd57118fe ("staging: typec: tcpm: Improve role swap with non PD capable partners") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20240423202715.3375827-2-rdbabiera@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 99a039374f9c..a0e0ffd5a64b 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -5605,6 +5605,7 @@ static void run_state_machine(struct tcpm_port *port) break; case PORT_RESET: tcpm_reset_port(port); + port->pd_events = 0; if (port->self_powered) tcpm_set_cc(port, TYPEC_CC_OPEN); else

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] usb: typec: tcpm: clear pd_event queue in PORT_RESET" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x bf20c69cf3cf9c6445c4925dd9a8a6ca1b78bfdf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051335-reacquire-salvaging-9c43@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: bf20c69cf3cf ("usb: typec: tcpm: clear pd_event queue in PORT_RESET") 197331b27ac8 ("usb: typec: tpcm: Fix PORT_RESET behavior for self powered devices") 1e35f074399d ("usb: typec: tcpm: fix cc role at port reset") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bf20c69cf3cf9c6445c4925dd9a8a6ca1b78bfdf Mon Sep 17 00:00:00 2001 From: RD Babiera <rdbabiera(a)google.com> Date: Tue, 23 Apr 2024 20:27:16 +0000 Subject: [PATCH] usb: typec: tcpm: clear pd_event queue in PORT_RESET When a Fast Role Swap control message attempt results in a transition to ERROR_RECOVERY, the TCPC can still queue a TCPM_SOURCING_VBUS event. If the event is queued but processed after the tcpm_reset_port() call in the PORT_RESET state, then the following occurs: 1. tcpm_reset_port() calls tcpm_init_vbus() to reset the vbus sourcing and sinking state 2. tcpm_pd_event_handler() turns VBUS on before the port is in the default state. 3. The port resolves as a sink. In the SNK_DISCOVERY state, tcpm_set_charge() cannot set vbus to charge. Clear pd events within PORT_RESET to get rid of non-applicable events. Fixes: b17dd57118fe ("staging: typec: tcpm: Improve role swap with non PD capable partners") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20240423202715.3375827-2-rdbabiera@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 99a039374f9c..a0e0ffd5a64b 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -5605,6 +5605,7 @@ static void run_state_machine(struct tcpm_port *port) break; case PORT_RESET: tcpm_reset_port(port); + port->pd_events = 0; if (port->self_powered) tcpm_set_cc(port, TYPEC_CC_OPEN); else

1 year, 4 months

1
0
0 0

[PATCH] powerpc/85xx: fix compile error without CONFIG_CRASH_DUMP

by Hari Bathini

Since commit 5c4233cc0920 ("powerpc/kdump: Split KEXEC_CORE and CRASH_DUMP dependency"), crashing_cpu is not available without CONFIG_CRASH_DUMP. Fix compile error on 64-BIT 85xx owing to this change. Cc: stable(a)vger.kernel.org Fixes: 5c4233cc0920 ("powerpc/kdump: Split KEXEC_CORE and CRASH_DUMP dependency") Reported-by: Christian Zigotzky <chzigotzky(a)xenosoft.de> Closes: https://lore.kernel.org/all/fa247ae4-5825-4dbe-a737-d93b7ab4d4b9@xenosoft.d… Suggested-by: Michael Ellerman <mpe(a)ellerman.id.au> Signed-off-by: Hari Bathini <hbathini(a)linux.ibm.com> --- arch/powerpc/platforms/85xx/smp.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/arch/powerpc/platforms/85xx/smp.c b/arch/powerpc/platforms/85xx/smp.c index 40aa58206888..e52b848b64b7 100644 --- a/arch/powerpc/platforms/85xx/smp.c +++ b/arch/powerpc/platforms/85xx/smp.c @@ -398,6 +398,7 @@ static void mpc85xx_smp_kexec_cpu_down(int crash_shutdown, int secondary) hard_irq_disable(); mpic_teardown_this_cpu(secondary); +#ifdef CONFIG_CRASH_DUMP if (cpu == crashing_cpu && cpu_thread_in_core(cpu) != 0) { /* * We enter the crash kernel on whatever cpu crashed, @@ -406,9 +407,11 @@ static void mpc85xx_smp_kexec_cpu_down(int crash_shutdown, int secondary) */ disable_threadbit = 1; disable_cpu = cpu_first_thread_sibling(cpu); - } else if (sibling != crashing_cpu && - cpu_thread_in_core(cpu) == 0 && - cpu_thread_in_core(sibling) != 0) { + } else if (sibling == crashing_cpu) { + return; + } +#endif + if (cpu_thread_in_core(cpu) == 0 && cpu_thread_in_core(sibling) != 0) { disable_threadbit = 2; disable_cpu = sibling; } -- 2.45.0

1 year, 4 months

2
1
0 0

FAILED: patch "[PATCH] usb: gadget: f_fs: Fix race between aio_cancel() and AIO" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 24729b307eefcd7c476065cd7351c1a018082c19 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051307-reseller-bagging-3dbc@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 24729b307eef ("usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete") b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 24729b307eefcd7c476065cd7351c1a018082c19 Mon Sep 17 00:00:00 2001 From: Wesley Cheng <quic_wcheng(a)quicinc.com> Date: Mon, 8 Apr 2024 18:40:59 -0700 Subject: [PATCH] usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete FFS based applications can utilize the aio_cancel() callback to dequeue pending USB requests submitted to the UDC. There is a scenario where the FFS application issues an AIO cancel call, while the UDC is handling a soft disconnect. For a DWC3 based implementation, the callstack looks like the following: DWC3 Gadget FFS Application dwc3_gadget_soft_disconnect() ... --> dwc3_stop_active_transfers() --> dwc3_gadget_giveback(-ESHUTDOWN) --> ffs_epfile_async_io_complete() ffs_aio_cancel() --> usb_ep_free_request() --> usb_ep_dequeue() There is currently no locking implemented between the AIO completion handler and AIO cancel, so the issue occurs if the completion routine is running in parallel to an AIO cancel call coming from the FFS application. As the completion call frees the USB request (io_data->req) the FFS application is also referencing it for the usb_ep_dequeue() call. This can lead to accessing a stale/hanging pointer. commit b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") relocated the usb_ep_free_request() into ffs_epfile_async_io_complete(). However, in order to properly implement locking to mitigate this issue, the spinlock can't be added to ffs_epfile_async_io_complete(), as usb_ep_dequeue() (if successfully dequeuing a USB request) will call the function driver's completion handler in the same context. Hence, leading into a deadlock. Fix this issue by moving the usb_ep_free_request() back to ffs_user_copy_worker(), and ensuring that it explicitly sets io_data->req to NULL after freeing it within the ffs->eps_lock. This resolves the race condition above, as the ffs_aio_cancel() routine will not continue attempting to dequeue a request that has already been freed, or the ffs_user_copy_work() not freeing the USB request until the AIO cancel is done referencing it. This fix depends on commit b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") Fixes: 2e4c7553cd6f ("usb: gadget: f_fs: add aio support") Cc: stable <stable(a)kernel.org> # b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") Signed-off-by: Wesley Cheng <quic_wcheng(a)quicinc.com> Link: https://lore.kernel.org/r/20240409014059.6740-1-quic_wcheng@quicinc.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c index f855f1fc8e5e..aa80c2a6b8e0 100644 --- a/drivers/usb/gadget/function/f_fs.c +++ b/drivers/usb/gadget/function/f_fs.c @@ -852,6 +852,7 @@ static void ffs_user_copy_worker(struct work_struct *work) work); int ret = io_data->status; bool kiocb_has_eventfd = io_data->kiocb->ki_flags & IOCB_EVENTFD; + unsigned long flags; if (io_data->read && ret > 0) { kthread_use_mm(io_data->mm); @@ -864,6 +865,11 @@ static void ffs_user_copy_worker(struct work_struct *work) if (io_data->ffs->ffs_eventfd && !kiocb_has_eventfd) eventfd_signal(io_data->ffs->ffs_eventfd); + spin_lock_irqsave(&io_data->ffs->eps_lock, flags); + usb_ep_free_request(io_data->ep, io_data->req); + io_data->req = NULL; + spin_unlock_irqrestore(&io_data->ffs->eps_lock, flags); + if (io_data->read) kfree(io_data->to_free); ffs_free_buffer(io_data); @@ -877,7 +883,6 @@ static void ffs_epfile_async_io_complete(struct usb_ep *_ep, struct ffs_data *ffs = io_data->ffs; io_data->status = req->status ? req->status : req->actual; - usb_ep_free_request(_ep, req); INIT_WORK(&io_data->work, ffs_user_copy_worker); queue_work(ffs->io_completion_wq, &io_data->work);

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] usb: gadget: f_fs: Fix race between aio_cancel() and AIO" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 24729b307eefcd7c476065cd7351c1a018082c19 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051305-stillness-skirmish-11b0@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 24729b307eef ("usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete") b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 24729b307eefcd7c476065cd7351c1a018082c19 Mon Sep 17 00:00:00 2001 From: Wesley Cheng <quic_wcheng(a)quicinc.com> Date: Mon, 8 Apr 2024 18:40:59 -0700 Subject: [PATCH] usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete FFS based applications can utilize the aio_cancel() callback to dequeue pending USB requests submitted to the UDC. There is a scenario where the FFS application issues an AIO cancel call, while the UDC is handling a soft disconnect. For a DWC3 based implementation, the callstack looks like the following: DWC3 Gadget FFS Application dwc3_gadget_soft_disconnect() ... --> dwc3_stop_active_transfers() --> dwc3_gadget_giveback(-ESHUTDOWN) --> ffs_epfile_async_io_complete() ffs_aio_cancel() --> usb_ep_free_request() --> usb_ep_dequeue() There is currently no locking implemented between the AIO completion handler and AIO cancel, so the issue occurs if the completion routine is running in parallel to an AIO cancel call coming from the FFS application. As the completion call frees the USB request (io_data->req) the FFS application is also referencing it for the usb_ep_dequeue() call. This can lead to accessing a stale/hanging pointer. commit b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") relocated the usb_ep_free_request() into ffs_epfile_async_io_complete(). However, in order to properly implement locking to mitigate this issue, the spinlock can't be added to ffs_epfile_async_io_complete(), as usb_ep_dequeue() (if successfully dequeuing a USB request) will call the function driver's completion handler in the same context. Hence, leading into a deadlock. Fix this issue by moving the usb_ep_free_request() back to ffs_user_copy_worker(), and ensuring that it explicitly sets io_data->req to NULL after freeing it within the ffs->eps_lock. This resolves the race condition above, as the ffs_aio_cancel() routine will not continue attempting to dequeue a request that has already been freed, or the ffs_user_copy_work() not freeing the USB request until the AIO cancel is done referencing it. This fix depends on commit b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") Fixes: 2e4c7553cd6f ("usb: gadget: f_fs: add aio support") Cc: stable <stable(a)kernel.org> # b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") Signed-off-by: Wesley Cheng <quic_wcheng(a)quicinc.com> Link: https://lore.kernel.org/r/20240409014059.6740-1-quic_wcheng@quicinc.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c index f855f1fc8e5e..aa80c2a6b8e0 100644 --- a/drivers/usb/gadget/function/f_fs.c +++ b/drivers/usb/gadget/function/f_fs.c @@ -852,6 +852,7 @@ static void ffs_user_copy_worker(struct work_struct *work) work); int ret = io_data->status; bool kiocb_has_eventfd = io_data->kiocb->ki_flags & IOCB_EVENTFD; + unsigned long flags; if (io_data->read && ret > 0) { kthread_use_mm(io_data->mm); @@ -864,6 +865,11 @@ static void ffs_user_copy_worker(struct work_struct *work) if (io_data->ffs->ffs_eventfd && !kiocb_has_eventfd) eventfd_signal(io_data->ffs->ffs_eventfd); + spin_lock_irqsave(&io_data->ffs->eps_lock, flags); + usb_ep_free_request(io_data->ep, io_data->req); + io_data->req = NULL; + spin_unlock_irqrestore(&io_data->ffs->eps_lock, flags); + if (io_data->read) kfree(io_data->to_free); ffs_free_buffer(io_data); @@ -877,7 +883,6 @@ static void ffs_epfile_async_io_complete(struct usb_ep *_ep, struct ffs_data *ffs = io_data->ffs; io_data->status = req->status ? req->status : req->actual; - usb_ep_free_request(_ep, req); INIT_WORK(&io_data->work, ffs_user_copy_worker); queue_work(ffs->io_completion_wq, &io_data->work);

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] usb: gadget: f_fs: Fix race between aio_cancel() and AIO" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 24729b307eefcd7c476065cd7351c1a018082c19 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051304-junkman-evoke-3fa9@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 24729b307eef ("usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete") b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 24729b307eefcd7c476065cd7351c1a018082c19 Mon Sep 17 00:00:00 2001 From: Wesley Cheng <quic_wcheng(a)quicinc.com> Date: Mon, 8 Apr 2024 18:40:59 -0700 Subject: [PATCH] usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete FFS based applications can utilize the aio_cancel() callback to dequeue pending USB requests submitted to the UDC. There is a scenario where the FFS application issues an AIO cancel call, while the UDC is handling a soft disconnect. For a DWC3 based implementation, the callstack looks like the following: DWC3 Gadget FFS Application dwc3_gadget_soft_disconnect() ... --> dwc3_stop_active_transfers() --> dwc3_gadget_giveback(-ESHUTDOWN) --> ffs_epfile_async_io_complete() ffs_aio_cancel() --> usb_ep_free_request() --> usb_ep_dequeue() There is currently no locking implemented between the AIO completion handler and AIO cancel, so the issue occurs if the completion routine is running in parallel to an AIO cancel call coming from the FFS application. As the completion call frees the USB request (io_data->req) the FFS application is also referencing it for the usb_ep_dequeue() call. This can lead to accessing a stale/hanging pointer. commit b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") relocated the usb_ep_free_request() into ffs_epfile_async_io_complete(). However, in order to properly implement locking to mitigate this issue, the spinlock can't be added to ffs_epfile_async_io_complete(), as usb_ep_dequeue() (if successfully dequeuing a USB request) will call the function driver's completion handler in the same context. Hence, leading into a deadlock. Fix this issue by moving the usb_ep_free_request() back to ffs_user_copy_worker(), and ensuring that it explicitly sets io_data->req to NULL after freeing it within the ffs->eps_lock. This resolves the race condition above, as the ffs_aio_cancel() routine will not continue attempting to dequeue a request that has already been freed, or the ffs_user_copy_work() not freeing the USB request until the AIO cancel is done referencing it. This fix depends on commit b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") Fixes: 2e4c7553cd6f ("usb: gadget: f_fs: add aio support") Cc: stable <stable(a)kernel.org> # b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") Signed-off-by: Wesley Cheng <quic_wcheng(a)quicinc.com> Link: https://lore.kernel.org/r/20240409014059.6740-1-quic_wcheng@quicinc.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c index f855f1fc8e5e..aa80c2a6b8e0 100644 --- a/drivers/usb/gadget/function/f_fs.c +++ b/drivers/usb/gadget/function/f_fs.c @@ -852,6 +852,7 @@ static void ffs_user_copy_worker(struct work_struct *work) work); int ret = io_data->status; bool kiocb_has_eventfd = io_data->kiocb->ki_flags & IOCB_EVENTFD; + unsigned long flags; if (io_data->read && ret > 0) { kthread_use_mm(io_data->mm); @@ -864,6 +865,11 @@ static void ffs_user_copy_worker(struct work_struct *work) if (io_data->ffs->ffs_eventfd && !kiocb_has_eventfd) eventfd_signal(io_data->ffs->ffs_eventfd); + spin_lock_irqsave(&io_data->ffs->eps_lock, flags); + usb_ep_free_request(io_data->ep, io_data->req); + io_data->req = NULL; + spin_unlock_irqrestore(&io_data->ffs->eps_lock, flags); + if (io_data->read) kfree(io_data->to_free); ffs_free_buffer(io_data); @@ -877,7 +883,6 @@ static void ffs_epfile_async_io_complete(struct usb_ep *_ep, struct ffs_data *ffs = io_data->ffs; io_data->status = req->status ? req->status : req->actual; - usb_ep_free_request(_ep, req); INIT_WORK(&io_data->work, ffs_user_copy_worker); queue_work(ffs->io_completion_wq, &io_data->work);

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] usb: gadget: f_fs: Fix race between aio_cancel() and AIO" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 24729b307eefcd7c476065cd7351c1a018082c19 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051303-flagstone-snowbound-2d25@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 24729b307eef ("usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete") b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 24729b307eefcd7c476065cd7351c1a018082c19 Mon Sep 17 00:00:00 2001 From: Wesley Cheng <quic_wcheng(a)quicinc.com> Date: Mon, 8 Apr 2024 18:40:59 -0700 Subject: [PATCH] usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete FFS based applications can utilize the aio_cancel() callback to dequeue pending USB requests submitted to the UDC. There is a scenario where the FFS application issues an AIO cancel call, while the UDC is handling a soft disconnect. For a DWC3 based implementation, the callstack looks like the following: DWC3 Gadget FFS Application dwc3_gadget_soft_disconnect() ... --> dwc3_stop_active_transfers() --> dwc3_gadget_giveback(-ESHUTDOWN) --> ffs_epfile_async_io_complete() ffs_aio_cancel() --> usb_ep_free_request() --> usb_ep_dequeue() There is currently no locking implemented between the AIO completion handler and AIO cancel, so the issue occurs if the completion routine is running in parallel to an AIO cancel call coming from the FFS application. As the completion call frees the USB request (io_data->req) the FFS application is also referencing it for the usb_ep_dequeue() call. This can lead to accessing a stale/hanging pointer. commit b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") relocated the usb_ep_free_request() into ffs_epfile_async_io_complete(). However, in order to properly implement locking to mitigate this issue, the spinlock can't be added to ffs_epfile_async_io_complete(), as usb_ep_dequeue() (if successfully dequeuing a USB request) will call the function driver's completion handler in the same context. Hence, leading into a deadlock. Fix this issue by moving the usb_ep_free_request() back to ffs_user_copy_worker(), and ensuring that it explicitly sets io_data->req to NULL after freeing it within the ffs->eps_lock. This resolves the race condition above, as the ffs_aio_cancel() routine will not continue attempting to dequeue a request that has already been freed, or the ffs_user_copy_work() not freeing the USB request until the AIO cancel is done referencing it. This fix depends on commit b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") Fixes: 2e4c7553cd6f ("usb: gadget: f_fs: add aio support") Cc: stable <stable(a)kernel.org> # b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") Signed-off-by: Wesley Cheng <quic_wcheng(a)quicinc.com> Link: https://lore.kernel.org/r/20240409014059.6740-1-quic_wcheng@quicinc.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c index f855f1fc8e5e..aa80c2a6b8e0 100644 --- a/drivers/usb/gadget/function/f_fs.c +++ b/drivers/usb/gadget/function/f_fs.c @@ -852,6 +852,7 @@ static void ffs_user_copy_worker(struct work_struct *work) work); int ret = io_data->status; bool kiocb_has_eventfd = io_data->kiocb->ki_flags & IOCB_EVENTFD; + unsigned long flags; if (io_data->read && ret > 0) { kthread_use_mm(io_data->mm); @@ -864,6 +865,11 @@ static void ffs_user_copy_worker(struct work_struct *work) if (io_data->ffs->ffs_eventfd && !kiocb_has_eventfd) eventfd_signal(io_data->ffs->ffs_eventfd); + spin_lock_irqsave(&io_data->ffs->eps_lock, flags); + usb_ep_free_request(io_data->ep, io_data->req); + io_data->req = NULL; + spin_unlock_irqrestore(&io_data->ffs->eps_lock, flags); + if (io_data->read) kfree(io_data->to_free); ffs_free_buffer(io_data); @@ -877,7 +883,6 @@ static void ffs_epfile_async_io_complete(struct usb_ep *_ep, struct ffs_data *ffs = io_data->ffs; io_data->status = req->status ? req->status : req->actual; - usb_ep_free_request(_ep, req); INIT_WORK(&io_data->work, ffs_user_copy_worker); queue_work(ffs->io_completion_wq, &io_data->work);

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] usb: gadget: f_fs: Fix race between aio_cancel() and AIO" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 24729b307eefcd7c476065cd7351c1a018082c19 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051302-basin-buffed-b0cd@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 24729b307eef ("usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete") b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 24729b307eefcd7c476065cd7351c1a018082c19 Mon Sep 17 00:00:00 2001 From: Wesley Cheng <quic_wcheng(a)quicinc.com> Date: Mon, 8 Apr 2024 18:40:59 -0700 Subject: [PATCH] usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete FFS based applications can utilize the aio_cancel() callback to dequeue pending USB requests submitted to the UDC. There is a scenario where the FFS application issues an AIO cancel call, while the UDC is handling a soft disconnect. For a DWC3 based implementation, the callstack looks like the following: DWC3 Gadget FFS Application dwc3_gadget_soft_disconnect() ... --> dwc3_stop_active_transfers() --> dwc3_gadget_giveback(-ESHUTDOWN) --> ffs_epfile_async_io_complete() ffs_aio_cancel() --> usb_ep_free_request() --> usb_ep_dequeue() There is currently no locking implemented between the AIO completion handler and AIO cancel, so the issue occurs if the completion routine is running in parallel to an AIO cancel call coming from the FFS application. As the completion call frees the USB request (io_data->req) the FFS application is also referencing it for the usb_ep_dequeue() call. This can lead to accessing a stale/hanging pointer. commit b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") relocated the usb_ep_free_request() into ffs_epfile_async_io_complete(). However, in order to properly implement locking to mitigate this issue, the spinlock can't be added to ffs_epfile_async_io_complete(), as usb_ep_dequeue() (if successfully dequeuing a USB request) will call the function driver's completion handler in the same context. Hence, leading into a deadlock. Fix this issue by moving the usb_ep_free_request() back to ffs_user_copy_worker(), and ensuring that it explicitly sets io_data->req to NULL after freeing it within the ffs->eps_lock. This resolves the race condition above, as the ffs_aio_cancel() routine will not continue attempting to dequeue a request that has already been freed, or the ffs_user_copy_work() not freeing the USB request until the AIO cancel is done referencing it. This fix depends on commit b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") Fixes: 2e4c7553cd6f ("usb: gadget: f_fs: add aio support") Cc: stable <stable(a)kernel.org> # b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") Signed-off-by: Wesley Cheng <quic_wcheng(a)quicinc.com> Link: https://lore.kernel.org/r/20240409014059.6740-1-quic_wcheng@quicinc.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c index f855f1fc8e5e..aa80c2a6b8e0 100644 --- a/drivers/usb/gadget/function/f_fs.c +++ b/drivers/usb/gadget/function/f_fs.c @@ -852,6 +852,7 @@ static void ffs_user_copy_worker(struct work_struct *work) work); int ret = io_data->status; bool kiocb_has_eventfd = io_data->kiocb->ki_flags & IOCB_EVENTFD; + unsigned long flags; if (io_data->read && ret > 0) { kthread_use_mm(io_data->mm); @@ -864,6 +865,11 @@ static void ffs_user_copy_worker(struct work_struct *work) if (io_data->ffs->ffs_eventfd && !kiocb_has_eventfd) eventfd_signal(io_data->ffs->ffs_eventfd); + spin_lock_irqsave(&io_data->ffs->eps_lock, flags); + usb_ep_free_request(io_data->ep, io_data->req); + io_data->req = NULL; + spin_unlock_irqrestore(&io_data->ffs->eps_lock, flags); + if (io_data->read) kfree(io_data->to_free); ffs_free_buffer(io_data); @@ -877,7 +883,6 @@ static void ffs_epfile_async_io_complete(struct usb_ep *_ep, struct ffs_data *ffs = io_data->ffs; io_data->status = req->status ? req->status : req->actual; - usb_ep_free_request(_ep, req); INIT_WORK(&io_data->work, ffs_user_copy_worker); queue_work(ffs->io_completion_wq, &io_data->work);

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] usb: typec: qcom-pmic: fix use-after-free on late probe" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x d80eee97cb4e90768a81c856ac71d721996d86b7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051321-backyard-cranial-5f34@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: d80eee97cb4e ("usb: typec: qcom-pmic: fix use-after-free on late probe errors") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d80eee97cb4e90768a81c856ac71d721996d86b7 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Thu, 18 Apr 2024 16:57:29 +0200 Subject: [PATCH] usb: typec: qcom-pmic: fix use-after-free on late probe errors Make sure to stop and deregister the port in case of late probe errors to avoid use-after-free issues when the underlying memory is released by devres. Fixes: a4422ff22142 ("usb: typec: qcom: Add Qualcomm PMIC Type-C driver") Cc: stable(a)vger.kernel.org # 6.5 Cc: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Reviewed-by: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20240418145730.4605-2-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/qcom/qcom_pmic_typec.c b/drivers/usb/typec/tcpm/qcom/qcom_pmic_typec.c index e48412cdcb0f..d3958c061a97 100644 --- a/drivers/usb/typec/tcpm/qcom/qcom_pmic_typec.c +++ b/drivers/usb/typec/tcpm/qcom/qcom_pmic_typec.c @@ -104,14 +104,18 @@ static int qcom_pmic_typec_probe(struct platform_device *pdev) ret = tcpm->port_start(tcpm, tcpm->tcpm_port); if (ret) - goto fwnode_remove; + goto port_unregister; ret = tcpm->pdphy_start(tcpm, tcpm->tcpm_port); if (ret) - goto fwnode_remove; + goto port_stop; return 0; +port_stop: + tcpm->port_stop(tcpm); +port_unregister: + tcpm_unregister_port(tcpm->tcpm_port); fwnode_remove: fwnode_remove_software_node(tcpm->tcpc.fwnode);

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] usb: typec: qcom-pmic: fix use-after-free on late probe" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x d80eee97cb4e90768a81c856ac71d721996d86b7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051320-bleep-cure-25ea@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: d80eee97cb4e ("usb: typec: qcom-pmic: fix use-after-free on late probe errors") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d80eee97cb4e90768a81c856ac71d721996d86b7 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Thu, 18 Apr 2024 16:57:29 +0200 Subject: [PATCH] usb: typec: qcom-pmic: fix use-after-free on late probe errors Make sure to stop and deregister the port in case of late probe errors to avoid use-after-free issues when the underlying memory is released by devres. Fixes: a4422ff22142 ("usb: typec: qcom: Add Qualcomm PMIC Type-C driver") Cc: stable(a)vger.kernel.org # 6.5 Cc: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Reviewed-by: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20240418145730.4605-2-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/qcom/qcom_pmic_typec.c b/drivers/usb/typec/tcpm/qcom/qcom_pmic_typec.c index e48412cdcb0f..d3958c061a97 100644 --- a/drivers/usb/typec/tcpm/qcom/qcom_pmic_typec.c +++ b/drivers/usb/typec/tcpm/qcom/qcom_pmic_typec.c @@ -104,14 +104,18 @@ static int qcom_pmic_typec_probe(struct platform_device *pdev) ret = tcpm->port_start(tcpm, tcpm->tcpm_port); if (ret) - goto fwnode_remove; + goto port_unregister; ret = tcpm->pdphy_start(tcpm, tcpm->tcpm_port); if (ret) - goto fwnode_remove; + goto port_stop; return 0; +port_stop: + tcpm->port_stop(tcpm); +port_unregister: + tcpm_unregister_port(tcpm->tcpm_port); fwnode_remove: fwnode_remove_software_node(tcpm->tcpc.fwnode);

1 year, 4 months

1
0
0 0

4.19 stable kernel crash caused by vxlan testing

by zhulei

Hey all, I recently used a testing program to test the 4.19 stable branch kernel and found that a crash occurred immediately. The test source code link is: https://github.com/Backmyheart/src0358/blob/master/vxlan_fdb_destroy.c The test command is as follows: gcc vxlan_fdb_destroy.c -o vxlan_fdb_destroy -lpthread According to its stack, upstream has relevant repair patch, the commit id is 7c31e54aeee517d1318dfc0bde9fa7de75893dc6. May i ask if the 4.19 kernel will port this patch ?

1 year, 4 months

4
4
0 0

[PATCH 6.1 000/272] 6.1.84-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.84 release. There are 272 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 03 Apr 2024 15:24:46 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.84-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.84-rc1 Natanael Copa <ncopa(a)alpinelinux.org> tools/resolve_btfids: fix build with musl libc Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix deadlock in usb_deauthorize_interface() Kevin Loughlin <kevinloughlin(a)google.com> x86/sev: Skip ROM range scans and validation for SEV-SNP guests Xingui Yang <yangxingui(a)huawei.com> scsi: libsas: Fix disk not being scanned in after being removed Xingui Yang <yangxingui(a)huawei.com> scsi: libsas: Add a helper sas_get_sas_addr_and_dev_type() Muhammad Usama Anjum <usama.anjum(a)collabora.com> scsi: lpfc: Correct size for wqe for memset() Muhammad Usama Anjum <usama.anjum(a)collabora.com> scsi: lpfc: Correct size for cmdwqe/rspwqe for memset() Sabrina Dubroca <sd(a)queasysnail.net> tls: fix use-after-free on failed backlog decryption Kim Phillips <kim.phillips(a)amd.com> x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Delay I/O Abort on PCI error Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Change debug message during driver unload Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Fix double free of fcport Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix command flush on cable pull Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: NVME|FCP prefer flag not being honored Bikash Hazarika <bhazarika(a)marvell.com> scsi: qla2xxx: Update manufacturer detail Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Split FCE|EFT trace control Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix N2N stuck connection Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Prevent command send on chip reset Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi_acpi: Refactor and fix DELL quirk Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Ack unsupported commands Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Check for notifications after init Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Clear EVENT_PENDING under PPM lock Kyle Tso <kyletso(a)google.com> usb: typec: Return size of buffer if pd_set operation succeeds yuan linyu <yuanlinyu(a)hihonor.com> usb: udc: remove warning when queue disabled ep Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: gadget: LPM flow fix Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: gadget: Fix exiting from clock gating Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix ISOC flow in DDMA mode Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix hibernation flow Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix remote wakeup from hibernation Damien Le Moal <dlemoal(a)kernel.org> scsi: sd: Fix TCG OPAL unlock on system resume Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix deadlock in port "disable" sysfs attribute Alan Stern <stern(a)rowland.harvard.edu> USB: core: Add hub_get() and hub_put() routines Dan Carpenter <dan.carpenter(a)linaro.org> staging: vc04_services: fix information leak in create_component() Arnd Bergmann <arnd(a)arndb.de> staging: vc04_services: changen strncpy() to strscpy_pad() Guilherme G. Piccoli <gpiccoli(a)igalia.com> scsi: core: Fix unremoved procfs host directory regression Duoming Zhou <duoming(a)zju.edu.cn> ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs Roger Quadros <rogerq(a)kernel.org> usb: dwc3-am62: fix module unload/reload behavior Ladislav Michl <ladis(a)linux-mips.org> usb: dwc3-am62: Rename private data Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> USB: UAS: return ENODEV when submit urbs fail with device not attached Oliver Neukum <oneukum(a)suse.com> usb: cdc-wdm: close race between read and workqueue Alexander Stein <alexander.stein(a)ew.tq-group.com> Revert "usb: phy: generic: Get the vbus supply" Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix not checking error on hci_cmd_sync_cancel_sync Chris Wilson <chris(a)chris-wilson.co.uk> drm/i915/gt: Reset queue_priority_hint on parking Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode() Eric Huang <jinhuieric.huang(a)amd.com> drm/amdkfd: fix TLB flush after unmap for GFX9.4.2 Jocelyn Falempe <jfalempe(a)redhat.com> drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed Claus Hansen Ries <chr(a)terma.com> net: ll_temac: platform_get_resource replaced by wrong function Duoming Zhou <duoming(a)zju.edu.cn> nouveau/dmem: handle kcalloc() allocation failure Ye Zhang <ye.zhang(a)rock-chips.com> thermal: devfreq_cooling: Fix perf state when calculate dfc res_util Damien Le Moal <dlemoal(a)kernel.org> block: Do not force full zone append completion in req_bio_endio() Mikko Rapeli <mikko.rapeli(a)linaro.org> mmc: core: Avoid negative index with array access Mikko Rapeli <mikko.rapeli(a)linaro.org> mmc: core: Initialize mmc_blk_ioc_data Romain Naour <romain.naour(a)skf.com> mmc: sdhci-omap: re-tuning is needed after a pm transition to support emmc HS200 mode Nathan Chancellor <nathan(a)kernel.org> hexagon: vmlinux.lds.S: handle attributes section Max Filippov <jcmvbkbc(a)gmail.com> exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: fw: don't always use FW dump trig Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: use zone aware sb location for scrub Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: don't skip block groups with 100% zone unusable Ard Biesheuvel <ardb(a)kernel.org> efi/libstub: Cast away type warning in use of max() Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Add missing boot_params for mixed mode compat entry John Sperbeck <jsperbeck(a)google.com> init: open /initrd.image with O_LARGEFILE Zi Yan <ziy(a)nvidia.com> mm/migrate: set swap entry values of THP tail pages properly. Ard Biesheuvel <ardb(a)kernel.org> x86/sev: Fix position dependent variable references in startup code Borislav Petkov (AMD) <bp(a)alien8.de> x86/Kconfig: Remove CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT Borislav Petkov (AMD) <bp(a)alien8.de> x86/coco: Get rid of accessor functions Borislav Petkov (AMD) <bp(a)alien8.de> x86/coco: Export cc_vendor Alex Williamson <alex.williamson(a)redhat.com> vfio/fsl-mc: Block calling interrupt handler without trigger Alex Williamson <alex.williamson(a)redhat.com> vfio/platform: Create persistent IRQ handlers Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Create persistent INTx handler Alex Williamson <alex.williamson(a)redhat.com> vfio: Introduce interface to flush virqfd inject workqueue Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Disable auto-enable of exclusive INTx IRQ Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: diag: return KSFT_FAIL not test_cnt Chengming Zhou <zhouchengming(a)bytedance.com> blk-mq: release scheduler resource when request completes Tony Battersby <tonyb(a)cybernetics.com> block: Fix page refcounts for unaligned buffers in __bio_release_pages() Rickard x Andersson <rickaran(a)axis.com> tty: serial: imx: Fix broken RS485 Zoltan HERPAI <wigyori(a)uid0.hu> pwm: img: fix pwm clock lookup Oleksandr Tymoshenko <ovt(a)google.com> efi: fix panic in kdump kernel Adamos Ttofari <attofari(a)amazon.de> x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD KONDO KAZUMA(近藤　和真) <kazuma-kondo(a)nec.com> efi/libstub: fix efi_random_alloc() to allocate memory at alloc_min or higher address Masami Hiramatsu (Google) <mhiramat(a)kernel.org> kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address Biju Das <biju.das.jz(a)bp.renesas.com> irqchip/renesas-rzg2l: Prevent spurious interrupts when setting trigger type Biju Das <biju.das.jz(a)bp.renesas.com> irqchip/renesas-rzg2l: Rename rzg2l_irq_eoi() Biju Das <biju.das.jz(a)bp.renesas.com> irqchip/renesas-rzg2l: Rename rzg2l_tint_eoi() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> irqchip/renesas-rzg2l: Add macro to retrieve TITSR register offset based on register's index Biju Das <biju.das.jz(a)bp.renesas.com> irqchip/renesas-rzg2l: Flush posted write in irq_eoi() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> irqchip/renesas-rzg2l: Implement restriction when writing ISCR register John Ogness <john.ogness(a)linutronix.de> printk: Update @console_may_schedule in console_trylock_spinning() Nicolin Chen <nicolinc(a)nvidia.com> iommu/dma: Force swiotlb_max_mapping_size on an untrusted device Will Deacon <will(a)kernel.org> swiotlb: Fix alignment checks when both allocation and DMA masks are present David Laight <David.Laight(a)ACULAB.COM> minmax: add umin(a, b) and umax(a, b) André Rösti <an.roesti(a)gmail.com> entry: Respect changes to system call number by trace_sys_enter() Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> clocksource/drivers/arm_global_timer: Fix maximum prescaler value Charan Teja Kalla <quic_charante(a)quicinc.com> iommu: Avoid races around default domain allocations Jiawei Wang <me(a)jwang.link> ASoC: amd: yc: Revert "Fix non-functional mic on Lenovo 21J2" Jakub Kicinski <kuba(a)kernel.org> net: tls: handle backlogging of crypto requests Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Call mixed mode boot services on the firmware's stack Alex Deucher <alexander.deucher(a)amd.com> drm/amd/display: handle range offsets in VRR ranges Heiner Kallweit <hkallweit1(a)gmail.com> i2c: i801: Avoid potential double call to gpiod_remove_lookup_table Cosmin Tanislav <demonsingur(a)gmail.com> iio: accel: adxl367: fix I2C FIFO data register Cosmin Tanislav <demonsingur(a)gmail.com> iio: accel: adxl367: fix DEVID read after reset Vlastimil Babka <vbabka(a)suse.cz> mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations Sumit Garg <sumit.garg(a)linaro.org> tee: optee: Fix kernel panic caused by incorrect error handling Andy Chi <andy.chi(a)canonical.com> ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Add Headset Mic supported Acer NB platform Bart Van Assche <bvanassche(a)acm.org> fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion Nicolas Pitre <nico(a)fluxnic.net> vt: fix unicode buffer corruption when deleting characters Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add arrow lake point H DID Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add arrow lake point S DID Hans de Goede <hdegoede(a)redhat.com> misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume Peter Collingbourne <pcc(a)google.com> serial: 8250_dw: Do not reclock if already at correct rate Sherry Sun <sherry.sun(a)nxp.com> tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled Mathias Nyman <mathias.nyman(a)linux.intel.com> usb: port: Don't try to peer unused USB ports based on location Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: gadget: ncm: Fix handling of zero block length packets Alan Stern <stern(a)rowland.harvard.edu> USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform Nirmoy Das <nirmoy.das(a)intel.com> drm/i915: Check before removing mm notifier Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Fix the error of pwm1_enable setting Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Use .flush() call to wake up readers Sean Christopherson <seanjc(a)google.com> KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() Sean Christopherson <seanjc(a)google.com> KVM: x86: Mark target gfn of emulated atomic instruction as dirty Kees Cook <keescook(a)chromium.org> init/Kconfig: lower GCC version check for -Warray-bounds Nathan Chancellor <nathan(a)kernel.org> xfrm: Avoid clang fortify warning in copy_to_user_tmpl() Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject constant set with timeout Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: disallow anonymous set with timeout flag Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout Jakub Kicinski <kuba(a)kernel.org> tls: fix race between tx work scheduling and socket close Hans de Goede <hdegoede(a)redhat.com> platform/x86: p2sb: On Goldmont only cache P2SB and SPI devfn BAR Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> cpufreq: brcmstb-avs-cpufreq: fix up "add check for cpufreq_cpu_get's return value" Anton Altaparmakov <anton(a)tuxera.com> x86/pm: Work around false positive kmemleak report in msr_build_context() Mikulas Patocka <mpatocka(a)redhat.com> dm snapshot: fix lockup in dm_exception_table_exit Leo Ma <hanghong.ma(a)amd.com> drm/amd/display: Fix noise issue on HDMI AV mute Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> drm/amd/display: Return the correct HDCP error code Philip Yang <Philip.Yang(a)amd.com> drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag Conrad Kostecki <conikost(a)gentoo.org> ahci: asm1064: asm1166: don't limit reported ports Andrey Jr. Melnikov <temnota.am(a)gmail.com> ahci: asm1064: correct count of reported ports Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: netlink: access device through ctx instead of peer Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: netlink: check for dangling peer via is_dead instead of empty list Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Define the __io_aw() hook as mmiowb() Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Change __my_cpu_offset definition to avoid mis-optimization Steven Rostedt (Google) <rostedt(a)goodmis.org> net: hns3: tracing: fix hclgevf trace event strings Steven Rostedt (Google) <rostedt(a)goodmis.org> NFSD: Fix nfsd_clid_class use of __string_len() macro Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Update the Zenbleed microcode revisions Marek Szyprowski <m.szyprowski(a)samsung.com> cpufreq: dt: always allocate zeroed cpumask Eugene Korenevsky <ekorenevsky(a)astralinux.ru> cifs: open_cached_dir(): add FILE_READ_EA to desired access Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: prevent kernel bug at submit_bh_wbc() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix failure to detect DAT corruption in btree and direct mappings Sunmin Jeong <s_min.jeong(a)samsung.com> f2fs: truncate page cache before clearing flags when aborting atomic write Sunmin Jeong <s_min.jeong(a)samsung.com> f2fs: mark inode dirty for FI_ATOMIC_COMMITTED flag Bart Van Assche <bvanassche(a)acm.org> Revert "block/mq-deadline: use correct way to throttling write requests" Qiang Zhang <qiang4.zhang(a)intel.com> memtest: use {READ,WRITE}_ONCE in memory scanning Jani Nikula <jani.nikula(a)intel.com> drm/vc4: hdmi: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/imx/ipuv3: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/exynos: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/panel: do not return negative error codes from drm_panel_get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/probe-helper: warn about negative .get_modes() Harald Freudenberger <freude(a)linux.ibm.com> s390/zcrypt: fix reference counting on zcrypt card objects Sean Anderson <sean.anderson(a)linux.dev> soc: fsl: qbman: Use raw spinlock for cgr_lock Sean Anderson <sean.anderson(a)linux.dev> soc: fsl: qbman: Always disable interrupts when taking cgr_lock Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix full_waiters_pending in poll Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix resetting of shortest_full Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Do not set shortest_full when full target is hit Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix waking up ring buffer readers Marios Makassikis <mmakassikis(a)freebox.fr> ksmbd: retrieve number of blocks using vfs_getattr in set_file_allocation_info Alex Williamson <alex.williamson(a)redhat.com> vfio/platform: Disable virqfds on cleanup Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Lock external INTx masking ops Reinette Chatre <reinette.chatre(a)intel.com> vfio/pci: Remove negative check on unsigned vector Reinette Chatre <reinette.chatre(a)intel.com> vfio/pci: Consolidate irq cleanup on MSI/MSI-X disable Jason Gunthorpe <jgg(a)ziepe.ca> vfio: Use GFP_KERNEL_ACCOUNT for userspace persistent allocations Michael Kelley <mhklinux(a)outlook.com> PCI: hv: Fix ring buffer size calculation Niklas Cassel <cassel(a)kernel.org> PCI: dwc: endpoint: Fix advertised resizable BAR size Manivannan Sadhasivam <mani(a)kernel.org> PCI: qcom: Enable BDF to SID translation properly Manivannan Sadhasivam <mani(a)kernel.org> PCI: qcom: Rename qcom_pcie_config_sid_sm8250() to reflect IP version Nathan Chancellor <nathan(a)kernel.org> kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 Josef Bacik <josef(a)toxicpanda.com> nfs: fix UAF in direct writes Sam Ravnborg <sam(a)ravnborg.org> sparc32: Fix parport build with sparc32 Rob Herring <robh(a)kernel.org> sparc: Explicitly include correct DT includes Jens Axboe <axboe(a)kernel.dk> io_uring/net: correctly handle multishot recvmsg retry setup Stanislaw Gruszka <stanislaw.gruszka(a)linux.intel.com> PCI/AER: Block runtime suspend when handling errors Samuel Thibault <samuel.thibault(a)ens-lyon.org> speakup: Fix 8bit characters from direct synth Wayne Chang <waynec(a)nvidia.com> usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic Wayne Chang <waynec(a)nvidia.com> phy: tegra: xusb: Add API to retrieve the port number of phy Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> slimbus: core: Remove usage of the deprecated ida_simple_xx() API Jerome Brunet <jbrunet(a)baylibre.com> nvmem: meson-efuse: fix function pointer type mismatch Maximilian Heyne <mheyne(a)amazon.de> ext4: fix corruption during on-line resize Josua Mayer <josua(a)solid-run.com> hwmon: (amc6821) add of_match table Mickaël Salaün <mic(a)digikod.net> landlock: Warn once if a Landlock action is requested while disabled Christian Gmeiner <cgmeiner(a)igalia.com> drm/etnaviv: Restore some id values Dominique Martinet <dominique.martinet(a)atmark-techno.com> mmc: core: Fix switch on gp3 partition Ryan Roberts <ryan.roberts(a)arm.com> mm: swap: fix race between free_swap_and_cache() and swapoff() Huang Ying <ying.huang(a)intel.com> swap: comments get_swap_device() with usage rule Fedor Pchelkin <pchelkin(a)ispras.ru> mac802154: fix llsec key resources release in mac802154_llsec_key_del Nathan Chancellor <nathan(a)kernel.org> powerpc: xor_vmx: Add '-mhard-float' to CFLAGS Yu Kuai <yukuai3(a)huawei.com> dm-raid: fix lockdep waring in "pers->hot_add_disk" Jarred White <jarredwhite(a)linux.microsoft.com> ACPI: CPPC: Use access_width over bit_width for system memory accesses Paul Menzel <pmenzel(a)molgen.mpg.de> PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PCI/PM: Drain runtime-idle callbacks before driver removal Filipe Manana <fdmanana(a)suse.com> btrfs: fix off-by-one chunk length calculation at contains_pending_extent() Qu Wenruo <wqu(a)suse.com> btrfs: qgroup: always free reserved space for extent records Peter Collingbourne <pcc(a)google.com> serial: Lock console when calling into driver before registration Jameson Thies <jthies(a)google.com> usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros Miklos Szeredi <mszeredi(a)redhat.com> fuse: don't unhash root Miklos Szeredi <mszeredi(a)redhat.com> fuse: fix root lookup with nonzero generation Wolfram Sang <wsa+renesas(a)sang-engineering.com> mmc: tmio: avoid concurrent runs of mmc_request_done() Qingliang Li <qingliang.li(a)mediatek.com> PM: sleep: wakeirq: fix wake irq warning in system suspend Toru Katagiri <Toru.Katagiri(a)tdk.com> USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M David Woodhouse <dwmw(a)amazon.co.uk> KVM: x86/xen: inject vCPU upcall vector when local APIC is enabled Aurélien Jacobs <aurel(a)gnuage.org> USB: serial: option: add MeiG Smart SLM320 product Christian Häggström <christian.haggstrom(a)orexplore.com> USB: serial: cp210x: add ID for MGP Instruments PDS100 Cameron Williams <cang1(a)live.co.uk> USB: serial: add device ID for VeriFone adapter Daniel Vogelbacher <daniel(a)chaospixel.com> USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB Michael Ellerman <mpe(a)ellerman.id.au> powerpc/fsl: Fix mfpmr build errors with newer binutils Prashanth K <quic_prashk(a)quicinc.com> usb: xhci: Add error handling in xhci_map_urb_for_dma Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays Maulik Shah <quic_mkshah(a)quicinc.com> PM: suspend: Set mem_sleep_current during kernel command line setup Shivnandan Kumar <quic_kshivnan(a)quicinc.com> cpufreq: Limit resolving a frequency to policy min/max Gui-Dong Han <2045gemini(a)gmail.com> md/raid5: fix atomicity violation in raid5_cache_count Guenter Roeck <linux(a)roeck-us.net> parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds Guenter Roeck <linux(a)roeck-us.net> parisc: Fix csum_ipv6_magic on 64-bit systems Guenter Roeck <linux(a)roeck-us.net> parisc: Fix csum_ipv6_magic on 32-bit systems Guenter Roeck <linux(a)roeck-us.net> parisc: Fix ip_fast_csum John David Anglin <dave.anglin(a)bell.net> parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt macros Guenter Roeck <linux(a)roeck-us.net> parisc/unaligned: Rewrite 64-bit inline assembly of emulate_ldd() Arseniy Krasnov <avkrasnov(a)salutedevices.com> mtd: rawnand: meson: fix scrambling mode value in command macro Zhang Yi <yi.zhang(a)huawei.com> ubi: correct the calculation of fastmap size Richard Weinberger <richard(a)nod.at> ubi: Check for too small LEB size in VTBL code Matthew Wilcox (Oracle) <willy(a)infradead.org> ubifs: Set page uptodate in the correct place Jan Kara <jack(a)suse.cz> fat: fix uninitialized field in nostale filehandles Matthew Wilcox (Oracle) <willy(a)infradead.org> bounds: support non-power-of-two CONFIG_NR_CPUS Arnd Bergmann <arnd(a)arndb.de> kasan/test: avoid gcc warning for intentional overflow Damien Le Moal <dlemoal(a)kernel.org> block: Clear zone limits for a non-zoned stacked queue Baokun Li <libaokun1(a)huawei.com> ext4: correct best extent lstart adjustment logic SeongJae Park <sj(a)kernel.org> selftests/mqueue: Set timeout to 180 seconds Damian Muszynski <damian.muszynski(a)intel.com> crypto: qat - resolve race condition during AER recovery Svyatoslav Pankratov <svyatoslav.pankratov(a)intel.com> crypto: qat - fix double free during reset Randy Dunlap <rdunlap(a)infradead.org> sparc: vDSO: fix return value of __setup handler Randy Dunlap <rdunlap(a)infradead.org> sparc64: NMI watchdog: fix return value of __setup handler Michael Ellerman <mpe(a)ellerman.id.au> powerpc/smp: Increase nr_cpu_ids to include the boot CPU Michael Ellerman <mpe(a)ellerman.id.au> powerpc/smp: Adjust nr_cpu_ids to cover all threads of a core Tor Vic <torvic9(a)mailbox.org> cpufreq: amd-pstate: Fix min_perf assignment in amd_pstate_adjust_perf() Sean Christopherson <seanjc(a)google.com> KVM: Always flush async #PF workqueue when vCPU is being destroyed Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: mc: Expand MUST_CONNECT flag to always require an enabled link Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: mc: Rename pad variable to clarify intent Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: mc: Add num_links flag to media_pad Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: mc: Fix flags handling when creating pad links Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: mc: Add local pad to pipeline regardless of the link state Gui-Dong Han <2045gemini(a)gmail.com> media: xc4000: Fix atomicity violation in xc4000_get_frequency Philipp Stanner <pstanner(a)redhat.com> pci_iounmap(): Fix MMIO mapping leak Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: fix NULL pointer dereference in I2C instantiation Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix possible null pointer derefence with invalid contexts Duje Mihanović <duje.mihanovic(a)skole.hr> arm: dts: marvell: Fix maxium->maxim typo in brownstone dts Roberto Sassu <roberto.sassu(a)huawei.com> smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() Roberto Sassu <roberto.sassu(a)huawei.com> smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() Amit Pundir <amit.pundir(a)linaro.org> clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd Joakim Zhang <joakim.zhang(a)cixtech.com> remoteproc: virtio: Fix wdg cannot recovery remote processor Krishna chaitanya chundru <quic_krichai(a)quicinc.com> arm64: dts: qcom: sc7280: Add additional MSI interrupts Hidenori Kobayashi <hidenorik(a)chromium.org> media: staging: ipu3-imgu: Set fields before media_entity_pads_init() Zheng Wang <zyytlz.wz(a)163.com> wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach Thomas Gleixner <tglx(a)linutronix.de> timers: Rename del_timer_sync() to timer_delete_sync() Thomas Gleixner <tglx(a)linutronix.de> timers: Use del_timer_sync() even on UP Thomas Gleixner <tglx(a)linutronix.de> timers: Update kernel-doc for various functions Jim Mattson <jmattson(a)google.com> KVM: x86: Use a switch statement and macros in __feature_translate() Jim Mattson <jmattson(a)google.com> KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace Sean Christopherson <seanjc(a)google.com> KVM: x86: Update KVM-only leaf handling to allow for 100% KVM-only leafs Borislav Petkov <bp(a)suse.de> x86/bugs: Use sysfs_emit() Kim Phillips <kim.phillips(a)amd.com> x86/cpu: Support AMD Automatic IBRS ------------- Diffstat: Documentation/admin-guide/hw-vuln/spectre.rst | 17 +- Documentation/admin-guide/kernel-parameters.txt | 10 +- .../userspace-api/media/mediactl/media-types.rst | 11 +- Documentation/x86/amd-memory-encryption.rst | 16 +- Makefile | 4 +- arch/arm/boot/dts/mmp2-brownstone.dts | 2 +- arch/arm64/boot/dts/qcom/sc7280.dtsi | 12 +- arch/hexagon/kernel/vmlinux.lds.S | 1 + arch/loongarch/include/asm/io.h | 2 + arch/loongarch/include/asm/percpu.h | 7 +- arch/parisc/include/asm/assembly.h | 18 +- arch/parisc/include/asm/checksum.h | 10 +- arch/parisc/kernel/unaligned.c | 27 +-- arch/powerpc/include/asm/reg_fsl_emb.h | 11 +- arch/powerpc/kernel/prom.c | 12 + arch/powerpc/lib/Makefile | 2 +- arch/sparc/crypto/crop_devid.c | 2 +- arch/sparc/include/asm/floppy_32.h | 2 +- arch/sparc/include/asm/floppy_64.h | 2 +- arch/sparc/include/asm/parport.h | 258 +-------------------- arch/sparc/include/asm/parport_64.h | 256 ++++++++++++++++++++ arch/sparc/kernel/apc.c | 2 +- arch/sparc/kernel/auxio_32.c | 1 - arch/sparc/kernel/auxio_64.c | 3 +- arch/sparc/kernel/central.c | 2 +- arch/sparc/kernel/chmc.c | 3 +- arch/sparc/kernel/ioport.c | 2 +- arch/sparc/kernel/leon_kernel.c | 2 - arch/sparc/kernel/leon_pci.c | 3 +- arch/sparc/kernel/leon_pci_grpci1.c | 3 +- arch/sparc/kernel/leon_pci_grpci2.c | 4 +- arch/sparc/kernel/nmi.c | 2 +- arch/sparc/kernel/of_device_32.c | 2 +- arch/sparc/kernel/of_device_64.c | 4 +- arch/sparc/kernel/of_device_common.c | 4 +- arch/sparc/kernel/pci.c | 3 +- arch/sparc/kernel/pci_common.c | 3 +- arch/sparc/kernel/pci_fire.c | 3 +- arch/sparc/kernel/pci_impl.h | 1 - arch/sparc/kernel/pci_msi.c | 2 + arch/sparc/kernel/pci_psycho.c | 4 +- arch/sparc/kernel/pci_sun4v.c | 3 +- arch/sparc/kernel/pmc.c | 2 +- arch/sparc/kernel/power.c | 3 +- arch/sparc/kernel/prom_irqtrans.c | 1 + arch/sparc/kernel/psycho_common.c | 1 + arch/sparc/kernel/sbus.c | 3 +- arch/sparc/kernel/time_32.c | 1 - arch/sparc/mm/io-unit.c | 3 +- arch/sparc/mm/iommu.c | 5 +- arch/sparc/vdso/vma.c | 7 +- arch/x86/Kconfig | 13 -- arch/x86/boot/compressed/efi_mixed.S | 29 ++- arch/x86/coco/core.c | 20 +- arch/x86/coco/tdx/tdx.c | 2 +- arch/x86/include/asm/asm.h | 14 ++ arch/x86/include/asm/coco.h | 10 +- arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/mem_encrypt.h | 15 +- arch/x86/include/asm/msr-index.h | 2 + arch/x86/include/asm/sev.h | 4 +- arch/x86/include/asm/suspend_32.h | 10 +- arch/x86/include/asm/x86_init.h | 3 +- arch/x86/kernel/cpu/amd.c | 10 +- arch/x86/kernel/cpu/bugs.c | 138 +++++------ arch/x86/kernel/cpu/common.c | 19 +- arch/x86/kernel/cpu/mshyperv.c | 2 +- arch/x86/kernel/eisa.c | 3 +- arch/x86/kernel/fpu/xstate.c | 5 +- arch/x86/kernel/fpu/xstate.h | 14 +- arch/x86/kernel/kprobes/core.c | 11 +- arch/x86/kernel/probe_roms.c | 10 - arch/x86/kernel/setup.c | 3 +- arch/x86/kernel/sev-shared.c | 12 +- arch/x86/kernel/sev.c | 31 ++- arch/x86/kernel/x86_init.c | 2 + arch/x86/kvm/cpuid.c | 29 ++- arch/x86/kvm/lapic.c | 5 +- arch/x86/kvm/reverse_cpuid.h | 42 +++- arch/x86/kvm/svm/sev.c | 18 +- arch/x86/kvm/x86.c | 10 + arch/x86/kvm/xen.c | 2 +- arch/x86/kvm/xen.h | 18 ++ arch/x86/mm/mem_encrypt_amd.c | 18 ++ arch/x86/mm/mem_encrypt_identity.c | 38 ++- block/bio.c | 11 +- block/blk-mq.c | 33 ++- block/blk-settings.c | 4 + block/mq-deadline.c | 3 +- drivers/accessibility/speakup/synth.c | 4 +- drivers/acpi/cppc_acpi.c | 31 ++- drivers/ata/ahci.c | 5 - drivers/ata/libata-eh.c | 5 +- drivers/ata/libata-scsi.c | 9 + drivers/base/power/wakeirq.c | 4 +- drivers/clk/qcom/gcc-ipq6018.c | 2 + drivers/clk/qcom/gcc-ipq8074.c | 2 + drivers/clk/qcom/gcc-sdm845.c | 1 + drivers/clk/qcom/mmcc-apq8084.c | 2 + drivers/clk/qcom/mmcc-msm8974.c | 2 + drivers/clocksource/arm_global_timer.c | 2 +- drivers/cpufreq/amd-pstate.c | 2 +- drivers/cpufreq/brcmstb-avs-cpufreq.c | 5 +- drivers/cpufreq/cpufreq-dt.c | 2 +- drivers/crypto/qat/qat_common/adf_aer.c | 23 +- drivers/firmware/efi/efi.c | 2 + drivers/firmware/efi/libstub/randomalloc.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 + drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 2 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 19 +- drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c | 12 +- .../gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 + drivers/gpu/drm/amd/pm/amdgpu_pm.c | 12 +- drivers/gpu/drm/drm_panel.c | 17 +- drivers/gpu/drm/drm_probe_helper.c | 7 + drivers/gpu/drm/etnaviv/etnaviv_drv.c | 2 +- drivers/gpu/drm/etnaviv/etnaviv_hwdb.c | 9 + drivers/gpu/drm/exynos/exynos_drm_vidi.c | 4 +- drivers/gpu/drm/exynos/exynos_hdmi.c | 4 +- drivers/gpu/drm/i915/display/intel_bios.c | 3 + drivers/gpu/drm/i915/gem/i915_gem_userptr.c | 3 + drivers/gpu/drm/i915/gt/intel_engine_pm.c | 3 - .../gpu/drm/i915/gt/intel_execlists_submission.c | 3 + drivers/gpu/drm/imx/parallel-display.c | 4 +- drivers/gpu/drm/nouveau/nouveau_dmem.c | 12 +- drivers/gpu/drm/vc4/vc4_hdmi.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 15 +- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 14 +- drivers/hwmon/amc6821.c | 11 + drivers/i2c/busses/i2c-i801.c | 4 +- drivers/iio/accel/adxl367.c | 8 +- drivers/iio/accel/adxl367_i2c.c | 2 +- drivers/iommu/dma-iommu.c | 9 + drivers/iommu/iommu.c | 3 + drivers/irqchip/irq-renesas-rzg2l.c | 93 +++++--- drivers/md/dm-raid.c | 2 + drivers/md/dm-snap.c | 4 +- drivers/md/raid5.c | 14 +- drivers/media/mc/mc-entity.c | 93 ++++++-- drivers/media/tuners/xc4000.c | 4 +- drivers/misc/lis3lv02d/lis3lv02d_i2c.c | 21 +- drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/mmc/core/block.c | 14 +- drivers/mmc/host/sdhci-omap.c | 3 + drivers/mmc/host/tmio_mmc_core.c | 2 + drivers/mtd/nand/raw/meson_nand.c | 2 +- drivers/mtd/ubi/fastmap.c | 7 +- drivers/mtd/ubi/vtbl.c | 6 + .../ethernet/hisilicon/hns3/hns3pf/hclge_trace.h | 8 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_trace.h | 8 +- drivers/net/ethernet/xilinx/ll_temac_main.c | 2 +- drivers/net/wireguard/netlink.c | 10 +- .../broadcom/brcm80211/brcmfmac/cfg80211.c | 4 +- drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 15 +- drivers/nvmem/meson-efuse.c | 25 +- drivers/pci/controller/dwc/pcie-designware-ep.c | 7 +- drivers/pci/controller/dwc/pcie-qcom.c | 153 ++++++------ drivers/pci/controller/pci-hyperv.c | 3 +- drivers/pci/pci-driver.c | 7 + drivers/pci/pcie/err.c | 20 ++ drivers/pci/quirks.c | 2 + drivers/phy/tegra/xusb.c | 13 ++ drivers/platform/x86/p2sb.c | 23 +- drivers/pwm/pwm-img.c | 4 +- drivers/remoteproc/remoteproc_virtio.c | 6 +- drivers/s390/crypto/zcrypt_api.c | 2 + drivers/scsi/hosts.c | 7 +- drivers/scsi/libsas/sas_expander.c | 51 ++-- drivers/scsi/lpfc/lpfc_bsg.c | 4 +- drivers/scsi/lpfc/lpfc_nvmet.c | 2 +- drivers/scsi/qla2xxx/qla_attr.c | 14 +- drivers/scsi/qla2xxx/qla_def.h | 2 +- drivers/scsi/qla2xxx/qla_gbl.h | 2 +- drivers/scsi/qla2xxx/qla_init.c | 128 +++++----- drivers/scsi/qla2xxx/qla_iocb.c | 68 ++++-- drivers/scsi/qla2xxx/qla_mbx.c | 2 +- drivers/scsi/qla2xxx/qla_os.c | 2 +- drivers/scsi/qla2xxx/qla_target.c | 10 + drivers/scsi/scsi_scan.c | 34 +++ drivers/scsi/sd.c | 25 +- drivers/slimbus/core.c | 4 +- drivers/soc/fsl/qbman/qman.c | 25 +- drivers/staging/media/ipu3/ipu3-v4l2.c | 16 +- .../staging/vc04_services/vchiq-mmal/mmal-vchiq.c | 5 +- drivers/tee/optee/device.c | 3 +- drivers/thermal/devfreq_cooling.c | 2 +- drivers/tty/serial/8250/8250_dw.c | 6 +- drivers/tty/serial/8250/8250_port.c | 6 - drivers/tty/serial/fsl_lpuart.c | 7 +- drivers/tty/serial/imx.c | 22 +- drivers/tty/serial/max310x.c | 7 +- drivers/tty/serial/serial_core.c | 12 + drivers/tty/vt/vt.c | 2 +- drivers/usb/class/cdc-wdm.c | 6 +- drivers/usb/core/hub.c | 23 +- drivers/usb/core/hub.h | 2 + drivers/usb/core/port.c | 43 +++- drivers/usb/core/sysfs.c | 16 +- drivers/usb/dwc2/core.h | 14 ++ drivers/usb/dwc2/core_intr.c | 72 ++++-- drivers/usb/dwc2/gadget.c | 10 + drivers/usb/dwc2/hcd.c | 49 +++- drivers/usb/dwc2/hcd_ddma.c | 17 +- drivers/usb/dwc2/hw.h | 2 +- drivers/usb/dwc2/platform.c | 2 +- drivers/usb/dwc3/dwc3-am62.c | 90 ++++--- drivers/usb/gadget/function/f_ncm.c | 2 +- drivers/usb/gadget/udc/core.c | 4 +- drivers/usb/gadget/udc/tegra-xudc.c | 39 ++-- drivers/usb/host/xhci.c | 2 + drivers/usb/phy/phy-generic.c | 7 - drivers/usb/serial/cp210x.c | 4 + drivers/usb/serial/ftdi_sio.c | 2 + drivers/usb/serial/ftdi_sio_ids.h | 6 + drivers/usb/serial/option.c | 6 + drivers/usb/storage/isd200.c | 23 +- drivers/usb/storage/uas.c | 28 ++- drivers/usb/typec/class.c | 7 +- drivers/usb/typec/ucsi/ucsi.c | 56 ++++- drivers/usb/typec/ucsi/ucsi.h | 4 +- drivers/usb/typec/ucsi/ucsi_acpi.c | 71 +++--- drivers/vfio/container.c | 2 +- drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c | 7 +- drivers/vfio/pci/vfio_pci_config.c | 6 +- drivers/vfio/pci/vfio_pci_core.c | 7 +- drivers/vfio/pci/vfio_pci_igd.c | 2 +- drivers/vfio/pci/vfio_pci_intrs.c | 218 ++++++++++------- drivers/vfio/pci/vfio_pci_rdwr.c | 2 +- drivers/vfio/platform/vfio_platform_irq.c | 106 ++++++--- drivers/vfio/virqfd.c | 23 +- fs/aio.c | 8 +- fs/btrfs/block-group.c | 3 +- fs/btrfs/qgroup.c | 10 +- fs/btrfs/scrub.c | 12 +- fs/btrfs/volumes.c | 2 +- fs/exec.c | 1 + fs/ext4/mballoc.c | 17 +- fs/ext4/resize.c | 3 +- fs/f2fs/f2fs.h | 1 + fs/f2fs/segment.c | 4 +- fs/fat/nfs.c | 6 + fs/fuse/dir.c | 4 + fs/fuse/fuse_i.h | 1 - fs/fuse/inode.c | 7 +- fs/nfs/direct.c | 11 +- fs/nfs/write.c | 2 +- fs/nfsd/trace.h | 2 +- fs/nilfs2/btree.c | 9 +- fs/nilfs2/direct.c | 9 +- fs/nilfs2/inode.c | 2 +- fs/smb/client/cached_dir.c | 3 +- fs/smb/server/smb2pdu.c | 10 +- fs/ubifs/file.c | 13 +- include/drm/drm_modeset_helper_vtables.h | 3 +- include/linux/cpufreq.h | 15 +- include/linux/gfp.h | 9 + include/linux/hyperv.h | 22 +- include/linux/libata.h | 1 + include/linux/minmax.h | 17 ++ include/linux/nfs_fs.h | 1 + include/linux/phy/tegra/xusb.h | 1 + include/linux/ring_buffer.h | 1 + include/linux/timer.h | 18 +- include/linux/vfio.h | 2 + include/media/media-entity.h | 2 + include/net/cfg802154.h | 1 + include/scsi/scsi_driver.h | 1 + include/scsi/scsi_host.h | 1 + init/Kconfig | 6 +- init/initramfs.c | 2 +- io_uring/net.c | 3 +- kernel/bounds.c | 2 +- kernel/dma/swiotlb.c | 11 +- kernel/entry/common.c | 8 +- kernel/power/suspend.c | 1 + kernel/printk/printk.c | 27 ++- kernel/time/timer.c | 160 +++++++------ kernel/trace/ring_buffer.c | 233 +++++++++++-------- kernel/trace/trace.c | 21 +- lib/pci_iomap.c | 2 +- mm/compaction.c | 7 +- mm/kasan/kasan_test.c | 3 +- mm/memtest.c | 4 +- mm/migrate.c | 6 +- mm/page_alloc.c | 10 +- mm/swapfile.c | 25 +- mm/vmscan.c | 5 +- net/bluetooth/hci_core.c | 6 +- net/bluetooth/hci_sync.c | 5 +- net/mac80211/cfg.c | 5 +- net/mac802154/llsec.c | 18 +- net/netfilter/nf_tables_api.c | 7 + net/tls/tls_sw.c | 60 +++-- net/xfrm/xfrm_user.c | 3 + scripts/Makefile.extrawarn | 2 + security/landlock/syscalls.c | 18 +- security/smack/smack_lsm.c | 12 +- sound/pci/hda/patch_realtek.c | 13 +- sound/sh/aica.c | 17 +- sound/soc/amd/yc/acp6x-mach.c | 7 - tools/include/linux/btf_ids.h | 2 + tools/testing/selftests/mqueue/setting | 1 + tools/testing/selftests/net/mptcp/diag.sh | 6 +- virt/kvm/async_pf.c | 31 ++- 305 files changed, 3011 insertions(+), 1673 deletions(-)

1 year, 4 months

16
293
0 0

FAILED: patch "[PATCH] rust: macros: fix soundness issue in `module!` macro" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 7044dcff8301b29269016ebd17df27c4736140d2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042940-plod-embellish-5a76@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 7044dcff8301 ("rust: macros: fix soundness issue in `module!` macro") 1b6170ff7a20 ("rust: module: place generated init_module() function in .init.text") 41bdc6decda0 ("btf, scripts: rust: drop is_rust_module.sh") 310897659cf0 ("Merge tag 'rust-6.4' of https://github.com/Rust-for-Linux/linux") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7044dcff8301b29269016ebd17df27c4736140d2 Mon Sep 17 00:00:00 2001 From: Benno Lossin <benno.lossin(a)proton.me> Date: Mon, 1 Apr 2024 18:52:50 +0000 Subject: [PATCH] rust: macros: fix soundness issue in `module!` macro MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The `module!` macro creates glue code that are called by C to initialize the Rust modules using the `Module::init` function. Part of this glue code are the local functions `__init` and `__exit` that are used to initialize/destroy the Rust module. These functions are safe and also visible to the Rust mod in which the `module!` macro is invoked. This means that they can be called by other safe Rust code. But since they contain `unsafe` blocks that rely on only being called at the right time, this is a soundness issue. Wrap these generated functions inside of two private modules, this guarantees that the public functions cannot be called from the outside. Make the safe functions `unsafe` and add SAFETY comments. Cc: stable(a)vger.kernel.org Reported-by: Björn Roy Baron <bjorn3_gh(a)protonmail.com> Closes: https://github.com/Rust-for-Linux/linux/issues/629 Fixes: 1fbde52bde73 ("rust: add `macros` crate") Signed-off-by: Benno Lossin <benno.lossin(a)proton.me> Reviewed-by: Wedson Almeida Filho <walmeida(a)microsoft.com> Link: https://lore.kernel.org/r/20240401185222.12015-1-benno.lossin@proton.me [ Moved `THIS_MODULE` out of the private-in-private modules since it should remain public, as Dirk Behme noticed [1]. Capitalized comments, avoided newline in non-list SAFETY comments and reworded to add Reported-by and newline. ] Link: https://rust-for-linux.zulipchat.com/#narrow/stream/291565-Help/topic/x/nea… [1] Signed-off-by: Miguel Ojeda <ojeda(a)kernel.org> diff --git a/rust/macros/module.rs b/rust/macros/module.rs index 27979e582e4b..acd0393b5095 100644 --- a/rust/macros/module.rs +++ b/rust/macros/module.rs @@ -199,17 +199,6 @@ pub(crate) fn module(ts: TokenStream) -> TokenStream { /// Used by the printing macros, e.g. [`info!`]. const __LOG_PREFIX: &[u8] = b\"{name}\\0\"; - /// The \"Rust loadable module\" mark. - // - // This may be best done another way later on, e.g. as a new modinfo - // key or a new section. For the moment, keep it simple. - #[cfg(MODULE)] - #[doc(hidden)] - #[used] - static __IS_RUST_MODULE: () = (); - - static mut __MOD: Option<{type_}> = None; - // SAFETY: `__this_module` is constructed by the kernel at load time and will not be // freed until the module is unloaded. #[cfg(MODULE)] @@ -221,81 +210,132 @@ pub(crate) fn module(ts: TokenStream) -> TokenStream { kernel::ThisModule::from_ptr(core::ptr::null_mut()) }}; - // Loadable modules need to export the `{{init,cleanup}}_module` identifiers. - /// # Safety - /// - /// This function must not be called after module initialization, because it may be - /// freed after that completes. - #[cfg(MODULE)] - #[doc(hidden)] - #[no_mangle] - #[link_section = \".init.text\"] - pub unsafe extern \"C\" fn init_module() -> core::ffi::c_int {{ - __init() - }} + // Double nested modules, since then nobody can access the public items inside. + mod __module_init {{ + mod __module_init {{ + use super::super::{type_}; - #[cfg(MODULE)] - #[doc(hidden)] - #[no_mangle] - pub extern \"C\" fn cleanup_module() {{ - __exit() - }} + /// The \"Rust loadable module\" mark. + // + // This may be best done another way later on, e.g. as a new modinfo + // key or a new section. For the moment, keep it simple. + #[cfg(MODULE)] + #[doc(hidden)] + #[used] + static __IS_RUST_MODULE: () = (); - // Built-in modules are initialized through an initcall pointer - // and the identifiers need to be unique. - #[cfg(not(MODULE))] - #[cfg(not(CONFIG_HAVE_ARCH_PREL32_RELOCATIONS))] - #[doc(hidden)] - #[link_section = \"{initcall_section}\"] - #[used] - pub static __{name}_initcall: extern \"C\" fn() -> core::ffi::c_int = __{name}_init; + static mut __MOD: Option<{type_}> = None; - #[cfg(not(MODULE))] - #[cfg(CONFIG_HAVE_ARCH_PREL32_RELOCATIONS)] - core::arch::global_asm!( - r#\".section \"{initcall_section}\", \"a\" - __{name}_initcall: - .long __{name}_init - . - .previous - \"# - ); + // Loadable modules need to export the `{{init,cleanup}}_module` identifiers. + /// # Safety + /// + /// This function must not be called after module initialization, because it may be + /// freed after that completes. + #[cfg(MODULE)] + #[doc(hidden)] + #[no_mangle] + #[link_section = \".init.text\"] + pub unsafe extern \"C\" fn init_module() -> core::ffi::c_int {{ + // SAFETY: This function is inaccessible to the outside due to the double + // module wrapping it. It is called exactly once by the C side via its + // unique name. + unsafe {{ __init() }} + }} - #[cfg(not(MODULE))] - #[doc(hidden)] - #[no_mangle] - pub extern \"C\" fn __{name}_init() -> core::ffi::c_int {{ - __init() - }} + #[cfg(MODULE)] + #[doc(hidden)] + #[no_mangle] + pub extern \"C\" fn cleanup_module() {{ + // SAFETY: + // - This function is inaccessible to the outside due to the double + // module wrapping it. It is called exactly once by the C side via its + // unique name, + // - furthermore it is only called after `init_module` has returned `0` + // (which delegates to `__init`). + unsafe {{ __exit() }} + }} - #[cfg(not(MODULE))] - #[doc(hidden)] - #[no_mangle] - pub extern \"C\" fn __{name}_exit() {{ - __exit() - }} + // Built-in modules are initialized through an initcall pointer + // and the identifiers need to be unique. + #[cfg(not(MODULE))] + #[cfg(not(CONFIG_HAVE_ARCH_PREL32_RELOCATIONS))] + #[doc(hidden)] + #[link_section = \"{initcall_section}\"] + #[used] + pub static __{name}_initcall: extern \"C\" fn() -> core::ffi::c_int = __{name}_init; - fn __init() -> core::ffi::c_int {{ - match <{type_} as kernel::Module>::init(&THIS_MODULE) {{ - Ok(m) => {{ - unsafe {{ - __MOD = Some(m); + #[cfg(not(MODULE))] + #[cfg(CONFIG_HAVE_ARCH_PREL32_RELOCATIONS)] + core::arch::global_asm!( + r#\".section \"{initcall_section}\", \"a\" + __{name}_initcall: + .long __{name}_init - . + .previous + \"# + ); + + #[cfg(not(MODULE))] + #[doc(hidden)] + #[no_mangle] + pub extern \"C\" fn __{name}_init() -> core::ffi::c_int {{ + // SAFETY: This function is inaccessible to the outside due to the double + // module wrapping it. It is called exactly once by the C side via its + // placement above in the initcall section. + unsafe {{ __init() }} + }} + + #[cfg(not(MODULE))] + #[doc(hidden)] + #[no_mangle] + pub extern \"C\" fn __{name}_exit() {{ + // SAFETY: + // - This function is inaccessible to the outside due to the double + // module wrapping it. It is called exactly once by the C side via its + // unique name, + // - furthermore it is only called after `__{name}_init` has returned `0` + // (which delegates to `__init`). + unsafe {{ __exit() }} + }} + + /// # Safety + /// + /// This function must only be called once. + unsafe fn __init() -> core::ffi::c_int {{ + match <{type_} as kernel::Module>::init(&super::super::THIS_MODULE) {{ + Ok(m) => {{ + // SAFETY: No data race, since `__MOD` can only be accessed by this + // module and there only `__init` and `__exit` access it. These + // functions are only called once and `__exit` cannot be called + // before or during `__init`. + unsafe {{ + __MOD = Some(m); + }} + return 0; + }} + Err(e) => {{ + return e.to_errno(); + }} }} - return 0; }} - Err(e) => {{ - return e.to_errno(); + + /// # Safety + /// + /// This function must + /// - only be called once, + /// - be called after `__init` has been called and returned `0`. + unsafe fn __exit() {{ + // SAFETY: No data race, since `__MOD` can only be accessed by this module + // and there only `__init` and `__exit` access it. These functions are only + // called once and `__init` was already called. + unsafe {{ + // Invokes `drop()` on `__MOD`, which should be used for cleanup. + __MOD = None; + }} }} + + {modinfo} }} }} - - fn __exit() {{ - unsafe {{ - // Invokes `drop()` on `__MOD`, which should be used for cleanup. - __MOD = None; - }} - }} - - {modinfo} ", type_ = info.type_, name = info.name,

1 year, 4 months

4
4
0 0

Re: Patch "spi: axi-spi-engine: use common AXI macros" has been added to the 6.1-stable tree

by David Lechner

On 5/6/24 2:30 PM, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > spi: axi-spi-engine: use common AXI macros > > to the 6.1-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > spi-axi-spi-engine-use-common-axi-macros.patch > and it can be found in the queue-6.1 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > Does not meet the criteria for stable.

1 year, 4 months

2
1
0 0

[PATCH 02/10] drm/mgag200: Bind I2C lifetime to DRM device

by Thomas Zimmermann

Managed cleanup with devm_add_action_or_reset() will release the I2C adapter when the underlying Linux device goes away. But the connector still refers to it, so this cleanup leaves behind a stale pointer in struct drm_connector.ddc. Bind the lifetime of the I2C adapter to the connector's lifetime by using DRM's managed release. When the DRM device goes away (after the Linux device) DRM will first clean up the connector and then clean up the I2C adapter. Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Fixes: b279df242972 ("drm/mgag200: Switch I2C code to managed cleanup") Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: Jocelyn Falempe <jfalempe(a)redhat.com> Cc: Dave Airlie <airlied(a)redhat.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v6.0+ --- drivers/gpu/drm/mgag200/mgag200_i2c.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/mgag200/mgag200_i2c.c b/drivers/gpu/drm/mgag200/mgag200_i2c.c index 1029fef590f9b..4caeb68f3010c 100644 --- a/drivers/gpu/drm/mgag200/mgag200_i2c.c +++ b/drivers/gpu/drm/mgag200/mgag200_i2c.c @@ -31,6 +31,8 @@ #include <linux/i2c.h> #include <linux/pci.h> +#include <drm/drm_managed.h> + #include "mgag200_drv.h" static int mga_i2c_read_gpio(struct mga_device *mdev) @@ -86,7 +88,7 @@ static int mga_gpio_getscl(void *data) return (mga_i2c_read_gpio(mdev) & i2c->clock) ? 1 : 0; } -static void mgag200_i2c_release(void *res) +static void mgag200_i2c_release(struct drm_device *dev, void *res) { struct mga_i2c_chan *i2c = res; @@ -125,5 +127,5 @@ int mgag200_i2c_init(struct mga_device *mdev, struct mga_i2c_chan *i2c) if (ret) return ret; - return devm_add_action_or_reset(dev->dev, mgag200_i2c_release, i2c); + return drmm_add_action_or_reset(dev, mgag200_i2c_release, i2c); } -- 2.45.0

1 year, 4 months

1
0
0 0

[PATCH 01/10] drm/mgag200: Set DDC timeout in milliseconds

by Thomas Zimmermann

Compute the i2c timeout in jiffies from a value in milliseconds. The original values of 2 jiffies equals 2 milliseconds if HZ has been configured to a value of 1000. This corresponds to 2.2 milliseconds used by most other DRM drivers. Update mgag200 accordingly. Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Fixes: 414c45310625 ("mgag200: initial g200se driver (v2)") Cc: Dave Airlie <airlied(a)redhat.com> Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Maxime Ripard <mripard(a)kernel.org> Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: Jocelyn Falempe <jfalempe(a)redhat.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v3.5+ --- drivers/gpu/drm/mgag200/mgag200_i2c.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/mgag200/mgag200_i2c.c b/drivers/gpu/drm/mgag200/mgag200_i2c.c index 423eb302be7eb..1029fef590f9b 100644 --- a/drivers/gpu/drm/mgag200/mgag200_i2c.c +++ b/drivers/gpu/drm/mgag200/mgag200_i2c.c @@ -114,7 +114,7 @@ int mgag200_i2c_init(struct mga_device *mdev, struct mga_i2c_chan *i2c) i2c->adapter.algo_data = &i2c->bit; i2c->bit.udelay = 10; - i2c->bit.timeout = 2; + i2c->bit.timeout = usecs_to_jiffies(2200); i2c->bit.data = i2c; i2c->bit.setsda = mga_gpio_setsda; i2c->bit.setscl = mga_gpio_setscl; -- 2.45.0

1 year, 4 months

1
0
0 0

[PATCH] regulator: core: fix debugfs creation regression

by Johan Hovold

regulator_get() may sometimes be called more than once for the same consumer device, something which before commit dbe954d8f163 ("regulator: core: Avoid debugfs: Directory ... already present! error") resulted in errors being logged. A couple of recent commits broke the handling of such cases so that attributes are now erroneously created in the debugfs root directory the second time a regulator is requested and the log is filled with errors like: debugfs: File 'uA_load' in directory '/' already present! debugfs: File 'min_uV' in directory '/' already present! debugfs: File 'max_uV' in directory '/' already present! debugfs: File 'constraint_flags' in directory '/' already present! on any further calls. Fixes: 2715bb11cfff ("regulator: core: Fix more error checking for debugfs_create_dir()") Fixes: 08880713ceec ("regulator: core: Streamline debugfs operations") Cc: stable(a)vger.kernel.org Cc: Geert Uytterhoeven <geert+renesas(a)glider.be> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/regulator/core.c | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c index dabac9772741..2c33653ffdea 100644 --- a/drivers/regulator/core.c +++ b/drivers/regulator/core.c @@ -1911,19 +1911,24 @@ static struct regulator *create_regulator(struct regulator_dev *rdev, } } - if (err != -EEXIST) + if (err != -EEXIST) { regulator->debugfs = debugfs_create_dir(supply_name, rdev->debugfs); - if (IS_ERR(regulator->debugfs)) - rdev_dbg(rdev, "Failed to create debugfs directory\n"); + if (IS_ERR(regulator->debugfs)) { + rdev_dbg(rdev, "Failed to create debugfs directory\n"); + regulator->debugfs = NULL; + } + } - debugfs_create_u32("uA_load", 0444, regulator->debugfs, - &regulator->uA_load); - debugfs_create_u32("min_uV", 0444, regulator->debugfs, - &regulator->voltage[PM_SUSPEND_ON].min_uV); - debugfs_create_u32("max_uV", 0444, regulator->debugfs, - &regulator->voltage[PM_SUSPEND_ON].max_uV); - debugfs_create_file("constraint_flags", 0444, regulator->debugfs, - regulator, &constraint_flags_fops); + if (regulator->debugfs) { + debugfs_create_u32("uA_load", 0444, regulator->debugfs, + &regulator->uA_load); + debugfs_create_u32("min_uV", 0444, regulator->debugfs, + &regulator->voltage[PM_SUSPEND_ON].min_uV); + debugfs_create_u32("max_uV", 0444, regulator->debugfs, + &regulator->voltage[PM_SUSPEND_ON].max_uV); + debugfs_create_file("constraint_flags", 0444, regulator->debugfs, + regulator, &constraint_flags_fops); + } /* * Check now if the regulator is an always on regulator - if -- 2.43.2

1 year, 4 months

3
2
0 0